Fearvox · Fearvox · May 13, 2026 · May 13, 2026 · May 13, 2026 · May 13, 2026
@@ -65,6 +65,90 @@ should include:
 Images should be hosted with GitHub user attachments or another external asset
 URL instead of committed to the repository.
 
+## Fork-as-Lab Workflow
+
+`Fearvox/EverOS` is a development fork of `EverMind-AI/EverOS`. All experimental
+work happens on the fork before selective promotion upstream.
+
+### Staying Current with Upstream
+
+The fork auto-rebases onto upstream `main` every 6 hours via
+`sync-upstream.yml`. This replays fork-only commits (templates, workflows, docs)
+on top of the latest upstream. If you're working on a feature branch:
+
+```bash
+# Rebase your branch onto the latest fork main
+git fetch origin
+git rebase origin/main
+```
+
+If the auto-rebase encounters a conflict, it aborts and opens a tracking issue.
+Manual resolution:
+
+```bash
+git checkout main
+git pull upstream main --rebase
+# resolve conflicts, then:
+git push origin main --force-with-lease
+```
+
+### Branch Strategy
+
+| Branch pattern | Purpose | Lifetime |
+|---------------|---------|----------|
+| `sleep-iter-*-*` | Automated overnight runs | Feature branch, merged or closed |
+| `codex-watch-*` | Codex co-agent patrol | Isolated worktree, never touch |
+| `feature/*` | Human-driven features | Feature branch -> PR to origin/main |
+| `sleep-log` | Overnight run audit log | Persistent tracking branch |
+
+### Label Conventions
+
+| Label | Color | Use on |
+|-------|-------|--------|
+| `pr-mirror` | `#0E8A16` | Issues that mirror an upstream PR; triggers Linear sync |
+| `tracking` | `#5319E7` | Long-lived tracking issues |
+| `security` | `#B60205` | Security advisories or security-relevant PRs |
+| `urgent` | `#D93F0B` | High-priority; escalates in Linear |
+| `sync-failed` | `#D93F0B` | Auto-applied when Linear sync fails for an issue |
+
+### Issue Templates
+
+Use the template picker when opening an issue. The two fork-specific templates:
+
+- **PR Tracker** (`pr_tracker.yml`) tracks an upstream PR for Linear/Slack
+  visibility. Requires `pr_number`, `pr_url`, `author`, `area`, `scope`, and
+  `evidence`. Applies `pr-mirror` and `tracking` labels.
+- **Security Tracker** (`security_tracker.yml`) tracks a security advisory.
+  Adds `security` and `urgent` labels on top of the PR tracker labelset.
+
+Both templates auto-trigger `linear-sync.yml`, which creates a corresponding
+Linear issue in the `EverMind-Dash` project and comments back with the EVE
+identifier.
+
+### Linear Sync
+
+Issues labeled `pr-mirror` are mirrored to Linear's `EverMind-Dash` project
+automatically. The sync is one-way from GitHub to Linear. The bot comments back
+with the matching EVE issue identifier on success.
+
+If the bot adds a `sync-failed` label, check the workflow run logs at
+`https://github.com/Fearvox/EverOS/actions/workflows/linear-sync.yml`.
+
+### Promoting to Upstream
+
+When a fork change is ready for `EverMind-AI/EverOS`:
+
+```bash
+gh pr create --repo EverMind-AI/EverOS \
+  --base main \
+  --head Fearvox:main \
+  --title "feat: description" --body "..."
+```
+
+Templates and workflows committed to the fork are replayed on top of upstream
+during every rebase cycle. They never conflict unless upstream adds same-named
+files, which is handled by auto-rebase conflict detection.
+
 ## Style Notes
 
 - Follow existing patterns before adding new abstractions.

@@ -0,0 +1,109 @@
+name: PR tracker (mirror)
+description: Mirror an in-flight pull request as a tracking issue for Linear and Slack sync / 镜像一个进行中的 PR 作为追踪 issue
+title: "[PR Track] #<number>: <short summary>"
+labels: ["pr-mirror", "tracking"]
+body:
+  - type: markdown
+    attributes:
+      value: |
+        Use this when you want a long-lived, auditable record of an upstream PR.
+        Linear and Slack subscribe to issues with the `pr-mirror` label.
