@t275005746/gse 0.1.0 → 0.1.2
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/.github/ISSUE_TEMPLATE/bug_report.yml +42 -42
- package/.github/ISSUE_TEMPLATE/change_request.yml +50 -50
- package/.github/ISSUE_TEMPLATE/config.yml +5 -5
- package/.github/PULL_REQUEST_TEMPLATE.md +38 -38
- package/.github/workflows/validate-gse.yml +33 -33
- package/.gse/README.md +18 -18
- package/.gse/gse-development-protocol.md +50 -50
- package/.gse/project-profile.md +29 -29
- package/.gse/quality-gates.md +25 -25
- package/.gse/releases/public-registry-publication-npm.md +49 -0
- package/.gse/releases/public-release-owner-required.md +65 -65
- package/.gse/releases/public-security-contact-owner-required.md +45 -45
- package/.gse/state.json +147 -27
- package/CHANGELOG.md +31 -15
- package/CONTRIBUTING.md +64 -64
- package/LICENSE +21 -21
- package/README.md +14 -7
- package/README.zh-CN.md +14 -7
- package/SECURITY.md +41 -41
- package/SKILL.md +32 -12
- package/SUPPORT.md +38 -38
- package/assets/marketplace/README.md +7 -7
- package/assets/marketplace/gse-listing.json +75 -75
- package/assets/templates/acceptance-execution-packet.md +73 -73
- package/assets/templates/adr.md +14 -14
- package/assets/templates/change-brief.md +16 -16
- package/assets/templates/design.md +18 -18
- package/assets/templates/dispatch-packet.md +100 -92
- package/assets/templates/evidence.md +15 -9
- package/assets/templates/execution-quality-pack.md +65 -65
- package/assets/templates/goal-map.md +21 -21
- package/assets/templates/host-adapter.md +48 -48
- package/assets/templates/host-ui-invocation-record.md +42 -42
- package/assets/templates/incident-review.md +60 -60
- package/assets/templates/public-channel-publication-record.md +49 -49
- package/assets/templates/public-ci-run-record.md +53 -53
- package/assets/templates/public-release-record.md +65 -65
- package/assets/templates/public-repository-settings-record.md +59 -59
- package/assets/templates/public-security-contact-record.md +45 -45
- package/assets/templates/release-trust-record.md +32 -32
- package/assets/templates/review.md +18 -18
- package/assets/templates/role-fallback-packet.md +49 -0
- package/assets/templates/spec.md +16 -16
- package/assets/templates/target-adoption-evidence.md +29 -29
- package/assets/templates/tasks.md +17 -17
- package/assets/templates/update-release-acceptance-record.md +58 -58
- package/examples/README.md +22 -22
- package/examples/agent-runtime-host/.claude/gse-adapter.md +6 -6
- package/examples/agent-runtime-host/.codex/gse-adapter.md +7 -7
- package/examples/agent-runtime-host/.gse/goal-map.md +7 -7
- package/examples/agent-runtime-host/.gse/project-profile.md +27 -27
- package/examples/agent-runtime-host/.gse/tooling.md +5 -5
- package/examples/agent-runtime-host/.mcp.json +9 -9
- package/examples/agent-runtime-host/AGENTS.md +5 -5
- package/examples/agent-runtime-host/README.md +10 -10
- package/examples/agent-runtime-host/docs/model-routing.md +5 -5
- package/examples/cli-tool/.gse/project-profile.md +21 -21
- package/examples/cli-tool/AGENTS.md +5 -5
- package/examples/cli-tool/README.md +12 -12
- package/examples/cli-tool/package.json +21 -21
- package/examples/small-app/.env.example +2 -2
- package/examples/small-app/.github/workflows/ci.yml +8 -8
- package/examples/small-app/AGENTS.md +5 -5
- package/examples/small-app/README.md +12 -12
- package/examples/small-app/package.json +26 -26
- package/examples/small-app/playwright.config.ts +4 -4
- package/package.json +52 -44
- package/references/adoption-recipes.md +171 -171
- package/references/agent-roles.md +42 -21
- package/references/architecture-health.md +101 -101
- package/references/benchmark-audit.md +73 -73
- package/references/commands.md +74 -45
- package/references/community-channels.md +46 -46
- package/references/compatibility.md +70 -70
- package/references/design-basis.md +38 -38
- package/references/domain-model.md +129 -129
- package/references/domain-quality-gates.md +75 -75
- package/references/drift-audit.md +81 -80
- package/references/evidence-taxonomy.md +145 -108
- package/references/file-ownership.md +97 -93
- package/references/final-form-roadmap.md +201 -0
- package/references/final-readiness.md +84 -84
- package/references/forward-test.md +133 -133
- package/references/goal-map.md +36 -36
- package/references/host-adapters.md +129 -101
- package/references/learning-system.md +42 -26
- package/references/maintenance-cadence.md +51 -0
- package/references/marketplace-discovery.md +46 -46
- package/references/model-routing.md +103 -103
- package/references/open-source-defaults.md +39 -39
- package/references/operating-model.md +52 -52
- package/references/packaging.md +277 -277
- package/references/project-agent-workspace.md +89 -89
- package/references/project-bootstrap.md +122 -122
- package/references/project-guards.md +52 -0
- package/references/project-profile.md +57 -57
- package/references/public-release.md +174 -174
- package/references/quality-gates.md +96 -89
- package/references/recovery.md +176 -176
- package/references/release-trust.md +43 -43
- package/references/release.md +126 -126
- package/references/review.md +141 -141
- package/references/role-dispatch-fallback.md +54 -0
- package/references/router.md +90 -90
- package/references/spec-workflow.md +66 -66
- package/references/task-levels.md +81 -81
