@t275005746/gse 0.1.0 → 0.1.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (180) hide show
  1. package/.github/ISSUE_TEMPLATE/bug_report.yml +42 -42
  2. package/.github/ISSUE_TEMPLATE/change_request.yml +50 -50
  3. package/.github/ISSUE_TEMPLATE/config.yml +5 -5
  4. package/.github/PULL_REQUEST_TEMPLATE.md +38 -38
  5. package/.github/workflows/validate-gse.yml +33 -33
  6. package/.gse/README.md +18 -18
  7. package/.gse/gse-development-protocol.md +50 -50
  8. package/.gse/project-profile.md +29 -29
  9. package/.gse/quality-gates.md +25 -25
  10. package/.gse/releases/public-registry-publication-npm.md +49 -0
  11. package/.gse/releases/public-release-owner-required.md +65 -65
  12. package/.gse/releases/public-security-contact-owner-required.md +45 -45
  13. package/.gse/state.json +3 -4
  14. package/CHANGELOG.md +24 -24
  15. package/CONTRIBUTING.md +64 -64
  16. package/LICENSE +21 -21
  17. package/README.md +1 -1
  18. package/README.zh-CN.md +1 -1
  19. package/SECURITY.md +41 -41
  20. package/SUPPORT.md +38 -38
  21. package/assets/marketplace/README.md +7 -7
  22. package/assets/marketplace/gse-listing.json +75 -75
  23. package/assets/templates/acceptance-execution-packet.md +73 -73
  24. package/assets/templates/adr.md +14 -14
  25. package/assets/templates/change-brief.md +16 -16
  26. package/assets/templates/design.md +18 -18
  27. package/assets/templates/dispatch-packet.md +104 -104
  28. package/assets/templates/evidence.md +14 -14
  29. package/assets/templates/execution-quality-pack.md +65 -65
  30. package/assets/templates/goal-map.md +21 -21
  31. package/assets/templates/host-adapter.md +48 -48
  32. package/assets/templates/host-ui-invocation-record.md +42 -42
  33. package/assets/templates/incident-review.md +60 -60
  34. package/assets/templates/public-channel-publication-record.md +49 -49
  35. package/assets/templates/public-ci-run-record.md +53 -53
  36. package/assets/templates/public-release-record.md +65 -65
  37. package/assets/templates/public-repository-settings-record.md +59 -59
  38. package/assets/templates/public-security-contact-record.md +45 -45
  39. package/assets/templates/release-trust-record.md +32 -32
  40. package/assets/templates/review.md +18 -18
  41. package/assets/templates/spec.md +16 -16
  42. package/assets/templates/target-adoption-evidence.md +29 -29
  43. package/assets/templates/tasks.md +17 -17
  44. package/assets/templates/update-release-acceptance-record.md +58 -58
  45. package/examples/README.md +22 -22
  46. package/examples/agent-runtime-host/.claude/gse-adapter.md +6 -6
  47. package/examples/agent-runtime-host/.codex/gse-adapter.md +7 -7
  48. package/examples/agent-runtime-host/.gse/goal-map.md +7 -7
  49. package/examples/agent-runtime-host/.gse/project-profile.md +27 -27
  50. package/examples/agent-runtime-host/.gse/tooling.md +5 -5
  51. package/examples/agent-runtime-host/.mcp.json +9 -9
  52. package/examples/agent-runtime-host/AGENTS.md +5 -5
  53. package/examples/agent-runtime-host/README.md +10 -10
  54. package/examples/agent-runtime-host/docs/model-routing.md +5 -5
  55. package/examples/cli-tool/.gse/project-profile.md +21 -21
  56. package/examples/cli-tool/AGENTS.md +5 -5
  57. package/examples/cli-tool/README.md +12 -12
  58. package/examples/cli-tool/package.json +21 -21
  59. package/examples/small-app/.env.example +2 -2
  60. package/examples/small-app/.github/workflows/ci.yml +8 -8
  61. package/examples/small-app/AGENTS.md +5 -5
  62. package/examples/small-app/README.md +12 -12
  63. package/examples/small-app/package.json +26 -26
  64. package/examples/small-app/playwright.config.ts +4 -4
  65. package/package.json +53 -53
  66. package/references/adoption-recipes.md +171 -171
  67. package/references/agent-roles.md +49 -49
  68. package/references/architecture-health.md +101 -101
  69. package/references/benchmark-audit.md +73 -73
  70. package/references/community-channels.md +46 -46
  71. package/references/compatibility.md +70 -70
  72. package/references/design-basis.md +38 -38
  73. package/references/domain-model.md +129 -129
  74. package/references/domain-quality-gates.md +75 -75
  75. package/references/drift-audit.md +81 -81
  76. package/references/evidence-taxonomy.md +123 -123
  77. package/references/file-ownership.md +107 -107
  78. package/references/final-readiness.md +84 -84
  79. package/references/forward-test.md +133 -133
  80. package/references/goal-map.md +36 -36
  81. package/references/host-adapters.md +119 -119
  82. package/references/learning-system.md +35 -35
  83. package/references/marketplace-discovery.md +46 -46
  84. package/references/model-routing.md +103 -103
  85. package/references/open-source-defaults.md +39 -39
  86. package/references/operating-model.md +52 -52
  87. package/references/packaging.md +277 -277
  88. package/references/project-agent-workspace.md +89 -89
  89. package/references/project-bootstrap.md +122 -122
  90. package/references/project-profile.md +57 -57
  91. package/references/public-release.md +174 -174
  92. package/references/quality-gates.md +100 -100
  93. package/references/recovery.md +176 -176
  94. package/references/release-trust.md +43 -43
  95. package/references/release.md +126 -126
  96. package/references/review.md +141 -141
  97. package/references/router.md +90 -90
  98. package/references/spec-workflow.md +66 -66
  99. package/references/task-levels.md +81 -81
  100. package/references/tool-adapters.md +73 -73
  101. package/scripts/audit-acceptance-execution-packet.mjs +133 -133
  102. package/scripts/audit-adoption-recipes.mjs +99 -99
  103. package/scripts/audit-change-lifecycle.mjs +77 -77
  104. package/scripts/audit-change-system.mjs +134 -134
  105. package/scripts/audit-ci-readiness.mjs +107 -107
  106. package/scripts/audit-close-gate.mjs +323 -323
  107. package/scripts/audit-command-adapters.mjs +91 -91
  108. package/scripts/audit-command-execution.mjs +210 -210
  109. package/scripts/audit-compatibility.mjs +149 -149
  110. package/scripts/audit-completion-readiness.mjs +292 -292
  111. package/scripts/audit-distribution.mjs +251 -251
  112. package/scripts/audit-domain-quality-gates.mjs +108 -108
  113. package/scripts/audit-evidence-placeholders.mjs +126 -126
  114. package/scripts/audit-final-readiness-promotion.mjs +255 -255
