@t275005746/gse 0.1.0 → 0.1.2
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/.github/ISSUE_TEMPLATE/bug_report.yml +42 -42
- package/.github/ISSUE_TEMPLATE/change_request.yml +50 -50
- package/.github/ISSUE_TEMPLATE/config.yml +5 -5
- package/.github/PULL_REQUEST_TEMPLATE.md +38 -38
- package/.github/workflows/validate-gse.yml +33 -33
- package/.gse/README.md +18 -18
- package/.gse/gse-development-protocol.md +50 -50
- package/.gse/project-profile.md +29 -29
- package/.gse/quality-gates.md +25 -25
- package/.gse/releases/public-registry-publication-npm.md +49 -0
- package/.gse/releases/public-release-owner-required.md +65 -65
- package/.gse/releases/public-security-contact-owner-required.md +45 -45
- package/.gse/state.json +147 -27
- package/CHANGELOG.md +31 -15
- package/CONTRIBUTING.md +64 -64
- package/LICENSE +21 -21
- package/README.md +14 -7
- package/README.zh-CN.md +14 -7
- package/SECURITY.md +41 -41
- package/SKILL.md +32 -12
- package/SUPPORT.md +38 -38
- package/assets/marketplace/README.md +7 -7
- package/assets/marketplace/gse-listing.json +75 -75
- package/assets/templates/acceptance-execution-packet.md +73 -73
- package/assets/templates/adr.md +14 -14
- package/assets/templates/change-brief.md +16 -16
- package/assets/templates/design.md +18 -18
- package/assets/templates/dispatch-packet.md +100 -92
- package/assets/templates/evidence.md +15 -9
- package/assets/templates/execution-quality-pack.md +65 -65
- package/assets/templates/goal-map.md +21 -21
- package/assets/templates/host-adapter.md +48 -48
- package/assets/templates/host-ui-invocation-record.md +42 -42
- package/assets/templates/incident-review.md +60 -60
- package/assets/templates/public-channel-publication-record.md +49 -49
- package/assets/templates/public-ci-run-record.md +53 -53
- package/assets/templates/public-release-record.md +65 -65
- package/assets/templates/public-repository-settings-record.md +59 -59
- package/assets/templates/public-security-contact-record.md +45 -45
- package/assets/templates/release-trust-record.md +32 -32
- package/assets/templates/review.md +18 -18
- package/assets/templates/role-fallback-packet.md +49 -0
- package/assets/templates/spec.md +16 -16
- package/assets/templates/target-adoption-evidence.md +29 -29
- package/assets/templates/tasks.md +17 -17
- package/assets/templates/update-release-acceptance-record.md +58 -58
- package/examples/README.md +22 -22
- package/examples/agent-runtime-host/.claude/gse-adapter.md +6 -6
- package/examples/agent-runtime-host/.codex/gse-adapter.md +7 -7
- package/examples/agent-runtime-host/.gse/goal-map.md +7 -7
- package/examples/agent-runtime-host/.gse/project-profile.md +27 -27
- package/examples/agent-runtime-host/.gse/tooling.md +5 -5
- package/examples/agent-runtime-host/.mcp.json +9 -9
- package/examples/agent-runtime-host/AGENTS.md +5 -5
- package/examples/agent-runtime-host/README.md +10 -10
- package/examples/agent-runtime-host/docs/model-routing.md +5 -5
- package/examples/cli-tool/.gse/project-profile.md +21 -21
- package/examples/cli-tool/AGENTS.md +5 -5
- package/examples/cli-tool/README.md +12 -12
- package/examples/cli-tool/package.json +21 -21
- package/examples/small-app/.env.example +2 -2
- package/examples/small-app/.github/workflows/ci.yml +8 -8
- package/examples/small-app/AGENTS.md +5 -5
- package/examples/small-app/README.md +12 -12
- package/examples/small-app/package.json +26 -26
- package/examples/small-app/playwright.config.ts +4 -4
- package/package.json +52 -44
- package/references/adoption-recipes.md +171 -171
- package/references/agent-roles.md +42 -21
- package/references/architecture-health.md +101 -101
- package/references/benchmark-audit.md +73 -73
- package/references/commands.md +74 -45
- package/references/community-channels.md +46 -46
- package/references/compatibility.md +70 -70
- package/references/design-basis.md +38 -38
- package/references/domain-model.md +129 -129
- package/references/domain-quality-gates.md +75 -75
- package/references/drift-audit.md +81 -80
- package/references/evidence-taxonomy.md +145 -108
- package/references/file-ownership.md +97 -93
- package/references/final-form-roadmap.md +201 -0
- package/references/final-readiness.md +84 -84
- package/references/forward-test.md +133 -133
- package/references/goal-map.md +36 -36
- package/references/host-adapters.md +129 -101
- package/references/learning-system.md +42 -26
- package/references/maintenance-cadence.md +51 -0
- package/references/marketplace-discovery.md +46 -46
- package/references/model-routing.md +103 -103
- package/references/open-source-defaults.md +39 -39
- package/references/operating-model.md +52 -52
- package/references/packaging.md +277 -277
- package/references/project-agent-workspace.md +89 -89
- package/references/project-bootstrap.md +122 -122
- package/references/project-guards.md +52 -0
- package/references/project-profile.md +57 -57
- package/references/public-release.md +174 -174
- package/references/quality-gates.md +96 -89
- package/references/recovery.md +176 -176
- package/references/release-trust.md +43 -43
