@t275005746/gse 0.1.0 → 0.1.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (180) hide show
  1. package/.github/ISSUE_TEMPLATE/bug_report.yml +42 -42
  2. package/.github/ISSUE_TEMPLATE/change_request.yml +50 -50
  3. package/.github/ISSUE_TEMPLATE/config.yml +5 -5
  4. package/.github/PULL_REQUEST_TEMPLATE.md +38 -38
  5. package/.github/workflows/validate-gse.yml +33 -33
  6. package/.gse/README.md +18 -18
  7. package/.gse/gse-development-protocol.md +50 -50
  8. package/.gse/project-profile.md +29 -29
  9. package/.gse/quality-gates.md +25 -25
  10. package/.gse/releases/public-registry-publication-npm.md +49 -0
  11. package/.gse/releases/public-release-owner-required.md +65 -65
  12. package/.gse/releases/public-security-contact-owner-required.md +45 -45
  13. package/.gse/state.json +3 -4
  14. package/CHANGELOG.md +24 -24
  15. package/CONTRIBUTING.md +64 -64
  16. package/LICENSE +21 -21
  17. package/README.md +1 -1
  18. package/README.zh-CN.md +1 -1
  19. package/SECURITY.md +41 -41
  20. package/SUPPORT.md +38 -38
  21. package/assets/marketplace/README.md +7 -7
  22. package/assets/marketplace/gse-listing.json +75 -75
  23. package/assets/templates/acceptance-execution-packet.md +73 -73
  24. package/assets/templates/adr.md +14 -14
  25. package/assets/templates/change-brief.md +16 -16
  26. package/assets/templates/design.md +18 -18
  27. package/assets/templates/dispatch-packet.md +104 -104
  28. package/assets/templates/evidence.md +14 -14
  29. package/assets/templates/execution-quality-pack.md +65 -65
  30. package/assets/templates/goal-map.md +21 -21
  31. package/assets/templates/host-adapter.md +48 -48
  32. package/assets/templates/host-ui-invocation-record.md +42 -42
  33. package/assets/templates/incident-review.md +60 -60
  34. package/assets/templates/public-channel-publication-record.md +49 -49
  35. package/assets/templates/public-ci-run-record.md +53 -53
  36. package/assets/templates/public-release-record.md +65 -65
  37. package/assets/templates/public-repository-settings-record.md +59 -59
  38. package/assets/templates/public-security-contact-record.md +45 -45
  39. package/assets/templates/release-trust-record.md +32 -32
  40. package/assets/templates/review.md +18 -18
  41. package/assets/templates/spec.md +16 -16
  42. package/assets/templates/target-adoption-evidence.md +29 -29
  43. package/assets/templates/tasks.md +17 -17
  44. package/assets/templates/update-release-acceptance-record.md +58 -58
  45. package/examples/README.md +22 -22
  46. package/examples/agent-runtime-host/.claude/gse-adapter.md +6 -6
  47. package/examples/agent-runtime-host/.codex/gse-adapter.md +7 -7
  48. package/examples/agent-runtime-host/.gse/goal-map.md +7 -7
  49. package/examples/agent-runtime-host/.gse/project-profile.md +27 -27
  50. package/examples/agent-runtime-host/.gse/tooling.md +5 -5
  51. package/examples/agent-runtime-host/.mcp.json +9 -9
  52. package/examples/agent-runtime-host/AGENTS.md +5 -5
  53. package/examples/agent-runtime-host/README.md +10 -10
  54. package/examples/agent-runtime-host/docs/model-routing.md +5 -5
  55. package/examples/cli-tool/.gse/project-profile.md +21 -21
  56. package/examples/cli-tool/AGENTS.md +5 -5
  57. package/examples/cli-tool/README.md +12 -12
  58. package/examples/cli-tool/package.json +21 -21
  59. package/examples/small-app/.env.example +2 -2
  60. package/examples/small-app/.github/workflows/ci.yml +8 -8
  61. package/examples/small-app/AGENTS.md +5 -5
  62. package/examples/small-app/README.md +12 -12
  63. package/examples/small-app/package.json +26 -26
  64. package/examples/small-app/playwright.config.ts +4 -4
  65. package/package.json +53 -53
  66. package/references/adoption-recipes.md +171 -171
  67. package/references/agent-roles.md +49 -49
  68. package/references/architecture-health.md +101 -101
  69. package/references/benchmark-audit.md +73 -73
  70. package/references/community-channels.md +46 -46
