@t275005746/gse 0.1.0 → 0.1.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (228) hide show
  1. package/.github/ISSUE_TEMPLATE/bug_report.yml +42 -42
  2. package/.github/ISSUE_TEMPLATE/change_request.yml +50 -50
  3. package/.github/ISSUE_TEMPLATE/config.yml +5 -5
  4. package/.github/PULL_REQUEST_TEMPLATE.md +38 -38
  5. package/.github/workflows/validate-gse.yml +33 -33
  6. package/.gse/README.md +18 -18
  7. package/.gse/gse-development-protocol.md +50 -50
  8. package/.gse/project-profile.md +29 -29
  9. package/.gse/quality-gates.md +25 -25
  10. package/.gse/releases/public-registry-publication-npm.md +49 -0
  11. package/.gse/releases/public-release-owner-required.md +65 -65
  12. package/.gse/releases/public-security-contact-owner-required.md +45 -45
  13. package/.gse/state.json +147 -27
  14. package/CHANGELOG.md +31 -15
  15. package/CONTRIBUTING.md +64 -64
  16. package/LICENSE +21 -21
  17. package/README.md +14 -7
  18. package/README.zh-CN.md +14 -7
  19. package/SECURITY.md +41 -41
  20. package/SKILL.md +32 -12
  21. package/SUPPORT.md +38 -38
  22. package/assets/marketplace/README.md +7 -7
  23. package/assets/marketplace/gse-listing.json +75 -75
  24. package/assets/templates/acceptance-execution-packet.md +73 -73
  25. package/assets/templates/adr.md +14 -14
  26. package/assets/templates/change-brief.md +16 -16
  27. package/assets/templates/design.md +18 -18
  28. package/assets/templates/dispatch-packet.md +100 -92
  29. package/assets/templates/evidence.md +15 -9
  30. package/assets/templates/execution-quality-pack.md +65 -65
  31. package/assets/templates/goal-map.md +21 -21
  32. package/assets/templates/host-adapter.md +48 -48
  33. package/assets/templates/host-ui-invocation-record.md +42 -42
  34. package/assets/templates/incident-review.md +60 -60
  35. package/assets/templates/public-channel-publication-record.md +49 -49
  36. package/assets/templates/public-ci-run-record.md +53 -53
  37. package/assets/templates/public-release-record.md +65 -65
  38. package/assets/templates/public-repository-settings-record.md +59 -59
  39. package/assets/templates/public-security-contact-record.md +45 -45
  40. package/assets/templates/release-trust-record.md +32 -32
  41. package/assets/templates/review.md +18 -18
  42. package/assets/templates/role-fallback-packet.md +49 -0
  43. package/assets/templates/spec.md +16 -16
  44. package/assets/templates/target-adoption-evidence.md +29 -29
  45. package/assets/templates/tasks.md +17 -17
  46. package/assets/templates/update-release-acceptance-record.md +58 -58
  47. package/examples/README.md +22 -22
  48. package/examples/agent-runtime-host/.claude/gse-adapter.md +6 -6
  49. package/examples/agent-runtime-host/.codex/gse-adapter.md +7 -7
  50. package/examples/agent-runtime-host/.gse/goal-map.md +7 -7
  51. package/examples/agent-runtime-host/.gse/project-profile.md +27 -27
  52. package/examples/agent-runtime-host/.gse/tooling.md +5 -5
  53. package/examples/agent-runtime-host/.mcp.json +9 -9
  54. package/examples/agent-runtime-host/AGENTS.md +5 -5
  55. package/examples/agent-runtime-host/README.md +10 -10
  56. package/examples/agent-runtime-host/docs/model-routing.md +5 -5
  57. package/examples/cli-tool/.gse/project-profile.md +21 -21
  58. package/examples/cli-tool/AGENTS.md +5 -5
  59. package/examples/cli-tool/README.md +12 -12
  60. package/examples/cli-tool/package.json +21 -21
  61. package/examples/small-app/.env.example +2 -2
  62. package/examples/small-app/.github/workflows/ci.yml +8 -8
  63. package/examples/small-app/AGENTS.md +5 -5
  64. package/examples/small-app/README.md +12 -12
  65. package/examples/small-app/package.json +26 -26
  66. package/examples/small-app/playwright.config.ts +4 -4
  67. package/package.json +52 -44
  68. package/references/adoption-recipes.md +171 -171
  69. package/references/agent-roles.md +42 -21
  70. package/references/architecture-health.md +101 -101
  71. package/references/benchmark-audit.md +73 -73
  72. package/references/commands.md +74 -45
  73. package/references/community-channels.md +46 -46
  74. package/references/compatibility.md +70 -70