- package/references/release.md +126 -126
- package/references/review.md +141 -141
- package/references/role-dispatch-fallback.md +54 -0
- package/references/router.md +90 -90
- package/references/spec-workflow.md +66 -66
- package/references/task-levels.md +81 -81
- package/references/tool-adapters.md +80 -70
- package/scripts/audit-acceptance-execution-packet.mjs +133 -133
- package/scripts/audit-adoption-recipes.mjs +99 -99
- package/scripts/audit-change-lifecycle.mjs +77 -77
- package/scripts/audit-change-system.mjs +134 -134
- package/scripts/audit-ci-readiness.mjs +107 -107
- package/scripts/audit-close-gate-hardening.mjs +188 -0
- package/scripts/audit-close-gate.mjs +448 -262
- package/scripts/audit-command-adapters.mjs +91 -91
- package/scripts/audit-command-execution.mjs +212 -199
- package/scripts/audit-commands.mjs +7 -5
- package/scripts/audit-compatibility.mjs +149 -149
- package/scripts/audit-completion-plan-drill.mjs +230 -0
- package/scripts/audit-completion-readiness.mjs +290 -287
- package/scripts/audit-continue-preflight.mjs +234 -0
- package/scripts/audit-distribution.mjs +251 -251
- package/scripts/audit-domain-quality-gates.mjs +108 -108
- package/scripts/audit-evidence-levels.mjs +217 -0
- package/scripts/audit-evidence-placeholders.mjs +126 -126
- package/scripts/audit-evidence-review-queue.mjs +206 -0
- package/scripts/audit-final-acceptance-packet.mjs +9 -9
- package/scripts/audit-final-form-progress-report.mjs +19 -18
- package/scripts/audit-final-form-roadmap.mjs +157 -0
- package/scripts/audit-final-form-stale-copy.mjs +2 -2
- package/scripts/audit-final-readiness-promotion.mjs +255 -255
- package/scripts/audit-final-readiness.mjs +226 -226
- package/scripts/audit-fixtures.mjs +154 -154
- package/scripts/audit-fresh-session-readiness.mjs +177 -177
- package/scripts/audit-host-capabilities.mjs +237 -0
- package/scripts/audit-host-runtime-evidence-handoff.mjs +159 -159
- package/scripts/audit-host-runtime-invocation-drill.mjs +240 -240
- package/scripts/audit-host-runtime-invocations.mjs +254 -254
- package/scripts/audit-host-ui-invocation.mjs +132 -132
- package/scripts/audit-installed-sync.mjs +203 -0
- package/scripts/audit-learning-drift.mjs +292 -0
- package/scripts/audit-learning-promotion.mjs +351 -0
- package/scripts/audit-learning-system.mjs +24 -14
- package/scripts/audit-local-final-form-completion.mjs +11 -10
- package/scripts/audit-maintenance-cadence.mjs +139 -0
- package/scripts/audit-maintenance-snapshot.mjs +181 -0
- package/scripts/audit-marketplace-discovery.mjs +122 -122
- package/scripts/audit-npm-package-metadata.mjs +160 -154
- package/scripts/audit-npm-publish-dry-run.mjs +194 -166
- package/scripts/audit-npm-tarball-install.mjs +195 -189
- package/scripts/audit-open-source-defaults.mjs +92 -92
- package/scripts/audit-open-source-readiness.mjs +97 -97
- package/scripts/audit-owner-external-gate-kit.mjs +12 -11
- package/scripts/audit-project-guards.mjs +189 -0
- package/scripts/audit-project.mjs +144 -141
- package/scripts/audit-public-acceptance-command-dry-run-drill.mjs +203 -203
- package/scripts/audit-public-acceptance-handoff.mjs +10 -10
- package/scripts/audit-public-acceptance-readiness.mjs +222 -222
- package/scripts/audit-public-channel-publication.mjs +248 -248
- package/scripts/audit-public-ci-run.mjs +184 -184
- package/scripts/audit-public-collaboration-templates.mjs +98 -98
- package/scripts/audit-public-external-gate-probe.mjs +206 -206
- package/scripts/audit-public-release-checklist.mjs +17 -15
- package/scripts/audit-public-release-decision.mjs +201 -201
- package/scripts/audit-public-release-metadata.mjs +176 -176
- package/scripts/audit-public-repository-settings.mjs +237 -237
- package/scripts/audit-public-security-contact.mjs +171 -171
- package/scripts/audit-readme-docs.mjs +6 -4
- package/scripts/audit-recovery-readiness.mjs +98 -98
- package/scripts/audit-release-bundle.mjs +13 -11
- package/scripts/audit-release-owner-action-plan-drill.mjs +5 -4
- package/scripts/audit-release-owner-action-plan.mjs +10 -10
- package/scripts/audit-release-readiness.mjs +106 -106
- package/scripts/audit-release-status-manifest.mjs +4 -4
- package/scripts/audit-release-trust.mjs +62 -62
- package/scripts/audit-remote-distribution.mjs +266 -266
- package/scripts/audit-roadmap-consistency.mjs +234 -230
- package/scripts/audit-role-dispatch-fallback.mjs +212 -0
- package/scripts/audit-session-sync.mjs +127 -0
- package/scripts/audit-signing.mjs +147 -147
- package/scripts/audit-state-freshness.mjs +20 -14
- package/scripts/audit-state-repair.mjs +360 -0
- package/scripts/audit-target-adoption-evidence.mjs +117 -117
- package/scripts/audit-target-hardening-drills.mjs +267 -0
- package/scripts/audit-target-project.mjs +507 -507
- package/scripts/audit-tool-fallback-policy.mjs +180 -0
- package/scripts/audit-ui-browser-evidence-policy.mjs +191 -0
- package/scripts/audit-update-release-acceptance.mjs +136 -136
- package/scripts/audit-v1-target-validation.mjs +269 -269
- package/scripts/audit-validation-profiles.mjs +125 -123
