@t275005746/gse 0.1.0 → 0.1.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (228) hide show
  1. package/.github/ISSUE_TEMPLATE/bug_report.yml +42 -42
  2. package/.github/ISSUE_TEMPLATE/change_request.yml +50 -50
  3. package/.github/ISSUE_TEMPLATE/config.yml +5 -5
  4. package/.github/PULL_REQUEST_TEMPLATE.md +38 -38
  5. package/.github/workflows/validate-gse.yml +33 -33
  6. package/.gse/README.md +18 -18
  7. package/.gse/gse-development-protocol.md +50 -50
  8. package/.gse/project-profile.md +29 -29
  9. package/.gse/quality-gates.md +25 -25
  10. package/.gse/releases/public-registry-publication-npm.md +49 -0
  11. package/.gse/releases/public-release-owner-required.md +65 -65
  12. package/.gse/releases/public-security-contact-owner-required.md +45 -45
  13. package/.gse/state.json +147 -27
  14. package/CHANGELOG.md +31 -15
  15. package/CONTRIBUTING.md +64 -64
  16. package/LICENSE +21 -21
  17. package/README.md +14 -7
  18. package/README.zh-CN.md +14 -7
  19. package/SECURITY.md +41 -41
  20. package/SKILL.md +32 -12
  21. package/SUPPORT.md +38 -38
  22. package/assets/marketplace/README.md +7 -7
  23. package/assets/marketplace/gse-listing.json +75 -75
  24. package/assets/templates/acceptance-execution-packet.md +73 -73
  25. package/assets/templates/adr.md +14 -14
  26. package/assets/templates/change-brief.md +16 -16
  27. package/assets/templates/design.md +18 -18
  28. package/assets/templates/dispatch-packet.md +100 -92
  29. package/assets/templates/evidence.md +15 -9
  30. package/assets/templates/execution-quality-pack.md +65 -65
  31. package/assets/templates/goal-map.md +21 -21
  32. package/assets/templates/host-adapter.md +48 -48
  33. package/assets/templates/host-ui-invocation-record.md +42 -42
  34. package/assets/templates/incident-review.md +60 -60
  35. package/assets/templates/public-channel-publication-record.md +49 -49
  36. package/assets/templates/public-ci-run-record.md +53 -53
  37. package/assets/templates/public-release-record.md +65 -65
  38. package/assets/templates/public-repository-settings-record.md +59 -59
  39. package/assets/templates/public-security-contact-record.md +45 -45
  40. package/assets/templates/release-trust-record.md +32 -32
  41. package/assets/templates/review.md +18 -18
  42. package/assets/templates/role-fallback-packet.md +49 -0
  43. package/assets/templates/spec.md +16 -16
  44. package/assets/templates/target-adoption-evidence.md +29 -29
  45. package/assets/templates/tasks.md +17 -17
  46. package/assets/templates/update-release-acceptance-record.md +58 -58
  47. package/examples/README.md +22 -22
  48. package/examples/agent-runtime-host/.claude/gse-adapter.md +6 -6
  49. package/examples/agent-runtime-host/.codex/gse-adapter.md +7 -7
  50. package/examples/agent-runtime-host/.gse/goal-map.md +7 -7
  51. package/examples/agent-runtime-host/.gse/project-profile.md +27 -27
  52. package/examples/agent-runtime-host/.gse/tooling.md +5 -5
  53. package/examples/agent-runtime-host/.mcp.json +9 -9
  54. package/examples/agent-runtime-host/AGENTS.md +5 -5
  55. package/examples/agent-runtime-host/README.md +10 -10
  56. package/examples/agent-runtime-host/docs/model-routing.md +5 -5
  57. package/examples/cli-tool/.gse/project-profile.md +21 -21
  58. package/examples/cli-tool/AGENTS.md +5 -5
  59. package/examples/cli-tool/README.md +12 -12
  60. package/examples/cli-tool/package.json +21 -21
  61. package/examples/small-app/.env.example +2 -2
  62. package/examples/small-app/.github/workflows/ci.yml +8 -8
  63. package/examples/small-app/AGENTS.md +5 -5
  64. package/examples/small-app/README.md +12 -12
  65. package/examples/small-app/package.json +26 -26
  66. package/examples/small-app/playwright.config.ts +4 -4
  67. package/package.json +52 -44
  68. package/references/adoption-recipes.md +171 -171
  69. package/references/agent-roles.md +42 -21
  70. package/references/architecture-health.md +101 -101
  71. package/references/benchmark-audit.md +73 -73
  72. package/references/commands.md +74 -45
  73. package/references/community-channels.md +46 -46
  74. package/references/compatibility.md +70 -70
  75. package/references/design-basis.md +38 -38
  76. package/references/domain-model.md +129 -129
  77. package/references/domain-quality-gates.md +75 -75
  78. package/references/drift-audit.md +81 -80
  79. package/references/evidence-taxonomy.md +145 -108
  80. package/references/file-ownership.md +97 -93
  81. package/references/final-form-roadmap.md +201 -0
  82. package/references/final-readiness.md +84 -84
  83. package/references/forward-test.md +133 -133
  84. package/references/goal-map.md +36 -36
  85. package/references/host-adapters.md +129 -101
  86. package/references/learning-system.md +42 -26
  87. package/references/maintenance-cadence.md +51 -0
  88. package/references/marketplace-discovery.md +46 -46
  89. package/references/model-routing.md +103 -103
  90. package/references/open-source-defaults.md +39 -39
  91. package/references/operating-model.md +52 -52
  92. package/references/packaging.md +277 -277
  93. package/references/project-agent-workspace.md +89 -89
  94. package/references/project-bootstrap.md +122 -122
  95. package/references/project-guards.md +52 -0
  96. package/references/project-profile.md +57 -57
  97. package/references/public-release.md +174 -174
  98. package/references/quality-gates.md +96 -89
  99. package/references/recovery.md +176 -176
  100. package/references/release-trust.md +43 -43
