@t275005746/gse 0.1.0 → 0.1.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/.github/ISSUE_TEMPLATE/bug_report.yml +42 -42
- package/.github/ISSUE_TEMPLATE/change_request.yml +50 -50
- package/.github/ISSUE_TEMPLATE/config.yml +5 -5
- package/.github/PULL_REQUEST_TEMPLATE.md +38 -38
- package/.github/workflows/validate-gse.yml +33 -33
- package/.gse/README.md +18 -18
- package/.gse/gse-development-protocol.md +50 -50
- package/.gse/project-profile.md +29 -29
- package/.gse/quality-gates.md +25 -25
- package/.gse/releases/public-registry-publication-npm.md +49 -0
- package/.gse/releases/public-release-owner-required.md +65 -65
- package/.gse/releases/public-security-contact-owner-required.md +45 -45
- package/.gse/state.json +3 -4
- package/CHANGELOG.md +24 -24
- package/CONTRIBUTING.md +64 -64
- package/LICENSE +21 -21
- package/README.md +1 -1
- package/README.zh-CN.md +1 -1
- package/SECURITY.md +41 -41
- package/SUPPORT.md +38 -38
- package/assets/marketplace/README.md +7 -7
- package/assets/marketplace/gse-listing.json +75 -75
- package/assets/templates/acceptance-execution-packet.md +73 -73
- package/assets/templates/adr.md +14 -14
- package/assets/templates/change-brief.md +16 -16
- package/assets/templates/design.md +18 -18
- package/assets/templates/dispatch-packet.md +104 -104
- package/assets/templates/evidence.md +14 -14
- package/assets/templates/execution-quality-pack.md +65 -65
- package/assets/templates/goal-map.md +21 -21
- package/assets/templates/host-adapter.md +48 -48
- package/assets/templates/host-ui-invocation-record.md +42 -42
- package/assets/templates/incident-review.md +60 -60
- package/assets/templates/public-channel-publication-record.md +49 -49
- package/assets/templates/public-ci-run-record.md +53 -53
- package/assets/templates/public-release-record.md +65 -65
- package/assets/templates/public-repository-settings-record.md +59 -59
- package/assets/templates/public-security-contact-record.md +45 -45
- package/assets/templates/release-trust-record.md +32 -32
- package/assets/templates/review.md +18 -18
- package/assets/templates/spec.md +16 -16
- package/assets/templates/target-adoption-evidence.md +29 -29
- package/assets/templates/tasks.md +17 -17
- package/assets/templates/update-release-acceptance-record.md +58 -58
- package/examples/README.md +22 -22
- package/examples/agent-runtime-host/.claude/gse-adapter.md +6 -6
- package/examples/agent-runtime-host/.codex/gse-adapter.md +7 -7
- package/examples/agent-runtime-host/.gse/goal-map.md +7 -7
- package/examples/agent-runtime-host/.gse/project-profile.md +27 -27
- package/examples/agent-runtime-host/.gse/tooling.md +5 -5
- package/examples/agent-runtime-host/.mcp.json +9 -9
- package/examples/agent-runtime-host/AGENTS.md +5 -5
- package/examples/agent-runtime-host/README.md +10 -10
- package/examples/agent-runtime-host/docs/model-routing.md +5 -5
- package/examples/cli-tool/.gse/project-profile.md +21 -21
- package/examples/cli-tool/AGENTS.md +5 -5
- package/examples/cli-tool/README.md +12 -12
- package/examples/cli-tool/package.json +21 -21
- package/examples/small-app/.env.example +2 -2
- package/examples/small-app/.github/workflows/ci.yml +8 -8
- package/examples/small-app/AGENTS.md +5 -5
- package/examples/small-app/README.md +12 -12
- package/examples/small-app/package.json +26 -26
- package/examples/small-app/playwright.config.ts +4 -4
- package/package.json +53 -53
- package/references/adoption-recipes.md +171 -171
- package/references/agent-roles.md +49 -49
- package/references/architecture-health.md +101 -101
- package/references/benchmark-audit.md +73 -73
- package/references/community-channels.md +46 -46
- package/references/compatibility.md +70 -70
- package/references/design-basis.md +38 -38
- package/references/domain-model.md +129 -129
- package/references/domain-quality-gates.md +75 -75
- package/references/drift-audit.md +81 -81
- package/references/evidence-taxonomy.md +123 -123
