@t275005746/gse 0.1.0 → 0.1.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/.github/ISSUE_TEMPLATE/bug_report.yml +42 -42
- package/.github/ISSUE_TEMPLATE/change_request.yml +50 -50
- package/.github/ISSUE_TEMPLATE/config.yml +5 -5
- package/.github/PULL_REQUEST_TEMPLATE.md +38 -38
- package/.github/workflows/validate-gse.yml +33 -33
- package/.gse/README.md +18 -18
- package/.gse/gse-development-protocol.md +50 -50
- package/.gse/project-profile.md +29 -29
- package/.gse/quality-gates.md +25 -25
- package/.gse/releases/public-registry-publication-npm.md +49 -0
- package/.gse/releases/public-release-owner-required.md +65 -65
- package/.gse/releases/public-security-contact-owner-required.md +45 -45
- package/.gse/state.json +3 -4
- package/CHANGELOG.md +24 -24
- package/CONTRIBUTING.md +64 -64
- package/LICENSE +21 -21
- package/README.md +1 -1
- package/README.zh-CN.md +1 -1
- package/SECURITY.md +41 -41
- package/SUPPORT.md +38 -38
- package/assets/marketplace/README.md +7 -7
- package/assets/marketplace/gse-listing.json +75 -75
- package/assets/templates/acceptance-execution-packet.md +73 -73
- package/assets/templates/adr.md +14 -14
- package/assets/templates/change-brief.md +16 -16
- package/assets/templates/design.md +18 -18
- package/assets/templates/dispatch-packet.md +104 -104
- package/assets/templates/evidence.md +14 -14
- package/assets/templates/execution-quality-pack.md +65 -65
- package/assets/templates/goal-map.md +21 -21
- package/assets/templates/host-adapter.md +48 -48
- package/assets/templates/host-ui-invocation-record.md +42 -42
- package/assets/templates/incident-review.md +60 -60
- package/assets/templates/public-channel-publication-record.md +49 -49
- package/assets/templates/public-ci-run-record.md +53 -53
- package/assets/templates/public-release-record.md +65 -65
- package/assets/templates/public-repository-settings-record.md +59 -59
- package/assets/templates/public-security-contact-record.md +45 -45
- package/assets/templates/release-trust-record.md +32 -32
- package/assets/templates/review.md +18 -18
- package/assets/templates/spec.md +16 -16
- package/assets/templates/target-adoption-evidence.md +29 -29
- package/assets/templates/tasks.md +17 -17
- package/assets/templates/update-release-acceptance-record.md +58 -58
- package/examples/README.md +22 -22
- package/examples/agent-runtime-host/.claude/gse-adapter.md +6 -6
- package/examples/agent-runtime-host/.codex/gse-adapter.md +7 -7
- package/examples/agent-runtime-host/.gse/goal-map.md +7 -7
- package/examples/agent-runtime-host/.gse/project-profile.md +27 -27
- package/examples/agent-runtime-host/.gse/tooling.md +5 -5
- package/examples/agent-runtime-host/.mcp.json +9 -9
- package/examples/agent-runtime-host/AGENTS.md +5 -5
- package/examples/agent-runtime-host/README.md +10 -10
- package/examples/agent-runtime-host/docs/model-routing.md +5 -5
- package/examples/cli-tool/.gse/project-profile.md +21 -21
- package/examples/cli-tool/AGENTS.md +5 -5
- package/examples/cli-tool/README.md +12 -12
- package/examples/cli-tool/package.json +21 -21
- package/examples/small-app/.env.example +2 -2
- package/examples/small-app/.github/workflows/ci.yml +8 -8
- package/examples/small-app/AGENTS.md +5 -5
- package/examples/small-app/README.md +12 -12
- package/examples/small-app/package.json +26 -26
- package/examples/small-app/playwright.config.ts +4 -4
- package/package.json +53 -53
- package/references/adoption-recipes.md +171 -171
- package/references/agent-roles.md +49 -49
- package/references/architecture-health.md +101 -101
- package/references/benchmark-audit.md +73 -73
- package/references/community-channels.md +46 -46
- package/references/compatibility.md +70 -70
- package/references/design-basis.md +38 -38