+        镜像一个 PR 用于 Linear / Slack 长期可审计追踪。带 `pr-mirror` 标签的 issue 会被订阅。
+  - type: input
+    id: pr_number
+    attributes:
+      label: PR number
+      placeholder: "e.g. 196"
+    validations:
+      required: true
+  - type: input
+    id: pr_url
+    attributes:
+      label: PR URL
+      placeholder: https://github.com/EverMind-AI/EverOS/pull/<number>
+    validations:
+      required: true
+  - type: input
+    id: author
+    attributes:
+      label: Author handle
+      placeholder: "@github-login"
+    validations:
+      required: true
+  - type: dropdown
+    id: area
+    attributes:
+      label: Area
+      options:
+        - methods/EverCore
+        - methods/HyperMem
+        - benchmarks/EverMemBench
+        - benchmarks/EvoAgentBench
+        - use-cases
+        - documentation
+        - CI / build / release
+        - other
+    validations:
+      required: true
+  - type: dropdown
+    id: lane
+    attributes:
+      label: Review lane
+      description: How this PR should be triaged. / 该 PR 的优先级处理通道。
+      options:
+        - hotfix (block release until merged)
+        - normal (standard review)
+        - docs-only (light review)
+        - exploratory (no merge intent)
+    validations:
+      required: true
+  - type: textarea
+    id: scope
+    attributes:
+      label: Scope summary
+      description: One paragraph. What does the PR change, and what is intentionally left out?
+      placeholder: |
+        Changes:
+        - ...
+        Out of scope:
+        - ...
+    validations:
+      required: true
+  - type: textarea
+    id: evidence
+    attributes:
+      label: Evidence snapshot
+      description: |
+        Required before this mirror can be closed. Paste the CI summary, test command output,
+        or the link to the run. "No mirror closes without evidence."
+        关闭镜像 issue 前必填。粘贴 CI 摘要、测试命令输出或 run 链接。
+      render: shell
+    validations:
+      required: true
+  - type: textarea
+    id: decisions
+    attributes:
+      label: Decision log
+      description: Notable review decisions (approvals, requested changes, deferrals).
+      placeholder: |
+        - 2026-05-13 @reviewer: requested change on tests/test_x.py
+        - 2026-05-13 @author: scoped follow-up to PR #...
+  - type: input
+    id: linear_issue
+    attributes:
+      label: Linear issue (optional)
+      placeholder: "EVE-123"
+  - type: input
+    id: slack_thread
+    attributes:
+      label: Slack thread (optional)
+      placeholder: "https://everminddash.slack.com/archives/.../p..."
+  - type: checkboxes
+    id: closure
+    attributes:
+      label: Closure criteria
+      description: Check all that apply before closing this mirror.
+      options:
+        - label: PR is merged, closed, or marked won't-fix upstream.
+        - label: Evidence snapshot above reflects the final state.
+        - label: Linear and Slack records have been updated (if linked).
@@ -0,0 +1,116 @@
+name: Security tracker (mirror)
+description: Mirror a security PR or disclosure for Linear and Slack escalation / 镜像一个安全 PR 或披露
+title: "[Security Track] CWE-<id>: <short summary>"
+labels: ["security", "pr-mirror", "tracking", "urgent"]
+body:
+  - type: markdown
+    attributes:
+      value: |
+        Use this for any PR or disclosure that affects credentials, authn/authz, data exposure,
+        supply chain, or sandbox escape. The `urgent` label routes this to high-priority
+        notifications in Slack and Linear.
+        用于凭证、认证授权、数据暴露、供应链、沙箱逃逸等安全 PR / 披露。`urgent` 标签会触发高优先级通知。
+        Do NOT include exploit details that are not already public in the upstream PR.
+        请勿写入未在 upstream PR 公开的利用细节。
+  - type: input
+    id: cwe
+    attributes:
+      label: CWE id
+      placeholder: "CWE-798"
+    validations:
+      required: true
+  - type: input
+    id: pr_url
+    attributes:
+      label: Upstream PR or advisory URL
+      placeholder: https://github.com/EverMind-AI/EverOS/pull/<number>
+    validations:
+      required: true
+  - type: dropdown
+    id: severity
+    attributes:
+      label: Severity
+      options:
+        - Critical (full auth bypass / unauthenticated RCE / mass data loss)
+        - High (privileged data access / credential exposure / persistent compromise)
+        - Medium (limited data access / requires user interaction)
+        - Low (defense-in-depth / hardening)
+    validations:
+      required: true
+  - type: dropdown
+    id: exposure
+    attributes:
+      label: Reachability
+      description: How reachable is this in the documented quickstart / default config?
