@t275005746/gse 0.1.0 → 0.1.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (180) hide show
  1. package/.github/ISSUE_TEMPLATE/bug_report.yml +42 -42
  2. package/.github/ISSUE_TEMPLATE/change_request.yml +50 -50
  3. package/.github/ISSUE_TEMPLATE/config.yml +5 -5
  4. package/.github/PULL_REQUEST_TEMPLATE.md +38 -38
  5. package/.github/workflows/validate-gse.yml +33 -33
  6. package/.gse/README.md +18 -18
  7. package/.gse/gse-development-protocol.md +50 -50
  8. package/.gse/project-profile.md +29 -29
  9. package/.gse/quality-gates.md +25 -25
  10. package/.gse/releases/public-registry-publication-npm.md +49 -0
  11. package/.gse/releases/public-release-owner-required.md +65 -65
  12. package/.gse/releases/public-security-contact-owner-required.md +45 -45
  13. package/.gse/state.json +3 -4
  14. package/CHANGELOG.md +24 -24
  15. package/CONTRIBUTING.md +64 -64
  16. package/LICENSE +21 -21
  17. package/README.md +1 -1
  18. package/README.zh-CN.md +1 -1
  19. package/SECURITY.md +41 -41
  20. package/SUPPORT.md +38 -38
  21. package/assets/marketplace/README.md +7 -7
  22. package/assets/marketplace/gse-listing.json +75 -75
  23. package/assets/templates/acceptance-execution-packet.md +73 -73
  24. package/assets/templates/adr.md +14 -14
  25. package/assets/templates/change-brief.md +16 -16
  26. package/assets/templates/design.md +18 -18
  27. package/assets/templates/dispatch-packet.md +104 -104
  28. package/assets/templates/evidence.md +14 -14
  29. package/assets/templates/execution-quality-pack.md +65 -65
  30. package/assets/templates/goal-map.md +21 -21
  31. package/assets/templates/host-adapter.md +48 -48
  32. package/assets/templates/host-ui-invocation-record.md +42 -42
  33. package/assets/templates/incident-review.md +60 -60
  34. package/assets/templates/public-channel-publication-record.md +49 -49
  35. package/assets/templates/public-ci-run-record.md +53 -53
  36. package/assets/templates/public-release-record.md +65 -65
  37. package/assets/templates/public-repository-settings-record.md +59 -59
  38. package/assets/templates/public-security-contact-record.md +45 -45
  39. package/assets/templates/release-trust-record.md +32 -32
  40. package/assets/templates/review.md +18 -18
  41. package/assets/templates/spec.md +16 -16
  42. package/assets/templates/target-adoption-evidence.md +29 -29
  43. package/assets/templates/tasks.md +17 -17
  44. package/assets/templates/update-release-acceptance-record.md +58 -58
  45. package/examples/README.md +22 -22
  46. package/examples/agent-runtime-host/.claude/gse-adapter.md +6 -6
  47. package/examples/agent-runtime-host/.codex/gse-adapter.md +7 -7
  48. package/examples/agent-runtime-host/.gse/goal-map.md +7 -7
  49. package/examples/agent-runtime-host/.gse/project-profile.md +27 -27
  50. package/examples/agent-runtime-host/.gse/tooling.md +5 -5
  51. package/examples/agent-runtime-host/.mcp.json +9 -9
  52. package/examples/agent-runtime-host/AGENTS.md +5 -5
  53. package/examples/agent-runtime-host/README.md +10 -10
  54. package/examples/agent-runtime-host/docs/model-routing.md +5 -5
  55. package/examples/cli-tool/.gse/project-profile.md +21 -21
  56. package/examples/cli-tool/AGENTS.md +5 -5
  57. package/examples/cli-tool/README.md +12 -12
  58. package/examples/cli-tool/package.json +21 -21
  59. package/examples/small-app/.env.example +2 -2
  60. package/examples/small-app/.github/workflows/ci.yml +8 -8
  61. package/examples/small-app/AGENTS.md +5 -5
  62. package/examples/small-app/README.md +12 -12
  63. package/examples/small-app/package.json +26 -26
  64. package/examples/small-app/playwright.config.ts +4 -4
  65. package/package.json +53 -53
  66. package/references/adoption-recipes.md +171 -171
  67. package/references/agent-roles.md +49 -49
  68. package/references/architecture-health.md +101 -101
  69. package/references/benchmark-audit.md +73 -73
  70. package/references/community-channels.md +46 -46
  71. package/references/compatibility.md +70 -70
  72. package/references/design-basis.md +38 -38
  73. package/references/domain-model.md +129 -129
  74. package/references/domain-quality-gates.md +75 -75
  75. package/references/drift-audit.md +81 -81
  76. package/references/evidence-taxonomy.md +123 -123
  77. package/references/file-ownership.md +107 -107
  78. package/references/final-readiness.md +84 -84
  79. package/references/forward-test.md +133 -133
  80. package/references/goal-map.md +36 -36
  81. package/references/host-adapters.md +119 -119
  82. package/references/learning-system.md +35 -35
  83. package/references/marketplace-discovery.md +46 -46
  84. package/references/model-routing.md +103 -103
  85. package/references/open-source-defaults.md +39 -39
  86. package/references/operating-model.md +52 -52
  87. package/references/packaging.md +277 -277
  88. package/references/project-agent-workspace.md +89 -89
  89. package/references/project-bootstrap.md +122 -122
  90. package/references/project-profile.md +57 -57
  91. package/references/public-release.md +174 -174
  92. package/references/quality-gates.md +100 -100
  93. package/references/recovery.md +176 -176
  94. package/references/release-trust.md +43 -43
  95. package/references/release.md +126 -126
  96. package/references/review.md +141 -141
  97. package/references/router.md +90 -90