- package/references/tool-adapters.md +80 -70
- package/scripts/audit-acceptance-execution-packet.mjs +133 -133
- package/scripts/audit-adoption-recipes.mjs +99 -99
- package/scripts/audit-change-lifecycle.mjs +77 -77
- package/scripts/audit-change-system.mjs +134 -134
- package/scripts/audit-ci-readiness.mjs +107 -107
- package/scripts/audit-close-gate-hardening.mjs +188 -0
- package/scripts/audit-close-gate.mjs +448 -262
- package/scripts/audit-command-adapters.mjs +91 -91
- package/scripts/audit-command-execution.mjs +212 -199
- package/scripts/audit-commands.mjs +7 -5
- package/scripts/audit-compatibility.mjs +149 -149
- package/scripts/audit-completion-plan-drill.mjs +230 -0
- package/scripts/audit-completion-readiness.mjs +290 -287
- package/scripts/audit-continue-preflight.mjs +234 -0
- package/scripts/audit-distribution.mjs +251 -251
- package/scripts/audit-domain-quality-gates.mjs +108 -108
- package/scripts/audit-evidence-levels.mjs +217 -0
- package/scripts/audit-evidence-placeholders.mjs +126 -126
- package/scripts/audit-evidence-review-queue.mjs +206 -0
- package/scripts/audit-final-acceptance-packet.mjs +9 -9
- package/scripts/audit-final-form-progress-report.mjs +19 -18
- package/scripts/audit-final-form-roadmap.mjs +157 -0
- package/scripts/audit-final-form-stale-copy.mjs +2 -2
- package/scripts/audit-final-readiness-promotion.mjs +255 -255
- package/scripts/audit-final-readiness.mjs +226 -226
- package/scripts/audit-fixtures.mjs +154 -154
- package/scripts/audit-fresh-session-readiness.mjs +177 -177
- package/scripts/audit-host-capabilities.mjs +237 -0
- package/scripts/audit-host-runtime-evidence-handoff.mjs +159 -159
- package/scripts/audit-host-runtime-invocation-drill.mjs +240 -240
- package/scripts/audit-host-runtime-invocations.mjs +254 -254
- package/scripts/audit-host-ui-invocation.mjs +132 -132
- package/scripts/audit-installed-sync.mjs +203 -0
- package/scripts/audit-learning-drift.mjs +292 -0
- package/scripts/audit-learning-promotion.mjs +351 -0
- package/scripts/audit-learning-system.mjs +24 -14
- package/scripts/audit-local-final-form-completion.mjs +11 -10
- package/scripts/audit-maintenance-cadence.mjs +139 -0
- package/scripts/audit-maintenance-snapshot.mjs +181 -0
- package/scripts/audit-marketplace-discovery.mjs +122 -122
- package/scripts/audit-npm-package-metadata.mjs +160 -154
- package/scripts/audit-npm-publish-dry-run.mjs +194 -166
- package/scripts/audit-npm-tarball-install.mjs +195 -189
- package/scripts/audit-open-source-defaults.mjs +92 -92
- package/scripts/audit-open-source-readiness.mjs +97 -97
- package/scripts/audit-owner-external-gate-kit.mjs +12 -11
- package/scripts/audit-project-guards.mjs +189 -0
- package/scripts/audit-project.mjs +144 -141
- package/scripts/audit-public-acceptance-command-dry-run-drill.mjs +203 -203
- package/scripts/audit-public-acceptance-handoff.mjs +10 -10
- package/scripts/audit-public-acceptance-readiness.mjs +222 -222
- package/scripts/audit-public-channel-publication.mjs +248 -248
- package/scripts/audit-public-ci-run.mjs +184 -184
- package/scripts/audit-public-collaboration-templates.mjs +98 -98
- package/scripts/audit-public-external-gate-probe.mjs +206 -206
- package/scripts/audit-public-release-checklist.mjs +17 -15
- package/scripts/audit-public-release-decision.mjs +201 -201
- package/scripts/audit-public-release-metadata.mjs +176 -176
- package/scripts/audit-public-repository-settings.mjs +237 -237
- package/scripts/audit-public-security-contact.mjs +171 -171
- package/scripts/audit-readme-docs.mjs +6 -4
- package/scripts/audit-recovery-readiness.mjs +98 -98
- package/scripts/audit-release-bundle.mjs +13 -11
- package/scripts/audit-release-owner-action-plan-drill.mjs +5 -4
- package/scripts/audit-release-owner-action-plan.mjs +10 -10
- package/scripts/audit-release-readiness.mjs +106 -106
- package/scripts/audit-release-status-manifest.mjs +4 -4
- package/scripts/audit-release-trust.mjs +62 -62
- package/scripts/audit-remote-distribution.mjs +266 -266
- package/scripts/audit-roadmap-consistency.mjs +234 -230
- package/scripts/audit-role-dispatch-fallback.mjs +212 -0
- package/scripts/audit-session-sync.mjs +127 -0
- package/scripts/audit-signing.mjs +147 -147
- package/scripts/audit-state-freshness.mjs +20 -14
- package/scripts/audit-state-repair.mjs +360 -0
- package/scripts/audit-target-adoption-evidence.mjs +117 -117
- package/scripts/audit-target-hardening-drills.mjs +267 -0
- package/scripts/audit-target-project.mjs +507 -507
- package/scripts/audit-tool-fallback-policy.mjs +180 -0
- package/scripts/audit-ui-browser-evidence-policy.mjs +191 -0
- package/scripts/audit-update-release-acceptance.mjs +136 -136
- package/scripts/audit-v1-target-validation.mjs +269 -269
- package/scripts/audit-validation-profiles.mjs +125 -123
- package/scripts/backfill-evidence-levels.mjs +98 -0
- package/scripts/check-encoding.mjs +72 -0
- package/scripts/close-change.mjs +116 -116
- package/scripts/discover-project-profile.mjs +307 -307
- package/scripts/generate-command-adapter.mjs +231 -231
- package/scripts/generate-continue-packet.mjs +1214 -0
- package/scripts/generate-final-acceptance-packet.mjs +188 -173
- package/scripts/generate-final-form-progress-report.mjs +191 -189
- package/scripts/generate-host-runtime-evidence-handoff.mjs +198 -191
