Core is always on. Pro capability packs go deeper.
Every task gets local-first controls for scope, safety, proof, continuity, and routing. When the work needs deeper review, proof collection, or readiness gates, Avorelo can route into Pro capability packs with explicit boundaries about what is implemented today and what still requires human approval.
Core controls
Core controls are the always-on free layer. They do not depend on a customer account, do not require cloud sync, and do not turn Avorelo into a heavy dashboard product.
Scope, routing, and activation
Work contracts, route selection, activation checks, and task-scoped defaults keep AI work aligned to what the task actually needs.
Proof, receipts, and continuity
Avorelo records redacted runtime sessions, proof summaries, value cards, and next-run continuity without storing raw prompts or secrets.
Security and approval boundaries
Secret boundary scans, redaction, and irreversible-action gates fail closed before risky work can silently proceed.
Pro capability packs
These packs describe the deeper review and readiness work Avorelo can support in 0.3.0. Each card links to a detail page that states the current canonical truth, evidence paths, tests, and the boundaries on what Avorelo does not claim to do.
QA & Proof Review
Proof grading, validation summaries, and adapter-backed review signals where supported.
Security Review Support
Secret-boundary enforcement, redaction, prompt-injection checks, and security-scan proof adapters.
Release Readiness
Readiness checks, package safety, and approval gates for publish and deploy workflows.
Legal & Compliance Review Support
Protected-concern escalation support with explicit human handoff instead of automated legal conclusions.
Product Specification
Structured work contracts, scope boundaries, and acceptance criteria for downstream execution.
Documentation & PMM Review
Public-claim review support and positioning checks, without claiming a full automated content review engine.
Package Release
Tarball inspection, package checks, and manual publish gates for npm release preparation.
Launch Readiness
Cross-domain launch coordination signals that still stop short of deploy, launch, or customer action.
Payment Launch Readiness
Payment proof, entitlement read-back, and live-mode boundaries for Lemon Squeezy cutover work.
How this stays honest
Current canonical truth, not old architecture memory
Capability pages are bounded to the current canonical kernel, control-center output, tool-adapter proof, and tests. They do not rely on deleted files or historical claims.
Approval boundaries stay visible
Package publish, production deploy, billing go-live, domain changes, and customer actions remain human-approved steps. Capability packs can prepare and verify; they do not quietly cross those boundaries.
No legal or security overclaiming
Security support is not a penetration test. Legal/compliance support is not legal advice. The detail pages repeat those boundaries exactly where the capability could otherwise be misunderstood.
No fake billing or launch claims
The public site does not imply live billing, public launch, or autonomous release execution. Where Lemon Squeezy or launch support is mentioned, the page states the remaining approval boundary.