+      options:
+        - Default config (reproducible from a clean clone)
+        - Default config + network position
+        - Non-default config but documented
+        - Hypothetical / not yet reproducible
+    validations:
+      required: true
+  - type: textarea
+    id: affected
+    attributes:
+      label: Affected components
+      description: File paths, services, or versions impacted.
+      placeholder: |
+        - methods/EverCore/docker-compose.yaml (memsys-milvus-minio block)
+        - methods/EverCore/env.template
+    validations:
+      required: true
+  - type: textarea
+    id: fix_summary
+    attributes:
+      label: Proposed fix summary
+      description: One paragraph. What does the PR change? Cite the contract that makes it fail-closed.
+    validations:
+      required: true
+  - type: textarea
+    id: evidence
+    attributes:
+      label: Verification evidence
+      description: |
+        Required before closure. Show the commands and output that prove the fix works AND
+        that the unpatched state was exploitable. "No security mirror closes without evidence."
+        关闭前必填。展示证明 fix 生效以及未修复状态可利用的命令与输出。
+      render: shell
+    validations:
+      required: true
+  - type: textarea
+    id: residual
+    attributes:
+      label: Residual risk / follow-ups
+      description: Anything intentionally out of scope, plus follow-up issues that should be filed.
+      placeholder: |
+        - docs/installation/ still references the old default in examples; follow-up sweep needed.
+        - Consider adding a CI lint to catch hardcoded secrets in docker-compose files.
+  - type: input
+    id: linear_issue
+    attributes:
+      label: Linear issue (optional)
+      placeholder: "EVE-123"
+  - type: input
+    id: slack_thread
+    attributes:
+      label: Slack thread (optional)
+      placeholder: "https://everminddash.slack.com/archives/.../p..."
+  - type: checkboxes
+    id: disclosure
+    attributes:
+      label: Disclosure hygiene
+      description: Confirm before submitting.
+      options:
+        - label: This mirror contains no exploit details beyond what is already public in the upstream PR.
+          required: true
+        - label: The upstream PR or advisory link is correct and reachable.
+          required: true
+        - label: A maintainer has been pinged in Slack #p-evermind-dash or via Linear EVE if Severity is Critical or High.
+  - type: checkboxes
+    id: closure
+    attributes:
+      label: Closure criteria
+      options:
+        - label: Upstream PR merged, advisory published, or risk formally accepted.
+        - label: Verification evidence above reflects the merged state.
+        - label: Residual-risk follow-ups have issues filed (or explicitly waived).
diff --git a/.github/MUW_REVIEW_LANE.md b/.github/MUW_REVIEW_LANE.md
@@ -0,0 +1,58 @@
+# MUW Review Lane
+
+Use this lane when GitHub's native Codex review is useful but its fixed review
+wrapper is too loose for MUW closeout work.
+
+The lane has three steps:
+
+1. Collect PR evidence.
+2. Ask Codex to produce an exact MUW verdict from the generated prompt.
+3. Post the verdict back to the PR with an idempotency marker.
+
+## Collect Evidence
+
+```bash
+node .github/scripts/muw-review-lane.mjs collect --pr 24 --repo Fearvox/EverOS
+```
+
+The command prints paths like:
+
+```text
+context=/tmp/muw-review-pr-24/pr-24-context.md
+prompt=/tmp/muw-review-pr-24/pr-24-prompt.md
+metadata=/tmp/muw-review-pr-24/pr-24-metadata.json
+```
+
+Give the prompt file to Codex. The context bundle includes PR metadata, changed
+files, status checks, recent comments, existing reviews, and a redacted patch.
+
+## Post Verdict
+
+Save the Codex verdict to a file, then post it:
+
+```bash
+node .github/scripts/muw-review-lane.mjs post \
+  --pr 24 \
+  --repo Fearvox/EverOS \
+  --body-file /tmp/muw-review-pr-24/verdict.md
+```
+
+`post` refuses bodies that do not contain:
+
+```text
+VERDICT:
+VERDICT_SUMMARY:
+EVIDENCE:
+```
+
+It also adds a hidden marker containing the PR head SHA. Re-running `post` for
+the same head is a no-op unless `--force` is provided.
+
+## Why Not Native Review
+
+- GitHub's `@codex review` endpoint is useful, but it wraps responses in the
+  native Codex review shell.
+- GitHub Agent tasks are mutation-oriented and may create draft PRs even for a
+  review-only prompt.
+- This lane keeps review evidence gathering and comment publishing mechanical,
+  while leaving the verdict judgment to Codex.