- package/scripts/backfill-evidence-levels.mjs +98 -0
- package/scripts/check-encoding.mjs +72 -0
- package/scripts/close-change.mjs +116 -116
- package/scripts/discover-project-profile.mjs +307 -307
- package/scripts/generate-command-adapter.mjs +231 -231
- package/scripts/generate-continue-packet.mjs +1214 -0
- package/scripts/generate-final-acceptance-packet.mjs +188 -173
- package/scripts/generate-final-form-progress-report.mjs +191 -189
- package/scripts/generate-host-runtime-evidence-handoff.mjs +198 -191
- package/scripts/generate-maintenance-snapshot.mjs +216 -0
- package/scripts/generate-owner-external-gate-kit.mjs +295 -295
- package/scripts/generate-public-acceptance-handoff.mjs +168 -156
- package/scripts/generate-public-release-checklist.mjs +207 -207
- package/scripts/generate-release-bundle.mjs +505 -505
- package/scripts/generate-release-owner-action-plan.mjs +172 -171
- package/scripts/generate-release-status-manifest.mjs +199 -198
- package/scripts/generate-session-prompt.mjs +188 -188
- package/scripts/gse.mjs +67 -67
- package/scripts/init-change.mjs +265 -265
- package/scripts/init-project.mjs +793 -712
- package/scripts/install-gse.mjs +234 -234
- package/scripts/lib/evidence-placeholders.mjs +28 -28
- package/scripts/package-gse.mjs +174 -174
- package/scripts/probe-public-external-gates.mjs +167 -167
- package/scripts/record-host-invocation.mjs +151 -151
- package/scripts/record-learning.mjs +37 -8
- package/scripts/record-public-channel-publication.mjs +178 -178
- package/scripts/record-public-ci-run.mjs +180 -180
- package/scripts/record-public-release.mjs +175 -175
- package/scripts/record-public-repository-settings.mjs +209 -209
- package/scripts/record-public-security-contact.mjs +157 -157
- package/scripts/record-session-sync.mjs +87 -0
- package/scripts/run-gse-command.mjs +79 -47
- package/scripts/run-validation-profile.mjs +24 -5
- package/scripts/sign-gse-package.mjs +83 -83
- package/scripts/update-project-state.mjs +223 -223
- package/scripts/validate-gse.mjs +216 -0
- package/scripts/verify-gse-package.mjs +85 -85
package/README.md
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
# GSE
|
|
2
2
|
|
|
3
|
-
English | [简体中文](README.zh-CN.md)
|
|
3
|
+
English | [简体中文](https://github.com/275005746/gse/blob/main/README.zh-CN.md)
|
|
4
4
|
|
|
5
5
|
Goal-Spec-Evidence Engineering for long-running agent-assisted software projects.
|
|
6
6
|
|
|
@@ -22,12 +22,19 @@ Goal -> Spec -> Execute -> Evidence -> Learn
|
|
|
22
22
|
- Optional adapters for host folders, LSP notes, MCP notes, hooks, plugins, and project skills
|
|
23
23
|
- Release, packaging, public-collaboration, and evidence-gate workflows for mature projects
|
|
24
24
|
|
|
25
|
-
## Installation
|
|
26
|
-
|
|
27
|
-
|
|
28
|
-
|
|
29
|
-
```bash
|
|
30
|
-
|
|
25
|
+
## Installation
|
|
26
|
+
|
|
27
|
+
Install from npm:
|
|
28
|
+
|
|
29
|
+
```bash
|
|
30
|
+
npm install -g @t275005746/gse
|
|
31
|
+
gse status --target .
|
|
32
|
+
```
|
|
33
|
+
|
|
34
|
+
Use GSE from a checked-out copy:
|
|
35
|
+
|
|
36
|
+
```bash
|
|
37
|
+
node scripts/validate-gse.mjs --root . --json
|
|
31
38
|
```
|
|
32
39
|
|
|
33
40
|
Package a checked-out copy for handoff:
|
package/README.zh-CN.md
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
# GSE
|
|
2
2
|
|
|
3
|
-
[English](README.md) | 简体中文
|
|
3
|
+
[English](https://github.com/275005746/gse/blob/main/README.md) | 简体中文
|
|
4
4
|
|
|
5
5
|
面向长期 agent 辅助软件项目的 Goal-Spec-Evidence Engineering。
|
|
6
6
|
|
|
@@ -22,12 +22,19 @@ Goal -> Spec -> Execute -> Evidence -> Learn
|
|
|
22
22
|
- 可选 host folders、LSP、MCP、hooks、plugins、project skills 适配说明
|
|
23
23
|
- 面向成熟项目的 release、packaging、public collaboration 和 evidence gate 工作流
|
|
24
24
|
|
|
25
|
-
## 安装
|
|
26
|
-
|
|
27
|
-
|
|
28
|
-
|
|
29
|
-
```bash
|
|
30
|
-
|
|
25
|
+
## 安装
|
|
26
|
+
|
|
27
|
+
从 npm 安装:
|
|
28
|
+
|
|
29
|
+
```bash
|
|
30
|
+
npm install -g @t275005746/gse
|
|
31
|
+
gse status --target .
|
|
32
|
+
```
|
|
33
|
+
|
|
34
|
+
从已检出的 GSE 副本直接使用:
|
|
35
|
+
|
|
36
|
+
```bash
|
|
37
|
+
node scripts/validate-gse.mjs --root . --json
|
|
31
38
|
```
|
|
32
39
|
|
|
33
40
|
把已检出的副本打包给其他环境:
|
package/SECURITY.md
CHANGED
|
@@ -1,41 +1,41 @@
|
|
|
1
|
-
# Security Policy
|
|
2
|
-
|
|
3
|
-
GSE is an agent workflow skill and scaffold. Security reports may involve scripts, generated project files, host adapters, package/install behavior, signing, release trust, or documentation that could cause unsafe claims.
|
|
4
|
-
|
|
5
|
-
## Supported Scope
|
|
6
|
-
|
|
7
|
-
Security-relevant areas include:
|
|
8
|
-
|
|
9
|
-
- Package, install, URL install, manifest integrity, signing, and verification scripts.
|
|
10
|
-
- Generated host adapters and command pointers.
|
|
11
|
-
- Tool permission guidance, MCP/tool routing guidance, and release trust policy.
|
|
12
|
-
- Evidence, logs, and templates that could leak secrets or raw provider payloads.
|
|
13
|
-
- Documentation that could cause agents to bypass owner approval, license decisions, or unsupported host boundaries.
