@t275005746/gse 0.1.0 → 0.1.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (228) hide show
  1. package/.github/ISSUE_TEMPLATE/bug_report.yml +42 -42
  2. package/.github/ISSUE_TEMPLATE/change_request.yml +50 -50
  3. package/.github/ISSUE_TEMPLATE/config.yml +5 -5
  4. package/.github/PULL_REQUEST_TEMPLATE.md +38 -38
  5. package/.github/workflows/validate-gse.yml +33 -33
  6. package/.gse/README.md +18 -18
  7. package/.gse/gse-development-protocol.md +50 -50
  8. package/.gse/project-profile.md +29 -29
  9. package/.gse/quality-gates.md +25 -25
  10. package/.gse/releases/public-registry-publication-npm.md +49 -0
  11. package/.gse/releases/public-release-owner-required.md +65 -65
  12. package/.gse/releases/public-security-contact-owner-required.md +45 -45
  13. package/.gse/state.json +147 -27
  14. package/CHANGELOG.md +31 -15
  15. package/CONTRIBUTING.md +64 -64
  16. package/LICENSE +21 -21
  17. package/README.md +14 -7
  18. package/README.zh-CN.md +14 -7
  19. package/SECURITY.md +41 -41
  20. package/SKILL.md +32 -12
  21. package/SUPPORT.md +38 -38
  22. package/assets/marketplace/README.md +7 -7
  23. package/assets/marketplace/gse-listing.json +75 -75
  24. package/assets/templates/acceptance-execution-packet.md +73 -73
  25. package/assets/templates/adr.md +14 -14
  26. package/assets/templates/change-brief.md +16 -16
  27. package/assets/templates/design.md +18 -18
  28. package/assets/templates/dispatch-packet.md +100 -92
  29. package/assets/templates/evidence.md +15 -9
  30. package/assets/templates/execution-quality-pack.md +65 -65
  31. package/assets/templates/goal-map.md +21 -21
  32. package/assets/templates/host-adapter.md +48 -48
  33. package/assets/templates/host-ui-invocation-record.md +42 -42
  34. package/assets/templates/incident-review.md +60 -60
  35. package/assets/templates/public-channel-publication-record.md +49 -49
  36. package/assets/templates/public-ci-run-record.md +53 -53
  37. package/assets/templates/public-release-record.md +65 -65
  38. package/assets/templates/public-repository-settings-record.md +59 -59
  39. package/assets/templates/public-security-contact-record.md +45 -45
  40. package/assets/templates/release-trust-record.md +32 -32
  41. package/assets/templates/review.md +18 -18
  42. package/assets/templates/role-fallback-packet.md +49 -0
  43. package/assets/templates/spec.md +16 -16
  44. package/assets/templates/target-adoption-evidence.md +29 -29
  45. package/assets/templates/tasks.md +17 -17
  46. package/assets/templates/update-release-acceptance-record.md +58 -58
  47. package/examples/README.md +22 -22
  48. package/examples/agent-runtime-host/.claude/gse-adapter.md +6 -6
  49. package/examples/agent-runtime-host/.codex/gse-adapter.md +7 -7
  50. package/examples/agent-runtime-host/.gse/goal-map.md +7 -7
  51. package/examples/agent-runtime-host/.gse/project-profile.md +27 -27
  52. package/examples/agent-runtime-host/.gse/tooling.md +5 -5
  53. package/examples/agent-runtime-host/.mcp.json +9 -9
  54. package/examples/agent-runtime-host/AGENTS.md +5 -5
  55. package/examples/agent-runtime-host/README.md +10 -10
  56. package/examples/agent-runtime-host/docs/model-routing.md +5 -5
  57. package/examples/cli-tool/.gse/project-profile.md +21 -21
  58. package/examples/cli-tool/AGENTS.md +5 -5
  59. package/examples/cli-tool/README.md +12 -12
  60. package/examples/cli-tool/package.json +21 -21
  61. package/examples/small-app/.env.example +2 -2
  62. package/examples/small-app/.github/workflows/ci.yml +8 -8
  63. package/examples/small-app/AGENTS.md +5 -5
  64. package/examples/small-app/README.md +12 -12
  65. package/examples/small-app/package.json +26 -26
  66. package/examples/small-app/playwright.config.ts +4 -4
  67. package/package.json +52 -44
  68. package/references/adoption-recipes.md +171 -171
  69. package/references/agent-roles.md +42 -21
  70. package/references/architecture-health.md +101 -101
  71. package/references/benchmark-audit.md +73 -73
  72. package/references/commands.md +74 -45
  73. package/references/community-channels.md +46 -46
  74. package/references/compatibility.md +70 -70
  75. package/references/design-basis.md +38 -38
  76. package/references/domain-model.md +129 -129
  77. package/references/domain-quality-gates.md +75 -75
  78. package/references/drift-audit.md +81 -80
  79. package/references/evidence-taxonomy.md +145 -108
  80. package/references/file-ownership.md +97 -93
  81. package/references/final-form-roadmap.md +201 -0
  82. package/references/final-readiness.md +84 -84
  83. package/references/forward-test.md +133 -133
  84. package/references/goal-map.md +36 -36
  85. package/references/host-adapters.md +129 -101
  86. package/references/learning-system.md +42 -26
