@etiquekit/etq 1.0.12 → 1.0.13

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (149) hide show
  1. package/AGENTS.md +19 -26
  2. package/LICENSE +2 -3
  3. package/NOTICE +6 -4
  4. package/QuickStart.md +35 -47
  5. package/README.md +54 -56
  6. package/bin/etiquette +1 -5
  7. package/bin/etiquette-core +1 -5
  8. package/docs/ARCHITECTURE.md +5 -5
  9. package/docs/CODEX_CLIENT_COMPATIBILITY.md +1 -1
  10. package/docs/CONCEPTS.md +7 -23
  11. package/docs/CONCEPT_STATUS.md +66 -0
  12. package/docs/CORE_PROFILE.md +3 -5
  13. package/docs/LANE_PROVISIONING.md +7 -2
  14. package/docs/README.md +4 -4
  15. package/docs/RELEASE_SURFACE_AUDIT.md +7 -6
  16. package/docs/SEAT_DISCIPLINE.md +55 -91
  17. package/docs/SEAT_PROVISIONING.md +19 -22
  18. package/docs/TEAM_HANDOFF.md +21 -21
  19. package/docs/WORKTREE_QOL.md +7 -6
  20. package/docs/contracts/ledger-entry/README.md +11 -11
  21. package/docs/contracts/ledger-entry/ledger-entry.v0.2.md +3 -3
  22. package/docs/contracts/ledger-entry/ledger-entry.v0.md +8 -8
  23. package/package.json +11 -11
  24. package/packages/control/src/authority/lease.ts +261 -0
  25. package/packages/control/src/authority/node-delegation.ts +257 -0
  26. package/packages/control/src/authority/rig-conductor.ts +632 -0
  27. package/packages/control/src/cli/argv.ts +155 -0
  28. package/packages/control/src/cli/commands/console.ts +200 -0
  29. package/packages/control/src/cli/commands/dispatch-core.ts +89 -0
  30. package/packages/control/src/cli/commands/dispatch.ts +279 -0
  31. package/packages/control/src/cli/commands/harness.ts +89 -0
  32. package/packages/control/src/cli/commands/hook.ts +50 -0
  33. package/packages/control/src/cli/commands/ledger.ts +91 -0
  34. package/packages/control/src/cli/commands/local-workflow.ts +4686 -0
  35. package/packages/control/src/cli/commands/memory.ts +445 -0
  36. package/packages/control/src/cli/commands/release.ts +108 -0
  37. package/packages/control/src/cli/commands/rubric.ts +103 -0
  38. package/packages/control/src/cli/commands/seat.ts +179 -0
  39. package/packages/control/src/cli/commands/session.ts +127 -0
  40. package/packages/control/src/cli/commands/supervision.ts +246 -0
  41. package/packages/control/src/cli/commands/sync.ts +119 -0
  42. package/packages/control/src/cli/commands/workflow.ts +86 -0
  43. package/packages/control/src/cli/commands/workspace.ts +50 -0
  44. package/packages/control/src/cli/core-usage.ts +34 -0
  45. package/packages/control/src/cli/prompt.ts +67 -0
  46. package/packages/control/src/cli/supervision-deps.ts +44 -0
  47. package/packages/control/src/cli/usage.ts +241 -0
  48. package/packages/control/src/cli.ts +207 -0
  49. package/packages/control/src/core-cli.ts +50 -0
  50. package/packages/control/src/dispatch/decision.ts +202 -0
  51. package/packages/control/src/dispatch/projection.ts +293 -0
  52. package/packages/control/src/dispatch/record.ts +153 -0
  53. package/packages/control/src/engagement/project.ts +170 -0
  54. package/packages/control/src/fs.ts +19 -0
  55. package/packages/control/src/harness/pruning.ts +406 -0
  56. package/packages/control/src/hooks/dispatcher.ts +117 -0
  57. package/packages/control/src/hooks/outbox.ts +86 -0
  58. package/packages/control/src/hooks/sanitize.ts +6 -0
  59. package/packages/control/src/hooks/types.ts +34 -0
  60. package/packages/control/src/index.ts +384 -0
  61. package/packages/control/src/ledger/entry.ts +303 -0
  62. package/packages/control/src/ledger/indexer.ts +542 -0
  63. package/packages/control/src/memory/context.ts +149 -0
  64. package/packages/control/src/memory/drain-import.ts +207 -0
  65. package/packages/control/src/memory/indexer.ts +284 -0
  66. package/packages/control/src/memory/query.ts +75 -0
  67. package/packages/control/src/memory/sanitize.ts +50 -0
  68. package/packages/control/src/memory/sharded-drain-import.ts +212 -0
  69. package/packages/control/src/memory/status.ts +211 -0
  70. package/packages/control/src/memory/store-lifecycle.ts +509 -0
  71. package/packages/control/src/memory/store.ts +284 -0
  72. package/packages/control/src/memory/types.ts +146 -0
  73. package/packages/control/src/parity/surfaces.ts +748 -0
  74. package/packages/control/src/project.ts +141 -0
  75. package/packages/control/src/projection/local-ledger-view.ts +373 -0
  76. package/packages/control/src/projection/return-enforcement.ts +48 -0
  77. package/packages/control/src/projection/timeline-preview.ts +539 -0
  78. package/packages/control/src/projection/timeline.ts +708 -0
  79. package/packages/control/src/release/readiness.ts +831 -0