  101. package/references/release.md +126 -126
  102. package/references/review.md +141 -141
  103. package/references/role-dispatch-fallback.md +54 -0
  104. package/references/router.md +90 -90
  105. package/references/spec-workflow.md +66 -66
  106. package/references/task-levels.md +81 -81
  107. package/references/tool-adapters.md +80 -70
  108. package/scripts/audit-acceptance-execution-packet.mjs +133 -133
  109. package/scripts/audit-adoption-recipes.mjs +99 -99
  110. package/scripts/audit-change-lifecycle.mjs +77 -77
  111. package/scripts/audit-change-system.mjs +134 -134
  112. package/scripts/audit-ci-readiness.mjs +107 -107
  113. package/scripts/audit-close-gate-hardening.mjs +188 -0
  114. package/scripts/audit-close-gate.mjs +448 -262
  115. package/scripts/audit-command-adapters.mjs +91 -91
  116. package/scripts/audit-command-execution.mjs +212 -199
  117. package/scripts/audit-commands.mjs +7 -5
  118. package/scripts/audit-compatibility.mjs +149 -149
  119. package/scripts/audit-completion-plan-drill.mjs +230 -0
  120. package/scripts/audit-completion-readiness.mjs +290 -287
  121. package/scripts/audit-continue-preflight.mjs +234 -0
  122. package/scripts/audit-distribution.mjs +251 -251
  123. package/scripts/audit-domain-quality-gates.mjs +108 -108
  124. package/scripts/audit-evidence-levels.mjs +217 -0
  125. package/scripts/audit-evidence-placeholders.mjs +126 -126
  126. package/scripts/audit-evidence-review-queue.mjs +206 -0
  127. package/scripts/audit-final-acceptance-packet.mjs +9 -9
  128. package/scripts/audit-final-form-progress-report.mjs +19 -18
  129. package/scripts/audit-final-form-roadmap.mjs +157 -0
  130. package/scripts/audit-final-form-stale-copy.mjs +2 -2
  131. package/scripts/audit-final-readiness-promotion.mjs +255 -255
  132. package/scripts/audit-final-readiness.mjs +226 -226
  133. package/scripts/audit-fixtures.mjs +154 -154
  134. package/scripts/audit-fresh-session-readiness.mjs +177 -177
  135. package/scripts/audit-host-capabilities.mjs +237 -0
  136. package/scripts/audit-host-runtime-evidence-handoff.mjs +159 -159
  137. package/scripts/audit-host-runtime-invocation-drill.mjs +240 -240
  138. package/scripts/audit-host-runtime-invocations.mjs +254 -254
  139. package/scripts/audit-host-ui-invocation.mjs +132 -132
  140. package/scripts/audit-installed-sync.mjs +203 -0
  141. package/scripts/audit-learning-drift.mjs +292 -0
  142. package/scripts/audit-learning-promotion.mjs +351 -0
  143. package/scripts/audit-learning-system.mjs +24 -14
  144. package/scripts/audit-local-final-form-completion.mjs +11 -10
  145. package/scripts/audit-maintenance-cadence.mjs +139 -0
  146. package/scripts/audit-maintenance-snapshot.mjs +181 -0
  147. package/scripts/audit-marketplace-discovery.mjs +122 -122
  148. package/scripts/audit-npm-package-metadata.mjs +160 -154
  149. package/scripts/audit-npm-publish-dry-run.mjs +194 -166
  150. package/scripts/audit-npm-tarball-install.mjs +195 -189
  151. package/scripts/audit-open-source-defaults.mjs +92 -92
  152. package/scripts/audit-open-source-readiness.mjs +97 -97
  153. package/scripts/audit-owner-external-gate-kit.mjs +12 -11
  154. package/scripts/audit-project-guards.mjs +189 -0
  155. package/scripts/audit-project.mjs +144 -141
  156. package/scripts/audit-public-acceptance-command-dry-run-drill.mjs +203 -203
  157. package/scripts/audit-public-acceptance-handoff.mjs +10 -10
  158. package/scripts/audit-public-acceptance-readiness.mjs +222 -222
  159. package/scripts/audit-public-channel-publication.mjs +248 -248
  160. package/scripts/audit-public-ci-run.mjs +184 -184
  161. package/scripts/audit-public-collaboration-templates.mjs +98 -98
  162. package/scripts/audit-public-external-gate-probe.mjs +206 -206
  163. package/scripts/audit-public-release-checklist.mjs +17 -15
  164. package/scripts/audit-public-release-decision.mjs +201 -201
  165. package/scripts/audit-public-release-metadata.mjs +176 -176
  166. package/scripts/audit-public-repository-settings.mjs +237 -237
  167. package/scripts/audit-public-security-contact.mjs +171 -171
  168. package/scripts/audit-readme-docs.mjs +6 -4
  169. package/scripts/audit-recovery-readiness.mjs +98 -98
  170. package/scripts/audit-release-bundle.mjs +13 -11
  171. package/scripts/audit-release-owner-action-plan-drill.mjs +5 -4
  172. package/scripts/audit-release-owner-action-plan.mjs +10 -10
  173. package/scripts/audit-release-readiness.mjs +106 -106
  174. package/scripts/audit-release-status-manifest.mjs +4 -4
  175. package/scripts/audit-release-trust.mjs +62 -62
  176. package/scripts/audit-remote-distribution.mjs +266 -266
  177. package/scripts/audit-roadmap-consistency.mjs +234 -230
  178. package/scripts/audit-role-dispatch-fallback.mjs +212 -0
  179. package/scripts/audit-session-sync.mjs +127 -0
  180. package/scripts/audit-signing.mjs +147 -147
  181. package/scripts/audit-state-freshness.mjs +20 -14
  182. package/scripts/audit-state-repair.mjs +360 -0
  183. package/scripts/audit-target-adoption-evidence.mjs +117 -117
  184. package/scripts/audit-target-hardening-drills.mjs +267 -0
  185. package/scripts/audit-target-project.mjs +507 -507
  186. package/scripts/audit-tool-fallback-policy.mjs +180 -0
  187. package/scripts/audit-ui-browser-evidence-policy.mjs +191 -0
  188. package/scripts/audit-update-release-acceptance.mjs +136 -136
  189. package/scripts/audit-v1-target-validation.mjs +269 -269
  190. package/scripts/audit-validation-profiles.mjs +125 -123
