@etiquekit/etq 1.0.12 → 1.0.13
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/AGENTS.md +19 -26
- package/LICENSE +2 -3
- package/NOTICE +6 -4
- package/QuickStart.md +35 -47
- package/README.md +54 -56
- package/bin/etiquette +1 -5
- package/bin/etiquette-core +1 -5
- package/docs/ARCHITECTURE.md +5 -5
- package/docs/CODEX_CLIENT_COMPATIBILITY.md +1 -1
- package/docs/CONCEPTS.md +7 -23
- package/docs/CONCEPT_STATUS.md +66 -0
- package/docs/CORE_PROFILE.md +3 -5
- package/docs/LANE_PROVISIONING.md +7 -2
- package/docs/README.md +4 -4
- package/docs/RELEASE_SURFACE_AUDIT.md +7 -6
- package/docs/SEAT_DISCIPLINE.md +55 -91
- package/docs/SEAT_PROVISIONING.md +19 -22
- package/docs/TEAM_HANDOFF.md +21 -21
- package/docs/WORKTREE_QOL.md +7 -6
- package/docs/contracts/ledger-entry/README.md +11 -11
- package/docs/contracts/ledger-entry/ledger-entry.v0.2.md +3 -3
- package/docs/contracts/ledger-entry/ledger-entry.v0.md +8 -8
- package/package.json +11 -11
- package/packages/control/src/authority/lease.ts +261 -0
- package/packages/control/src/authority/node-delegation.ts +257 -0
- package/packages/control/src/authority/rig-conductor.ts +632 -0
- package/packages/control/src/cli/argv.ts +155 -0
- package/packages/control/src/cli/commands/console.ts +200 -0
- package/packages/control/src/cli/commands/dispatch-core.ts +89 -0
- package/packages/control/src/cli/commands/dispatch.ts +279 -0
- package/packages/control/src/cli/commands/harness.ts +89 -0
- package/packages/control/src/cli/commands/hook.ts +50 -0
- package/packages/control/src/cli/commands/ledger.ts +91 -0
- package/packages/control/src/cli/commands/local-workflow.ts +4686 -0
- package/packages/control/src/cli/commands/memory.ts +445 -0
- package/packages/control/src/cli/commands/release.ts +108 -0
- package/packages/control/src/cli/commands/rubric.ts +103 -0
- package/packages/control/src/cli/commands/seat.ts +179 -0
- package/packages/control/src/cli/commands/session.ts +127 -0
- package/packages/control/src/cli/commands/supervision.ts +246 -0
- package/packages/control/src/cli/commands/sync.ts +119 -0
- package/packages/control/src/cli/commands/workflow.ts +86 -0
- package/packages/control/src/cli/commands/workspace.ts +50 -0
- package/packages/control/src/cli/core-usage.ts +34 -0
- package/packages/control/src/cli/prompt.ts +67 -0
- package/packages/control/src/cli/supervision-deps.ts +44 -0
- package/packages/control/src/cli/usage.ts +241 -0
- package/packages/control/src/cli.ts +207 -0
- package/packages/control/src/core-cli.ts +50 -0
- package/packages/control/src/dispatch/decision.ts +202 -0
- package/packages/control/src/dispatch/projection.ts +293 -0
- package/packages/control/src/dispatch/record.ts +153 -0
- package/packages/control/src/engagement/project.ts +170 -0
- package/packages/control/src/fs.ts +19 -0
- package/packages/control/src/harness/pruning.ts +406 -0
- package/packages/control/src/hooks/dispatcher.ts +117 -0
- package/packages/control/src/hooks/outbox.ts +86 -0
- package/packages/control/src/hooks/sanitize.ts +6 -0
- package/packages/control/src/hooks/types.ts +34 -0
- package/packages/control/src/index.ts +384 -0
- package/packages/control/src/ledger/entry.ts +303 -0
- package/packages/control/src/ledger/indexer.ts +542 -0
- package/packages/control/src/memory/context.ts +149 -0
- package/packages/control/src/memory/drain-import.ts +207 -0
- package/packages/control/src/memory/indexer.ts +284 -0
- package/packages/control/src/memory/query.ts +75 -0
- package/packages/control/src/memory/sanitize.ts +50 -0
- package/packages/control/src/memory/sharded-drain-import.ts +212 -0
- package/packages/control/src/memory/status.ts +211 -0
- package/packages/control/src/memory/store-lifecycle.ts +509 -0
- package/packages/control/src/memory/store.ts +284 -0
- package/packages/control/src/memory/types.ts +146 -0
- package/packages/control/src/parity/surfaces.ts +748 -0
- package/packages/control/src/project.ts +141 -0
- package/packages/control/src/projection/local-ledger-view.ts +373 -0
- package/packages/control/src/projection/return-enforcement.ts +48 -0
- package/packages/control/src/projection/timeline-preview.ts +539 -0
- package/packages/control/src/projection/timeline.ts +708 -0
- package/packages/control/src/release/readiness.ts +831 -0
- package/packages/control/src/rubric/loader.ts +326 -0
- package/packages/control/src/rubric/promotion.ts +54 -0
- package/packages/control/src/rubric/runner.ts +159 -0