  115. package/scripts/audit-final-readiness.mjs +226 -226
  116. package/scripts/audit-fixtures.mjs +154 -154
  117. package/scripts/audit-fresh-session-readiness.mjs +177 -177
  118. package/scripts/audit-host-runtime-evidence-handoff.mjs +159 -159
  119. package/scripts/audit-host-runtime-invocation-drill.mjs +240 -240
  120. package/scripts/audit-host-runtime-invocations.mjs +254 -254
  121. package/scripts/audit-host-ui-invocation.mjs +132 -132
  122. package/scripts/audit-marketplace-discovery.mjs +122 -122
  123. package/scripts/audit-npm-package-metadata.mjs +155 -155
  124. package/scripts/audit-npm-publish-dry-run.mjs +191 -169
  125. package/scripts/audit-npm-tarball-install.mjs +191 -191
  126. package/scripts/audit-open-source-defaults.mjs +92 -92
  127. package/scripts/audit-open-source-readiness.mjs +97 -97
  128. package/scripts/audit-project.mjs +138 -138
  129. package/scripts/audit-public-acceptance-command-dry-run-drill.mjs +203 -203
  130. package/scripts/audit-public-acceptance-readiness.mjs +224 -224
  131. package/scripts/audit-public-channel-publication.mjs +248 -248
  132. package/scripts/audit-public-ci-run.mjs +184 -184
  133. package/scripts/audit-public-collaboration-templates.mjs +98 -98
  134. package/scripts/audit-public-external-gate-probe.mjs +206 -206
  135. package/scripts/audit-public-release-decision.mjs +201 -201
  136. package/scripts/audit-public-release-metadata.mjs +176 -176
  137. package/scripts/audit-public-repository-settings.mjs +237 -237
  138. package/scripts/audit-public-security-contact.mjs +171 -171
  139. package/scripts/audit-readme-docs.mjs +6 -4
  140. package/scripts/audit-recovery-readiness.mjs +98 -98
  141. package/scripts/audit-release-readiness.mjs +106 -106
  142. package/scripts/audit-release-trust.mjs +62 -62
  143. package/scripts/audit-remote-distribution.mjs +266 -266
  144. package/scripts/audit-roadmap-consistency.mjs +235 -235
  145. package/scripts/audit-signing.mjs +147 -147
  146. package/scripts/audit-state-freshness.mjs +14 -9
  147. package/scripts/audit-target-adoption-evidence.mjs +117 -117
  148. package/scripts/audit-target-project.mjs +507 -507
  149. package/scripts/audit-update-release-acceptance.mjs +136 -136
  150. package/scripts/audit-v1-target-validation.mjs +269 -269
  151. package/scripts/audit-validation-profiles.mjs +125 -125
  152. package/scripts/close-change.mjs +116 -116
  153. package/scripts/discover-project-profile.mjs +307 -307
  154. package/scripts/generate-command-adapter.mjs +231 -231
  155. package/scripts/generate-final-acceptance-packet.mjs +181 -181
  156. package/scripts/generate-final-form-progress-report.mjs +205 -205
  157. package/scripts/generate-host-runtime-evidence-handoff.mjs +206 -206
  158. package/scripts/generate-owner-external-gate-kit.mjs +295 -295
  159. package/scripts/generate-public-acceptance-handoff.mjs +168 -168
  160. package/scripts/generate-public-release-checklist.mjs +207 -207
  161. package/scripts/generate-release-bundle.mjs +505 -505
  162. package/scripts/generate-release-owner-action-plan.mjs +172 -172
  163. package/scripts/generate-release-status-manifest.mjs +200 -200
  164. package/scripts/generate-session-prompt.mjs +188 -188
  165. package/scripts/gse.mjs +67 -67
  166. package/scripts/init-change.mjs +265 -265
  167. package/scripts/init-project.mjs +785 -785
  168. package/scripts/install-gse.mjs +234 -234
  169. package/scripts/lib/evidence-placeholders.mjs +28 -28
  170. package/scripts/package-gse.mjs +174 -174
  171. package/scripts/probe-public-external-gates.mjs +167 -167
  172. package/scripts/record-host-invocation.mjs +151 -151
  173. package/scripts/record-public-channel-publication.mjs +178 -178
  174. package/scripts/record-public-ci-run.mjs +180 -180
  175. package/scripts/record-public-release.mjs +175 -175
  176. package/scripts/record-public-repository-settings.mjs +209 -209
  177. package/scripts/record-public-security-contact.mjs +157 -157
  178. package/scripts/sign-gse-package.mjs +83 -83
  179. package/scripts/update-project-state.mjs +223 -223
  180. package/scripts/verify-gse-package.mjs +85 -85
@@ -1,210 +1,210 @@
1
- #!/usr/bin/env node
2
- import fs from 'node:fs'
3
- import os from 'node:os'
4
- import path from 'node:path'
5
- import { spawnSync } from 'node:child_process'
6
-
7
- const args = process.argv.slice(2)
8
-
9
- function readArg(name, fallback = null) {
10
- const index = args.indexOf(name)
11
- if (index === -1) return fallback
12
- return args[index + 1] ?? fallback
13
- }
14
-
15
- const root = path.resolve(readArg('--root', path.join(import.meta.dirname, '..')))
16
- const jsonOnly = args.includes('--json')
17
- const profile = readArg('--profile', 'lite')
18
- const target = fs.mkdtempSync(path.join(os.tmpdir(), 'gse-command-exec-'))
19
-
20
- if (!['lite', 'full'].includes(profile)) {
21
- console.error(`Unknown command execution audit profile: ${profile}`)
22
- process.exit(1)
23
- }
24
-
25
- function run(script, commandArgs) {
26
- const result = spawnSync(process.execPath, [path.join(root, 'scripts', script), ...commandArgs], {
27
- cwd: root,
28
- encoding: 'utf8',
29
- windowsHide: true,
30
- })
31
- return {
32
- command: [process.execPath, path.join(root, 'scripts', script), ...commandArgs].join(' '),
33
- status: result.status ?? 1,
34
- stdout: (result.stdout ?? '').trim(),
35
- stderr: (result.stderr ?? '').trim(),
36
- }
37
- }
38
-
39
- function parseJson(text) {
40
- try { return JSON.parse(text) } catch { return null }
41
- }
42
-
43
- function diagnosticOk(runResult, report) {
44
- if (runResult.status === 0 && report?.execution?.ok) return true
45
- if (report?.execution?.diagnosticSummary?.failed === 0) return true
46
- const child = parseJson(report?.execution?.stdout || '')
47
- return child?.summary?.failed === 0
48
- }
49
-
50
- function check(id, label, ok, evidence, risk = '') {
51
- return { id, label, status: ok ? 'passed' : 'failed', evidence, risk }
52
- }
53
-
54
- function maybeRun(enabled, script, commandArgs) {
55
- return enabled ? run(script, commandArgs) : null
56
- }
57
-
58
- fs.mkdirSync(target, { recursive: true })
59
- fs.writeFileSync(path.join(target, 'AGENTS.md'), '# Test Project\n', 'utf8')
60
-
61
- const initRun = run('init-project.mjs', ['--target', target, '--mode', 'standard', '--json'])
