@t275005746/gse 0.1.0 → 0.1.2
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/.github/ISSUE_TEMPLATE/bug_report.yml +42 -42
- package/.github/ISSUE_TEMPLATE/change_request.yml +50 -50
- package/.github/ISSUE_TEMPLATE/config.yml +5 -5
- package/.github/PULL_REQUEST_TEMPLATE.md +38 -38
- package/.github/workflows/validate-gse.yml +33 -33
- package/.gse/README.md +18 -18
- package/.gse/gse-development-protocol.md +50 -50
- package/.gse/project-profile.md +29 -29
- package/.gse/quality-gates.md +25 -25
- package/.gse/releases/public-registry-publication-npm.md +49 -0
- package/.gse/releases/public-release-owner-required.md +65 -65
- package/.gse/releases/public-security-contact-owner-required.md +45 -45
- package/.gse/state.json +147 -27
- package/CHANGELOG.md +31 -15
- package/CONTRIBUTING.md +64 -64
- package/LICENSE +21 -21
- package/README.md +14 -7
- package/README.zh-CN.md +14 -7
- package/SECURITY.md +41 -41
- package/SKILL.md +32 -12
- package/SUPPORT.md +38 -38
- package/assets/marketplace/README.md +7 -7
- package/assets/marketplace/gse-listing.json +75 -75
- package/assets/templates/acceptance-execution-packet.md +73 -73
- package/assets/templates/adr.md +14 -14
- package/assets/templates/change-brief.md +16 -16
- package/assets/templates/design.md +18 -18
- package/assets/templates/dispatch-packet.md +100 -92
- package/assets/templates/evidence.md +15 -9
- package/assets/templates/execution-quality-pack.md +65 -65
- package/assets/templates/goal-map.md +21 -21
- package/assets/templates/host-adapter.md +48 -48
- package/assets/templates/host-ui-invocation-record.md +42 -42
- package/assets/templates/incident-review.md +60 -60
- package/assets/templates/public-channel-publication-record.md +49 -49
- package/assets/templates/public-ci-run-record.md +53 -53
- package/assets/templates/public-release-record.md +65 -65
- package/assets/templates/public-repository-settings-record.md +59 -59
- package/assets/templates/public-security-contact-record.md +45 -45
- package/assets/templates/release-trust-record.md +32 -32
- package/assets/templates/review.md +18 -18
- package/assets/templates/role-fallback-packet.md +49 -0
- package/assets/templates/spec.md +16 -16
- package/assets/templates/target-adoption-evidence.md +29 -29
- package/assets/templates/tasks.md +17 -17
- package/assets/templates/update-release-acceptance-record.md +58 -58
- package/examples/README.md +22 -22
- package/examples/agent-runtime-host/.claude/gse-adapter.md +6 -6
- package/examples/agent-runtime-host/.codex/gse-adapter.md +7 -7
- package/examples/agent-runtime-host/.gse/goal-map.md +7 -7
- package/examples/agent-runtime-host/.gse/project-profile.md +27 -27
- package/examples/agent-runtime-host/.gse/tooling.md +5 -5
- package/examples/agent-runtime-host/.mcp.json +9 -9
- package/examples/agent-runtime-host/AGENTS.md +5 -5
- package/examples/agent-runtime-host/README.md +10 -10
- package/examples/agent-runtime-host/docs/model-routing.md +5 -5
- package/examples/cli-tool/.gse/project-profile.md +21 -21
- package/examples/cli-tool/AGENTS.md +5 -5
- package/examples/cli-tool/README.md +12 -12
- package/examples/cli-tool/package.json +21 -21
- package/examples/small-app/.env.example +2 -2
- package/examples/small-app/.github/workflows/ci.yml +8 -8
- package/examples/small-app/AGENTS.md +5 -5
- package/examples/small-app/README.md +12 -12
- package/examples/small-app/package.json +26 -26
- package/examples/small-app/playwright.config.ts +4 -4
- package/package.json +52 -44
- package/references/adoption-recipes.md +171 -171
- package/references/agent-roles.md +42 -21
- package/references/architecture-health.md +101 -101
- package/references/benchmark-audit.md +73 -73
- package/references/commands.md +74 -45
- package/references/community-channels.md +46 -46
- package/references/compatibility.md +70 -70
- package/references/design-basis.md +38 -38
- package/references/domain-model.md +129 -129
- package/references/domain-quality-gates.md +75 -75
- package/references/drift-audit.md +81 -80
- package/references/evidence-taxonomy.md +145 -108
- package/references/file-ownership.md +97 -93
- package/references/final-form-roadmap.md +201 -0
- package/references/final-readiness.md +84 -84
- package/references/forward-test.md +133 -133
- package/references/goal-map.md +36 -36
- package/references/host-adapters.md +129 -101
- package/references/learning-system.md +42 -26
- package/references/maintenance-cadence.md +51 -0
- package/references/marketplace-discovery.md +46 -46
- package/references/model-routing.md +103 -103
- package/references/open-source-defaults.md +39 -39
- package/references/operating-model.md +52 -52
- package/references/packaging.md +277 -277
- package/references/project-agent-workspace.md +89 -89
- package/references/project-bootstrap.md +122 -122
- package/references/project-guards.md +52 -0
- package/references/project-profile.md +57 -57
- package/references/public-release.md +174 -174
- package/references/quality-gates.md +96 -89
- package/references/recovery.md +176 -176
- package/references/release-trust.md +43 -43
- package/references/release.md +126 -126
- package/references/review.md +141 -141
- package/references/role-dispatch-fallback.md +54 -0
- package/references/router.md +90 -90
- package/references/spec-workflow.md +66 -66
- package/references/task-levels.md +81 -81
- package/references/tool-adapters.md +80 -70
- package/scripts/audit-acceptance-execution-packet.mjs +133 -133
- package/scripts/audit-adoption-recipes.mjs +99 -99
- package/scripts/audit-change-lifecycle.mjs +77 -77
- package/scripts/audit-change-system.mjs +134 -134
- package/scripts/audit-ci-readiness.mjs +107 -107
