@t275005746/gse 0.1.0 → 0.1.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/.github/ISSUE_TEMPLATE/bug_report.yml +42 -42
- package/.github/ISSUE_TEMPLATE/change_request.yml +50 -50
- package/.github/ISSUE_TEMPLATE/config.yml +5 -5
- package/.github/PULL_REQUEST_TEMPLATE.md +38 -38
- package/.github/workflows/validate-gse.yml +33 -33
- package/.gse/README.md +18 -18
- package/.gse/gse-development-protocol.md +50 -50
- package/.gse/project-profile.md +29 -29
- package/.gse/quality-gates.md +25 -25
- package/.gse/releases/public-registry-publication-npm.md +49 -0
- package/.gse/releases/public-release-owner-required.md +65 -65
- package/.gse/releases/public-security-contact-owner-required.md +45 -45
- package/.gse/state.json +3 -4
- package/CHANGELOG.md +24 -24
- package/CONTRIBUTING.md +64 -64
- package/LICENSE +21 -21
- package/README.md +1 -1
- package/README.zh-CN.md +1 -1
- package/SECURITY.md +41 -41
- package/SUPPORT.md +38 -38
- package/assets/marketplace/README.md +7 -7
- package/assets/marketplace/gse-listing.json +75 -75
- package/assets/templates/acceptance-execution-packet.md +73 -73
- package/assets/templates/adr.md +14 -14
- package/assets/templates/change-brief.md +16 -16
- package/assets/templates/design.md +18 -18
- package/assets/templates/dispatch-packet.md +104 -104
- package/assets/templates/evidence.md +14 -14
- package/assets/templates/execution-quality-pack.md +65 -65
- package/assets/templates/goal-map.md +21 -21
- package/assets/templates/host-adapter.md +48 -48
- package/assets/templates/host-ui-invocation-record.md +42 -42
- package/assets/templates/incident-review.md +60 -60
- package/assets/templates/public-channel-publication-record.md +49 -49
- package/assets/templates/public-ci-run-record.md +53 -53
- package/assets/templates/public-release-record.md +65 -65
- package/assets/templates/public-repository-settings-record.md +59 -59
- package/assets/templates/public-security-contact-record.md +45 -45
- package/assets/templates/release-trust-record.md +32 -32
- package/assets/templates/review.md +18 -18
- package/assets/templates/spec.md +16 -16
- package/assets/templates/target-adoption-evidence.md +29 -29
- package/assets/templates/tasks.md +17 -17
- package/assets/templates/update-release-acceptance-record.md +58 -58
- package/examples/README.md +22 -22
- package/examples/agent-runtime-host/.claude/gse-adapter.md +6 -6
- package/examples/agent-runtime-host/.codex/gse-adapter.md +7 -7
- package/examples/agent-runtime-host/.gse/goal-map.md +7 -7
- package/examples/agent-runtime-host/.gse/project-profile.md +27 -27
- package/examples/agent-runtime-host/.gse/tooling.md +5 -5
- package/examples/agent-runtime-host/.mcp.json +9 -9
- package/examples/agent-runtime-host/AGENTS.md +5 -5
- package/examples/agent-runtime-host/README.md +10 -10
- package/examples/agent-runtime-host/docs/model-routing.md +5 -5
- package/examples/cli-tool/.gse/project-profile.md +21 -21
- package/examples/cli-tool/AGENTS.md +5 -5
- package/examples/cli-tool/README.md +12 -12
- package/examples/cli-tool/package.json +21 -21
- package/examples/small-app/.env.example +2 -2
- package/examples/small-app/.github/workflows/ci.yml +8 -8
- package/examples/small-app/AGENTS.md +5 -5
- package/examples/small-app/README.md +12 -12
- package/examples/small-app/package.json +26 -26
- package/examples/small-app/playwright.config.ts +4 -4
- package/package.json +53 -53
- package/references/adoption-recipes.md +171 -171
- package/references/agent-roles.md +49 -49
- package/references/architecture-health.md +101 -101
- package/references/benchmark-audit.md +73 -73
- package/references/community-channels.md +46 -46
- package/references/compatibility.md +70 -70
- package/references/design-basis.md +38 -38
- package/references/domain-model.md +129 -129
- package/references/domain-quality-gates.md +75 -75
- package/references/drift-audit.md +81 -81
- package/references/evidence-taxonomy.md +123 -123
- package/references/file-ownership.md +107 -107
- package/references/final-readiness.md +84 -84
- package/references/forward-test.md +133 -133
- package/references/goal-map.md +36 -36
- package/references/host-adapters.md +119 -119
- package/references/learning-system.md +35 -35
- package/references/marketplace-discovery.md +46 -46
- package/references/model-routing.md +103 -103
- package/references/open-source-defaults.md +39 -39
- package/references/operating-model.md +52 -52
- package/references/packaging.md +277 -277
- package/references/project-agent-workspace.md +89 -89
- package/references/project-bootstrap.md +122 -122
- package/references/project-profile.md +57 -57
- package/references/public-release.md +174 -174
- package/references/quality-gates.md +100 -100
- package/references/recovery.md +176 -176
- package/references/release-trust.md +43 -43
- package/references/release.md +126 -126
- package/references/review.md +141 -141
- package/references/router.md +90 -90