  87. package/references/maintenance-cadence.md +51 -0
  88. package/references/marketplace-discovery.md +46 -46
  89. package/references/model-routing.md +103 -103
  90. package/references/open-source-defaults.md +39 -39
  91. package/references/operating-model.md +52 -52
  92. package/references/packaging.md +277 -277
  93. package/references/project-agent-workspace.md +89 -89
  94. package/references/project-bootstrap.md +122 -122
  95. package/references/project-guards.md +52 -0
  96. package/references/project-profile.md +57 -57
  97. package/references/public-release.md +174 -174
  98. package/references/quality-gates.md +96 -89
  99. package/references/recovery.md +176 -176
  100. package/references/release-trust.md +43 -43
  101. package/references/release.md +126 -126
  102. package/references/review.md +141 -141
  103. package/references/role-dispatch-fallback.md +54 -0
  104. package/references/router.md +90 -90
  105. package/references/spec-workflow.md +66 -66
  106. package/references/task-levels.md +81 -81
  107. package/references/tool-adapters.md +80 -70
  108. package/scripts/audit-acceptance-execution-packet.mjs +133 -133
  109. package/scripts/audit-adoption-recipes.mjs +99 -99
  110. package/scripts/audit-change-lifecycle.mjs +77 -77
  111. package/scripts/audit-change-system.mjs +134 -134
  112. package/scripts/audit-ci-readiness.mjs +107 -107
  113. package/scripts/audit-close-gate-hardening.mjs +188 -0
  114. package/scripts/audit-close-gate.mjs +448 -262
  115. package/scripts/audit-command-adapters.mjs +91 -91
  116. package/scripts/audit-command-execution.mjs +212 -199
  117. package/scripts/audit-commands.mjs +7 -5
  118. package/scripts/audit-compatibility.mjs +149 -149
  119. package/scripts/audit-completion-plan-drill.mjs +230 -0
  120. package/scripts/audit-completion-readiness.mjs +290 -287
  121. package/scripts/audit-continue-preflight.mjs +234 -0
  122. package/scripts/audit-distribution.mjs +251 -251
  123. package/scripts/audit-domain-quality-gates.mjs +108 -108
  124. package/scripts/audit-evidence-levels.mjs +217 -0
  125. package/scripts/audit-evidence-placeholders.mjs +126 -126
  126. package/scripts/audit-evidence-review-queue.mjs +206 -0
  127. package/scripts/audit-final-acceptance-packet.mjs +9 -9
  128. package/scripts/audit-final-form-progress-report.mjs +19 -18
  129. package/scripts/audit-final-form-roadmap.mjs +157 -0
  130. package/scripts/audit-final-form-stale-copy.mjs +2 -2
  131. package/scripts/audit-final-readiness-promotion.mjs +255 -255
  132. package/scripts/audit-final-readiness.mjs +226 -226
  133. package/scripts/audit-fixtures.mjs +154 -154
  134. package/scripts/audit-fresh-session-readiness.mjs +177 -177
  135. package/scripts/audit-host-capabilities.mjs +237 -0
  136. package/scripts/audit-host-runtime-evidence-handoff.mjs +159 -159
  137. package/scripts/audit-host-runtime-invocation-drill.mjs +240 -240
  138. package/scripts/audit-host-runtime-invocations.mjs +254 -254
  139. package/scripts/audit-host-ui-invocation.mjs +132 -132
  140. package/scripts/audit-installed-sync.mjs +203 -0
  141. package/scripts/audit-learning-drift.mjs +292 -0
  142. package/scripts/audit-learning-promotion.mjs +351 -0
  143. package/scripts/audit-learning-system.mjs +24 -14
  144. package/scripts/audit-local-final-form-completion.mjs +11 -10
  145. package/scripts/audit-maintenance-cadence.mjs +139 -0
  146. package/scripts/audit-maintenance-snapshot.mjs +181 -0
  147. package/scripts/audit-marketplace-discovery.mjs +122 -122
  148. package/scripts/audit-npm-package-metadata.mjs +160 -154
  149. package/scripts/audit-npm-publish-dry-run.mjs +194 -166
  150. package/scripts/audit-npm-tarball-install.mjs +195 -189
  151. package/scripts/audit-open-source-defaults.mjs +92 -92
  152. package/scripts/audit-open-source-readiness.mjs +97 -97
  153. package/scripts/audit-owner-external-gate-kit.mjs +12 -11
  154. package/scripts/audit-project-guards.mjs +189 -0
  155. package/scripts/audit-project.mjs +144 -141
  156. package/scripts/audit-public-acceptance-command-dry-run-drill.mjs +203 -203
  157. package/scripts/audit-public-acceptance-handoff.mjs +10 -10
  158. package/scripts/audit-public-acceptance-readiness.mjs +222 -222
  159. package/scripts/audit-public-channel-publication.mjs +248 -248
  160. package/scripts/audit-public-ci-run.mjs +184 -184
  161. package/scripts/audit-public-collaboration-templates.mjs +98 -98
  162. package/scripts/audit-public-external-gate-probe.mjs +206 -206
  163. package/scripts/audit-public-release-checklist.mjs +17 -15
  164. package/scripts/audit-public-release-decision.mjs +201 -201
  165. package/scripts/audit-public-release-metadata.mjs +176 -176