  191. package/scripts/backfill-evidence-levels.mjs +98 -0
  192. package/scripts/check-encoding.mjs +72 -0
  193. package/scripts/close-change.mjs +116 -116
  194. package/scripts/discover-project-profile.mjs +307 -307
  195. package/scripts/generate-command-adapter.mjs +231 -231
  196. package/scripts/generate-continue-packet.mjs +1214 -0
  197. package/scripts/generate-final-acceptance-packet.mjs +188 -173
  198. package/scripts/generate-final-form-progress-report.mjs +191 -189
  199. package/scripts/generate-host-runtime-evidence-handoff.mjs +198 -191
  200. package/scripts/generate-maintenance-snapshot.mjs +216 -0
  201. package/scripts/generate-owner-external-gate-kit.mjs +295 -295
  202. package/scripts/generate-public-acceptance-handoff.mjs +168 -156
  203. package/scripts/generate-public-release-checklist.mjs +207 -207
  204. package/scripts/generate-release-bundle.mjs +505 -505
  205. package/scripts/generate-release-owner-action-plan.mjs +172 -171
  206. package/scripts/generate-release-status-manifest.mjs +199 -198
  207. package/scripts/generate-session-prompt.mjs +188 -188
  208. package/scripts/gse.mjs +67 -67
  209. package/scripts/init-change.mjs +265 -265
  210. package/scripts/init-project.mjs +793 -712
  211. package/scripts/install-gse.mjs +234 -234
  212. package/scripts/lib/evidence-placeholders.mjs +28 -28
  213. package/scripts/package-gse.mjs +174 -174
  214. package/scripts/probe-public-external-gates.mjs +167 -167
  215. package/scripts/record-host-invocation.mjs +151 -151
  216. package/scripts/record-learning.mjs +37 -8
  217. package/scripts/record-public-channel-publication.mjs +178 -178
  218. package/scripts/record-public-ci-run.mjs +180 -180
  219. package/scripts/record-public-release.mjs +175 -175
  220. package/scripts/record-public-repository-settings.mjs +209 -209
  221. package/scripts/record-public-security-contact.mjs +157 -157
  222. package/scripts/record-session-sync.mjs +87 -0
  223. package/scripts/run-gse-command.mjs +79 -47
  224. package/scripts/run-validation-profile.mjs +24 -5
  225. package/scripts/sign-gse-package.mjs +83 -83
  226. package/scripts/update-project-state.mjs +223 -223
  227. package/scripts/validate-gse.mjs +216 -0
  228. package/scripts/verify-gse-package.mjs +85 -85
@@ -1,81 +1,82 @@
1
- # Drift Audit
2
-
3
- Use this when project reality may have diverged from `.gse/`, project docs, generated scaffolds, host adapters, tool assumptions, model routing, or recorded evidence.
4
-
5
- Drift audit keeps long-running agent work from following stale instructions. It is a focused consistency check, not a broad rewrite.
6
-
7
- ## Trigger Conditions
8
-
9
- Run a drift audit when any of these are true:
10
-
11
- - A command fails because package manager, runtime, service port, CI, browser, MCP, LSP, model, or host capability assumptions were stale.
12
- - The user says a tool, standard, permission, or host capability exists but GSE cannot see it.
13
- - `.gse/project-profile.md`, `.gse/tooling.md`, `.gse/goal-map.md`, `.gse/quality-gates.md`, or evidence records disagree with current project files.
14
- - Generated scaffolds or host adapters were copied earlier and may no longer point to `.gse/` as the source of truth.
15
- - A model/provider/tool route was previously documented but not recently verified.
16
- - Release, recovery, incident, or repeated failure evidence suggests stale rules or stale assumptions.
17
- - A future agent would likely choose the wrong workflow because old docs are more visible than current facts.
18
-
19
- Do not run a broad drift audit for a tiny local edit unless the edit exposes stale project facts.
20
-
21
- ## Drift Categories
22
-
23
- | Category | Examples | Default remediation |
24
- |---|---|---|
25
- | stale docs | README, AGENTS.md, architecture docs, ADRs, comments, old handoffs | Update or mark outdated; link to current source of truth |
26
- | stale generated scaffolds | `.gse/` templates, copied host folders, generated commands, stale examples | Regenerate or patch the smallest affected artifact |
27
- | stale host adapters | `.codex/`, `.claude/`, `.agents/`, MCP, hooks, subagent notes, runtime bridges | Point back to `.gse/`; update verified/unknown capability status |
28
- | stale tool assumptions | package manager, scripts, ports, CI, browser, LSP, MCP, deployment, observability | Re-read project config; mark verified, documented, unknown, or unavailable |
29
- | stale model assumptions | provider/model ids, capability fit, cost, latency, privacy, fallback, hosted tools | Reclassify with model-routing evidence; avoid claiming support without proof |
30
- | stale project profile facts | identity, commands, standards, release rules, permissions, known gotchas | Refresh `.gse/project-profile.md` from current files only |
31
- | stale evidence or goal-map state | completed work not reflected, obsolete next action, old risk still listed, missing residual risk | Update `.gse/evidence/`, `.gse/goal-map.md`, or `.gse/current-slice.md` concisely |
32
-
33
- ## Minimum Audit Record
34
-
35
- Use this format in evidence logs or handoff notes:
36
-
37
- ```text
38
- Drift scope:
39
- Drift category:
40
- Current source checked:
41
- Stale or conflicting record:
42
- Finding:
43
- Remediation:
44
- Evidence:
45
- Follow-up slices:
46
- ```
47
-
48
- Findings must come from current files, command output, local tool help, trusted project docs, or focused experiments. If the evidence is indirect, record a risk instead of a finding.