  71. package/references/compatibility.md +70 -70
  72. package/references/design-basis.md +38 -38
  73. package/references/domain-model.md +129 -129
  74. package/references/domain-quality-gates.md +75 -75
  75. package/references/drift-audit.md +81 -81
  76. package/references/evidence-taxonomy.md +123 -123
  77. package/references/file-ownership.md +107 -107
  78. package/references/final-readiness.md +84 -84
  79. package/references/forward-test.md +133 -133
  80. package/references/goal-map.md +36 -36
  81. package/references/host-adapters.md +119 -119
  82. package/references/learning-system.md +35 -35
  83. package/references/marketplace-discovery.md +46 -46
  84. package/references/model-routing.md +103 -103
  85. package/references/open-source-defaults.md +39 -39
  86. package/references/operating-model.md +52 -52
  87. package/references/packaging.md +277 -277
  88. package/references/project-agent-workspace.md +89 -89
  89. package/references/project-bootstrap.md +122 -122
  90. package/references/project-profile.md +57 -57
  91. package/references/public-release.md +174 -174
  92. package/references/quality-gates.md +100 -100
  93. package/references/recovery.md +176 -176
  94. package/references/release-trust.md +43 -43
  95. package/references/release.md +126 -126
  96. package/references/review.md +141 -141
  97. package/references/router.md +90 -90
  98. package/references/spec-workflow.md +66 -66
  99. package/references/task-levels.md +81 -81
  100. package/references/tool-adapters.md +73 -73
  101. package/scripts/audit-acceptance-execution-packet.mjs +133 -133
  102. package/scripts/audit-adoption-recipes.mjs +99 -99
  103. package/scripts/audit-change-lifecycle.mjs +77 -77
  104. package/scripts/audit-change-system.mjs +134 -134
  105. package/scripts/audit-ci-readiness.mjs +107 -107
  106. package/scripts/audit-close-gate.mjs +323 -323
  107. package/scripts/audit-command-adapters.mjs +91 -91
  108. package/scripts/audit-command-execution.mjs +210 -210
  109. package/scripts/audit-compatibility.mjs +149 -149
  110. package/scripts/audit-completion-readiness.mjs +292 -292
  111. package/scripts/audit-distribution.mjs +251 -251
  112. package/scripts/audit-domain-quality-gates.mjs +108 -108
  113. package/scripts/audit-evidence-placeholders.mjs +126 -126
  114. package/scripts/audit-final-readiness-promotion.mjs +255 -255
  115. package/scripts/audit-final-readiness.mjs +226 -226
  116. package/scripts/audit-fixtures.mjs +154 -154
  117. package/scripts/audit-fresh-session-readiness.mjs +177 -177
  118. package/scripts/audit-host-runtime-evidence-handoff.mjs +159 -159
  119. package/scripts/audit-host-runtime-invocation-drill.mjs +240 -240
  120. package/scripts/audit-host-runtime-invocations.mjs +254 -254
  121. package/scripts/audit-host-ui-invocation.mjs +132 -132
  122. package/scripts/audit-marketplace-discovery.mjs +122 -122
  123. package/scripts/audit-npm-package-metadata.mjs +155 -155
  124. package/scripts/audit-npm-publish-dry-run.mjs +191 -169
  125. package/scripts/audit-npm-tarball-install.mjs +191 -191
  126. package/scripts/audit-open-source-defaults.mjs +92 -92
  127. package/scripts/audit-open-source-readiness.mjs +97 -97
  128. package/scripts/audit-project.mjs +138 -138
  129. package/scripts/audit-public-acceptance-command-dry-run-drill.mjs +203 -203
  130. package/scripts/audit-public-acceptance-readiness.mjs +224 -224
  131. package/scripts/audit-public-channel-publication.mjs +248 -248
  132. package/scripts/audit-public-ci-run.mjs +184 -184
  133. package/scripts/audit-public-collaboration-templates.mjs +98 -98
  134. package/scripts/audit-public-external-gate-probe.mjs +206 -206
  135. package/scripts/audit-public-release-decision.mjs +201 -201
  136. package/scripts/audit-public-release-metadata.mjs +176 -176
  137. package/scripts/audit-public-repository-settings.mjs +237 -237
  138. package/scripts/audit-public-security-contact.mjs +171 -171