  166. package/scripts/audit-public-repository-settings.mjs +237 -237
  167. package/scripts/audit-public-security-contact.mjs +171 -171
  168. package/scripts/audit-readme-docs.mjs +6 -4
  169. package/scripts/audit-recovery-readiness.mjs +98 -98
  170. package/scripts/audit-release-bundle.mjs +13 -11
  171. package/scripts/audit-release-owner-action-plan-drill.mjs +5 -4
  172. package/scripts/audit-release-owner-action-plan.mjs +10 -10
  173. package/scripts/audit-release-readiness.mjs +106 -106
  174. package/scripts/audit-release-status-manifest.mjs +4 -4
  175. package/scripts/audit-release-trust.mjs +62 -62
  176. package/scripts/audit-remote-distribution.mjs +266 -266
  177. package/scripts/audit-roadmap-consistency.mjs +234 -230
  178. package/scripts/audit-role-dispatch-fallback.mjs +212 -0
  179. package/scripts/audit-session-sync.mjs +127 -0
  180. package/scripts/audit-signing.mjs +147 -147
  181. package/scripts/audit-state-freshness.mjs +20 -14
  182. package/scripts/audit-state-repair.mjs +360 -0
  183. package/scripts/audit-target-adoption-evidence.mjs +117 -117
  184. package/scripts/audit-target-hardening-drills.mjs +267 -0
  185. package/scripts/audit-target-project.mjs +507 -507
  186. package/scripts/audit-tool-fallback-policy.mjs +180 -0
  187. package/scripts/audit-ui-browser-evidence-policy.mjs +191 -0
  188. package/scripts/audit-update-release-acceptance.mjs +136 -136
  189. package/scripts/audit-v1-target-validation.mjs +269 -269
  190. package/scripts/audit-validation-profiles.mjs +125 -123
  191. package/scripts/backfill-evidence-levels.mjs +98 -0
  192. package/scripts/check-encoding.mjs +72 -0
  193. package/scripts/close-change.mjs +116 -116
  194. package/scripts/discover-project-profile.mjs +307 -307
  195. package/scripts/generate-command-adapter.mjs +231 -231
  196. package/scripts/generate-continue-packet.mjs +1214 -0
  197. package/scripts/generate-final-acceptance-packet.mjs +188 -173
  198. package/scripts/generate-final-form-progress-report.mjs +191 -189
  199. package/scripts/generate-host-runtime-evidence-handoff.mjs +198 -191
  200. package/scripts/generate-maintenance-snapshot.mjs +216 -0
  201. package/scripts/generate-owner-external-gate-kit.mjs +295 -295
  202. package/scripts/generate-public-acceptance-handoff.mjs +168 -156
  203. package/scripts/generate-public-release-checklist.mjs +207 -207
  204. package/scripts/generate-release-bundle.mjs +505 -505
  205. package/scripts/generate-release-owner-action-plan.mjs +172 -171
  206. package/scripts/generate-release-status-manifest.mjs +199 -198
  207. package/scripts/generate-session-prompt.mjs +188 -188
  208. package/scripts/gse.mjs +67 -67
  209. package/scripts/init-change.mjs +265 -265
  210. package/scripts/init-project.mjs +793 -712
  211. package/scripts/install-gse.mjs +234 -234
  212. package/scripts/lib/evidence-placeholders.mjs +28 -28
  213. package/scripts/package-gse.mjs +174 -174
  214. package/scripts/probe-public-external-gates.mjs +167 -167
  215. package/scripts/record-host-invocation.mjs +151 -151
  216. package/scripts/record-learning.mjs +37 -8
  217. package/scripts/record-public-channel-publication.mjs +178 -178
  218. package/scripts/record-public-ci-run.mjs +180 -180
  219. package/scripts/record-public-release.mjs +175 -175
  220. package/scripts/record-public-repository-settings.mjs +209 -209
  221. package/scripts/record-public-security-contact.mjs +157 -157
  222. package/scripts/record-session-sync.mjs +87 -0
  223. package/scripts/run-gse-command.mjs +79 -47
  224. package/scripts/run-validation-profile.mjs +24 -5
  225. package/scripts/sign-gse-package.mjs +83 -83
  226. package/scripts/update-project-state.mjs +223 -223
  227. package/scripts/validate-gse.mjs +216 -0
  228. package/scripts/verify-gse-package.mjs +85 -85
@@ -1,38 +1,38 @@
1
- # GSE Design Basis
2
-
3
- This file separates verified sources from design judgment.
4
-
5
- ## Verified Local Sources
6
-
7
- - `skill-creator` requires a concise `SKILL.md`, optional `references/`, `scripts/`, and `assets/`, with progressive disclosure and validation.
8
- - `agentic-engineering` defines eval-first execution, agent-sized decomposition, model routing, and review focus for AI-generated code.
9
- - `subagent-driven-development` defines fresh subagents per task, explicit roles, spec review, code quality review, and never faking delegation.
10
- - `comet` combines OpenSpec and Superpowers through open, design, build, verify, archive phases, with hotfix/tweak presets and state files.
11
- - `openspec-propose` creates proposal, design, specs, and tasks as change artifacts.
12
- - `self-improvement` records reusable learnings, errors, feature requests, and promotes recurring lessons into project rules.