- package/references/domain-model.md +129 -129
- package/references/domain-quality-gates.md +75 -75
- package/references/drift-audit.md +81 -81
- package/references/evidence-taxonomy.md +123 -123
- package/references/file-ownership.md +107 -107
- package/references/final-readiness.md +84 -84
- package/references/forward-test.md +133 -133
- package/references/goal-map.md +36 -36
- package/references/host-adapters.md +119 -119
- package/references/learning-system.md +35 -35
- package/references/marketplace-discovery.md +46 -46
- package/references/model-routing.md +103 -103
- package/references/open-source-defaults.md +39 -39
- package/references/operating-model.md +52 -52
- package/references/packaging.md +277 -277
- package/references/project-agent-workspace.md +89 -89
- package/references/project-bootstrap.md +122 -122
- package/references/project-profile.md +57 -57
- package/references/public-release.md +174 -174
- package/references/quality-gates.md +100 -100
- package/references/recovery.md +176 -176
- package/references/release-trust.md +43 -43
- package/references/release.md +126 -126
- package/references/review.md +141 -141
- package/references/router.md +90 -90
- package/references/spec-workflow.md +66 -66
- package/references/task-levels.md +81 -81
- package/references/tool-adapters.md +73 -73
- package/scripts/audit-acceptance-execution-packet.mjs +133 -133
- package/scripts/audit-adoption-recipes.mjs +99 -99
- package/scripts/audit-change-lifecycle.mjs +77 -77
- package/scripts/audit-change-system.mjs +134 -134
- package/scripts/audit-ci-readiness.mjs +107 -107
- package/scripts/audit-close-gate.mjs +323 -323
- package/scripts/audit-command-adapters.mjs +91 -91
- package/scripts/audit-command-execution.mjs +210 -210
- package/scripts/audit-compatibility.mjs +149 -149
- package/scripts/audit-completion-readiness.mjs +292 -292
- package/scripts/audit-distribution.mjs +251 -251
- package/scripts/audit-domain-quality-gates.mjs +108 -108
- package/scripts/audit-evidence-placeholders.mjs +126 -126
- package/scripts/audit-final-readiness-promotion.mjs +255 -255
- package/scripts/audit-final-readiness.mjs +226 -226
- package/scripts/audit-fixtures.mjs +154 -154
- package/scripts/audit-fresh-session-readiness.mjs +177 -177
- package/scripts/audit-host-runtime-evidence-handoff.mjs +159 -159
- package/scripts/audit-host-runtime-invocation-drill.mjs +240 -240
- package/scripts/audit-host-runtime-invocations.mjs +254 -254
- package/scripts/audit-host-ui-invocation.mjs +132 -132
- package/scripts/audit-marketplace-discovery.mjs +122 -122
- package/scripts/audit-npm-package-metadata.mjs +155 -155
- package/scripts/audit-npm-publish-dry-run.mjs +191 -169
- package/scripts/audit-npm-tarball-install.mjs +191 -191
- package/scripts/audit-open-source-defaults.mjs +92 -92
- package/scripts/audit-open-source-readiness.mjs +97 -97
- package/scripts/audit-project.mjs +138 -138
- package/scripts/audit-public-acceptance-command-dry-run-drill.mjs +203 -203
- package/scripts/audit-public-acceptance-readiness.mjs +224 -224
- package/scripts/audit-public-channel-publication.mjs +248 -248
- package/scripts/audit-public-ci-run.mjs +184 -184
- package/scripts/audit-public-collaboration-templates.mjs +98 -98
- package/scripts/audit-public-external-gate-probe.mjs +206 -206
- package/scripts/audit-public-release-decision.mjs +201 -201
- package/scripts/audit-public-release-metadata.mjs +176 -176
- package/scripts/audit-public-repository-settings.mjs +237 -237
- package/scripts/audit-public-security-contact.mjs +171 -171
- package/scripts/audit-readme-docs.mjs +6 -4
- package/scripts/audit-recovery-readiness.mjs +98 -98
- package/scripts/audit-release-readiness.mjs +106 -106
- package/scripts/audit-release-trust.mjs +62 -62