  139. package/scripts/audit-readme-docs.mjs +6 -4
  140. package/scripts/audit-recovery-readiness.mjs +98 -98
  141. package/scripts/audit-release-readiness.mjs +106 -106
  142. package/scripts/audit-release-trust.mjs +62 -62
  143. package/scripts/audit-remote-distribution.mjs +266 -266
  144. package/scripts/audit-roadmap-consistency.mjs +235 -235
  145. package/scripts/audit-signing.mjs +147 -147
  146. package/scripts/audit-state-freshness.mjs +14 -9
  147. package/scripts/audit-target-adoption-evidence.mjs +117 -117
  148. package/scripts/audit-target-project.mjs +507 -507
  149. package/scripts/audit-update-release-acceptance.mjs +136 -136
  150. package/scripts/audit-v1-target-validation.mjs +269 -269
  151. package/scripts/audit-validation-profiles.mjs +125 -125
  152. package/scripts/close-change.mjs +116 -116
  153. package/scripts/discover-project-profile.mjs +307 -307
  154. package/scripts/generate-command-adapter.mjs +231 -231
  155. package/scripts/generate-final-acceptance-packet.mjs +181 -181
  156. package/scripts/generate-final-form-progress-report.mjs +205 -205
  157. package/scripts/generate-host-runtime-evidence-handoff.mjs +206 -206
  158. package/scripts/generate-owner-external-gate-kit.mjs +295 -295
  159. package/scripts/generate-public-acceptance-handoff.mjs +168 -168
  160. package/scripts/generate-public-release-checklist.mjs +207 -207
  161. package/scripts/generate-release-bundle.mjs +505 -505
  162. package/scripts/generate-release-owner-action-plan.mjs +172 -172
  163. package/scripts/generate-release-status-manifest.mjs +200 -200
  164. package/scripts/generate-session-prompt.mjs +188 -188
  165. package/scripts/gse.mjs +67 -67
  166. package/scripts/init-change.mjs +265 -265
  167. package/scripts/init-project.mjs +785 -785
  168. package/scripts/install-gse.mjs +234 -234
  169. package/scripts/lib/evidence-placeholders.mjs +28 -28
  170. package/scripts/package-gse.mjs +174 -174
  171. package/scripts/probe-public-external-gates.mjs +167 -167
  172. package/scripts/record-host-invocation.mjs +151 -151
  173. package/scripts/record-public-channel-publication.mjs +178 -178
  174. package/scripts/record-public-ci-run.mjs +180 -180
  175. package/scripts/record-public-release.mjs +175 -175
  176. package/scripts/record-public-repository-settings.mjs +209 -209
  177. package/scripts/record-public-security-contact.mjs +157 -157
  178. package/scripts/sign-gse-package.mjs +83 -83
  179. package/scripts/update-project-state.mjs +223 -223
  180. package/scripts/verify-gse-package.mjs +85 -85
@@ -1,46 +1,46 @@
1
- # Marketplace Discovery
2
-
3
- Use this when preparing GSE for a public catalog, skill marketplace, plugin listing, GitHub release page, or internal agent-workflow registry.
4
-
5
- Discovery metadata should help people find and evaluate GSE without overstating trust.
6
-
7
- ## Required Metadata
8
-
9
- - Name and display name.
10
- - Short tagline and summary.
11
- - Categories and keywords that describe the workflow naturally.
12
- - Entrypoints for humans and agents.
13
- - Validation commands.
14
- - Distribution and signing references.
15
- - Host support status with honest labels.
16
- - Boundaries and unverified claims.
17
-
18
- The canonical local metadata file is:
19
-
20
- ```text
21
- assets/marketplace/gse-listing.json
22
- ```
23
-
24
- ## Search Language
25
-
26
- Use normal explanatory language around terms such as agentic engineering, spec-driven development, SDD, AI coding agents, goal maps, evidence gates, OpenSpec-style changes, and Superpowers-style execution. Do not add isolated search-term blocks that read like keyword stuffing.
27
-
28
- ## Trust Boundary
29
-
30
- Discovery metadata is not marketplace approval.
31
-
32
- A listing can be:
33
-
34
- - `result`: drafted metadata exists.
35
- - `verified`: metadata passes local audit and matches package validation.
36
- - `accepted`: the target marketplace, catalog owner, or release owner accepts it.