62
- fs.mkdirSync(path.join(target, 'docs'), { recursive: true })
63
- fs.writeFileSync(path.join(target, 'docs', 'productization-architecture.md'), '# Productization Architecture\n', 'utf8')
64
- fs.appendFileSync(path.join(target, '.gse', 'README.md'), '\nCanonical plan: `docs/productization-architecture.md`.\n', 'utf8')
65
-
66
- const adapterRun = run('generate-command-adapter.mjs', ['--target', target, '--host', 'all', '--json'])
67
- const helpRun = run('run-gse-command.mjs', ['--root', root, '--target', target, '--command', '/gse help', '--json'])
68
- const continueRun = run('run-gse-command.mjs', ['--root', root, '--target', target, '--command', '/gse continue', '--json'])
69
- const shortCliRun = run('gse.mjs', ['status', '--target', target, '--json'])
70
-
71
- const full = profile === 'full'
72
- const statusRun = maybeRun(full, 'run-gse-command.mjs', ['--root', root, '--target', root, '--command', '/gse status', '--json'])
73
- const doctorRun = maybeRun(full, 'run-gse-command.mjs', ['--root', root, '--target', root, '--command', '/gse doctor', '--json'])
74
- const acceptanceRun = maybeRun(full, 'run-gse-command.mjs', ['--root', root, '--target', root, '--command', '/gse acceptance', '--json'])
75
- const ownerActionsRun = maybeRun(full, 'run-gse-command.mjs', ['--root', root, '--target', root, '--command', '/gse owner-actions', '--json'])
76
- const ownerActionsCompactRun = maybeRun(full, 'run-gse-command.mjs', ['--root', root, '--target', root, '--command', '/gse owner-actions', '--json', '--compact'])
77
- const probeWaitingRun = maybeRun(full, 'run-gse-command.mjs', ['--root', root, '--target', root, '--command', '/gse probe', '--json'])
78
- const probeRejectRun = maybeRun(full, 'run-gse-command.mjs', ['--root', root, '--target', root, '--command', '/gse probe --public-repo-url https://github.com/example/gse', '--json'])
79
- const releaseDryRun = maybeRun(full, 'run-gse-command.mjs', ['--root', root, '--target', root, '--command', '/gse release --label command-exec-release', '--json'])
80
- const releaseExecuteOut = path.join(target, 'release-bundle-command-exec')
81
- const releaseExecuteRun = maybeRun(full, 'run-gse-command.mjs', ['--root', root, '--target', root, '--command', `/gse release --label command-exec-release --out ${releaseExecuteOut}`, '--execute', '--json'])
82
- const packageDryRun = maybeRun(full, 'run-gse-command.mjs', ['--root', root, '--target', root, '--command', '/gse package --label command-exec-package', '--json'])
83
- const packageExecuteOut = path.join(target, 'package-command-exec')
84
- const packageExecuteRun = maybeRun(full, 'run-gse-command.mjs', ['--root', root, '--target', root, '--command', `/gse package --label command-exec-package --out ${packageExecuteOut}`, '--execute', '--json'])
85
- const installDryRunTarget = path.join(target, 'install-dry-run-command-exec')
86
- const installDryRun = maybeRun(full, 'run-gse-command.mjs', ['--root', root, '--target', root, '--command', `/gse install --source ${packageExecuteOut} --install-target ${installDryRunTarget}`, '--json'])
87
- const installExecuteTarget = path.join(target, 'install-command-exec')
88
- const installExecuteRun = maybeRun(full, 'run-gse-command.mjs', ['--root', root, '--target', root, '--command', `/gse install --source ${packageExecuteOut} --install-target ${installExecuteTarget}`, '--execute', '--json'])
89
- const publicReleaseDryRun = maybeRun(full, 'run-gse-command.mjs', ['--root', root, '--target', root, '--command', '/gse public-release', '--json'])
90
- const publicReleaseExecuteOut = path.join(target, 'public-release-checklist-command-exec.md')
91
- const publicReleaseExecuteRun = maybeRun(full, 'run-gse-command.mjs', ['--root', root, '--target', root, '--command', `/gse public-release --out ${publicReleaseExecuteOut}`, '--execute', '--json'])
92
- const doctorTargetRun = maybeRun(full, 'run-gse-command.mjs', ['--root', root, '--target', target, '--command', '/gse doctor', '--json'])
93
- const verifyRun = maybeRun(full, 'run-gse-command.mjs', ['--root', root, '--target', root, '--command', '/gse verify --profile lite', '--json'])
94
- const auditRun = maybeRun(full, 'run-gse-command.mjs', ['--root', root, '--target', target, '--command', '/gse audit', '--json'])
95
- const closeRun = maybeRun(full, 'run-gse-command.mjs', ['--root', root, '--target', target, '--command', '/gse close', '--json'])
96
- const changeRun = maybeRun(full, 'run-gse-command.mjs', ['--root', root, '--target', target, '--command', '/gse change add-login --level lite', '--execute', '--json'])
97
-
98
- const help = parseJson(helpRun.stdout)
99
- const cont = parseJson(continueRun.stdout)
100
- const status = statusRun ? parseJson(statusRun.stdout) : null
101
- const doctor = doctorRun ? parseJson(doctorRun.stdout) : null
102
- const acceptance = acceptanceRun ? parseJson(acceptanceRun.stdout) : null
103
- const ownerActions = ownerActionsRun ? parseJson(ownerActionsRun.stdout) : null
104
- const ownerActionsCompact = ownerActionsCompactRun ? parseJson(ownerActionsCompactRun.stdout) : null
105
- const probeWaiting = probeWaitingRun ? parseJson(probeWaitingRun.stdout) : null
106
- const probeReject = probeRejectRun ? parseJson(probeRejectRun.stdout) : null
107
- const releaseDryRunReport = releaseDryRun ? parseJson(releaseDryRun.stdout) : null
108
- const releaseExecuteReport = releaseExecuteRun ? parseJson(releaseExecuteRun.stdout) : null
109
- const doctorTarget = doctorTargetRun ? parseJson(doctorTargetRun.stdout) : null
110
- const verify = verifyRun ? parseJson(verifyRun.stdout) : null
111
- const audit = auditRun ? parseJson(auditRun.stdout) : null
112
- const close = closeRun ? parseJson(closeRun.stdout) : null
113
- const change = changeRun ? parseJson(changeRun.stdout) : null
114
- const doctorData = doctor ? parseJson(doctor.execution?.stdout ?? '') : null
115
- const ownerActionsData = ownerActions ? parseJson(ownerActions.execution?.stdout ?? '') : null
116
- const probeWaitingData = probeWaiting ? parseJson(probeWaiting.execution?.stdout ?? '') : null
117
- const probeRejectData = probeReject ? parseJson(probeReject.execution?.stdout ?? '') : null
118
- const releaseDryRunData = releaseDryRunReport ? parseJson(releaseDryRunReport.execution?.stdout ?? '') : null
119