49
-
50
- ## Evidence Requirements
51
-
52
- A drift audit should prove at least one of these:
53
-
54
- - The recorded assumption still matches current project reality.
55
- - The recorded assumption is stale and has been corrected or marked outdated.
56
- - The current evidence is insufficient, so the status is `unknown` or a follow-up slice is required.
57
- - The project has conflicting sources of truth and an owner decision is needed.
58
-
59
- Use `verified`, `documented`, `unknown`, and `unavailable` consistently with references/tool-adapters.md. Do not promote `documented` or `unknown` to `verified` without current evidence.
60
-
61
- ## Remediation Paths
62
-
63
- Choose the smallest durable remediation:
64
-
65
- - Refresh `.gse/project-profile.md` when project commands, tools, standards, permissions, release rules, or known gotchas changed.
66
- - Refresh `.gse/goal-map.md` or `.gse/current-slice.md` when next action, risks, or landed evidence are stale.
67
- - Refresh host adapter notes when host-specific folders duplicate policy or claim unavailable capabilities.
68
- - Refresh tool/model routing notes when provider, model, MCP, LSP, browser, CI, or deployment assumptions changed.
69
- - Add a learning entry only when the drift pattern is reusable beyond the current slice.
1
+ # Drift Audit
2
+
3
+ Use this when project reality may have diverged from `.gse/`, project docs, generated scaffolds, host adapters, tool assumptions, model routing, or recorded evidence.
4
+
5
+ Drift audit keeps long-running agent work from following stale instructions. It is a focused consistency check, not a broad rewrite.
6
+
7
+ ## Trigger Conditions
8
+
9
+ Run a drift audit when any of these are true:
10
+
11
+ - A command fails because package manager, runtime, service port, CI, browser, MCP, LSP, model, or host capability assumptions were stale.
12
+ - The user says a tool, standard, permission, or host capability exists but GSE cannot see it.
13
+ - `.gse/project-profile.md`, `.gse/tooling.md`, `.gse/goal-map.md`, `.gse/quality-gates.md`, or evidence records disagree with current project files.
14
+ - Generated scaffolds or host adapters were copied earlier and may no longer point to `.gse/` as the source of truth.
15
+ - A model/provider/tool route was previously documented but not recently verified.
16
+ - Release, recovery, incident, or repeated failure evidence suggests stale rules or stale assumptions.
17
+ - A future agent would likely choose the wrong workflow because old docs are more visible than current facts.
18
+
19
+ Do not run a broad drift audit for a tiny local edit unless the edit exposes stale project facts.
20
+
21
+ ## Drift Categories
22
+
23
+ | Category | Examples | Default remediation |
24
+ |---|---|---|
25
+ | stale docs | README, AGENTS.md, architecture docs, ADRs, comments, old handoffs | Update or mark outdated; link to current source of truth |
26
+ | stale generated scaffolds | `.gse/` templates, copied host folders, generated commands, stale examples | Regenerate or patch the smallest affected artifact |
27
+ | stale host adapters | `.codex/`, `.claude/`, `.agents/`, MCP, hooks, subagent notes, runtime bridges | Point back to `.gse/`; update verified/unknown capability status |
28
+ | stale tool assumptions | package manager, scripts, ports, CI, browser, LSP, MCP, deployment, observability | Re-read project config; mark verified, documented, unknown, or unavailable |
29
+ | stale model assumptions | provider/model ids, capability fit, cost, latency, privacy, fallback, hosted tools | Reclassify with model-routing evidence; avoid claiming support without proof |
30
+ | stale project profile facts | identity, commands, standards, release rules, permissions, known gotchas | Refresh `.gse/project-profile.md` from current files only |
31
+ | stale evidence or goal-map state | completed work not reflected, obsolete next action, old risk still listed, missing residual risk | Update `.gse/evidence/`, `.gse/goal-map.md`, or `.gse/current-slice.md` concisely |
32
+
33
+ ## Minimum Audit Record
34
+
35
+ Use this format in evidence logs or handoff notes:
36
+
37
+ ```text
38
+ Drift scope:
39
+ Drift category:
40
+ Current source checked:
41
+ Stale or conflicting record:
42
+ Finding:
43
+ Remediation:
44
+ Evidence:
45
+ Follow-up slices:
46
+ ```
47
+
48
+ Findings must come from current files, command output, local tool help, trusted project docs, or focused experiments. If the evidence is indirect, record a risk instead of a finding.
49
+
50
+ ## Evidence Requirements
51
+
52
+ A drift audit should prove at least one of these:
53
+
54
+ - The recorded assumption still matches current project reality.
55
+ - The recorded assumption is stale and has been corrected or marked outdated.
56
+ - The current evidence is insufficient, so the status is `unknown` or a follow-up slice is required.
57
+ - The project has conflicting sources of truth and an owner decision is needed.
58
+
59
+ Use `verified`, `documented`, `unknown`, and `unavailable` consistently with references/tool-adapters.md. Do not promote `documented` or `unknown` to `verified` without current evidence.
60
+
61
+ ## Remediation Paths
62
+
63
+ Choose the smallest durable remediation:
64
+
65
+ - Refresh `.gse/project-profile.md` when project commands, tools, standards, permissions, release rules, or known gotchas changed.
66
+ - Refresh `.gse/goal-map.md` or `.gse/current-slice.md` when next action, risks, or landed evidence are stale.
67
+ - Refresh host adapter notes when host-specific folders duplicate policy or claim unavailable capabilities.
68
+ - Refresh tool/model routing notes when provider, model, MCP, LSP, browser, CI, or deployment assumptions changed.
69
+ - Add a learning entry only when the drift pattern is reusable beyond the current slice.
70
70
  - Add or update a script/template/gate when the same drift appears repeatedly.
71
-
72
- Never update stale docs by inventing support. Prefer `unknown` plus a focused verification action.
73
-
74
- ## Integration
75
-
76
- - Use references/project-profile.md when drift affects project-specific standards, commands, tools, permissions, release rules, or known gotchas.