- package/scripts/generate-maintenance-snapshot.mjs +216 -0
- package/scripts/generate-owner-external-gate-kit.mjs +295 -295
- package/scripts/generate-public-acceptance-handoff.mjs +168 -156
- package/scripts/generate-public-release-checklist.mjs +207 -207
- package/scripts/generate-release-bundle.mjs +505 -505
- package/scripts/generate-release-owner-action-plan.mjs +172 -171
- package/scripts/generate-release-status-manifest.mjs +199 -198
- package/scripts/generate-session-prompt.mjs +188 -188
- package/scripts/gse.mjs +67 -67
- package/scripts/init-change.mjs +265 -265
- package/scripts/init-project.mjs +793 -712
- package/scripts/install-gse.mjs +234 -234
- package/scripts/lib/evidence-placeholders.mjs +28 -28
- package/scripts/package-gse.mjs +174 -174
- package/scripts/probe-public-external-gates.mjs +167 -167
- package/scripts/record-host-invocation.mjs +151 -151
- package/scripts/record-learning.mjs +37 -8
- package/scripts/record-public-channel-publication.mjs +178 -178
- package/scripts/record-public-ci-run.mjs +180 -180
- package/scripts/record-public-release.mjs +175 -175
- package/scripts/record-public-repository-settings.mjs +209 -209
- package/scripts/record-public-security-contact.mjs +157 -157
- package/scripts/record-session-sync.mjs +87 -0
- package/scripts/run-gse-command.mjs +79 -47
- package/scripts/run-validation-profile.mjs +24 -5
- package/scripts/sign-gse-package.mjs +83 -83
- package/scripts/update-project-state.mjs +223 -223
- package/scripts/validate-gse.mjs +216 -0
- package/scripts/verify-gse-package.mjs +85 -85
|
@@ -1,65 +1,65 @@
|
|
|
1
|
-
# Public Release Record
|
|
2
|
-
|
|
3
|
-
Release name: GSE
|
|
4
|
-
|
|
5
|
-
Release version or label: public-defaults
|
|
6
|
-
|
|
7
|
-
Release date: 2026-07-06
|
|
8
|
-
|
|
9
|
-
Distribution channel: github-public-repo-and-release-planned
|
|
10
|
-
|
|
11
|
-
Release scope: GSE public release metadata and distribution readiness
|
|
12
|
-
|
|
13
|
-
## License
|
|
14
|
-
|
|
15
|
-
License status: selected
|
|
16
|
-
|
|
17
|
-
SPDX identifier: MIT
|
|
18
|
-
|
|
19
|
-
License file: LICENSE
|
|
20
|
-
|
|
21
|
-
Approved by: owner-confirmed-in-current-codex-thread
|
|
22
|
-
|
|
23
|
-
Decision date: 2026-07-07
|
|
24
|
-
|
|
25
|
-
Notes: Owner-selected license decision recorded.
|
|
26
|
-
|
|
27
|
-
## Artifacts
|
|
28
|
-
|
|
29
|
-
Package or source path: <install-skill-dir>
|
|
30
|
-
|
|
31
|
-
Changelog path: CHANGELOG.md
|
|
32
|
-
|
|
33
|
-
Install/update instructions: references/packaging.md
|
|
34
|
-
|
|
35
|
-
Integrity or signing record: references/release-trust.md
|
|
36
|
-
|
|
37
|
-
Marketplace/catalog record: references/marketplace-discovery.md
|
|
38
|
-
|
|
39
|
-
## Verification
|
|
40
|
-
|
|
41
|
-
Validation command: node scripts/validate-gse.mjs --root <skill> --json
|
|
42
|
-
|
|
43
|
-
Validation result: pending current run
|
|
44
|
-
|
|
45
|
-
Focused smoke: scripts/audit-public-release-metadata.mjs
|
|
46
|
-
|
|
47
|
-
Acceptance evidence: Owner license decision accepted; public release still requires remaining public and host evidence.
|
|
48
|
-
|
|
49
|
-
## Risks
|
|
50
|
-
|
|
51
|
-
Known unsupported claims: public marketplace approval, public registry publication, legal suitability, and host-native slash-command runtime support are not implied by this record.
|
|
52
|
-
|
|
53
|
-
Known compatibility limits: host behavior must be verified per host runtime.
|
|
54
|
-
|
|
55
|
-
Rollback or unpublish path: remove public listing/package and publish corrected release record.
|
|
56
|
-
|
|
57
|
-
## Acceptance
|
|
58
|
-
|
|
59
|
-
Evidence status: accepted
|
|
60
|
-
|
|
61
|
-
Accepted by: owner-confirmed-in-current-codex-thread
|
|
62
|
-
|
|
63
|
-
Accepted at: 2026-07-07
|
|
64
|
-
|
|
65
|
-
Next action: Run release validation and preserve acceptance evidence.
|
|
1
|
+
# Public Release Record
|
|
2
|
+
|
|
3
|
+
Release name: GSE
|
|
4
|
+
|
|
5
|
+
Release version or label: public-defaults
|
|
6
|
+
|
|
7
|
+
Release date: 2026-07-06
|
|
8
|
+
|
|
9
|
+
Distribution channel: github-public-repo-and-release-planned
|
|
10
|
+
|
|
11
|
+
Release scope: GSE public release metadata and distribution readiness
|
|
12
|
+
|
|
13
|
+
## License
|
|
14
|
+
|
|
15
|
+
License status: selected
|
|
16
|
+
|
|
17
|
+
SPDX identifier: MIT
|
|
18
|
+
|
|
19
|
+
License file: LICENSE
|
|
20
|
+
|
|
21
|
+
Approved by: owner-confirmed-in-current-codex-thread
|
|
22
|
+
|
|
23
|
+
Decision date: 2026-07-07
|
|
24
|
+
|
|
25
|
+
Notes: Owner-selected license decision recorded.
|
|
26
|
+
|
|
27
|
+
## Artifacts
|
|
28
|
+
|
|
29
|
+
Package or source path: <install-skill-dir>
|
|
30
|
+
|
|
31
|
+
Changelog path: CHANGELOG.md
|
|
32
|
+
|
|
33
|
+
Install/update instructions: references/packaging.md
|
|
34
|
+
|
|
35
|
+
Integrity or signing record: references/release-trust.md
|
|
36
|
+
|
|
37
|
+
Marketplace/catalog record: references/marketplace-discovery.md
|
|
38
|
+
|
|
39
|
+
## Verification
|
|
40
|
+
|
|
41
|
+
Validation command: node scripts/validate-gse.mjs --root <skill> --json
|
|
42
|
+
|
|
43
|
+
Validation result: pending current run
|
|
44
|
+
|
|
45
|
+
Focused smoke: scripts/audit-public-release-metadata.mjs
|
|
46
|
+
|
|
47
|
+
Acceptance evidence: Owner license decision accepted; public release still requires remaining public and host evidence.