- package/references/spec-workflow.md +66 -66
- package/references/task-levels.md +81 -81
- package/references/tool-adapters.md +73 -73
- package/scripts/audit-acceptance-execution-packet.mjs +133 -133
- package/scripts/audit-adoption-recipes.mjs +99 -99
- package/scripts/audit-change-lifecycle.mjs +77 -77
- package/scripts/audit-change-system.mjs +134 -134
- package/scripts/audit-ci-readiness.mjs +107 -107
- package/scripts/audit-close-gate.mjs +323 -323
- package/scripts/audit-command-adapters.mjs +91 -91
- package/scripts/audit-command-execution.mjs +210 -210
- package/scripts/audit-compatibility.mjs +149 -149
- package/scripts/audit-completion-readiness.mjs +292 -292
- package/scripts/audit-distribution.mjs +251 -251
- package/scripts/audit-domain-quality-gates.mjs +108 -108
- package/scripts/audit-evidence-placeholders.mjs +126 -126
- package/scripts/audit-final-readiness-promotion.mjs +255 -255
- package/scripts/audit-final-readiness.mjs +226 -226
- package/scripts/audit-fixtures.mjs +154 -154
- package/scripts/audit-fresh-session-readiness.mjs +177 -177
- package/scripts/audit-host-runtime-evidence-handoff.mjs +159 -159
- package/scripts/audit-host-runtime-invocation-drill.mjs +240 -240
- package/scripts/audit-host-runtime-invocations.mjs +254 -254
- package/scripts/audit-host-ui-invocation.mjs +132 -132
- package/scripts/audit-marketplace-discovery.mjs +122 -122
- package/scripts/audit-npm-package-metadata.mjs +155 -155
- package/scripts/audit-npm-publish-dry-run.mjs +191 -169
- package/scripts/audit-npm-tarball-install.mjs +191 -191
- package/scripts/audit-open-source-defaults.mjs +92 -92
- package/scripts/audit-open-source-readiness.mjs +97 -97
- package/scripts/audit-project.mjs +138 -138
- package/scripts/audit-public-acceptance-command-dry-run-drill.mjs +203 -203
- package/scripts/audit-public-acceptance-readiness.mjs +224 -224
- package/scripts/audit-public-channel-publication.mjs +248 -248
- package/scripts/audit-public-ci-run.mjs +184 -184
- package/scripts/audit-public-collaboration-templates.mjs +98 -98
- package/scripts/audit-public-external-gate-probe.mjs +206 -206
- package/scripts/audit-public-release-decision.mjs +201 -201
- package/scripts/audit-public-release-metadata.mjs +176 -176
- package/scripts/audit-public-repository-settings.mjs +237 -237
- package/scripts/audit-public-security-contact.mjs +171 -171
- package/scripts/audit-readme-docs.mjs +6 -4
- package/scripts/audit-recovery-readiness.mjs +98 -98
- package/scripts/audit-release-readiness.mjs +106 -106
- package/scripts/audit-release-trust.mjs +62 -62
- package/scripts/audit-remote-distribution.mjs +266 -266
- package/scripts/audit-roadmap-consistency.mjs +235 -235
- package/scripts/audit-signing.mjs +147 -147
- package/scripts/audit-state-freshness.mjs +14 -9
- package/scripts/audit-target-adoption-evidence.mjs +117 -117
- package/scripts/audit-target-project.mjs +507 -507
- package/scripts/audit-update-release-acceptance.mjs +136 -136
- package/scripts/audit-v1-target-validation.mjs +269 -269
- package/scripts/audit-validation-profiles.mjs +125 -125
- package/scripts/close-change.mjs +116 -116
- package/scripts/discover-project-profile.mjs +307 -307
- package/scripts/generate-command-adapter.mjs +231 -231
- package/scripts/generate-final-acceptance-packet.mjs +181 -181
- package/scripts/generate-final-form-progress-report.mjs +205 -205
- package/scripts/generate-host-runtime-evidence-handoff.mjs +206 -206
- package/scripts/generate-owner-external-gate-kit.mjs +295 -295
- package/scripts/generate-public-acceptance-handoff.mjs +168 -168
- package/scripts/generate-public-release-checklist.mjs +207 -207
- package/scripts/generate-release-bundle.mjs +505 -505
- package/scripts/generate-release-owner-action-plan.mjs +172 -172
- package/scripts/generate-release-status-manifest.mjs +200 -200
- package/scripts/generate-session-prompt.mjs +188 -188
- package/scripts/gse.mjs +67 -67
- package/scripts/init-change.mjs +265 -265
- package/scripts/init-project.mjs +785 -785
- package/scripts/install-gse.mjs +234 -234
- package/scripts/lib/evidence-placeholders.mjs +28 -28
- package/scripts/package-gse.mjs +174 -174
- package/scripts/probe-public-external-gates.mjs +167 -167
- package/scripts/record-host-invocation.mjs +151 -151
- package/scripts/record-public-channel-publication.mjs +178 -178
- package/scripts/record-public-ci-run.mjs +180 -180
- package/scripts/record-public-release.mjs +175 -175
- package/scripts/record-public-repository-settings.mjs +209 -209
- package/scripts/record-public-security-contact.mjs +157 -157
- package/scripts/sign-gse-package.mjs +83 -83
- package/scripts/update-project-state.mjs +223 -223
- package/scripts/verify-gse-package.mjs +85 -85
|
@@ -1,46 +1,46 @@
|
|
|
1
|
-
# Marketplace Discovery
|
|
2
|
-
|
|
3
|
-
Use this when preparing GSE for a public catalog, skill marketplace, plugin listing, GitHub release page, or internal agent-workflow registry.