- package/scripts/audit-close-gate-hardening.mjs +188 -0
- package/scripts/audit-close-gate.mjs +448 -262
- package/scripts/audit-command-adapters.mjs +91 -91
- package/scripts/audit-command-execution.mjs +212 -199
- package/scripts/audit-commands.mjs +7 -5
- package/scripts/audit-compatibility.mjs +149 -149
- package/scripts/audit-completion-plan-drill.mjs +230 -0
- package/scripts/audit-completion-readiness.mjs +290 -287
- package/scripts/audit-continue-preflight.mjs +234 -0
- package/scripts/audit-distribution.mjs +251 -251
- package/scripts/audit-domain-quality-gates.mjs +108 -108
- package/scripts/audit-evidence-levels.mjs +217 -0
- package/scripts/audit-evidence-placeholders.mjs +126 -126
- package/scripts/audit-evidence-review-queue.mjs +206 -0
- package/scripts/audit-final-acceptance-packet.mjs +9 -9
- package/scripts/audit-final-form-progress-report.mjs +19 -18
- package/scripts/audit-final-form-roadmap.mjs +157 -0
- package/scripts/audit-final-form-stale-copy.mjs +2 -2
- package/scripts/audit-final-readiness-promotion.mjs +255 -255
- package/scripts/audit-final-readiness.mjs +226 -226
- package/scripts/audit-fixtures.mjs +154 -154
- package/scripts/audit-fresh-session-readiness.mjs +177 -177
- package/scripts/audit-host-capabilities.mjs +237 -0
- package/scripts/audit-host-runtime-evidence-handoff.mjs +159 -159
- package/scripts/audit-host-runtime-invocation-drill.mjs +240 -240
- package/scripts/audit-host-runtime-invocations.mjs +254 -254
- package/scripts/audit-host-ui-invocation.mjs +132 -132
- package/scripts/audit-installed-sync.mjs +203 -0
- package/scripts/audit-learning-drift.mjs +292 -0
- package/scripts/audit-learning-promotion.mjs +351 -0
- package/scripts/audit-learning-system.mjs +24 -14
- package/scripts/audit-local-final-form-completion.mjs +11 -10
- package/scripts/audit-maintenance-cadence.mjs +139 -0
- package/scripts/audit-maintenance-snapshot.mjs +181 -0
- package/scripts/audit-marketplace-discovery.mjs +122 -122
- package/scripts/audit-npm-package-metadata.mjs +160 -154
- package/scripts/audit-npm-publish-dry-run.mjs +194 -166
- package/scripts/audit-npm-tarball-install.mjs +195 -189
- package/scripts/audit-open-source-defaults.mjs +92 -92
- package/scripts/audit-open-source-readiness.mjs +97 -97
- package/scripts/audit-owner-external-gate-kit.mjs +12 -11
- package/scripts/audit-project-guards.mjs +189 -0
- package/scripts/audit-project.mjs +144 -141
- package/scripts/audit-public-acceptance-command-dry-run-drill.mjs +203 -203
- package/scripts/audit-public-acceptance-handoff.mjs +10 -10
- package/scripts/audit-public-acceptance-readiness.mjs +222 -222
- package/scripts/audit-public-channel-publication.mjs +248 -248
- package/scripts/audit-public-ci-run.mjs +184 -184
- package/scripts/audit-public-collaboration-templates.mjs +98 -98
- package/scripts/audit-public-external-gate-probe.mjs +206 -206
- package/scripts/audit-public-release-checklist.mjs +17 -15
- package/scripts/audit-public-release-decision.mjs +201 -201
- package/scripts/audit-public-release-metadata.mjs +176 -176
- package/scripts/audit-public-repository-settings.mjs +237 -237
- package/scripts/audit-public-security-contact.mjs +171 -171
- package/scripts/audit-readme-docs.mjs +6 -4
- package/scripts/audit-recovery-readiness.mjs +98 -98
- package/scripts/audit-release-bundle.mjs +13 -11
- package/scripts/audit-release-owner-action-plan-drill.mjs +5 -4
- package/scripts/audit-release-owner-action-plan.mjs +10 -10
- package/scripts/audit-release-readiness.mjs +106 -106
- package/scripts/audit-release-status-manifest.mjs +4 -4
- package/scripts/audit-release-trust.mjs +62 -62
- package/scripts/audit-remote-distribution.mjs +266 -266
- package/scripts/audit-roadmap-consistency.mjs +234 -230
- package/scripts/audit-role-dispatch-fallback.mjs +212 -0
- package/scripts/audit-session-sync.mjs +127 -0
- package/scripts/audit-signing.mjs +147 -147
- package/scripts/audit-state-freshness.mjs +20 -14
- package/scripts/audit-state-repair.mjs +360 -0
- package/scripts/audit-target-adoption-evidence.mjs +117 -117
- package/scripts/audit-target-hardening-drills.mjs +267 -0
- package/scripts/audit-target-project.mjs +507 -507
- package/scripts/audit-tool-fallback-policy.mjs +180 -0
- package/scripts/audit-ui-browser-evidence-policy.mjs +191 -0
- package/scripts/audit-update-release-acceptance.mjs +136 -136
- package/scripts/audit-v1-target-validation.mjs +269 -269
- package/scripts/audit-validation-profiles.mjs +125 -123
- package/scripts/backfill-evidence-levels.mjs +98 -0
- package/scripts/check-encoding.mjs +72 -0
- package/scripts/close-change.mjs +116 -116
- package/scripts/discover-project-profile.mjs +307 -307
- package/scripts/generate-command-adapter.mjs +231 -231
- package/scripts/generate-continue-packet.mjs +1214 -0
- package/scripts/generate-final-acceptance-packet.mjs +188 -173
- package/scripts/generate-final-form-progress-report.mjs +191 -189
- package/scripts/generate-host-runtime-evidence-handoff.mjs +198 -191
- package/scripts/generate-maintenance-snapshot.mjs +216 -0
- package/scripts/generate-owner-external-gate-kit.mjs +295 -295
- package/scripts/generate-public-acceptance-handoff.mjs +168 -156
- package/scripts/generate-public-release-checklist.mjs +207 -207
- package/scripts/generate-release-bundle.mjs +505 -505
- package/scripts/generate-release-owner-action-plan.mjs +172 -171
- package/scripts/generate-release-status-manifest.mjs +199 -198
- package/scripts/generate-session-prompt.mjs +188 -188
- package/scripts/gse.mjs +67 -67
- package/scripts/init-change.mjs +265 -265
- package/scripts/init-project.mjs +793 -712
- package/scripts/install-gse.mjs +234 -234