|
|
48
|
+
|
|
49
|
+
## Risks
|
|
50
|
+
|
|
51
|
+
Known unsupported claims: public marketplace approval, public registry publication, legal suitability, and host-native slash-command runtime support are not implied by this record.
|
|
52
|
+
|
|
53
|
+
Known compatibility limits: host behavior must be verified per host runtime.
|
|
54
|
+
|
|
55
|
+
Rollback or unpublish path: remove public listing/package and publish corrected release record.
|
|
56
|
+
|
|
57
|
+
## Acceptance
|
|
58
|
+
|
|
59
|
+
Evidence status: accepted
|
|
60
|
+
|
|
61
|
+
Accepted by: owner-confirmed-in-current-codex-thread
|
|
62
|
+
|
|
63
|
+
Accepted at: 2026-07-07
|
|
64
|
+
|
|
65
|
+
Next action: Run release validation and preserve acceptance evidence.
|
|
@@ -1,45 +1,45 @@
|
|
|
1
|
-
# Public Security Contact Record
|
|
2
|
-
|
|
3
|
-
Contact status: accepted
|
|
4
|
-
|
|
5
|
-
Contact type: url
|
|
6
|
-
|
|
7
|
-
Contact value: https://github.com/275005746/gse/blob/main/SECURITY.md
|
|
8
|
-
|
|
9
|
-
Policy path: `SECURITY.md`
|
|
10
|
-
|
|
11
|
-
Evidence owner: 275005746
|
|
12
|
-
|
|
13
|
-
Evidence date: 2026-07-07
|
|
14
|
-
|
|
15
|
-
Evidence URL or run id: https://github.com/275005746/gse/blob/main/SECURITY.md
|
|
16
|
-
|
|
17
|
-
## Public Disclosure Policy
|
|
18
|
-
|
|
19
|
-
- Is this contact public? true
|
|
20
|
-
- Security policy updated? true
|
|
21
|
-
- Private fallback channel: owner private coordination channel
|
|
22
|
-
- Response expectation: pending owner policy
|
|
23
|
-
- Embargo or disclosure notes: Do not publish exploit details until the public contact is owner-accepted.
|
|
24
|
-
|
|
25
|
-
## Verification
|
|
26
|
-
|
|
27
|
-
Verification command: node scripts/audit-open-source-readiness.mjs --root . --json
|
|
28
|
-
|
|
29
|
-
Verification result: pending
|
|
30
|
-
|
|
31
|
-
## Acceptance
|
|
32
|
-
|
|
33
|
-
Evidence status: accepted
|
|
34
|
-
|
|
35
|
-
Accepted by: 275005746
|
|
36
|
-
|
|
37
|
-
Accepted at: 2026-07-07
|
|
38
|
-
|
|
39
|
-
## Residual Risk
|
|
40
|
-
|
|
41
|
-
- Public security contact is not accepted until owner evidence is attached.
|
|
42
|
-
|
|
43
|
-
## Next Action
|
|
44
|
-
|
|
45
|
-
- Attach owner-approved public security contact evidence and re-run final readiness.
|
|
1
|
+
# Public Security Contact Record
|
|
2
|
+
|
|
3
|
+
Contact status: accepted
|
|
4
|
+
|
|
5
|
+
Contact type: url
|
|
6
|
+
|
|
7
|
+
Contact value: https://github.com/275005746/gse/blob/main/SECURITY.md
|
|
8
|
+
|
|
9
|
+
Policy path: `SECURITY.md`
|
|
10
|
+
|
|
11
|
+
Evidence owner: 275005746
|
|
12
|
+
|
|
13
|
+
Evidence date: 2026-07-07
|
|
14
|
+
|
|
15
|
+
Evidence URL or run id: https://github.com/275005746/gse/blob/main/SECURITY.md
|
|
16
|
+
|
|
17
|
+
## Public Disclosure Policy
|
|
18
|
+
|
|
19
|
+
- Is this contact public? true
|
|
20
|
+
- Security policy updated? true
|
|
21
|
+
- Private fallback channel: owner private coordination channel
|
|
22
|
+
- Response expectation: pending owner policy
|
|
23
|
+
- Embargo or disclosure notes: Do not publish exploit details until the public contact is owner-accepted.
|
|
24
|
+
|
|
25
|
+
## Verification
|
|
26
|
+
|
|
27
|
+
Verification command: node scripts/audit-open-source-readiness.mjs --root . --json
|
|
28
|
+
|
|
29
|
+
Verification result: pending
|
|
30
|
+
|
|
31
|
+
## Acceptance
|
|
32
|
+
|
|
33
|
+
Evidence status: accepted
|
|
34
|
+
|
|
35
|
+
Accepted by: 275005746
|
|
36
|
+
|
|
37
|
+
Accepted at: 2026-07-07
|
|
38
|
+
|
|
39
|
+
## Residual Risk
|
|
40
|
+
|
|
41
|
+
- Public security contact is not accepted until owner evidence is attached.
|
|
42
|
+
|
|
43
|
+
## Next Action
|
|
44
|
+
|
|
45
|
+
- Attach owner-approved public security contact evidence and re-run final readiness.