- package/packages/control/src/rubric/types.ts +158 -0
- package/packages/control/src/seat/owner-card.ts +388 -0
- package/packages/control/src/seat/readiness.ts +834 -0
- package/packages/control/src/session/runbook.ts +431 -0
- package/packages/control/src/shared/sanitize.ts +49 -0
- package/packages/control/src/supervision/action-classes.ts +192 -0
- package/packages/control/src/supervision/command-apply.ts +378 -0
- package/packages/control/src/supervision/errors.ts +14 -0
- package/packages/control/src/supervision/event-replay.ts +155 -0
- package/packages/control/src/supervision/events.ts +109 -0
- package/packages/control/src/supervision/index.ts +16 -0
- package/packages/control/src/supervision/manifest.ts +127 -0
- package/packages/control/src/supervision/paths.ts +49 -0
- package/packages/control/src/supervision/projection-adapter.ts +274 -0
- package/packages/control/src/supervision/projection.ts +75 -0
- package/packages/control/src/supervision/rebuild.ts +99 -0
- package/packages/control/src/supervision/session-open.ts +131 -0
- package/packages/control/src/supervision/session-read.ts +99 -0
- package/packages/control/src/supervision/sqlite-impl.ts +71 -0
- package/packages/control/src/supervision/sqlite.ts +121 -0
- package/packages/control/src/supervision/store-rows.ts +371 -0
- package/packages/control/src/supervision/turn-close.ts +154 -0
- package/packages/control/src/supervision/turn-open.ts +284 -0
- package/packages/control/src/sync/event-log-merge-driver.ts +263 -0
- package/packages/control/src/sync/join-plan.ts +375 -0
- package/packages/control/src/sync/outbox.ts +492 -0
- package/packages/control/src/workflow/evaluator.ts +140 -0
- package/packages/control/src/workflow/loader.ts +200 -0
- package/packages/control/src/workflow/types.ts +90 -0
- package/packages/control/src/workspace/authority.ts +499 -0
- package/packages/protocol/src/guards.ts +119 -0
- package/packages/protocol/src/huddle-board.ts +198 -0
- package/packages/protocol/src/huddle.ts +295 -0
- package/packages/protocol/src/incident.ts +251 -0
- package/packages/protocol/src/index.ts +8 -0
- package/packages/protocol/src/interfaces.ts +107 -0
- package/packages/protocol/src/packet-profile.ts +195 -0
- package/packages/protocol/src/state.ts +81 -0
- package/packages/protocol/src/types.ts +434 -0
- package/release/lineage.v0.json +14 -0
- package/scripts/release-candidate-verify.sh +175 -0
- package/scripts/release-checksum.sh +25 -0
- package/scripts/release-pack-canary.sh +97 -0
- package/scripts/release-scan.sh +249 -0
- package/scripts/release-sign.sh +34 -0
- package/templates/etiquette-vanilla-v0/README.md +2 -3
- package/templates/etiquette-vanilla-v0/source/control-seat/README.md +0 -6
- package/templates/etiquette-vanilla-v0/source/control-seat/bin/seat-doctor +0 -5
- package/templates/etiquette-vanilla-v0/validate-vanilla.sh +0 -5
- package/templates/seat-packs-v0/README.md +3 -2
- package/templates/seat-packs-v0/source/claude-code-seat/README.md +3 -29
- package/templates/seat-packs-v0/source/codex-seat/README.md +3 -17
- package/templates/seat-packs-v0/source/gemini-seat/README.md +3 -23
- package/templates/seat-packs-v0/source/ollama-seat/README.md +3 -3
- package/templates/seat-packs-v0/source/openrouter-seat/README.md +3 -3
- package/docs/AGENT_SPAWNING.md +0 -78
- package/docs/INTEGRATION_UI.md +0 -215
- package/docs/OPERATOR_PLAYBOOK.md +0 -77
- package/docs/TAG_ROUTE.md +0 -95
- package/lib/etiquette-core.js +0 -315
- package/lib/etiquette.js +0 -1160
- package/templates/DISPATCH_PREMISES.md +0 -39
- package/templates/etiquette-vanilla-v0/source/control-seat/bin/access-assurance-check +0 -55
- package/templates/etiquette-vanilla-v0/source/control-seat/docs/work/access/ACCESS-ASSURANCE.md +0 -39
- package/templates/etiquette-vanilla-v0/source/control-seat/docs/work/access/workspace-secure-profile.v0.json +0 -53
- package/templates/hosted-receiver/README.md +0 -41
- package/templates/hosted-receiver/w1-github-webhook-receiver.mjs +0 -129
|
@@ -0,0 +1,97 @@
|
|
|
1
|
+
#!/bin/sh
|
|
2
|
+
# Build a fresh npm tarball in a temp dir and verify the public package surface.
|
|
3
|
+
set -eu
|
|
4
|
+
|
|
5
|
+
ROOT=$(CDPATH= cd -- "$(dirname -- "$0")/.." && pwd)
|
|
6
|
+
TMPDIR_ROOT=${TMPDIR:-/tmp}
|
|
7
|
+
TMP=$(mktemp -d "$TMPDIR_ROOT/etiquette-pack-canary.XXXXXX")
|
|
8
|
+
trap 'rm -rf "$TMP"' EXIT INT TERM
|
|
9
|
+
|
|
10
|
+
cd "$ROOT"
|
|
11
|
+
npm run release:scan >/dev/null