  75. package/references/design-basis.md +38 -38
  76. package/references/domain-model.md +129 -129
  77. package/references/domain-quality-gates.md +75 -75
  78. package/references/drift-audit.md +81 -80
  79. package/references/evidence-taxonomy.md +145 -108
  80. package/references/file-ownership.md +97 -93
  81. package/references/final-form-roadmap.md +201 -0
  82. package/references/final-readiness.md +84 -84
  83. package/references/forward-test.md +133 -133
  84. package/references/goal-map.md +36 -36
  85. package/references/host-adapters.md +129 -101
  86. package/references/learning-system.md +42 -26
  87. package/references/maintenance-cadence.md +51 -0
  88. package/references/marketplace-discovery.md +46 -46
  89. package/references/model-routing.md +103 -103
  90. package/references/open-source-defaults.md +39 -39
  91. package/references/operating-model.md +52 -52
  92. package/references/packaging.md +277 -277
  93. package/references/project-agent-workspace.md +89 -89
  94. package/references/project-bootstrap.md +122 -122
  95. package/references/project-guards.md +52 -0
  96. package/references/project-profile.md +57 -57
  97. package/references/public-release.md +174 -174
  98. package/references/quality-gates.md +96 -89
  99. package/references/recovery.md +176 -176
  100. package/references/release-trust.md +43 -43
  101. package/references/release.md +126 -126
  102. package/references/review.md +141 -141
  103. package/references/role-dispatch-fallback.md +54 -0
  104. package/references/router.md +90 -90
  105. package/references/spec-workflow.md +66 -66
  106. package/references/task-levels.md +81 -81
  107. package/references/tool-adapters.md +80 -70
  108. package/scripts/audit-acceptance-execution-packet.mjs +133 -133
  109. package/scripts/audit-adoption-recipes.mjs +99 -99
  110. package/scripts/audit-change-lifecycle.mjs +77 -77
  111. package/scripts/audit-change-system.mjs +134 -134
  112. package/scripts/audit-ci-readiness.mjs +107 -107
  113. package/scripts/audit-close-gate-hardening.mjs +188 -0
  114. package/scripts/audit-close-gate.mjs +448 -262
  115. package/scripts/audit-command-adapters.mjs +91 -91
  116. package/scripts/audit-command-execution.mjs +212 -199
  117. package/scripts/audit-commands.mjs +7 -5
  118. package/scripts/audit-compatibility.mjs +149 -149
  119. package/scripts/audit-completion-plan-drill.mjs +230 -0
  120. package/scripts/audit-completion-readiness.mjs +290 -287
  121. package/scripts/audit-continue-preflight.mjs +234 -0
  122. package/scripts/audit-distribution.mjs +251 -251
  123. package/scripts/audit-domain-quality-gates.mjs +108 -108
  124. package/scripts/audit-evidence-levels.mjs +217 -0
  125. package/scripts/audit-evidence-placeholders.mjs +126 -126
  126. package/scripts/audit-evidence-review-queue.mjs +206 -0
  127. package/scripts/audit-final-acceptance-packet.mjs +9 -9
  128. package/scripts/audit-final-form-progress-report.mjs +19 -18
  129. package/scripts/audit-final-form-roadmap.mjs +157 -0
  130. package/scripts/audit-final-form-stale-copy.mjs +2 -2
  131. package/scripts/audit-final-readiness-promotion.mjs +255 -255
  132. package/scripts/audit-final-readiness.mjs +226 -226
  133. package/scripts/audit-fixtures.mjs +154 -154
  134. package/scripts/audit-fresh-session-readiness.mjs +177 -177
  135. package/scripts/audit-host-capabilities.mjs +237 -0
  136. package/scripts/audit-host-runtime-evidence-handoff.mjs +159 -159
  137. package/scripts/audit-host-runtime-invocation-drill.mjs +240 -240
  138. package/scripts/audit-host-runtime-invocations.mjs +254 -254
  139. package/scripts/audit-host-ui-invocation.mjs +132 -132
  140. package/scripts/audit-installed-sync.mjs +203 -0
  141. package/scripts/audit-learning-drift.mjs +292 -0
  142. package/scripts/audit-learning-promotion.mjs +351 -0
  143. package/scripts/audit-learning-system.mjs +24 -14
  144. package/scripts/audit-local-final-form-completion.mjs +11 -10
  145. package/scripts/audit-maintenance-cadence.mjs +139 -0
  146. package/scripts/audit-maintenance-snapshot.mjs +181 -0