- package/references/file-ownership.md +107 -107
- package/references/final-readiness.md +84 -84
- package/references/forward-test.md +133 -133
- package/references/goal-map.md +36 -36
- package/references/host-adapters.md +119 -119
- package/references/learning-system.md +35 -35
- package/references/marketplace-discovery.md +46 -46
- package/references/model-routing.md +103 -103
- package/references/open-source-defaults.md +39 -39
- package/references/operating-model.md +52 -52
- package/references/packaging.md +277 -277
- package/references/project-agent-workspace.md +89 -89
- package/references/project-bootstrap.md +122 -122
- package/references/project-profile.md +57 -57
- package/references/public-release.md +174 -174
- package/references/quality-gates.md +100 -100
- package/references/recovery.md +176 -176
- package/references/release-trust.md +43 -43
- package/references/release.md +126 -126
- package/references/review.md +141 -141
- package/references/router.md +90 -90
- package/references/spec-workflow.md +66 -66
- package/references/task-levels.md +81 -81
- package/references/tool-adapters.md +73 -73
- package/scripts/audit-acceptance-execution-packet.mjs +133 -133
- package/scripts/audit-adoption-recipes.mjs +99 -99
- package/scripts/audit-change-lifecycle.mjs +77 -77
- package/scripts/audit-change-system.mjs +134 -134
- package/scripts/audit-ci-readiness.mjs +107 -107
- package/scripts/audit-close-gate.mjs +323 -323
- package/scripts/audit-command-adapters.mjs +91 -91
- package/scripts/audit-command-execution.mjs +210 -210
- package/scripts/audit-compatibility.mjs +149 -149
- package/scripts/audit-completion-readiness.mjs +292 -292
- package/scripts/audit-distribution.mjs +251 -251
- package/scripts/audit-domain-quality-gates.mjs +108 -108
- package/scripts/audit-evidence-placeholders.mjs +126 -126
- package/scripts/audit-final-readiness-promotion.mjs +255 -255
- package/scripts/audit-final-readiness.mjs +226 -226
- package/scripts/audit-fixtures.mjs +154 -154
- package/scripts/audit-fresh-session-readiness.mjs +177 -177
- package/scripts/audit-host-runtime-evidence-handoff.mjs +159 -159
- package/scripts/audit-host-runtime-invocation-drill.mjs +240 -240
- package/scripts/audit-host-runtime-invocations.mjs +254 -254
- package/scripts/audit-host-ui-invocation.mjs +132 -132
- package/scripts/audit-marketplace-discovery.mjs +122 -122
- package/scripts/audit-npm-package-metadata.mjs +155 -155
- package/scripts/audit-npm-publish-dry-run.mjs +191 -169
- package/scripts/audit-npm-tarball-install.mjs +191 -191
- package/scripts/audit-open-source-defaults.mjs +92 -92
- package/scripts/audit-open-source-readiness.mjs +97 -97
- package/scripts/audit-project.mjs +138 -138
- package/scripts/audit-public-acceptance-command-dry-run-drill.mjs +203 -203
- package/scripts/audit-public-acceptance-readiness.mjs +224 -224
- package/scripts/audit-public-channel-publication.mjs +248 -248
- package/scripts/audit-public-ci-run.mjs +184 -184
- package/scripts/audit-public-collaboration-templates.mjs +98 -98
- package/scripts/audit-public-external-gate-probe.mjs +206 -206
- package/scripts/audit-public-release-decision.mjs +201 -201
- package/scripts/audit-public-release-metadata.mjs +176 -176
- package/scripts/audit-public-repository-settings.mjs +237 -237
- package/scripts/audit-public-security-contact.mjs +171 -171
- package/scripts/audit-readme-docs.mjs +6 -4
- package/scripts/audit-recovery-readiness.mjs +98 -98
- package/scripts/audit-release-readiness.mjs +106 -106
- package/scripts/audit-release-trust.mjs +62 -62
- package/scripts/audit-remote-distribution.mjs +266 -266
- package/scripts/audit-roadmap-consistency.mjs +235 -235
- package/scripts/audit-signing.mjs +147 -147
- package/scripts/audit-state-freshness.mjs +14 -9
- package/scripts/audit-target-adoption-evidence.mjs +117 -117
- package/scripts/audit-target-project.mjs +507 -507
- package/scripts/audit-update-release-acceptance.mjs +136 -136
