xiaojiou176-open · xiaojiou176 · Apr 13, 2026 · Apr 13, 2026 · Apr 13, 2026
@@ -1,8 +1,8 @@
 blank_issues_enabled: false
 contact_links:
   - name: Security report
-    url: https://github.com/xiaojiou176-open/CortexPilot-public/blob/main/SECURITY.md
+    url: https://github.com/xiaojiou176-open/OpenVibeCoding/blob/main/SECURITY.md
     about: Do not open a public issue for vulnerabilities; use SECURITY.md for the live GitHub advisory form path. A second verified fallback private channel is still a maintainer follow-up item, not a public issue workflow.
   - name: Support guide
-    url: https://github.com/xiaojiou176-open/CortexPilot-public/blob/main/SUPPORT.md
+    url: https://github.com/xiaojiou176-open/OpenVibeCoding/blob/main/SUPPORT.md
     about: Use SUPPORT.md for public bugs, docs fixes, and usage questions before opening an issue.
@@ -297,7 +297,7 @@ jobs:
           export CORTEXPILOT_GITHUB_ALERTS_MODE="${github_alert_mode}"
           bash scripts/check_governance_python_entrypoints.sh
           bash scripts/run_governance_py.sh scripts/check_repo_positioning.py
-          bash scripts/run_governance_py.sh scripts/check_github_security_alerts.py --mode "${github_alert_mode}" --repo xiaojiou176-open/CortexPilot-public
+          bash scripts/run_governance_py.sh scripts/check_github_security_alerts.py --mode "${github_alert_mode}" --repo xiaojiou176-open/OpenVibeCoding
           bash scripts/run_governance_py.sh scripts/check_env_governance.py --mode gate --max-deprecated-count 10 --max-deprecated-ratio 0.03
           bash scripts/run_governance_py.sh scripts/check_workflow_runner_governance.py
           bash scripts/run_governance_py.sh scripts/check_ci_governance_policy.py

@@ -1,13 +1,7 @@
-name: CodeQL
+name: CodeQL (manual fallback)
 
 on:
   workflow_dispatch:
-  push:
-    branches:
-      - main
-  pull_request:
-    branches:
-      - main
 
 permissions:
   actions: read

@@ -35,7 +35,7 @@ repos:
 
       - id: cortexpilot-github-security-alerts-gate
         name: cortexpilot-github-security-alerts-gate
-        entry: bash scripts/run_governance_py.sh scripts/check_github_security_alerts.py --mode require --repo xiaojiou176/CortexPilot-public
+        entry: bash scripts/run_governance_py.sh scripts/check_github_security_alerts.py --mode require
         language: system
         pass_filenames: false
         always_run: true

@@ -146,7 +146,7 @@ Work in CortexPilot as a contract-first engineering agent:
   module-local README changes
 - when the live public GitHub surface moves or changes repository URLs, sync the
   root docs/security/storefront entrypoints in the same patch so repo-side
-  links do not drift behind the published `CortexPilot-public` surface
+  links do not drift behind the published `OpenVibeCoding` surface
 - when security reporting wording changes, keep `SECURITY.md`, `SUPPORT.md`,
   issue template contact links, and the root README aligned in the same patch
 - when security-scan or fixture-hygiene work changes tracked test literals or

@@ -363,7 +363,7 @@ All notable changes to this repository will be documented in this file.
   execution when passwordless sudo is unavailable, so `main` push jobs no
   longer fail immediately on runners that can use Docker without an interactive
   sudo prompt
-- aligned the live public GitHub repository, Pages, release, and security-reporting links around `CortexPilot-public` so repo-side docs no longer point at stale repo URLs
+- aligned the live public GitHub repository, Pages, release, and security-reporting links around `OpenVibeCoding` so repo-side docs no longer point at stale repo URLs
 - synchronized root AI entrypoints, README, support/security docs, and GitHub issue/PR templates with the current public security-reporting boundary and fallback-channel follow-up
 - fixed docs inventory drift by registering `docs/index.html` plus release/proof docs in the docs navigation registry and upgrading the navigation checker to catch summary-vs-registry drift
 - aligned the trusted PR CI governance contract with the real workflow aggregation path and extended the checker/tests to catch route-semantic drift

@@ -71,7 +71,7 @@ This file mirrors the root AI entrypoint for tools that prefer `CLAUDE.md`.
   alone
 - when the live public GitHub surface moves or changes repository URLs, sync
   the root docs/security/storefront entrypoints in the same patch so
-  repo-side links do not drift behind the published `CortexPilot-public`
+  repo-side links do not drift behind the published `OpenVibeCoding`
   surface
 - when security reporting wording changes, keep `SECURITY.md`, `SUPPORT.md`,
   issue template contact links, and the root README aligned in the same patch