- const releaseExecuteData = releaseExecuteReport ? parseJson(releaseExecuteReport.execution?.stdout ?? '') : null
120
- const packageDryRunReport = packageDryRun ? parseJson(packageDryRun.stdout) : null
121
- const packageExecuteReport = packageExecuteRun ? parseJson(packageExecuteRun.stdout) : null
122
- const installDryRunReport = installDryRun ? parseJson(installDryRun.stdout) : null
123
- const installExecuteReport = installExecuteRun ? parseJson(installExecuteRun.stdout) : null
124
- const packageDryRunData = packageDryRunReport ? parseJson(packageDryRunReport.execution?.stdout ?? '') : null
125
- const packageExecuteData = packageExecuteReport ? parseJson(packageExecuteReport.execution?.stdout ?? '') : null
126
- const installDryRunData = installDryRunReport ? parseJson(installDryRunReport.execution?.stdout ?? '') : null
127
- const installExecuteData = installExecuteReport ? parseJson(installExecuteReport.execution?.stdout ?? '') : null
128
- const publicReleaseDryRunReport = publicReleaseDryRun ? parseJson(publicReleaseDryRun.stdout) : null
129
- const publicReleaseExecuteReport = publicReleaseExecuteRun ? parseJson(publicReleaseExecuteRun.stdout) : null
130
- const publicReleaseDryRunData = publicReleaseDryRunReport ? parseJson(publicReleaseDryRunReport.execution?.stdout ?? '') : null
131
- const publicReleaseExecuteData = publicReleaseExecuteReport ? parseJson(publicReleaseExecuteReport.execution?.stdout ?? '') : null
132
-
133
- const claudeCommand = fs.existsSync(path.join(target, '.claude', 'commands', 'gse.md'))
134
- ? fs.readFileSync(path.join(target, '.claude', 'commands', 'gse.md'), 'utf8')
135
- : ''
136
- const codexPointer = fs.existsSync(path.join(target, '.codex', 'gse-command.md'))
137
- ? fs.readFileSync(path.join(target, '.codex', 'gse-command.md'), 'utf8')
138
- : ''
139
- const copilotPointer = fs.existsSync(path.join(target, '.github', 'copilot-instructions.md'))
140
- ? fs.readFileSync(path.join(target, '.github', 'copilot-instructions.md'), 'utf8')
141
- : ''
142
- const geminiPointer = fs.existsSync(path.join(target, 'GEMINI.md'))
143
- ? fs.readFileSync(path.join(target, 'GEMINI.md'), 'utf8')
144
- : ''
145
-
146
- const liteChecks = [
147
- check('CMDX01', 'portable command runner exists', fs.existsSync(path.join(root, 'scripts', 'run-gse-command.mjs')), 'scripts/run-gse-command.mjs'),
148
- check('CMDX02', 'target project initializes for command smoke', initRun.status === 0, initRun.command),
149
- check('CMDX03', 'host command adapters are generated', adapterRun.status === 0 && claudeCommand.includes('run-gse-command.mjs') && codexPointer.includes('run-gse-command.mjs') && copilotPointer.includes('GitHub Copilot GSE Adapter') && geminiPointer.includes('Gemini GSE Adapter'), 'generated supported host adapters'),
150
- check('CMDX04', '/gse help resolves command reference', helpRun.status === 0 && help?.route?.route === 'references/commands.md', '/gse help'),
151
- check('CMDX05', '/gse continue executes session prompt generator', continueRun.status === 0 && cont?.execution?.status === 0 && cont?.execution?.stdout?.includes('Use GSE to continue'), '/gse continue'),
152
- check('CMDX05b', 'short CLI wrapper routes to portable command runner', shortCliRun.status === 0 && shortCliRun.stdout.includes('"/gse status"') && shortCliRun.stdout.includes('"stateValid": true'), 'scripts/gse.mjs status --target <target> --json'),
153
- ]
154
-
155
- const fullChecks = full
156
- ? [
157
- check('CMDX06', '/gse status exposes GSE final-form progress when target is GSE skill', statusRun.status === 0 && status?.execution?.status === 0 && status?.execution?.stdout?.includes('fullFinalFormReadiness') && status?.execution?.stdout?.includes('pendingGateCount'), '/gse status'),
158
- check('CMDX07', '/gse doctor exposes GSE public acceptance blockers when target is GSE skill', doctorRun.status === 0 && doctor?.execution?.status === 0 && doctorData?.workflows?.publicAcceptanceDoctor === 'verified' && doctorData?.summary?.pendingGates > 0 && doctorData?.summary?.publicAccepted === 'not-accepted', '/gse doctor'),
159
- check('CMDX08', '/gse acceptance aliases the public acceptance doctor', acceptanceRun.status === 0 && acceptance?.execution?.status === 0 && acceptance?.execution?.stdout?.includes('"publicAcceptanceDoctor": "verified"'), '/gse acceptance'),
160
- check('CMDX08b', '/gse owner-actions exposes compact owner/external action commands without claiming acceptance', ownerActionsRun.status === 0 && ownerActions?.execution?.status === 0 && ownerActionsData?.pendingGateCount === 7 && ownerActionsData?.publicAccepted === 'not-accepted' && ownerActionsData.actions?.every((item) => item.recordCommand && item.preflightCommand), '/gse owner-actions'),
161
- check('CMDX08c', '/gse owner-actions --compact returns owner packet without wrapper path noise', ownerActionsCompactRun.status === 0 && ownerActionsCompact?.pendingGateCount === 7 && ownerActionsCompact?.publicAccepted === 'not-accepted' && !ownerActionsCompactRun.stdout.includes(root) && !ownerActionsCompactRun.stdout.includes(process.execPath), '/gse owner-actions --json --compact'),
162
- check('CMDX08c2', '/gse owner-actions --compact routes probe verification through portable command runner', ownerActionsCompactRun.status === 0 && ownerActionsCompact?.verificationCommands?.some((command) => command.includes('run-gse-command.mjs') && command.includes('/gse probe')) && !ownerActionsCompact?.verificationCommands?.some((command) => command.startsWith('node scripts/probe-public-external-gates.mjs')), '/gse owner-actions compact verificationCommands'),
163
- check('CMDX08d', '/gse probe runs as a waiting diagnostic without evidence inputs', probeWaitingRun.status === 0 && probeWaiting?.execution?.status === 0 && probeWaitingData?.status === 'waiting-for-input' && probeWaitingData?.summary?.checked === 0, '/gse probe'),
164
- check('CMDX08e', '/gse probe rejects placeholder public evidence through portable command runner', probeRejectRun.status !== 0 && probeReject?.execution?.status !== 0 && probeRejectData?.status === 'failed' && probeRejectData?.probes?.some((item) => item.errors?.some((error) => error.includes('not a placeholder'))), '/gse probe --public-repo-url https://github.com/example/gse'),
165
