recommendation
PREVIEW_PUSH_ALLOWED_RELEASE_GATE_REVIEW_REQUIRED
FORWAID Release Gate
Aggregated release gate for Account, Store, Drive, Studio, OneCloud, and production boundary checks. This page is read-only and does not approve production writes, remote runtime, billing, or customer send.
recommendation
PREVIEW_PUSH_ALLOWED_RELEASE_GATE_REVIEW_REQUIRED
cloud testable
true
target repo
ai-site-creator.git
Lovable
Founder manual
Gate Matrix
Release item
Remote Codex Drops status mirror
PLT-CODEX-001 · same_machine_rehearsal_pass_remote_transport_pending
Next: Run a remote PC readonly Drop roundtrip: remote writes Drop, current runner executes readonly audit, remote reads callback.
Release item
Account / Entitlement / Credits read model
platform-entitlement-read-model-v0.1 · read_only_preview · 3/5 app slots
Next: Connect Store install requests, account admin, and OneCloud status to this read-only snapshot before enabling backend mutations.
Release item
Store install / request / approval draft queue
App Detail uses Store request draft queue with review status and handoff target.
Next: Route approved preview drafts to real account admin only after backend entitlement design.
Release item
Drive / Sync / Content Maker / Drops loop
platform-source-to-output-read-model-v0.1 · localDriveDocuments=1
Next: Approve real source storage and Drive persistence design, then run readonly remote Drops roundtrip before any patch or production write.
Release item
Web / Pad / Pod / OneCloud same capability map
platform-multisurface-capability-v0.1 · 能力在云端,形态在龙虾,状态通过 OneCloud 同步
Next: Wire this read model into Pod/Harness and OneCloud node status before enabling any local-node trigger or runtime launch.
Release item
OneCloud capability handoff manifest
forwaid-onecloud-capability-manifest-v0.1 · handoffContracts=2
Next: OneCloud consumes handoffContract as read-only route/output metadata before any action intent or local-node writeback.
Release item
Oneclaw local file bridge
Browser-to-local-node file bridge is a gated integration because it can pass file payloads to a host surface.
Next: Founder and Release Gate must approve exact host origin, payload redaction, file-size limits, callback contract, and local-node ownership before any bridge code is shipped.
Release item
Production integration
All real production switches remain false by design.
Next: Founder and Release Gate must separately approve real AI, storage, remote runtime, payment/billing, and customer-send gates.
Next smallest action
If build remains PASS, push preview changes to ai-site-creator.git for Founder remote testing; Lovable publish remains manual.
Oneclaw Bridge Authorization
The browser-to-local-node file bridge is not shipped until Founder and Release Gate approve host origin, payload policy, callback shape, and readonly ownership.
Host origin whitelist
holdApprove exact OneCloud / 1claw host origins before using postMessage.
safeDefault: Do not ship wildcard host messaging.
File policy
holdApprove allowed mime types, single-file size, total batch size, and count.
safeDefault: Do not pass file payloads to a local host.
Payload mode
holdChoose source-ref-first handles or explicitly approve base64 transfer with redaction.
safeDefault: Prefer source refs; keep raw payload transfer disabled.
Callback contract
holdConfirm job_id, source_ref_id, callback_id, workflow, and ledger fields as standard.
safeDefault: Display callback shape only; do not rely on it for production workflow.
Readonly boundary
holdConfirm first release only allows readonly analysis and local callback preview.
safeDefault: No source mutation, no production data write, no customer send.
Owner lane
holdConfirm OneCloud / 1claws owns local node transport while FORWAID owns cloud capability definition.
safeDefault: Do not merge bridge behavior into the FORWAID A-side product body.
nextGate: Founder must explicitly approve all HOLD gates before Oneclaw bridge code can be shipped or tested remotely.
Release Items
Remote Codex Drops status mirror
passPLT-CODEX-001 · same_machine_rehearsal_pass_remote_transport_pending
nextGate: Run a remote PC readonly Drop roundtrip: remote writes Drop, current runner executes readonly audit, remote reads callback.
Account / Entitlement / Credits read model
passplatform-entitlement-read-model-v0.1 · read_only_preview · 3/5 app slots
nextGate: Connect Store install requests, account admin, and OneCloud status to this read-only snapshot before enabling backend mutations.
Store install / request / approval draft queue
passApp Detail uses Store request draft queue with review status and handoff target.
nextGate: Route approved preview drafts to real account admin only after backend entitlement design.
Drive / Sync / Content Maker / Drops loop
passplatform-source-to-output-read-model-v0.1 · localDriveDocuments=1
nextGate: Approve real source storage and Drive persistence design, then run readonly remote Drops roundtrip before any patch or production write.