|
|
14
|
-
|
|
15
|
-
## Reporting
|
|
16
|
-
|
|
17
|
-
Until a public security contact is chosen, do not publish exploit details in public issues.
|
|
18
|
-
|
|
19
|
-
Use the project owner's private reporting channel. If no channel exists, record the issue privately in the maintainers' current coordination channel and mark the public release status as blocked until a contact path exists.
|
|
20
|
-
|
|
21
|
-
Minimum report contents:
|
|
22
|
-
|
|
23
|
-
- Affected GSE version, release label, or commit.
|
|
24
|
-
- Affected file or generated artifact.
|
|
25
|
-
- Reproduction steps.
|
|
26
|
-
- Impact and likely affected users or hosts.
|
|
27
|
-
- Whether secrets, credentials, private prompts, provider payloads, or user data are involved.
|
|
28
|
-
- Suggested mitigation if known.
|
|
29
|
-
|
|
30
|
-
## Handling
|
|
31
|
-
|
|
32
|
-
- Do not claim a fix is verified until a focused reproduction or audit proves the changed behavior.
|
|
33
|
-
- Do not publish a release if signing, package integrity, or owner trust evidence is contradicted.
|
|
34
|
-
- If a public package may be affected, use `references/release-trust.md` and `assets/templates/release-trust-record.md` to record revocation, rotation, and follow-up.
|
|
35
|
-
- If a project-local GSE scaffold is affected, notify the affected project session or maintainer with the exact files and validation commands.
|
|
36
|
-
|
|
37
|
-
## Current Limits
|
|
38
|
-
|
|
39
|
-
- No public vulnerability disclosure address has been owner-approved yet.
|
|
40
|
-
- Public marketplace approval and registry publication are not verified.
|
|
41
|
-
- Host-native slash-command support is not verified unless a host-specific invocation record exists.
|
|
1
|
+
# Security Policy
|
|
2
|
+
|
|
3
|
+
GSE is an agent workflow skill and scaffold. Security reports may involve scripts, generated project files, host adapters, package/install behavior, signing, release trust, or documentation that could cause unsafe claims.
|
|
4
|
+
|
|
5
|
+
## Supported Scope
|
|
6
|
+
|
|
7
|
+
Security-relevant areas include:
|
|
8
|
+
|
|
9
|
+
- Package, install, URL install, manifest integrity, signing, and verification scripts.
|
|
10
|
+
- Generated host adapters and command pointers.
|
|
11
|
+
- Tool permission guidance, MCP/tool routing guidance, and release trust policy.
|
|
12
|
+
- Evidence, logs, and templates that could leak secrets or raw provider payloads.
|
|
13
|
+
- Documentation that could cause agents to bypass owner approval, license decisions, or unsupported host boundaries.
|
|
14
|
+
|
|
15
|
+
## Reporting
|
|
16
|
+
|
|
17
|
+
Until a public security contact is chosen, do not publish exploit details in public issues.
|
|
18
|
+
|
|
19
|
+
Use the project owner's private reporting channel. If no channel exists, record the issue privately in the maintainers' current coordination channel and mark the public release status as blocked until a contact path exists.
|
|
20
|
+
|
|
21
|
+
Minimum report contents:
|
|
22
|
+
|
|
23
|
+
- Affected GSE version, release label, or commit.
|
|
24
|
+
- Affected file or generated artifact.
|
|
25
|
+
- Reproduction steps.
|
|
26
|
+
- Impact and likely affected users or hosts.
|
|
27
|
+
- Whether secrets, credentials, private prompts, provider payloads, or user data are involved.
|
|
28
|
+
- Suggested mitigation if known.
|
|
29
|
+
|
|
30
|
+
## Handling
|
|
31
|
+
|
|
32
|
+
- Do not claim a fix is verified until a focused reproduction or audit proves the changed behavior.
|
|
33
|
+
- Do not publish a release if signing, package integrity, or owner trust evidence is contradicted.
|
|
34
|
+
- If a public package may be affected, use `references/release-trust.md` and `assets/templates/release-trust-record.md` to record revocation, rotation, and follow-up.
|
|
35
|
+
- If a project-local GSE scaffold is affected, notify the affected project session or maintainer with the exact files and validation commands.
|
|
36
|
+
|
|
37
|
+
## Current Limits
|
|
38
|
+
|
|
39
|
+
- No public vulnerability disclosure address has been owner-approved yet.
|
|
40
|
+
- Public marketplace approval and registry publication are not verified.
|
|
41
|
+
- Host-native slash-command support is not verified unless a host-specific invocation record exists.