|
package/.gse/state.json
CHANGED
|
@@ -1,27 +1,147 @@
|
|
|
1
|
-
{
|
|
2
|
-
"schemaVersion": 1,
|
|
3
|
-
"projectName": "gse",
|
|
4
|
-
"mode": "enterprise",
|
|
5
|
-
"canonicalPlan": ".gse/gse-design-master-plan.md",
|
|
6
|
-
"phase": "
|
|
7
|
-
"
|
|
8
|
-
"
|
|
9
|
-
"
|
|
10
|
-
"
|
|
11
|
-
"
|
|
12
|
-
|
|
13
|
-
|
|
14
|
-
|
|
15
|
-
|
|
16
|
-
"
|
|
17
|
-
"
|
|
18
|
-
"
|
|
19
|
-
|
|
20
|
-
|
|
21
|
-
"
|
|
22
|
-
"
|
|
23
|
-
"
|
|
24
|
-
"
|
|
25
|
-
"
|
|
26
|
-
|
|
27
|
-
}
|
|
1
|
+
{
|
|
2
|
+
"schemaVersion": 1,
|
|
3
|
+
"projectName": "gse",
|
|
4
|
+
"mode": "enterprise",
|
|
5
|
+
"canonicalPlan": ".gse/gse-design-master-plan.md",
|
|
6
|
+
"phase": "final-form",
|
|
7
|
+
"currentSummary": {
|
|
8
|
+
"status": "release-metadata-0.1.2-verified",
|
|
9
|
+
"localEngineeringReadiness": 100,
|
|
10
|
+
"fullFinalFormReadiness": 100,
|
|
11
|
+
"publicAccepted": "verified",
|
|
12
|
+
"pendingExternalGate": null,
|
|
13
|
+
"currentPlan": "Commit and publish GSE 0.1.2 from verified release metadata."
|
|
14
|
+
},
|
|
15
|
+
"currentSlice": {
|
|
16
|
+
"id": "GSE-147-release-metadata-0.1.2",
|
|
17
|
+
"outcome": "Publish GSE 0.1.2 with npm install guidance and public GitHub repository metadata aligned.",
|
|
18
|
+
"status": "verified",
|
|
19
|
+
"nextAction": "Commit the verified `0.1.2` release metadata slice, then run `npm publish`, create `v0.1.2`, and push the branch/tag from that committed state."
|
|
20
|
+
},
|
|
21
|
+
"toolStatuses": {
|
|
22
|
+
"browser": "unknown",
|
|
23
|
+
"lsp": "unknown",
|
|
24
|
+
"mcp": "unknown",
|
|
25
|
+
"subagents": "unknown",
|
|
26
|
+
"ci": "documented"
|
|
27
|
+
},
|
|
28
|
+
"lastEvidence": ".gse/evidence/2026-07-10.md",
|
|
29
|
+
"blockedGates": [],
|
|
30
|
+
"nextChecks": [
|
|
31
|
+
"node scripts/run-gse-command.mjs --root . --target . --command \"/gse doctor\" --json",
|
|
32
|
+
"node scripts/audit-public-acceptance-readiness.mjs --root . --json",
|
|
33
|
+
"cmd /c npm view @t275005746/gse version --json",
|
|
34
|
+
"cmd /c npm publish --access public",
|
|
35
|
+
"cmd /c npm view @t275005746/gse version dist-tags --json",
|
|
36
|
+
"git tag v0.1.2",
|
|
37
|
+
"git push origin codex/gse-final-form-roadmap",
|
|
38
|
+
"git push origin v0.1.2"
|
|
39
|
+
],
|
|
40
|
+
"residualRisks": [
|
|
41
|
+
"Process skills provide workflow discipline and portable artifacts; they do not prove host-native slash-command, subagent, browser, MCP, LSP, CI, or host UI support.",
|
|
42
|
+
"Native slash-command support remains an optional per-host adapter claim and is not claimed without a real host invocation record.",
|
|
43
|
+
"Browser, MCP, LSP, and subagent statuses remain unknown until project/session evidence is recorded."
|
|
44
|
+
],
|
|
45
|
+
"riskArchive": [
|
|
46
|
+
{
|
|
47
|
+
"archivedAt": "2026-07-10",
|
|
48
|
+
"risk": "0.1.1 is already published and immutable; release metadata changes must publish a new semver version.",
|
|
49
|
+
"resolution": "GSE-147 uses 0.1.2 as the publish target."
|
|
50
|
+
},
|
|
51
|
+
{
|
|
52
|
+
"archivedAt": "2026-07-10",
|
|
53
|
+
"risk": "Session sync records prove notification attempts and honest outcomes, not that another running session adopted the capability immediately.",
|
|
54
|
+
"resolution": "GSE-146 surfaces compactState.sessionSyncBoundary and CP21 so adoption is false unless an explicit adoption record exists."
|
|
55
|
+
},
|
|
56
|
+
{
|
|
57
|
+
"archivedAt": "2026-07-08",
|
|
58
|
+
"risk": "The final-form roadmap contract is not itself final-form completion; live claims still come from references/final-readiness.md and audit-final-readiness.mjs.",
|
|
59
|
+
"resolution": "Preserved through /gse continue blockedGates and final-readiness claim boundary."
|
|
60
|
+
},
|
|
61
|
+
{
|
|
62
|
+
"archivedAt": "2026-07-08",
|
|
63
|
+
"risk": "The next implementation slice must reduce long prompt dependence through /gse continue hard preflight, not add more prose-only guidance.",
|
|
64
|
+
"resolution": "Implemented by scripts/generate-continue-packet.mjs and /gse continue routing."
|
|
65
|
+
},
|
|
66
|
+
{
|
|
67
|
+
"archivedAt": "2026-07-08",
|
|
68
|
+
"risk": "Use /gse doctor and audit-public-acceptance-readiness.mjs as the source of truth for pending final-form public gates.",
|
|
69
|
+
"resolution": "Integrated into continue packet ownerExternalGateSummary and blockedGates."
|
|
70
|
+
},
|
|
71
|
+
{
|
|
72
|
+
"archivedAt": "2026-07-08",
|
|
73
|
+
"risk": "The final-form plan could be interpreted as only the remaining owner/external release gates.",
|
|
74
|
+
"resolution": "references/final-form-roadmap.md now contains Wave 1-5 execution plan and current gap list for local engineering and external evidence."
|
|
75
|
+
},
|
|
76
|
+
{
|
|
77
|
+
"archivedAt": "2026-07-08",
|
|
78
|
+
"risk": "Project guard automation is the next local engineering gap: repeated real-project lessons must become preflight guard items instead of reminder prose.",
|
|
79
|
+
"resolution": "Implemented as soft project guard preflight through .gse/project-guards.md, audit-project-guards.mjs, scaffold generation, and /gse continue CP11."