77
- - Use references/host-adapters.md when drift affects Codex, Claude Code, Hermes/AION-style runtime, WorkBuddy, MCP, hooks, skills, subagents, or host-specific folders.
78
- - Use references/tool-adapters.md when drift affects tool status, LSP/index, browser, CI, MCP, package manager, or command assumptions.
79
- - Use references/model-routing.md when drift affects provider/model capability, cost, latency, privacy, fallback, or hosted tool behavior.
80
- - Use references/learning-system.md when a drift pattern should be promoted into a lesson, checklist, gate, script, or skill update.
81
- - Use references/recovery.md when drift is discovered during interrupted, failed, or handed-off work.
71
+ - Run `scripts/audit-learning-drift.mjs --root <gse-skill> --target <project-root> --json` when `.gse/learning-promotions.md` or `/gse continue` shows promoted learning candidates. The audit surfaces candidates that are documented but not yet covered by a guard, quality gate, continue/close check, or focused script.
72
+
73
+ Never update stale docs by inventing support. Prefer `unknown` plus a focused verification action.
74
+
75
+ ## Integration
76
+
77
+ - Use references/project-profile.md when drift affects project-specific standards, commands, tools, permissions, release rules, or known gotchas.
78
+ - Use references/host-adapters.md when drift affects Codex, Claude Code, Hermes/AION-style runtime, WorkBuddy, MCP, hooks, skills, subagents, or host-specific folders.
79
+ - Use references/tool-adapters.md when drift affects tool status, LSP/index, browser, CI, MCP, package manager, or command assumptions.
80
+ - Use references/model-routing.md when drift affects provider/model capability, cost, latency, privacy, fallback, or hosted tool behavior.
81
+ - Use references/learning-system.md when a drift pattern should be promoted into a lesson, checklist, gate, script, or skill update.
82
+ - Use references/recovery.md when drift is discovered during interrupted, failed, or handed-off work.
@@ -1,123 +1,160 @@
1
- # Evidence Taxonomy
2
-
3
- Use this to decide whether work is only produced, actually verified, or accepted.
4
-
1
+ # Evidence Taxonomy
2
+
3
+ Use this to decide whether work is only produced, actually verified, or accepted.
4
+
5
5
  GSE uses three evidence gates:
6
-
7
- ```text
8
- result -> verified -> accepted
9
- ```
10
-
6
+
7
+ ```text
8
+ result -> verified -> accepted
9
+ ```
10
+
11
11
  Do not skip gates. Do not claim a higher gate when the evidence only proves a lower gate.
12
12
 
13
- ## Gate 1: Result
14
-
15
- `result` means the requested artifact or change exists.
16
-
17
- Enough evidence:
18
-
19
- - File, script, template, reference, commit, report, screenshot, or generated output exists.
20
- - The change is scoped to the requested slice.
21
- - The agent can point to the exact path or output.
22
-
23
- Not enough for `result`:
24
-
25
- - A plan to create the artifact.
26
- - A final answer describing what would be changed.
27
- - A command that was intended to write a file but did not confirm the file exists.
28
-
29
- Example:
30
-
31
- - `scripts/audit-gse.mjs` exists: result.
32
- - `.gse/project-profile.md` was written in a temp fixture: result.
33
-
34
- ## Gate 2: Verified
35
-
36
- `verified` means the result was checked against acceptance criteria with evidence appropriate to the risk.
37
-
38
- Enough evidence:
39
-
40
- - Focused test, smoke, structure check, build, typecheck, lint, browser check, API check, or manual inspection directly covers the acceptance criteria.
41
- - The command output or inspected artifact proves the expected behavior.
42
- - Known residual risk is recorded.
43
-
44
- Not enough for `verified`:
45
-
46
- - The file exists but was not inspected.
47
- - A broad test passed but does not cover the changed behavior.
48
- - A command ran without checking the relevant output.
49
- - A tool is merely configured or documented but not run.
50
- - The agent says it looks right without evidence.
51
-
52
- Example:
13
+ ## Evidence Status vs Evidence Level
53
14
 
54
- - `audit-gse.mjs` reports `GSE-C04` as `strong (2/2, score 1)` after adding `router.md`: verified for the router structural criterion.
55
- - A project profile lists Playwright as `documented` because config exists: not verified tool availability.
15
+ Evidence status answers whether the work is result, verified, or accepted.
56
16
 
57
- ## Gate 3: Accepted
17
+ Evidence level answers what kind of proof produced that status.
58
18
 
59
- `accepted` means the verified result has been accepted by the required authority.
19
+ Keep both dimensions visible for non-trivial work:
60
20
 
61
- Enough evidence:
62
-
63
- - The user explicitly accepts the result.
64
- - A required reviewer or gate approves it.
65
- - A release, archive, or project process marks it accepted.
66
- - A pre-defined acceptance policy says verified evidence is sufficient for this task level.
67
-
68
- Not enough for `accepted`:
69
-
70
- - The agent is satisfied.
71
- - The result passed a local smoke but no acceptance policy says that is enough.
72
- - The user has not reviewed a user-facing, policy, release, or irreversible change when review is required.
73
-
74
- Example:
75
-
76
- - A focused smoke passes for an internal script: can be accepted by policy if the task is Lite or Standard and no human approval is required.
77
- - A release plan or public workflow change usually needs explicit human acceptance or release-gate acceptance.