|
package/SKILL.md
CHANGED
|
@@ -37,19 +37,32 @@ Default stance: keep the workflow as light as the task allows and as rigorous as
|
|
|
37
37
|
Portable command helpers:
|
|
38
38
|
|
|
39
39
|
- Short CLI wrapper: `node <skill>/scripts/gse.mjs status --target <project-root> --json`
|
|
40
|
-
- Short continuation
|
|
41
|
-
- Portable command runner: `node <skill>/scripts/run-gse-command.mjs --target <project-root> --command "/gse continue"`
|
|
42
|
-
-
|
|
40
|
+
- Short continuation packet: `node <skill>/scripts/generate-continue-packet.mjs --target <project-root>`
|
|
41
|
+
- Portable command runner: `node <skill>/scripts/run-gse-command.mjs --target <project-root> --command "/gse continue"`
|
|
42
|
+
- State/evidence repair doctor: `node <skill>/scripts/run-gse-command.mjs --target <project-root> --command "/gse repair" --json`
|
|
43
|
+
- Direct repair audit: `node <skill>/scripts/audit-state-repair.mjs --target <project-root> --json`
|
|
44
|
+
- Validation profile runner: `node <skill>/scripts/run-validation-profile.mjs --target <project-root> --profile lite|standard|enterprise|release`
|
|
43
45
|
- Command execution audit: `node <skill>/scripts/audit-command-execution.mjs --root <skill> --profile lite|full`
|
|
44
|
-
- Close readiness check: `node <skill>/scripts/audit-close-gate.mjs --target <project-root>`
|
|
46
|
+
- Close readiness check: `node <skill>/scripts/audit-close-gate.mjs --target <project-root>`
|
|
47
|
+
- Project guard preflight: `node <skill>/scripts/audit-project-guards.mjs --target <project-root> --json`
|
|
45
48
|
- GSE owner/external action list: `node <skill>/scripts/run-gse-command.mjs --target <skill> --command "/gse owner-actions" --json --compact`
|
|
46
49
|
- Owner/external live evidence probe: `node <skill>/scripts/run-gse-command.mjs --target <skill> --command "/gse probe --public-repo-url <url>" --json`
|
|
47
50
|
- Release bundle dry-run/write route: `node <skill>/scripts/run-gse-command.mjs --target <skill> --command "/gse release" --json`
|
|
48
51
|
- Package dry-run/write route: `node <skill>/scripts/run-gse-command.mjs --target <skill> --command "/gse package" --json`
|
|
49
52
|
- Install dry-run/write route: `node <skill>/scripts/run-gse-command.mjs --target <skill> --command "/gse install --source <package-dir> --install-target <install-skill-dir>" --json`
|
|
50
53
|
- Public release checklist route: `node <skill>/scripts/run-gse-command.mjs --target <skill> --command "/gse public-release" --json`
|
|
51
|
-
- Learning capture route: `node <skill>/scripts/run-gse-command.mjs --target <project-root> --command "/gse learn --summary <lesson>" --execute --json`
|
|
52
|
-
-
|
|
54
|
+
- Learning capture route: `node <skill>/scripts/run-gse-command.mjs --target <project-root> --command "/gse learn --summary <lesson>" --execute --json`
|
|
55
|
+
- Learning drift audit: `node <skill>/scripts/audit-learning-drift.mjs --root <skill> --target <project-root> --json`
|
|
56
|
+
- Target hardening drills: `node <skill>/scripts/audit-target-hardening-drills.mjs --root <skill> --aion-target <project-root> --museflow-target <project-root> --json`
|
|
57
|
+
- Maintenance cadence audit: `node <skill>/scripts/audit-maintenance-cadence.mjs --root <skill> --json`
|
|
58
|
+
- Maintenance snapshot: `node <skill>/scripts/generate-maintenance-snapshot.mjs --root <skill> --target <project-root> --installed-root <installed-skill-dir> --execute --json`
|
|
59
|
+
- Installed package smoke: `node <skill>/scripts/generate-maintenance-snapshot.mjs --root <installed-skill-dir> --target <installed-skill-dir> --package-smoke --skip-release-bundle --json`
|
|
60
|
+
- Installed sync audit: `node <skill>/scripts/audit-installed-sync.mjs --root <skill> --installed-root <installed-skill-dir> --json`
|
|
61
|
+
- Session sync record audit: `node <skill>/scripts/audit-session-sync.mjs --root <skill> --json`
|
|
62
|
+
- Conservative evidence-level backfill: `node <skill>/scripts/backfill-evidence-levels.mjs --root <project-root> --json`
|
|
63
|
+
- Historical evidence review queue: `node <skill>/scripts/audit-evidence-review-queue.mjs --root <skill> --target <project-root> --json`
|
|
64
|
+
- UI/browser evidence policy audit: `node <skill>/scripts/audit-ui-browser-evidence-policy.mjs --root <skill> --target <project-root> --json`
|
|
65
|
+
- Existing project state/index update: `node <skill>/scripts/update-project-state.mjs --target <project-root>`
|
|
53
66
|
- Change spec pack: `node <skill>/scripts/init-change.mjs --target <project-root> --change-id <id> --level lite|standard|enterprise`
|
|
54
67
|
- Public release record: `node <skill>/scripts/record-public-release.mjs --root <project-root> --license-status owner-required`
|
|
55
68
|
- Release bundle: `node <skill>/scripts/generate-release-bundle.mjs --root <skill> --label <release-label> --out <bundle-dir>`
|
|
@@ -100,8 +113,9 @@ For long-running projects, bind the work to `.gse/goal-map.md` or the project's
|
|
|
100
113
|
- Project-specific standards and tools: `references/project-profile.md`
|
|
101
114
|
- Project-local agent workspace: `references/project-agent-workspace.md`
|
|
102
115
|
- Host-specific adapters: `references/host-adapters.md`, `references/compatibility.md`
|
|
103
|
-
- Benchmark and gap audit: `references/benchmark-audit.md`
|
|
104
|
-
-
|
|
116
|
+
- Benchmark and gap audit: `references/benchmark-audit.md`
|
|
117
|
+
- Final form roadmap: `references/final-form-roadmap.md`, `scripts/audit-final-form-roadmap.mjs`
|
|
118
|
+