- package/scripts/lib/evidence-placeholders.mjs +28 -28
- package/scripts/package-gse.mjs +174 -174
- package/scripts/probe-public-external-gates.mjs +167 -167
- package/scripts/record-host-invocation.mjs +151 -151
- package/scripts/record-learning.mjs +37 -8
- package/scripts/record-public-channel-publication.mjs +178 -178
- package/scripts/record-public-ci-run.mjs +180 -180
- package/scripts/record-public-release.mjs +175 -175
- package/scripts/record-public-repository-settings.mjs +209 -209
- package/scripts/record-public-security-contact.mjs +157 -157
- package/scripts/record-session-sync.mjs +87 -0
- package/scripts/run-gse-command.mjs +79 -47
- package/scripts/run-validation-profile.mjs +24 -5
- package/scripts/sign-gse-package.mjs +83 -83
- package/scripts/update-project-state.mjs +223 -223
- package/scripts/validate-gse.mjs +216 -0
- package/scripts/verify-gse-package.mjs +85 -85
|
@@ -0,0 +1,201 @@
|
|
|
1
|
+
# GSE Final Form Roadmap
|
|
2
|
+
|
|
3
|
+
This roadmap defines the final product shape for GSE itself. It is the canonical continuation plan for GSE development after local v1 capability has been proven.
|
|
4
|
+
|
|
5
|
+
The goal is not another patch cycle. Final form means a capable agent can enter a new or existing project, run a short GSE entry command, understand the project, select the next slice, execute with the right level of rigor, prove the result, and carry lessons forward without a long hand-written prompt.
|
|
6
|
+
|
|
7
|
+
## Completion Definition
|
|
8
|
+
|
|
9
|
+
GSE reaches final form when a new agent can enter any supported project and use `/gse continue` to obtain:
|
|
10
|
+
|
|
11
|
+
- the project identity, current goal, active slice, and next action,
|
|
12
|
+
- the required spec, quality gates, and evidence level,
|
|
13
|
+
- the available tools, missing tools, role boundaries, and fallback path,
|
|
14
|
+
- pending owner/external release evidence, plus any optional adapter claims that are not being made,
|
|
15
|
+
- the learning rules that should affect the current run,
|
|
16
|
+
- the exact checks needed before completion can be claimed.
|
|
17
|
+
|
|
18
|
+
Broken state, stale evidence, unsupported tool claims, noisy risk lists, and missing host/runtime evidence must be surfaced before implementation begins.
|
|
19
|
+
|
|
20
|
+
## Final Form Priorities
|
|
21
|
+
|
|
22
|
+
| Priority | Area | Outcome | Acceptance |
|
|
23
|
+
|---|---|---|---|
|
|
24
|
+
| P0 | Short entry takeover | `/gse continue` replaces long goal prompts for mature projects | A project with `.gse/` returns current slice, next action, claim-boundary evidence, and required checks through the portable runner; host-native command evidence is recorded only when a specific host adapter claims it |
|
|
25
|
+
| P1 | State system | Project state is readable, compact, repairable, and not a risk dump | State separates current summary, active slice, top risks, blocked gates, next checks, and archived risk history |
|
|
26
|
+
| P2 | Evidence gate | Claims cannot outrun evidence | Evidence index validity is a preflight gate; bad JSONL, stale records, and downgraded UI/browser proof are labeled before close |
|
|
27
|
+
| P3 | Spec and change lifecycle | GSE provides OpenSpec-style change control without requiring OpenSpec | Change packs move through proposed, active, implemented, verified, accepted, and archived states with goal-map links |
|
|
28
|
+
| P4 | Roles and subagents | GSE provides Superpowers-style execution discipline without requiring a specific subagent host | Planner, locator, implementer, verifier, reviewer, doc/evidence, and release roles have dispatch packets and fallback checklists; process skills do not prove real host dispatch |
|
|
29
|
+
| P5 | Tool and quality gates | Tool use is fast, explicit, and project-aware | LSP/index, browser, Playwright, MCP, CI, package manager, Windows shell, sparse checkout, UTF-8, and project custom gates are preflighted when relevant |
|
|
30
|
+
| P6 | Learning automation | Repeated failures become guards | Lessons dedupe, classify severity, and promote into project quality gates, templates, scripts, or skill updates |
|
|
31
|
+
| P7 | Project init and adapters | New projects get the right scaffold without heavy prerequisites | Lite, Standard, and Enterprise scaffolds create `.gse/` plus optional host pointers for `.codex`, `.claude`, `.mcp`, and similar folders |
|
|
32
|
+
| P8 | Release and distribution | GSE is installable, auditable, and maintainable as an open-source skill product | npm/package install, GitHub release, public CI, security contact, repository settings, registry/marketplace records, bilingual docs, checksums/signing, and update paths are verified or honestly gated |
|
|
33
|
+
| P9 | Benchmark and drills | GSE remains competitive with mature engineering skills | Regular audits compare against OpenSpec, Superpowers/BMAD-style roles, Comet-style phase discipline, and real projects such as AION and MuseFlow |
|
|
34
|
+
| P10 | Final acceptance | Final claims are backed by real evidence at the right claim level | AION doctor, MuseFlow doctor, new-project bootstrap, `/gse continue`, evidence repair, state compaction, role dispatch, learning promotion, package publication, public CI, and portable command execution pass; host-native invocation is optional per host adapter and must be recorded before that adapter claims it |
|
|
35
|
+
|
|
36
|
+
## First Execution Wave
|
|
37
|
+
|
|
38
|
+
1. Done: make `/gse continue` run a hard preflight: state JSON, evidence index, project profile, quality gates, canonical plan, stale risks, and pending owner/external release evidence when the target exposes it.