- package/scripts/audit-v1-target-validation.mjs +269 -269
- package/scripts/audit-validation-profiles.mjs +125 -125
- package/scripts/close-change.mjs +116 -116
- package/scripts/discover-project-profile.mjs +307 -307
- package/scripts/generate-command-adapter.mjs +231 -231
- package/scripts/generate-final-acceptance-packet.mjs +181 -181
- package/scripts/generate-final-form-progress-report.mjs +205 -205
- package/scripts/generate-host-runtime-evidence-handoff.mjs +206 -206
- package/scripts/generate-owner-external-gate-kit.mjs +295 -295
- package/scripts/generate-public-acceptance-handoff.mjs +168 -168
- package/scripts/generate-public-release-checklist.mjs +207 -207
- package/scripts/generate-release-bundle.mjs +505 -505
- package/scripts/generate-release-owner-action-plan.mjs +172 -172
- package/scripts/generate-release-status-manifest.mjs +200 -200
- package/scripts/generate-session-prompt.mjs +188 -188
- package/scripts/gse.mjs +67 -67
- package/scripts/init-change.mjs +265 -265
- package/scripts/init-project.mjs +785 -785
- package/scripts/install-gse.mjs +234 -234
- package/scripts/lib/evidence-placeholders.mjs +28 -28
- package/scripts/package-gse.mjs +174 -174
- package/scripts/probe-public-external-gates.mjs +167 -167
- package/scripts/record-host-invocation.mjs +151 -151
- package/scripts/record-public-channel-publication.mjs +178 -178
- package/scripts/record-public-ci-run.mjs +180 -180
- package/scripts/record-public-release.mjs +175 -175
- package/scripts/record-public-repository-settings.mjs +209 -209
- package/scripts/record-public-security-contact.mjs +157 -157
- package/scripts/sign-gse-package.mjs +83 -83
- package/scripts/update-project-state.mjs +223 -223
- package/scripts/verify-gse-package.mjs +85 -85
|
@@ -1,178 +1,178 @@
|
|
|
1
|
-
#!/usr/bin/env node
|
|
2
|
-
import fs from 'node:fs'
|
|
3
|
-
import path from 'node:path'
|
|
4
|
-
import { rejectPlaceholderEvidence } from './lib/evidence-placeholders.mjs'
|
|
5
|
-
|
|
6
|
-
const args = process.argv.slice(2)
|
|
7
|
-
|
|
8
|
-
function readArg(name, fallback = '') {
|
|
9
|
-
const index = args.indexOf(name)
|
|
10
|
-
if (index === -1) return fallback
|
|
11
|
-
return args[index + 1] ?? fallback
|
|
12
|
-
}
|
|
13
|
-
|
|
14
|
-
function hasArg(name) {
|
|
15
|
-
return args.includes(name)
|
|
16
|
-
}
|
|
17
|
-
|
|
18
|
-
const root = path.resolve(readArg('--root', path.join(import.meta.dirname, '..')))
|
|
19
|
-
const publicationStatus = readArg('--publication-status', 'pending')
|
|
20
|
-
const channelType = readArg('--channel-type', 'unknown')
|
|
21
|
-
const channelName = readArg('--channel-name', '')
|
|
22
|
-
const channelUrl = readArg('--channel-url', '')
|
|
23
|
-
const version = readArg('--version', '')
|
|
24
|
-
const artifactDigest = readArg('--artifact-digest', '')
|
|
25
|
-
const reviewStatus = readArg('--review-status', 'pending')
|
|
26
|
-
const evidenceOwner = readArg('--evidence-owner', '')
|
|
27
|
-
const evidenceDate = readArg('--evidence-date', '')
|
|
28
|
-
const evidenceUrl = readArg('--evidence-url', '')
|
|
29
|
-
const verificationCommand = readArg('--verification-command', 'node scripts/validate-gse.mjs --root . --json')
|
|
30
|
-
const verificationResult = readArg('--verification-result', 'pending')
|
|
31
|
-
const evidenceStatus = readArg('--evidence-status', publicationStatus === 'accepted' ? 'accepted' : 'pending')
|
|
32
|
-
const acceptedBy = readArg('--accepted-by', '')
|
|
33
|
-
const acceptedAt = readArg('--accepted-at', '')
|
|
34
|
-
const provesRegistryPublication = readArg('--proves-registry-publication', 'unknown')
|
|
35
|
-
const provesMarketplaceApproval = readArg('--proves-marketplace-approval', 'unknown')
|
|
36
|
-
const provesChannelInstallability = readArg('--proves-channel-installability', 'unknown')
|
|
37
|
-
const residualRisk = readArg('--residual-risk', 'Public channel publication is not accepted until real external evidence is attached.')