  98. package/references/spec-workflow.md +66 -66
  99. package/references/task-levels.md +81 -81
  100. package/references/tool-adapters.md +73 -73
  101. package/scripts/audit-acceptance-execution-packet.mjs +133 -133
  102. package/scripts/audit-adoption-recipes.mjs +99 -99
  103. package/scripts/audit-change-lifecycle.mjs +77 -77
  104. package/scripts/audit-change-system.mjs +134 -134
  105. package/scripts/audit-ci-readiness.mjs +107 -107
  106. package/scripts/audit-close-gate.mjs +323 -323
  107. package/scripts/audit-command-adapters.mjs +91 -91
  108. package/scripts/audit-command-execution.mjs +210 -210
  109. package/scripts/audit-compatibility.mjs +149 -149
  110. package/scripts/audit-completion-readiness.mjs +292 -292
  111. package/scripts/audit-distribution.mjs +251 -251
  112. package/scripts/audit-domain-quality-gates.mjs +108 -108
  113. package/scripts/audit-evidence-placeholders.mjs +126 -126
  114. package/scripts/audit-final-readiness-promotion.mjs +255 -255
  115. package/scripts/audit-final-readiness.mjs +226 -226
  116. package/scripts/audit-fixtures.mjs +154 -154
  117. package/scripts/audit-fresh-session-readiness.mjs +177 -177
  118. package/scripts/audit-host-runtime-evidence-handoff.mjs +159 -159
  119. package/scripts/audit-host-runtime-invocation-drill.mjs +240 -240
  120. package/scripts/audit-host-runtime-invocations.mjs +254 -254
  121. package/scripts/audit-host-ui-invocation.mjs +132 -132
  122. package/scripts/audit-marketplace-discovery.mjs +122 -122
  123. package/scripts/audit-npm-package-metadata.mjs +155 -155
  124. package/scripts/audit-npm-publish-dry-run.mjs +191 -169
  125. package/scripts/audit-npm-tarball-install.mjs +191 -191
  126. package/scripts/audit-open-source-defaults.mjs +92 -92
  127. package/scripts/audit-open-source-readiness.mjs +97 -97
  128. package/scripts/audit-project.mjs +138 -138
  129. package/scripts/audit-public-acceptance-command-dry-run-drill.mjs +203 -203
  130. package/scripts/audit-public-acceptance-readiness.mjs +224 -224
  131. package/scripts/audit-public-channel-publication.mjs +248 -248
  132. package/scripts/audit-public-ci-run.mjs +184 -184
  133. package/scripts/audit-public-collaboration-templates.mjs +98 -98
  134. package/scripts/audit-public-external-gate-probe.mjs +206 -206
  135. package/scripts/audit-public-release-decision.mjs +201 -201
  136. package/scripts/audit-public-release-metadata.mjs +176 -176
  137. package/scripts/audit-public-repository-settings.mjs +237 -237
  138. package/scripts/audit-public-security-contact.mjs +171 -171
  139. package/scripts/audit-readme-docs.mjs +6 -4
  140. package/scripts/audit-recovery-readiness.mjs +98 -98
  141. package/scripts/audit-release-readiness.mjs +106 -106
  142. package/scripts/audit-release-trust.mjs +62 -62
  143. package/scripts/audit-remote-distribution.mjs +266 -266
  144. package/scripts/audit-roadmap-consistency.mjs +235 -235
  145. package/scripts/audit-signing.mjs +147 -147
  146. package/scripts/audit-state-freshness.mjs +14 -9
  147. package/scripts/audit-target-adoption-evidence.mjs +117 -117
  148. package/scripts/audit-target-project.mjs +507 -507
  149. package/scripts/audit-update-release-acceptance.mjs +136 -136
  150. package/scripts/audit-v1-target-validation.mjs +269 -269
  151. package/scripts/audit-validation-profiles.mjs +125 -125
  152. package/scripts/close-change.mjs +116 -116
  153. package/scripts/discover-project-profile.mjs +307 -307
  154. package/scripts/generate-command-adapter.mjs +231 -231
  155. package/scripts/generate-final-acceptance-packet.mjs +181 -181
  156. package/scripts/generate-final-form-progress-report.mjs +205 -205
  157. package/scripts/generate-host-runtime-evidence-handoff.mjs +206 -206
  158. package/scripts/generate-owner-external-gate-kit.mjs +295 -295
  159. package/scripts/generate-public-acceptance-handoff.mjs +168 -168
  160. package/scripts/generate-public-release-checklist.mjs +207 -207
  161. package/scripts/generate-release-bundle.mjs +505 -505
  162. package/scripts/generate-release-owner-action-plan.mjs +172 -172
  163. package/scripts/generate-release-status-manifest.mjs +200 -200
  164. package/scripts/generate-session-prompt.mjs +188 -188
  165. package/scripts/gse.mjs +67 -67
  166. package/scripts/init-change.mjs +265 -265
  167. package/scripts/init-project.mjs +785 -785
  168. package/scripts/install-gse.mjs +234 -234
  169. package/scripts/lib/evidence-placeholders.mjs +28 -28
  170. package/scripts/package-gse.mjs +174 -174
  171. package/scripts/probe-public-external-gates.mjs +167 -167
  172. package/scripts/record-host-invocation.mjs +151 -151
  173. package/scripts/record-public-channel-publication.mjs +178 -178
  174. package/scripts/record-public-ci-run.mjs +180 -180
  175. package/scripts/record-public-release.mjs +175 -175
  176. package/scripts/record-public-repository-settings.mjs +209 -209
  177. package/scripts/record-public-security-contact.mjs +157 -157
  178. package/scripts/sign-gse-package.mjs +83 -83
  179. package/scripts/update-project-state.mjs +223 -223
  180. package/scripts/verify-gse-package.mjs +85 -85
@@ -1,73 +1,73 @@
1
- # Benchmark Audit
2
-
3
- Use this when improving GSE itself: changing the GSE skill, its scripts, templates, references, project scaffold, or development goals.