  147. package/scripts/audit-marketplace-discovery.mjs +122 -122
  148. package/scripts/audit-npm-package-metadata.mjs +160 -154
  149. package/scripts/audit-npm-publish-dry-run.mjs +194 -166
  150. package/scripts/audit-npm-tarball-install.mjs +195 -189
  151. package/scripts/audit-open-source-defaults.mjs +92 -92
  152. package/scripts/audit-open-source-readiness.mjs +97 -97
  153. package/scripts/audit-owner-external-gate-kit.mjs +12 -11
  154. package/scripts/audit-project-guards.mjs +189 -0
  155. package/scripts/audit-project.mjs +144 -141
  156. package/scripts/audit-public-acceptance-command-dry-run-drill.mjs +203 -203
  157. package/scripts/audit-public-acceptance-handoff.mjs +10 -10
  158. package/scripts/audit-public-acceptance-readiness.mjs +222 -222
  159. package/scripts/audit-public-channel-publication.mjs +248 -248
  160. package/scripts/audit-public-ci-run.mjs +184 -184
  161. package/scripts/audit-public-collaboration-templates.mjs +98 -98
  162. package/scripts/audit-public-external-gate-probe.mjs +206 -206
  163. package/scripts/audit-public-release-checklist.mjs +17 -15
  164. package/scripts/audit-public-release-decision.mjs +201 -201
  165. package/scripts/audit-public-release-metadata.mjs +176 -176
  166. package/scripts/audit-public-repository-settings.mjs +237 -237
  167. package/scripts/audit-public-security-contact.mjs +171 -171
  168. package/scripts/audit-readme-docs.mjs +6 -4
  169. package/scripts/audit-recovery-readiness.mjs +98 -98
  170. package/scripts/audit-release-bundle.mjs +13 -11
  171. package/scripts/audit-release-owner-action-plan-drill.mjs +5 -4
  172. package/scripts/audit-release-owner-action-plan.mjs +10 -10
  173. package/scripts/audit-release-readiness.mjs +106 -106
  174. package/scripts/audit-release-status-manifest.mjs +4 -4
  175. package/scripts/audit-release-trust.mjs +62 -62
  176. package/scripts/audit-remote-distribution.mjs +266 -266
  177. package/scripts/audit-roadmap-consistency.mjs +234 -230
  178. package/scripts/audit-role-dispatch-fallback.mjs +212 -0
  179. package/scripts/audit-session-sync.mjs +127 -0
  180. package/scripts/audit-signing.mjs +147 -147
  181. package/scripts/audit-state-freshness.mjs +20 -14
  182. package/scripts/audit-state-repair.mjs +360 -0
  183. package/scripts/audit-target-adoption-evidence.mjs +117 -117
  184. package/scripts/audit-target-hardening-drills.mjs +267 -0
  185. package/scripts/audit-target-project.mjs +507 -507
  186. package/scripts/audit-tool-fallback-policy.mjs +180 -0
  187. package/scripts/audit-ui-browser-evidence-policy.mjs +191 -0
  188. package/scripts/audit-update-release-acceptance.mjs +136 -136
  189. package/scripts/audit-v1-target-validation.mjs +269 -269
  190. package/scripts/audit-validation-profiles.mjs +125 -123
  191. package/scripts/backfill-evidence-levels.mjs +98 -0
  192. package/scripts/check-encoding.mjs +72 -0
  193. package/scripts/close-change.mjs +116 -116
  194. package/scripts/discover-project-profile.mjs +307 -307
  195. package/scripts/generate-command-adapter.mjs +231 -231
  196. package/scripts/generate-continue-packet.mjs +1214 -0
  197. package/scripts/generate-final-acceptance-packet.mjs +188 -173
  198. package/scripts/generate-final-form-progress-report.mjs +191 -189
  199. package/scripts/generate-host-runtime-evidence-handoff.mjs +198 -191
  200. package/scripts/generate-maintenance-snapshot.mjs +216 -0
  201. package/scripts/generate-owner-external-gate-kit.mjs +295 -295
  202. package/scripts/generate-public-acceptance-handoff.mjs +168 -156
  203. package/scripts/generate-public-release-checklist.mjs +207 -207
  204. package/scripts/generate-release-bundle.mjs +505 -505
  205. package/scripts/generate-release-owner-action-plan.mjs +172 -171
  206. package/scripts/generate-release-status-manifest.mjs +199 -198
  207. package/scripts/generate-session-prompt.mjs +188 -188
  208. package/scripts/gse.mjs +67 -67
  209. package/scripts/init-change.mjs +265 -265
  210. package/scripts/init-project.mjs +793 -712
  211. package/scripts/install-gse.mjs +234 -234
  212. package/scripts/lib/evidence-placeholders.mjs +28 -28