- check('CMDX08f', '/gse release dry-runs release bundle generation without writing canonical output', releaseDryRun.status === 0 && releaseDryRunReport?.execution?.status === 0 && ['ready', 'dry-run'].includes(releaseDryRunData?.status) && releaseDryRunData?.dryRun === true && releaseDryRunData?.validation?.status === 'passed', '/gse release'),
166
- check('CMDX08g', '/gse release --execute writes a release bundle to the requested output path', releaseExecuteRun.status === 0 && releaseExecuteReport?.execution?.status === 0 && releaseExecuteData?.status === 'written' && releaseExecuteData?.dryRun === false && fs.existsSync(path.join(releaseExecuteOut, 'bundle-manifest.json')), '/gse release --execute --out <tmp>'),
167
- check('CMDX08g2', '/gse package dry-runs local package generation without writing package output', packageDryRun.status === 0 && packageDryRunReport?.execution?.status === 0 && packageDryRunData?.status === 'ready' && packageDryRunData?.dryRun === true && packageDryRunData?.fileCount > 20 && !fs.existsSync(path.join(root, '.gse', 'packages', 'command-exec-package')), '/gse package'),
168
- check('CMDX08g3', '/gse package --execute writes a package manifest to the requested output path', packageExecuteRun.status === 0 && packageExecuteReport?.execution?.status === 0 && packageExecuteData?.status === 'written' && packageExecuteData?.dryRun === false && fs.existsSync(path.join(packageExecuteOut, 'gse-package-manifest.json')), '/gse package --execute --out <tmp>'),
169
- check('CMDX08g4', '/gse install dry-runs package installation without writing the install target', installDryRun.status === 0 && installDryRunReport?.execution?.status === 0 && installDryRunData?.status === 'passed' && installDryRunData?.dryRun === true && installDryRunData?.summary?.written > 20 && !fs.existsSync(path.join(installDryRunTarget, 'SKILL.md')), '/gse install --source <package> --install-target <tmp>'),
170
- check('CMDX08g5', '/gse install --execute writes an install target with the GSE skill entrypoint', installExecuteRun.status === 0 && installExecuteReport?.execution?.status === 0 && installExecuteData?.status === 'passed' && installExecuteData?.dryRun === false && fs.existsSync(path.join(installExecuteTarget, 'SKILL.md')) && fs.existsSync(path.join(installExecuteTarget, 'scripts', 'gse.mjs')), '/gse install --execute --source <package> --install-target <tmp>'),
171
- check('CMDX08h', '/gse public-release dry-runs the ordered public release checklist without writing canonical output', publicReleaseDryRun.status === 0 && publicReleaseDryRunReport?.execution?.status === 0 && publicReleaseDryRunData?.status === 'ready' && publicReleaseDryRunData?.dryRun === true && publicReleaseDryRunData?.publicReleaseChecklist === 'ready', '/gse public-release'),
172
- check('CMDX08i', '/gse public-release --execute writes the requested checklist output', publicReleaseExecuteRun.status === 0 && publicReleaseExecuteReport?.execution?.status === 0 && publicReleaseExecuteData?.status === 'written' && publicReleaseExecuteData?.dryRun === false && fs.existsSync(publicReleaseExecuteOut) && fs.readFileSync(publicReleaseExecuteOut, 'utf8').includes('GSE Public Release Checklist'), '/gse public-release --execute --out <tmp>'),
173
- check('CMDX09', '/gse doctor falls back to target project doctor for normal projects', diagnosticOk(doctorTargetRun, doctorTarget) && doctorTarget?.execution?.command?.includes('audit-target-project.mjs'), '/gse doctor on fixture target'),
174
- check('CMDX10', '/gse verify executes validation profile runner', verifyRun.status === 0 && verify?.execution?.status === 0 && verify?.execution?.stdout?.includes('"profile": "lite"') && verify?.execution?.stdout?.includes('"validationProfile": "verified"'), '/gse verify --profile lite'),
175
- check('CMDX11', '/gse audit executes target project doctor', diagnosticOk(auditRun, audit), '/gse audit'),
176
- check('CMDX12', '/gse close executes close gate', diagnosticOk(closeRun, close), '/gse close'),
177
- check('CMDX13', '/gse change executes change pack creation only with --execute', changeRun.status === 0 && change?.execution?.status === 0 && fs.existsSync(path.join(target, '.gse', 'changes', 'add-login', 'brief.md')), '/gse change --execute'),
178
- ]
179
- : []
180
-
181
- const checks = [...liteChecks, ...fullChecks]
182
- const passed = checks.filter((item) => item.status === 'passed').length
183
- const failed = checks.length - passed
184
- const commandRuns = [initRun, adapterRun, helpRun, continueRun, shortCliRun, statusRun, doctorRun, acceptanceRun, ownerActionsRun, ownerActionsCompactRun, probeWaitingRun, probeRejectRun, releaseDryRun, releaseExecuteRun, packageDryRun, packageExecuteRun, installDryRun, installExecuteRun, publicReleaseDryRun, publicReleaseExecuteRun, doctorTargetRun, verifyRun, auditRun, closeRun, changeRun].filter(Boolean)
185
- const report = {
186
- root,
187
- generatedAt: new Date().toISOString(),
188
- target,
189
- profile,
190
- summary: { status: failed === 0 ? 'passed' : 'failed', passed, failed, total: checks.length },
191
- workflows: {
192
- portableCommandExecution: failed === 0 ? 'verified' : 'failed',
193
- generatedHostCommandPointers: failed === 0 ? 'verified' : 'failed',
194
- profile,
195
- },
196
- commands: commandRuns.map((item) => item.command),
197
- limits: [
198
- 'Lite profile verifies portable command entry and generated host command pointers.',
199
- 'Full profile verifies every portable command path, including heavier status, doctor, verify, audit, close, and change paths.',
200
- 'This audit does not prove Claude Code, Codex, Hermes, WorkBuddy, Copilot, Gemini, or generic UI runtimes invoked the command natively.',
201
- ],
202
- checks,
203
- }
204
-
205
- fs.rmSync(target, { recursive: true, force: true })
206
-
207
- if (jsonOnly) console.log(JSON.stringify(report, null, 2))
208
- else console.log(JSON.stringify(report, null, 2))
209
-
210
- if (failed > 0) process.exit(1)
1
+ #!/usr/bin/env node
2
+ import fs from 'node:fs'
3
+ import os from 'node:os'
4
+ import path from 'node:path'
5
+ import { spawnSync } from 'node:child_process'
6
+
7
+ const args = process.argv.slice(2)
8
+
9
+ function readArg(name, fallback = null) {
10
+ const index = args.indexOf(name)
11
+ if (index === -1) return fallback
12
+ return args[index + 1] ?? fallback
13
+ }
14
+
15
+ const root = path.resolve(readArg('--root', path.join(import.meta.dirname, '..')))