4
-
5
- ## Purpose
6
-
7
- GSE development must proactively find workflow gaps. Do not wait for the user to discover missing requirements through manual testing.
8
-
9
- Run this audit against verified local skills, project files, tool help, official docs when available, and focused experiments. Label design judgments separately from verified facts.
10
-
11
- ## Benchmark Sources
12
-
13
- Use the best available sources for the current host:
14
-
15
- - Local GSE files under `.gse/` or the skill folder.
16
- - Installed workflow skills: Comet, OpenSpec, Superpowers-style skills, agentic-engineering, subagent-driven-development, TDD, code review, self-improvement, QA, CI/CD.
17
- - Public or local skill repositories when explicitly referenced or already cloned, such as `mattpocock/skills`.
18
- - Project rules only when GSE is being tested inside a real project: `AGENTS.md`, `CLAUDE.md`, `CONTEXT.md`, ADRs, issue tracker docs, CI config, test scripts.
19
- - Official tool docs only when needed for a drift-prone claim.
20
-
21
- ## GSE Development Audit Matrix
22
-
23
- Score each area as `missing`, `thin`, `usable`, or `strong`.
24
-
25
- | Area | Questions |
26
- |---|---|
27
- | Setup | Can a new agent install or initialize GSE without guessing? |
28
- | Router | Is there a clear map from user intent to GSE references, scripts, and modes? |
29
- | Goal Map | Are GSE's north star, current priority, risks, and next slice visible? |
30
- | Domain Model | Is shared language captured, challenged, and updated? |
31
- | Specs | Are GSE change outcome, scope, non-goals, contracts, and acceptance explicit? |
32
- | Task Slicing | Are tasks vertical, independently verifiable, and sized by risk? |
33
- | Tool Acceleration | Are search, LSP/index, browser, API, MCP, and CI tools recorded with fallbacks? |
34
- | Multi-Agent | Are roles, dispatch packets, file ownership, review gates, and no-fake-delegation rules clear? |
35
- | Implementation | Does GSE development preserve skill patterns and avoid unrelated expansion? |
36
- | Testing | Are focused tests, TDD, smoke, regression, and UI verification rules present? |
37
- | Review | Are spec compliance and code quality reviewed separately? |
38
- | Evidence | Is GSE change evidence recorded with commands and residual risk? |
39
- | Release | Are migration, rollout, rollback, smoke, and known-risk steps defined? |
40
- | Incident | Is there a path for failures, postmortems, and prevention gates? |
41
- | Learning | Are reusable lessons promoted into rules, gates, or templates? |
42
- | Context Hygiene | Are handoff, compaction, stale-context, and token-budget rules defined? |
43
- | Adapter Drift | Are host-specific GSE adapters prevented from diverging from the portable source of truth? |
44
- | Security | Are secrets, permissions, destructive tools, and external services bounded? |
45
- | Observability | Are traces, cost, retries, failures, and long-running state captured when relevant? |
46
-
47
- ## Required Output
48
-
49
- ```text
50
- Outcome:
51
- Benchmark sources:
52
- Strong areas:
53
- Gaps:
54
- Design goal updates:
55
- Next action:
56
- Evidence:
57
- ```
58
-
59
- ## Design Goal Update Rules
60
-
61
- - Add a goal only when it prevents a real failure mode or improves repeatable quality.
62
- - Prefer a small artifact or script over a large prose rule.
63
- - Keep hard prerequisites minimal; record optional adapters separately.
64
- - Turn recurring user corrections into audits, gates, or templates.
65
- - If a benchmark is tool-specific, extract the portable principle before adding it to GSE.
66
- - For non-trivial GSE changes, use `references/forward-test.md` to decide whether structural smoke, fixture forward test, or fresh-session forward test is required.
67
-
68
- ## Current Known GSE Gaps
69
-
70
- - GSE has project scoring, bootstrap smoke, target doctor, command adapters, release gates, evidence taxonomy, quality gates, and final-form progress audits. Keep this section current when a gap is closed so future agents do not chase stale work.
71
- - Host adapter pointer templates are verified through `scripts/generate-command-adapter.mjs` and `scripts/audit-command-adapters.mjs`; older `generate-host-adapter.mjs` coverage is legacy fixture compatibility, not the preferred adoption route.
72
- - Remaining final-form gaps are owner/external evidence gates: public repository settings, public CI run, public security contact, registry publication, marketplace approval, native slash-command evidence, and other host runtime invocation.
73
- - Local future-hardening candidates should come from fresh benchmark evidence, not from this historical list.
1
+ # Benchmark Audit
2
+
3
+ Use this when improving GSE itself: changing the GSE skill, its scripts, templates, references, project scaffold, or development goals.
4
+
5
+ ## Purpose
6
+
7
+ GSE development must proactively find workflow gaps. Do not wait for the user to discover missing requirements through manual testing.
8
+
9
+ Run this audit against verified local skills, project files, tool help, official docs when available, and focused experiments. Label design judgments separately from verified facts.
10
+
11
+ ## Benchmark Sources
12
+
13
+ Use the best available sources for the current host:
14
+
15
+ - Local GSE files under `.gse/` or the skill folder.