|
|
12
|
+
npm pack --pack-destination "$TMP" >/dev/null
|
|
13
|
+
|
|
14
|
+
TGZ=$(find "$TMP" -maxdepth 1 -name '*.tgz' -print | sort | sed -n '1p')
|
|
15
|
+
if [ -z "$TGZ" ]; then
|
|
16
|
+
echo "release-pack-canary: npm pack did not produce a tarball" >&2
|
|
17
|
+
exit 1
|
|
18
|
+
fi
|
|
19
|
+
|
|
20
|
+
FILES="$TMP/files.txt"
|
|
21
|
+
tar -tzf "$TGZ" | sort > "$FILES"
|
|
22
|
+
|
|
23
|
+
FILE_COUNT=$(wc -l < "$FILES" | tr -d ' ')
|
|
24
|
+
MAX_FILES=190
|
|
25
|
+
if [ "$FILE_COUNT" -gt "$MAX_FILES" ]; then
|
|
26
|
+
echo "release-pack-canary: package file count $FILE_COUNT exceeds budget $MAX_FILES" >&2
|
|
27
|
+
exit 1
|
|
28
|
+
fi
|
|
29
|
+
|
|
30
|
+
require_file() {
|
|
31
|
+
rel=$1
|
|
32
|
+
if ! grep -Fxq "$rel" "$FILES"; then
|
|
33
|
+
echo "release-pack-canary: missing required package file: $rel" >&2
|
|
34
|
+
exit 1
|
|
35
|
+
fi
|
|
36
|
+
}
|
|
37
|
+
|
|
38
|
+
forbid_prefix() {
|
|
39
|
+
prefix_re=$1
|
|
40
|
+
label=$2
|
|
41
|
+
if grep -Eq "^$prefix_re" "$FILES"; then
|
|
42
|
+
echo "release-pack-canary: forbidden package surface included: $label" >&2
|
|
43
|
+
grep -E "^$prefix_re" "$FILES" >&2
|
|
44
|
+
exit 1
|
|
45
|
+
fi
|
|
46
|
+
}
|
|
47
|
+
|
|
48
|
+
require_file "package/package.json"
|
|
49
|
+
require_file "package/LICENSE"
|
|
50
|
+
require_file "package/bin/etiquette"
|
|
51
|
+
require_file "package/bin/etiquette-core"
|
|
52
|
+
require_file "package/README.md"
|
|
53
|
+
require_file "package/QuickStart.md"
|
|
54
|
+
require_file "package/AGENTS.md"
|
|
55
|
+
require_file "package/docs/README.md"
|
|
56
|
+
require_file "package/docs/TEAM_HANDOFF.md"
|
|
57
|
+
require_file "package/docs/CODEX_CLIENT_COMPATIBILITY.md"
|
|
58
|
+
require_file "package/docs/RELEASE_SURFACE_AUDIT.md"
|
|
59
|
+
require_file "package/packages/control/src/cli.ts"
|
|
60
|
+
require_file "package/packages/control/src/core-cli.ts"
|
|
61
|
+
require_file "package/packages/protocol/src/index.ts"
|
|
62
|
+
require_file "package/release/lineage.v0.json"
|
|
63
|
+
require_file "package/scripts/release-candidate-verify.sh"
|
|
64
|
+
require_file "package/scripts/install.sh"
|
|
65
|
+
require_file "package/scripts/uninstall.sh"
|
|
66
|
+
require_file "package/scripts/release-scan.sh"
|
|
67
|
+
require_file "package/scripts/release-pack-canary.sh"
|
|
68
|
+
require_file "package/scripts/release-checksum.sh"
|
|
69
|
+
require_file "package/scripts/release-sign.sh"
|
|
70
|
+
require_file "package/templates/etiquette-vanilla-v0/README.md"
|
|
71
|
+
require_file "package/templates/github-actions/README.md"
|
|
72
|
+
require_file "package/templates/github-actions/w1-webhook-wake-canary.yml"
|
|
73
|
+
require_file "package/templates/seat-packs-v0/README.md"
|
|
74
|
+
|
|
75
|
+
forbid_prefix 'package/\.codex/' '.codex'
|
|
76
|
+
forbid_prefix 'package/\.etiquette/' '.etiquette'
|
|
77
|
+
forbid_prefix 'package/\.git' '.git'
|
|
78
|
+
forbid_prefix 'package/apps/' 'apps'
|
|
79
|
+
forbid_prefix 'package/conformance/' 'conformance'
|
|
80
|
+
forbid_prefix 'package/coverage/' 'coverage'
|
|
81
|
+
forbid_prefix 'package/dist/' 'dist'
|
|
82
|
+
forbid_prefix 'package/fixtures/' 'fixtures'
|
|
83
|
+
forbid_prefix 'package/internal/' 'internal'
|
|
84
|
+
forbid_prefix 'package/docs/INTERNAL_HANDOFF\.md$' 'internal handoff doc'
|
|
85
|
+
forbid_prefix 'package/node_modules/' 'node_modules'
|
|
86
|
+
forbid_prefix 'package/docs/work/' 'repo-local workspace scaffold docs'
|
|
87
|
+
forbid_prefix 'package/packages/control/src/cli/commands/slice\.ts$' 'legacy slice command'
|
|
88
|
+
forbid_prefix 'package/packages/control/src/cli/commands/runtime\.ts$' 'infra runtime command'
|
|
89
|
+
forbid_prefix 'package/packages/control/src/runtime/' 'infra runtime source'
|
|
90
|
+
forbid_prefix 'package/packages/adapter-' 'legacy adapter packages'
|
|
91
|
+
forbid_prefix 'package/packages/dbt-core/' 'legacy dbt-core package'
|
|
92
|
+
forbid_prefix 'package/packages/[^/]*/fixtures/' 'workspace fixtures'
|
|
93
|
+
forbid_prefix 'package/packages/[^/]*/package\.json$' 'workspace package metadata'
|
|
94
|
+
forbid_prefix 'package/site/' 'site'
|
|
95
|
+
forbid_prefix 'package/templates/hosted-receiver/' 'hosted receiver template'
|
|
96
|
+
|
|
97
|
+
echo "release-pack-canary: ok $(basename "$TGZ") files=$FILE_COUNT budget=$MAX_FILES"
|
|
@@ -0,0 +1,249 @@
|
|
|
1
|
+
#!/bin/sh
|
|
2
|
+
# Fail if release-hostile local/private markers are committed.
|