- Task level selection: `references/task-levels.md`
|
|
105
119
|
- Goal maps: `references/goal-map.md`
|
|
106
120
|
- Specs and change folders: `references/spec-workflow.md`
|
|
107
121
|
- Agent roles and ownership: `references/agent-roles.md`, `references/file-ownership.md`
|
|
@@ -128,7 +142,7 @@ For long-running projects, bind the work to `.gse/goal-map.md` or the project's
|
|
|
128
142
|
- Release owner action plan drill: `scripts/audit-release-owner-action-plan-drill.mjs`
|
|
129
143
|
- Public release checklist: `scripts/generate-public-release-checklist.mjs`, `scripts/audit-public-release-checklist.mjs`
|
|
130
144
|
- Final-form progress report: `scripts/generate-final-form-progress-report.mjs`, `scripts/audit-final-form-progress-report.mjs`
|
|
131
|
-
- Packaging and maintenance: `references/packaging.md`
|
|
145
|
+
- Packaging and maintenance: `references/packaging.md`, `references/maintenance-cadence.md`, `scripts/audit-maintenance-cadence.mjs`, `scripts/generate-maintenance-snapshot.mjs`, `scripts/audit-maintenance-snapshot.mjs`, `scripts/audit-installed-sync.mjs`, `scripts/record-session-sync.mjs`, `scripts/audit-session-sync.mjs`
|
|
132
146
|
- CI readiness: `.github/workflows/validate-gse.yml`, `scripts/audit-ci-readiness.mjs`
|
|
133
147
|
- Public collaboration templates: `.github/PULL_REQUEST_TEMPLATE.md`, `.github/ISSUE_TEMPLATE/`, `scripts/audit-public-collaboration-templates.mjs`
|
|
134
148
|
- Release trust and key custody: `references/release-trust.md`
|
|
@@ -142,7 +156,13 @@ For long-running projects, bind the work to `.gse/goal-map.md` or the project's
|
|
|
142
156
|
- Final acceptance packet: `scripts/generate-final-acceptance-packet.mjs`, `scripts/audit-final-acceptance-packet.mjs`
|
|
143
157
|
- Recovery and handoff: `references/recovery.md`
|
|
144
158
|
- Forward testing: `references/forward-test.md`
|
|
145
|
-
- Learning loop: `references/learning-system.md`
|
|
146
|
-
- Learning capture: `scripts/record-learning.mjs`, `scripts/audit-learning-system.mjs`
|
|
147
|
-
-
|
|
159
|
+
- Learning loop: `references/learning-system.md`
|
|
160
|
+
- Learning capture: `scripts/record-learning.mjs`, `scripts/audit-learning-system.mjs`
|
|
161
|
+
- Learning drift: `scripts/audit-learning-drift.mjs`
|
|
162
|
+
- Conservative evidence-level backfill: `scripts/backfill-evidence-levels.mjs`
|
|
163
|
+
- Historical evidence review queue: `scripts/audit-evidence-review-queue.mjs`
|
|
164
|
+
- UI/browser evidence policy: `scripts/audit-ui-browser-evidence-policy.mjs`
|
|
165
|
+
- Target hardening drills: `scripts/audit-target-hardening-drills.mjs`
|
|
166
|
+
- Project guards: `references/project-guards.md`, `scripts/audit-project-guards.mjs`
|
|
167
|
+
- Drift audit: `references/drift-audit.md`
|
|
148
168
|
- Design basis and source boundaries: `references/design-basis.md`
|
package/SUPPORT.md
CHANGED
|
@@ -1,38 +1,38 @@
|
|
|
1
|
-
# Support
|
|
2
|
-
|
|
3
|
-
Use this file to decide where to start when GSE behavior is confusing, incomplete, or blocked.
|
|
4
|
-
|
|
5
|
-
## First Checks
|
|
6
|
-
|
|
7
|
-
Run:
|
|
8
|
-
|
|
9
|
-
```text
|
|
10
|
-
node scripts/validate-gse.mjs --root <gse-root> --json
|
|
11
|
-
```
|
|
12
|
-
|
|
13
|
-
For a target project using GSE, run:
|
|
14
|
-
|
|
15
|
-
```text
|
|
16
|
-
node scripts/audit-target-project.mjs --target <project-root> --json
|
|
17
|
-
node scripts/generate-session-prompt.mjs --target <project-root>
|
|
18
|
-
node scripts/audit-close-gate.mjs --target <project-root> --json
|
|
19
|
-
```
|
|
20
|
-
|
|
21
|
-
For package or install issues, run:
|
|
22
|
-
|
|
23
|
-
```text
|
|
24
|
-
node scripts/audit-distribution.mjs --root <gse-root> --json
|
|
25
|
-
node scripts/audit-remote-distribution.mjs --root <gse-root> --json
|
|
26
|
-
```
|
|
27
|
-
|
|
28
|
-
## What To Include In A Support Request
|
|
29
|
-
|
|
30
|
-
- GSE root path or installed package path.
|
|
31
|
-
- Target project path, if any.
|
|
32
|
-
- Command run and the compact JSON summary.
|
|
33
|
-
- Whether the problem is skill usage, project scaffold, package/install, host adapter, release, or evidence gating.
|
|
34
|
-
- Whether optional tools such as OpenSpec, Comet, Superpowers, LSP, browser automation, MCP, or subagents were actually available.
|
|
35
|
-
|
|
36
|
-
## Community
|
|
37
|
-
|
|
38
|
-
GateHub (`https://gatehub.top/`) supports GSE development and contributor coordination.
|
|
1
|
+
# Support
|
|
2
|
+
|
|
3
|
+
Use this file to decide where to start when GSE behavior is confusing, incomplete, or blocked.
|
|
4
|
+
|
|
5
|
+
## First Checks
|
|
6
|
+
|
|
7
|
+
Run:
|
|
8
|
+
|
|
9
|
+
```text
|
|
10
|
+
node scripts/validate-gse.mjs --root <gse-root> --json
|
|
11
|
+
```
|
|
12
|
+
|
|
13
|
+
For a target project using GSE, run:
|
|
14
|
+
|
|
15
|
+
```text
|
|
16
|
+
node scripts/audit-target-project.mjs --target <project-root> --json
|
|
17
|
+
node scripts/generate-session-prompt.mjs --target <project-root>
|
|
18
|
+
node scripts/audit-close-gate.mjs --target <project-root> --json
|
|
19
|
+
```
|
|
20
|
+
|
|
21
|
+
For package or install issues, run:
|
|
22
|
+
|
|
23
|
+
```text
|
|
24
|
+
node scripts/audit-distribution.mjs --root <gse-root> --json
|
|
25
|
+
node scripts/audit-remote-distribution.mjs --root <gse-root> --json
|
|
26
|
+
```
|
|
27
|
+
|
|
28
|
+
## What To Include In A Support Request
|
|
29
|
+
|
|
30
|
+
- GSE root path or installed package path.
|
|
31
|
+
- Target project path, if any.
|
|
32
|
+
- Command run and the compact JSON summary.