|
|
4
|
-
|
|
5
|
-
Discovery metadata should help people find and evaluate GSE without overstating trust.
|
|
6
|
-
|
|
7
|
-
## Required Metadata
|
|
8
|
-
|
|
9
|
-
- Name and display name.
|
|
10
|
-
- Short tagline and summary.
|
|
11
|
-
- Categories and keywords that describe the workflow naturally.
|
|
12
|
-
- Entrypoints for humans and agents.
|
|
13
|
-
- Validation commands.
|
|
14
|
-
- Distribution and signing references.
|
|
15
|
-
- Host support status with honest labels.
|
|
16
|
-
- Boundaries and unverified claims.
|
|
17
|
-
|
|
18
|
-
The canonical local metadata file is:
|
|
19
|
-
|
|
20
|
-
```text
|
|
21
|
-
assets/marketplace/gse-listing.json
|
|
22
|
-
```
|
|
23
|
-
|
|
24
|
-
## Search Language
|
|
25
|
-
|
|
26
|
-
Use normal explanatory language around terms such as agentic engineering, spec-driven development, SDD, AI coding agents, goal maps, evidence gates, OpenSpec-style changes, and Superpowers-style execution. Do not add isolated search-term blocks that read like keyword stuffing.
|
|
27
|
-
|
|
28
|
-
## Trust Boundary
|
|
29
|
-
|
|
30
|
-
Discovery metadata is not marketplace approval.
|
|
31
|
-
|
|
32
|
-
A listing can be:
|
|
33
|
-
|
|
34
|
-
- `result`: drafted metadata exists.
|
|
35
|
-
- `verified`: metadata passes local audit and matches package validation.
|
|
36
|
-
- `accepted`: the target marketplace, catalog owner, or release owner accepts it.
|
|
37
|
-
|
|
38
|
-
## Validation
|
|
39
|
-
|
|
40
|
-
Run:
|
|
41
|
-
|
|
42
|
-
```text
|
|
43
|
-
node <skill>/scripts/audit-marketplace-discovery.mjs --root <skill> --json
|
|
44
|
-
```
|
|
45
|
-
|
|
46
|
-
For release trust, also use `references/release-trust.md`.
|
|
1
|
+
# Marketplace Discovery
|
|
2
|
+
|
|
3
|
+
Use this when preparing GSE for a public catalog, skill marketplace, plugin listing, GitHub release page, or internal agent-workflow registry.
|
|
4
|
+
|
|
5
|
+
Discovery metadata should help people find and evaluate GSE without overstating trust.
|
|
6
|
+
|
|
7
|
+
## Required Metadata
|
|
8
|
+
|
|
9
|
+
- Name and display name.
|
|
10
|
+
- Short tagline and summary.
|
|
11
|
+
- Categories and keywords that describe the workflow naturally.
|
|
12
|
+
- Entrypoints for humans and agents.
|
|
13
|
+
- Validation commands.
|
|
14
|
+
- Distribution and signing references.
|
|
15
|
+
- Host support status with honest labels.
|
|
16
|
+
- Boundaries and unverified claims.
|
|
17
|
+
|
|
18
|
+
The canonical local metadata file is:
|
|
19
|
+
|
|
20
|
+
```text
|
|
21
|
+
assets/marketplace/gse-listing.json
|
|
22
|
+
```
|
|
23
|
+
|
|
24
|
+
## Search Language
|
|
25
|
+
|
|
26
|
+
Use normal explanatory language around terms such as agentic engineering, spec-driven development, SDD, AI coding agents, goal maps, evidence gates, OpenSpec-style changes, and Superpowers-style execution. Do not add isolated search-term blocks that read like keyword stuffing.
|
|
27
|
+
|
|
28
|
+
## Trust Boundary
|
|
29
|
+
|
|
30
|
+
Discovery metadata is not marketplace approval.
|
|
31
|
+
|
|
32
|
+
A listing can be:
|
|
33
|
+
|
|
34
|
+
- `result`: drafted metadata exists.
|
|
35
|
+
- `verified`: metadata passes local audit and matches package validation.
|
|
36
|
+
- `accepted`: the target marketplace, catalog owner, or release owner accepts it.
|
|
37
|
+
|
|
38
|
+
## Validation
|
|
39
|
+
|
|
40
|
+
Run:
|
|
41
|
+
|
|
42
|
+
```text
|
|
43
|
+
node <skill>/scripts/audit-marketplace-discovery.mjs --root <skill> --json
|
|
44
|
+
```
|
|
45
|
+
|
|
46
|
+
For release trust, also use `references/release-trust.md`.