  80. package/packages/control/src/rubric/loader.ts +326 -0
  81. package/packages/control/src/rubric/promotion.ts +54 -0
  82. package/packages/control/src/rubric/runner.ts +159 -0
  83. package/packages/control/src/rubric/types.ts +158 -0
  84. package/packages/control/src/seat/owner-card.ts +388 -0
  85. package/packages/control/src/seat/readiness.ts +834 -0
  86. package/packages/control/src/session/runbook.ts +431 -0
  87. package/packages/control/src/shared/sanitize.ts +49 -0
  88. package/packages/control/src/supervision/action-classes.ts +192 -0
  89. package/packages/control/src/supervision/command-apply.ts +378 -0
  90. package/packages/control/src/supervision/errors.ts +14 -0
  91. package/packages/control/src/supervision/event-replay.ts +155 -0
  92. package/packages/control/src/supervision/events.ts +109 -0
  93. package/packages/control/src/supervision/index.ts +16 -0
  94. package/packages/control/src/supervision/manifest.ts +127 -0
  95. package/packages/control/src/supervision/paths.ts +49 -0
  96. package/packages/control/src/supervision/projection-adapter.ts +274 -0
  97. package/packages/control/src/supervision/projection.ts +75 -0
  98. package/packages/control/src/supervision/rebuild.ts +99 -0
  99. package/packages/control/src/supervision/session-open.ts +131 -0
  100. package/packages/control/src/supervision/session-read.ts +99 -0
  101. package/packages/control/src/supervision/sqlite-impl.ts +71 -0
  102. package/packages/control/src/supervision/sqlite.ts +121 -0
  103. package/packages/control/src/supervision/store-rows.ts +371 -0
  104. package/packages/control/src/supervision/turn-close.ts +154 -0
  105. package/packages/control/src/supervision/turn-open.ts +284 -0
  106. package/packages/control/src/sync/event-log-merge-driver.ts +263 -0
  107. package/packages/control/src/sync/join-plan.ts +375 -0
  108. package/packages/control/src/sync/outbox.ts +492 -0
  109. package/packages/control/src/workflow/evaluator.ts +140 -0
  110. package/packages/control/src/workflow/loader.ts +200 -0
  111. package/packages/control/src/workflow/types.ts +90 -0
  112. package/packages/control/src/workspace/authority.ts +499 -0
  113. package/packages/protocol/src/guards.ts +119 -0
  114. package/packages/protocol/src/huddle-board.ts +198 -0
  115. package/packages/protocol/src/huddle.ts +295 -0
  116. package/packages/protocol/src/incident.ts +251 -0
  117. package/packages/protocol/src/index.ts +8 -0
  118. package/packages/protocol/src/interfaces.ts +107 -0
  119. package/packages/protocol/src/packet-profile.ts +195 -0
  120. package/packages/protocol/src/state.ts +81 -0
  121. package/packages/protocol/src/types.ts +434 -0
  122. package/release/lineage.v0.json +14 -0
  123. package/scripts/release-candidate-verify.sh +175 -0
  124. package/scripts/release-checksum.sh +25 -0
  125. package/scripts/release-pack-canary.sh +97 -0
  126. package/scripts/release-scan.sh +249 -0
  127. package/scripts/release-sign.sh +34 -0
  128. package/templates/etiquette-vanilla-v0/README.md +2 -3
  129. package/templates/etiquette-vanilla-v0/source/control-seat/README.md +0 -6
  130. package/templates/etiquette-vanilla-v0/source/control-seat/bin/seat-doctor +0 -5
  131. package/templates/etiquette-vanilla-v0/validate-vanilla.sh +0 -5
  132. package/templates/seat-packs-v0/README.md +3 -2
  133. package/templates/seat-packs-v0/source/claude-code-seat/README.md +3 -29
  134. package/templates/seat-packs-v0/source/codex-seat/README.md +3 -17
  135. package/templates/seat-packs-v0/source/gemini-seat/README.md +3 -23
  136. package/templates/seat-packs-v0/source/ollama-seat/README.md +3 -3
  137. package/templates/seat-packs-v0/source/openrouter-seat/README.md +3 -3
  138. package/docs/AGENT_SPAWNING.md +0 -78
  139. package/docs/INTEGRATION_UI.md +0 -215
  140. package/docs/OPERATOR_PLAYBOOK.md +0 -77
  141. package/docs/TAG_ROUTE.md +0 -95
  142. package/lib/etiquette-core.js +0 -315
  143. package/lib/etiquette.js +0 -1160
  144. package/templates/DISPATCH_PREMISES.md +0 -39
  145. package/templates/etiquette-vanilla-v0/source/control-seat/bin/access-assurance-check +0 -55
  146. package/templates/etiquette-vanilla-v0/source/control-seat/docs/work/access/ACCESS-ASSURANCE.md +0 -39
  147. package/templates/etiquette-vanilla-v0/source/control-seat/docs/work/access/workspace-secure-profile.v0.json +0 -53
  148. package/templates/hosted-receiver/README.md +0 -41
  149. package/templates/hosted-receiver/w1-github-webhook-receiver.mjs +0 -129
@@ -0,0 +1,97 @@
1
+ #!/bin/sh
2
+ # Build a fresh npm tarball in a temp dir and verify the public package surface.