37
-
38
- ## Validation
39
-
40
- Run:
41
-
42
- ```text
43
- node <skill>/scripts/audit-marketplace-discovery.mjs --root <skill> --json
44
- ```
45
-
46
- For release trust, also use `references/release-trust.md`.
1
+ # Marketplace Discovery
2
+
3
+ Use this when preparing GSE for a public catalog, skill marketplace, plugin listing, GitHub release page, or internal agent-workflow registry.
4
+
5
+ Discovery metadata should help people find and evaluate GSE without overstating trust.
6
+
7
+ ## Required Metadata
8
+
9
+ - Name and display name.
10
+ - Short tagline and summary.
11
+ - Categories and keywords that describe the workflow naturally.
12
+ - Entrypoints for humans and agents.
13
+ - Validation commands.
14
+ - Distribution and signing references.
15
+ - Host support status with honest labels.
16
+ - Boundaries and unverified claims.
17
+
18
+ The canonical local metadata file is:
19
+
20
+ ```text
21
+ assets/marketplace/gse-listing.json
22
+ ```
23
+
24
+ ## Search Language
25
+
26
+ Use normal explanatory language around terms such as agentic engineering, spec-driven development, SDD, AI coding agents, goal maps, evidence gates, OpenSpec-style changes, and Superpowers-style execution. Do not add isolated search-term blocks that read like keyword stuffing.
27
+
28
+ ## Trust Boundary
29
+
30
+ Discovery metadata is not marketplace approval.
31
+
32
+ A listing can be:
33
+
34
+ - `result`: drafted metadata exists.
35
+ - `verified`: metadata passes local audit and matches package validation.
36
+ - `accepted`: the target marketplace, catalog owner, or release owner accepts it.
37
+
38
+ ## Validation
39
+
40
+ Run:
41
+
42
+ ```text
43
+ node <skill>/scripts/audit-marketplace-discovery.mjs --root <skill> --json
44
+ ```
45
+
46
+ For release trust, also use `references/release-trust.md`.
@@ -1,103 +1,103 @@
1
- # Model Routing
2
-
3
- Use this when GSE work needs to choose a model, provider, hosted tool, local tool, browser agent, worker, or role-specific agent capability.
4
-
5
- ## Core Rule
6
-
7
- Route by capability first, then cost, latency, privacy, context size, tool use, reliability, and evidence.
8
-
9
- Do not hard-code one provider, one model family, or one host as the GSE default. Projects may define preferred providers, but GSE must preserve a portable fallback path.
10
-
11
- ## Capability-First Selection
12
-
13
- Define the task capability before picking a model:
14
-
15
- | Capability | Typical use | Routing preference |
16
- |---|---|---|
17
- | Fast classification | triage, route selection, small labels | lowest reliable latency/cost |
18
- | Code location | symbol search, call chains, existing tests | LSP/index/search before stronger model reasoning |
19
- | Mechanical edit | narrow transforms, boilerplate, local fixes | lower-cost coding-capable model if verification is strong |
20
- | Implementation | bounded code slice, tests, integration | standard coding model with project context |
21
- | Architecture/root cause | invariants, multi-file reasoning, debugging | highest-reasoning model available and approved |
22
- | Review/QA | spec compliance, security, regressions, UI evidence | independent reviewer model or fresh context when risk is high |
23
- | Long context synthesis | session working set, docs, logs, migration notes | model with adequate context and summarization behavior |
24
- | Tool/worker execution | browser, shell, MCP, CI, queue, runtime worker | verified host/tool adapter, not just model choice |
25
-
26
- ## Status Vocabulary
27
-
28
- Keep model availability separate from model behavior.
29
-
30
- - `documented`: project docs, provider config, or host settings mention the model/tool.
31
- - `verified`: this session or project evidence ran the model/tool successfully for the relevant capability.
32
- - `unknown`: no trustworthy evidence yet.
33
- - `unavailable`: expected model/tool is missing, blocked, failing, or forbidden.
34
-
35
- A documented model is not verified. A verified chat response does not verify tool use, long context, latency, cost, or privacy behavior.