|
|
@@ -1,103 +1,103 @@
|
|
|
1
|
-
# Model Routing
|
|
2
|
-
|
|
3
|
-
Use this when GSE work needs to choose a model, provider, hosted tool, local tool, browser agent, worker, or role-specific agent capability.
|
|
4
|
-
|
|
5
|
-
## Core Rule
|
|
6
|
-
|
|
7
|
-
Route by capability first, then cost, latency, privacy, context size, tool use, reliability, and evidence.
|
|
8
|
-
|
|
9
|
-
Do not hard-code one provider, one model family, or one host as the GSE default. Projects may define preferred providers, but GSE must preserve a portable fallback path.
|
|
10
|
-
|
|
11
|
-
## Capability-First Selection
|
|
12
|
-
|
|
13
|
-
Define the task capability before picking a model:
|
|
14
|
-
|
|
15
|
-
| Capability | Typical use | Routing preference |
|
|
16
|
-
|---|---|---|
|
|
17
|
-
| Fast classification | triage, route selection, small labels | lowest reliable latency/cost |
|
|
18
|
-
| Code location | symbol search, call chains, existing tests | LSP/index/search before stronger model reasoning |
|
|
19
|
-
| Mechanical edit | narrow transforms, boilerplate, local fixes | lower-cost coding-capable model if verification is strong |
|
|
20
|
-
| Implementation | bounded code slice, tests, integration | standard coding model with project context |
|
|
21
|
-
| Architecture/root cause | invariants, multi-file reasoning, debugging | highest-reasoning model available and approved |
|
|
22
|
-
| Review/QA | spec compliance, security, regressions, UI evidence | independent reviewer model or fresh context when risk is high |
|
|
23
|
-
| Long context synthesis | session working set, docs, logs, migration notes | model with adequate context and summarization behavior |
|
|
24
|
-
| Tool/worker execution | browser, shell, MCP, CI, queue, runtime worker | verified host/tool adapter, not just model choice |
|
|
25
|
-
|
|
26
|
-
## Status Vocabulary
|
|
27
|
-
|
|
28
|
-
Keep model availability separate from model behavior.
|
|
29
|
-
|
|
30
|
-
- `documented`: project docs, provider config, or host settings mention the model/tool.
|
|
31
|
-
- `verified`: this session or project evidence ran the model/tool successfully for the relevant capability.
|
|
32
|
-
- `unknown`: no trustworthy evidence yet.
|
|
33
|
-
- `unavailable`: expected model/tool is missing, blocked, failing, or forbidden.
|
|
34
|
-
|
|
35
|
-
A documented model is not verified. A verified chat response does not verify tool use, long context, latency, cost, or privacy behavior.
|
|
36
|
-
|
|
37
|
-
## Routing Inputs
|
|
38
|
-
|
|
39
|
-
Record these in `.gse/project-profile.md`, `.gse/tooling.md`, or a host adapter when relevant:
|
|
40
|
-
|
|
41
|
-
- Provider or host:
|
|
42
|
-
- Model/tool id:
|
|
43
|
-
- Capability:
|
|
44
|
-
- Status: documented | verified | unknown | unavailable
|
|
45
|
-
- Evidence path or command:
|
|
46
|
-
- Cost tier:
|
|
47
|
-
- Latency expectation:
|
|
48
|
-
- Context limit or practical context budget:
|
|
49
|
-
- Tool-use support:
|
|
50
|
-
- Privacy/security boundary:
|
|
51
|
-
- Fallback:
|
|
52
|
-
- Known failure modes:
|
|
53
|
-
|
|
54
|
-
## Decision Order
|
|
55
|
-
|
|
56
|
-
1. Use project-specific routing rules if they exist and do not conflict with current user instruction.
|
|
57
|
-
2. Prefer verified local tools for code location, tests, browser smoke, and CI before spending model reasoning.
|
|
58
|
-
3. Choose the cheapest/fastest model that can satisfy the capability with adequate verification.
|
|
59
|
-
4. Escalate to a stronger model when there is a clear reasoning, context, safety, or integration gap.
|
|
60
|
-
5. Use fresh context for review, QA, or high-risk architecture when current-session context may bias the result.
|
|
61
|
-
6. Fall back to a documented or generic model only when the task risk is low or verification can catch mistakes.
|
|
62
|
-
7. Record residual risk when model behavior is unknown or only structurally verified.
|
|
63
|
-
|
|
64
|
-
## Fallback Rules
|
|
65
|
-
|
|
66
|
-
- If preferred model is unavailable, use the next project-approved model with the same capability class.
|
|
67
|
-
- If tool-use support is unavailable, switch to manual shell/browser/CI verification when possible.
|
|
68
|
-
- If long-context support is unavailable, build a smaller working set and record omitted context.
|
|
69
|
-
- If privacy constraints forbid remote models, use local tools, local models, or ask for a project-approved path.
|
|
70
|
-
- If cost is high, reduce context, split the task, or use lower-tier models for locator/QA roles.
|
|
71
|
-
- Do not claim a fallback preserved quality unless focused evidence proves it.