  213. package/scripts/package-gse.mjs +174 -174
  214. package/scripts/probe-public-external-gates.mjs +167 -167
  215. package/scripts/record-host-invocation.mjs +151 -151
  216. package/scripts/record-learning.mjs +37 -8
  217. package/scripts/record-public-channel-publication.mjs +178 -178
  218. package/scripts/record-public-ci-run.mjs +180 -180
  219. package/scripts/record-public-release.mjs +175 -175
  220. package/scripts/record-public-repository-settings.mjs +209 -209
  221. package/scripts/record-public-security-contact.mjs +157 -157
  222. package/scripts/record-session-sync.mjs +87 -0
  223. package/scripts/run-gse-command.mjs +79 -47
  224. package/scripts/run-validation-profile.mjs +24 -5
  225. package/scripts/sign-gse-package.mjs +83 -83
  226. package/scripts/update-project-state.mjs +223 -223
  227. package/scripts/validate-gse.mjs +216 -0
  228. package/scripts/verify-gse-package.mjs +85 -85
@@ -1,176 +1,176 @@
1
- # Recovery And Handoff
2
-
3
- Use this when work is interrupted, verification fails, a tool or runtime is unavailable, partial edits exist, release rollback may be needed, or a future agent must continue without relying on hidden context.
4
-
5
- Recovery and handoff are part of the evidence loop. The goal is to make the current state understandable, resumable, and reversible.
6
-
7
- ## Trigger Conditions
8
-
9
- Run this protocol when any of these are true:
10
-
11
- - A session is interrupted, refreshed, compacted, or handed to another agent or host.
12
- - A command, tool, MCP server, browser path, model route, subagent dispatch, or verification gate fails unexpectedly.
13
- - The worktree has partial edits, generated artifacts, dirty files, or uncertain ownership.
14
- - A release, migration, rollback, hotfix, incident, or compatibility issue is involved.
15
- - The current agent cannot finish safely within the active slice but has useful evidence or decisions to preserve.
16
- - The user asks to continue from another session, branch, host, or agent.
17
-
18
- Do not create a heavy handoff for a tiny completed edit that already has direct evidence and no residual risk.
19
-
20
- ## Failure Classification
21
-
22
- Classify the situation before deciding the next step.
23
-
24
- | Class | Meaning | Default action |
25
- |---|---|---|
26
- | recoverable failure | A command, test, tool, or assumption failed, but the path is still clear | Record failure, fix smallest cause, rerun focused evidence |
27
- | blocked work | Progress needs user input, missing credentials, unavailable external service, or unavailable required tool | Record blocker, preserve state, ask for the smallest required input |
28
- | rollback required | Current edits or release state are unsafe, misleading, or harmful | Stop new work, identify owned edits, follow project rollback policy |
29
- | handoff required | Another session, agent, host, branch, or future run must continue | Record goal, current state, changed files, evidence, risks, and next action |
30
- | incident recovery | Main path, data, security, privacy, release, or user-visible behavior is broken | Stabilize first, preserve evidence, route through release/incident gates |
31
-
32
- Never hide a failed check by reducing acceptance. Either fix it, mark it as residual risk, or move the slice to not ready.
33
-
34
- ## Resume Or Rollback Decision
35
-
36
- Choose one path and record why:
37
-
38
- - Resume: use when edits are scoped, evidence is trustworthy, and the next verification step is clear.
39
- - Repair: use when a known broken command, test, route, or doc can be fixed inside the current slice.
40
- - Roll back owned edits: use when the current changes are unsafe, contradict scope, or cannot be verified.
41
- - Preserve and hand off: use when meaningful progress exists but completion requires another session, role, host, or external condition.
42
- - Stop and ask: use when user input is required and any assumption would risk data, security, release, or product direction.
43
-
44
- Do not revert user work or unrelated dirty files. Use references/file-ownership.md before rollback or cleanup.