|
3
|
+
set -eu
|
|
4
|
+
|
|
5
|
+
ROOT=$(CDPATH= cd -- "$(dirname -- "$0")/.." && pwd)
|
|
6
|
+
|
|
7
|
+
if ! command -v rg >/dev/null 2>&1; then
|
|
8
|
+
echo "release-scan requires rg" >&2
|
|
9
|
+
exit 2
|
|
10
|
+
fi
|
|
11
|
+
|
|
12
|
+
forbidden_path='/'"Users/"
|
|
13
|
+
forbidden_name='justine'"massawe"
|
|
14
|
+
old_repo_name='discipline-'"control"
|
|
15
|
+
pattern="(${forbidden_path}|${forbidden_name}|${old_repo_name})"
|
|
16
|
+
|
|
17
|
+
if rg -n --hidden --glob '!.git' --glob '!.git/**' --glob '!_worktrees/**' --glob '!node_modules/**' --glob '!bun.lock' "$pattern" "$ROOT"; then
|
|
18
|
+
echo "release-scan: found forbidden local/private marker" >&2
|
|
19
|
+
exit 1
|
|
20
|
+
fi
|
|
21
|
+
|
|
22
|
+
vanilla_root="$ROOT/templates/etiquette-vanilla-v0"
|
|
23
|
+
github_actions_root="$ROOT/templates/github-actions"
|
|
24
|
+
seat_packs_root="$ROOT/templates/seat-packs-v0"
|
|
25
|
+
control_src_root="$ROOT/packages/control/src"
|
|
26
|
+
protocol_src_root="$ROOT/packages/protocol/src"
|
|
27
|
+
shop_marker_pattern="(El""sa|7""ven|Za""ch|bo""ss|Bo""ss)"
|
|
28
|
+
prior_run_pattern="(El""sa|7""ven|Za""ch|bo""ss|Bo""ss|ale-""felicity|codex-spark-""ale-seat|felicity-""review-seat|v3-""handshake|V3-""SCR|LMS-""SCR|bus""://|claude""logs|last""talk\.log|last""miles\.log|karp""athy|lee""pick|LP-""SCR)"
|
|
29
|
+
|
|
30
|
+
allowed_docs='docs/README.md
|
|
31
|
+
docs/ARCHITECTURE.md
|
|
32
|
+
docs/MANAGED_RUNTIME_COMPATIBILITY.md
|
|
33
|
+
docs/CODEX_CLIENT_COMPATIBILITY.md
|
|
34
|
+
docs/CONCEPTS.md
|
|
35
|
+
docs/CONCEPT_STATUS.md
|
|
36
|
+
docs/CORE_PROFILE.md
|
|
37
|
+
docs/HOSTED_RUNTIME_PARITY.md
|
|
38
|
+
docs/LANE_PROVISIONING.md
|
|
39
|
+
docs/PORTAL.md
|
|
40
|
+
docs/RELEASE_SURFACE_AUDIT.md
|
|
41
|
+
docs/SEAT_DISCIPLINE.md
|
|
42
|
+
docs/SEAT_PROVISIONING.md
|
|
43
|
+
docs/TEAM_HANDOFF.md
|
|
44
|
+
docs/WORKTREE_QOL.md
|
|
45
|
+
docs/work/bus-feed/README.md
|
|
46
|
+
docs/work/consumer-registry/README.md
|
|
47
|
+
docs/contracts/ledger-entry/ledger-entry.v0.2.md
|
|
48
|
+
docs/contracts/ledger-entry/README.md
|
|
49
|
+
docs/contracts/ledger-entry/ledger-query-cli.v0.1.md
|
|
50
|
+
docs/contracts/ledger-entry/ledger-entry.v0.1.md
|
|
51
|
+
docs/contracts/ledger-entry/ledger-entry.v0.md
|
|
52
|
+
docs/work/seats/owner-cards/default-review-seat.yaml'
|
|
53
|
+
|
|
54
|
+
for doc_path in $(find "$ROOT/docs" -type f | sed "s#^$ROOT/##" | sort); do
|
|
55
|
+
if ! printf '%s\n' "$allowed_docs" | grep -qx "$doc_path"; then
|
|
56
|
+
echo "release-scan: unexpected all-dev docs file: $doc_path" >&2
|
|
57
|
+
exit 1
|
|
58
|
+
fi
|
|
59
|
+
done
|
|
60
|
+
|
|
61
|
+
allowed_templates='templates/etiquette-vanilla-v0
|
|
62
|
+
templates/github-actions
|
|
63
|
+
templates/seat-packs-v0'
|
|
64
|
+
|
|
65
|
+
for template_path in $(find "$ROOT/templates" -mindepth 1 -maxdepth 1 -type d | sed "s#^$ROOT/##" | sort); do
|
|
66
|
+
if ! printf '%s\n' "$allowed_templates" | grep -qx "$template_path"; then
|
|
67
|
+
echo "release-scan: unexpected public template directory: $template_path" >&2
|
|
68
|
+
exit 1
|
|
69
|
+
fi
|
|
70
|
+
done
|
|
71
|
+
|
|
72
|
+
allowed_scripts='scripts/release-checksum.sh
|
|
73
|
+
scripts/install.sh
|
|
74
|
+
scripts/uninstall.sh
|
|
75
|
+
scripts/release-candidate-verify.sh
|
|
76
|
+
scripts/release-pack-canary.sh
|
|
77
|
+
scripts/release-scan.sh
|
|
78
|
+
scripts/release-sign.sh'
|
|
79
|
+
|
|
80
|
+
for script_path in $(find "$ROOT/scripts" -type f | sed "s#^$ROOT/##" | sort); do
|
|
81
|
+
if ! printf '%s\n' "$allowed_scripts" | grep -qx "$script_path"; then
|
|
82
|
+
echo "release-scan: unexpected public script: $script_path" >&2
|
|
83
|
+
exit 1
|
|
84
|
+
fi
|
|
85
|
+
sh -n "$ROOT/$script_path"
|
|
86
|
+
done
|
|
87
|
+
|
|
88
|
+
allowed_bins='bin/etiquette
|
|
89
|
+
bin/etiquette-core'
|
|
90
|
+
|
|
91
|
+
for bin_path in $(find "$ROOT/bin" -type f | sed "s#^$ROOT/##" | sort); do
|
|
92
|
+
if ! printf '%s\n' "$allowed_bins" | grep -qx "$bin_path"; then
|
|
93
|
+
echo "release-scan: unexpected public executable: $bin_path" >&2
|
|
94
|
+
exit 1
|
|
95
|
+
fi
|
|
96
|
+
sh -n "$ROOT/$bin_path"
|
|
97
|
+
done
|
|
98
|
+
|
|
99
|
+
default_surface_files="$ROOT/README.md
|
|
100
|
+
$ROOT/QuickStart.md
|
|
101
|
+
$ROOT/AGENTS.md
|
|
102
|
+
$ROOT/docs/README.md
|
|
103
|
+
$ROOT/docs/ARCHITECTURE.md
|
|
104
|
+
$ROOT/docs/CONCEPTS.md
|
|
105
|
+
$ROOT/docs/CONCEPT_STATUS.md