78
-
79
- ## Required Evidence Record
21
+ ```text
22
+ status: result | verified | accepted | blocked | not ready
23
+ evidenceLevel: result | verified-unit | verified-component | verified-api | verified-browser | verified-ci | accepted-owner | accepted-release | external-required
24
+ requiredEvidenceLevel: optional expected level for the claim
25
+ ```
80
26
 
27
+ Use the narrowest honest level:
28
+
29
+ | Evidence level | Meaning | Typical proof |
30
+ |---|---|---|
31
+ | `result` | Artifact exists or command produced an output, but behavior is not verified. | file exists, generated report, dry-run output |
32
+ | `verified-unit` | Unit or script-level behavior is verified. | focused unit test, parser test, structure audit |
33
+ | `verified-component` | Component-level or local integration behavior is verified without a real browser/runtime path. | component test, fixture integration, store/API mock |
34
+ | `verified-api` | API/state contract is verified through an API, route, database, or state-machine check. | API smoke, state contract test, persistence fixture |
35
+ | `verified-browser` | User-visible browser behavior is verified in a real browser automation or equivalent rendered UI smoke. | Playwright/browser smoke, screenshot-backed UI check |
36
+ | `verified-ci` | CI or release pipeline executed and passed in the target environment. | public CI run, release workflow run, build pipeline evidence |
37
+ | `accepted-owner` | Owner/reviewer accepts a verified result. | explicit owner acceptance, review approval, accepted project record |
38
+ | `accepted-release` | Release/publication gate accepts the verified result. | release record, package publication record, marketplace approval |
39
+ | `external-required` | Required evidence depends on an external owner, host, marketplace, registry, or runtime not available in the current local run. | native slash-command host proof, marketplace approval, public release gate |
40
+
41
+ Examples:
42
+
43
+ - A UI component test can be `status: verified` with `evidenceLevel: verified-component`, but it must not be described as browser proof.
44
+ - A Playwright smoke can be `status: verified` with `evidenceLevel: verified-browser`.
45
+ - A public CI record can be `status: verified` or `accepted` with `evidenceLevel: verified-ci`, depending on the project acceptance policy.
46
+ - A pending native slash-command claim should stay `evidenceLevel: external-required` until a real host invocation record exists.
47
+
48
+ ## Gate 1: Result
49
+
50
+ `result` means the requested artifact or change exists.
51
+
52
+ Enough evidence:
53
+
54
+ - File, script, template, reference, commit, report, screenshot, or generated output exists.
55
+ - The change is scoped to the requested slice.
56
+ - The agent can point to the exact path or output.
57
+
58
+ Not enough for `result`:
59
+
60
+ - A plan to create the artifact.
61
+ - A final answer describing what would be changed.
62
+ - A command that was intended to write a file but did not confirm the file exists.
63
+
64
+ Example:
65
+
66
+ - `scripts/audit-gse.mjs` exists: result.
67
+ - `.gse/project-profile.md` was written in a temp fixture: result.
68
+
69
+ ## Gate 2: Verified
70
+
71
+ `verified` means the result was checked against acceptance criteria with evidence appropriate to the risk.
72
+
73
+ Enough evidence:
74
+
75
+ - Focused test, smoke, structure check, build, typecheck, lint, browser check, API check, or manual inspection directly covers the acceptance criteria.
76
+ - The command output or inspected artifact proves the expected behavior.
77
+ - Known residual risk is recorded.
78
+
79
+ Not enough for `verified`:
80
+
81
+ - The file exists but was not inspected.
82
+ - A broad test passed but does not cover the changed behavior.
83
+ - A command ran without checking the relevant output.
84
+ - A tool is merely configured or documented but not run.
85
+ - The agent says it looks right without evidence.
86
+
87
+ Example:
88
+
89
+ - `audit-gse.mjs` reports `GSE-C04` as `strong (2/2, score 1)` after adding `router.md`: verified for the router structural criterion.
90
+ - A project profile lists Playwright as `documented` because config exists: not verified tool availability.
91
+
92
+ ## Gate 3: Accepted
93
+
94
+ `accepted` means the verified result has been accepted by the required authority.
95
+
96
+ Enough evidence:
97
+
98
+ - The user explicitly accepts the result.
99
+ - A required reviewer or gate approves it.
100
+ - A release, archive, or project process marks it accepted.
101
+ - A pre-defined acceptance policy says verified evidence is sufficient for this task level.
102
+
103
+ Not enough for `accepted`:
104
+
105
+ - The agent is satisfied.
106
+ - The result passed a local smoke but no acceptance policy says that is enough.
107
+ - The user has not reviewed a user-facing, policy, release, or irreversible change when review is required.
108
+
109
+ Example:
110
+
111
+ - A focused smoke passes for an internal script: can be accepted by policy if the task is Lite or Standard and no human approval is required.
112
+ - A release plan or public workflow change usually needs explicit human acceptance or release-gate acceptance.
113
+
114
+ ## Required Evidence Record
115
+
81
116
  Every non-trivial GSE slice should record:
82
-
83
- ```text
84
- Outcome:
85
- Scope:
86
- Acceptance:
117
+
118
+ ```text
119
+ Outcome:
120
+ Scope:
121
+ Acceptance:
87
122
  Result evidence:
88
123
  Verification evidence:
124
+ Evidence level:
125
+ Required evidence level:
89
126
  Accepted by:
90
127
  Residual risk:
91
128
  Next action:
92
129
  ```
93
-
94
- Use `accepted by: policy` only when the applicable policy is named, such as `Lite focused smoke policy`.
95
-
96
- For project-local GSE updates, scaffold changes, host adapter changes, and release-readiness work, use `assets/templates/update-release-acceptance-record.md` so local decisions preserved, changed files, rollback notes, owner gate, accepted-by status, residual risks, and next action are not lost.
97
-
98
- ## Status Rules
99
-
100
- - `planned`: desired but no result yet.
101
- - `result`: artifact/change exists but has not been verified.
102
- - `verified`: acceptance criteria are directly covered by evidence.
103
- - `accepted`: verified result has user, reviewer, release, archive, or policy acceptance.
104
- - `blocked`: meaningful progress cannot continue and the blocker satisfies the project's blocked rule.
105
-
106
- ## Tool Status Is Separate
107
-
108
- Do not confuse evidence gates with tool availability status.
109
-
110
- - `documented`: a file says a tool or command exists.
111
- - `verified`: the tool or command was actually run or checked.
112
- - `unknown`: no trustworthy evidence yet.
113
- - `unavailable`: expected tool is missing or failing.
114
-
115
- These tool statuses can support the evidence taxonomy, but they do not replace result/verified/accepted gates.
116
-
117
- ## Common Mistakes
118
-
119
- - Treating generated files as verified behavior.