16
+ - Installed workflow skills: Comet, OpenSpec, Superpowers-style skills, agentic-engineering, subagent-driven-development, TDD, code review, self-improvement, QA, CI/CD.
17
+ - Public or local skill repositories when explicitly referenced or already cloned, such as `mattpocock/skills`.
18
+ - Project rules only when GSE is being tested inside a real project: `AGENTS.md`, `CLAUDE.md`, `CONTEXT.md`, ADRs, issue tracker docs, CI config, test scripts.
19
+ - Official tool docs only when needed for a drift-prone claim.
20
+
21
+ ## GSE Development Audit Matrix
22
+
23
+ Score each area as `missing`, `thin`, `usable`, or `strong`.
24
+
25
+ | Area | Questions |
26
+ |---|---|
27
+ | Setup | Can a new agent install or initialize GSE without guessing? |
28
+ | Router | Is there a clear map from user intent to GSE references, scripts, and modes? |
29
+ | Goal Map | Are GSE's north star, current priority, risks, and next slice visible? |
30
+ | Domain Model | Is shared language captured, challenged, and updated? |
31
+ | Specs | Are GSE change outcome, scope, non-goals, contracts, and acceptance explicit? |
32
+ | Task Slicing | Are tasks vertical, independently verifiable, and sized by risk? |
33
+ | Tool Acceleration | Are search, LSP/index, browser, API, MCP, and CI tools recorded with fallbacks? |
34
+ | Multi-Agent | Are roles, dispatch packets, file ownership, review gates, and no-fake-delegation rules clear? |
35
+ | Implementation | Does GSE development preserve skill patterns and avoid unrelated expansion? |
36
+ | Testing | Are focused tests, TDD, smoke, regression, and UI verification rules present? |
37
+ | Review | Are spec compliance and code quality reviewed separately? |
38
+ | Evidence | Is GSE change evidence recorded with commands and residual risk? |
39
+ | Release | Are migration, rollout, rollback, smoke, and known-risk steps defined? |
40
+ | Incident | Is there a path for failures, postmortems, and prevention gates? |
41
+ | Learning | Are reusable lessons promoted into rules, gates, or templates? |
42
+ | Context Hygiene | Are handoff, compaction, stale-context, and token-budget rules defined? |
43
+ | Adapter Drift | Are host-specific GSE adapters prevented from diverging from the portable source of truth? |
44
+ | Security | Are secrets, permissions, destructive tools, and external services bounded? |
45
+ | Observability | Are traces, cost, retries, failures, and long-running state captured when relevant? |
46
+
47
+ ## Required Output
48
+
49
+ ```text
50
+ Outcome:
51
+ Benchmark sources:
52
+ Strong areas:
53
+ Gaps:
54
+ Design goal updates:
55
+ Next action:
56
+ Evidence:
57
+ ```
58
+
59
+ ## Design Goal Update Rules
60
+
61
+ - Add a goal only when it prevents a real failure mode or improves repeatable quality.
62
+ - Prefer a small artifact or script over a large prose rule.
63
+ - Keep hard prerequisites minimal; record optional adapters separately.
64
+ - Turn recurring user corrections into audits, gates, or templates.
65
+ - If a benchmark is tool-specific, extract the portable principle before adding it to GSE.
66
+ - For non-trivial GSE changes, use `references/forward-test.md` to decide whether structural smoke, fixture forward test, or fresh-session forward test is required.
67
+
68
+ ## Current Known GSE Gaps
69
+
70
+ - GSE has project scoring, bootstrap smoke, target doctor, command adapters, release gates, evidence taxonomy, quality gates, and final-form progress audits. Keep this section current when a gap is closed so future agents do not chase stale work.
71
+ - Host adapter pointer templates are verified through `scripts/generate-command-adapter.mjs` and `scripts/audit-command-adapters.mjs`; older `generate-host-adapter.mjs` coverage is legacy fixture compatibility, not the preferred adoption route.
72
+ - Remaining final-form gaps are owner/external evidence gates: public repository settings, public CI run, public security contact, registry publication, marketplace approval, native slash-command evidence, and other host runtime invocation.
73
+ - Local future-hardening candidates should come from fresh benchmark evidence, not from this historical list.
@@ -1,46 +1,46 @@
1
- # Community Channels
2
-
3
- Use this when a public GSE release needs owner-approved contribution, support, sponsorship, or service links.
4
-
5
- Community channels are release metadata. They help people find the right place to ask questions, support the maintainer, or discover related services. They do not prove package publication, marketplace approval, security disclosure readiness, or host-native command support.
6
-
7
- ## Current Owner Candidate
8
-
9
- GateHub can be listed as an optional maintainer support and service link after owner approval:
10
-
11
- - Name: GateHub
12
- - URL: https://gatehub.top/
13
- - Public page title observed on 2026-07-07: `GateHub - AI API Gateway`
14
- - Public subtitle observed on 2026-07-07: `AI大模型代理平台`
15
- - Public contact observed on 2026-07-07: `QQ:275005746`
16
- - Recommended use in GSE docs: optional support, sponsorship, affiliate, or maintainer-service link.
17
-
18
- Do not describe GateHub as:
19
-
20
- - the official GSE package registry,
21
- - a marketplace approval channel,
22
- - a vulnerability disclosure channel,
23
- - proof of public CI, release, or host runtime support,
24
- - a required dependency for using GSE.
25
-
26
- ## Placement
27
-
28
- Recommended locations:
29
-
30
- - `SUPPORT.md`: optional maintainer/community support channel.
31
- - Public repository sidebar or GitHub profile: project support or service link.
32
- - Release notes: optional "Support the maintainer" link when the release owner approves it.