|
|
72
|
-
|
|
73
|
-
## Evidence Requirements
|
|
74
|
-
|
|
75
|
-
For model routing claims, record:
|
|
76
|
-
|
|
77
|
-
```text
|
|
78
|
-
Capability:
|
|
79
|
-
Chosen model/tool:
|
|
80
|
-
Why this route:
|
|
81
|
-
Status: documented | verified | unknown | unavailable
|
|
82
|
-
Cost/latency notes:
|
|
83
|
-
Context/tool-use notes:
|
|
84
|
-
Privacy/security notes:
|
|
85
|
-
Fallback:
|
|
86
|
-
Evidence:
|
|
87
|
-
Residual risk:
|
|
88
|
-
```
|
|
89
|
-
|
|
90
|
-
## What Not To Do
|
|
91
|
-
|
|
92
|
-
- Do not route all tasks to the strongest model by default.
|
|
93
|
-
- Do not route all tasks to the cheapest model when failure would be expensive.
|
|
94
|
-
- Do not treat provider marketing claims as project evidence.
|
|
95
|
-
- Do not expose secrets, raw provider payloads, hidden reasoning, or private tool traces in user-facing output.
|
|
96
|
-
- Do not confuse model routing with provider adapter implementation.
|
|
97
|
-
|
|
98
|
-
## Project Integration
|
|
99
|
-
|
|
100
|
-
- `references/project-profile.md` records project-approved providers, model/tool ids, privacy limits, and fallback policy.
|
|
101
|
-
- `references/tool-adapters.md` records availability and verification status for host tools and model-backed tools.
|
|
102
|
-
- `references/host-adapters.md` records host-specific model, subagent, MCP, browser, and worker capabilities.
|
|
103
|
-
- `references/evidence-taxonomy.md` decides whether routing evidence is result, verified, or accepted.
|
|
1
|
+
# Model Routing
|
|
2
|
+
|
|
3
|
+
Use this when GSE work needs to choose a model, provider, hosted tool, local tool, browser agent, worker, or role-specific agent capability.
|
|
4
|
+
|
|
5
|
+
## Core Rule
|
|
6
|
+
|
|
7
|
+
Route by capability first, then cost, latency, privacy, context size, tool use, reliability, and evidence.
|
|
8
|
+
|
|
9
|
+
Do not hard-code one provider, one model family, or one host as the GSE default. Projects may define preferred providers, but GSE must preserve a portable fallback path.
|
|
10
|
+
|
|
11
|
+
## Capability-First Selection
|
|
12
|
+
|
|
13
|
+
Define the task capability before picking a model:
|
|
14
|
+
|
|
15
|
+
| Capability | Typical use | Routing preference |
|
|
16
|
+
|---|---|---|
|
|
17
|
+
| Fast classification | triage, route selection, small labels | lowest reliable latency/cost |
|
|
18
|
+
| Code location | symbol search, call chains, existing tests | LSP/index/search before stronger model reasoning |
|
|
19
|
+
| Mechanical edit | narrow transforms, boilerplate, local fixes | lower-cost coding-capable model if verification is strong |
|
|
20
|
+
| Implementation | bounded code slice, tests, integration | standard coding model with project context |
|
|
21
|
+
| Architecture/root cause | invariants, multi-file reasoning, debugging | highest-reasoning model available and approved |
|
|
22
|
+
| Review/QA | spec compliance, security, regressions, UI evidence | independent reviewer model or fresh context when risk is high |
|
|
23
|
+
| Long context synthesis | session working set, docs, logs, migration notes | model with adequate context and summarization behavior |
|
|
24
|
+
| Tool/worker execution | browser, shell, MCP, CI, queue, runtime worker | verified host/tool adapter, not just model choice |
|
|
25
|
+
|
|
26
|
+
## Status Vocabulary
|
|
27
|
+
|
|
28
|
+
Keep model availability separate from model behavior.
|
|
29
|
+
|
|
30
|
+
- `documented`: project docs, provider config, or host settings mention the model/tool.
|
|
31
|
+
- `verified`: this session or project evidence ran the model/tool successfully for the relevant capability.
|
|
32
|
+
- `unknown`: no trustworthy evidence yet.
|
|
33
|
+
- `unavailable`: expected model/tool is missing, blocked, failing, or forbidden.
|
|
34
|
+
|
|
35
|
+
A documented model is not verified. A verified chat response does not verify tool use, long context, latency, cost, or privacy behavior.
|
|
36
|
+
|
|
37
|
+
## Routing Inputs
|
|
38
|
+
|
|
39
|
+
Record these in `.gse/project-profile.md`, `.gse/tooling.md`, or a host adapter when relevant:
|
|
40
|
+
|
|
41
|
+
- Provider or host:
|
|
42
|
+
- Model/tool id:
|
|
43
|
+
- Capability:
|
|
44
|
+
- Status: documented | verified | unknown | unavailable
|
|
45
|
+
- Evidence path or command:
|
|
46
|
+
- Cost tier:
|
|
47
|
+
- Latency expectation:
|
|
48
|
+
- Context limit or practical context budget:
|
|
49
|
+
- Tool-use support:
|
|
50
|
+
- Privacy/security boundary:
|
|
51
|
+
- Fallback:
|
|
52
|
+
- Known failure modes:
|
|
53
|
+
|
|
54
|
+
## Decision Order
|
|
55
|
+
|
|
56
|
+
1. Use project-specific routing rules if they exist and do not conflict with current user instruction.
|
|
57
|
+
2. Prefer verified local tools for code location, tests, browser smoke, and CI before spending model reasoning.
|
|
58
|
+
3. Choose the cheapest/fastest model that can satisfy the capability with adequate verification.
|
|
59
|
+
4. Escalate to a stronger model when there is a clear reasoning, context, safety, or integration gap.
|
|
60
|
+
5. Use fresh context for review, QA, or high-risk architecture when current-session context may bias the result.
|
|
61
|
+
6. Fall back to a documented or generic model only when the task risk is low or verification can catch mistakes.
|
|
62
|
+
7. Record residual risk when model behavior is unknown or only structurally verified.
|
|
63
|
+
|
|
64
|
+
## Fallback Rules
|
|
65
|
+
|
|
66
|
+
- If preferred model is unavailable, use the next project-approved model with the same capability class.
|
|
67
|
+
- If tool-use support is unavailable, switch to manual shell/browser/CI verification when possible.
|
|
68
|
+
- If long-context support is unavailable, build a smaller working set and record omitted context.
|
|
69
|
+
- If privacy constraints forbid remote models, use local tools, local models, or ask for a project-approved path.
|
|
70
|
+
- If cost is high, reduce context, split the task, or use lower-tier models for locator/QA roles.
|
|
71
|
+
- Do not claim a fallback preserved quality unless focused evidence proves it.
|
|
72
|
+
|
|
73
|
+
## Evidence Requirements
|
|
74
|
+
|
|
75
|
+
For model routing claims, record:
|
|
76
|
+
|
|
77
|
+
```text
|
|
78
|
+
Capability:
|
|
79
|
+
Chosen model/tool:
|
|
80
|
+
Why this route:
|
|
81
|
+
Status: documented | verified | unknown | unavailable
|
|
82
|
+
Cost/latency notes:
|
|
83
|
+
Context/tool-use notes:
|
|
84
|
+
Privacy/security notes:
|
|
85
|
+
Fallback:
|
|
86
|
+
Evidence:
|
|
87
|
+
Residual risk:
|
|
88
|
+
```
|
|
89
|
+
|
|
90
|
+
## What Not To Do
|
|
91
|
+
|
|
92
|
+
- Do not route all tasks to the strongest model by default.
|
|
93
|
+
- Do not route all tasks to the cheapest model when failure would be expensive.
|
|
94
|
+
- Do not treat provider marketing claims as project evidence.
|
|
95
|
+
- Do not expose secrets, raw provider payloads, hidden reasoning, or private tool traces in user-facing output.
|
|
96
|
+
- Do not confuse model routing with provider adapter implementation.
|
|
97
|
+
|
|
98
|
+
## Project Integration
|
|
99
|
+
|
|
100
|
+
- `references/project-profile.md` records project-approved providers, model/tool ids, privacy limits, and fallback policy.
|
|
101
|
+
- `references/tool-adapters.md` records availability and verification status for host tools and model-backed tools.
|
|
102
|
+
- `references/host-adapters.md` records host-specific model, subagent, MCP, browser, and worker capabilities.
|
|
103
|
+
- `references/evidence-taxonomy.md` decides whether routing evidence is result, verified, or accepted.
|
|
@@ -1,39 +1,39 @@
|
|
|
1
|
-
# GSE Open-Source Defaults
|
|
2
|
-
|
|
3
|
-
Use this reference when preparing GSE for a public repository or when a project asks to follow the mainstream open-source path.
|
|
4
|
-
|
|
5
|
-
## Recommended Default
|
|
6
|
-
|
|
7
|
-
GSE's owner-approved default route is:
|
|
8
|
-
|
|
9
|
-
- License: MIT.
|
|
10
|
-
- Repository: public GitHub repository.
|
|
11
|
-
- CI: GitHub Actions with required checks.
|
|
12
|
-
- Security: `SECURITY.md` plus GitHub Security Advisory or another owner-approved public disclosure path.
|
|
13
|
-
- Release channel: GitHub Release first; package registry or marketplace only after real publication evidence exists.
|
|
14
|
-
- Command UX: portable `/gse ...` commands, with native slash-command claims only after a host runtime record proves native execution.
|
|
15
|
-
|
|
16
|
-
## Why This Default
|
|
17
|
-
|
|
18
|
-
- MIT is widely understood by open-source tool users and keeps integration friction low.
|
|
19
|
-
- GitHub public repository plus GitHub Actions gives public, linkable evidence for repository settings and CI.
|
|
20
|
-
- GitHub Release provides a simple first public channel without pretending a registry or marketplace approved the package.
|
|
21
|
-
- Portable `/gse ...` command semantics work across hosts even when native slash-command APIs differ.
|
|
22
|
-
|
|
23
|
-
## Claim Boundaries
|
|
24
|
-
|
|
25
|
-
- A local `LICENSE` file proves the license text exists; accepted license status requires an owner-approved release record.