13
- - `ci-cd-and-automation` and `code-review-and-quality` describe automated gates and review axes as quality enforcement mechanisms.
14
-
15
- ## User Requirements Captured
16
-
17
- - GSE must target large, long-running commercial projects first, while degrading for small projects.
18
- - GSE must be agent-agnostic across Codex, Claude Code, Hermes, WorkBuddy, and similar tools.
19
- - GSE must support goal maps, specs, evidence, roles, tool acceleration, learning, release, incident, and quality gates.
20
- - GSE must have few hard prerequisites; optional tools should enhance, not block.
21
- - GSE itself must be developed using GSE principles.
22
- - GSE must not invent unsupported facts; evidence and assumptions must be separated.
23
- - GSE must proactively benchmark itself and project workflows against mature skills and public practices, then convert gaps into goals, gates, templates, or scripts.
24
-
25
- ## Design Judgments
26
-
27
- - Use GSE as the public name because it is short, avoids AES encryption ambiguity, and captures the core loop.
28
- - Use `.gse/` as the durable project folder because hidden workflow folders are familiar and avoid polluting product docs.
29
- - Use task levels so small tasks do not inherit enterprise ceremony.
30
- - Use markdown fallback for all optional tools so the workflow remains portable.
31
- - Use benchmark audits as a recurring design mechanism because a purely reactive process lets users discover missing requirements through failures.
32
-
33
- ## Open Questions
34
-
35
- - Whether GSE should later publish official adapters for specific hosts, such as Codex Desktop or Claude Code.
36
- - Whether GSE should include a telemetry dashboard by default or only recommend skill-usage as an optional enhancement.
37
- - Whether project initialization should update `AGENTS.md` automatically or require explicit approval.
38
- - How often benchmark audits should run by default: every major project phase, every N slices, or only on explicit request.
1
+ # GSE Design Basis
2
+
3
+ This file separates verified sources from design judgment.
4
+
5
+ ## Verified Local Sources
6
+
7
+ - `skill-creator` requires a concise `SKILL.md`, optional `references/`, `scripts/`, and `assets/`, with progressive disclosure and validation.
8
+ - `agentic-engineering` defines eval-first execution, agent-sized decomposition, model routing, and review focus for AI-generated code.
9
+ - `subagent-driven-development` defines fresh subagents per task, explicit roles, spec review, code quality review, and never faking delegation.
10
+ - `comet` combines OpenSpec and Superpowers through open, design, build, verify, archive phases, with hotfix/tweak presets and state files.
11
+ - `openspec-propose` creates proposal, design, specs, and tasks as change artifacts.
12
+ - `self-improvement` records reusable learnings, errors, feature requests, and promotes recurring lessons into project rules.
13
+ - `ci-cd-and-automation` and `code-review-and-quality` describe automated gates and review axes as quality enforcement mechanisms.
14
+
15
+ ## User Requirements Captured
16
+
17
+ - GSE must target large, long-running commercial projects first, while degrading for small projects.
18
+ - GSE must be agent-agnostic across Codex, Claude Code, Hermes, WorkBuddy, and similar tools.
19
+ - GSE must support goal maps, specs, evidence, roles, tool acceleration, learning, release, incident, and quality gates.
20
+ - GSE must have few hard prerequisites; optional tools should enhance, not block.
21
+ - GSE itself must be developed using GSE principles.
22
+ - GSE must not invent unsupported facts; evidence and assumptions must be separated.
23
+ - GSE must proactively benchmark itself and project workflows against mature skills and public practices, then convert gaps into goals, gates, templates, or scripts.
24
+
25
+ ## Design Judgments
26
+
27
+ - Use GSE as the public name because it is short, avoids AES encryption ambiguity, and captures the core loop.
28
+ - Use `.gse/` as the durable project folder because hidden workflow folders are familiar and avoid polluting product docs.
29
+ - Use task levels so small tasks do not inherit enterprise ceremony.
30
+ - Use markdown fallback for all optional tools so the workflow remains portable.
31
+ - Use benchmark audits as a recurring design mechanism because a purely reactive process lets users discover missing requirements through failures.
32
+
33
+ ## Open Questions
34
+
35
+ - Whether GSE should later publish official adapters for specific hosts, such as Codex Desktop or Claude Code.
36
+ - Whether GSE should include a telemetry dashboard by default or only recommend skill-usage as an optional enhancement.
37
+ - Whether project initialization should update `AGENTS.md` automatically or require explicit approval.
38
+ - How often benchmark audits should run by default: every major project phase, every N slices, or only on explicit request.
@@ -1,129 +1,129 @@
1
- # Domain Model
2
-
3
- Use this when GSE needs to consume or update a project's domain language, glossary, context files, or ADRs.
4
-
5
- ## Purpose
6
-
7
- Long-running agent work fails when project language drifts. GSE keeps a small domain model layer so future agents can use the project's own words instead of rediscovering or renaming concepts every session.
8
-
9
- ## Source Files
10
-
11
- Read these in order when relevant:
12
-
13
- 1. `.gse/project-profile.md` for the project identity and known docs.
14
- 2. `CONTEXT.md` for a single-context project glossary.
15
- 3. `CONTEXT-MAP.md` for monorepos or multi-domain projects.