- package/scripts/audit-remote-distribution.mjs +266 -266
- package/scripts/audit-roadmap-consistency.mjs +235 -235
- package/scripts/audit-signing.mjs +147 -147
- package/scripts/audit-state-freshness.mjs +14 -9
- package/scripts/audit-target-adoption-evidence.mjs +117 -117
- package/scripts/audit-target-project.mjs +507 -507
- package/scripts/audit-update-release-acceptance.mjs +136 -136
- package/scripts/audit-v1-target-validation.mjs +269 -269
- package/scripts/audit-validation-profiles.mjs +125 -125
- package/scripts/close-change.mjs +116 -116
- package/scripts/discover-project-profile.mjs +307 -307
- package/scripts/generate-command-adapter.mjs +231 -231
- package/scripts/generate-final-acceptance-packet.mjs +181 -181
- package/scripts/generate-final-form-progress-report.mjs +205 -205
- package/scripts/generate-host-runtime-evidence-handoff.mjs +206 -206
- package/scripts/generate-owner-external-gate-kit.mjs +295 -295
- package/scripts/generate-public-acceptance-handoff.mjs +168 -168
- package/scripts/generate-public-release-checklist.mjs +207 -207
- package/scripts/generate-release-bundle.mjs +505 -505
- package/scripts/generate-release-owner-action-plan.mjs +172 -172
- package/scripts/generate-release-status-manifest.mjs +200 -200
- package/scripts/generate-session-prompt.mjs +188 -188
- package/scripts/gse.mjs +67 -67
- package/scripts/init-change.mjs +265 -265
- package/scripts/init-project.mjs +785 -785
- package/scripts/install-gse.mjs +234 -234
- package/scripts/lib/evidence-placeholders.mjs +28 -28
- package/scripts/package-gse.mjs +174 -174
- package/scripts/probe-public-external-gates.mjs +167 -167
- package/scripts/record-host-invocation.mjs +151 -151
- package/scripts/record-public-channel-publication.mjs +178 -178
- package/scripts/record-public-ci-run.mjs +180 -180
- package/scripts/record-public-release.mjs +175 -175
- package/scripts/record-public-repository-settings.mjs +209 -209
- package/scripts/record-public-security-contact.mjs +157 -157
- package/scripts/sign-gse-package.mjs +83 -83
- package/scripts/update-project-state.mjs +223 -223
- package/scripts/verify-gse-package.mjs +85 -85
|
@@ -1,65 +1,65 @@
|
|
|
1
|
-
# Public Release Record
|
|
2
|
-
|
|
3
|
-
Release name:
|
|
4
|
-
|
|
5
|
-
Release version or label:
|
|
6
|
-
|
|
7
|
-
Release date:
|
|
8
|
-
|
|
9
|
-
Distribution channel:
|
|
10
|
-
|
|
11
|
-
Release scope:
|
|
12
|
-
|
|
13
|
-
## License
|
|
14
|
-
|
|
15
|
-
License status: owner-required
|
|
16
|
-
|
|
17
|
-
SPDX identifier:
|
|
18
|
-
|
|
19
|
-
License file:
|
|
20
|
-
|
|
21
|
-
Approved by:
|
|
22
|
-
|
|
23
|
-
Decision date:
|
|
24
|
-
|
|
25
|
-
Notes:
|
|
26
|
-
|
|
27
|
-
## Artifacts
|
|
28
|
-
|
|
29
|
-
Package or source path:
|
|
30
|
-
|
|
31
|
-
Changelog path:
|
|
32
|
-
|
|
33
|
-
Install/update instructions:
|
|
34
|
-
|
|
35
|
-
Integrity or signing record:
|
|
36
|
-
|
|
37
|
-
Marketplace/catalog record:
|
|
38
|
-
|
|
39
|
-
## Verification
|
|
40
|
-
|
|
41
|
-
Validation command:
|
|
42
|
-
|
|
43
|
-
Validation result:
|
|
44
|
-
|
|
45
|
-
Focused smoke:
|
|
46
|
-
|
|
47
|
-
Acceptance evidence:
|
|
48
|
-
|
|
49
|
-
## Risks
|
|
50
|
-
|
|
51
|
-
Known unsupported claims:
|
|
52
|
-
|
|
53
|
-
Known compatibility limits:
|
|
54
|
-
|
|
55
|
-
Rollback or unpublish path:
|
|
56
|
-
|
|
57
|
-
## Acceptance
|
|
58
|
-
|
|
59
|
-
Evidence status: result
|
|
60
|
-
|
|
61
|
-
Accepted by:
|
|
62
|
-
|
|
63
|
-
Accepted at:
|
|
64
|
-
|
|
65
|
-
Next action:
|
|
1
|
+
# Public Release Record
|
|
2
|
+
|
|
3
|
+
Release name:
|
|
4
|
+
|
|
5
|
+
Release version or label:
|
|
6
|
+
|
|
7
|
+
Release date:
|
|
8
|
+
|
|
9
|
+
Distribution channel:
|
|
10
|
+
|
|
11
|
+
Release scope:
|
|
12
|
+
|
|
13