|
|
38
|
-
const nextAction = readArg('--next-action', 'Attach public channel publication evidence and re-run final readiness.')
|
|
39
|
-
const out = path.resolve(readArg('--out', path.join(root, '.gse', 'releases', 'public-channel-publication-pending.md')))
|
|
40
|
-
const dryRun = hasArg('--dry-run')
|
|
41
|
-
const force = hasArg('--force')
|
|
42
|
-
const jsonOnly = hasArg('--json')
|
|
43
|
-
|
|
44
|
-
const validStatuses = new Set(['pending', 'accepted'])
|
|
45
|
-
const validChannelTypes = new Set(['github-release', 'package-registry', 'marketplace', 'catalog', 'other', 'unknown'])
|
|
46
|
-
const validTriState = new Set(['true', 'false', 'unknown'])
|
|
47
|
-
const errors = []
|
|
48
|
-
|
|
49
|
-
function requireField(value, message) {
|
|
50
|
-
if (!String(value).trim()) errors.push(message)
|
|
51
|
-
}
|
|
52
|
-
|
|
53
|
-
if (!validStatuses.has(publicationStatus)) errors.push('--publication-status must be pending or accepted')
|
|
54
|
-
if (!validStatuses.has(evidenceStatus)) errors.push('--evidence-status must be pending or accepted')
|
|
55
|
-
if (!validChannelTypes.has(channelType)) errors.push('--channel-type must be github-release, package-registry, marketplace, catalog, other, or unknown')
|
|
56
|
-
for (const [value, name] of [
|
|
57
|
-
[provesRegistryPublication, '--proves-registry-publication'],
|
|
58
|
-
[provesMarketplaceApproval, '--proves-marketplace-approval'],
|
|
59
|
-
[provesChannelInstallability, '--proves-channel-installability'],
|
|
60
|
-
]) {
|
|
61
|
-
if (!validTriState.has(value)) errors.push(`${name} must be true, false, or unknown`)
|
|
62
|
-
}
|
|
63
|
-
|
|
64
|
-
if (publicationStatus === 'accepted') {
|
|
65
|
-
if (channelType === 'unknown') errors.push('accepted publication requires --channel-type')
|
|
66
|
-
requireField(channelName, 'accepted publication requires --channel-name')
|
|
67
|
-
requireField(channelUrl, 'accepted publication requires --channel-url')
|
|
68
|
-
requireField(version, 'accepted publication requires --version')
|
|
69
|
-
requireField(evidenceOwner, 'accepted publication requires --evidence-owner')
|
|
70
|
-
requireField(evidenceDate, 'accepted publication requires --evidence-date')
|
|
71
|
-
requireField(evidenceUrl, 'accepted publication requires --evidence-url')
|
|
72
|
-
requireField(acceptedBy, 'accepted publication requires --accepted-by')
|
|
73
|
-
requireField(acceptedAt, 'accepted publication requires --accepted-at')
|
|
74
|
-
if (evidenceStatus !== 'accepted') errors.push('accepted publication requires --evidence-status accepted')
|
|
75
|
-
if (reviewStatus !== 'approved' && reviewStatus !== 'published') errors.push('accepted publication requires --review-status approved or published')
|
|
76
|
-
if (!dryRun) {
|
|
77
|
-
rejectPlaceholderEvidence(errors, channelName, '--channel-name')
|
|
78
|
-
rejectPlaceholderEvidence(errors, channelUrl, '--channel-url')
|
|
79
|
-
rejectPlaceholderEvidence(errors, evidenceOwner, '--evidence-owner')
|
|
80
|
-
rejectPlaceholderEvidence(errors, evidenceUrl, '--evidence-url')
|
|
81
|
-