3
+ set -eu
4
+
5
+ ROOT=$(CDPATH= cd -- "$(dirname -- "$0")/.." && pwd)
6
+ TMPDIR_ROOT=${TMPDIR:-/tmp}
7
+ TMP=$(mktemp -d "$TMPDIR_ROOT/etiquette-pack-canary.XXXXXX")
8
+ trap 'rm -rf "$TMP"' EXIT INT TERM
9
+
10
+ cd "$ROOT"
11
+ npm run release:scan >/dev/null
12
+ npm pack --pack-destination "$TMP" >/dev/null
13
+
14
+ TGZ=$(find "$TMP" -maxdepth 1 -name '*.tgz' -print | sort | sed -n '1p')
15
+ if [ -z "$TGZ" ]; then
16
+ echo "release-pack-canary: npm pack did not produce a tarball" >&2
17
+ exit 1
18
+ fi
19
+
20
+ FILES="$TMP/files.txt"
21
+ tar -tzf "$TGZ" | sort > "$FILES"
22
+
23
+ FILE_COUNT=$(wc -l < "$FILES" | tr -d ' ')
24
+ MAX_FILES=190
25
+ if [ "$FILE_COUNT" -gt "$MAX_FILES" ]; then
26
+ echo "release-pack-canary: package file count $FILE_COUNT exceeds budget $MAX_FILES" >&2
27
+ exit 1
28
+ fi
29
+
30
+ require_file() {
31
+ rel=$1
32
+ if ! grep -Fxq "$rel" "$FILES"; then
33
+ echo "release-pack-canary: missing required package file: $rel" >&2
34
+ exit 1
35
+ fi
36
+ }
37
+
38
+ forbid_prefix() {
39
+ prefix_re=$1
40
+ label=$2
41
+ if grep -Eq "^$prefix_re" "$FILES"; then
42
+ echo "release-pack-canary: forbidden package surface included: $label" >&2
43
+ grep -E "^$prefix_re" "$FILES" >&2
44
+ exit 1
45
+ fi
46
+ }
47
+
48
+ require_file "package/package.json"
49
+ require_file "package/LICENSE"
50
+ require_file "package/bin/etiquette"
51
+ require_file "package/bin/etiquette-core"
52
+ require_file "package/README.md"
53
+ require_file "package/QuickStart.md"
54
+ require_file "package/AGENTS.md"
55
+ require_file "package/docs/README.md"
56
+ require_file "package/docs/TEAM_HANDOFF.md"
57
+ require_file "package/docs/CODEX_CLIENT_COMPATIBILITY.md"
58
+ require_file "package/docs/RELEASE_SURFACE_AUDIT.md"
59
+ require_file "package/packages/control/src/cli.ts"
60
+ require_file "package/packages/control/src/core-cli.ts"
61
+ require_file "package/packages/protocol/src/index.ts"
62
+ require_file "package/release/lineage.v0.json"
63
+ require_file "package/scripts/release-candidate-verify.sh"
64
+ require_file "package/scripts/install.sh"
65
+ require_file "package/scripts/uninstall.sh"
66
+ require_file "package/scripts/release-scan.sh"
67
+ require_file "package/scripts/release-pack-canary.sh"
68
+ require_file "package/scripts/release-checksum.sh"
69
+ require_file "package/scripts/release-sign.sh"
70
+ require_file "package/templates/etiquette-vanilla-v0/README.md"
71
+ require_file "package/templates/github-actions/README.md"
72
+ require_file "package/templates/github-actions/w1-webhook-wake-canary.yml"
73
+ require_file "package/templates/seat-packs-v0/README.md"
74
+
75
+ forbid_prefix 'package/\.codex/' '.codex'
76
+ forbid_prefix 'package/\.etiquette/' '.etiquette'
77
+ forbid_prefix 'package/\.git' '.git'
78
+ forbid_prefix 'package/apps/' 'apps'
79
+ forbid_prefix 'package/conformance/' 'conformance'
80
+ forbid_prefix 'package/coverage/' 'coverage'
81
+ forbid_prefix 'package/dist/' 'dist'
82
+ forbid_prefix 'package/fixtures/' 'fixtures'
83
+ forbid_prefix 'package/internal/' 'internal'
84
+ forbid_prefix 'package/docs/INTERNAL_HANDOFF\.md$' 'internal handoff doc'
85
+ forbid_prefix 'package/node_modules/' 'node_modules'
86
+ forbid_prefix 'package/docs/work/' 'repo-local workspace scaffold docs'
87
+ forbid_prefix 'package/packages/control/src/cli/commands/slice\.ts$' 'legacy slice command'
88
+ forbid_prefix 'package/packages/control/src/cli/commands/runtime\.ts$' 'infra runtime command'
89
+ forbid_prefix 'package/packages/control/src/runtime/' 'infra runtime source'
90
+ forbid_prefix 'package/packages/adapter-' 'legacy adapter packages'
91
+ forbid_prefix 'package/packages/dbt-core/' 'legacy dbt-core package'
92
+ forbid_prefix 'package/packages/[^/]*/fixtures/' 'workspace fixtures'
93
+ forbid_prefix 'package/packages/[^/]*/package\.json$' 'workspace package metadata'
94
+ forbid_prefix 'package/site/' 'site'
95
+ forbid_prefix 'package/templates/hosted-receiver/' 'hosted receiver template'
96
+
97
+ echo "release-pack-canary: ok $(basename "$TGZ") files=$FILE_COUNT budget=$MAX_FILES"
@@ -0,0 +1,249 @@
1
+ #!/bin/sh
2
+ # Fail if release-hostile local/private markers are committed.