|
+
## License
|
|
14
|
+
|
|
15
|
+
License status: owner-required
|
|
16
|
+
|
|
17
|
+
SPDX identifier:
|
|
18
|
+
|
|
19
|
+
License file:
|
|
20
|
+
|
|
21
|
+
Approved by:
|
|
22
|
+
|
|
23
|
+
Decision date:
|
|
24
|
+
|
|
25
|
+
Notes:
|
|
26
|
+
|
|
27
|
+
## Artifacts
|
|
28
|
+
|
|
29
|
+
Package or source path:
|
|
30
|
+
|
|
31
|
+
Changelog path:
|
|
32
|
+
|
|
33
|
+
Install/update instructions:
|
|
34
|
+
|
|
35
|
+
Integrity or signing record:
|
|
36
|
+
|
|
37
|
+
Marketplace/catalog record:
|
|
38
|
+
|
|
39
|
+
## Verification
|
|
40
|
+
|
|
41
|
+
Validation command:
|
|
42
|
+
|
|
43
|
+
Validation result:
|
|
44
|
+
|
|
45
|
+
Focused smoke:
|
|
46
|
+
|
|
47
|
+
Acceptance evidence:
|
|
48
|
+
|
|
49
|
+
## Risks
|
|
50
|
+
|
|
51
|
+
Known unsupported claims:
|
|
52
|
+
|
|
53
|
+
Known compatibility limits:
|
|
54
|
+
|
|
55
|
+
Rollback or unpublish path:
|
|
56
|
+
|
|
57
|
+
## Acceptance
|
|
58
|
+
|
|
59
|
+
Evidence status: result
|
|
60
|
+
|
|
61
|
+
Accepted by:
|
|
62
|
+
|
|
63
|
+
Accepted at:
|
|
64
|
+
|
|
65
|
+
Next action:
|
|
@@ -1,59 +1,59 @@
|
|
|
1
|
-
# Public Repository Settings Record
|
|
2
|
-
|
|
3
|
-
Repository URL:
|
|
4
|
-
|
|
5
|
-
Default branch:
|
|
6
|
-
|
|
7
|
-
Visibility: public | private | internal | unknown
|
|
8
|
-
|
|
9
|
-
Settings status: pending | verified | accepted
|
|
10
|
-
|
|
11
|
-
Evidence owner:
|
|
12
|
-
|
|
13
|
-
Evidence date:
|
|
14
|
-
|
|
15
|
-
Evidence URL or run id:
|
|
16
|
-
|
|
17
|
-
## Required Public Settings
|
|
18
|
-
|
|
19
|
-
- Issues enabled:
|
|
20
|
-
- Pull requests enabled:
|
|
21
|
-
- Discussions enabled:
|
|
22
|
-
- Security policy visible:
|
|
23
|
-
- Branch protection enabled:
|
|
24
|
-
- Required status checks enabled:
|
|
25
|
-
- Required checks:
|
|
26
|
-
- Require review before merge:
|
|
27
|
-
- Require conversation resolution:
|
|
28
|
-
- Restrict force pushes:
|
|
29
|
-
- Restrict deletions:
|
|
30
|
-
|
|
31
|
-
## GSE-Specific Checks
|
|
32
|
-
|
|
33
|
-
- CI workflow path: `.github/workflows/validate-gse.yml`
|
|
34
|
-
- PR template path: `.github/PULL_REQUEST_TEMPLATE.md`
|
|
35
|
-
- Issue templates path: `.github/ISSUE_TEMPLATE/`
|
|
36
|
-
- Public release record path: `.gse/releases/public-release-owner-required.md`
|
|
37
|
-
- Final acceptance packet path: `.gse/acceptance/final-acceptance-packet.md`
|
|
38
|
-
|
|
39
|
-
## Verification
|
|
40
|
-
|
|
41
|
-
Verification command:
|
|
42
|
-
|
|
43
|
-
Verification result:
|
|
44
|
-
|
|
45
|
-
## Acceptance
|
|
46
|
-
|
|
47
|
-
Evidence status: pending | verified | accepted
|
|
48
|
-
|
|
49
|
-
Accepted by:
|
|
50
|
-
|
|
51
|
-
Accepted at:
|
|
52
|
-
|
|
53
|
-
## Residual Risk
|
|
54
|
-
|
|
55
|
-
-
|
|
56
|
-
|
|
57
|
-
## Next Action
|
|
58
|
-
|
|
59
|
-
-
|
|
1
|
+
# Public Repository Settings Record
|
|
2
|
+
|
|
3
|
+
Repository URL:
|
|
4
|
+
|
|
5
|
+
Default branch:
|
|
6
|
+
|
|
7
|
+
Visibility: public | private | internal | unknown
|
|
8
|
+
|
|
9
|
+
Settings status: pending | verified | accepted
|
|
10
|
+
|
|
11
|
+
Evidence owner:
|
|
12
|
+
|
|
13
|
+
Evidence date:
|
|
14
|
+
|
|
15
|
+
Evidence URL or run id:
|
|
16
|
+
|
|
17
|
+
## Required Public Settings
|
|
18
|
+
|
|
19
|
+
- Issues enabled:
|
|
20
|
+
- Pull requests enabled:
|
|
21
|
+
- Discussions enabled:
|
|
22
|
+
- Security policy visible:
|
|
23
|
+
- Branch protection enabled:
|
|
24
|
+
- Required status checks enabled:
|
|
25
|
+
- Required checks:
|
|
26
|
+
- Require review before merge:
|
|
27
|
+
- Require conversation resolution:
|
|
28
|
+
- Restrict force pushes:
|
|
29
|
+
- Restrict deletions:
|
|
30
|
+
|
|
31
|
+
## GSE-Specific Checks
|
|
32
|
+
|
|
33
|
+
- CI workflow path: `.github/workflows/validate-gse.yml`