rejectPlaceholderEvidence(errors, acceptedBy, '--accepted-by')
|
|
82
|
-
}
|
|
83
|
-
if (channelType === 'package-registry') {
|
|
84
|
-
requireField(artifactDigest, 'accepted package-registry publication requires --artifact-digest')
|
|
85
|
-
if (provesRegistryPublication !== 'true') errors.push('accepted package-registry publication requires --proves-registry-publication true')
|
|
86
|
-
if (provesChannelInstallability !== 'true') errors.push('accepted package-registry publication requires --proves-channel-installability true')
|
|
87
|
-
}
|
|
88
|
-
if (channelType === 'marketplace' || channelType === 'catalog') {
|
|
89
|
-
if (provesMarketplaceApproval !== 'true') errors.push('accepted marketplace/catalog publication requires --proves-marketplace-approval true')
|
|
90
|
-
if (provesChannelInstallability !== 'true') errors.push('accepted marketplace/catalog publication requires --proves-channel-installability true')
|
|
91
|
-
}
|
|
92
|
-
}
|
|
93
|
-
|
|
94
|
-
const lines = [
|
|
95
|
-
'# Public Channel Publication Record',
|
|
96
|
-
'',
|
|
97
|
-
'Publication status: ' + publicationStatus,
|
|
98
|
-
'',
|
|
99
|
-
'Channel type: ' + channelType,
|
|
100
|
-
'',
|
|
101
|
-
'Channel name: ' + channelName,
|
|
102
|
-
'',
|
|
103
|
-
'Channel URL: ' + channelUrl,
|
|
104
|
-
'',
|
|
105
|
-
'Package or listing version: ' + version,
|
|
106
|
-
'',
|
|
107
|
-
'Artifact digest: ' + artifactDigest,
|
|
108
|
-
'',
|
|
109
|
-
'Review or approval status: ' + reviewStatus,
|
|
110
|
-
'',
|
|
111
|
-
'Evidence owner: ' + evidenceOwner,
|
|
112
|
-
'',
|
|
113
|
-
'Evidence date: ' + evidenceDate,
|
|
114
|
-
'',
|
|
115
|
-
'Evidence URL or run id: ' + evidenceUrl,
|
|
116
|
-
'',
|
|
117
|
-
'## Verification',
|
|
118
|
-
'',
|
|
119
|
-
'Verification command: ' + verificationCommand,
|
|
120
|
-
'',
|
|
121
|
-
'Verification result: ' + verificationResult,
|
|
122
|
-
'',
|
|
123
|
-
'## Acceptance',
|
|
124
|
-
'',
|
|
125
|
-
'Evidence status: ' + evidenceStatus,
|
|
126
|
-
'',
|
|
127
|
-
'Accepted by: ' + acceptedBy,
|
|
128
|
-
'',
|
|
129
|
-
'Accepted at: ' + acceptedAt,
|
|
130
|
-
'',
|
|
131
|
-
'## Boundaries',
|
|
132
|
-
'',
|
|
133
|
-
'- Does this prove public registry publication? ' + provesRegistryPublication,
|
|
134
|
-
'- Does this prove marketplace approval? ' + provesMarketplaceApproval,
|
|
135
|
-
'- Does this prove installability from the channel? ' + provesChannelInstallability,
|
|
136
|
-
'',
|
|
137
|
-
'## Residual Risk',
|
|
138
|
-
'',
|
|
139
|
-
'- ' + residualRisk,
|
|
140
|
-
'',
|
|
141
|
-
'## Next Action',
|
|
142
|
-
'',
|
|
143
|
-
'- ' + nextAction,
|
|
144
|
-
'',
|
|
145
|
-
]
|
|
146
|
-
|
|
147
|
-
const report = {
|
|
148
|
-
root,
|
|
149
|
-
out,
|
|
150
|
-
dryRun,
|
|
151
|
-
publicationStatus,
|
|
152
|
-
channelType,
|
|
153
|
-
evidenceStatus,
|
|
154
|
-
status: errors.length ? 'failed' : dryRun ? 'ready' : 'written',
|
|
155
|
-
errors,
|
|
156
|
-
}
|
|
157
|
-
|
|
158
|
-
if (!errors.length && !dryRun) {
|
|
159
|
-
if (fs.existsSync(out) && !force) {
|
|
160
|
-
report.status = 'exists'