|
|
33
|
+
- Whether the problem is skill usage, project scaffold, package/install, host adapter, release, or evidence gating.
|
|
34
|
+
- Whether optional tools such as OpenSpec, Comet, Superpowers, LSP, browser automation, MCP, or subagents were actually available.
|
|
35
|
+
|
|
36
|
+
## Community
|
|
37
|
+
|
|
38
|
+
GateHub (`https://gatehub.top/`) supports GSE development and contributor coordination.
|
|
@@ -1,7 +1,7 @@
|
|
|
1
|
-
# Marketplace Metadata
|
|
2
|
-
|
|
3
|
-
This folder contains portable discovery metadata for publishing or listing GSE in a skill, plugin, or agent-workflow catalog.
|
|
4
|
-
|
|
5
|
-
The metadata is intentionally host-neutral. It describes what GSE is, how to validate it, which entrypoints matter, and which host capabilities still require separate runtime evidence.
|
|
6
|
-
|
|
7
|
-
Do not add maintainer secrets, local machine paths, private project names, or unverified marketplace approval claims here.
|
|
1
|
+
# Marketplace Metadata
|
|
2
|
+
|
|
3
|
+
This folder contains portable discovery metadata for publishing or listing GSE in a skill, plugin, or agent-workflow catalog.
|
|
4
|
+
|
|
5
|
+
The metadata is intentionally host-neutral. It describes what GSE is, how to validate it, which entrypoints matter, and which host capabilities still require separate runtime evidence.
|
|
6
|
+
|
|
7
|
+
Do not add maintainer secrets, local machine paths, private project names, or unverified marketplace approval claims here.
|
|
@@ -1,75 +1,75 @@
|
|
|
1
|
-
{
|
|
2
|
-
"schemaVersion": 1,
|
|
3
|
-
"name": "gse",
|
|
4
|
-
"displayName": "GSE",
|
|
5
|
-
"tagline": "Goal-Spec-Evidence Engineering for long-running agentic software projects.",
|
|
6
|
-
"summary": "Goal-Spec-Evidence workflow skill for AI coding agents that turns ad hoc development into goal maps, scoped specs, focused execution, evidence gates, and reusable learning.",
|
|
7
|
-
"categories": [
|
|
8
|
-
"agentic engineering",
|
|
9
|
-
"software development workflow",
|
|
10
|
-
"spec-driven development",
|
|
11
|
-
"AI coding agents",
|
|
12
|
-
"project governance"
|
|
13
|
-
],
|
|
14
|
-
"keywords": [
|
|
15
|
-
"GSE",
|
|
16
|
-
"Goal-Spec-Evidence",
|
|
17
|
-
"agentic engineering",
|
|
18
|
-
"spec-driven development",
|
|
19
|
-
"SDD",
|
|
20
|
-
"AI coding agent workflow",
|
|
21
|
-
"evidence gates",
|
|
22
|
-
"goal map",
|
|
23
|
-
"project scaffolding",
|
|
24
|
-
"OpenSpec-style changes",
|
|
25
|
-
"Superpowers-style execution"
|
|
26
|
-
],
|
|
27
|
-
"hostSupport": [
|
|
28
|
-
{
|
|
29
|
-
"host": "Codex-style agents",
|
|
30
|
-
"status": "documented",
|
|
31
|
-
"adapter": ".codex/gse-command.md",
|
|
32
|
-
"notes": "Portable runner and pointer adapter are verified; project-level native slash-command execution is host-specific."
|
|
33
|
-
},
|
|
34
|
-
{
|
|
35
|
-
"host": "Claude Code-style agents",
|
|
36
|
-
"status": "documented",
|
|
37
|
-
"adapter": ".claude/commands/gse.md",
|
|
38
|
-
"notes": "Generated command file shape is verified in fixtures; real host invocation requires host runtime evidence."
|
|
39
|
-
},
|
|
40
|
-
{
|
|
41
|
-
"host": "Custom agent runtimes",
|
|
42
|
-
"status": "documented",
|
|
43
|
-
"adapter": "runtime-specific bridge",
|
|
44
|
-
"notes": "Runtime capabilities should be verified inside the target project before being marked verified."
|
|
45
|
-
}
|
|
46
|
-
],
|
|
47
|
-
"entrypoints": [
|
|
48
|
-
"SKILL.md",
|
|
49
|
-
"package.json",
|
|
50
|
-
"README.md",
|
|
51
|
-
"README.zh-CN.md",
|
|
52
|
-
"scripts/init-project.mjs",
|
|
53
|
-
"scripts/run-gse-command.mjs",
|
|
54
|
-
"scripts/validate-gse.mjs",
|
|
55
|
-
"scripts/audit-npm-package-metadata.mjs",
|
|
56
|
-
"scripts/audit-npm-tarball-install.mjs"
|
|
57
|
-
],
|
|
58
|
-
"verification": [
|
|
59
|
-
"node scripts/validate-gse.mjs --root . --json",
|
|
60
|
-
"node scripts/audit-npm-package-metadata.mjs --root . --json",
|
|
61
|
-
"node scripts/audit-marketplace-discovery.mjs --root . --json",
|
|
62
|
-
"node scripts/audit-host-ui-invocation.mjs --root . --json"
|
|
63
|
-
],
|
|
64
|
-
"distribution": {
|
|
65
|
-
"packageScript": "scripts/package-gse.mjs",
|
|
66
|
-
"installScript": "scripts/install-gse.mjs",
|
|
67
|
-
"signingScript": "scripts/sign-gse-package.mjs",
|
|
68
|
-
"trustPolicy": "references/release-trust.md"
|
|
69
|
-
},
|
|
70
|
-
"boundaries": [
|
|
71
|
-
"GSE is not a hosted service.",
|
|
72
|
-
"GSE does not require OpenSpec, Superpowers, Comet, MCP, LSP, browser automation, or subagents.",
|
|
73
|
-
"Marketplace approval, maintainer identity, and native host UI invocation require separate evidence."