120
- - Treating config presence as a working tool.
121
- - Treating a broad green test as evidence for a narrow change without coverage proof.
122
- - Treating an internal smoke as user acceptance for visible product behavior.
123
- - Updating goal status to complete when the evidence only proves one slice.
130
+
131
+ Use `accepted by: policy` only when the applicable policy is named, such as `Lite focused smoke policy`.
132
+
133
+ For project-local GSE updates, scaffold changes, host adapter changes, and release-readiness work, use `assets/templates/update-release-acceptance-record.md` so local decisions preserved, changed files, rollback notes, owner gate, accepted-by status, residual risks, and next action are not lost.
134
+
135
+ ## Status Rules
136
+
137
+ - `planned`: desired but no result yet.
138
+ - `result`: artifact/change exists but has not been verified.
139
+ - `verified`: acceptance criteria are directly covered by evidence.
140
+ - `accepted`: verified result has user, reviewer, release, archive, or policy acceptance.
141
+ - `blocked`: meaningful progress cannot continue and the blocker satisfies the project's blocked rule.
142
+
143
+ ## Tool Status Is Separate
144
+
145
+ Do not confuse evidence gates with tool availability status.
146
+
147
+ - `documented`: a file says a tool or command exists.
148
+ - `verified`: the tool or command was actually run or checked.
149
+ - `unknown`: no trustworthy evidence yet.
150
+ - `unavailable`: expected tool is missing or failing.
151
+
152
+ These tool statuses can support the evidence taxonomy, but they do not replace result/verified/accepted gates.
153
+
154
+ ## Common Mistakes
155
+
156
+ - Treating generated files as verified behavior.
157
+ - Treating config presence as a working tool.
158
+ - Treating a broad green test as evidence for a narrow change without coverage proof.
159
+ - Treating an internal smoke as user acceptance for visible product behavior.
160
+ - Updating goal status to complete when the evidence only proves one slice.
@@ -1,96 +1,98 @@
1
- # File Ownership And Dirty Worktree
2
-
3
- Use this when GSE work touches files in a dirty worktree, uses real subagents, simulates roles sequentially, or coordinates multiple agents, branches, worktrees, or review loops.
4
-
5
- ## Core Rule
6
-
7
- Protect user work first. Then protect agent work from other agent work.
8
-
9
- A file is not safe to edit just because it is in scope. First inspect whether it already has unrelated changes, generated output, local-only edits, or another active owner.
10
-
11
- ## Ownership Levels
12
-
13
- | Level | Use when | Required action |
14
- |---|---|---|
15
- | Observe | Read-only location, review, QA, code search | Do not write. Report files inspected if useful. |
16
- | Soft claim | One agent edits a small bounded slice | State intended files before editing and keep diff scoped. |
17
- | Explicit claim | Multi-agent work, broad refactor, dirty worktree, shared files | Record owner, allowed files, forbidden files, and release condition. |
18
- | Isolated worktree | Parallel implementation, risky experiment, long-running branch | Use a separate branch/worktree when the project supports git. |
19
-
20
- Level 1 and 2 tasks should not require formal lock files. Escalate only when collision risk is real.
21
-
22
- ## Dirty Worktree Policy
23
-
24
- Before editing implementation or shared docs:
25
-
26
- 1. Check project status with the safest available command, usually `git status --short` when the directory is a git repo.
27
- 2. If the directory is not a git repo, state that git ownership evidence is unavailable and rely on file scope plus timestamps/diff if available.
28
- 3. Identify files already modified before your work.
29
- 4. Treat pre-existing changes as user or another agent changes unless evidence proves otherwise.
30
- 5. Do not revert, overwrite, format, move, or delete unrelated changes.
31
- 6. If the target file is already dirty, inspect it and merge around existing changes. Ask only if the existing change makes the requested edit ambiguous or unsafe.
32
- 7. After editing, verify the final changed-file set matches the slice.
33
-
34
- ## Claim Format
35
-
36
- Use this lightweight claim in dispatch packets, slice notes, or comments when explicit ownership is needed:
37
-
38
- For delegated or role-separated work, prefer `assets/templates/dispatch-packet.md` so the claim also includes objective, context, expected output, verification, and stop conditions.
39
-
40
- ```text
41
- Owner:
42
- Purpose:
43
- Allowed files:
44
- Forbidden files:
45
- Expected edits:
46
- Verification:
47
- Release condition:
48
- ```
49
-
50
- Claims should be short and local to the task. Do not create permanent process artifacts for one-off edits unless the project already requires them.
51
-
52
- ## Subagent And Role Rules
53
-
54
- When real subagent tools exist:
55
-
1
+ # File Ownership And Dirty Worktree
2
+
3
+ Use this when GSE work touches files in a dirty worktree, uses real subagents, simulates roles sequentially, or coordinates multiple agents, branches, worktrees, or review loops.
4
+
5
+ ## Core Rule
6
+
7
+ Protect user work first. Then protect agent work from other agent work.
8
+
9
+ A file is not safe to edit just because it is in scope. First inspect whether it already has unrelated changes, generated output, local-only edits, or another active owner.
10
+
11
+ ## Ownership Levels
12
+
13
+ | Level | Use when | Required action |
14
+ |---|---|---|
15
+ | Observe | Read-only location, review, QA, code search | Do not write. Report files inspected if useful. |
16
+ | Soft claim | One agent edits a small bounded slice | State intended files before editing and keep diff scoped. |
17
+ | Explicit claim | Multi-agent work, broad refactor, dirty worktree, shared files | Record owner, allowed files, forbidden files, and release condition. |
18
+ | Isolated worktree | Parallel implementation, risky experiment, long-running branch | Use a separate branch/worktree when the project supports git. |
19
+
20
+ Level 1 and 2 tasks should not require formal lock files. Escalate only when collision risk is real.
21
+
22
+ ## Dirty Worktree Policy
23
+
24
+ Before editing implementation or shared docs:
25
+
26
+ 1. Check project status with the safest available command, usually `git status --short` when the directory is a git repo.