3
+ set -eu
4
+
5
+ ROOT=$(CDPATH= cd -- "$(dirname -- "$0")/.." && pwd)
6
+
7
+ if ! command -v rg >/dev/null 2>&1; then
8
+ echo "release-scan requires rg" >&2
9
+ exit 2
10
+ fi
11
+
12
+ forbidden_path='/'"Users/"
13
+ forbidden_name='justine'"massawe"
14
+ old_repo_name='discipline-'"control"
15
+ pattern="(${forbidden_path}|${forbidden_name}|${old_repo_name})"
16
+
17
+ if rg -n --hidden --glob '!.git' --glob '!.git/**' --glob '!_worktrees/**' --glob '!node_modules/**' --glob '!bun.lock' "$pattern" "$ROOT"; then
18
+ echo "release-scan: found forbidden local/private marker" >&2
19
+ exit 1
20
+ fi
21
+
22
+ vanilla_root="$ROOT/templates/etiquette-vanilla-v0"
23
+ github_actions_root="$ROOT/templates/github-actions"
24
+ seat_packs_root="$ROOT/templates/seat-packs-v0"
25
+ control_src_root="$ROOT/packages/control/src"
26
+ protocol_src_root="$ROOT/packages/protocol/src"
27
+ shop_marker_pattern="(El""sa|7""ven|Za""ch|bo""ss|Bo""ss)"
28
+ prior_run_pattern="(El""sa|7""ven|Za""ch|bo""ss|Bo""ss|ale-""felicity|codex-spark-""ale-seat|felicity-""review-seat|v3-""handshake|V3-""SCR|LMS-""SCR|bus""://|claude""logs|last""talk\.log|last""miles\.log|karp""athy|lee""pick|LP-""SCR)"
29
+
30
+ allowed_docs='docs/README.md
31
+ docs/ARCHITECTURE.md
32
+ docs/MANAGED_RUNTIME_COMPATIBILITY.md
33
+ docs/CODEX_CLIENT_COMPATIBILITY.md
34
+ docs/CONCEPTS.md
35
+ docs/CONCEPT_STATUS.md
36
+ docs/CORE_PROFILE.md
37
+ docs/HOSTED_RUNTIME_PARITY.md
38
+ docs/LANE_PROVISIONING.md
39
+ docs/PORTAL.md
40
+ docs/RELEASE_SURFACE_AUDIT.md
41
+ docs/SEAT_DISCIPLINE.md
42
+ docs/SEAT_PROVISIONING.md
43
+ docs/TEAM_HANDOFF.md
44
+ docs/WORKTREE_QOL.md
45
+ docs/work/bus-feed/README.md
46
+ docs/work/consumer-registry/README.md
47
+ docs/contracts/ledger-entry/ledger-entry.v0.2.md
48
+ docs/contracts/ledger-entry/README.md
49
+ docs/contracts/ledger-entry/ledger-query-cli.v0.1.md
50
+ docs/contracts/ledger-entry/ledger-entry.v0.1.md
51
+ docs/contracts/ledger-entry/ledger-entry.v0.md
52
+ docs/work/seats/owner-cards/default-review-seat.yaml'
53
+
54
+ for doc_path in $(find "$ROOT/docs" -type f | sed "s#^$ROOT/##" | sort); do
55
+ if ! printf '%s\n' "$allowed_docs" | grep -qx "$doc_path"; then
56
+ echo "release-scan: unexpected all-dev docs file: $doc_path" >&2
57
+ exit 1
58
+ fi
59
+ done
60
+
61
+ allowed_templates='templates/etiquette-vanilla-v0
62
+ templates/github-actions
63
+ templates/seat-packs-v0'
64
+
65
+ for template_path in $(find "$ROOT/templates" -mindepth 1 -maxdepth 1 -type d | sed "s#^$ROOT/##" | sort); do
66
+ if ! printf '%s\n' "$allowed_templates" | grep -qx "$template_path"; then
67
+ echo "release-scan: unexpected public template directory: $template_path" >&2
68
+ exit 1
69
+ fi
70
+ done
71
+
72
+ allowed_scripts='scripts/release-checksum.sh
73
+ scripts/install.sh
74
+ scripts/uninstall.sh
75
+ scripts/release-candidate-verify.sh
76
+ scripts/release-pack-canary.sh
77
+ scripts/release-scan.sh
78
+ scripts/release-sign.sh'
79
+
80
+ for script_path in $(find "$ROOT/scripts" -type f | sed "s#^$ROOT/##" | sort); do
81
+ if ! printf '%s\n' "$allowed_scripts" | grep -qx "$script_path"; then
82
+ echo "release-scan: unexpected public script: $script_path" >&2
83
+ exit 1
84
+ fi
85
+ sh -n "$ROOT/$script_path"
86
+ done
87
+
88
+ allowed_bins='bin/etiquette
89
+ bin/etiquette-core'
90
+
91
+ for bin_path in $(find "$ROOT/bin" -type f | sed "s#^$ROOT/##" | sort); do
92
+ if ! printf '%s\n' "$allowed_bins" | grep -qx "$bin_path"; then
93
+ echo "release-scan: unexpected public executable: $bin_path" >&2
94
+ exit 1
95
+ fi
96
+ sh -n "$ROOT/$bin_path"
97
+ done
98
+
99
+ default_surface_files="$ROOT/README.md
100
+ $ROOT/QuickStart.md
101
+ $ROOT/AGENTS.md
102
+ $ROOT/docs/README.md
103
+ $ROOT/docs/ARCHITECTURE.md
104
+ $ROOT/docs/CONCEPTS.md
105
+ $ROOT/docs/CONCEPT_STATUS.md
106
+ $ROOT/docs/LANE_PROVISIONING.md
107
+ $ROOT/docs/SEAT_DISCIPLINE.md
108
+ $ROOT/docs/SEAT_PROVISIONING.md
109
+ $ROOT/docs/WORKTREE_QOL.md
110
+ $ROOT/templates/etiquette-vanilla-v0/README.md"