|
|
34
|
+
- PR template path: `.github/PULL_REQUEST_TEMPLATE.md`
|
|
35
|
+
- Issue templates path: `.github/ISSUE_TEMPLATE/`
|
|
36
|
+
- Public release record path: `.gse/releases/public-release-owner-required.md`
|
|
37
|
+
- Final acceptance packet path: `.gse/acceptance/final-acceptance-packet.md`
|
|
38
|
+
|
|
39
|
+
## Verification
|
|
40
|
+
|
|
41
|
+
Verification command:
|
|
42
|
+
|
|
43
|
+
Verification result:
|
|
44
|
+
|
|
45
|
+
## Acceptance
|
|
46
|
+
|
|
47
|
+
Evidence status: pending | verified | accepted
|
|
48
|
+
|
|
49
|
+
Accepted by:
|
|
50
|
+
|
|
51
|
+
Accepted at:
|
|
52
|
+
|
|
53
|
+
## Residual Risk
|
|
54
|
+
|
|
55
|
+
-
|
|
56
|
+
|
|
57
|
+
## Next Action
|
|
58
|
+
|
|
59
|
+
-
|
|
@@ -1,45 +1,45 @@
|
|
|
1
|
-
# Public Security Contact Record
|
|
2
|
-
|
|
3
|
-
Contact status: pending | accepted
|
|
4
|
-
|
|
5
|
-
Contact type: email | url | github-security-advisory | other
|
|
6
|
-
|
|
7
|
-
Contact value:
|
|
8
|
-
|
|
9
|
-
Policy path: `SECURITY.md`
|
|
10
|
-
|
|
11
|
-
Evidence owner:
|
|
12
|
-
|
|
13
|
-
Evidence date:
|
|
14
|
-
|
|
15
|
-
Evidence URL or run id:
|
|
16
|
-
|
|
17
|
-
## Public Disclosure Policy
|
|
18
|
-
|
|
19
|
-
- Is this contact public? true | false | unknown
|
|
20
|
-
- Security policy updated? true | false | unknown
|
|
21
|
-
- Private fallback channel:
|
|
22
|
-
- Response expectation:
|
|
23
|
-
- Embargo or disclosure notes:
|
|
24
|
-
|
|
25
|
-
## Verification
|
|
26
|
-
|
|
27
|
-
Verification command:
|
|
28
|
-
|
|
29
|
-
Verification result:
|
|
30
|
-
|
|
31
|
-
## Acceptance
|
|
32
|
-
|
|
33
|
-
Evidence status: pending | accepted
|
|
34
|
-
|
|
35
|
-
Accepted by:
|
|
36
|
-
|
|
37
|
-
Accepted at:
|
|
38
|
-
|
|
39
|
-
## Residual Risk
|
|
40
|
-
|
|
41
|
-
-
|
|
42
|
-
|
|
43
|
-
## Next Action
|
|
44
|
-
|
|
45
|
-
-
|
|
1
|
+
# Public Security Contact Record
|
|
2
|
+
|
|
3
|
+
Contact status: pending | accepted
|
|
4
|
+
|
|
5
|
+
Contact type: email | url | github-security-advisory | other
|
|
6
|
+
|
|
7
|
+
Contact value:
|
|
8
|
+
|
|
9
|
+
Policy path: `SECURITY.md`
|
|
10
|
+
|
|
11
|
+
Evidence owner:
|
|
12
|
+
|
|
13
|
+
Evidence date:
|
|
14
|
+
|
|
15
|
+
Evidence URL or run id:
|
|
16
|
+
|
|
17
|
+
## Public Disclosure Policy
|
|
18
|
+
|
|
19
|
+
- Is this contact public? true | false | unknown
|
|
20
|
+
- Security policy updated? true | false | unknown
|
|
21
|
+
- Private fallback channel:
|
|
22
|
+
- Response expectation:
|
|
23
|
+
- Embargo or disclosure notes:
|
|
24
|
+
|
|
25
|
+
## Verification
|
|
26
|
+
|
|
27
|
+
Verification command:
|
|
28
|
+
|
|
29
|
+
Verification result:
|
|
30
|
+
|
|
31
|
+
## Acceptance
|
|
32
|
+
|
|
33
|
+
Evidence status: pending | accepted
|
|
34
|
+
|
|
35
|
+
Accepted by:
|
|
36
|
+
|
|
37
|
+
Accepted at:
|
|
38
|
+
|
|
39
|
+
## Residual Risk
|
|
40
|
+
|
|
41
|
+
-
|
|
42
|
+
|
|
43
|
+
## Next Action
|
|
44
|
+
|
|
45
|
+
-
|
|
@@ -1,32 +1,32 @@
|
|
|
1
|
-
# Release Trust Record
|
|
2
|
-
|
|
3
|
-
Release label:
|
|
4
|
-
Package digest:
|
|
5
|
-
Public key fingerprint:
|
|
6
|
-
Signing algorithm: ed25519
|
|
7
|
-
|
|
8
|
-
## Release Owner
|
|
9
|
-
|
|
10
|
-
Owner:
|
|
11
|
-
Accepted by:
|
|
12
|
-
Accepted at:
|
|
13
|
-
|
|
14
|
-
## Key Custody
|
|
15
|
-
|
|
16
|
-
Private key location:
|
|
17
|
-
Signing environment:
|
|
18
|
-
Rotation policy:
|
|
19
|
-
Revocation path:
|
|
20
|
-
|
|
21
|
-
## Verification
|
|
22
|
-
|
|
23
|
-
Package URL:
|
|
24
|
-
Public key URL or path:
|
|
25
|
-
Signature path:
|
|
26
|
-
Verification command:
|
|
27
|
-
Install command:
|
|
28
|
-
|
|
29
|
-
## Residual Risk
|
|
30
|
-
|
|
31
|
-
## Notes
|
|
32
|
-
|
|
1
|
+
# Release Trust Record
|
|
2
|
+
|
|
3