16
- 4. `docs/adr/` or context-specific ADR folders for decisions.
17
- 5. Product specs only after glossary/ADR context is understood.
18
-
19
- Do not read all context files in a large monorepo. Use `CONTEXT-MAP.md` or project-profile evidence to pick the relevant context.
20
-
21
- ## File Roles
22
-
23
- | File | Purpose | Should Not Contain |
24
- |---|---|---|
25
- | `.gse/project-profile.md` | Short project identity, commands, tools, gates, and doc map | Full glossary, implementation specs, large logs |
26
- | `CONTEXT.md` | Domain glossary and ubiquitous language | Implementation details, task lists, transient notes |
27
- | `CONTEXT-MAP.md` | Map from subsystem/domain to its context and ADR files | Detailed definitions that belong in each context |
28
- | `docs/adr/*.md` | Durable architectural or product decisions | Ordinary implementation notes or temporary preferences |
29
- | `.gse/changes/*` | Current change outcome, scope, acceptance, evidence | Canonical domain definitions |
30
-
31
- ## Single-Context Project
32
-
33
- Use one root `CONTEXT.md` when the project has one dominant domain language.
34
-
35
- ```text
36
- project/
37
- CONTEXT.md
38
- docs/adr/
39
- .gse/project-profile.md
40
- ```
41
-
42
- `CONTEXT.md` should define terms like:
43
-
44
- - Canonical term.
45
- - Meaning in this project.
46
- - Terms not to use.
47
- - Important relationships to other terms.
48
- - A short example scenario when it prevents ambiguity.
49
-
50
- ## Multi-Context Project
51
-
52
- Use `CONTEXT-MAP.md` when one glossary would mix unrelated domains.
53
-
54
- ```text
55
- project/
56
- CONTEXT-MAP.md
57
- apps/admin/CONTEXT.md
58
- services/billing/CONTEXT.md
59
- services/billing/docs/adr/
60
- docs/adr/
61
- ```
62
-
63
- `CONTEXT-MAP.md` should map:
64
-
65
- - Context name.
66
- - Path to context file.
67
- - Related code paths.
68
- - Related ADR path.
69
- - Owner or review expectation when known.
70
-
71
- ## When To Update The Domain Model
72
-
73
- Update domain files only when the change is durable:
74
-
75
- - A term is ambiguous, overloaded, or repeatedly explained.
76
- - The user resolves a naming conflict.
77
- - Code and user language disagree about a domain concept.
78
- - A new durable product concept is introduced.
79
- - A future agent would likely make a wrong assumption without the note.
80
-
81
- Do not update domain files for:
82
-
83
- - Temporary implementation details.
84
- - One-off task notes.
85
- - Test fixtures that are not domain examples.
86
- - Preferences that belong in project profile or quality gates.
87
-
88
- ## ADR Boundary
89
-
90
- Create or suggest an ADR only when all are true:
91
-
92
- 1. Hard to reverse: changing later has meaningful cost.
93
- 2. Surprising without context: future agents or maintainers would ask why.
94
- 3. Real trade-off: there were plausible alternatives.
95
-
96
- If any condition is missing, record the fact in the change evidence or project profile instead of creating an ADR.
97
-
98
- ## Conflict Handling
99
-
100
- If project language conflicts:
101
-
102
- 1. Quote the conflicting sources by path.
103
- 2. Do not silently choose one.
104
- 3. Ask or propose the smallest resolution.
105
- 4. Record the resolved canonical term in the right context file.
106
- 5. If the resolution is hard to reverse and surprising, create or propose an ADR.
107
-
108
- ## GSE Integration
109
-
110
- - `project-profile.md` points agents to the relevant context and ADR files.
111
- - `spec-workflow.md` should use canonical domain terms from context files.
112
- - `quality-gates.md` can require domain-language checks for high-risk changes.
113
- - `evidence-taxonomy.md` still decides whether the domain update is result, verified, or accepted.
114
-
115
- ## Evidence Examples
116
-
117
- Result:
118
-
119
- - Added a new glossary entry to `CONTEXT.md`.
120
-
121
- Verified:
122
-
123
- - Checked the changed spec and code references use the canonical term.
124
- - Confirmed no conflicting term remains in touched files.
125
-
126
- Accepted:
127
-
128
- - User, domain owner, reviewer, or policy accepts the new canonical term.
129
-
1
+ # Domain Model
2
+
3
+ Use this when GSE needs to consume or update a project's domain language, glossary, context files, or ADRs.
4
+
5
+ ## Purpose
6
+
7
+ Long-running agent work fails when project language drifts. GSE keeps a small domain model layer so future agents can use the project's own words instead of rediscovering or renaming concepts every session.
8
+
9
+ ## Source Files
10
+
11
+ Read these in order when relevant:
12
+
13
+ 1. `.gse/project-profile.md` for the project identity and known docs.
14
+ 2. `CONTEXT.md` for a single-context project glossary.
15
+ 3. `CONTEXT-MAP.md` for monorepos or multi-domain projects.
16
+ 4. `docs/adr/` or context-specific ADR folders for decisions.
17
+ 5. Product specs only after glossary/ADR context is understood.
18
+
19
+ Do not read all context files in a large monorepo. Use `CONTEXT-MAP.md` or project-profile evidence to pick the relevant context.