|
|
39
|
+
2. Done: split `.gse/state.json` into a compact default view and an archived risk/decision history so active sessions do not inherit unreadable residual risk blocks.
|
|
40
|
+
3. Done for continuation: promote evidence index validity from target-project doctor finding to blocking preflight for `/gse continue`; close-gate evidence index validation already remains in place.
|
|
41
|
+
4. Done: add explicit evidence levels for UI/browser/API/CI/owner/release/external proof: `verified-unit`, `verified-component`, `verified-api`, `verified-browser`, `verified-ci`, `accepted-owner`, `accepted-release`, and `external-required`.
|
|
42
|
+
5. Done: convert reusable lessons from AION and MuseFlow into guards: Windows shell syntax, sparse checkout staging, UTF-8-safe Chinese docs, stale evidence, browser-smoke downgrade labeling, no fake subagent dispatch, and non-interrupting cross-thread sync.
|
|
43
|
+
|
|
44
|
+
## Final Form Execution Plan
|
|
45
|
+
|
|
46
|
+
This plan turns the completion definition into ordered implementation waves. It is the working plan for GSE itself, not a project roadmap for projects that use GSE.
|
|
47
|
+
|
|
48
|
+
### Wave 1 - Short Entry And State Control
|
|
49
|
+
|
|
50
|
+
Outcome: mature projects can resume from a short `/gse continue` entry instead of a long hand-written prompt.
|
|
51
|
+
|
|
52
|
+
Status: verified; the hard preflight, compact state packet, completion plan, project guards, explicit evidence levels, role fallback readiness, and state/evidence repair path are verified. Native host slash-command evidence is an optional adapter claim, not a GSE core completion gate.
|
|
53
|
+
|
|
54
|
+
Completed slices:
|
|
55
|
+
|
|
56
|
+
- Done: `completionPlan` gives future agents exact required close steps, required close commands, and active conditional commands for encoding, installed-sync, maintenance snapshot, release bundle, and session sync.
|
|
57
|
+
- Done: completionPlan drill audit verifies clean worktrees have no false active conditionals and dirty docs/scripts/references/acceptance/evidence changes activate the expected close checks.
|
|
58
|
+
- Done: state repair path provides `/gse repair`, `CP14`, and concrete repair actions for stale state, bad JSONL, missing evidence files, next-action drift, and overlong residual risks.
|
|
59
|
+
- Done: `gateTaxonomy` separates core workflow blockers from release gates and host-adapter claim gates in `/gse continue` compact state.
|
|
60
|
+
- Done: generated/noisy artifacts stay visible in `/gse continue` as ignored paths but no longer count as actionable changes or trigger conditional close commands by themselves.
|
|
61
|
+
- Done: active residual risks and archived risk history are counted separately so `/gse continue` does not make historical risk archive entries look like current blockers.
|
|
62
|
+
- Done: the human-facing `/gse continue` prompt is a short action packet with project, root, slice, next action, close summary, risk summary, gate boundary, and do-step instead of long explanatory prose.
|
|
63
|
+
|
|
64
|
+
Acceptance:
|
|
65
|
+
|
|
66
|
+
- `/gse continue` shows current slice, next action, top risks, claim-boundary evidence, required checks, relevant guard rules, evidence status, and completion plan.
|
|
67
|
+
- Bad evidence and stale state fail before implementation or return a repair action.
|
|
68
|
+
- Default output stays compact; historical risk detail stays archived.
|
|
69
|
+
|
|
70
|
+
### Wave 2 - Spec, Role, And Execution Discipline
|
|
71
|
+
|
|
72
|
+
Outcome: GSE provides OpenSpec-style change control and Superpowers-style execution discipline without requiring either tool.
|
|
73
|
+
|
|
74
|
+
Status: locally verified for portable execution discipline; role fallback packet outputs, no-fake-dispatch close checks, file-ownership/staged-artifact close checks, and host capability record audits are verified. Real-host dispatch evidence remains host-specific future evidence.
|
|
75
|
+
|
|
76
|
+
Boundary: OpenSpec-style and Superpowers-style workflows define requirements, change control, execution discipline, and review quality. They do not provide native slash commands, subagent dispatch, browser tooling, MCP, LSP, CI, or host UI integration by themselves. GSE follows the same boundary: those capabilities are optional host adapters and must be recorded as host evidence before they are claimed.
|
|
77
|
+
|
|
78
|
+
Required slices:
|
|
79
|
+
|
|
80
|
+
- Change lifecycle hardening: every active change can be opened, verified, closed, archived, and linked back to the goal map.
|
|
81
|
+
- Done: role packet execution fallback: planner, locator, implementer, verifier, reviewer, doc/evidence, and release roles have auditable packet outputs for sequential fallback.
|
|
82
|
+
- Done: no-fake-dispatch guard: close gate blocks real-subagent claims unless the current host/tool status is verified.
|
|
83
|
+
- Done: file ownership and dirty-worktree guard: close gate reports staged, unstaged, untracked, mixed, conflict, and generated/test artifact paths before close.
|
|
84
|
+
|
|
85
|
+
Acceptance:
|
|
86
|
+
|
|
87
|
+
- A real target project can run a change pack from open to archive.
|
|
88
|
+
- Role packets work both with real subagents and sequential fallback.
|
|
89
|
+
- Close gate rejects missing evidence, missing review, fake dispatch, and unrelated staged files when the project can expose that data.
|
|
90
|
+
|
|
91
|
+
### Wave 3 - Learning To Guard Promotion
|
|
92
|
+
|
|
93
|
+
Outcome: repeated user corrections and project failures become reusable engineering controls.
|
|
94
|
+
|
|
95
|
+
Status: locally verified; learning capture, duplicate occurrence counting, deterministic promotion analysis, candidate-only promotion reports, `/gse continue` CP15 visibility, and learning drift detection for promoted-but-unenforced candidates are verified.