45
-
46
- ## Failed Verification Path
47
-
48
- When verification fails, do not reduce the acceptance bar to make the slice look complete.
49
-
50
- Use this sequence:
51
-
52
- 1. Preserve the failed command, status, and narrow failure reason.
53
- 2. Decide whether the failure invalidates the result, only blocks verification, or exposes unrelated existing risk.
54
- 3. Fix the smallest reusable artifact when the cause is inside the slice.
55
- 4. Re-run the same focused verification before adding new scope.
56
- 5. If the failure cannot be fixed in the slice, mark readiness `not ready` or `result`, record the blocker, and set the next action.
57
-
58
- If the failure concerns release, migration, rollback, public behavior, security/privacy, or data safety, route through `references/release.md` before claiming readiness.
59
-
60
- ## Release Recovery Path
61
-
62
- Use this when release validation, install/update handoff, migration, rollback, compatibility, or incident gates fail.
63
-
64
- Minimum release recovery record:
65
-
66
- ```text
67
- Release scope:
68
- Failed gate:
69
- Release level:
70
- Readiness after failure: not ready | result | verified | accepted
71
- What changed:
72
- What remains safe:
73
- Rollback or resume decision:
74
- Files or artifacts to revert:
75
- Verification to rerun:
76
- Owner or decision needed:
77
- Next action:
78
- ```
79
-
80
- Rules:
81
-
82
- - Do not call a release accepted while a required release gate is failing.
83
- - Prefer file-level revert for low-risk docs/scripts when ownership is clear.
84
- - For generated scaffolds, host adapters, state, schema, runtime config, or compatibility-impacting changes, document downstream regeneration or migration impact.
85
- - If rollback touches user or unrelated files, stop and use `references/file-ownership.md` before changing them.
86
-
87
- ## Incident Follow-Up Path
88
-
89
- Use `assets/templates/incident-review.md` when the recovery involves user-visible breakage, data loss/corruption risk, security/privacy risk, release blocker, repeated failed verification, or a broken main path.
90
-
91
- Incident follow-up must separate:
92
-
93
- - Impact and affected users/systems.
94
- - Timeline and detection signal.
95
- - Root cause and contributing factors.
96
- - Immediate stabilization.
97
- - Verification that proves stabilization.
98
- - Long-term prevention tasks.
99
- - Evidence links and owners.
100
-
101
- Do not turn every failed command into an incident. Use incident review only when the failure has product, release, safety, or repeated-process significance.
102
-
103
- ## Future-Agent Continuation Packet
104
-
105
- When work must continue elsewhere, provide a compact packet that a future agent can run without hidden memory:
106
-
107
- ```text
108
- Goal or spec:
109
- Active slice:
110
- Current evidence status:
111
- Changed files:
112
- Files intentionally untouched:
113
- Commands already run:
114
- Failed or unavailable tools:
115
- Release/recovery decision:
116
- Rollback notes:
117
- Next verification command:
118
- Next action:
119
- ```
120
-
121
- If the handoff is meant to prove fresh-session acceptance, use `references/forward-test.md` and record `accepted by: fresh-session` only after a separate session actually follows the packet.
122
-
123
- ## Minimum Recovery Record
124
-
125
- Use this compact format in evidence logs, handoffs, or final status:
126
-
127
- ```text
128
- Recovery class:
129
- Current objective:
130
- Current state:
131
- Changed files:
132
- Commands run:
133
- Failed or unavailable tools:
134
- Evidence that still holds:
135
- Evidence that is missing or weak:
136
- Rollback or resume decision:
137
- Risks:
138
- Next action:
139
- ```
140
-
141
- Keep command output short. Link to logs or evidence files instead of pasting noisy output.
142
-
143
- ## Handoff Requirements
144
-
145
- A future-agent handoff must include:
146
-
147
- - The active goal or spec and the current slice outcome.
148
- - Files changed and files intentionally left untouched.
149
- - Commands/tests/smokes already run and their result status.
150
- - Known blockers, assumptions, unavailable tools, and residual risk.
151
- - The next concrete action, not a vague instruction to investigate everything.
152
- - Any project-specific rules from `.gse/project-profile.md`, AGENTS.md, or host adapter notes that affected the work.
153
- - Whether the work is result, verified, accepted, blocked, rollback required, or not ready according to references/evidence-taxonomy.md.
154
-
155
- If real subagent tools are unavailable, say so. A sequential-role note or handoff is not real delegation.