16
+ const jsonOnly = args.includes('--json')
17
+ const profile = readArg('--profile', 'lite')
18
+ const target = fs.mkdtempSync(path.join(os.tmpdir(), 'gse-command-exec-'))
19
+
20
+ if (!['lite', 'full'].includes(profile)) {
21
+ console.error(`Unknown command execution audit profile: ${profile}`)
22
+ process.exit(1)
23
+ }
24
+
25
+ function run(script, commandArgs) {
26
+ const result = spawnSync(process.execPath, [path.join(root, 'scripts', script), ...commandArgs], {
27
+ cwd: root,
28
+ encoding: 'utf8',
29
+ windowsHide: true,
30
+ })
31
+ return {
32
+ command: [process.execPath, path.join(root, 'scripts', script), ...commandArgs].join(' '),
33
+ status: result.status ?? 1,
34
+ stdout: (result.stdout ?? '').trim(),
35
+ stderr: (result.stderr ?? '').trim(),
36
+ }
37
+ }
38
+
39
+ function parseJson(text) {
40
+ try { return JSON.parse(text) } catch { return null }
41
+ }
42
+
43
+ function diagnosticOk(runResult, report) {
44
+ if (runResult.status === 0 && report?.execution?.ok) return true
45
+ if (report?.execution?.diagnosticSummary?.failed === 0) return true
46
+ const child = parseJson(report?.execution?.stdout || '')
47
+ return child?.summary?.failed === 0
48
+ }
49
+
50
+ function check(id, label, ok, evidence, risk = '') {
51
+ return { id, label, status: ok ? 'passed' : 'failed', evidence, risk }
52
+ }
53
+
54
+ function maybeRun(enabled, script, commandArgs) {
55
+ return enabled ? run(script, commandArgs) : null
56
+ }
57
+
58
+ fs.mkdirSync(target, { recursive: true })
59
+ fs.writeFileSync(path.join(target, 'AGENTS.md'), '# Test Project\n', 'utf8')
60
+
61
+ const initRun = run('init-project.mjs', ['--target', target, '--mode', 'standard', '--json'])
62
+ fs.mkdirSync(path.join(target, 'docs'), { recursive: true })
63
+ fs.writeFileSync(path.join(target, 'docs', 'productization-architecture.md'), '# Productization Architecture\n', 'utf8')
64
+ fs.appendFileSync(path.join(target, '.gse', 'README.md'), '\nCanonical plan: `docs/productization-architecture.md`.\n', 'utf8')
65
+
66
+ const adapterRun = run('generate-command-adapter.mjs', ['--target', target, '--host', 'all', '--json'])
67
+ const helpRun = run('run-gse-command.mjs', ['--root', root, '--target', target, '--command', '/gse help', '--json'])
68
+ const continueRun = run('run-gse-command.mjs', ['--root', root, '--target', target, '--command', '/gse continue', '--json'])
69
+ const shortCliRun = run('gse.mjs', ['status', '--target', target, '--json'])
70
+
71
+ const full = profile === 'full'
72
+ const statusRun = maybeRun(full, 'run-gse-command.mjs', ['--root', root, '--target', root, '--command', '/gse status', '--json'])
73
+ const doctorRun = maybeRun(full, 'run-gse-command.mjs', ['--root', root, '--target', root, '--command', '/gse doctor', '--json'])
74
+ const acceptanceRun = maybeRun(full, 'run-gse-command.mjs', ['--root', root, '--target', root, '--command', '/gse acceptance', '--json'])
75
+ const ownerActionsRun = maybeRun(full, 'run-gse-command.mjs', ['--root', root, '--target', root, '--command', '/gse owner-actions', '--json'])
76
+ const ownerActionsCompactRun = maybeRun(full, 'run-gse-command.mjs', ['--root', root, '--target', root, '--command', '/gse owner-actions', '--json', '--compact'])
77
+ const probeWaitingRun = maybeRun(full, 'run-gse-command.mjs', ['--root', root, '--target', root, '--command', '/gse probe', '--json'])
78
+ const probeRejectRun = maybeRun(full, 'run-gse-command.mjs', ['--root', root, '--target', root, '--command', '/gse probe --public-repo-url https://github.com/example/gse', '--json'])
79
+ const releaseDryRun = maybeRun(full, 'run-gse-command.mjs', ['--root', root, '--target', root, '--command', '/gse release --label command-exec-release', '--json'])
80
+ const releaseExecuteOut = path.join(target, 'release-bundle-command-exec')
81
+ const releaseExecuteRun = maybeRun(full, 'run-gse-command.mjs', ['--root', root, '--target', root, '--command', `/gse release --label command-exec-release --out ${releaseExecuteOut}`, '--execute', '--json'])
82
+ const packageDryRun = maybeRun(full, 'run-gse-command.mjs', ['--root', root, '--target', root, '--command', '/gse package --label command-exec-package', '--json'])
83
+ const packageExecuteOut = path.join(target, 'package-command-exec')
84
+ const packageExecuteRun = maybeRun(full, 'run-gse-command.mjs', ['--root', root, '--target', root, '--command', `/gse package --label command-exec-package --out ${packageExecuteOut}`, '--execute', '--json'])
85
+ const installDryRunTarget = path.join(target, 'install-dry-run-command-exec')
86
+ const installDryRun = maybeRun(full, 'run-gse-command.mjs', ['--root', root, '--target', root, '--command', `/gse install --source ${packageExecuteOut} --install-target ${installDryRunTarget}`, '--json'])
87
+ const installExecuteTarget = path.join(target, 'install-command-exec')
88
+ const installExecuteRun = maybeRun(full, 'run-gse-command.mjs', ['--root', root, '--target', root, '--command', `/gse install --source ${packageExecuteOut} --install-target ${installExecuteTarget}`, '--execute', '--json'])
89
+ const publicReleaseDryRun = maybeRun(full, 'run-gse-command.mjs', ['--root', root, '--target', root, '--command', '/gse public-release', '--json'])
90
+ const publicReleaseExecuteOut = path.join(target, 'public-release-checklist-command-exec.md')
91
+ const publicReleaseExecuteRun = maybeRun(full, 'run-gse-command.mjs', ['--root', root, '--target', root, '--command', `/gse public-release --out ${publicReleaseExecuteOut}`, '--execute', '--json'])
92
+ const doctorTargetRun = maybeRun(full, 'run-gse-command.mjs', ['--root', root, '--target', target, '--command', '/gse doctor', '--json'])
93
+ const verifyRun = maybeRun(full, 'run-gse-command.mjs', ['--root', root, '--target', root, '--command', '/gse verify --profile lite', '--json'])
94
+ const auditRun = maybeRun(full, 'run-gse-command.mjs', ['--root', root, '--target', target, '--command', '/gse audit', '--json'])
95
+ const closeRun = maybeRun(full, 'run-gse-command.mjs', ['--root', root, '--target', target, '--command', '/gse close', '--json'])
96
+ const changeRun = maybeRun(full, 'run-gse-command.mjs', ['--root', root, '--target', target, '--command', '/gse change add-login --level lite', '--execute', '--json'])
97
+
98
+ const help = parseJson(helpRun.stdout)
99
+ const cont = parseJson(continueRun.stdout)
100
+ const status = statusRun ? parseJson(statusRun.stdout) : null
101
+ const doctor = doctorRun ? parseJson(doctorRun.stdout) : null
102
+ const acceptance = acceptanceRun ? parseJson(acceptanceRun.stdout) : null
103
+ const ownerActions = ownerActionsRun ? parseJson(ownerActionsRun.stdout) : null
104
+ const ownerActionsCompact = ownerActionsCompactRun ? parseJson(ownerActionsCompactRun.stdout) : null