36
-
37
- ## Routing Inputs
38
-
39
- Record these in `.gse/project-profile.md`, `.gse/tooling.md`, or a host adapter when relevant:
40
-
41
- - Provider or host:
42
- - Model/tool id:
43
- - Capability:
44
- - Status: documented | verified | unknown | unavailable
45
- - Evidence path or command:
46
- - Cost tier:
47
- - Latency expectation:
48
- - Context limit or practical context budget:
49
- - Tool-use support:
50
- - Privacy/security boundary:
51
- - Fallback:
52
- - Known failure modes:
53
-
54
- ## Decision Order
55
-
56
- 1. Use project-specific routing rules if they exist and do not conflict with current user instruction.
57
- 2. Prefer verified local tools for code location, tests, browser smoke, and CI before spending model reasoning.
58
- 3. Choose the cheapest/fastest model that can satisfy the capability with adequate verification.
59
- 4. Escalate to a stronger model when there is a clear reasoning, context, safety, or integration gap.
60
- 5. Use fresh context for review, QA, or high-risk architecture when current-session context may bias the result.
61
- 6. Fall back to a documented or generic model only when the task risk is low or verification can catch mistakes.
62
- 7. Record residual risk when model behavior is unknown or only structurally verified.
63
-
64
- ## Fallback Rules
65
-
66
- - If preferred model is unavailable, use the next project-approved model with the same capability class.
67
- - If tool-use support is unavailable, switch to manual shell/browser/CI verification when possible.
68
- - If long-context support is unavailable, build a smaller working set and record omitted context.
69
- - If privacy constraints forbid remote models, use local tools, local models, or ask for a project-approved path.
70
- - If cost is high, reduce context, split the task, or use lower-tier models for locator/QA roles.
71
- - Do not claim a fallback preserved quality unless focused evidence proves it.
72
-
73
- ## Evidence Requirements
74
-
75
- For model routing claims, record:
76
-
77
- ```text
78
- Capability:
79
- Chosen model/tool:
80
- Why this route:
81
- Status: documented | verified | unknown | unavailable
82
- Cost/latency notes:
83
- Context/tool-use notes:
84
- Privacy/security notes:
85
- Fallback:
86
- Evidence:
87
- Residual risk:
88
- ```
89
-
90
- ## What Not To Do
91
-
92
- - Do not route all tasks to the strongest model by default.
93
- - Do not route all tasks to the cheapest model when failure would be expensive.
94
- - Do not treat provider marketing claims as project evidence.
95
- - Do not expose secrets, raw provider payloads, hidden reasoning, or private tool traces in user-facing output.
96
- - Do not confuse model routing with provider adapter implementation.
97
-
98
- ## Project Integration
99
-
100
- - `references/project-profile.md` records project-approved providers, model/tool ids, privacy limits, and fallback policy.
101
- - `references/tool-adapters.md` records availability and verification status for host tools and model-backed tools.
102
- - `references/host-adapters.md` records host-specific model, subagent, MCP, browser, and worker capabilities.
103
- - `references/evidence-taxonomy.md` decides whether routing evidence is result, verified, or accepted.
1
+ # Model Routing
2
+
3
+ Use this when GSE work needs to choose a model, provider, hosted tool, local tool, browser agent, worker, or role-specific agent capability.
4
+
5
+ ## Core Rule
6
+
7
+ Route by capability first, then cost, latency, privacy, context size, tool use, reliability, and evidence.
8
+
9
+ Do not hard-code one provider, one model family, or one host as the GSE default. Projects may define preferred providers, but GSE must preserve a portable fallback path.
10
+
11
+ ## Capability-First Selection
12
+
13
+ Define the task capability before picking a model:
14
+
15
+ | Capability | Typical use | Routing preference |
16
+ |---|---|---|
17
+ | Fast classification | triage, route selection, small labels | lowest reliable latency/cost |
18
+ | Code location | symbol search, call chains, existing tests | LSP/index/search before stronger model reasoning |
19
+ | Mechanical edit | narrow transforms, boilerplate, local fixes | lower-cost coding-capable model if verification is strong |
20
+ | Implementation | bounded code slice, tests, integration | standard coding model with project context |
21
+ | Architecture/root cause | invariants, multi-file reasoning, debugging | highest-reasoning model available and approved |
22
+ | Review/QA | spec compliance, security, regressions, UI evidence | independent reviewer model or fresh context when risk is high |
23
+ | Long context synthesis | session working set, docs, logs, migration notes | model with adequate context and summarization behavior |
24
+ | Tool/worker execution | browser, shell, MCP, CI, queue, runtime worker | verified host/tool adapter, not just model choice |
25
+
26
+ ## Status Vocabulary
27
+
28
+ Keep model availability separate from model behavior.