|
|
161
|
-
report.errors.push('output exists; use --force or choose another --out path')
|
|
162
|
-
} else {
|
|
163
|
-
fs.mkdirSync(path.dirname(out), { recursive: true })
|
|
164
|
-
fs.writeFileSync(out, lines.join('\n'), 'utf8')
|
|
165
|
-
}
|
|
166
|
-
}
|
|
167
|
-
|
|
168
|
-
if (jsonOnly) console.log(JSON.stringify(report, null, 2))
|
|
169
|
-
else {
|
|
170
|
-
console.log('Public channel publication record status: ' + report.status)
|
|
171
|
-
console.log('Output: ' + report.out)
|
|
172
|
-
if (report.errors.length) {
|
|
173
|
-
console.log('Errors:')
|
|
174
|
-
for (const error of report.errors) console.log('- ' + error)
|
|
175
|
-
}
|
|
176
|
-
}
|
|
177
|
-
|
|
178
|
-
if (report.status === 'failed' || report.status === 'exists') process.exit(1)
|
|
1
|
+
#!/usr/bin/env node
|
|
2
|
+
import fs from 'node:fs'
|
|
3
|
+
import path from 'node:path'
|
|
4
|
+
import { rejectPlaceholderEvidence } from './lib/evidence-placeholders.mjs'
|
|
5
|
+
|
|
6
|
+
const args = process.argv.slice(2)
|
|
7
|
+
|
|
8
|
+
function readArg(name, fallback = '') {
|
|
9
|
+
const index = args.indexOf(name)
|
|
10
|
+
if (index === -1) return fallback
|
|
11
|
+
return args[index + 1] ?? fallback
|
|
12
|
+
}
|
|
13
|
+
|
|
14
|
+
function hasArg(name) {
|
|
15
|
+
return args.includes(name)
|
|
16
|
+
}
|
|
17
|
+
|
|
18
|
+
const root = path.resolve(readArg('--root', path.join(import.meta.dirname, '..')))
|
|
19
|
+
const publicationStatus = readArg('--publication-status', 'pending')
|
|
20
|
+
const channelType = readArg('--channel-type', 'unknown')
|
|
21
|
+
const channelName = readArg('--channel-name', '')
|
|
22
|
+
const channelUrl = readArg('--channel-url', '')
|
|
23
|
+
const version = readArg('--version', '')
|
|
24
|
+
const artifactDigest = readArg('--artifact-digest', '')
|
|
25
|
+
const reviewStatus = readArg('--review-status', 'pending')
|
|
26
|
+
const evidenceOwner = readArg('--evidence-owner', '')
|
|
27
|
+
const evidenceDate = readArg('--evidence-date', '')
|
|
28
|
+
const evidenceUrl = readArg('--evidence-url', '')
|
|
29
|
+
const verificationCommand = readArg('--verification-command', 'node scripts/validate-gse.mjs --root . --json')
|
|
30
|
+
const verificationResult = readArg('--verification-result', 'pending')
|
|
31
|
+
const evidenceStatus = readArg('--evidence-status', publicationStatus === 'accepted' ? 'accepted' : 'pending')
|
|
32
|
+
const acceptedBy = readArg('--accepted-by', '')
|
|
33
|
+
const acceptedAt = readArg('--accepted-at', '')
|
|
34
|
+
const provesRegistryPublication = readArg('--proves-registry-publication', 'unknown')
|
|
35
|
+
const provesMarketplaceApproval = readArg('--proves-marketplace-approval', 'unknown')
|
|
36
|
+
const provesChannelInstallability = readArg('--proves-channel-installability', 'unknown')
|
|
37
|
+
const residualRisk = readArg('--residual-risk', 'Public channel publication is not accepted until real external evidence is attached.')
|
|
38
|
+
const nextAction = readArg('--next-action', 'Attach public channel publication evidence and re-run final readiness.')