105
+ const probeWaiting = probeWaitingRun ? parseJson(probeWaitingRun.stdout) : null
106
+ const probeReject = probeRejectRun ? parseJson(probeRejectRun.stdout) : null
107
+ const releaseDryRunReport = releaseDryRun ? parseJson(releaseDryRun.stdout) : null
108
+ const releaseExecuteReport = releaseExecuteRun ? parseJson(releaseExecuteRun.stdout) : null
109
+ const doctorTarget = doctorTargetRun ? parseJson(doctorTargetRun.stdout) : null
110
+ const verify = verifyRun ? parseJson(verifyRun.stdout) : null
111
+ const audit = auditRun ? parseJson(auditRun.stdout) : null
112
+ const close = closeRun ? parseJson(closeRun.stdout) : null
113
+ const change = changeRun ? parseJson(changeRun.stdout) : null
114
+ const doctorData = doctor ? parseJson(doctor.execution?.stdout ?? '') : null
115
+ const ownerActionsData = ownerActions ? parseJson(ownerActions.execution?.stdout ?? '') : null
116
+ const probeWaitingData = probeWaiting ? parseJson(probeWaiting.execution?.stdout ?? '') : null
117
+ const probeRejectData = probeReject ? parseJson(probeReject.execution?.stdout ?? '') : null
118
+ const releaseDryRunData = releaseDryRunReport ? parseJson(releaseDryRunReport.execution?.stdout ?? '') : null
119
+ const releaseExecuteData = releaseExecuteReport ? parseJson(releaseExecuteReport.execution?.stdout ?? '') : null
120
+ const packageDryRunReport = packageDryRun ? parseJson(packageDryRun.stdout) : null
121
+ const packageExecuteReport = packageExecuteRun ? parseJson(packageExecuteRun.stdout) : null
122
+ const installDryRunReport = installDryRun ? parseJson(installDryRun.stdout) : null
123
+ const installExecuteReport = installExecuteRun ? parseJson(installExecuteRun.stdout) : null
124
+ const packageDryRunData = packageDryRunReport ? parseJson(packageDryRunReport.execution?.stdout ?? '') : null
125
+ const packageExecuteData = packageExecuteReport ? parseJson(packageExecuteReport.execution?.stdout ?? '') : null
126
+ const installDryRunData = installDryRunReport ? parseJson(installDryRunReport.execution?.stdout ?? '') : null
127
+ const installExecuteData = installExecuteReport ? parseJson(installExecuteReport.execution?.stdout ?? '') : null
128
+ const publicReleaseDryRunReport = publicReleaseDryRun ? parseJson(publicReleaseDryRun.stdout) : null
129
+ const publicReleaseExecuteReport = publicReleaseExecuteRun ? parseJson(publicReleaseExecuteRun.stdout) : null
130
+ const publicReleaseDryRunData = publicReleaseDryRunReport ? parseJson(publicReleaseDryRunReport.execution?.stdout ?? '') : null
131
+ const publicReleaseExecuteData = publicReleaseExecuteReport ? parseJson(publicReleaseExecuteReport.execution?.stdout ?? '') : null
132
+
133
+ const claudeCommand = fs.existsSync(path.join(target, '.claude', 'commands', 'gse.md'))
134
+ ? fs.readFileSync(path.join(target, '.claude', 'commands', 'gse.md'), 'utf8')
135
+ : ''
136
+ const codexPointer = fs.existsSync(path.join(target, '.codex', 'gse-command.md'))
137
+ ? fs.readFileSync(path.join(target, '.codex', 'gse-command.md'), 'utf8')
138
+ : ''
139
+ const copilotPointer = fs.existsSync(path.join(target, '.github', 'copilot-instructions.md'))
140
+ ? fs.readFileSync(path.join(target, '.github', 'copilot-instructions.md'), 'utf8')
141
+ : ''
142
+ const geminiPointer = fs.existsSync(path.join(target, 'GEMINI.md'))
143
+ ? fs.readFileSync(path.join(target, 'GEMINI.md'), 'utf8')
144
+ : ''
145
+
146
+ const liteChecks = [
147
+ check('CMDX01', 'portable command runner exists', fs.existsSync(path.join(root, 'scripts', 'run-gse-command.mjs')), 'scripts/run-gse-command.mjs'),
148
+ check('CMDX02', 'target project initializes for command smoke', initRun.status === 0, initRun.command),
149
+ check('CMDX03', 'host command adapters are generated', adapterRun.status === 0 && claudeCommand.includes('run-gse-command.mjs') && codexPointer.includes('run-gse-command.mjs') && copilotPointer.includes('GitHub Copilot GSE Adapter') && geminiPointer.includes('Gemini GSE Adapter'), 'generated supported host adapters'),
150
+ check('CMDX04', '/gse help resolves command reference', helpRun.status === 0 && help?.route?.route === 'references/commands.md', '/gse help'),
151
+ check('CMDX05', '/gse continue executes session prompt generator', continueRun.status === 0 && cont?.execution?.status === 0 && cont?.execution?.stdout?.includes('Use GSE to continue'), '/gse continue'),
152
+ check('CMDX05b', 'short CLI wrapper routes to portable command runner', shortCliRun.status === 0 && shortCliRun.stdout.includes('"/gse status"') && shortCliRun.stdout.includes('"stateValid": true'), 'scripts/gse.mjs status --target <target> --json'),
153
+ ]
154
+
155
+ const fullChecks = full
156
+ ? [
157
+ check('CMDX06', '/gse status exposes GSE final-form progress when target is GSE skill', statusRun.status === 0 && status?.execution?.status === 0 && status?.execution?.stdout?.includes('fullFinalFormReadiness') && status?.execution?.stdout?.includes('pendingGateCount'), '/gse status'),
158
+ check('CMDX07', '/gse doctor exposes GSE public acceptance blockers when target is GSE skill', doctorRun.status === 0 && doctor?.execution?.status === 0 && doctorData?.workflows?.publicAcceptanceDoctor === 'verified' && doctorData?.summary?.pendingGates > 0 && doctorData?.summary?.publicAccepted === 'not-accepted', '/gse doctor'),
159
+ check('CMDX08', '/gse acceptance aliases the public acceptance doctor', acceptanceRun.status === 0 && acceptance?.execution?.status === 0 && acceptance?.execution?.stdout?.includes('"publicAcceptanceDoctor": "verified"'), '/gse acceptance'),
160
+ check('CMDX08b', '/gse owner-actions exposes compact owner/external action commands without claiming acceptance', ownerActionsRun.status === 0 && ownerActions?.execution?.status === 0 && ownerActionsData?.pendingGateCount === 7 && ownerActionsData?.publicAccepted === 'not-accepted' && ownerActionsData.actions?.every((item) => item.recordCommand && item.preflightCommand), '/gse owner-actions'),
161
+ check('CMDX08c', '/gse owner-actions --compact returns owner packet without wrapper path noise', ownerActionsCompactRun.status === 0 && ownerActionsCompact?.pendingGateCount === 7 && ownerActionsCompact?.publicAccepted === 'not-accepted' && !ownerActionsCompactRun.stdout.includes(root) && !ownerActionsCompactRun.stdout.includes(process.execPath), '/gse owner-actions --json --compact'),
162
+ check('CMDX08c2', '/gse owner-actions --compact routes probe verification through portable command runner', ownerActionsCompactRun.status === 0 && ownerActionsCompact?.verificationCommands?.some((command) => command.includes('run-gse-command.mjs') && command.includes('/gse probe')) && !ownerActionsCompact?.verificationCommands?.some((command) => command.startsWith('node scripts/probe-public-external-gates.mjs')), '/gse owner-actions compact verificationCommands'),