156
-
157
- ## Verification After Recovery
158
-
159
- After resuming from recovery or handoff:
160
-
161
- - Re-read the controlling goal, current slice, and project rules before editing.
162
- - Inspect current files instead of trusting the handoff blindly.
163
- - Re-run the smallest focused evidence that proves the recovered path still works.
164
- - Reclassify readiness with references/evidence-taxonomy.md.
165
- - Update the evidence log with what changed since the handoff.
166
-
167
- If evidence changed or contradicted the handoff, prefer current-state evidence.
168
-
169
- ## Integration
170
-
171
- - Use references/file-ownership.md before reverting, moving, deleting, or cleaning files.
172
- - Use references/release.md when recovery affects release, rollback, migration, changelog/release notes, or release acceptance.
173
- - Use references/quality-gates.md when failed verification, cancellation, retry, or recovery behavior affects completion.
174
- - Use references/review.md when recovery changes code, shared workflow rules, release paths, security/privacy behavior, or user-visible product behavior.
175
- - Use references/forward-test.md when recovery or handoff rules become reusable GSE behavior that future agents must follow.
176
- - Use references/learning-system.md only for reusable lessons; do not log noisy transient failures.
1
+ # Recovery And Handoff
2
+
3
+ Use this when work is interrupted, verification fails, a tool or runtime is unavailable, partial edits exist, release rollback may be needed, or a future agent must continue without relying on hidden context.
4
+
5
+ Recovery and handoff are part of the evidence loop. The goal is to make the current state understandable, resumable, and reversible.
6
+
7
+ ## Trigger Conditions
8
+
9
+ Run this protocol when any of these are true:
10
+
11
+ - A session is interrupted, refreshed, compacted, or handed to another agent or host.
12
+ - A command, tool, MCP server, browser path, model route, subagent dispatch, or verification gate fails unexpectedly.
13
+ - The worktree has partial edits, generated artifacts, dirty files, or uncertain ownership.
14
+ - A release, migration, rollback, hotfix, incident, or compatibility issue is involved.
15
+ - The current agent cannot finish safely within the active slice but has useful evidence or decisions to preserve.
16
+ - The user asks to continue from another session, branch, host, or agent.
17
+
18
+ Do not create a heavy handoff for a tiny completed edit that already has direct evidence and no residual risk.
19
+
20
+ ## Failure Classification
21
+
22
+ Classify the situation before deciding the next step.
23
+
24
+ | Class | Meaning | Default action |
25
+ |---|---|---|
26
+ | recoverable failure | A command, test, tool, or assumption failed, but the path is still clear | Record failure, fix smallest cause, rerun focused evidence |
27
+ | blocked work | Progress needs user input, missing credentials, unavailable external service, or unavailable required tool | Record blocker, preserve state, ask for the smallest required input |
28
+ | rollback required | Current edits or release state are unsafe, misleading, or harmful | Stop new work, identify owned edits, follow project rollback policy |
29
+ | handoff required | Another session, agent, host, branch, or future run must continue | Record goal, current state, changed files, evidence, risks, and next action |
30
+ | incident recovery | Main path, data, security, privacy, release, or user-visible behavior is broken | Stabilize first, preserve evidence, route through release/incident gates |
31
+
32
+ Never hide a failed check by reducing acceptance. Either fix it, mark it as residual risk, or move the slice to not ready.
33
+
34
+ ## Resume Or Rollback Decision
35
+
36
+ Choose one path and record why:
37
+
38
+ - Resume: use when edits are scoped, evidence is trustworthy, and the next verification step is clear.
39
+ - Repair: use when a known broken command, test, route, or doc can be fixed inside the current slice.
40
+ - Roll back owned edits: use when the current changes are unsafe, contradict scope, or cannot be verified.
41
+ - Preserve and hand off: use when meaningful progress exists but completion requires another session, role, host, or external condition.
42
+ - Stop and ask: use when user input is required and any assumption would risk data, security, release, or product direction.
43
+
44
+ Do not revert user work or unrelated dirty files. Use references/file-ownership.md before rollback or cleanup.
45
+
46
+ ## Failed Verification Path
47
+
48
+ When verification fails, do not reduce the acceptance bar to make the slice look complete.
49
+
50
+ Use this sequence:
51
+
52
+ 1. Preserve the failed command, status, and narrow failure reason.
53
+ 2. Decide whether the failure invalidates the result, only blocks verification, or exposes unrelated existing risk.
54
+ 3. Fix the smallest reusable artifact when the cause is inside the slice.