|
|
26
|
-
- A local GitHub Actions workflow file does not prove public CI. Use a real public run URL and `scripts/record-public-ci-run.mjs`.
|
|
27
|
-
- A local `SECURITY.md` does not prove a public security contact. Use `scripts/record-public-security-contact.mjs` after the disclosure path is public and owner-approved.
|
|
28
|
-
- A generated package or release bundle does not prove public publication. Use `scripts/record-public-channel-publication.mjs` after a real channel URL exists.
|
|
29
|
-
- Generated host adapter pointers do not prove native slash commands. Use `scripts/record-host-invocation.mjs` with real host evidence.
|
|
30
|
-
|
|
31
|
-
## Minimal Public Release Order
|
|
32
|
-
|
|
33
|
-
1. Record the owner-approved MIT license decision.
|
|
34
|
-
2. Publish or mirror GSE into a public GitHub repository.
|
|
35
|
-
3. Enable repository settings: issues, pull requests, security policy visibility, branch protection, required checks, review before merge, conversation resolution, force-push restriction, and deletion restriction.
|
|
36
|
-
4. Run public GitHub Actions and record the run URL, commit SHA, branch, and required checks.
|
|
37
|
-
5. Create a GitHub Release and record the release URL.
|
|
38
|
-
6. Record host runtime invocation evidence for each claimed host.
|
|
39
|
-
7. Re-run final readiness and public acceptance audits.
|
|
1
|
+
# GSE Open-Source Defaults
|
|
2
|
+
|
|
3
|
+
Use this reference when preparing GSE for a public repository or when a project asks to follow the mainstream open-source path.
|
|
4
|
+
|
|
5
|
+
## Recommended Default
|
|
6
|
+
|
|
7
|
+
GSE's owner-approved default route is:
|
|
8
|
+
|
|
9
|
+
- License: MIT.
|
|
10
|
+
- Repository: public GitHub repository.
|
|
11
|
+
- CI: GitHub Actions with required checks.
|
|
12
|
+
- Security: `SECURITY.md` plus GitHub Security Advisory or another owner-approved public disclosure path.
|
|
13
|
+
- Release channel: GitHub Release first; package registry or marketplace only after real publication evidence exists.
|
|
14
|
+
- Command UX: portable `/gse ...` commands, with native slash-command claims only after a host runtime record proves native execution.
|
|
15
|
+
|
|
16
|
+
## Why This Default
|
|
17
|
+
|
|
18
|
+
- MIT is widely understood by open-source tool users and keeps integration friction low.
|
|
19
|
+
- GitHub public repository plus GitHub Actions gives public, linkable evidence for repository settings and CI.
|
|
20
|
+
- GitHub Release provides a simple first public channel without pretending a registry or marketplace approved the package.
|
|
21
|
+
- Portable `/gse ...` command semantics work across hosts even when native slash-command APIs differ.
|
|
22
|
+
|
|
23
|
+
## Claim Boundaries
|
|
24
|
+
|
|
25
|
+
- A local `LICENSE` file proves the license text exists; accepted license status requires an owner-approved release record.
|
|
26
|
+
- A local GitHub Actions workflow file does not prove public CI. Use a real public run URL and `scripts/record-public-ci-run.mjs`.
|
|
27
|
+
- A local `SECURITY.md` does not prove a public security contact. Use `scripts/record-public-security-contact.mjs` after the disclosure path is public and owner-approved.
|
|
28
|
+
- A generated package or release bundle does not prove public publication. Use `scripts/record-public-channel-publication.mjs` after a real channel URL exists.
|
|
29
|
+
- Generated host adapter pointers do not prove native slash commands. Use `scripts/record-host-invocation.mjs` with real host evidence.
|
|
30
|
+
|
|
31
|
+
## Minimal Public Release Order
|
|
32
|
+
|
|
33
|
+
1. Record the owner-approved MIT license decision.
|
|
34
|
+
2. Publish or mirror GSE into a public GitHub repository.
|
|
35
|
+
3. Enable repository settings: issues, pull requests, security policy visibility, branch protection, required checks, review before merge, conversation resolution, force-push restriction, and deletion restriction.
|
|
36
|
+
4. Run public GitHub Actions and record the run URL, commit SHA, branch, and required checks.
|
|
37
|
+
5. Create a GitHub Release and record the release URL.
|
|
38
|
+
6. Record host runtime invocation evidence for each claimed host.
|
|
39
|
+
7. Re-run final readiness and public acceptance audits.
|
|
@@ -1,52 +1,52 @@
|
|
|
1
|
-
# Operating Model
|
|
2
|
-
|
|
3
|
-
Use the same loop for every task, scaled by task level.
|
|
4
|
-
|
|
5
|
-
## 1. Goal
|
|
6
|
-
|
|
7
|
-
Identify the project goal, user outcome, current priority, and non-goals.
|
|
8
|
-
|
|
9
|
-
For long-running work, bind to `.gse/goal-map.md` or the project's existing goal map.