|
+
Release label:
|
|
4
|
+
Package digest:
|
|
5
|
+
Public key fingerprint:
|
|
6
|
+
Signing algorithm: ed25519
|
|
7
|
+
|
|
8
|
+
## Release Owner
|
|
9
|
+
|
|
10
|
+
Owner:
|
|
11
|
+
Accepted by:
|
|
12
|
+
Accepted at:
|
|
13
|
+
|
|
14
|
+
## Key Custody
|
|
15
|
+
|
|
16
|
+
Private key location:
|
|
17
|
+
Signing environment:
|
|
18
|
+
Rotation policy:
|
|
19
|
+
Revocation path:
|
|
20
|
+
|
|
21
|
+
## Verification
|
|
22
|
+
|
|
23
|
+
Package URL:
|
|
24
|
+
Public key URL or path:
|
|
25
|
+
Signature path:
|
|
26
|
+
Verification command:
|
|
27
|
+
Install command:
|
|
28
|
+
|
|
29
|
+
## Residual Risk
|
|
30
|
+
|
|
31
|
+
## Notes
|
|
32
|
+
|
|
@@ -1,18 +1,18 @@
|
|
|
1
|
-
# Review
|
|
2
|
-
|
|
3
|
-
## Spec Compliance
|
|
4
|
-
|
|
5
|
-
## Code Quality
|
|
6
|
-
|
|
7
|
-
## Architecture / Ownership
|
|
8
|
-
|
|
9
|
-
## Security / Privacy
|
|
10
|
-
|
|
11
|
-
## Regression Risk
|
|
12
|
-
|
|
13
|
-
## Evidence Review
|
|
14
|
-
|
|
15
|
-
## Findings
|
|
16
|
-
|
|
17
|
-
## Closure
|
|
18
|
-
|
|
1
|
+
# Review
|
|
2
|
+
|
|
3
|
+
## Spec Compliance
|
|
4
|
+
|
|
5
|
+
## Code Quality
|
|
6
|
+
|
|
7
|
+
## Architecture / Ownership
|
|
8
|
+
|
|
9
|
+
## Security / Privacy
|
|
10
|
+
|
|
11
|
+
## Regression Risk
|
|
12
|
+
|
|
13
|
+
## Evidence Review
|
|
14
|
+
|
|
15
|
+
## Findings
|
|
16
|
+
|
|
17
|
+
## Closure
|
|
18
|
+
|
package/assets/templates/spec.md
CHANGED
|
@@ -1,16 +1,16 @@
|
|
|
1
|
-
# Spec
|
|
2
|
-
|
|
3
|
-
## User Outcome
|
|
4
|
-
|
|
5
|
-
## Behavior
|
|
6
|
-
|
|
7
|
-
## State / Data Flow
|
|
8
|
-
|
|
9
|
-
## Error and Recovery
|
|
10
|
-
|
|
11
|
-
## Permissions and Privacy
|
|
12
|
-
|
|
13
|
-
## Acceptance Criteria
|
|
14
|
-
|
|
15
|
-
## Non-goals
|
|
16
|
-
|
|
1
|
+
# Spec
|
|
2
|
+
|
|
3
|
+
## User Outcome
|
|
4
|
+
|
|
5
|
+
## Behavior
|
|
6
|
+
|
|
7
|
+
## State / Data Flow
|
|
8
|
+
|
|
9
|
+
## Error and Recovery
|
|
10
|
+
|
|
11
|
+
## Permissions and Privacy
|
|
12
|
+
|
|
13
|
+
## Acceptance Criteria
|
|
14
|
+
|
|
15
|
+
## Non-goals
|
|
16
|
+
|
|
@@ -1,29 +1,29 @@
|
|
|
1
|
-
# Target Project Adoption Evidence
|
|
2
|
-
|
|
3
|
-
Use this record when applying or testing GSE against a real target project without claiming broad certification.
|
|
4
|
-
|
|
5
|
-
```text
|
|
6
|
-
Target project:
|
|
7
|
-
Adoption path: existing repo | fresh install | update existing GSE | host adapter | fresh session
|
|
8
|
-
Project rules read:
|
|
9
|
-
Files inspected:
|
|
10
|
-
Files changed:
|
|
11
|
-
Commands run:
|
|
12
|
-
Detected project type:
|
|
13
|
-
Detected package manager:
|
|
14
|
-
Detected scripts:
|
|
15
|
-
Host/tool statuses:
|
|
16
|
-
Evidence status: result | verified | accepted | not ready
|
|
17
|
-
Accepted by:
|
|
18
|
-
Residual risks:
|
|
19
|
-
Next action:
|
|
20
|
-
```
|
|
21
|
-
|
|
22
|
-
## Rules
|
|
23
|
-
|
|
24
|
-
- Use `Files changed: none` for read-only adoption evidence.
|
|
25
|
-
- Treat discovered commands, package scripts, config files, and host rules as `documented` until executed.
|
|
26
|
-
- Treat tool availability as `unknown` unless the tool was actually checked in the current project/session.
|
|
27
|
-
- Do not claim arbitrary real-repo certification from one target-project adoption record.
|
|
28
|
-
- Do not claim host runtime support, subagent support, browser support, MCP support, CI support, release publication, or owner acceptance without direct evidence.
|
|
29
|
-
- Keep `accepted` separate from `verified`; use `Accepted by: not accepted` unless a real acceptance gate ran.
|
|
1
|
+
# Target Project Adoption Evidence
|
|
2
|
+
|
|
3
|
+
Use this record when applying or testing GSE against a real target project without claiming broad certification.