55
+ 4. Re-run the same focused verification before adding new scope.
56
+ 5. If the failure cannot be fixed in the slice, mark readiness `not ready` or `result`, record the blocker, and set the next action.
57
+
58
+ If the failure concerns release, migration, rollback, public behavior, security/privacy, or data safety, route through `references/release.md` before claiming readiness.
59
+
60
+ ## Release Recovery Path
61
+
62
+ Use this when release validation, install/update handoff, migration, rollback, compatibility, or incident gates fail.
63
+
64
+ Minimum release recovery record:
65
+
66
+ ```text
67
+ Release scope:
68
+ Failed gate:
69
+ Release level:
70
+ Readiness after failure: not ready | result | verified | accepted
71
+ What changed:
72
+ What remains safe:
73
+ Rollback or resume decision:
74
+ Files or artifacts to revert:
75
+ Verification to rerun:
76
+ Owner or decision needed:
77
+ Next action:
78
+ ```
79
+
80
+ Rules:
81
+
82
+ - Do not call a release accepted while a required release gate is failing.
83
+ - Prefer file-level revert for low-risk docs/scripts when ownership is clear.
84
+ - For generated scaffolds, host adapters, state, schema, runtime config, or compatibility-impacting changes, document downstream regeneration or migration impact.
85
+ - If rollback touches user or unrelated files, stop and use `references/file-ownership.md` before changing them.
86
+
87
+ ## Incident Follow-Up Path
88
+
89
+ Use `assets/templates/incident-review.md` when the recovery involves user-visible breakage, data loss/corruption risk, security/privacy risk, release blocker, repeated failed verification, or a broken main path.
90
+
91
+ Incident follow-up must separate:
92
+
93
+ - Impact and affected users/systems.
94
+ - Timeline and detection signal.
95
+ - Root cause and contributing factors.
96
+ - Immediate stabilization.
97
+ - Verification that proves stabilization.
98
+ - Long-term prevention tasks.
99
+ - Evidence links and owners.
100
+
101
+ Do not turn every failed command into an incident. Use incident review only when the failure has product, release, safety, or repeated-process significance.
102
+
103
+ ## Future-Agent Continuation Packet
104
+
105
+ When work must continue elsewhere, provide a compact packet that a future agent can run without hidden memory:
106
+
107
+ ```text
108
+ Goal or spec:
109
+ Active slice:
110
+ Current evidence status:
111
+ Changed files:
112
+ Files intentionally untouched:
113
+ Commands already run:
114
+ Failed or unavailable tools:
115
+ Release/recovery decision:
116
+ Rollback notes:
117
+ Next verification command:
118
+ Next action:
119
+ ```
120
+
121
+ If the handoff is meant to prove fresh-session acceptance, use `references/forward-test.md` and record `accepted by: fresh-session` only after a separate session actually follows the packet.
122
+
123
+ ## Minimum Recovery Record
124
+
125
+ Use this compact format in evidence logs, handoffs, or final status:
126
+
127
+ ```text
128
+ Recovery class:
129
+ Current objective:
130
+ Current state:
131
+ Changed files:
132
+ Commands run:
133
+ Failed or unavailable tools:
134
+ Evidence that still holds:
135
+ Evidence that is missing or weak:
136
+ Rollback or resume decision:
137
+ Risks:
138
+ Next action:
139
+ ```
140
+
141
+ Keep command output short. Link to logs or evidence files instead of pasting noisy output.
142
+
143
+ ## Handoff Requirements
144
+
145
+ A future-agent handoff must include:
146
+
147
+ - The active goal or spec and the current slice outcome.
148
+ - Files changed and files intentionally left untouched.
149
+ - Commands/tests/smokes already run and their result status.
150
+ - Known blockers, assumptions, unavailable tools, and residual risk.
151
+ - The next concrete action, not a vague instruction to investigate everything.
152
+ - Any project-specific rules from `.gse/project-profile.md`, AGENTS.md, or host adapter notes that affected the work.
153
+ - Whether the work is result, verified, accepted, blocked, rollback required, or not ready according to references/evidence-taxonomy.md.
154
+
155
+ If real subagent tools are unavailable, say so. A sequential-role note or handoff is not real delegation.
156
+
157
+ ## Verification After Recovery
158
+
159
+ After resuming from recovery or handoff:
160
+
161
+ - Re-read the controlling goal, current slice, and project rules before editing.
162
+ - Inspect current files instead of trusting the handoff blindly.