|
|
39
|
+
const out = path.resolve(readArg('--out', path.join(root, '.gse', 'releases', 'public-channel-publication-pending.md')))
|
|
40
|
+
const dryRun = hasArg('--dry-run')
|
|
41
|
+
const force = hasArg('--force')
|
|
42
|
+
const jsonOnly = hasArg('--json')
|
|
43
|
+
|
|
44
|
+
const validStatuses = new Set(['pending', 'accepted'])
|
|
45
|
+
const validChannelTypes = new Set(['github-release', 'package-registry', 'marketplace', 'catalog', 'other', 'unknown'])
|
|
46
|
+
const validTriState = new Set(['true', 'false', 'unknown'])
|
|
47
|
+
const errors = []
|
|
48
|
+
|
|
49
|
+
function requireField(value, message) {
|
|
50
|
+
if (!String(value).trim()) errors.push(message)
|
|
51
|
+
}
|
|
52
|
+
|
|
53
|
+
if (!validStatuses.has(publicationStatus)) errors.push('--publication-status must be pending or accepted')
|
|
54
|
+
if (!validStatuses.has(evidenceStatus)) errors.push('--evidence-status must be pending or accepted')
|
|
55
|
+
if (!validChannelTypes.has(channelType)) errors.push('--channel-type must be github-release, package-registry, marketplace, catalog, other, or unknown')
|
|
56
|
+
for (const [value, name] of [
|
|
57
|
+
[provesRegistryPublication, '--proves-registry-publication'],
|
|
58
|
+
[provesMarketplaceApproval, '--proves-marketplace-approval'],
|
|
59
|
+
[provesChannelInstallability, '--proves-channel-installability'],
|
|
60
|
+
]) {
|
|
61
|
+
if (!validTriState.has(value)) errors.push(`${name} must be true, false, or unknown`)
|
|
62
|
+
}
|
|
63
|
+
|
|
64
|
+
if (publicationStatus === 'accepted') {
|
|
65
|
+
if (channelType === 'unknown') errors.push('accepted publication requires --channel-type')
|
|
66
|
+
requireField(channelName, 'accepted publication requires --channel-name')
|
|
67
|
+
requireField(channelUrl, 'accepted publication requires --channel-url')
|
|
68
|
+
requireField(version, 'accepted publication requires --version')
|
|
69
|
+
requireField(evidenceOwner, 'accepted publication requires --evidence-owner')
|
|
70
|
+
requireField(evidenceDate, 'accepted publication requires --evidence-date')
|
|
71
|
+
requireField(evidenceUrl, 'accepted publication requires --evidence-url')
|
|
72
|
+
requireField(acceptedBy, 'accepted publication requires --accepted-by')
|
|
73
|
+
requireField(acceptedAt, 'accepted publication requires --accepted-at')
|
|
74
|
+
if (evidenceStatus !== 'accepted') errors.push('accepted publication requires --evidence-status accepted')
|
|
75
|
+
if (reviewStatus !== 'approved' && reviewStatus !== 'published') errors.push('accepted publication requires --review-status approved or published')
|
|
76
|
+
if (!dryRun) {
|
|
77
|
+
rejectPlaceholderEvidence(errors, channelName, '--channel-name')
|
|
78
|
+
rejectPlaceholderEvidence(errors, channelUrl, '--channel-url')
|
|
79
|
+
rejectPlaceholderEvidence(errors, evidenceOwner, '--evidence-owner')
|
|
80
|
+
rejectPlaceholderEvidence(errors, evidenceUrl, '--evidence-url')
|
|
81
|
+
rejectPlaceholderEvidence(errors, acceptedBy, '--accepted-by')
|
|
82
|
+
}
|
|
83
|
+
if (channelType === 'package-registry') {
|
|
84
|
+
requireField(artifactDigest, 'accepted package-registry publication requires --artifact-digest')
|
|
85
|
+
if (provesRegistryPublication !== 'true') errors.push('accepted package-registry publication requires --proves-registry-publication true')
|
|
86
|
+