|
|
80
|
+
},
|
|
81
|
+
{
|
|
82
|
+
"archivedAt": "2026-07-08",
|
|
83
|
+
"risk": "Evidence level granularity still needs sharper UI/browser/API/CI labels.",
|
|
84
|
+
"resolution": "Implemented through evidenceLevel and requiredEvidenceLevel taxonomy, audit-evidence-levels.mjs, /gse continue CP12, and close gate CG09."
|
|
85
|
+
},
|
|
86
|
+
{
|
|
87
|
+
"archivedAt": "2026-07-08",
|
|
88
|
+
"risk": "Role and dispatch fallback packets need stronger default output and no-fake-dispatch checks.",
|
|
89
|
+
"resolution": "Implemented through role-dispatch-fallback.md, role-fallback-packet.md, .gse/agents/role-fallback-packets.md, audit-role-dispatch-fallback.mjs, and /gse continue CP13."
|
|
90
|
+
},
|
|
91
|
+
{
|
|
92
|
+
"archivedAt": "2026-07-08",
|
|
93
|
+
"risk": "Downgraded evidence is now visible before continue/close, but each project decides whether a downgrade blocks close.",
|
|
94
|
+
"resolution": "Preserved through evidenceLevel and requiredEvidenceLevel warnings."
|
|
95
|
+
},
|
|
96
|
+
{
|
|
97
|
+
"archivedAt": "2026-07-08",
|
|
98
|
+
"risk": "Use /gse doctor and audit-public-acceptance-readiness.mjs as the source of truth for current final-form external gates.",
|
|
99
|
+
"resolution": "Preserved as the public/external acceptance route while state repair handles local state/evidence drift."
|
|
100
|
+
},
|
|
101
|
+
{
|
|
102
|
+
"archivedAt": "2026-07-08",
|
|
103
|
+
"risk": "State/evidence repair is intentionally conservative: invalid JSON/JSONL is reported with concrete actions, not guessed or overwritten.",
|
|
104
|
+
"resolution": "GSE-115 implemented /gse repair and CP14; the remaining risk is now bounded as a deliberate repair policy."
|
|
105
|
+
},
|
|
106
|
+
{
|
|
107
|
+
"archivedAt": "2026-07-08",
|
|
108
|
+
"risk": "Automatic /gse repair writes are limited to reversible residual-risk compaction with .gse/backups; stale next-action drift remains a deliberate update.",
|
|
109
|
+
"resolution": "GSE-115 verified execute-gated residual-risk compaction and kept stale next-action repair deliberate."
|
|
110
|
+
},
|
|
111
|
+
{
|
|
112
|
+
"archivedAt": "2026-07-08",
|
|
113
|
+
"risk": "Learning promotion writes candidate-only .gse/learning-promotions.md output; guards, gates, templates, scripts, and skill updates still require deliberate follow-up changes.",
|
|
114
|
+
"resolution": "GSE-116 implemented candidate-only learning promotion; deliberate follow-up remains as normal slice work rather than an active blocker."
|
|
115
|
+
},
|
|
116
|
+
{
|
|
117
|
+
"archivedAt": "2026-07-08",
|
|
118
|
+
"risk": "Classification is deterministic and project-generic, not a human semantic review.",
|
|
119
|
+
"resolution": "GSE-116 bounded classification as routing evidence and preserved human review for actual guard/gate/script mutations."
|
|
120
|
+
},
|
|
121
|
+
{
|
|
122
|
+
"archivedAt": "2026-07-09",
|
|
123
|
+
"risk": "Role fallback packets prove auditable sequential role boundaries, not real subagent execution.",
|
|
124
|
+
"resolution": "Preserved by role fallback packets, no-fake-dispatch close gate, and host capability records; no longer needs default active risk display."
|
|
125
|
+
},
|
|
126
|
+
{
|
|
127
|
+
"archivedAt": "2026-07-09",
|
|
128
|
+
"risk": "AION and MuseFlow drill warnings are project-local readiness signals; GSE behavior must stay project-generic and must not mutate target projects during read-only drills.",
|
|
129
|
+
"resolution": "Preserved by target hardening drill limits and maintenance cadence; no longer needs default active risk display."
|
|
130
|
+
},
|
|
131
|
+
{
|
|
132
|
+
"archivedAt": "2026-07-09",
|
|
133
|
+
"risk": "Installed sync evidence proves local source/package/installed-copy parity only at the time of the audit; it does not publish a package or prove host-native slash-command support.",
|
|
134
|
+
"resolution": "Archived by GSE state repair to keep active residual risks compact."
|
|
135
|
+
},
|
|
136
|
+
{
|
|
137
|
+
"archivedAt": "2026-07-09",
|
|
138
|
+
"risk": "UI/browser evidence policy proves evidence labeling and downgrade surfacing only; target-project visible UI claims still need real browser or screenshot-backed proof.",
|
|
139
|
+
"resolution": "Archived by GSE state repair to keep active residual risks compact."
|
|
140
|
+
},
|
|
141
|
+
{
|
|
142
|
+
"archivedAt": "2026-07-09",
|
|
143
|
+
"risk": "Maintenance snapshots are point-in-time freshness evidence; future capability edits must regenerate the snapshot, release bundle, and installed copy.",
|
|
144
|
+
"resolution": "Archived by GSE state repair to keep active residual risks compact."
|
|
145
|
+
}
|
|
146
|
+
]
|
|
147
|
+
}
|
package/CHANGELOG.md
CHANGED
|
@@ -1,24 +1,40 @@
|
|
|
1
|
-
# Changelog
|
|
2
|
-
|
|
3
|
-
All notable GSE changes should be recorded here before a public package, catalog entry, or release handoff is marked ready.
|
|
4
|
-
|
|
1
|
+
# Changelog
|
|
2
|
+
|
|
3
|
+
All notable GSE changes should be recorded here before a public package, catalog entry, or release handoff is marked ready.
|
|
4
|
+
|
|
5
5
|
## Unreleased
|
|
6
6
|
|
|
7
|
+
## 0.1.2 - 2026-07-10
|
|
8
|
+
|
|
7
9
|
### Added
|
|
8
10
|
|
|
9
|
-
-
|
|
10
|
-
-
|
|
11
|
-
- Portable `/gse` command semantics plus a host-neutral command runner.