163
+ - Re-run the smallest focused evidence that proves the recovered path still works.
164
+ - Reclassify readiness with references/evidence-taxonomy.md.
165
+ - Update the evidence log with what changed since the handoff.
166
+
167
+ If evidence changed or contradicted the handoff, prefer current-state evidence.
168
+
169
+ ## Integration
170
+
171
+ - Use references/file-ownership.md before reverting, moving, deleting, or cleaning files.
172
+ - Use references/release.md when recovery affects release, rollback, migration, changelog/release notes, or release acceptance.
173
+ - Use references/quality-gates.md when failed verification, cancellation, retry, or recovery behavior affects completion.
174
+ - Use references/review.md when recovery changes code, shared workflow rules, release paths, security/privacy behavior, or user-visible product behavior.
175
+ - Use references/forward-test.md when recovery or handoff rules become reusable GSE behavior that future agents must follow.
176
+ - Use references/learning-system.md only for reusable lessons; do not log noisy transient failures.
@@ -1,43 +1,43 @@
1
- # Release Trust
2
-
3
- Use this when preparing GSE for public, shared, or marketplace-style distribution.
4
-
5
- GSE signing mechanics prove that a package matches a signed manifest. They do not prove maintainer identity, public key custody, account security, or marketplace trust. Treat those as release governance.
6
-
7
- ## Required Release Trust Record
8
-
9
- For every public release, record:
10
-
11
- - Release label and package digest.
12
- - Public key fingerprint.
13
- - Maintainer or release owner.
14
- - Signing machine or signing environment.
15
- - Key custody location.
16
- - Rotation policy.
17
- - Revocation path if a key is compromised.
18
- - Verification command used by a fresh install.
19
- - Accepted by owner or release authority.
20
-
21
- Use `assets/templates/release-trust-record.md`.
22
-
23
- ## Key Custody Rules
24
-
25
- Key custody is a release owner responsibility.
26
-
27
- - Do not commit private keys.
28
- - Do not package private keys.
29
- - Do not generate production keys inside a temporary audit folder.
30
- - Store production private keys in a host secret store, hardware-backed key store, or explicitly approved private release environment.
31
- - Publish public keys and fingerprints with release notes.
32
- - Rotate keys when custody changes, maintainer access changes, or compromise is suspected.
33
- - Keep an owner-approved revocation note for retired keys.
34
-
35
- ## Verification Rules
36
-
37
- A release can claim:
38
-
39
- - `signed`: a package signature exists.
40
- - `verified`: `verify-gse-package.mjs` passes against the published public key.
41
- - `trusted`: signed and verified, with an owner-accepted release trust record.
42
-
43
- Do not claim `trusted` from signing alone.
1
+ # Release Trust
2
+
3
+ Use this when preparing GSE for public, shared, or marketplace-style distribution.
4
+
5
+ GSE signing mechanics prove that a package matches a signed manifest. They do not prove maintainer identity, public key custody, account security, or marketplace trust. Treat those as release governance.
6
+
7
+ ## Required Release Trust Record
8
+
9
+ For every public release, record:
10
+
11
+ - Release label and package digest.
12
+ - Public key fingerprint.
13
+ - Maintainer or release owner.
14
+ - Signing machine or signing environment.
15
+ - Key custody location.
16
+ - Rotation policy.
17
+ - Revocation path if a key is compromised.
18
+ - Verification command used by a fresh install.
19
+ - Accepted by owner or release authority.
20
+
21
+ Use `assets/templates/release-trust-record.md`.
22
+
23
+ ## Key Custody Rules
24
+
25
+ Key custody is a release owner responsibility.
26
+
27
+ - Do not commit private keys.
28
+ - Do not package private keys.
29
+ - Do not generate production keys inside a temporary audit folder.
30
+ - Store production private keys in a host secret store, hardware-backed key store, or explicitly approved private release environment.
31
+ - Publish public keys and fingerprints with release notes.
32
+ - Rotate keys when custody changes, maintainer access changes, or compromise is suspected.
33
+ - Keep an owner-approved revocation note for retired keys.
34
+
35
+ ## Verification Rules
36
+
37
+ A release can claim:
38
+
39
+ - `signed`: a package signature exists.
40
+ - `verified`: `verify-gse-package.mjs` passes against the published public key.
41
+ - `trusted`: signed and verified, with an owner-accepted release trust record.
42
+
43
+ Do not claim `trusted` from signing alone.