33
- - Marketplace/catalog listing: support URL or related service URL, if the marketplace allows it.
34
-
35
- Avoid putting the link into the core workflow explanation, command reference, quality gates, or installation steps unless GateHub becomes a verified part of that workflow.
36
-
37
- ## Acceptance
38
-
39
- A community channel can be called:
40
-
41
- - `result`: the link and intended use are documented.
42
- - `verified`: the link resolves and the docs preserve claim boundaries.
43
- - `accepted`: the owner approves the public placement and the target public page, repository, or listing contains the link.
44
-
45
- Keep security contact separate. A support or service contact is not a vulnerability disclosure policy unless the owner explicitly accepts it as such and `SECURITY.md` is updated.
46
-
1
+ # Community Channels
2
+
3
+ Use this when a public GSE release needs owner-approved contribution, support, sponsorship, or service links.
4
+
5
+ Community channels are release metadata. They help people find the right place to ask questions, support the maintainer, or discover related services. They do not prove package publication, marketplace approval, security disclosure readiness, or host-native command support.
6
+
7
+ ## Current Owner Candidate
8
+
9
+ GateHub can be listed as an optional maintainer support and service link after owner approval:
10
+
11
+ - Name: GateHub
12
+ - URL: https://gatehub.top/
13
+ - Public page title observed on 2026-07-07: `GateHub - AI API Gateway`
14
+ - Public subtitle observed on 2026-07-07: `AI大模型代理平台`
15
+ - Public contact observed on 2026-07-07: `QQ:275005746`
16
+ - Recommended use in GSE docs: optional support, sponsorship, affiliate, or maintainer-service link.
17
+
18
+ Do not describe GateHub as:
19
+
20
+ - the official GSE package registry,
21
+ - a marketplace approval channel,
22
+ - a vulnerability disclosure channel,
23
+ - proof of public CI, release, or host runtime support,
24
+ - a required dependency for using GSE.
25
+
26
+ ## Placement
27
+
28
+ Recommended locations:
29
+
30
+ - `SUPPORT.md`: optional maintainer/community support channel.
31
+ - Public repository sidebar or GitHub profile: project support or service link.
32
+ - Release notes: optional "Support the maintainer" link when the release owner approves it.
33
+ - Marketplace/catalog listing: support URL or related service URL, if the marketplace allows it.
34
+
35
+ Avoid putting the link into the core workflow explanation, command reference, quality gates, or installation steps unless GateHub becomes a verified part of that workflow.
36
+
37
+ ## Acceptance
38
+
39
+ A community channel can be called:
40
+
41
+ - `result`: the link and intended use are documented.
42
+ - `verified`: the link resolves and the docs preserve claim boundaries.
43
+ - `accepted`: the owner approves the public placement and the target public page, repository, or listing contains the link.
44
+
45
+ Keep security contact separate. A support or service contact is not a vulnerability disclosure policy unless the owner explicitly accepts it as such and `SECURITY.md` is updated.
46
+
@@ -1,70 +1,70 @@
1
- # Compatibility And Adoption Matrix
2
-
3
- Use this to record what GSE can honestly claim across agent hosts. This matrix is about GSE portability, not proof that every host-specific tool is installed in a project.
4
-
5
- ## Status Vocabulary
6
-
7
- - `verified`: backed by a local file, script, fixture, command, or trusted project-specific evidence in the current GSE skill or target project.
8
- - `documented`: described by GSE references, examples, or project files, but not exercised in the current evidence set.
9
- - `unknown`: no reliable evidence yet.
10
- - `unavailable`: expected capability is missing or failed when checked.
11
-
12
- Never upgrade a host capability from `documented` to `verified` just because another host has a similar capability.
13
-
14
- ## Portable Source Of Truth
15
-
16
- `.gse/` is the portable source of truth for goals, profile, quality gates, evidence, learning, and project-specific workflow rules.
17
-
18
- Host-specific folders are adapters. They may contain commands, hooks, skills, MCP notes, UI metadata, or short pointers, but they should point back to `.gse/` instead of copying the whole workflow.