163
+ check('CMDX08d', '/gse probe runs as a waiting diagnostic without evidence inputs', probeWaitingRun.status === 0 && probeWaiting?.execution?.status === 0 && probeWaitingData?.status === 'waiting-for-input' && probeWaitingData?.summary?.checked === 0, '/gse probe'),
164
+ check('CMDX08e', '/gse probe rejects placeholder public evidence through portable command runner', probeRejectRun.status !== 0 && probeReject?.execution?.status !== 0 && probeRejectData?.status === 'failed' && probeRejectData?.probes?.some((item) => item.errors?.some((error) => error.includes('not a placeholder'))), '/gse probe --public-repo-url https://github.com/example/gse'),
165
+ check('CMDX08f', '/gse release dry-runs release bundle generation without writing canonical output', releaseDryRun.status === 0 && releaseDryRunReport?.execution?.status === 0 && ['ready', 'dry-run'].includes(releaseDryRunData?.status) && releaseDryRunData?.dryRun === true && releaseDryRunData?.validation?.status === 'passed', '/gse release'),
166
+ check('CMDX08g', '/gse release --execute writes a release bundle to the requested output path', releaseExecuteRun.status === 0 && releaseExecuteReport?.execution?.status === 0 && releaseExecuteData?.status === 'written' && releaseExecuteData?.dryRun === false && fs.existsSync(path.join(releaseExecuteOut, 'bundle-manifest.json')), '/gse release --execute --out <tmp>'),
167
+ check('CMDX08g2', '/gse package dry-runs local package generation without writing package output', packageDryRun.status === 0 && packageDryRunReport?.execution?.status === 0 && packageDryRunData?.status === 'ready' && packageDryRunData?.dryRun === true && packageDryRunData?.fileCount > 20 && !fs.existsSync(path.join(root, '.gse', 'packages', 'command-exec-package')), '/gse package'),
168
+ check('CMDX08g3', '/gse package --execute writes a package manifest to the requested output path', packageExecuteRun.status === 0 && packageExecuteReport?.execution?.status === 0 && packageExecuteData?.status === 'written' && packageExecuteData?.dryRun === false && fs.existsSync(path.join(packageExecuteOut, 'gse-package-manifest.json')), '/gse package --execute --out <tmp>'),
169
+ check('CMDX08g4', '/gse install dry-runs package installation without writing the install target', installDryRun.status === 0 && installDryRunReport?.execution?.status === 0 && installDryRunData?.status === 'passed' && installDryRunData?.dryRun === true && installDryRunData?.summary?.written > 20 && !fs.existsSync(path.join(installDryRunTarget, 'SKILL.md')), '/gse install --source <package> --install-target <tmp>'),
170
+ check('CMDX08g5', '/gse install --execute writes an install target with the GSE skill entrypoint', installExecuteRun.status === 0 && installExecuteReport?.execution?.status === 0 && installExecuteData?.status === 'passed' && installExecuteData?.dryRun === false && fs.existsSync(path.join(installExecuteTarget, 'SKILL.md')) && fs.existsSync(path.join(installExecuteTarget, 'scripts', 'gse.mjs')), '/gse install --execute --source <package> --install-target <tmp>'),
171
+ check('CMDX08h', '/gse public-release dry-runs the ordered public release checklist without writing canonical output', publicReleaseDryRun.status === 0 && publicReleaseDryRunReport?.execution?.status === 0 && publicReleaseDryRunData?.status === 'ready' && publicReleaseDryRunData?.dryRun === true && publicReleaseDryRunData?.publicReleaseChecklist === 'ready', '/gse public-release'),
172
+ check('CMDX08i', '/gse public-release --execute writes the requested checklist output', publicReleaseExecuteRun.status === 0 && publicReleaseExecuteReport?.execution?.status === 0 && publicReleaseExecuteData?.status === 'written' && publicReleaseExecuteData?.dryRun === false && fs.existsSync(publicReleaseExecuteOut) && fs.readFileSync(publicReleaseExecuteOut, 'utf8').includes('GSE Public Release Checklist'), '/gse public-release --execute --out <tmp>'),
173
+ check('CMDX09', '/gse doctor falls back to target project doctor for normal projects', diagnosticOk(doctorTargetRun, doctorTarget) && doctorTarget?.execution?.command?.includes('audit-target-project.mjs'), '/gse doctor on fixture target'),
174
+ check('CMDX10', '/gse verify executes validation profile runner', verifyRun.status === 0 && verify?.execution?.status === 0 && verify?.execution?.stdout?.includes('"profile": "lite"') && verify?.execution?.stdout?.includes('"validationProfile": "verified"'), '/gse verify --profile lite'),
175
+ check('CMDX11', '/gse audit executes target project doctor', diagnosticOk(auditRun, audit), '/gse audit'),
176
+ check('CMDX12', '/gse close executes close gate', diagnosticOk(closeRun, close), '/gse close'),
177
+ check('CMDX13', '/gse change executes change pack creation only with --execute', changeRun.status === 0 && change?.execution?.status === 0 && fs.existsSync(path.join(target, '.gse', 'changes', 'add-login', 'brief.md')), '/gse change --execute'),
178
+ ]
179
+ : []
180
+
181
+ const checks = [...liteChecks, ...fullChecks]
182
+ const passed = checks.filter((item) => item.status === 'passed').length
183
+ const failed = checks.length - passed
184
+ const commandRuns = [initRun, adapterRun, helpRun, continueRun, shortCliRun, statusRun, doctorRun, acceptanceRun, ownerActionsRun, ownerActionsCompactRun, probeWaitingRun, probeRejectRun, releaseDryRun, releaseExecuteRun, packageDryRun, packageExecuteRun, installDryRun, installExecuteRun, publicReleaseDryRun, publicReleaseExecuteRun, doctorTargetRun, verifyRun, auditRun, closeRun, changeRun].filter(Boolean)
185
+ const report = {
186
+ root,
187
+ generatedAt: new Date().toISOString(),
188
+ target,
189
+ profile,
190
+ summary: { status: failed === 0 ? 'passed' : 'failed', passed, failed, total: checks.length },
191
+ workflows: {
192
+ portableCommandExecution: failed === 0 ? 'verified' : 'failed',
193
+ generatedHostCommandPointers: failed === 0 ? 'verified' : 'failed',
194
+ profile,
195
+ },
196
+ commands: commandRuns.map((item) => item.command),
197
+ limits: [
198
+ 'Lite profile verifies portable command entry and generated host command pointers.',
199
+ 'Full profile verifies every portable command path, including heavier status, doctor, verify, audit, close, and change paths.',
200
+ 'This audit does not prove Claude Code, Codex, Hermes, WorkBuddy, Copilot, Gemini, or generic UI runtimes invoked the command natively.',
201
+ ],
202
+ checks,
203
+ }
204
+
205
+ fs.rmSync(target, { recursive: true, force: true })
206
+
207
+ if (jsonOnly) console.log(JSON.stringify(report, null, 2))
208
+ else console.log(JSON.stringify(report, null, 2))
209
+
210
+ if (failed > 0) process.exit(1)