|
|
4
|
+
|
|
5
|
+
```text
|
|
6
|
+
Target project:
|
|
7
|
+
Adoption path: existing repo | fresh install | update existing GSE | host adapter | fresh session
|
|
8
|
+
Project rules read:
|
|
9
|
+
Files inspected:
|
|
10
|
+
Files changed:
|
|
11
|
+
Commands run:
|
|
12
|
+
Detected project type:
|
|
13
|
+
Detected package manager:
|
|
14
|
+
Detected scripts:
|
|
15
|
+
Host/tool statuses:
|
|
16
|
+
Evidence status: result | verified | accepted | not ready
|
|
17
|
+
Accepted by:
|
|
18
|
+
Residual risks:
|
|
19
|
+
Next action:
|
|
20
|
+
```
|
|
21
|
+
|
|
22
|
+
## Rules
|
|
23
|
+
|
|
24
|
+
- Use `Files changed: none` for read-only adoption evidence.
|
|
25
|
+
- Treat discovered commands, package scripts, config files, and host rules as `documented` until executed.
|
|
26
|
+
- Treat tool availability as `unknown` unless the tool was actually checked in the current project/session.
|
|
27
|
+
- Do not claim arbitrary real-repo certification from one target-project adoption record.
|
|
28
|
+
- Do not claim host runtime support, subagent support, browser support, MCP support, CI support, release publication, or owner acceptance without direct evidence.
|
|
29
|
+
- Keep `accepted` separate from `verified`; use `Accepted by: not accepted` unless a real acceptance gate ran.
|
|
@@ -1,17 +1,17 @@
|
|
|
1
|
-
# Tasks
|
|
2
|
-
|
|
3
|
-
## Slice Plan
|
|
4
|
-
|
|
5
|
-
- [ ] Define outcome, scope, acceptance, evidence, risk, and next action.
|
|
6
|
-
- [ ] Locate existing patterns and ownership boundaries.
|
|
7
|
-
- [ ] Implement the smallest verifiable change.
|
|
8
|
-
- [ ] Run focused verification.
|
|
9
|
-
- [ ] Record evidence and residual risk.
|
|
10
|
-
- [ ] Update state, goal map, and handoff notes when relevant.
|
|
11
|
-
|
|
12
|
-
## Non-Goals
|
|
13
|
-
|
|
14
|
-
## Dependencies
|
|
15
|
-
|
|
16
|
-
## Stop Conditions
|
|
17
|
-
|
|
1
|
+
# Tasks
|
|
2
|
+
|
|
3
|
+
## Slice Plan
|
|
4
|
+
|
|
5
|
+
- [ ] Define outcome, scope, acceptance, evidence, risk, and next action.
|
|
6
|
+
- [ ] Locate existing patterns and ownership boundaries.
|
|
7
|
+
- [ ] Implement the smallest verifiable change.
|
|
8
|
+
- [ ] Run focused verification.
|
|
9
|
+
- [ ] Record evidence and residual risk.
|
|
10
|
+
- [ ] Update state, goal map, and handoff notes when relevant.
|
|
11
|
+
|
|
12
|
+
## Non-Goals
|
|
13
|
+
|
|
14
|
+
## Dependencies
|
|
15
|
+
|
|
16
|
+
## Stop Conditions
|
|
17
|
+
|
|
@@ -1,58 +1,58 @@
|
|
|
1
|
-
# Update Or Release Acceptance Record
|
|
2
|
-
|
|
3
|
-
Use this in a project evidence log when a GSE update, workflow update, scaffold change, package release, or project release needs a compact acceptance record.
|
|
4
|
-
|
|
5
|
-
Keep the record short. Link to command output, CI, smoke reports, or evidence files instead of pasting long logs.
|
|
6
|
-
|
|
7
|
-
```text
|
|
8
|
-
Record type: update | release | scaffold | adapter | incident hotfix
|
|
9
|
-
Project path:
|
|
10
|
-
Goal or slice:
|
|
11
|
-
Release label or change id:
|
|
12
|
-
Evidence status: result | verified | accepted | not ready
|
|
13
|
-
|
|
14
|
-
Local decisions preserved:
|
|
15
|
-
Files changed:
|
|
16
|
-
Files intentionally not changed:
|
|
17
|
-
Commands run:
|
|
18
|
-
Focused verification:
|
|
19
|
-
Compatibility evidence:
|
|
20
|
-
Migration notes:
|
|
21
|
-
Rollback notes:
|
|
22
|
-
Owner or acceptance gate:
|
|
23
|
-
Accepted by:
|
|
24
|
-
Residual risks:
|
|
25
|
-
Next action:
|
|
26
|
-
```
|
|
27
|
-
|
|
28
|
-
## Status Rules
|
|
29
|
-
|
|
30
|
-
- `result`: the update, release notes, scaffold, adapter, or record exists.
|
|
31
|
-
- `verified`: focused checks prove the affected behavior in the current environment, and residual risk is recorded.
|
|
32
|
-
- `accepted`: the required owner, release policy, CI gate, smoke gate, archive gate, or explicitly named acceptance policy has accepted the verified result.
|
|
33
|
-
- `not ready`: required evidence is missing, contradicted, or outside the current environment.