|
|
96
|
+
|
|
97
|
+
Completed slices:
|
|
98
|
+
|
|
99
|
+
- Done: learning classifier categorizes lessons by shell, encoding, evidence, browser, git, host-tool, project-rule, and release.
|
|
100
|
+
- Done: duplicate learning capture increments `Occurrences` without appending noisy duplicate entries.
|
|
101
|
+
- Done: promotion paths follow note -> checklist/template -> guard/quality gate -> script/skill.
|
|
102
|
+
- Done: `/gse learn --promote` is read-only by default, `/gse learn --promote --execute` writes candidate-only `.gse/learning-promotions.md`, and `/gse continue` surfaces CP15 learning promotion status.
|
|
103
|
+
|
|
104
|
+
Completed slices:
|
|
105
|
+
|
|
106
|
+
- Done: drift audit detects when promoted learning candidates are not covered by project guards, quality gates, `/gse continue`, `/gse close`, or focused audit scripts.
|
|
107
|
+
|
|
108
|
+
Acceptance:
|
|
109
|
+
|
|
110
|
+
- A lesson can be recorded once, deduped, and promoted into a project guard with evidence.
|
|
111
|
+
- `/gse continue` and `/gse close` both surface promoted high-severity guards.
|
|
112
|
+
- AION/MuseFlow lessons are used as examples but no AION/MuseFlow-specific behavior is hardcoded.
|
|
113
|
+
|
|
114
|
+
### Wave 4 - Tool And Host Runtime Adapters
|
|
115
|
+
|
|
116
|
+
Outcome: GSE stays portable while using available tools aggressively.
|
|
117
|
+
|
|
118
|
+
Completed slices:
|
|
119
|
+
|
|
120
|
+
- Done: host capability audit records track native slash-command, browser, MCP, LSP, subagent, and CI status as `verified`, `documented`, `unknown`, `unavailable`, or `external-required`, with `/gse continue` `CP16` visibility and overclaim checks.
|
|
121
|
+
- Done: target-project hardening drills run GSE doctor, `/gse continue`, close gate, host capability, and learning drift checks against configured real projects without mutating target worktrees.
|
|
122
|
+
- Done: optional tool fallback policy audit verifies markdown fallback and claim boundaries across tool adapters, router, model routing, host adapters, project profile, generated command adapters, continue packet wiring, and validation profiles.
|
|
123
|
+
|
|
124
|
+
Required slices:
|
|
125
|
+
|
|
126
|
+
- Native slash-command evidence: record real host-native `/gse continue` invocation only when a host adapter claims native support.
|
|
127
|
+
- Done: Browser/UI evidence policy: `scripts/audit-ui-browser-evidence-policy.mjs` verifies that `verified-component`, `verified-api`, `verified-browser`, screenshot/visual inspection rules, continue/close downgrade surfacing, and validation wiring stay aligned.
|
|
128
|
+
|
|
129
|
+
Acceptance:
|
|
130
|
+
|
|
131
|
+
- GSE never claims native host support from portable command evidence alone.
|
|
132
|
+
- Browser/UI verification downgrade is labeled before close.
|
|
133
|
+
- Host adapter docs point back to `.gse/` and do not duplicate canonical rules.
|
|
134
|
+
|
|
135
|
+
### Wave 5 - Distribution, Public Trust, And Maintenance
|
|
136
|
+
|
|
137
|
+
Outcome: GSE can be installed, audited, updated, and maintained as an open-source skill product.
|
|
138
|
+
|
|
139
|
+
Required slices:
|
|
140
|
+
|
|
141
|
+
- Public release evidence: repository settings, CI, security contact, registry/package channel, marketplace/catalog, release bundle, checksum/signing, and update path records.
|
|
142
|
+
- Done: Installed skill sync: `scripts/audit-installed-sync.mjs` verifies fresh package output, package metadata/version preservation, source-root privacy, installed-copy hash parity, and installed-copy `/gse maintenance` smoke when `--installed-root` is supplied.
|
|
143
|
+
- Done: Session sync records: `scripts/record-session-sync.mjs` and `scripts/audit-session-sync.mjs` make installed-copy refresh and active-session sync attempts auditable without treating notification as adoption.
|
|
144
|
+
- Public docs hardening: keep README and bilingual docs concise, search-friendly, and free of defensive caveat bloat.
|
|
145
|
+
- Done: Maintenance cadence: `references/maintenance-cadence.md`, `/gse maintenance`, and `scripts/audit-maintenance-cadence.mjs` verify benchmark audit, drift audit, dependency/security review, forward-test, target drill, public acceptance, and installed-skill sync coverage.
|
|
146
|
+
- Done: Maintenance snapshot failure isolation: failed canonical `latest-maintenance-snapshot.json` writes are redirected to `latest-maintenance-snapshot.failed.json` so release-bundle and maintenance freshness loops keep the last passing canonical snapshot.
|
|
147
|
+
|
|
148
|
+
Acceptance:
|
|
149
|
+
|
|
150
|
+
- `validate-gse` passes the appropriate profile for the release stage.
|
|
151
|
+
- Public acceptance rows are accepted only with real owner/external evidence.
|
|
152
|
+
- A clean consumer project can install GSE, run `gse status`, initialize `.gse/`, and execute `/gse continue` through the portable runner.
|
|
153
|
+
|
|
154
|
+
## Current Final-Form Gap List
|
|
155
|
+
|
|
156
|
+
These items should drive future slices only when the claim is being made:
|
|
157
|
+
|
|
158
|
+
- Short entry takeover is verified through the portable runner; `/gse continue` now exposes a compact action prompt, `completionPlan`, `gateTaxonomy`, generated/noisy ignored paths, and active-versus-archived risk counts. Real host-native slash-command evidence is optional per host adapter.
|
|
159
|
+
- Project guards, learning promotion candidates, learning drift status, no-fake-dispatch/file-ownership close checks, host capability records, and target-project hardening drills now surface or execute through portable audits; AION/MuseFlow drill warnings remain project-local readiness signals, not GSE hard failures.