20
+
21
+ ## File Roles
22
+
23
+ | File | Purpose | Should Not Contain |
24
+ |---|---|---|
25
+ | `.gse/project-profile.md` | Short project identity, commands, tools, gates, and doc map | Full glossary, implementation specs, large logs |
26
+ | `CONTEXT.md` | Domain glossary and ubiquitous language | Implementation details, task lists, transient notes |
27
+ | `CONTEXT-MAP.md` | Map from subsystem/domain to its context and ADR files | Detailed definitions that belong in each context |
28
+ | `docs/adr/*.md` | Durable architectural or product decisions | Ordinary implementation notes or temporary preferences |
29
+ | `.gse/changes/*` | Current change outcome, scope, acceptance, evidence | Canonical domain definitions |
30
+
31
+ ## Single-Context Project
32
+
33
+ Use one root `CONTEXT.md` when the project has one dominant domain language.
34
+
35
+ ```text
36
+ project/
37
+ CONTEXT.md
38
+ docs/adr/
39
+ .gse/project-profile.md
40
+ ```
41
+
42
+ `CONTEXT.md` should define terms like:
43
+
44
+ - Canonical term.
45
+ - Meaning in this project.
46
+ - Terms not to use.
47
+ - Important relationships to other terms.
48
+ - A short example scenario when it prevents ambiguity.
49
+
50
+ ## Multi-Context Project
51
+
52
+ Use `CONTEXT-MAP.md` when one glossary would mix unrelated domains.
53
+
54
+ ```text
55
+ project/
56
+ CONTEXT-MAP.md
57
+ apps/admin/CONTEXT.md
58
+ services/billing/CONTEXT.md
59
+ services/billing/docs/adr/
60
+ docs/adr/
61
+ ```
62
+
63
+ `CONTEXT-MAP.md` should map:
64
+
65
+ - Context name.
66
+ - Path to context file.
67
+ - Related code paths.
68
+ - Related ADR path.
69
+ - Owner or review expectation when known.
70
+
71
+ ## When To Update The Domain Model
72
+
73
+ Update domain files only when the change is durable:
74
+
75
+ - A term is ambiguous, overloaded, or repeatedly explained.
76
+ - The user resolves a naming conflict.
77
+ - Code and user language disagree about a domain concept.
78
+ - A new durable product concept is introduced.
79
+ - A future agent would likely make a wrong assumption without the note.
80
+
81
+ Do not update domain files for:
82
+
83
+ - Temporary implementation details.
84
+ - One-off task notes.
85
+ - Test fixtures that are not domain examples.
86
+ - Preferences that belong in project profile or quality gates.
87
+
88
+ ## ADR Boundary
89
+
90
+ Create or suggest an ADR only when all are true:
91
+
92
+ 1. Hard to reverse: changing later has meaningful cost.
93
+ 2. Surprising without context: future agents or maintainers would ask why.
94
+ 3. Real trade-off: there were plausible alternatives.
95
+
96
+ If any condition is missing, record the fact in the change evidence or project profile instead of creating an ADR.
97
+
98
+ ## Conflict Handling
99
+
100
+ If project language conflicts:
101
+
102
+ 1. Quote the conflicting sources by path.
103
+ 2. Do not silently choose one.
104
+ 3. Ask or propose the smallest resolution.
105
+ 4. Record the resolved canonical term in the right context file.
106
+ 5. If the resolution is hard to reverse and surprising, create or propose an ADR.
107
+
108
+ ## GSE Integration
109
+
110
+ - `project-profile.md` points agents to the relevant context and ADR files.
111
+ - `spec-workflow.md` should use canonical domain terms from context files.
112
+ - `quality-gates.md` can require domain-language checks for high-risk changes.
113
+ - `evidence-taxonomy.md` still decides whether the domain update is result, verified, or accepted.
114
+
115
+ ## Evidence Examples
116
+
117
+ Result:
118
+
119
+ - Added a new glossary entry to `CONTEXT.md`.
120
+
121
+ Verified:
122
+
123
+ - Checked the changed spec and code references use the canonical term.
124
+ - Confirmed no conflicting term remains in touched files.
125
+
126
+ Accepted:
127
+
128
+ - User, domain owner, reviewer, or policy accepts the new canonical term.
129
+
@@ -1,75 +1,75 @@
1
- # Domain Quality Gates
2
-
3
- Use this when a task has domain risk beyond basic file or script correctness. Pick only the gates that match the changed behavior and project risk.
4
-
5
- This reference is risk-based. Lite work should not inherit every gate by default. Commercial, user-visible, data-bearing, security-sensitive, release, or long-running work should receive stronger gates.
6
-
7
- ## Selection Rule
8
-
9
- Choose gates by asking:
10
-
11
- 1. What could fail for users, data, operators, maintainers, or future agents?
12
- 2. Which project files, tests, commands, docs, or runtime checks can prove the risk is controlled?
13
- 3. Is the evidence `result`, `verified`, or `accepted` according to `references/evidence-taxonomy.md`?
14
- 4. Is a tool merely documented, or was it actually run in this project/session?
15
-
16
- Do not claim scan, benchmark, browser, accessibility, security, or resilience results unless the relevant command or inspection was actually executed.