|
|
12
|
-
- Local package/install, URL install with manifest integrity, Ed25519 signing, verification, and signed install audits.
|
|
13
|
-
- Release trust, marketplace discovery metadata, host invocation evidence records, and public-release metadata guidance.
|
|
11
|
+
- Public npm/GitHub install metadata for `@t275005746/gse`.
|
|
12
|
+
- README and README.zh-CN npm install quick path.
|
|
14
13
|
|
|
15
14
|
### Verified
|
|
16
15
|
|
|
17
|
-
-
|
|
18
|
-
-
|
|
16
|
+
- Public GitHub repository visibility and npm registry status are checked during release close.
|
|
17
|
+
- `/gse continue` exposes session-sync adoption boundaries so installed-copy sync is not mistaken for target-session adoption.
|
|
19
18
|
|
|
20
|
-
###
|
|
19
|
+
### Boundary
|
|
21
20
|
|
|
22
|
-
-
|
|
23
|
-
|
|
24
|
-
|
|
21
|
+
- Native host slash-command support remains optional per host adapter and is not claimed without host invocation evidence.
|
|
22
|
+
|
|
23
|
+
### Added
|
|
24
|
+
|
|
25
|
+
- Project bootstrap modes for Lite, Standard, and Enterprise `.gse/` scaffolds.
|
|
26
|
+
- Native Goal-Spec-Evidence operating model with change packs, execution-quality packs, evidence taxonomy, close gates, and target project audits.
|
|
27
|
+
- Portable `/gse` command semantics plus a host-neutral command runner.
|
|
28
|
+
- Local package/install, URL install with manifest integrity, Ed25519 signing, verification, and signed install audits.
|
|
29
|
+
- Release trust, marketplace discovery metadata, host invocation evidence records, and public-release metadata guidance.
|
|
30
|
+
|
|
31
|
+
### Verified
|
|
32
|
+
|
|
33
|
+
- `validate-gse.mjs` consolidates structural, project bootstrap, adoption, host adapter, compatibility, release, distribution, signing, command, target validation, and lifecycle audits.
|
|
34
|
+
- AION and MuseFlow were used as real long-running target-project validation fixtures for GSE adoption checks.
|
|
35
|
+
|
|
36
|
+
### Not Yet Accepted
|
|
37
|
+
|
|
38
|
+
- Public registry publication and marketplace approval are not verified.
|
|
39
|
+
- Host-native slash-command execution is not verified except where a host-specific record explicitly says so.
|
|
40
|
+
- Open-source license selection remains an owner decision and must be recorded before a public release is accepted.
|
package/CONTRIBUTING.md
CHANGED
|
@@ -1,64 +1,64 @@
|
|
|
1
|
-
# Contributing to GSE
|
|
2
|
-
|
|
3
|
-
Thanks for helping improve GSE.
|
|
4
|
-
|
|
5
|
-
GSE is a workflow skill and project scaffold for agent-assisted software engineering. Contributions should make long-running project work more explicit, verifiable, portable, or easier to recover.
|
|
6
|
-
|
|
7
|
-
## What To Contribute
|
|
8
|
-
|
|
9
|
-
Good contributions usually fit one of these paths:
|
|
10
|
-
|
|
11
|
-
- Improve the Goal -> Spec -> Execute -> Evidence -> Learn workflow.
|
|
12
|
-
- Add or tighten an audit script.
|
|
13
|
-
- Improve project scaffold templates.
|
|
14
|
-
- Clarify host adapter boundaries.
|
|
15
|
-
- Add examples that prove a workflow in a small, reproducible project.
|
|
16
|
-
- Fix documentation that overstates support or leaves future agents guessing.
|
|
17
|
-
|
|
18
|
-
Avoid changes that make optional tools mandatory unless there is a clear fallback path.
|
|
19
|
-
|
|
20
|
-
## Development Rules
|
|
21
|
-
|
|
22
|
-
- Keep `SKILL.md` short and route details into `references/`.
|
|
23
|
-
- Prefer scripts and templates over repeated prose when behavior must be repeatable.
|
|
24
|
-
- Do not claim support for a host, marketplace, model, MCP server, subagent, or slash command unless there is evidence.
|
|
25
|
-
- Keep evidence statuses honest: `result`, `verified`, or `accepted`.
|
|
26
|
-
- Do not choose a public license on behalf of the owner. Use `references/public-release.md` and `scripts/record-public-release.mjs`.
|
|
27
|
-
|
|
28
|
-
## Validation
|
|
29
|
-
|
|
30
|
-
Before proposing a change, run:
|
|
31
|
-
|
|
32
|
-
```text
|
|
33
|
-
node scripts/validate-gse.mjs --root <gse-root> --json
|
|
34
|
-
```
|
|
35
|
-
|
|
36
|
-
For packaging or install behavior, also run:
|
|
37
|
-
|
|
38
|
-
```text
|
|
39
|
-
node scripts/audit-distribution.mjs --root <gse-root> --json
|
|
40
|
-
node scripts/audit-remote-distribution.mjs --root <gse-root> --json
|
|
41
|
-
```
|
|
42
|
-
|
|
43
|
-
For public release handoff, also run:
|
|
44
|
-
|
|
45
|
-
```text
|
|
46
|
-
node scripts/audit-release-bundle.mjs --root <gse-root> --json
|
|
47
|
-
node scripts/audit-public-release-metadata.mjs --root <gse-root> --json
|
|
48
|
-
```
|
|
49
|
-
|
|
50
|
-
## Evidence
|
|
51
|
-
|
|
52
|
-
Record meaningful changes in `.gse/evidence/YYYY-MM-DD.md` and append a compact record to `.gse/evidence/index.jsonl`.
|
|
53
|
-
|
|
54
|
-
Do not paste secrets, raw provider payloads, private reasoning, long command logs, screenshots, or noisy transient output into evidence files.
|
|
55
|
-
|
|
56
|
-
## Review
|
|
57
|
-
|
|
58
|
-
Review should check:
|
|
59
|
-
|
|
60
|
-
- The change maps to `.gse/goal-map.md` or the design master plan.