29
+
30
+ - `documented`: project docs, provider config, or host settings mention the model/tool.
31
+ - `verified`: this session or project evidence ran the model/tool successfully for the relevant capability.
32
+ - `unknown`: no trustworthy evidence yet.
33
+ - `unavailable`: expected model/tool is missing, blocked, failing, or forbidden.
34
+
35
+ A documented model is not verified. A verified chat response does not verify tool use, long context, latency, cost, or privacy behavior.
36
+
37
+ ## Routing Inputs
38
+
39
+ Record these in `.gse/project-profile.md`, `.gse/tooling.md`, or a host adapter when relevant:
40
+
41
+ - Provider or host:
42
+ - Model/tool id:
43
+ - Capability:
44
+ - Status: documented | verified | unknown | unavailable
45
+ - Evidence path or command:
46
+ - Cost tier:
47
+ - Latency expectation:
48
+ - Context limit or practical context budget:
49
+ - Tool-use support:
50
+ - Privacy/security boundary:
51
+ - Fallback:
52
+ - Known failure modes:
53
+
54
+ ## Decision Order
55
+
56
+ 1. Use project-specific routing rules if they exist and do not conflict with current user instruction.
57
+ 2. Prefer verified local tools for code location, tests, browser smoke, and CI before spending model reasoning.
58
+ 3. Choose the cheapest/fastest model that can satisfy the capability with adequate verification.
59
+ 4. Escalate to a stronger model when there is a clear reasoning, context, safety, or integration gap.
60
+ 5. Use fresh context for review, QA, or high-risk architecture when current-session context may bias the result.
61
+ 6. Fall back to a documented or generic model only when the task risk is low or verification can catch mistakes.
62
+ 7. Record residual risk when model behavior is unknown or only structurally verified.
63
+
64
+ ## Fallback Rules
65
+
66
+ - If preferred model is unavailable, use the next project-approved model with the same capability class.
67
+ - If tool-use support is unavailable, switch to manual shell/browser/CI verification when possible.
68
+ - If long-context support is unavailable, build a smaller working set and record omitted context.
69
+ - If privacy constraints forbid remote models, use local tools, local models, or ask for a project-approved path.
70
+ - If cost is high, reduce context, split the task, or use lower-tier models for locator/QA roles.
71
+ - Do not claim a fallback preserved quality unless focused evidence proves it.
72
+
73
+ ## Evidence Requirements
74
+
75
+ For model routing claims, record:
76
+
77
+ ```text
78
+ Capability:
79
+ Chosen model/tool:
80
+ Why this route:
81
+ Status: documented | verified | unknown | unavailable
82
+ Cost/latency notes:
83
+ Context/tool-use notes:
84
+ Privacy/security notes:
85
+ Fallback:
86
+ Evidence:
87
+ Residual risk:
88
+ ```
89
+
90
+ ## What Not To Do
91
+
92
+ - Do not route all tasks to the strongest model by default.
93
+ - Do not route all tasks to the cheapest model when failure would be expensive.
94
+ - Do not treat provider marketing claims as project evidence.
95
+ - Do not expose secrets, raw provider payloads, hidden reasoning, or private tool traces in user-facing output.
96
+ - Do not confuse model routing with provider adapter implementation.
97
+
98
+ ## Project Integration
99
+
100
+ - `references/project-profile.md` records project-approved providers, model/tool ids, privacy limits, and fallback policy.
101
+ - `references/tool-adapters.md` records availability and verification status for host tools and model-backed tools.
102
+ - `references/host-adapters.md` records host-specific model, subagent, MCP, browser, and worker capabilities.
103
+ - `references/evidence-taxonomy.md` decides whether routing evidence is result, verified, or accepted.
@@ -1,39 +1,39 @@
1
- # GSE Open-Source Defaults
2
-
3
- Use this reference when preparing GSE for a public repository or when a project asks to follow the mainstream open-source path.
4
-
5
- ## Recommended Default
6
-
7
- GSE's owner-approved default route is:
8
-
9
- - License: MIT.
10
- - Repository: public GitHub repository.
11
- - CI: GitHub Actions with required checks.
12
- - Security: `SECURITY.md` plus GitHub Security Advisory or another owner-approved public disclosure path.