111
+
112
+ if rg -n 'internal/docs' $default_surface_files; then
113
+ echo "release-scan: found maintainer-doc path in default onboarding surface" >&2
114
+ exit 1
115
+ fi
116
+
117
+ if command -v git >/dev/null 2>&1 && git -C "$ROOT" rev-parse --is-inside-work-tree >/dev/null 2>&1; then
118
+ tracked_forbidden=$(
119
+ git -C "$ROOT" ls-files \
120
+ '.etiquette/**' \
121
+ '.llm-substrate/**' \
122
+ 'site/public/fonts/**' \
123
+ '*.woff' \
124
+ '*.woff2' \
125
+ '*.ttf' \
126
+ '*.otf' \
127
+ || true
128
+ )
129
+ if [ -n "$tracked_forbidden" ]; then
130
+ echo "$tracked_forbidden" >&2
131
+ echo "release-scan: tracked release-hostile local state or font assets" >&2
132
+ exit 1
133
+ fi
134
+ fi
135
+
136
+ if rg -n "$prior_run_pattern" \
137
+ "$ROOT/README.md" \
138
+ "$ROOT/QuickStart.md" \
139
+ "$ROOT/AGENTS.md" \
140
+ "$ROOT/docs" \
141
+ "$ROOT/scripts" \
142
+ "$control_src_root" \
143
+ "$protocol_src_root" \
144
+ "$vanilla_root" \
145
+ "$github_actions_root" \
146
+ "$seat_packs_root"; then
147
+ echo "release-scan: found prior-run marker in all-dev onboarding surface" >&2
148
+ exit 1
149
+ fi
150
+
151
+ third_party_concept_pattern="\bC""MA\b"
152
+ if rg -n "$third_party_concept_pattern" \
153
+ --glob '!**/HOSTED_RUNTIME_PARITY.md' \
154
+ --glob '!**/src/mcp/**' \
155
+ "$ROOT/README.md" \
156
+ "$ROOT/QuickStart.md" \
157
+ "$ROOT/AGENTS.md" \
158
+ "$ROOT/docs" \
159
+ "$ROOT/scripts" \
160
+ "$control_src_root" \
161
+ "$protocol_src_root" \
162
+ "$vanilla_root" \
163
+ "$github_actions_root" \
164
+ "$seat_packs_root"; then
165
+ echo "release-scan: found third-party concept marker in all-dev onboarding surface" >&2
166
+ exit 1
167
+ fi
168
+
169
+ if command -v git >/dev/null 2>&1 && git -C "$ROOT" rev-parse --is-inside-work-tree >/dev/null 2>&1; then
170
+ archive_bad=$(
171
+ git -C "$ROOT" archive --worktree-attributes --format=tar HEAD \
172
+ | tar -tf - \
173
+ | sed 's#^\./##' \
174
+ | grep -E '^(\.etiquette/|\.llm-substrate/|apps/|conformance/|dist/|fixtures/|internal/|site/)' \
175
+ || true
176
+ )
177
+ if [ -n "$archive_bad" ]; then
178
+ echo "$archive_bad" >&2
179
+ echo "release-scan: source archive includes maintainer-only or generated surfaces" >&2
180
+ exit 1
181
+ fi
182
+ fi
183
+
184
+ check_max_lines() {
185
+ rel=$1
186
+ max=$2
187
+ lines=$(wc -l < "$ROOT/$rel" | tr -d ' ')
188
+ if [ "$lines" -gt "$max" ]; then
189
+ echo "release-scan: $rel has $lines lines; max allowed for onboarding surface is $max" >&2
190
+ exit 1
191
+ fi
192
+ }
193
+
194
+ check_max_lines "README.md" 80
195
+ check_max_lines "QuickStart.md" 95
196
+ check_max_lines "AGENTS.md" 45
197
+ check_max_lines "docs/README.md" 30
198
+ check_max_lines "docs/ARCHITECTURE.md" 100
199
+ check_max_lines "docs/CODEX_CLIENT_COMPATIBILITY.md" 85
200
+ check_max_lines "docs/CONCEPTS.md" 130
201
+ check_max_lines "docs/CONCEPT_STATUS.md" 75
202
+ check_max_lines "docs/CORE_PROFILE.md" 95
203
+ check_max_lines "docs/SEAT_DISCIPLINE.md" 120
204
+ check_max_lines "docs/SEAT_PROVISIONING.md" 100
205
+ check_max_lines "docs/TEAM_HANDOFF.md" 190
206
+ check_max_lines "docs/WORKTREE_QOL.md" 100
207
+ check_max_lines "docs/RELEASE_SURFACE_AUDIT.md" 160
208
+ check_max_lines "templates/etiquette-vanilla-v0/README.md" 70
209
+ check_max_lines "templates/github-actions/README.md" 70
210
+ check_max_lines "templates/github-actions/w1-webhook-wake-canary.yml" 130
211
+ check_max_lines "templates/seat-packs-v0/README.md" 90
212
+
213
+ normalize_words() {
214
+ tr ' ' '\n' | sed '/^$/d' | sort | tr '\n' ' ' | sed 's/ $//'
215
+ }
216
+
217
+ seat_types=$(sed -n 's/^ \([a-z0-9-]*\)) src=.*$/\1/p' "$seat_packs_root/bin/provision-seat" | normalize_words)
218
+
219
+ check_seat_pack_catalog() {
220
+ rel=$1
221
+ found=$(rg -o 'provision-seat [a-z0-9-]+' "$ROOT/$rel" | sed 's/provision-seat //' | grep -v '^auto$' | normalize_words)
222
+ if [ "$found" != "$seat_types" ]; then
223
+ echo "release-scan: $rel seat-pack list '$found' does not match provision-seat '$seat_types'" >&2