|
|
10
|
-
|
|
11
|
-
## 2. Spec
|
|
12
|
-
|
|
13
|
-
Define boundaries before implementation:
|
|
14
|
-
|
|
15
|
-
- Inputs and outputs
|
|
16
|
-
- UI/API/state behavior
|
|
17
|
-
- Error and recovery behavior
|
|
18
|
-
- Permissions and privacy boundaries
|
|
19
|
-
- Acceptance criteria
|
|
20
|
-
- Test or smoke plan
|
|
21
|
-
|
|
22
|
-
Do not over-spec Level 1 tasks.
|
|
23
|
-
|
|
24
|
-
## 3. Execute
|
|
25
|
-
|
|
26
|
-
Use the smallest verifiable slice.
|
|
27
|
-
|
|
28
|
-
- Locate code with `rg`, `rg --files`, LSP, or an index before editing.
|
|
29
|
-
- Follow existing patterns.
|
|
30
|
-
- Keep unrelated refactors out.
|
|
31
|
-
- Use subagents only when actual dispatch tools exist and ownership is clear.
|
|
32
|
-
- Use `references/file-ownership.md` before editing dirty files, shared files, or files assigned to another role.
|
|
33
|
-
- Avoid making every internal state transition its own product slice. When several small states only matter as one user-visible chain, merge them and verify the chain.
|
|
34
|
-
|
|
35
|
-
## 4. Evidence
|
|
36
|
-
|
|
37
|
-
Completion needs evidence appropriate to the risk:
|
|
38
|
-
|
|
39
|
-
- Unit/component/contract test
|
|
40
|
-
- API smoke
|
|
41
|
-
- Browser or Playwright smoke
|
|
42
|
-
- Build/typecheck/lint
|
|
43
|
-
- Screenshot or trace for UI
|
|
44
|
-
- Commit hash or change summary
|
|
45
|
-
|
|
46
|
-
Choose the gate profile from `references/task-levels.md` and `references/quality-gates.md`. A small docs or state slice should not pay the same verification cost as a release/install/cross-host slice. Conversely, release, public contract, install, and host-runtime claims need hard gates and cannot be proven by narrow tests alone.
|
|
47
|
-
|
|
48
|
-
## 5. Learn
|
|
49
|
-
|
|
50
|
-
Record reusable lessons when a failure, correction, tool gap, repeated bug, or better process is discovered.
|
|
51
|
-
|
|
52
|
-
Escalate repeated lessons into quality gates or project rules.
|
|
1
|
+
# Operating Model
|
|
2
|
+
|
|
3
|
+
Use the same loop for every task, scaled by task level.
|
|
4
|
+
|
|
5
|
+
## 1. Goal
|
|
6
|
+
|
|
7
|
+
Identify the project goal, user outcome, current priority, and non-goals.
|
|
8
|
+
|
|
9
|
+
For long-running work, bind to `.gse/goal-map.md` or the project's existing goal map.
|
|
10
|
+
|
|
11
|
+
## 2. Spec
|
|
12
|
+
|
|
13
|
+
Define boundaries before implementation:
|
|
14
|
+
|
|
15
|
+
- Inputs and outputs
|
|
16
|
+
- UI/API/state behavior
|
|
17
|
+
- Error and recovery behavior
|
|
18
|
+
- Permissions and privacy boundaries
|
|
19
|
+
- Acceptance criteria
|
|
20
|
+
- Test or smoke plan
|
|
21
|
+
|
|
22
|
+
Do not over-spec Level 1 tasks.
|
|
23
|
+
|
|
24
|
+
## 3. Execute
|
|
25
|
+
|
|
26
|
+
Use the smallest verifiable slice.
|
|
27
|
+
|
|
28
|
+
- Locate code with `rg`, `rg --files`, LSP, or an index before editing.
|
|
29
|
+
- Follow existing patterns.
|
|
30
|
+
- Keep unrelated refactors out.
|
|
31
|
+
- Use subagents only when actual dispatch tools exist and ownership is clear.
|
|
32
|
+
- Use `references/file-ownership.md` before editing dirty files, shared files, or files assigned to another role.
|
|
33
|
+
- Avoid making every internal state transition its own product slice. When several small states only matter as one user-visible chain, merge them and verify the chain.
|
|
34
|
+
|
|
35
|
+
## 4. Evidence
|
|
36
|
+
|
|
37
|
+
Completion needs evidence appropriate to the risk:
|
|
38
|
+
|
|
39
|
+
- Unit/component/contract test
|
|
40
|
+
- API smoke
|
|
41
|
+
- Browser or Playwright smoke
|
|
42
|
+
- Build/typecheck/lint
|
|
43
|
+
- Screenshot or trace for UI
|
|
44
|
+
- Commit hash or change summary
|
|
45
|
+
|
|
46
|
+
Choose the gate profile from `references/task-levels.md` and `references/quality-gates.md`. A small docs or state slice should not pay the same verification cost as a release/install/cross-host slice. Conversely, release, public contract, install, and host-runtime claims need hard gates and cannot be proven by narrow tests alone.
|
|
47
|
+
|
|
48
|
+
## 5. Learn
|
|
49
|
+
|
|
50
|
+
Record reusable lessons when a failure, correction, tool gap, repeated bug, or better process is discovered.
|
|
51
|
+
|
|
52
|
+
Escalate repeated lessons into quality gates or project rules.
|