|
|
160
|
+
- Evidence index validity is a hard preflight; evidence level granularity, state/evidence repair actions, and conservative historical evidence-level backfill are implemented.
|
|
161
|
+
- Role fallback packets and host capability records are auditable through scaffold, `/gse continue`, and focused audits; real subagent dispatch still needs current host evidence.
|
|
162
|
+
- Process skills such as OpenSpec, Superpowers, Comet, and GSE provide workflow discipline and portable artifacts; they do not satisfy host-native slash-command, subagent, browser, MCP, LSP, CI, or host UI evidence rows.
|
|
163
|
+
- Learning capture, occurrence counting, classification, candidate promotion, candidate drift detection, and read-only target-project hardening drills are locally verified; remaining gaps are project-specific product evidence and external host evidence.
|
|
164
|
+
- Public/package release mechanics, browser/UI evidence policy, maintenance cadence, installed/package sync freshness checks, active-session sync records, and portable command execution are verified; optional host-native slash-command evidence is recorded only for hosts that actually expose native support.
|
|
165
|
+
- Failed canonical maintenance snapshot writes are isolated from the last passing snapshot; `.failed.json` is the diagnostic surface for failed runs.
|
|
166
|
+
|
|
167
|
+
## Goal Mode Operating Contract
|
|
168
|
+
|
|
169
|
+
Use this when continuing GSE itself in a goal-mode session:
|
|
170
|
+
|
|
171
|
+
```text
|
|
172
|
+
Goal: implement GSE final form as a portable, installable, evidence-driven engineering skill for long-running agent-assisted software projects.
|
|
173
|
+
|
|
174
|
+
Workspace:
|
|
175
|
+
<path-to-gse-repo>
|
|
176
|
+
|
|
177
|
+
Start:
|
|
178
|
+
1. Read the installed GSE `SKILL.md`.
|
|
179
|
+
2. Read .gse/gse-design-master-plan.md, .gse/goal-map.md, .gse/current-slice.md, .gse/state.json, and references/final-form-roadmap.md.
|
|
180
|
+
3. Continue from the current slice and the highest-priority unfinished Final Form roadmap item.
|
|
181
|
+
4. Keep GSE generic. Do not add AION-only or MuseFlow-only behavior; use them as drills and evidence targets.
|
|
182
|
+
|
|
183
|
+
Loop:
|
|
184
|
+
Goal -> Spec -> Execute -> Evidence -> Learn.
|
|
185
|
+
|
|
186
|
+
Slice rule:
|
|
187
|
+
Do one verifiable slice at a time. Each slice must state outcome, scope, acceptance, evidence, risk, and next action. Prefer executable scripts, templates, and gates over prose-only rules.
|
|
188
|
+
|
|
189
|
+
Verification:
|
|
190
|
+
Run the smallest focused audit that proves the slice. For docs-only final-form routing changes, run audit-final-form-roadmap, roadmap consistency, JSON/UTF-8 sanity, and a smoke validation profile. For release or package claims, run the matching release/package audit.
|
|
191
|
+
|
|
192
|
+
Evidence:
|
|
193
|
+
Append evidence to .gse/evidence/YYYY-MM-DD.md and .gse/evidence/index.jsonl. Do not claim public, native host, marketplace, registry, CI, or owner acceptance without matching accepted records.
|
|
194
|
+
|
|
195
|
+
Completion:
|
|
196
|
+
A slice is complete only after focused validation passes, evidence is recorded, state/current-slice/goal-map are updated, and the changes are committed.
|
|
197
|
+
```
|
|
198
|
+
|
|
199
|
+
## Claim Boundary
|
|
200
|
+
|
|
201
|
+
This roadmap is a contract for final-form development, not proof for every optional adapter claim. The live claim boundary remains `references/final-readiness.md` plus `scripts/audit-final-readiness.mjs`.
|
|
@@ -1,84 +1,84 @@
|
|
|
1
|
-
# Final Readiness Matrix
|
|
2
|
-
|
|
3
|
-
Use this when deciding whether GSE can be called open-source-ready, installable, and cross-host usable.
|
|
4
|
-
|
|
5
|
-
This matrix is a claim boundary. It separates local verified capability from owner-required or external evidence. Do not collapse these states into a single "done" label.
|
|
6
|
-
|
|
7
|
-
## Status Vocabulary
|
|
8
|
-
|
|
9
|
-
- `verified`: GSE has current local evidence from scripts, records, or package/install audits.
|
|
10
|
-
- `owner-required`: the owner must make or approve a decision before the claim can become accepted.
|
|
11
|
-
- `external-required`: a marketplace, public registry, host runtime, security contact, CI, or other external system must provide evidence.
|
|
12
|
-
- `not-claimed`: GSE deliberately does not claim this capability.
|
|
13
|
-
|
|
14
|
-
## Readiness Areas
|
|
15
|
-
|
|
16
|
-
The table below describes the baseline/status source for each row. The current truth is computed by `scripts/audit-final-readiness.mjs`; record-driven rows can promote from `owner-required` or `external-required` to `verified` only after accepted evidence records exist.