19
-
20
- ## Host Matrix
21
-
22
- | Host family | Adapter location | Source-of-truth pointer | Current status | Evidence | Fallback |
23
- |---|---|---|---|---|---|
24
- | Codex-style | `.codex/`, Codex skills, MCP config | Must point to `.gse/` | `verified` for fixture pointer; host tools are project-specific | `examples/agent-runtime-host/.codex/gse-adapter.md`, `scripts/forward-test-gse.mjs`, `scripts/audit-fixtures.mjs` | Use `SKILL.md`, `.gse/project-profile.md`, and markdown workflow when Codex host tools are absent |
25
- | Claude Code-style | `.claude/commands/`, `.claude/agents/`, `.claude/hooks/` | Must point to `.gse/` | `verified` for fixture pointer; commands/agents/hooks remain project-specific | `examples/agent-runtime-host/.claude/gse-adapter.md`, `scripts/forward-test-gse.mjs`, `scripts/audit-fixtures.mjs` | Use `.gse/` docs directly; do not duplicate goal maps into `.claude/` |
26
- | Hermes/AION-style runtime | `.gse/host-adapters/hermes-runtime.md`, runtime skills, worker adapters, memory/tool substrate docs | Must keep AION/product policy in `.gse/` or project docs; runtime details are adapters | `verified` for generated pointer; runtime tools remain project-specific | `scripts/generate-command-adapter.mjs`, `scripts/audit-command-adapters.mjs`, `references/host-adapters.md`, `references/model-routing.md`, `examples/agent-runtime-host/docs/model-routing.md` | Treat runtime capabilities as `unknown` until project evidence verifies workers, memory, tools, or model routing |
27
- | WorkBuddy/other IDE agents | `.gse/host-adapters/workbuddy.md`, local docs, plugin settings, task templates | Must point to `.gse/` | `verified` for generated pointer; IDE tools remain project-specific | `scripts/generate-command-adapter.mjs`, `scripts/audit-command-adapters.mjs`, `SKILL.md`, `references/host-adapters.md` | Use `.gse/README.md`, `.gse/project-profile.md`, and `references/router.md` when no host adapter exists |
28
- | Copilot/Gemini-style assistants | repository instructions, workspace docs | Short instruction to read `.gse/project-profile.md` and relevant gates | `documented` | `references/host-adapters.md` | Use repository instructions plus `.gse/` files; keep advanced tool claims `unknown` |
29
- | Unknown or custom host | `.gse/host-adapters/generic-agent.md`, host-specific docs decided by the project | Must link back to `.gse/` | `verified` for generated generic pointer; host runtime remains unknown | `scripts/generate-command-adapter.mjs`, `scripts/audit-command-adapters.mjs` | Create a fuller adapter from `assets/templates/host-adapter.md` only when the project has a real host mechanism |
30
-
31
- ## Capability Matrix
32
-
33
- | Capability | Portable GSE layer | Codex-style | Claude Code-style | Hermes/AION-style | WorkBuddy/other | Notes |
34
- |---|---|---|---|---|---|---|
35
- | Goal map and evidence | `verified` | `documented` | `documented` | `documented` | `documented` | Portable files live under `.gse/`; host adapters should point there |
36
- | Project bootstrap | `verified` | `documented` | `documented` | `documented` | `documented` | Verified by `scripts/audit-project.mjs` and `scripts/validate-gse.mjs` |
37
- | Project profile discovery | `verified` | `documented` | `documented` | `documented` | `documented` | Verified by `scripts/audit-adoption.mjs`; host use still depends on project files |
38
- | Host adapter pointer | `verified` for generated pointers | `verified` | `verified` | `verified` for generated pointer | `verified` for generated pointer | Generated pointers are verified by `scripts/audit-command-adapters.mjs`; runtime invocation still needs host records |
39
- | Subagents | `documented` fallback rules | `unknown` | `unknown` | `unknown` | `unknown` | Real subagent availability must be checked per host/session |
40
- | MCP | `documented` status vocabulary | `unknown` | `unknown` | `unknown` | `unknown` | Config presence is documented, not tool availability |
41
- | LSP/index | `documented` recommendation | `unknown` | `unknown` | `unknown` | `unknown` | Verify per project before relying on symbol navigation |
42
- | Browser/Playwright | `documented` evidence rules | `unknown` | `unknown` | `unknown` | `unknown` | Fixture config can document Playwright; running browser tests is separate evidence |
43
- | Model routing | `documented` reference | `unknown` | `unknown` | `documented` | `unknown` | Provider/model behavior needs provider-specific evidence |
44
- | Hooks/plugins | `documented` adapter rule | `unknown` | `unknown` | `unknown` | `unknown` | Do not enable hooks or plugins without project approval and evidence |
45
-
46
- ## Adoption Rules
47
-
48
- 1. Start from `.gse/README.md`, `.gse/project-profile.md`, and `.gse/goal-map.md` when they exist.
49
- 2. If a host folder exists, read only the short host adapter first, then return to `.gse/` for policy and evidence.
50
- 3. Record host-specific commands, hooks, MCP servers, subagents, models, browser tools, and indexes as `unknown` until checked in that project/session.
51
- 4. Use `documented` for config or docs that exist but have not been executed.
52
- 5. Use `verified` only when current evidence proves the claim.
53
- 6. Use `unavailable` when an expected host feature is missing or failing.
54
- 7. Use `references/drift-audit.md` when host folders and `.gse/` disagree.
55
-
56
- ## Minimum Host Adapter
57
-
58
- A host adapter should be short:
59
-
60
- ```text
61
- # <Host> Adapter
62
-
63
- Source of truth: `.gse/`.
64
-
65
- - Read `.gse/project-profile.md` before using host-specific tools.
66
- - Mark host capabilities verified only after current-session evidence.
67
- - Use `references/drift-audit.md` when adapter claims and current tools disagree.
68
- ```
69
-
70
- Use `assets/templates/host-adapter.md` when a fuller adapter record is needed.
1
+ # Compatibility And Adoption Matrix
2
+
3
+ Use this to record what GSE can honestly claim across agent hosts. This matrix is about GSE portability, not proof that every host-specific tool is installed in a project.
4
+
5
+ ## Status Vocabulary
6
+
7
+ - `verified`: backed by a local file, script, fixture, command, or trusted project-specific evidence in the current GSE skill or target project.
8
+ - `documented`: described by GSE references, examples, or project files, but not exercised in the current evidence set.
9
+ - `unknown`: no reliable evidence yet.
10
+ - `unavailable`: expected capability is missing or failed when checked.
11
+
12
+ Never upgrade a host capability from `documented` to `verified` just because another host has a similar capability.
13
+
14
+ ## Portable Source Of Truth
15
+
16
+ `.gse/` is the portable source of truth for goals, profile, quality gates, evidence, learning, and project-specific workflow rules.
17
+
18
+ Host-specific folders are adapters. They may contain commands, hooks, skills, MCP notes, UI metadata, or short pointers, but they should point back to `.gse/` instead of copying the whole workflow.