@@ -50,8 +50,8 @@ Lane order today is:
 
 | Surface | Current status | Official claim | Install path | Protocol / Auth | Next action |
 | --- | --- | --- | --- | --- | --- |
-| GitHub repo | `shipped` | Canonical public source, docs, code, and release front door | `https://github.com/xiaojiou176-open/CortexPilot-public` | none | keep sharp and truthful |
-| GitHub Pages | `shipped` | Canonical public product front door | `https://xiaojiou176-open.github.io/CortexPilot-public/` | none | keep first screen compressed |
+| GitHub repo | `shipped` | Canonical public source, docs, code, and release front door | `https://github.com/xiaojiou176-open/OpenVibeCoding` | none | keep sharp and truthful |
+| GitHub Pages | `shipped` | Canonical public product front door | `https://xiaojiou176-open.github.io/OpenVibeCoding/` | none | keep first screen compressed |
 | First proven workflow (`news_digest`) | `shipped` | Official public proof-first baseline | `docs/use-cases/index.html` and tracked proof assets | read-only proof / replay story | keep as the only release-proven public workflow |
 | Read-only MCP | `shipped` | Repo-owned stdio JSON-RPC MCP for machine-readable inspection only | bootstrapped repo checkout + `bash __CORTEXPILOT_REPO_ROOT__/scripts/run_readonly_mcp.sh` or the tracked starter templates | `stdio`, JSON-RPC 2.0, read-only, repo-local, no hosted auth, no OAuth | keep artifactized through `configs/mcp_public_manifest.json` |
 | PyPI package (`cortexpilot-orchestrator`) | `shipped` | Published package for the public read-only MCP runtime | `https://pypi.org/project/cortexpilot-orchestrator/0.1.0a4/` | package install only | keep package README, entrypoints, and version markers aligned with registry truth |

@@ -32,7 +32,7 @@ Current lane order is deliberate:
 - **Secondary lane** = the adoption-router public skill packet
 - **Companion/example lane** = local starter kits and coding-agent bundle examples, which are not the canonical public root
 
-[Quickstart](#quickstart) · [First Proven Workflow](https://xiaojiou176-open.github.io/CortexPilot-public/use-cases/) · [Compatibility Matrix](https://xiaojiou176-open.github.io/CortexPilot-public/compatibility/) · [Distribution Contract](DISTRIBUTION.md) · [Distribution Status](https://xiaojiou176-open.github.io/CortexPilot-public/distribution/) · [Docs](docs/README.md) · [Architecture](docs/architecture/runtime-topology.md) · [AI + MCP + API Surfaces](https://xiaojiou176-open.github.io/CortexPilot-public/ai-surfaces/) · [Builder Quickstart](https://xiaojiou176-open.github.io/CortexPilot-public/builders/) · [Releases](https://github.com/xiaojiou176-open/CortexPilot-public/releases)
+[Quickstart](#quickstart) · [First Proven Workflow](https://xiaojiou176-open.github.io/OpenVibeCoding/use-cases/) · [Compatibility Matrix](https://xiaojiou176-open.github.io/OpenVibeCoding/compatibility/) · [Distribution Contract](DISTRIBUTION.md) · [Distribution Status](https://xiaojiou176-open.github.io/OpenVibeCoding/distribution/) · [Docs](docs/README.md) · [Architecture](docs/architecture/runtime-topology.md) · [AI + MCP + API Surfaces](https://xiaojiou176-open.github.io/OpenVibeCoding/ai-surfaces/) · [Builder Quickstart](https://xiaojiou176-open.github.io/OpenVibeCoding/builders/) · [Releases](https://github.com/xiaojiou176-open/OpenVibeCoding/releases)
 
 ![CortexPilot command tower showcase card](docs/assets/storefront/command-tower-showcase-card.svg)
 
@@ -63,7 +63,7 @@ Use these buckets:
 
 If you need the exact matrix instead of a one-line summary, open
 [DISTRIBUTION.md](DISTRIBUTION.md) or the public
-[Distribution Status](https://xiaojiou176-open.github.io/CortexPilot-public/distribution/)
+[Distribution Status](https://xiaojiou176-open.github.io/OpenVibeCoding/distribution/)
 mirror.
 