|
|
17
|
-
|
|
18
|
-
| Area | Accepted claim requires | Status source / baseline |
|
|
19
|
-
|---|---|---|
|
|
20
|
-
| Skill structure | `SKILL.md`, references, scripts, assets, metadata, and validator pass | verified |
|
|
21
|
-
| Project scaffold | `init-project`, project doctor, state, goal map, evidence index, close gate | verified |
|
|
22
|
-
| Local install | package, install, installed-copy validation, package CLI entrypoint, and installed short CLI status command | verified |
|
|
23
|
-
| npm tarball install | real local npm tarball creation, install into a clean consumer project, installed `gse` bin execution, and installed README audit | verified |
|
|
24
|
-
| npm publish dry-run | npm publish dry-run keeps package identity, CLI bin metadata, required runtime files, and integrity fields without harmful metadata auto-correction | verified |
|
|
25
|
-
| URL install | remote URL install, installed-copy validation, URL-installed short CLI status command, manifest integrity, and tamper rejection | verified |
|
|
26
|
-
| Signing | package signing, verification, signed install, and tamper rejection | verified |
|
|
27
|
-
| Open-source collaboration | README, contributing, security, support, changelog, public release metadata | verified |
|
|
28
|
-
| CI workflow template | public repository workflow file plus local CI-readiness audit | verified |
|
|
29
|
-
| Public CI run record | pending and accepted public CI run record mechanics | verified |
|
|
30
|
-
| Public collaboration templates | issue and PR templates that require outcome, scope, evidence, risk, and claim boundaries | verified |
|
|
31
|
-
| Public repository settings record | pending, verified, and accepted repository settings record mechanics | verified |
|
|
32
|
-
| Public CI run | real public CI run URL or status-check evidence | record-driven external gate |
|
|
33
|
-
| Public repository settings | real repository URL, issue/PR settings, branch protection, required checks, and maintainer acceptance | record-driven external gate |
|
|
34
|
-
| License decision | owner-selected license or explicit not-public decision | record-driven owner gate |
|
|
35
|
-
| Public security contact record | pending and accepted public security contact record mechanics | verified |
|
|
36
|
-
| Public security contact | owner-approved vulnerability disclosure path | record-driven owner gate |
|
|
37
|
-
| Public channel publication record | pending, registry publication, and marketplace approval record mechanics | verified |
|
|
38
|
-
| Public registry publication | real public package or registry publication evidence | record-driven external gate |
|
|
39
|
-
| Marketplace approval | real marketplace/catalog approval or publication evidence | record-driven external gate |
|
|
40
|
-
| Portable command execution | `run-gse-command.mjs` command semantics audit | verified |
|
|
41
|
-
| Host adapters | generated adapter files and compatibility matrix audit | verified |
|
|
42
|
-
| Native slash command | verified host invocation record
|
|
43
|
-
| Other host runtime invocation | verified invocation records per host | record-driven external gate |
|
|
44
|
-
|
|
45
|
-
Do not read the baseline column as live status. For example, once the owner-selected license record is accepted, the audit reports `License decision` as `verified` even though the row remains an owner-gated claim type.
|
|
46
|
-
|
|
47
|
-
## Audit Command
|
|
48
|
-
|
|
49
|
-
```text
|
|
50
|
-
node <gse-skill>/scripts/audit-final-readiness.mjs --root <gse-skill>
|
|
51
|
-
```
|
|
52
|
-
|
|
53
|
-
The audit must report external and owner gates as incomplete unless corresponding records exist. It is valid for the audit to pass while still reporting `owner-required` or `external-required`; passing means the matrix is honest and complete, not that every external gate is satisfied.
|
|
54
|
-
|
|
55
|
-
Accepted owner/external records promote final rows only when the record contains accepted evidence and the relevant boundary proof. For example, a public CI row requires an accepted public CI run record with a successful conclusion and required-check proof; a registry row requires accepted publication evidence with registry proof
|
|
56
|
-
|
|
57
|
-
Use the promotion audit to verify that this path still works:
|
|
58
|
-
|
|
59
|
-
```text
|
|
60
|
-
node <gse-skill>/scripts/audit-final-readiness-promotion.mjs --root <gse-skill>
|
|
61
|
-
```
|
|
62
|
-
|
|
63
|
-
## Acceptance Packet
|
|
64
|
-
|
|
65
|
-
When owner-required or external-required rows remain, generate a handoff packet instead of burying follow-up work in prose:
|
|
66
|
-
|
|
67
|
-
```text
|
|
68
|
-
node <gse-skill>/scripts/generate-final-acceptance-packet.mjs --root <gse-skill> --out <gse-skill>/.gse/acceptance/final-acceptance-packet.md --force
|
|
69
|
-
```
|
|
70
|
-
|
|
71
|
-
The packet lists the verified local capabilities, every pending owner/external gate, the exact next evidence action, and the anti-overclaim rules. It is a continuation artifact, not acceptance by itself.
|
|
72
|
-
|
|
73
|
-
## Completion Boundary
|
|
74
|
-
|
|
75
|
-
GSE can be described as locally verified and release-ready for handoff when the matrix passes and the verified rows have evidence.
|
|
76
|
-
|
|
77
|
-
GSE can be described as publicly accepted only after:
|
|
78
|
-
|
|
79
|
-
- owner-selected license or explicit not-public decision is recorded,
|
|
80
|
-
- public security contact policy is approved when public release is intended,
|
|
81
|
-
- public repository settings evidence exists when a public source repository is claimed,
|
|
82
|
-
- public CI run evidence exists when public CI is claimed,
|
|
83
|
-
- registry or marketplace publication evidence exists when those channels are claimed,
|
|
84
|
-
- native slash-command support is recorded per host before it is claimed.
|
|
1
|
+
# Final Readiness Matrix
|
|
2
|
+
|
|
3
|
+
Use this when deciding whether GSE can be called open-source-ready, installable, and cross-host usable.
|
|
4
|
+
|
|
5
|
+
This matrix is a claim boundary. It separates local verified capability from owner-required or external evidence. Do not collapse these states into a single "done" label.
|
|
6
|
+
|
|
7
|
+
## Status Vocabulary
|
|
8
|
+
|
|
9
|
+
- `verified`: GSE has current local evidence from scripts, records, or package/install audits.
|
|
10
|
+
- `owner-required`: the owner must make or approve a decision before the claim can become accepted.
|
|
11
|
+
- `external-required`: a marketplace, public registry, host runtime, security contact, CI, or other external system must provide evidence.
|
|
12
|
+
- `not-claimed`: GSE deliberately does not claim this capability.
|
|
13
|
+
|
|
14
|
+
## Readiness Areas
|
|
15
|
+
|
|
16
|
+
The table below describes the baseline/status source for each row. The current truth is computed by `scripts/audit-final-readiness.mjs`; record-driven rows can promote from `owner-required` or `external-required` to `verified` only after accepted evidence records exist.