if (provesChannelInstallability !== 'true') errors.push('accepted package-registry publication requires --proves-channel-installability true')
|
|
87
|
+
}
|
|
88
|
+
if (channelType === 'marketplace' || channelType === 'catalog') {
|
|
89
|
+
if (provesMarketplaceApproval !== 'true') errors.push('accepted marketplace/catalog publication requires --proves-marketplace-approval true')
|
|
90
|
+
if (provesChannelInstallability !== 'true') errors.push('accepted marketplace/catalog publication requires --proves-channel-installability true')
|
|
91
|
+
}
|
|
92
|
+
}
|
|
93
|
+
|
|
94
|
+
const lines = [
|
|
95
|
+
'# Public Channel Publication Record',
|
|
96
|
+
'',
|
|
97
|
+
'Publication status: ' + publicationStatus,
|
|
98
|
+
'',
|
|
99
|
+
'Channel type: ' + channelType,
|
|
100
|
+
'',
|
|
101
|
+
'Channel name: ' + channelName,
|
|
102
|
+
'',
|
|
103
|
+
'Channel URL: ' + channelUrl,
|
|
104
|
+
'',
|
|
105
|
+
'Package or listing version: ' + version,
|
|
106
|
+
'',
|
|
107
|
+
'Artifact digest: ' + artifactDigest,
|
|
108
|
+
'',
|
|
109
|
+
'Review or approval status: ' + reviewStatus,
|
|
110
|
+
'',
|
|
111
|
+
'Evidence owner: ' + evidenceOwner,
|
|
112
|
+
'',
|
|
113
|
+
'Evidence date: ' + evidenceDate,
|
|
114
|
+
'',
|
|
115
|
+
'Evidence URL or run id: ' + evidenceUrl,
|
|
116
|
+
'',
|
|
117
|
+
'## Verification',
|
|
118
|
+
'',
|
|
119
|
+
'Verification command: ' + verificationCommand,
|
|
120
|
+
'',
|
|
121
|
+
'Verification result: ' + verificationResult,
|
|
122
|
+
'',
|
|
123
|
+
'## Acceptance',
|
|
124
|
+
'',
|
|
125
|
+
'Evidence status: ' + evidenceStatus,
|
|
126
|
+
'',
|
|
127
|
+
'Accepted by: ' + acceptedBy,
|
|
128
|
+
'',
|
|
129
|
+
'Accepted at: ' + acceptedAt,
|
|
130
|
+
'',
|
|
131
|
+
'## Boundaries',
|
|
132
|
+
'',
|
|
133
|
+
'- Does this prove public registry publication? ' + provesRegistryPublication,
|
|
134
|
+
'- Does this prove marketplace approval? ' + provesMarketplaceApproval,
|
|
135
|
+
'- Does this prove installability from the channel? ' + provesChannelInstallability,
|
|
136
|
+
'',
|
|
137
|
+
'## Residual Risk',
|
|
138
|
+
'',
|
|
139
|
+
'- ' + residualRisk,
|
|
140
|
+
'',
|
|
141
|
+
'## Next Action',
|
|
142
|
+
'',
|
|
143
|
+
'- ' + nextAction,
|
|
144
|
+
'',
|
|
145
|
+
]
|
|
146
|
+
|
|
147
|
+
const report = {
|
|
148
|
+
root,
|
|
149
|
+
out,
|
|
150
|
+
dryRun,
|
|
151
|
+
publicationStatus,
|
|
152
|
+
channelType,
|
|
153
|
+
evidenceStatus,
|
|
154
|
+
status: errors.length ? 'failed' : dryRun ? 'ready' : 'written',
|
|
155
|
+
errors,
|
|
156
|
+
}
|
|
157
|
+
|
|
158
|
+
if (!errors.length && !dryRun) {
|
|
159
|
+
if (fs.existsSync(out) && !force) {
|
|
160
|
+
report.status = 'exists'
|
|
161
|
+
report.errors.push('output exists; use --force or choose another --out path')
|
|
162
|
+
} else {
|
|
163
|
+
fs.mkdirSync(path.dirname(out), { recursive: true })
|
|
164
|
+
fs.writeFileSync(out, lines.join('\n'), 'utf8')
|
|
165
|
+
}
|
|
166
|
+
}
|
|
167
|
+
|
|
168
|
+
if (jsonOnly) console.log(JSON.stringify(report, null, 2))
|
|
169
|
+
else {
|
|
170
|
+
console.log('Public channel publication record status: ' + report.status)
|
|
171
|
+
console.log('Output: ' + report.out)
|
|
172
|
+
if (report.errors.length) {
|
|
173
|
+
console.log('Errors:')
|
|
174
|
+
for (const error of report.errors) console.log('- ' + error)
|
|
175
|
+
}
|
|
176
|
+
}
|
|
177
|
+
|
|
178
|
+
if (report.status === 'failed' || report.status === 'exists') process.exit(1)
|