|
|
34
|
-
|
|
35
|
-
## Anti-Overclaim Rules
|
|
36
|
-
|
|
37
|
-
- Do not mark `accepted` only because `validate-gse.mjs`, tests, lint, or a local smoke passed.
|
|
38
|
-
- Do not claim release publication, package install, production rollout, host runtime support, registry access, subagent support, MCP support, browser support, or owner approval unless the evidence names that gate.
|
|
39
|
-
- Keep unavailable or unverified tools as `unknown`, `documented`, or `unavailable`; do not convert them to `verified` through this record.
|
|
40
|
-
- If rollback is unknown, say `unknown`; do not infer rollback safety from file existence.
|
|
41
|
-
- If the user or release owner has not accepted a user-visible or irreversible change, write `Accepted by: not accepted`.
|
|
42
|
-
|
|
43
|
-
## Minimal Examples
|
|
44
|
-
|
|
45
|
-
```text
|
|
46
|
-
Evidence status: verified
|
|
47
|
-
Focused verification: node <skill>/scripts/validate-gse.mjs --root <skill> passed
|
|
48
|
-
Owner or acceptance gate: not required for internal template wording update
|
|
49
|
-
Accepted by: policy: Lite focused smoke policy
|
|
50
|
-
```
|
|
51
|
-
|
|
52
|
-
```text
|
|
53
|
-
Evidence status: verified
|
|
54
|
-
Focused verification: npm run smoke passed in target project
|
|
55
|
-
Owner or acceptance gate: release owner approval required
|
|
56
|
-
Accepted by: not accepted
|
|
57
|
-
Residual risks: production publish not executed; rollback not exercised
|
|
58
|
-
```
|
|
1
|
+
# Update Or Release Acceptance Record
|
|
2
|
+
|
|
3
|
+
Use this in a project evidence log when a GSE update, workflow update, scaffold change, package release, or project release needs a compact acceptance record.
|
|
4
|
+
|
|
5
|
+
Keep the record short. Link to command output, CI, smoke reports, or evidence files instead of pasting long logs.
|
|
6
|
+
|
|
7
|
+
```text
|
|
8
|
+
Record type: update | release | scaffold | adapter | incident hotfix
|
|
9
|
+
Project path:
|
|
10
|
+
Goal or slice:
|
|
11
|
+
Release label or change id:
|
|
12
|
+
Evidence status: result | verified | accepted | not ready
|
|
13
|
+
|
|
14
|
+
Local decisions preserved:
|
|
15
|
+
Files changed:
|
|
16
|
+
Files intentionally not changed:
|
|
17
|
+
Commands run:
|
|
18
|
+
Focused verification:
|
|
19
|
+
Compatibility evidence:
|
|
20
|
+
Migration notes:
|
|
21
|
+
Rollback notes:
|
|
22
|
+
Owner or acceptance gate:
|
|
23
|
+
Accepted by:
|
|
24
|
+
Residual risks:
|
|
25
|
+
Next action:
|
|
26
|
+
```
|
|
27
|
+
|
|
28
|
+
## Status Rules
|
|
29
|
+
|
|
30
|
+
- `result`: the update, release notes, scaffold, adapter, or record exists.
|
|
31
|
+
- `verified`: focused checks prove the affected behavior in the current environment, and residual risk is recorded.
|
|
32
|
+
- `accepted`: the required owner, release policy, CI gate, smoke gate, archive gate, or explicitly named acceptance policy has accepted the verified result.
|
|
33
|
+
- `not ready`: required evidence is missing, contradicted, or outside the current environment.
|
|
34
|
+
|
|
35
|
+
## Anti-Overclaim Rules
|
|
36
|
+
|
|
37
|
+
- Do not mark `accepted` only because `validate-gse.mjs`, tests, lint, or a local smoke passed.
|
|
38
|
+
- Do not claim release publication, package install, production rollout, host runtime support, registry access, subagent support, MCP support, browser support, or owner approval unless the evidence names that gate.
|
|
39
|
+
- Keep unavailable or unverified tools as `unknown`, `documented`, or `unavailable`; do not convert them to `verified` through this record.
|
|
40
|
+
- If rollback is unknown, say `unknown`; do not infer rollback safety from file existence.
|
|
41
|
+
- If the user or release owner has not accepted a user-visible or irreversible change, write `Accepted by: not accepted`.
|
|
42
|
+
|
|
43
|
+
## Minimal Examples
|
|
44
|
+
|
|
45
|
+
```text
|
|
46
|
+
Evidence status: verified
|
|
47
|
+
Focused verification: node <skill>/scripts/validate-gse.mjs --root <skill> passed
|
|
48
|
+
Owner or acceptance gate: not required for internal template wording update
|
|
49
|
+
Accepted by: policy: Lite focused smoke policy
|
|
50
|
+
```
|
|
51
|
+
|
|
52
|
+
```text
|
|
53
|
+
Evidence status: verified
|
|
54
|
+
Focused verification: npm run smoke passed in target project
|
|
55
|
+
Owner or acceptance gate: release owner approval required
|
|
56
|
+
Accepted by: not accepted
|
|
57
|
+
Residual risks: production publish not executed; rollback not exercised
|
|
58
|
+
```
|