17
-
18
- ## Scale Guidance
19
-
20
- | Level | Default domain gate weight |
21
- |---|---|
22
- | Lite | Use only the directly relevant gate and one focused evidence point. |
23
- | Standard | Use relevant domain gates plus regression or smoke evidence. |
24
- | Enterprise | Use a risk matrix, review axis, release/recovery path, and project-specific evidence. |
25
-
26
- Upgrade the gate weight when a change touches public APIs, user data, auth, payments, model/provider routing, migrations, release, cross-module state, worker orchestration, browser automation, or main-path UX.
27
-
28
- ## Gate Matrix
29
-
30
- | Domain | Trigger | Minimum evidence | Escalate when |
31
- |---|---|---|---|
32
- | Security/privacy | Secrets, auth, permissions, user data, provider payloads, MCP/tools, browser traces, logs | Secret scan or file inspection, permission boundary review, no raw secrets/provider payloads in committed or user-visible output | Data exposure, auth bypass, destructive tools, public release, external services |
33
- | Performance/cost | Latency, heavy context loading, loops, model/tool routing, worker queues, browser automation, large files | Focused timing, complexity review, query/count check, or explicit cost/latency rationale | Main path, repeated tasks, expensive models, user-visible slowness, scale-sensitive code |
34
- | Accessibility | UI, keyboard flow, forms, visual states, text contrast, semantic structure | Browser smoke, component inspection, keyboard/focus check, or accessibility tool result when available | User-facing UI, forms, navigation, mobile/responsive layout, public release |
35
- | Resilience/recovery | Retry, cancellation, timeout, idempotency, duplicate prevention, state recovery, fallback | Failure-path inspection, focused test/smoke for retry/cancel/error state, recovery record when interrupted | Worker/runtime changes, long tasks, external APIs, stateful workflows, release rollback |
36
- | UI/browser | Visual behavior, loading/empty/error/success states, routing, layout, streaming, browser automation | Browser smoke, screenshot/visual inspection, component test, or DOM/state inspection | Main user flow, responsive UI, visual regression risk, rich interaction |
37
- | API/state | API contracts, persistence, state machines, cache, sessions, concurrency, idempotency | Focused API smoke, state transition test, schema/config inspection, replay/idempotency check | Public API, cross-session state, migrations, concurrent writes, data retention |
38
- | Data/migration | Schema, storage, generated artifacts, imports/exports, backward compatibility | Migration/rollback notes, fixture data smoke, backup/restore plan, compatibility check | Production data, irreversible transform, downgrade uncertainty, multi-version support |
39
- | Model/tool routing | Model provider, tool call, MCP, browser, subagent, permission, cost route | Tool status marked documented/verified/unknown/unavailable; provider/model behavior verified only after execution | New provider, fallback, sensitive data, expensive model, hidden tool traces |
40
- | Release/operations | Install, update, release notes, rollback, incident, observability | `references/release.md`, `references/recovery.md`, release readiness audit, known risks | Public handoff, package update, runtime compatibility, incident hotfix |
41
-
42
- ## Evidence Mapping
43
-
44
- Use the narrowest evidence that would fail if the changed behavior were broken.
45
-
46
- - File inspection can verify docs, templates, source-of-truth boundaries, and secret absence in touched files.
47
- - Focused tests can verify code behavior, state transitions, error paths, and regressions.
48
- - API smokes can verify contracts, persistence, and session behavior.
49
- - Browser smokes can verify UI, accessibility basics, streaming, loading/error states, and layout-sensitive flows.
50
- - Architecture/review scans can verify coupling, ownership, release risk, and residual risk when runtime execution is not available.
51
-
52
- If evidence is unavailable, record `unknown` or `not ready`; do not promote to `verified`.
53
-
54
- ## Review Routing
55
-
56
- - Use `references/review.md` for spec compliance, code quality, architecture drift, security/privacy, regression, and evidence review axes.
57
- - Use `references/architecture-health.md` when the task touches structural boundaries, source-of-truth drift, dependency/security risk, performance/resilience, migration, or release impact.
58
- - Use `references/release.md` and `references/recovery.md` when domain risk affects release, rollback, migration, incident response, or future-agent continuation.
59
- - Use `.gse/project-profile.md` for project-specific commands, owners, threat model, performance budget, browser matrix, release gates, and compliance requirements.
60
-
61
- ## Output Format
62
-
63
- Record domain gates compactly:
64
-
65
- ```text
66
- Domain gates selected:
67
- Why selected:
68
- Evidence run:
69
- Evidence status: result | verified | accepted | not ready
70
- Unverified tools:
71
- Residual risk:
72
- Next action:
73
- ```
74
-
75
- For skipped gates, say why they are not applicable or what evidence would be needed later.
1
+ # Domain Quality Gates
2
+
3
+ Use this when a task has domain risk beyond basic file or script correctness. Pick only the gates that match the changed behavior and project risk.
4
+
5
+ This reference is risk-based. Lite work should not inherit every gate by default. Commercial, user-visible, data-bearing, security-sensitive, release, or long-running work should receive stronger gates.
6
+
7
+ ## Selection Rule
8
+
9
+ Choose gates by asking:
10
+
11
+ 1. What could fail for users, data, operators, maintainers, or future agents?