224
+ exit 1
225
+ fi
226
+ }
227
+
228
+ check_seat_pack_catalog "README.md"
229
+ check_seat_pack_catalog "QuickStart.md"
230
+ check_seat_pack_catalog "docs/SEAT_PROVISIONING.md"
231
+ check_seat_pack_catalog "templates/etiquette-vanilla-v0/README.md"
232
+ check_seat_pack_catalog "templates/seat-packs-v0/README.md"
233
+
234
+ if [ -d "$vanilla_root" ] && rg -n "$shop_marker_pattern" "$vanilla_root"; then
235
+ echo "release-scan: found shop marker in vanilla package" >&2
236
+ exit 1
237
+ fi
238
+
239
+ if [ -d "$seat_packs_root" ] && rg -n "$shop_marker_pattern" "$seat_packs_root"; then
240
+ echo "release-scan: found shop marker in seat packs package" >&2
241
+ exit 1
242
+ fi
243
+
244
+ if [ -d "$ROOT/templates/hosted-receiver" ]; then
245
+ echo "release-scan: hosted receiver template belongs outside thin devkit" >&2
246
+ exit 1
247
+ fi
248
+
249
+ echo "release-scan: ok"
@@ -0,0 +1,34 @@
1
+ #!/bin/sh
2
+ # Sign the checksum manifest when an operator provides a release signing key.
3
+ set -eu
4
+
5
+ ROOT=$(CDPATH= cd -- "$(dirname -- "$0")/.." && pwd)
6
+ CHECKSUMS="$ROOT/dist/SHA256SUMS"
7
+
8
+ if [ ! -f "$CHECKSUMS" ]; then
9
+ echo "release-sign: missing dist/SHA256SUMS; run npm run release:checksum first" >&2
10
+ exit 1
11
+ fi
12
+
13
+ if [ -n "${ETIQUETTE_RELEASE_SIGNING_KEY:-}" ]; then
14
+ if [ ! -f "$ETIQUETTE_RELEASE_SIGNING_KEY" ]; then
15
+ echo "release-sign: ETIQUETTE_RELEASE_SIGNING_KEY does not point to a file" >&2
16
+ exit 1
17
+ fi
18
+ openssl dgst -sha256 -sign "$ETIQUETTE_RELEASE_SIGNING_KEY" -out "$CHECKSUMS.sig" "$CHECKSUMS"
19
+ printf 'method=openssl-rsa-sha256\nsigned_ref=dist/SHA256SUMS.sig\n' > "$ROOT/dist/SIGNATURE_MANIFEST.txt"
20
+ rm -f "$ROOT/dist/SIGNATURE_REQUIRED.txt"
21
+ echo "release-sign: wrote dist/SHA256SUMS.sig"
22
+ exit 0
23
+ fi
24
+
25
+ cat > "$ROOT/dist/SIGNATURE_REQUIRED.txt" <<'MSG'
26
+ Release signing was not performed.
27
+
28
+ Set ETIQUETTE_RELEASE_SIGNING_KEY to an operator-held private key file, then rerun:
29
+
30
+ npm run release:sign
31
+ MSG
32
+
33
+ echo "release-sign: signing key missing; wrote dist/SIGNATURE_REQUIRED.txt" >&2
34
+ exit 1
@@ -11,7 +11,7 @@ default_surface:
11
11
  ```
12
12
 
13
13
  It does not create runtime seats, product repos, backplanes, hosted services, dashboards, or sample products.
14
- It starts unauthenticated: `workspace-secure-profile.v0` is `open`, with upgrade paths for `screening-warn`, `screening-enforced`, and `enterprise-reactor`.
14
+ It starts local and unauthenticated. Seat identity, readiness, and task authority stay in the local workflow records.
15
15
 
16
16
  ## Quick Start
17
17
 
@@ -23,7 +23,6 @@ sh /tmp/etiquette-start/validate-vanilla.sh
23
23
  ```
24
24
 
25
25
  The first person who claims the stamped `control-seat` reports readiness before assigning work.
26
- For restricted seats, change the secure profile, add provider-derived policy/claims, then run `sh source/control-seat/bin/access-assurance-check`.
27
26
 
28
27
  ## Local Receipt Proof
29
28
 
@@ -55,7 +54,7 @@ cannot:
55
54
  - clone product repos before assignment
56
55
  - bypass validation
57
56
  - treat chat as evidence
58
- - grant access from the secure profile or reactor
57
+ - grant authority from local profile metadata
59
58
  ```
60
59
 
61
60
  Provision these later only after the control seat grants them:
@@ -8,9 +8,3 @@ For local-only proof, append events with `bin/local-event` and compact them with
8
8
 
9
9
  Inside a live runtime session, run `bin/session-init` after `bin/seat-init`
10
10
  to prepare the local ledger, receipts, tasks, outbox, and session state.
11
-
12
- Access assurance is explicit and optional. The default profile is
13
- `docs/work/access/workspace-secure-profile.v0.json` with `mode: open`. Run
14
- `bin/access-assurance-check` before routing restricted seats, and switch to
15
- `screening-warn`, `screening-enforced`, or `enterprise-reactor` only when the
16
- workspace actually needs provider-backed screening.