|
|
106
|
+
$ROOT/docs/LANE_PROVISIONING.md
|
|
107
|
+
$ROOT/docs/SEAT_DISCIPLINE.md
|
|
108
|
+
$ROOT/docs/SEAT_PROVISIONING.md
|
|
109
|
+
$ROOT/docs/WORKTREE_QOL.md
|
|
110
|
+
$ROOT/templates/etiquette-vanilla-v0/README.md"
|
|
111
|
+
|
|
112
|
+
if rg -n 'internal/docs' $default_surface_files; then
|
|
113
|
+
echo "release-scan: found maintainer-doc path in default onboarding surface" >&2
|
|
114
|
+
exit 1
|
|
115
|
+
fi
|
|
116
|
+
|
|
117
|
+
if command -v git >/dev/null 2>&1 && git -C "$ROOT" rev-parse --is-inside-work-tree >/dev/null 2>&1; then
|
|
118
|
+
tracked_forbidden=$(
|
|
119
|
+
git -C "$ROOT" ls-files \
|
|
120
|
+
'.etiquette/**' \
|
|
121
|
+
'.llm-substrate/**' \
|
|
122
|
+
'site/public/fonts/**' \
|
|
123
|
+
'*.woff' \
|
|
124
|
+
'*.woff2' \
|
|
125
|
+
'*.ttf' \
|
|
126
|
+
'*.otf' \
|
|
127
|
+
|| true
|
|
128
|
+
)
|
|
129
|
+
if [ -n "$tracked_forbidden" ]; then
|
|
130
|
+
echo "$tracked_forbidden" >&2
|
|
131
|
+
echo "release-scan: tracked release-hostile local state or font assets" >&2
|
|
132
|
+
exit 1
|
|
133
|
+
fi
|
|
134
|
+
fi
|
|
135
|
+
|
|
136
|
+
if rg -n "$prior_run_pattern" \
|
|
137
|
+
"$ROOT/README.md" \
|
|
138
|
+
"$ROOT/QuickStart.md" \
|
|
139
|
+
"$ROOT/AGENTS.md" \
|
|
140
|
+
"$ROOT/docs" \
|
|
141
|
+
"$ROOT/scripts" \
|
|
142
|
+
"$control_src_root" \
|
|
143
|
+
"$protocol_src_root" \
|
|
144
|
+
"$vanilla_root" \
|
|
145
|
+
"$github_actions_root" \
|
|
146
|
+
"$seat_packs_root"; then
|
|
147
|
+
echo "release-scan: found prior-run marker in all-dev onboarding surface" >&2
|
|
148
|
+
exit 1
|
|
149
|
+
fi
|
|
150
|
+
|
|
151
|
+
third_party_concept_pattern="\bC""MA\b"
|
|
152
|
+
if rg -n "$third_party_concept_pattern" \
|
|
153
|
+
--glob '!**/HOSTED_RUNTIME_PARITY.md' \
|
|
154
|
+
--glob '!**/src/mcp/**' \
|
|
155
|
+
"$ROOT/README.md" \
|
|
156
|
+
"$ROOT/QuickStart.md" \
|
|
157
|
+
"$ROOT/AGENTS.md" \
|
|
158
|
+
"$ROOT/docs" \
|
|
159
|
+
"$ROOT/scripts" \
|
|
160
|
+
"$control_src_root" \
|
|
161
|
+
"$protocol_src_root" \
|
|
162
|
+
"$vanilla_root" \
|
|
163
|
+
"$github_actions_root" \
|
|
164
|
+
"$seat_packs_root"; then
|
|
165
|
+
echo "release-scan: found third-party concept marker in all-dev onboarding surface" >&2
|
|
166
|
+
exit 1
|
|
167
|
+
fi
|
|
168
|
+
|
|
169
|
+
if command -v git >/dev/null 2>&1 && git -C "$ROOT" rev-parse --is-inside-work-tree >/dev/null 2>&1; then
|
|
170
|
+
archive_bad=$(
|
|
171
|
+
git -C "$ROOT" archive --worktree-attributes --format=tar HEAD \
|
|
172
|
+
| tar -tf - \
|
|
173
|
+
| sed 's#^\./##' \
|
|
174
|
+
| grep -E '^(\.etiquette/|\.llm-substrate/|apps/|conformance/|dist/|fixtures/|internal/|site/)' \
|
|
175
|
+
|| true
|
|
176
|
+
)
|
|
177
|
+
if [ -n "$archive_bad" ]; then
|
|
178
|
+
echo "$archive_bad" >&2
|
|
179
|
+
echo "release-scan: source archive includes maintainer-only or generated surfaces" >&2
|
|
180
|
+
exit 1
|
|
181
|
+
fi
|
|
182
|
+
fi
|
|
183
|
+
|
|
184
|
+
check_max_lines() {
|
|
185
|
+
rel=$1
|
|
186
|
+
max=$2
|
|
187
|
+
lines=$(wc -l < "$ROOT/$rel" | tr -d ' ')
|
|
188
|
+
if [ "$lines" -gt "$max" ]; then
|
|
189
|
+
echo "release-scan: $rel has $lines lines; max allowed for onboarding surface is $max" >&2
|
|
190
|
+
exit 1
|
|
191
|
+
fi
|
|
192
|
+
}
|
|
193
|
+
|
|
194
|
+
check_max_lines "README.md" 80
|
|
195
|
+
check_max_lines "QuickStart.md" 95
|
|
196
|
+
check_max_lines "AGENTS.md" 45
|
|
197
|
+
check_max_lines "docs/README.md" 30
|
|
198
|
+
check_max_lines "docs/ARCHITECTURE.md" 100
|
|
199
|
+
check_max_lines "docs/CODEX_CLIENT_COMPATIBILITY.md" 85
|
|
200
|
+
check_max_lines "docs/CONCEPTS.md" 130
|
|
201
|
+
check_max_lines "docs/CONCEPT_STATUS.md" 75
|
|
202
|
+
check_max_lines "docs/CORE_PROFILE.md" 95
|
|
203
|
+
check_max_lines "docs/SEAT_DISCIPLINE.md" 120
|
|
204
|
+
check_max_lines "docs/SEAT_PROVISIONING.md" 100
|
|
205
|
+
check_max_lines "docs/TEAM_HANDOFF.md" 190
|
|
206
|
+
check_max_lines "docs/WORKTREE_QOL.md" 100
|
|
207
|
+
check_max_lines "docs/RELEASE_SURFACE_AUDIT.md" 160
|
|
208
|
+
check_max_lines "templates/etiquette-vanilla-v0/README.md" 70
|
|
209
|
+
check_max_lines "templates/github-actions/README.md" 70
|
|
210
|
+
check_max_lines "templates/github-actions/w1-webhook-wake-canary.yml" 130
|
|
211
|
+
check_max_lines "templates/seat-packs-v0/README.md" 90
|
|
212
|
+
|
|
213
|
+
normalize_words() {
|
|
214
|
+
tr ' ' '\n' | sed '/^$/d' | sort | tr '\n' ' ' | sed 's/ $//'
|
|
215
|
+
}
|
|
216