12
+ 2. Which project files, tests, commands, docs, or runtime checks can prove the risk is controlled?
13
+ 3. Is the evidence `result`, `verified`, or `accepted` according to `references/evidence-taxonomy.md`?
14
+ 4. Is a tool merely documented, or was it actually run in this project/session?
15
+
16
+ Do not claim scan, benchmark, browser, accessibility, security, or resilience results unless the relevant command or inspection was actually executed.
17
+
18
+ ## Scale Guidance
19
+
20
+ | Level | Default domain gate weight |
21
+ |---|---|
22
+ | Lite | Use only the directly relevant gate and one focused evidence point. |
23
+ | Standard | Use relevant domain gates plus regression or smoke evidence. |
24
+ | Enterprise | Use a risk matrix, review axis, release/recovery path, and project-specific evidence. |
25
+
26
+ Upgrade the gate weight when a change touches public APIs, user data, auth, payments, model/provider routing, migrations, release, cross-module state, worker orchestration, browser automation, or main-path UX.
27
+
28
+ ## Gate Matrix
29
+
30
+ | Domain | Trigger | Minimum evidence | Escalate when |
31
+ |---|---|---|---|
32
+ | Security/privacy | Secrets, auth, permissions, user data, provider payloads, MCP/tools, browser traces, logs | Secret scan or file inspection, permission boundary review, no raw secrets/provider payloads in committed or user-visible output | Data exposure, auth bypass, destructive tools, public release, external services |
33
+ | Performance/cost | Latency, heavy context loading, loops, model/tool routing, worker queues, browser automation, large files | Focused timing, complexity review, query/count check, or explicit cost/latency rationale | Main path, repeated tasks, expensive models, user-visible slowness, scale-sensitive code |
34
+ | Accessibility | UI, keyboard flow, forms, visual states, text contrast, semantic structure | Browser smoke, component inspection, keyboard/focus check, or accessibility tool result when available | User-facing UI, forms, navigation, mobile/responsive layout, public release |
35
+ | Resilience/recovery | Retry, cancellation, timeout, idempotency, duplicate prevention, state recovery, fallback | Failure-path inspection, focused test/smoke for retry/cancel/error state, recovery record when interrupted | Worker/runtime changes, long tasks, external APIs, stateful workflows, release rollback |
36
+ | UI/browser | Visual behavior, loading/empty/error/success states, routing, layout, streaming, browser automation | Browser smoke, screenshot/visual inspection, component test, or DOM/state inspection | Main user flow, responsive UI, visual regression risk, rich interaction |
37
+ | API/state | API contracts, persistence, state machines, cache, sessions, concurrency, idempotency | Focused API smoke, state transition test, schema/config inspection, replay/idempotency check | Public API, cross-session state, migrations, concurrent writes, data retention |
38
+ | Data/migration | Schema, storage, generated artifacts, imports/exports, backward compatibility | Migration/rollback notes, fixture data smoke, backup/restore plan, compatibility check | Production data, irreversible transform, downgrade uncertainty, multi-version support |
39
+ | Model/tool routing | Model provider, tool call, MCP, browser, subagent, permission, cost route | Tool status marked documented/verified/unknown/unavailable; provider/model behavior verified only after execution | New provider, fallback, sensitive data, expensive model, hidden tool traces |
40
+ | Release/operations | Install, update, release notes, rollback, incident, observability | `references/release.md`, `references/recovery.md`, release readiness audit, known risks | Public handoff, package update, runtime compatibility, incident hotfix |
41
+
42
+ ## Evidence Mapping
43
+
44
+ Use the narrowest evidence that would fail if the changed behavior were broken.
45
+
46
+ - File inspection can verify docs, templates, source-of-truth boundaries, and secret absence in touched files.
47
+ - Focused tests can verify code behavior, state transitions, error paths, and regressions.
48
+ - API smokes can verify contracts, persistence, and session behavior.
49
+ - Browser smokes can verify UI, accessibility basics, streaming, loading/error states, and layout-sensitive flows.
50
+ - Architecture/review scans can verify coupling, ownership, release risk, and residual risk when runtime execution is not available.
51
+
52
+ If evidence is unavailable, record `unknown` or `not ready`; do not promote to `verified`.
53
+
54
+ ## Review Routing
55
+
56
+ - Use `references/review.md` for spec compliance, code quality, architecture drift, security/privacy, regression, and evidence review axes.
57
+ - Use `references/architecture-health.md` when the task touches structural boundaries, source-of-truth drift, dependency/security risk, performance/resilience, migration, or release impact.
58
+ - Use `references/release.md` and `references/recovery.md` when domain risk affects release, rollback, migration, incident response, or future-agent continuation.
59
+ - Use `.gse/project-profile.md` for project-specific commands, owners, threat model, performance budget, browser matrix, release gates, and compliance requirements.
60
+
61
+ ## Output Format
62
+
63
+ Record domain gates compactly:
64
+
65
+ ```text
66
+ Domain gates selected:
67
+ Why selected:
68
+ Evidence run:
69
+ Evidence status: result | verified | accepted | not ready
70
+ Unverified tools:
71
+ Residual risk:
72
+ Next action:
73
+ ```
74
+
75
+ For skipped gates, say why they are not applicable or what evidence would be needed later.