 ![CortexPilot studio preview card](docs/assets/storefront/cortexpilot-studio-preview.svg)
@@ -76,10 +76,10 @@ mirror.
 
 | If you're here to... | Open this first |
 | --- | --- |
-| evaluate the product story | [First Proven Workflow](https://xiaojiou176-open.github.io/CortexPilot-public/use-cases/) |
-| choose the right Codex / Claude Code / OpenClaw / MCP / skills / builder path | [Compatibility Matrix](https://xiaojiou176-open.github.io/CortexPilot-public/compatibility/) |
-| see exactly what ships now vs. later | [Distribution Contract](DISTRIBUTION.md) and [Distribution Status](https://xiaojiou176-open.github.io/CortexPilot-public/distribution/) |
-| build on the protocol or package surfaces | [AI + MCP + API Surfaces](https://xiaojiou176-open.github.io/CortexPilot-public/ai-surfaces/) and [Builder Quickstart](https://xiaojiou176-open.github.io/CortexPilot-public/builders/) |
+| evaluate the product story | [First Proven Workflow](https://xiaojiou176-open.github.io/OpenVibeCoding/use-cases/) |
+| choose the right Codex / Claude Code / OpenClaw / MCP / skills / builder path | [Compatibility Matrix](https://xiaojiou176-open.github.io/OpenVibeCoding/compatibility/) |
+| see exactly what ships now vs. later | [Distribution Contract](DISTRIBUTION.md) and [Distribution Status](https://xiaojiou176-open.github.io/OpenVibeCoding/distribution/) |
+| build on the protocol or package surfaces | [AI + MCP + API Surfaces](https://xiaojiou176-open.github.io/OpenVibeCoding/ai-surfaces/) and [Builder Quickstart](https://xiaojiou176-open.github.io/OpenVibeCoding/builders/) |
 
 The default public loop is simple: **start one workflow case, watch it move
 through Command Tower, then inspect Proof & Replay before you trust the
@@ -105,7 +105,7 @@ A clean first pass should let you:
 - inspect **Proof & Replay** before trusting the result
 
 For the public product story, the current official first proven workflow is
-[`news_digest`](https://xiaojiou176-open.github.io/CortexPilot-public/use-cases/).
+[`news_digest`](https://xiaojiou176-open.github.io/OpenVibeCoding/use-cases/).
 `topic_brief` and `page_brief` are still public showcase paths, not equally
 release-proven baselines.
 
@@ -148,8 +148,8 @@ If you need the deeper bundle/runtime/read-model details, open the focused
 entrypoints instead of treating the root README like the whole control-plane
 manual:
 
-- [AI + MCP + API Surfaces](https://xiaojiou176-open.github.io/CortexPilot-public/ai-surfaces/)
-- [Builder Quickstart](https://xiaojiou176-open.github.io/CortexPilot-public/builders/)
+- [AI + MCP + API Surfaces](https://xiaojiou176-open.github.io/OpenVibeCoding/ai-surfaces/)
+- [Builder Quickstart](https://xiaojiou176-open.github.io/OpenVibeCoding/builders/)
 - [Contract Entry Points](packages/frontend-api-contract/docs/README.md)
 - [Spec](docs/specs/00_SPEC.md)
 
@@ -437,16 +437,16 @@ truthful order is:
    - Codex CLI / IDE
    - Claude Code overview / MCP
    - OpenClaw repo / skills / ClawHub
-2. Use the public [compatibility matrix](https://xiaojiou176-open.github.io/CortexPilot-public/compatibility/)
+2. Use the public [compatibility matrix](https://xiaojiou176-open.github.io/OpenVibeCoding/compatibility/)
    to choose the right OpenVibeCoding entrypoint.
 3. Pick the first OpenVibeCoding lane based on the job:
-   - [read-only MCP](https://xiaojiou176-open.github.io/CortexPilot-public/mcp/)
+   - [read-only MCP](https://xiaojiou176-open.github.io/OpenVibeCoding/mcp/)
      for protocol inspection
-   - [skills quickstart](https://xiaojiou176-open.github.io/CortexPilot-public/skills/)
+   - [skills quickstart](https://xiaojiou176-open.github.io/OpenVibeCoding/skills/)
      for repeatable playbooks
-   - [builder quickstart](https://xiaojiou176-open.github.io/CortexPilot-public/builders/)
+   - [builder quickstart](https://xiaojiou176-open.github.io/OpenVibeCoding/builders/)
      for package-level reuse
-   - [use cases](https://xiaojiou176-open.github.io/CortexPilot-public/use-cases/)
+   - [use cases](https://xiaojiou176-open.github.io/OpenVibeCoding/use-cases/)
      for proof-first rollout
 4. When package reuse is the real next step, run the repo-owned starter example
    instead of reconstructing the flow from prose:
@@ -760,9 +760,9 @@ gates can trace the maintenance decision end to end.
 