|
+
|
|
217
|
+
seat_types=$(sed -n 's/^ \([a-z0-9-]*\)) src=.*$/\1/p' "$seat_packs_root/bin/provision-seat" | normalize_words)
|
|
218
|
+
|
|
219
|
+
check_seat_pack_catalog() {
|
|
220
|
+
rel=$1
|
|
221
|
+
found=$(rg -o 'provision-seat [a-z0-9-]+' "$ROOT/$rel" | sed 's/provision-seat //' | grep -v '^auto$' | normalize_words)
|
|
222
|
+
if [ "$found" != "$seat_types" ]; then
|
|
223
|
+
echo "release-scan: $rel seat-pack list '$found' does not match provision-seat '$seat_types'" >&2
|
|
224
|
+
exit 1
|
|
225
|
+
fi
|
|
226
|
+
}
|
|
227
|
+
|
|
228
|
+
check_seat_pack_catalog "README.md"
|
|
229
|
+
check_seat_pack_catalog "QuickStart.md"
|
|
230
|
+
check_seat_pack_catalog "docs/SEAT_PROVISIONING.md"
|
|
231
|
+
check_seat_pack_catalog "templates/etiquette-vanilla-v0/README.md"
|
|
232
|
+
check_seat_pack_catalog "templates/seat-packs-v0/README.md"
|
|
233
|
+
|
|
234
|
+
if [ -d "$vanilla_root" ] && rg -n "$shop_marker_pattern" "$vanilla_root"; then
|
|
235
|
+
echo "release-scan: found shop marker in vanilla package" >&2
|
|
236
|
+
exit 1
|
|
237
|
+
fi
|
|
238
|
+
|
|
239
|
+
if [ -d "$seat_packs_root" ] && rg -n "$shop_marker_pattern" "$seat_packs_root"; then
|
|
240
|
+
echo "release-scan: found shop marker in seat packs package" >&2
|
|
241
|
+
exit 1
|
|
242
|
+
fi
|
|
243
|
+
|
|
244
|
+
if [ -d "$ROOT/templates/hosted-receiver" ]; then
|
|
245
|
+
echo "release-scan: hosted receiver template belongs outside thin devkit" >&2
|
|
246
|
+
exit 1
|
|
247
|
+
fi
|
|
248
|
+
|
|
249
|
+
echo "release-scan: ok"
|
|
@@ -0,0 +1,34 @@
|
|
|
1
|
+
#!/bin/sh
|
|
2
|
+
# Sign the checksum manifest when an operator provides a release signing key.
|
|
3
|
+
set -eu
|
|
4
|
+
|
|
5
|
+
ROOT=$(CDPATH= cd -- "$(dirname -- "$0")/.." && pwd)
|
|
6
|
+
CHECKSUMS="$ROOT/dist/SHA256SUMS"
|
|
7
|
+
|
|
8
|
+
if [ ! -f "$CHECKSUMS" ]; then
|
|
9
|
+
echo "release-sign: missing dist/SHA256SUMS; run npm run release:checksum first" >&2
|
|
10
|
+
exit 1
|
|
11
|
+
fi
|
|
12
|
+
|
|
13
|
+
if [ -n "${ETIQUETTE_RELEASE_SIGNING_KEY:-}" ]; then
|
|
14
|
+
if [ ! -f "$ETIQUETTE_RELEASE_SIGNING_KEY" ]; then
|
|
15
|
+
echo "release-sign: ETIQUETTE_RELEASE_SIGNING_KEY does not point to a file" >&2
|
|
16
|
+
exit 1
|
|
17
|
+
fi
|
|
18
|
+
openssl dgst -sha256 -sign "$ETIQUETTE_RELEASE_SIGNING_KEY" -out "$CHECKSUMS.sig" "$CHECKSUMS"
|
|
19
|
+
printf 'method=openssl-rsa-sha256\nsigned_ref=dist/SHA256SUMS.sig\n' > "$ROOT/dist/SIGNATURE_MANIFEST.txt"
|
|
20
|
+
rm -f "$ROOT/dist/SIGNATURE_REQUIRED.txt"
|
|
21
|
+
echo "release-sign: wrote dist/SHA256SUMS.sig"
|
|
22
|
+
exit 0
|
|
23
|
+
fi
|
|
24
|
+
|
|
25
|
+
cat > "$ROOT/dist/SIGNATURE_REQUIRED.txt" <<'MSG'
|
|
26
|
+
Release signing was not performed.
|
|
27
|
+
|
|
28
|
+
Set ETIQUETTE_RELEASE_SIGNING_KEY to an operator-held private key file, then rerun:
|
|
29
|
+
|
|
30
|
+
npm run release:sign
|
|
31
|
+
MSG
|
|
32
|
+
|
|
33
|
+
echo "release-sign: signing key missing; wrote dist/SIGNATURE_REQUIRED.txt" >&2
|
|
34
|
+
exit 1
|
|
@@ -11,7 +11,7 @@ default_surface:
|
|
|
11
11
|
```
|
|
12
12
|
|
|
13
13
|
It does not create runtime seats, product repos, backplanes, hosted services, dashboards, or sample products.
|
|
14
|
-
It starts unauthenticated
|
|
14
|
+
It starts local and unauthenticated. Seat identity, readiness, and task authority stay in the local workflow records.
|
|
15
15
|
|
|
16
16
|
## Quick Start
|
|
17
17
|
|
|
@@ -23,7 +23,6 @@ sh /tmp/etiquette-start/validate-vanilla.sh
|
|
|
23
23
|
```
|
|
24
24
|
|
|
25
25
|
The first person who claims the stamped `control-seat` reports readiness before assigning work.
|
|
26
|
-
For restricted seats, change the secure profile, add provider-derived policy/claims, then run `sh source/control-seat/bin/access-assurance-check`.
|
|
27
26
|
|
|
28
27
|
## Local Receipt Proof
|
|
29
28
|
|
|
@@ -55,7 +54,7 @@ cannot:
|
|
|
55
54
|
- clone product repos before assignment
|
|
56
55
|
- bypass validation
|
|
57
56
|
- treat chat as evidence
|
|
58
|
-
- grant
|
|
57
|
+
- grant authority from local profile metadata
|
|
59
58
|
```
|
|
60
59
|
|
|
61
60
|
Provision these later only after the control seat grants them:
|
|
@@ -8,9 +8,3 @@ For local-only proof, append events with `bin/local-event` and compact them with
|
|
|
8
8
|
|
|
9
9
|
Inside a live runtime session, run `bin/session-init` after `bin/seat-init`
|
|
10
10
|
to prepare the local ledger, receipts, tasks, outbox, and session state.