19
+
20
+ ## Host Matrix
21
+
22
+ | Host family | Adapter location | Source-of-truth pointer | Current status | Evidence | Fallback |
23
+ |---|---|---|---|---|---|
24
+ | Codex-style | `.codex/`, Codex skills, MCP config | Must point to `.gse/` | `verified` for fixture pointer; host tools are project-specific | `examples/agent-runtime-host/.codex/gse-adapter.md`, `scripts/forward-test-gse.mjs`, `scripts/audit-fixtures.mjs` | Use `SKILL.md`, `.gse/project-profile.md`, and markdown workflow when Codex host tools are absent |
25
+ | Claude Code-style | `.claude/commands/`, `.claude/agents/`, `.claude/hooks/` | Must point to `.gse/` | `verified` for fixture pointer; commands/agents/hooks remain project-specific | `examples/agent-runtime-host/.claude/gse-adapter.md`, `scripts/forward-test-gse.mjs`, `scripts/audit-fixtures.mjs` | Use `.gse/` docs directly; do not duplicate goal maps into `.claude/` |
26
+ | Hermes/AION-style runtime | `.gse/host-adapters/hermes-runtime.md`, runtime skills, worker adapters, memory/tool substrate docs | Must keep AION/product policy in `.gse/` or project docs; runtime details are adapters | `verified` for generated pointer; runtime tools remain project-specific | `scripts/generate-command-adapter.mjs`, `scripts/audit-command-adapters.mjs`, `references/host-adapters.md`, `references/model-routing.md`, `examples/agent-runtime-host/docs/model-routing.md` | Treat runtime capabilities as `unknown` until project evidence verifies workers, memory, tools, or model routing |
27
+ | WorkBuddy/other IDE agents | `.gse/host-adapters/workbuddy.md`, local docs, plugin settings, task templates | Must point to `.gse/` | `verified` for generated pointer; IDE tools remain project-specific | `scripts/generate-command-adapter.mjs`, `scripts/audit-command-adapters.mjs`, `SKILL.md`, `references/host-adapters.md` | Use `.gse/README.md`, `.gse/project-profile.md`, and `references/router.md` when no host adapter exists |
28
+ | Copilot/Gemini-style assistants | repository instructions, workspace docs | Short instruction to read `.gse/project-profile.md` and relevant gates | `documented` | `references/host-adapters.md` | Use repository instructions plus `.gse/` files; keep advanced tool claims `unknown` |
29
+ | Unknown or custom host | `.gse/host-adapters/generic-agent.md`, host-specific docs decided by the project | Must link back to `.gse/` | `verified` for generated generic pointer; host runtime remains unknown | `scripts/generate-command-adapter.mjs`, `scripts/audit-command-adapters.mjs` | Create a fuller adapter from `assets/templates/host-adapter.md` only when the project has a real host mechanism |
30
+
31
+ ## Capability Matrix
32
+
33
+ | Capability | Portable GSE layer | Codex-style | Claude Code-style | Hermes/AION-style | WorkBuddy/other | Notes |
34
+ |---|---|---|---|---|---|---|
35
+ | Goal map and evidence | `verified` | `documented` | `documented` | `documented` | `documented` | Portable files live under `.gse/`; host adapters should point there |
36
+ | Project bootstrap | `verified` | `documented` | `documented` | `documented` | `documented` | Verified by `scripts/audit-project.mjs` and `scripts/validate-gse.mjs` |
37
+ | Project profile discovery | `verified` | `documented` | `documented` | `documented` | `documented` | Verified by `scripts/audit-adoption.mjs`; host use still depends on project files |
38
+ | Host adapter pointer | `verified` for generated pointers | `verified` | `verified` | `verified` for generated pointer | `verified` for generated pointer | Generated pointers are verified by `scripts/audit-command-adapters.mjs`; runtime invocation still needs host records |
39
+ | Subagents | `documented` fallback rules | `unknown` | `unknown` | `unknown` | `unknown` | Real subagent availability must be checked per host/session |
40
+ | MCP | `documented` status vocabulary | `unknown` | `unknown` | `unknown` | `unknown` | Config presence is documented, not tool availability |
41
+ | LSP/index | `documented` recommendation | `unknown` | `unknown` | `unknown` | `unknown` | Verify per project before relying on symbol navigation |
42
+ | Browser/Playwright | `documented` evidence rules | `unknown` | `unknown` | `unknown` | `unknown` | Fixture config can document Playwright; running browser tests is separate evidence |
43
+ | Model routing | `documented` reference | `unknown` | `unknown` | `documented` | `unknown` | Provider/model behavior needs provider-specific evidence |
44
+ | Hooks/plugins | `documented` adapter rule | `unknown` | `unknown` | `unknown` | `unknown` | Do not enable hooks or plugins without project approval and evidence |
45
+
46
+ ## Adoption Rules
47
+
48
+ 1. Start from `.gse/README.md`, `.gse/project-profile.md`, and `.gse/goal-map.md` when they exist.
49
+ 2. If a host folder exists, read only the short host adapter first, then return to `.gse/` for policy and evidence.
50
+ 3. Record host-specific commands, hooks, MCP servers, subagents, models, browser tools, and indexes as `unknown` until checked in that project/session.
51
+ 4. Use `documented` for config or docs that exist but have not been executed.
52
+ 5. Use `verified` only when current evidence proves the claim.
53
+ 6. Use `unavailable` when an expected host feature is missing or failing.
54
+ 7. Use `references/drift-audit.md` when host folders and `.gse/` disagree.
55
+
56
+ ## Minimum Host Adapter
57
+
58
+ A host adapter should be short:
59
+
60
+ ```text
61
+ # <Host> Adapter
62
+
63
+ Source of truth: `.gse/`.
64
+
65
+ - Read `.gse/project-profile.md` before using host-specific tools.
66
+ - Mark host capabilities verified only after current-session evidence.