@@ -5,16 +5,11 @@ ROOT=$(CDPATH= cd -- "$(dirname -- "$0")/.." && pwd)
5
5
 
6
6
  test -f "$ROOT/.llm-substrate/HANDOFF.md"
7
7
  test -f "$ROOT/docs/work/ledger/LEDGER.md"
8
- test -f "$ROOT/docs/work/access/workspace-secure-profile.v0.json"
9
- test -f "$ROOT/docs/work/access/ACCESS-ASSURANCE.md"
10
8
  test -f "$ROOT/docs/work/playbacks/PLAYBACK_TEMPLATE.md"
11
9
  test -f "$ROOT/docs/work/tasks/CONTROL-001.yaml"
12
10
  test -d "$ROOT/docs/work/receipts"
13
- test -f "$ROOT/bin/access-assurance-check"
14
11
  test -f "$ROOT/bin/session-init"
15
12
  test -f "$ROOT/bin/local-event"
16
13
  test -f "$ROOT/bin/compact-local-events"
17
14
 
18
- sh "$ROOT/bin/access-assurance-check" >/dev/null
19
-
20
15
  echo "control-seat: ok"
@@ -7,22 +7,17 @@ test -f "$ROOT/README.md"
7
7
  test -d "$ROOT/source/etiquette-kernel"
8
8
  test -d "$ROOT/source/control-seat"
9
9
  grep -Fq ".etiquette/events/*.ndjson" "$ROOT/source/control-seat/.gitignore"
10
- grep -q '"schema": "workspace-secure-profile.v0"' "$ROOT/source/control-seat/docs/work/access/workspace-secure-profile.v0.json"
11
- grep -q '"mode": "open"' "$ROOT/source/control-seat/docs/work/access/workspace-secure-profile.v0.json"
12
- grep -q "enterprise-reactor" "$ROOT/source/control-seat/docs/work/access/ACCESS-ASSURANCE.md"
13
10
  grep -q "Controlled drills require one operator approval per drill" "$ROOT/source/etiquette-kernel/contracts/playback.v0.md"
14
11
  grep -q "batch_approval_allowed: false" "$ROOT/source/control-seat/docs/work/playbacks/PLAYBACK_TEMPLATE.md"
15
12
 
16
13
  sh "$ROOT/source/etiquette-kernel/bin/kernel-doctor"
17
14
  sh "$ROOT/source/control-seat/bin/seat-doctor"
18
- sh "$ROOT/source/control-seat/bin/access-assurance-check" | grep -q "mode=open"
19
15
 
20
16
  tmp_root=$(mktemp -d "${TMPDIR:-/tmp}/etiquette-vanilla-compact.XXXXXX")
21
17
  trap 'rm -rf "$tmp_root"' EXIT
22
18
 
23
19
  cp -R "$ROOT/source/control-seat/." "$tmp_root/control-seat/"
24
20
  sh "$tmp_root/control-seat/bin/seat-init" --execution-seat control-seat >/dev/null
25
- sh "$tmp_root/control-seat/bin/access-assurance-check" | grep -q "mode=open"
26
21
  sh "$tmp_root/control-seat/bin/session-init" --task-id SESSION-INIT --operator local-operator >/tmp/session-init.out
27
22
  test -f "$tmp_root/control-seat/.etiquette/state/session.json"
28
23
  grep -q "session_opened" "$tmp_root/control-seat/docs/work/ledger/LEDGER.md"
@@ -62,8 +62,9 @@ project head-start surfaces before pickup:
62
62
  - `docs/work/manuals/SEAT_OPERATING_MANUAL.md`
63
63
  - `docs/work/cookbooks/ADD_A_LANE.md` when routing work
64
64
 
65
- Re-orient with `etiquette whereami` before pickup after stale context, resume,
66
- runner/model/profile swaps, or workflow migration.
65
+ After interrupted sessions, cwd/worktree ambiguity, role changes, or vendor
66
+ swaps, rerun `whereami`, `doctor`, and `notify poll` before pickup.
67
+ Lifecycle/readiness checks are evidence only; they do not authorize work.
67
68
 
68
69
  ## Validate Catalog
69
70
 
@@ -14,32 +14,6 @@ Before pickup in the target project, read:
14
14
  4. `docs/work/manuals/SEAT_OPERATING_MANUAL.md`
15
15
  5. `docs/work/cookbooks/ADD_A_LANE.md` when routing new work
16
16
 
17
- Re-orient with `etiquette whereami` before pickup after stale context, resume,
18
- runner/model/profile swaps, or workflow migration. Hooks and readiness are
19
- evidence only; the task envelope is the work authority.
20
-
21
- ## Claude Code QoL
22
-
23
- **Monitoring posture (push vs pull):**
24
-
25
- - Default OFF. A solo seat has no counterpart returns to catch — poll on
26
- demand at natural checkpoints (`etiquette notify poll --seat <seat>` after
27
- dispatching, before gates) instead of arming a watcher.
28
- - Arm the Monitor tool (push) only when counterpart seats are actively
29
- working or during a coordination window. Wrap a cursor-based poll loop —
30
- never `tail -F` an event file from byte 0 (git operations rewrite it and
31
- replay history).
32
- - Push and the interactive agents view are mutually exclusive: any
33
- persistent background task blocks the agents shortcut. Toggle deliberately
34
- and say which posture you are in.