Web / Pad / Pod / OneCloud same capability map
passplatform-multisurface-capability-v0.1 · 能力在云端,形态在龙虾,状态通过 OneCloud 同步
nextGate: Wire this read model into Pod/Harness and OneCloud node status before enabling any local-node trigger or runtime launch.
OneCloud capability handoff manifest
passforwaid-onecloud-capability-manifest-v0.1 · handoffContracts=2
nextGate: OneCloud consumes handoffContract as read-only route/output metadata before any action intent or local-node writeback.
Oneclaw local file bridge
holdBrowser-to-local-node file bridge is a gated integration because it can pass file payloads to a host surface.
nextGate: Founder and Release Gate must approve exact host origin, payload redaction, file-size limits, callback contract, and local-node ownership before any bridge code is shipped.
Production integration
holdAll real production switches remain false by design.
nextGate: Founder and Release Gate must separately approve real AI, storage, remote runtime, payment/billing, and customer-send gates.
Production flags
JSON preview
OneCloud status{
"snapshotId": "platform-a-side-release-readiness-v0.1",
"status": "readiness_layer_complete_with_limits",
"releaseRecommendation": "PREVIEW_PUSH_ALLOWED_RELEASE_GATE_REVIEW_REQUIRED",
"cloudTestableAfterPush": true,
"lovablePublishByFounderOnly": true,
"productionReady": false,
"realAiEnabled": false,
"realStorageEnabled": false,
"remoteRuntimeLaunchAllowed": false,
"paymentBillingAllowed": false,
"customerSendAllowed": false,
"items": [
{
"id": "remote-codex-drops-status",
"label": "Remote Codex Drops status mirror",
"status": "pass",
"evidence": "PLT-CODEX-001 · same_machine_rehearsal_pass_remote_transport_pending",
"nextGate": "Run a remote PC readonly Drop roundtrip: remote writes Drop, current runner executes readonly audit, remote reads callback."
},
{
"id": "account-entitlement-read-model",
"label": "Account / Entitlement / Credits read model",
"status": "pass",
"evidence": "platform-entitlement-read-model-v0.1 · read_only_preview · 3/5 app slots",
"nextGate": "Connect Store install requests, account admin, and OneCloud status to this read-only snapshot before enabling backend mutations."
},
{
"id": "store-install-approval",
"label": "Store install / request / approval draft queue",
"status": "pass",
"evidence": "App Detail uses Store request draft queue with review status and handoff target.",
"nextGate": "Route approved preview drafts to real account admin only after backend entitlement design."
},
{
"id": "source-to-output-loop",
"label": "Drive / Sync / Content Maker / Drops loop",
"status": "pass",
"evidence": "platform-source-to-output-read-model-v0.1 · localDriveDocuments=1",
"nextGate": "Approve real source storage and Drive persistence design, then run readonly remote Drops roundtrip before any patch or production write."
},
{
"id": "multisurface-map",
"label": "Web / Pad / Pod / OneCloud same capability map",
"status": "pass",
"evidence": "platform-multisurface-capability-v0.1 · 能力在云端,形态在龙虾,状态通过 OneCloud 同步",
"nextGate": "Wire this read model into Pod/Harness and OneCloud node status before enabling any local-node trigger or runtime launch."
},
{
"id": "onecloud-handoff-manifest",
"label": "OneCloud capability handoff manifest",
"status": "pass",
"evidence": "forwaid-onecloud-capability-manifest-v0.1 · handoffContracts=2",
"nextGate": "OneCloud consumes handoffContract as read-only route/output metadata before any action intent or local-node writeback."
},
{
"id": "oneclaw-local-bridge",
"label": "Oneclaw local file bridge",
"status": "hold",
"evidence": "Browser-to-local-node file bridge is a gated integration because it can pass file payloads to a host surface.",
"nextGate": "Founder and Release Gate must approve exact host origin, payload redaction, file-size limits, callback contract, and local-node ownership before any bridge code is shipped."
},
{
"id": "production-integration",
"label": "Production integration",
"status": "hold",
"evidence": "All real production switches remain false by design.",
"nextGate": "Founder and Release Gate must separately approve real AI, storage, remote runtime, payment/billing, and customer-send gates."
}
],
"pushGate": {
"githubPushAllowedByPolicy": true,
"targetRepo": "ai-site-creator.git",
"requiresCleanBuild": true,
"requiresFounderLovablePublish": true,
"autoLovableDeployAllowed": false
},
"heldItems": [
"real AI adapter/provider calls",
"real upload/storage/Drive persistence",
"remote PC runtime launch beyond readonly roundtrip",
"Auth/RLS/Supabase schema mutation",
"payment/billing/credit deduction",
"customer-send/live publishing",
"Oneclaw local file bridge / host postMessage payload transfer",
"automatic Lovable publish"
],
"nextSmallestAction": "If build remains PASS, push preview changes to ai-site-creator.git for Founder remote testing; Lovable publish remains manual."
}