|
|
61
|
-
- Scope did not expand silently.
|
|
62
|
-
- Validation covers the changed behavior.
|
|
63
|
-
- Unsupported claims remain explicit.
|
|
64
|
-
- Installed-copy validation still passes when package behavior changes.
|
|
1
|
+
# Contributing to GSE
|
|
2
|
+
|
|
3
|
+
Thanks for helping improve GSE.
|
|
4
|
+
|
|
5
|
+
GSE is a workflow skill and project scaffold for agent-assisted software engineering. Contributions should make long-running project work more explicit, verifiable, portable, or easier to recover.
|
|
6
|
+
|
|
7
|
+
## What To Contribute
|
|
8
|
+
|
|
9
|
+
Good contributions usually fit one of these paths:
|
|
10
|
+
|
|
11
|
+
- Improve the Goal -> Spec -> Execute -> Evidence -> Learn workflow.
|
|
12
|
+
- Add or tighten an audit script.
|
|
13
|
+
- Improve project scaffold templates.
|
|
14
|
+
- Clarify host adapter boundaries.
|
|
15
|
+
- Add examples that prove a workflow in a small, reproducible project.
|
|
16
|
+
- Fix documentation that overstates support or leaves future agents guessing.
|
|
17
|
+
|
|
18
|
+
Avoid changes that make optional tools mandatory unless there is a clear fallback path.
|
|
19
|
+
|
|
20
|
+
## Development Rules
|
|
21
|
+
|
|
22
|
+
- Keep `SKILL.md` short and route details into `references/`.
|
|
23
|
+
- Prefer scripts and templates over repeated prose when behavior must be repeatable.
|
|
24
|
+
- Do not claim support for a host, marketplace, model, MCP server, subagent, or slash command unless there is evidence.
|
|
25
|
+
- Keep evidence statuses honest: `result`, `verified`, or `accepted`.
|
|
26
|
+
- Do not choose a public license on behalf of the owner. Use `references/public-release.md` and `scripts/record-public-release.mjs`.
|
|
27
|
+
|
|
28
|
+
## Validation
|
|
29
|
+
|
|
30
|
+
Before proposing a change, run:
|
|
31
|
+
|
|
32
|
+
```text
|
|
33
|
+
node scripts/validate-gse.mjs --root <gse-root> --json
|
|
34
|
+
```
|
|
35
|
+
|
|
36
|
+
For packaging or install behavior, also run:
|
|
37
|
+
|
|
38
|
+
```text
|
|
39
|
+
node scripts/audit-distribution.mjs --root <gse-root> --json
|
|
40
|
+
node scripts/audit-remote-distribution.mjs --root <gse-root> --json
|
|
41
|
+
```
|
|
42
|
+
|
|
43
|
+
For public release handoff, also run:
|
|
44
|
+
|
|
45
|
+
```text
|
|
46
|
+
node scripts/audit-release-bundle.mjs --root <gse-root> --json
|
|
47
|
+
node scripts/audit-public-release-metadata.mjs --root <gse-root> --json
|
|
48
|
+
```
|
|
49
|
+
|
|
50
|
+
## Evidence
|
|
51
|
+
|
|
52
|
+
Record meaningful changes in `.gse/evidence/YYYY-MM-DD.md` and append a compact record to `.gse/evidence/index.jsonl`.
|
|
53
|
+
|
|
54
|
+
Do not paste secrets, raw provider payloads, private reasoning, long command logs, screenshots, or noisy transient output into evidence files.
|
|
55
|
+
|
|
56
|
+
## Review
|
|
57
|
+
|
|
58
|
+
Review should check:
|
|
59
|
+
|
|
60
|
+
- The change maps to `.gse/goal-map.md` or the design master plan.
|
|
61
|
+
- Scope did not expand silently.
|
|
62
|
+
- Validation covers the changed behavior.
|
|
63
|
+
- Unsupported claims remain explicit.
|
|
64
|
+
- Installed-copy validation still passes when package behavior changes.
|
package/LICENSE
CHANGED
|
@@ -1,21 +1,21 @@
|
|
|
1
|
-
MIT License
|
|
2
|
-
|
|
3
|
-
Copyright (c) 2026 GSE contributors
|
|
4
|
-
|
|
5
|
-
Permission is hereby granted, free of charge, to any person obtaining a copy
|
|
6
|
-
of this software and associated documentation files (the "Software"), to deal
|
|
7
|
-
in the Software without restriction, including without limitation the rights
|
|
8
|
-
to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
|
|
9
|
-
copies of the Software, and to permit persons to whom the Software is
|
|
10
|
-
furnished to do so, subject to the following conditions:
|
|
11
|
-
|
|
12
|
-
The above copyright notice and this permission notice shall be included in all
|
|
13
|
-
copies or substantial portions of the Software.
|
|
14
|
-
|
|
15
|
-
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
|
|
16
|
-
IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
|
|
17
|
-
FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
|
|
18
|
-
AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
|
|
19
|
-
LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
|
|
20
|
-
OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
|
|
21
|
-
SOFTWARE.
|
|
1
|
+
MIT License
|
|
2
|
+
|
|
3
|
+
Copyright (c) 2026 GSE contributors
|
|
4
|
+
|
|
5
|
+
Permission is hereby granted, free of charge, to any person obtaining a copy
|
|
6
|
+
of this software and associated documentation files (the "Software"), to deal
|
|
7
|
+
in the Software without restriction, including without limitation the rights
|
|
8
|
+
to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
|
|
9
|
+
copies of the Software, and to permit persons to whom the Software is
|
|
10
|
+
furnished to do so, subject to the following conditions:
|
|
11
|
+
|
|
12
|
+
The above copyright notice and this permission notice shall be included in all
|
|
13
|
+
copies or substantial portions of the Software.
|
|
14
|
+
|
|
15
|
+
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
|
|
16
|
+
IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
|
|
17
|
+
FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
|
|
18
|
+
AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
|
|
19
|
+
LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
|
|
20
|
+
OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
|
|
21
|
+
SOFTWARE.
|