|
|
17
|
+
|
|
18
|
+
| Area | Accepted claim requires | Status source / baseline |
|
|
19
|
+
|---|---|---|
|
|
20
|
+
| Skill structure | `SKILL.md`, references, scripts, assets, metadata, and validator pass | verified |
|
|
21
|
+
| Project scaffold | `init-project`, project doctor, state, goal map, evidence index, close gate | verified |
|
|
22
|
+
| Local install | package, install, installed-copy validation, package CLI entrypoint, and installed short CLI status command | verified |
|
|
23
|
+
| npm tarball install | real local npm tarball creation, install into a clean consumer project, installed `gse` bin execution, and installed README audit | verified |
|
|
24
|
+
| npm publish dry-run | npm publish dry-run keeps package identity, CLI bin metadata, required runtime files, and integrity fields without harmful metadata auto-correction | verified |
|
|
25
|
+
| URL install | remote URL install, installed-copy validation, URL-installed short CLI status command, manifest integrity, and tamper rejection | verified |
|
|
26
|
+
| Signing | package signing, verification, signed install, and tamper rejection | verified |
|
|
27
|
+
| Open-source collaboration | README, contributing, security, support, changelog, public release metadata | verified |
|
|
28
|
+
| CI workflow template | public repository workflow file plus local CI-readiness audit | verified |
|
|
29
|
+
| Public CI run record | pending and accepted public CI run record mechanics | verified |
|
|
30
|
+
| Public collaboration templates | issue and PR templates that require outcome, scope, evidence, risk, and claim boundaries | verified |
|
|
31
|
+
| Public repository settings record | pending, verified, and accepted repository settings record mechanics | verified |
|
|
32
|
+
| Public CI run | real public CI run URL or status-check evidence | record-driven external gate |
|
|
33
|
+
| Public repository settings | real repository URL, issue/PR settings, branch protection, required checks, and maintainer acceptance | record-driven external gate |
|
|
34
|
+
| License decision | owner-selected license or explicit not-public decision | record-driven owner gate |
|
|
35
|
+
| Public security contact record | pending and accepted public security contact record mechanics | verified |
|
|
36
|
+
| Public security contact | owner-approved vulnerability disclosure path | record-driven owner gate |
|
|
37
|
+
| Public channel publication record | pending, registry publication, and marketplace approval record mechanics | verified |
|
|
38
|
+
| Public registry publication | real public package or registry publication evidence | record-driven external gate |
|
|
39
|
+
| Marketplace approval | real marketplace/catalog approval or publication evidence | record-driven external gate |
|
|
40
|
+
| Portable command execution | `run-gse-command.mjs` command semantics audit | verified |
|
|
41
|
+
| Host adapters | generated adapter files and compatibility matrix audit | verified |
|
|
42
|
+
| Native slash command | optional per-host adapter claim; verified only if a host invocation record proves native slash support | not claimed by GSE core |
|
|
43
|
+
| Other host runtime invocation | verified invocation records per host | record-driven external gate |
|
|
44
|
+
|
|
45
|
+
Do not read the baseline column as live status. For example, once the owner-selected license record is accepted, the audit reports `License decision` as `verified` even though the row remains an owner-gated claim type.
|
|
46
|
+
|
|
47
|
+
## Audit Command
|
|
48
|
+
|
|
49
|
+
```text
|
|
50
|
+
node <gse-skill>/scripts/audit-final-readiness.mjs --root <gse-skill>
|
|
51
|
+
```
|
|
52
|
+
|
|
53
|
+
The audit must report external and owner gates as incomplete unless corresponding records exist. It is valid for the audit to pass while still reporting `owner-required` or `external-required`; passing means the matrix is honest and complete, not that every external gate is satisfied.
|
|
54
|
+
|
|
55
|
+
Accepted owner/external records promote final rows only when the record contains accepted evidence and the relevant boundary proof. For example, a public CI row requires an accepted public CI run record with a successful conclusion and required-check proof; a registry row requires accepted publication evidence with registry proof. Native slash command support is a per-host optional adapter claim, not a GSE core completion gate; claim it only after a host invocation record proves native slash-command support.
|
|
56
|
+
|
|
57
|
+
Use the promotion audit to verify that this path still works:
|
|
58
|
+
|
|
59
|
+
```text
|
|
60
|
+
node <gse-skill>/scripts/audit-final-readiness-promotion.mjs --root <gse-skill>
|
|
61
|
+
```
|
|
62
|
+
|
|
63
|
+
## Acceptance Packet
|
|
64
|
+
|
|
65
|
+
When owner-required or external-required rows remain, generate a handoff packet instead of burying follow-up work in prose:
|
|
66
|
+
|
|
67
|
+
```text
|
|
68
|
+
node <gse-skill>/scripts/generate-final-acceptance-packet.mjs --root <gse-skill> --out <gse-skill>/.gse/acceptance/final-acceptance-packet.md --force
|
|
69
|
+
```
|
|
70
|
+
|
|
71
|
+
The packet lists the verified local capabilities, every pending owner/external gate, the exact next evidence action, and the anti-overclaim rules. It is a continuation artifact, not acceptance by itself.
|
|
72
|
+
|
|
73
|
+
## Completion Boundary
|
|
74
|
+
|
|
75
|
+
GSE can be described as locally verified and release-ready for handoff when the matrix passes and the verified rows have evidence.
|
|
76
|
+
|
|
77
|
+
GSE can be described as publicly accepted only after:
|
|
78
|
+
|
|
79
|
+
- owner-selected license or explicit not-public decision is recorded,
|
|
80
|
+
- public security contact policy is approved when public release is intended,
|
|
81
|
+
- public repository settings evidence exists when a public source repository is claimed,
|
|
82
|
+
- public CI run evidence exists when public CI is claimed,
|
|
83
|
+
- registry or marketplace publication evidence exists when those channels are claimed,
|
|
84
|
+
- native slash-command support is recorded per host before it is claimed by that host adapter.
|