|
|
11
|
-
|
|
12
|
-
Access assurance is explicit and optional. The default profile is
|
|
13
|
-
`docs/work/access/workspace-secure-profile.v0.json` with `mode: open`. Run
|
|
14
|
-
`bin/access-assurance-check` before routing restricted seats, and switch to
|
|
15
|
-
`screening-warn`, `screening-enforced`, or `enterprise-reactor` only when the
|
|
16
|
-
workspace actually needs provider-backed screening.
|
|
@@ -5,16 +5,11 @@ ROOT=$(CDPATH= cd -- "$(dirname -- "$0")/.." && pwd)
|
|
|
5
5
|
|
|
6
6
|
test -f "$ROOT/.llm-substrate/HANDOFF.md"
|
|
7
7
|
test -f "$ROOT/docs/work/ledger/LEDGER.md"
|
|
8
|
-
test -f "$ROOT/docs/work/access/workspace-secure-profile.v0.json"
|
|
9
|
-
test -f "$ROOT/docs/work/access/ACCESS-ASSURANCE.md"
|
|
10
8
|
test -f "$ROOT/docs/work/playbacks/PLAYBACK_TEMPLATE.md"
|
|
11
9
|
test -f "$ROOT/docs/work/tasks/CONTROL-001.yaml"
|
|
12
10
|
test -d "$ROOT/docs/work/receipts"
|
|
13
|
-
test -f "$ROOT/bin/access-assurance-check"
|
|
14
11
|
test -f "$ROOT/bin/session-init"
|
|
15
12
|
test -f "$ROOT/bin/local-event"
|
|
16
13
|
test -f "$ROOT/bin/compact-local-events"
|
|
17
14
|
|
|
18
|
-
sh "$ROOT/bin/access-assurance-check" >/dev/null
|
|
19
|
-
|
|
20
15
|
echo "control-seat: ok"
|
|
@@ -7,22 +7,17 @@ test -f "$ROOT/README.md"
|
|
|
7
7
|
test -d "$ROOT/source/etiquette-kernel"
|
|
8
8
|
test -d "$ROOT/source/control-seat"
|
|
9
9
|
grep -Fq ".etiquette/events/*.ndjson" "$ROOT/source/control-seat/.gitignore"
|
|
10
|
-
grep -q '"schema": "workspace-secure-profile.v0"' "$ROOT/source/control-seat/docs/work/access/workspace-secure-profile.v0.json"
|
|
11
|
-
grep -q '"mode": "open"' "$ROOT/source/control-seat/docs/work/access/workspace-secure-profile.v0.json"
|
|
12
|
-
grep -q "enterprise-reactor" "$ROOT/source/control-seat/docs/work/access/ACCESS-ASSURANCE.md"
|
|
13
10
|
grep -q "Controlled drills require one operator approval per drill" "$ROOT/source/etiquette-kernel/contracts/playback.v0.md"
|
|
14
11
|
grep -q "batch_approval_allowed: false" "$ROOT/source/control-seat/docs/work/playbacks/PLAYBACK_TEMPLATE.md"
|
|
15
12
|
|
|
16
13
|
sh "$ROOT/source/etiquette-kernel/bin/kernel-doctor"
|
|
17
14
|
sh "$ROOT/source/control-seat/bin/seat-doctor"
|
|
18
|
-
sh "$ROOT/source/control-seat/bin/access-assurance-check" | grep -q "mode=open"
|
|
19
15
|
|
|
20
16
|
tmp_root=$(mktemp -d "${TMPDIR:-/tmp}/etiquette-vanilla-compact.XXXXXX")
|
|
21
17
|
trap 'rm -rf "$tmp_root"' EXIT
|
|
22
18
|
|
|
23
19
|
cp -R "$ROOT/source/control-seat/." "$tmp_root/control-seat/"
|
|
24
20
|
sh "$tmp_root/control-seat/bin/seat-init" --execution-seat control-seat >/dev/null
|
|
25
|
-
sh "$tmp_root/control-seat/bin/access-assurance-check" | grep -q "mode=open"
|
|
26
21
|
sh "$tmp_root/control-seat/bin/session-init" --task-id SESSION-INIT --operator local-operator >/tmp/session-init.out
|
|
27
22
|
test -f "$tmp_root/control-seat/.etiquette/state/session.json"
|
|
28
23
|
grep -q "session_opened" "$tmp_root/control-seat/docs/work/ledger/LEDGER.md"
|
|
@@ -62,8 +62,9 @@ project head-start surfaces before pickup:
|
|
|
62
62
|
- `docs/work/manuals/SEAT_OPERATING_MANUAL.md`
|
|
63
63
|
- `docs/work/cookbooks/ADD_A_LANE.md` when routing work
|
|
64
64
|
|
|
65
|
-
|
|
66
|
-
|
|
65
|
+
After interrupted sessions, cwd/worktree ambiguity, role changes, or vendor
|
|
66
|
+
swaps, rerun `whereami`, `doctor`, and `notify poll` before pickup.
|
|
67
|
+
Lifecycle/readiness checks are evidence only; they do not authorize work.
|
|
67
68
|
|
|
68
69
|
## Validate Catalog
|
|
69
70
|
|
|
@@ -14,32 +14,6 @@ Before pickup in the target project, read:
|
|
|
14
14
|
4. `docs/work/manuals/SEAT_OPERATING_MANUAL.md`
|
|
15
15
|
5. `docs/work/cookbooks/ADD_A_LANE.md` when routing new work
|
|
16
16
|
|
|
17
|
-
|
|
18
|
-
|
|
19
|
-
evidence only; the task envelope is the work authority.
|
|
20
|
-
|
|
21
|
-
## Claude Code QoL
|
|
22
|
-
|
|
23
|
-
**Monitoring posture (push vs pull):**
|
|
24
|
-
|
|
25
|
-
- Default OFF. A solo seat has no counterpart returns to catch — poll on
|
|
26
|
-
demand at natural checkpoints (`etiquette notify poll --seat <seat>` after
|
|
27
|
-
dispatching, before gates) instead of arming a watcher.
|
|
28
|
-
- Arm the Monitor tool (push) only when counterpart seats are actively
|
|
29
|
-
working or during a coordination window. Wrap a cursor-based poll loop —
|
|
30
|
-
never `tail -F` an event file from byte 0 (git operations rewrite it and
|
|
31
|
-
replay history).
|
|
32
|
-
- Push and the interactive agents view are mutually exclusive: any
|
|
33
|
-
persistent background task blocks the agents shortcut. Toggle deliberately
|
|
34
|
-
and say which posture you are in.