 The public release surface now has a live baseline. Use these entrypoints:
 
-- [GitHub Releases page](https://github.com/xiaojiou176-open/CortexPilot-public/releases)
-- [Live GitHub Release `v0.1.0-alpha.3`](https://github.com/xiaojiou176-open/CortexPilot-public/releases/tag/v0.1.0-alpha.3)
-- [Live GitHub Pages site](https://xiaojiou176-open.github.io/CortexPilot-public/)
+- [GitHub Releases page](https://github.com/xiaojiou176-open/OpenVibeCoding/releases)
+- [Live GitHub Release `v0.1.0-alpha.3`](https://github.com/xiaojiou176-open/OpenVibeCoding/releases/tag/v0.1.0-alpha.3)
+- [Live GitHub Pages site](https://xiaojiou176-open.github.io/OpenVibeCoding/)
 - [Changelog](CHANGELOG.md)
 - [Public release checklist](docs/runbooks/public-release-checklist.md)
 - [Current release notes source](docs/releases/v0.1.0-alpha.3.md)

@@ -4,9 +4,9 @@
 
 - Do not open a public issue or pull request for a suspected security problem.
 - Current live private reporting path: the public repository
-  `xiaojiou176-open/CortexPilot-public` has GitHub private vulnerability
+  `xiaojiou176-open/OpenVibeCoding` has GitHub private vulnerability
   reporting enabled. Submit reports through the advisory form at
-  `https://github.com/xiaojiou176-open/CortexPilot-public/security/advisories/new`.
+  `https://github.com/xiaojiou176-open/OpenVibeCoding/security/advisories/new`.
 - If that form is unavailable, do not disclose details publicly. This
   repository still does not publish a second verified fallback private
   reporting channel, so none should be assumed by reporters.

@@ -7,7 +7,7 @@ type DashboardPublicEnvKey =
   | "NEXT_PUBLIC_API_BASE"
   | "NEXT_PUBLIC_PM_COPY_VARIANT";
 
-const DEFAULT_DASHBOARD_PUBLIC_DOCS_BASE_URL = "https://xiaojiou176-open.github.io/CortexPilot-public";
+const DEFAULT_DASHBOARD_PUBLIC_DOCS_BASE_URL = "https://xiaojiou176-open.github.io/OpenVibeCoding";
 const DASHBOARD_PUBLIC_DOCS_PATH_RE = /^\/(ai-surfaces|api|builders|compatibility|ecosystem|integrations|mcp|skills|use-cases)(?:\/|$)/;
 
 function readPublicEnv(key: DashboardPublicEnvKey): string {

@@ -85,9 +85,9 @@ describe("dashboard env helpers", () => {
   it("uses the default public docs base when the env override is absent", () => {
     delete process.env.NEXT_PUBLIC_CORTEXPILOT_PUBLIC_DOCS_BASE_URL;
 
-    expect(resolveDashboardPublicDocsBaseUrl()).toBe("https://xiaojiou176-open.github.io/CortexPilot-public");
+    expect(resolveDashboardPublicDocsBaseUrl()).toBe("https://xiaojiou176-open.github.io/OpenVibeCoding");
     expect(resolveDashboardPublicDocsHref("/ai-surfaces/")).toBe(
-      "https://xiaojiou176-open.github.io/CortexPilot-public/ai-surfaces/"
+      "https://xiaojiou176-open.github.io/OpenVibeCoding/ai-surfaces/"
     );
   });
 
@@ -112,8 +112,8 @@ describe("dashboard env helpers", () => {
     process.env.NEXT_PUBLIC_CORTEXPILOT_PUBLIC_DOCS_BASE_URL = "https://docs.example/cortexpilot";
 
     expect(resolveDashboardPublicDocsHref("/pm")).toBe("/pm");
-    expect(resolveDashboardPublicDocsHref("https://github.com/xiaojiou176-open/CortexPilot-public")).toBe(
-      "https://github.com/xiaojiou176-open/CortexPilot-public"
+    expect(resolveDashboardPublicDocsHref("https://github.com/xiaojiou176-open/OpenVibeCoding")).toBe(
+      "https://github.com/xiaojiou176-open/OpenVibeCoding"
     );
   });