27
+ 2. If the directory is not a git repo, state that git ownership evidence is unavailable and rely on file scope plus timestamps/diff if available.
28
+ 3. Identify files already modified before your work.
29
+ 4. Treat pre-existing changes as user or another agent changes unless evidence proves otherwise.
30
+ 5. Do not revert, overwrite, format, move, or delete unrelated changes.
31
+ 6. If the target file is already dirty, inspect it and merge around existing changes. Ask only if the existing change makes the requested edit ambiguous or unsafe.
32
+ 7. After editing, verify the final changed-file set matches the slice.
33
+
34
+ ## Claim Format
35
+
36
+ Use this lightweight claim in dispatch packets, slice notes, or comments when explicit ownership is needed:
37
+
38
+ For delegated or role-separated work, prefer `assets/templates/dispatch-packet.md` so the claim also includes objective, context, expected output, verification, and stop conditions.
39
+
40
+ ```text
41
+ Owner:
42
+ Purpose:
43
+ Allowed files:
44
+ Forbidden files:
45
+ Expected edits:
46
+ Verification:
47
+ Release condition:
48
+ ```
49
+
50
+ Claims should be short and local to the task. Do not create permanent process artifacts for one-off edits unless the project already requires them.
51
+
52
+ ## Subagent And Role Rules
53
+
54
+ When real subagent tools exist:
55
+
56
56
  - Give each subagent a role, objective, allowed files, forbidden files, and expected output.
57
57
  - Prefer read-only locator/reviewer/QA roles for broad exploration.
58
- - Do not dispatch parallel builders to the same files or tightly coupled modules.
59
- - Require implementers to report files changed and verification run.
60
- - Run spec review before code-quality review when both exist.
61
- - Coordinator owns final integration and evidence.
62
-
63
- When no real subagent tool exists:
64
-
58
+ - Keep release roles focused on release/public/owner/external claim boundaries unless they are explicitly assigned release-file edits.
59
+ - Do not dispatch parallel builders to the same files or tightly coupled modules.
60
+ - Require implementers to report files changed and verification run.
61
+ - Run spec review before code-quality review when both exist.
62
+ - Coordinator owns final integration and evidence.
63
+
64
+ When no real subagent tool exists:
65
+
65
66
  - Execute roles sequentially in the main session.
66
67
  - Say that no real subagent dispatch occurred if the distinction matters.
67
68
  - Keep the same ownership boundaries: locator is read-only, builder writes assigned files, reviewer is read-only, QA writes evidence only.
69
+ - Verifier records commands and evidence level; release records claim boundaries and external gates.
68
70
  - Do not fake parallelism, independent review, or subagent status.
69
-
70
- ## Shared File Rules
71
-
72
- Shared files include routing docs, config, package manifests, migration files, generated clients, lockfiles, schemas, shared types, and design-system primitives.
73
-
74
- For shared files:
75
-
76
- - Read surrounding patterns before editing.
77
- - Avoid formatting churn.
78
- - Keep behavior and formatting changes separate when feasible.
79
- - Check for generated-file policy before editing generated outputs.
80
- - If multiple slices need the same shared file, serialize edits through the coordinator.
81
-
82
- ## Ownership Conflicts
83
-
84
- If two tasks need the same file:
85
-
86
- 1. Prefer sequencing over parallel edits.
87
- 2. If both are small and related, merge into one slice.
88
- 3. If they are independent but touch the same file, split by branch/worktree or pick one owner.
89
- 4. If an unexpected dirty change appears, stop destructive actions, inspect the diff, and continue only if the merge path is clear.
90
- 5. Record unresolved conflict as a risk or blocker, not as completed work.
91
-
92
- ## Verification Checklist
93
-
71
+
72
+ ## Shared File Rules
73
+
74
+ Shared files include routing docs, config, package manifests, migration files, generated clients, lockfiles, schemas, shared types, and design-system primitives.
75
+
76
+ For shared files:
77
+
78
+ - Read surrounding patterns before editing.
79
+ - Avoid formatting churn.
80
+ - Keep behavior and formatting changes separate when feasible.
81
+ - Check for generated-file policy before editing generated outputs.
82
+ - If multiple slices need the same shared file, serialize edits through the coordinator.
83
+
84
+ ## Ownership Conflicts
85
+
86
+ If two tasks need the same file:
87
+
88
+ 1. Prefer sequencing over parallel edits.
89
+ 2. If both are small and related, merge into one slice.
90
+ 3. If they are independent but touch the same file, split by branch/worktree or pick one owner.
91
+ 4. If an unexpected dirty change appears, stop destructive actions, inspect the diff, and continue only if the merge path is clear.
92
+ 5. Record unresolved conflict as a risk or blocker, not as completed work.
93
+
94
+ ## Verification Checklist
95
+
94
96
  Before claiming completion:
95
97
 
96
98
  - Intended files are the only files changed, or every extra file is explained.
@@ -99,9 +101,11 @@ Before claiming completion:
99
101
  - Subagent work, if any, has role, allowed files, and verification evidence.
100
102
  - The evidence record names focused validation and residual risk.
101
103
 
102
- ## Project Integration
103
-
104
- - `references/agent-roles.md` defines role responsibilities.
105
- - `references/operating-model.md` defines when ownership is checked in the execute loop.
106
- - `references/quality-gates.md` requires dirty-worktree evidence before completion.
107
- - `.gse/project-profile.md` should record project-specific branching, generated-file, and lockfile rules.
104
+ `scripts/audit-close-gate.mjs` reports staged, unstaged, untracked, mixed, conflict, and common generated/test artifact paths so close reviews do not have to infer ownership from prose.
105
+
106
+ ## Project Integration
107
+
108
+ - `references/agent-roles.md` defines role responsibilities.
109
+ - `references/operating-model.md` defines when ownership is checked in the execute loop.
110
+ - `references/quality-gates.md` requires dirty-worktree evidence before completion.
111
+ - `.gse/project-profile.md` should record project-specific branching, generated-file, and lockfile rules.