13
- - Release channel: GitHub Release first; package registry or marketplace only after real publication evidence exists.
14
- - Command UX: portable `/gse ...` commands, with native slash-command claims only after a host runtime record proves native execution.
15
-
16
- ## Why This Default
17
-
18
- - MIT is widely understood by open-source tool users and keeps integration friction low.
19
- - GitHub public repository plus GitHub Actions gives public, linkable evidence for repository settings and CI.
20
- - GitHub Release provides a simple first public channel without pretending a registry or marketplace approved the package.
21
- - Portable `/gse ...` command semantics work across hosts even when native slash-command APIs differ.
22
-
23
- ## Claim Boundaries
24
-
25
- - A local `LICENSE` file proves the license text exists; accepted license status requires an owner-approved release record.
26
- - A local GitHub Actions workflow file does not prove public CI. Use a real public run URL and `scripts/record-public-ci-run.mjs`.
27
- - A local `SECURITY.md` does not prove a public security contact. Use `scripts/record-public-security-contact.mjs` after the disclosure path is public and owner-approved.
28
- - A generated package or release bundle does not prove public publication. Use `scripts/record-public-channel-publication.mjs` after a real channel URL exists.
29
- - Generated host adapter pointers do not prove native slash commands. Use `scripts/record-host-invocation.mjs` with real host evidence.
30
-
31
- ## Minimal Public Release Order
32
-
33
- 1. Record the owner-approved MIT license decision.
34
- 2. Publish or mirror GSE into a public GitHub repository.
35
- 3. Enable repository settings: issues, pull requests, security policy visibility, branch protection, required checks, review before merge, conversation resolution, force-push restriction, and deletion restriction.
36
- 4. Run public GitHub Actions and record the run URL, commit SHA, branch, and required checks.
37
- 5. Create a GitHub Release and record the release URL.
38
- 6. Record host runtime invocation evidence for each claimed host.
39
- 7. Re-run final readiness and public acceptance audits.
1
+ # GSE Open-Source Defaults
2
+
3
+ Use this reference when preparing GSE for a public repository or when a project asks to follow the mainstream open-source path.
4
+
5
+ ## Recommended Default
6
+
7
+ GSE's owner-approved default route is:
8
+
9
+ - License: MIT.
10
+ - Repository: public GitHub repository.
11
+ - CI: GitHub Actions with required checks.
12
+ - Security: `SECURITY.md` plus GitHub Security Advisory or another owner-approved public disclosure path.
13
+ - Release channel: GitHub Release first; package registry or marketplace only after real publication evidence exists.
14
+ - Command UX: portable `/gse ...` commands, with native slash-command claims only after a host runtime record proves native execution.
15
+
16
+ ## Why This Default
17
+
18
+ - MIT is widely understood by open-source tool users and keeps integration friction low.
19
+ - GitHub public repository plus GitHub Actions gives public, linkable evidence for repository settings and CI.
20
+ - GitHub Release provides a simple first public channel without pretending a registry or marketplace approved the package.
21
+ - Portable `/gse ...` command semantics work across hosts even when native slash-command APIs differ.
22
+
23
+ ## Claim Boundaries
24
+
25
+ - A local `LICENSE` file proves the license text exists; accepted license status requires an owner-approved release record.
26
+ - A local GitHub Actions workflow file does not prove public CI. Use a real public run URL and `scripts/record-public-ci-run.mjs`.
27
+ - A local `SECURITY.md` does not prove a public security contact. Use `scripts/record-public-security-contact.mjs` after the disclosure path is public and owner-approved.
28
+ - A generated package or release bundle does not prove public publication. Use `scripts/record-public-channel-publication.mjs` after a real channel URL exists.
29
+ - Generated host adapter pointers do not prove native slash commands. Use `scripts/record-host-invocation.mjs` with real host evidence.
30
+
31
+ ## Minimal Public Release Order
32
+
33
+ 1. Record the owner-approved MIT license decision.
34
+ 2. Publish or mirror GSE into a public GitHub repository.
35
+ 3. Enable repository settings: issues, pull requests, security policy visibility, branch protection, required checks, review before merge, conversation resolution, force-push restriction, and deletion restriction.
36
+ 4. Run public GitHub Actions and record the run URL, commit SHA, branch, and required checks.
37
+ 5. Create a GitHub Release and record the release URL.