35
-
36
- **Context-compaction hazards (Claude Code specific):**
37
-
38
- - Compaction can silently swap your model. Render the active model in your
39
- statusline; verify it after every compaction or resume.
40
- - Re-orient with `etiquette whereami` after compaction — chat memory is not
41
- a task binding. Durable facts belong in files, not context.
42
-
43
- **Continuity:** prefer forked subagents for work that must survive your
44
- session; a plain subagent dies with you. Keep persistent background tasks to
45
- a minimum — each one is a posture commitment.
17
+ After interrupted sessions, cwd/worktree ambiguity, role changes, or vendor
18
+ swaps, rerun `whereami`, `doctor`, and `notify poll` before pickup. Hooks and
19
+ readiness are evidence only; the task envelope is the work authority.
@@ -14,23 +14,9 @@ Before pickup in the target project, read:
14
14
  4. `docs/work/manuals/SEAT_OPERATING_MANUAL.md`
15
15
  5. `docs/work/cookbooks/ADD_A_LANE.md` when routing new work
16
16
 
17
- Re-orient with `etiquette whereami` before pickup after stale context, resume,
18
- runner/model/profile swaps, or workflow migration. Hooks and readiness are
19
- evidence only; the task envelope is the work authority.
17
+ After interrupted sessions, cwd/worktree ambiguity, role changes, or vendor
18
+ swaps, rerun `whereami`, `doctor`, and `notify poll` before pickup. Hooks and
19
+ readiness are evidence only; the task envelope is the work authority.
20
20
 
21
21
  For bounded, cursor-based wake checks use the portable core command
22
22
  `etiquette notify poll --seat <id> --after-seq <n>` instead of raw `tail -F` monitors.
23
-
24
- ## Codex QoL
25
-
26
- **Runner claims:** one seat, one active runner per task. Before occupying a
27
- seat another runner may hold, claim explicitly and record your runner id; if
28
- you find another runner's work in the worktree, preserve it and stand down or
29
- counter — never overwrite.
30
-
31
- **Honest substitution:** when your sandbox/safety layer refuses a declared
32
- command (e.g. a disable-sandbox flag), run the stricter variant and disclose
33
- the substitution in your return — never silently claim the declared gate ran.
34
-
35
- **Notifications:** use bounded cursor-based polls (`etiquette notify poll`);
36
- pair long waits with an explicit re-check cadence in your session notes.
@@ -14,26 +14,6 @@ Before pickup in the target project, read:
14
14
  4. `docs/work/manuals/SEAT_OPERATING_MANUAL.md`
15
15
  5. `docs/work/cookbooks/ADD_A_LANE.md` when routing new work
16
16
 
17
- Re-orient with `etiquette whereami` before pickup after stale context, resume,
18
- runner/model/profile swaps, or workflow migration. Hooks and readiness are
19
- evidence only; the task envelope is the work authority.
20
-
21
- ## Gemini QoL
22
-
23
- **Role fit:** this seat shines as a divergent-advisory and review seat —
24
- fast structured review-returns (`confirm_with_amendments` with concrete
25
- amendments), coverage sweeps, and alternative-angle pressure tests. Treat
26
- its returns as first-class evidence.
27
-
28
- **Calibration duties:**
29
-
30
- - Every claim in a return carries file:line evidence read on the consuming
31
- surface — speed invites overclaim; evidence is the antidote.
32
- - Do not act as the sole verifier for promotion-grade claims; pair with a
33
- second party or an executable check.
34
- - Keep ledger-facing writes in a plain technical register — schemas, fields,
35
- checks; metaphors stay in chat.
36
-
37
- **Notifications:** Claude-style push monitors do not port to this runtime.
38
- Use bounded cursor-based polls (`etiquette notify poll --seat <seat>`); no
39
- persistent watchers, no tail-based loops.
17
+ After interrupted sessions, cwd/worktree ambiguity, role changes, or vendor
18
+ swaps, rerun `whereami`, `doctor`, and `notify poll` before pickup. Hooks and
19
+ readiness are evidence only; the task envelope is the work authority.
@@ -14,6 +14,6 @@ Before pickup in the target project, read:
14
14
  4. `docs/work/manuals/SEAT_OPERATING_MANUAL.md`
15
15
  5. `docs/work/cookbooks/ADD_A_LANE.md` when routing new work
16
16
 
17
- Re-orient with `etiquette whereami` before pickup after stale context, resume,
18
- runner/model/profile swaps, or workflow migration. Hooks and readiness are
19
- evidence only; the task envelope is the work authority.
17
+ After interrupted sessions, cwd/worktree ambiguity, role changes, or vendor
18
+ swaps, rerun `whereami`, `doctor`, and `notify poll` before pickup. Hooks and
19
+ readiness are evidence only; the task envelope is the work authority.
@@ -14,6 +14,6 @@ Before pickup in the target project, read:
14
14
  4. `docs/work/manuals/SEAT_OPERATING_MANUAL.md`
15
15
  5. `docs/work/cookbooks/ADD_A_LANE.md` when routing new work
16
16
 
17
- Re-orient with `etiquette whereami` before pickup after stale context, resume,
18
- runner/model/profile swaps, or workflow migration. Hooks and readiness are
19
- evidence only; the task envelope is the work authority.
17
+ After interrupted sessions, cwd/worktree ambiguity, role changes, or vendor
18
+ swaps, rerun `whereami`, `doctor`, and `notify poll` before pickup. Hooks and
19
+ readiness are evidence only; the task envelope is the work authority.