|
|
35
|
-
|
|
36
|
-
**Context-compaction hazards (Claude Code specific):**
|
|
37
|
-
|
|
38
|
-
- Compaction can silently swap your model. Render the active model in your
|
|
39
|
-
statusline; verify it after every compaction or resume.
|
|
40
|
-
- Re-orient with `etiquette whereami` after compaction — chat memory is not
|
|
41
|
-
a task binding. Durable facts belong in files, not context.
|
|
42
|
-
|
|
43
|
-
**Continuity:** prefer forked subagents for work that must survive your
|
|
44
|
-
session; a plain subagent dies with you. Keep persistent background tasks to
|
|
45
|
-
a minimum — each one is a posture commitment.
|
|
17
|
+
After interrupted sessions, cwd/worktree ambiguity, role changes, or vendor
|
|
18
|
+
swaps, rerun `whereami`, `doctor`, and `notify poll` before pickup. Hooks and
|
|
19
|
+
readiness are evidence only; the task envelope is the work authority.
|
|
@@ -14,23 +14,9 @@ Before pickup in the target project, read:
|
|
|
14
14
|
4. `docs/work/manuals/SEAT_OPERATING_MANUAL.md`
|
|
15
15
|
5. `docs/work/cookbooks/ADD_A_LANE.md` when routing new work
|
|
16
16
|
|
|
17
|
-
|
|
18
|
-
|
|
19
|
-
evidence only; the task envelope is the work authority.
|
|
17
|
+
After interrupted sessions, cwd/worktree ambiguity, role changes, or vendor
|
|
18
|
+
swaps, rerun `whereami`, `doctor`, and `notify poll` before pickup. Hooks and
|
|
19
|
+
readiness are evidence only; the task envelope is the work authority.
|
|
20
20
|
|
|
21
21
|
For bounded, cursor-based wake checks use the portable core command
|
|
22
22
|
`etiquette notify poll --seat <id> --after-seq <n>` instead of raw `tail -F` monitors.
|
|
23
|
-
|
|
24
|
-
## Codex QoL
|
|
25
|
-
|
|
26
|
-
**Runner claims:** one seat, one active runner per task. Before occupying a
|
|
27
|
-
seat another runner may hold, claim explicitly and record your runner id; if
|
|
28
|
-
you find another runner's work in the worktree, preserve it and stand down or
|
|
29
|
-
counter — never overwrite.
|
|
30
|
-
|
|
31
|
-
**Honest substitution:** when your sandbox/safety layer refuses a declared
|
|
32
|
-
command (e.g. a disable-sandbox flag), run the stricter variant and disclose
|
|
33
|
-
the substitution in your return — never silently claim the declared gate ran.
|
|
34
|
-
|
|
35
|
-
**Notifications:** use bounded cursor-based polls (`etiquette notify poll`);
|
|
36
|
-
pair long waits with an explicit re-check cadence in your session notes.
|
|
@@ -14,26 +14,6 @@ Before pickup in the target project, read:
|
|
|
14
14
|
4. `docs/work/manuals/SEAT_OPERATING_MANUAL.md`
|
|
15
15
|
5. `docs/work/cookbooks/ADD_A_LANE.md` when routing new work
|
|
16
16
|
|
|
17
|
-
|
|
18
|
-
|
|
19
|
-
evidence only; the task envelope is the work authority.
|
|
20
|
-
|
|
21
|
-
## Gemini QoL
|
|
22
|
-
|
|
23
|
-
**Role fit:** this seat shines as a divergent-advisory and review seat —
|
|
24
|
-
fast structured review-returns (`confirm_with_amendments` with concrete
|
|
25
|
-
amendments), coverage sweeps, and alternative-angle pressure tests. Treat
|
|
26
|
-
its returns as first-class evidence.
|
|
27
|
-
|
|
28
|
-
**Calibration duties:**
|
|
29
|
-
|
|
30
|
-
- Every claim in a return carries file:line evidence read on the consuming
|
|
31
|
-
surface — speed invites overclaim; evidence is the antidote.
|
|
32
|
-
- Do not act as the sole verifier for promotion-grade claims; pair with a
|
|
33
|
-
second party or an executable check.
|
|
34
|
-
- Keep ledger-facing writes in a plain technical register — schemas, fields,
|
|
35
|
-
checks; metaphors stay in chat.
|
|
36
|
-
|
|
37
|
-
**Notifications:** Claude-style push monitors do not port to this runtime.
|
|
38
|
-
Use bounded cursor-based polls (`etiquette notify poll --seat <seat>`); no
|
|
39
|
-
persistent watchers, no tail-based loops.
|
|
17
|
+
After interrupted sessions, cwd/worktree ambiguity, role changes, or vendor
|
|
18
|
+
swaps, rerun `whereami`, `doctor`, and `notify poll` before pickup. Hooks and
|
|
19
|
+
readiness are evidence only; the task envelope is the work authority.
|
|
@@ -14,6 +14,6 @@ Before pickup in the target project, read:
|
|
|
14
14
|
4. `docs/work/manuals/SEAT_OPERATING_MANUAL.md`
|
|
15
15
|
5. `docs/work/cookbooks/ADD_A_LANE.md` when routing new work
|
|
16
16
|
|
|
17
|
-
|
|
18
|
-
|
|
19
|
-
evidence only; the task envelope is the work authority.
|
|
17
|
+
After interrupted sessions, cwd/worktree ambiguity, role changes, or vendor
|
|
18
|
+
swaps, rerun `whereami`, `doctor`, and `notify poll` before pickup. Hooks and
|
|
19
|
+
readiness are evidence only; the task envelope is the work authority.
|
|
@@ -14,6 +14,6 @@ Before pickup in the target project, read:
|
|
|
14
14
|
4. `docs/work/manuals/SEAT_OPERATING_MANUAL.md`
|
|
15
15
|
5. `docs/work/cookbooks/ADD_A_LANE.md` when routing new work
|
|
16
16
|
|
|
17
|
-
|
|
18
|
-
|
|
19
|
-
evidence only; the task envelope is the work authority.
|
|
17
|
+
After interrupted sessions, cwd/worktree ambiguity, role changes, or vendor
|
|
18
|
+
swaps, rerun `whereami`, `doctor`, and `notify poll` before pickup. Hooks and
|
|
19
|
+
readiness are evidence only; the task envelope is the work authority.
|