67
+ - Use `references/drift-audit.md` when adapter claims and current tools disagree.
68
+ ```
69
+
70
+ Use `assets/templates/host-adapter.md` when a fuller adapter record is needed.
@@ -1,38 +1,38 @@
1
- # GSE Design Basis
2
-
3
- This file separates verified sources from design judgment.
4
-
5
- ## Verified Local Sources
6
-
7
- - `skill-creator` requires a concise `SKILL.md`, optional `references/`, `scripts/`, and `assets/`, with progressive disclosure and validation.
8
- - `agentic-engineering` defines eval-first execution, agent-sized decomposition, model routing, and review focus for AI-generated code.
9
- - `subagent-driven-development` defines fresh subagents per task, explicit roles, spec review, code quality review, and never faking delegation.
10
- - `comet` combines OpenSpec and Superpowers through open, design, build, verify, archive phases, with hotfix/tweak presets and state files.
11
- - `openspec-propose` creates proposal, design, specs, and tasks as change artifacts.
12
- - `self-improvement` records reusable learnings, errors, feature requests, and promotes recurring lessons into project rules.
13
- - `ci-cd-and-automation` and `code-review-and-quality` describe automated gates and review axes as quality enforcement mechanisms.
14
-
15
- ## User Requirements Captured
16
-
17
- - GSE must target large, long-running commercial projects first, while degrading for small projects.
18
- - GSE must be agent-agnostic across Codex, Claude Code, Hermes, WorkBuddy, and similar tools.
19
- - GSE must support goal maps, specs, evidence, roles, tool acceleration, learning, release, incident, and quality gates.
20
- - GSE must have few hard prerequisites; optional tools should enhance, not block.
21
- - GSE itself must be developed using GSE principles.
22
- - GSE must not invent unsupported facts; evidence and assumptions must be separated.
23
- - GSE must proactively benchmark itself and project workflows against mature skills and public practices, then convert gaps into goals, gates, templates, or scripts.
24
-
25
- ## Design Judgments
26
-
27
- - Use GSE as the public name because it is short, avoids AES encryption ambiguity, and captures the core loop.
28
- - Use `.gse/` as the durable project folder because hidden workflow folders are familiar and avoid polluting product docs.
29
- - Use task levels so small tasks do not inherit enterprise ceremony.
30
- - Use markdown fallback for all optional tools so the workflow remains portable.
31
- - Use benchmark audits as a recurring design mechanism because a purely reactive process lets users discover missing requirements through failures.
32
-
33
- ## Open Questions
34
-
35
- - Whether GSE should later publish official adapters for specific hosts, such as Codex Desktop or Claude Code.
36
- - Whether GSE should include a telemetry dashboard by default or only recommend skill-usage as an optional enhancement.
37
- - Whether project initialization should update `AGENTS.md` automatically or require explicit approval.
38
- - How often benchmark audits should run by default: every major project phase, every N slices, or only on explicit request.
1
+ # GSE Design Basis
2
+
3
+ This file separates verified sources from design judgment.
4
+
5
+ ## Verified Local Sources
6
+
7
+ - `skill-creator` requires a concise `SKILL.md`, optional `references/`, `scripts/`, and `assets/`, with progressive disclosure and validation.
8
+ - `agentic-engineering` defines eval-first execution, agent-sized decomposition, model routing, and review focus for AI-generated code.
9
+ - `subagent-driven-development` defines fresh subagents per task, explicit roles, spec review, code quality review, and never faking delegation.
10
+ - `comet` combines OpenSpec and Superpowers through open, design, build, verify, archive phases, with hotfix/tweak presets and state files.
11
+ - `openspec-propose` creates proposal, design, specs, and tasks as change artifacts.
12
+ - `self-improvement` records reusable learnings, errors, feature requests, and promotes recurring lessons into project rules.
13
+ - `ci-cd-and-automation` and `code-review-and-quality` describe automated gates and review axes as quality enforcement mechanisms.
14
+
15
+ ## User Requirements Captured
16
+
17
+ - GSE must target large, long-running commercial projects first, while degrading for small projects.
18
+ - GSE must be agent-agnostic across Codex, Claude Code, Hermes, WorkBuddy, and similar tools.
19
+ - GSE must support goal maps, specs, evidence, roles, tool acceleration, learning, release, incident, and quality gates.
20
+ - GSE must have few hard prerequisites; optional tools should enhance, not block.
21
+ - GSE itself must be developed using GSE principles.
22
+ - GSE must not invent unsupported facts; evidence and assumptions must be separated.
23
+ - GSE must proactively benchmark itself and project workflows against mature skills and public practices, then convert gaps into goals, gates, templates, or scripts.
24
+
25
+ ## Design Judgments
26
+
27
+ - Use GSE as the public name because it is short, avoids AES encryption ambiguity, and captures the core loop.
28
+ - Use `.gse/` as the durable project folder because hidden workflow folders are familiar and avoid polluting product docs.
29
+ - Use task levels so small tasks do not inherit enterprise ceremony.
30
+ - Use markdown fallback for all optional tools so the workflow remains portable.
31
+ - Use benchmark audits as a recurring design mechanism because a purely reactive process lets users discover missing requirements through failures.
32
+
33
+ ## Open Questions
34
+
35
+ - Whether GSE should later publish official adapters for specific hosts, such as Codex Desktop or Claude Code.
36
+ - Whether GSE should include a telemetry dashboard by default or only recommend skill-usage as an optional enhancement.
37
+ - Whether project initialization should update `AGENTS.md` automatically or require explicit approval.
38
+ - How often benchmark audits should run by default: every major project phase, every N slices, or only on explicit request.