38
+ 6. Record host runtime invocation evidence for each claimed host.
39
+ 7. Re-run final readiness and public acceptance audits.
@@ -1,52 +1,52 @@
1
- # Operating Model
2
-
3
- Use the same loop for every task, scaled by task level.
4
-
5
- ## 1. Goal
6
-
7
- Identify the project goal, user outcome, current priority, and non-goals.
8
-
9
- For long-running work, bind to `.gse/goal-map.md` or the project's existing goal map.
10
-
11
- ## 2. Spec
12
-
13
- Define boundaries before implementation:
14
-
15
- - Inputs and outputs
16
- - UI/API/state behavior
17
- - Error and recovery behavior
18
- - Permissions and privacy boundaries
19
- - Acceptance criteria
20
- - Test or smoke plan
21
-
22
- Do not over-spec Level 1 tasks.
23
-
24
- ## 3. Execute
25
-
26
- Use the smallest verifiable slice.
27
-
28
- - Locate code with `rg`, `rg --files`, LSP, or an index before editing.
29
- - Follow existing patterns.
30
- - Keep unrelated refactors out.
31
- - Use subagents only when actual dispatch tools exist and ownership is clear.
32
- - Use `references/file-ownership.md` before editing dirty files, shared files, or files assigned to another role.
33
- - Avoid making every internal state transition its own product slice. When several small states only matter as one user-visible chain, merge them and verify the chain.
34
-
35
- ## 4. Evidence
36
-
37
- Completion needs evidence appropriate to the risk:
38
-
39
- - Unit/component/contract test
40
- - API smoke
41
- - Browser or Playwright smoke
42
- - Build/typecheck/lint
43
- - Screenshot or trace for UI
44
- - Commit hash or change summary
45
-
46
- Choose the gate profile from `references/task-levels.md` and `references/quality-gates.md`. A small docs or state slice should not pay the same verification cost as a release/install/cross-host slice. Conversely, release, public contract, install, and host-runtime claims need hard gates and cannot be proven by narrow tests alone.
47
-
48
- ## 5. Learn
49
-
50
- Record reusable lessons when a failure, correction, tool gap, repeated bug, or better process is discovered.
51
-
52
- Escalate repeated lessons into quality gates or project rules.
1
+ # Operating Model
2
+
3
+ Use the same loop for every task, scaled by task level.
4
+
5
+ ## 1. Goal
6
+
7
+ Identify the project goal, user outcome, current priority, and non-goals.
8
+
9
+ For long-running work, bind to `.gse/goal-map.md` or the project's existing goal map.
10
+
11
+ ## 2. Spec
12
+
13
+ Define boundaries before implementation:
14
+
15
+ - Inputs and outputs
16
+ - UI/API/state behavior
17
+ - Error and recovery behavior
18
+ - Permissions and privacy boundaries
19
+ - Acceptance criteria
20
+ - Test or smoke plan
21
+
22
+ Do not over-spec Level 1 tasks.
23
+
24
+ ## 3. Execute
25
+
26
+ Use the smallest verifiable slice.
27
+
28
+ - Locate code with `rg`, `rg --files`, LSP, or an index before editing.
29
+ - Follow existing patterns.
30
+ - Keep unrelated refactors out.
31
+ - Use subagents only when actual dispatch tools exist and ownership is clear.
32
+ - Use `references/file-ownership.md` before editing dirty files, shared files, or files assigned to another role.
33
+ - Avoid making every internal state transition its own product slice. When several small states only matter as one user-visible chain, merge them and verify the chain.
34
+
35
+ ## 4. Evidence
36
+
37
+ Completion needs evidence appropriate to the risk:
38
+
39
+ - Unit/component/contract test
40
+ - API smoke
41
+ - Browser or Playwright smoke
42
+ - Build/typecheck/lint
43
+ - Screenshot or trace for UI
44
+ - Commit hash or change summary
45
+
46
+ Choose the gate profile from `references/task-levels.md` and `references/quality-gates.md`. A small docs or state slice should not pay the same verification cost as a release/install/cross-host slice. Conversely, release, public contract, install, and host-runtime claims need hard gates and cannot be proven by narrow tests alone.
47
+
48
+ ## 5. Learn
49
+
50
+ Record reusable lessons when a failure, correction, tool gap, repeated bug, or better process is discovered.
51
+
52
+ Escalate repeated lessons into quality gates or project rules.