|
|
74
|
-
]
|
|
75
|
-
}
|
|
1
|
+
{
|
|
2
|
+
"schemaVersion": 1,
|
|
3
|
+
"name": "gse",
|
|
4
|
+
"displayName": "GSE",
|
|
5
|
+
"tagline": "Goal-Spec-Evidence Engineering for long-running agentic software projects.",
|
|
6
|
+
"summary": "Goal-Spec-Evidence workflow skill for AI coding agents that turns ad hoc development into goal maps, scoped specs, focused execution, evidence gates, and reusable learning.",
|
|
7
|
+
"categories": [
|
|
8
|
+
"agentic engineering",
|
|
9
|
+
"software development workflow",
|
|
10
|
+
"spec-driven development",
|
|
11
|
+
"AI coding agents",
|
|
12
|
+
"project governance"
|
|
13
|
+
],
|
|
14
|
+
"keywords": [
|
|
15
|
+
"GSE",
|
|
16
|
+
"Goal-Spec-Evidence",
|
|
17
|
+
"agentic engineering",
|
|
18
|
+
"spec-driven development",
|
|
19
|
+
"SDD",
|
|
20
|
+
"AI coding agent workflow",
|
|
21
|
+
"evidence gates",
|
|
22
|
+
"goal map",
|
|
23
|
+
"project scaffolding",
|
|
24
|
+
"OpenSpec-style changes",
|
|
25
|
+
"Superpowers-style execution"
|
|
26
|
+
],
|
|
27
|
+
"hostSupport": [
|
|
28
|
+
{
|
|
29
|
+
"host": "Codex-style agents",
|
|
30
|
+
"status": "documented",
|
|
31
|
+
"adapter": ".codex/gse-command.md",
|
|
32
|
+
"notes": "Portable runner and pointer adapter are verified; project-level native slash-command execution is host-specific."
|
|
33
|
+
},
|
|
34
|
+
{
|
|
35
|
+
"host": "Claude Code-style agents",
|
|
36
|
+
"status": "documented",
|
|
37
|
+
"adapter": ".claude/commands/gse.md",
|
|
38
|
+
"notes": "Generated command file shape is verified in fixtures; real host invocation requires host runtime evidence."
|
|
39
|
+
},
|
|
40
|
+
{
|
|
41
|
+
"host": "Custom agent runtimes",
|
|
42
|
+
"status": "documented",
|
|
43
|
+
"adapter": "runtime-specific bridge",
|
|
44
|
+
"notes": "Runtime capabilities should be verified inside the target project before being marked verified."
|
|
45
|
+
}
|
|
46
|
+
],
|
|
47
|
+
"entrypoints": [
|
|
48
|
+
"SKILL.md",
|
|
49
|
+
"package.json",
|
|
50
|
+
"README.md",
|
|
51
|
+
"README.zh-CN.md",
|
|
52
|
+
"scripts/init-project.mjs",
|
|
53
|
+
"scripts/run-gse-command.mjs",
|
|
54
|
+
"scripts/validate-gse.mjs",
|
|
55
|
+
"scripts/audit-npm-package-metadata.mjs",
|
|
56
|
+
"scripts/audit-npm-tarball-install.mjs"
|
|
57
|
+
],
|
|
58
|
+
"verification": [
|
|
59
|
+
"node scripts/validate-gse.mjs --root . --json",
|
|
60
|
+
"node scripts/audit-npm-package-metadata.mjs --root . --json",
|
|
61
|
+
"node scripts/audit-marketplace-discovery.mjs --root . --json",
|
|
62
|
+
"node scripts/audit-host-ui-invocation.mjs --root . --json"
|
|
63
|
+
],
|
|
64
|
+
"distribution": {
|
|
65
|
+
"packageScript": "scripts/package-gse.mjs",
|
|
66
|
+
"installScript": "scripts/install-gse.mjs",
|
|
67
|
+
"signingScript": "scripts/sign-gse-package.mjs",
|
|
68
|
+
"trustPolicy": "references/release-trust.md"
|
|
69
|
+
},
|
|
70
|
+
"boundaries": [
|
|
71
|
+
"GSE is not a hosted service.",
|
|
72
|
+
"GSE does not require OpenSpec, Superpowers, Comet, MCP, LSP, browser automation, or subagents.",
|
|
73
|
+
"Marketplace approval, maintainer identity, and native host UI invocation require separate evidence."
|
|
74
|
+
]
|
|
75
|
+
}
|
|
@@ -1,73 +1,73 @@
|
|
|
1
|
-
# Acceptance Execution Packet
|
|
2
|
-
|
|
3
|
-
Use this packet when GSE needs external acceptance evidence instead of another structural audit.
|
|
4
|
-
|
|
5
|
-
Choose exactly one path per packet.
|
|
6
|
-
|
|
7
|
-
```text
|
|
8
|
-
Acceptance path: fresh-session | owner-approved project write
|
|
9
|
-
Target project or session:
|
|
10
|
-
Purpose:
|
|
11
|
-
Required inputs:
|
|
12
|
-
Allowed files:
|
|
13
|
-
Forbidden files:
|
|
14
|
-
Allowed commands:
|
|
15
|
-
Forbidden commands:
|
|
16
|
-
Expected output:
|
|
17
|
-
Evidence record path:
|
|
18
|
-
Acceptance gate:
|
|
19
|
-
Accepted by:
|
|
20
|
-
Stop conditions:
|
|
21
|
-
Residual risk if incomplete:
|
|
22
|
-
Next action after completion:
|
|
23
|
-
```
|
|
24
|
-
|
|
25
|
-
## Fresh-Session Path
|
|
26
|
-
|
|
27
|
-
Use when a separate session, thread, host worker, or equivalent can run the GSE continuation path without hidden conversation history.
|
|
28
|
-
|
|
29
|
-
Required inputs:
|
|
30
|
-
|
|
31
|
-
- `SKILL.md`
|
|
32
|
-
- `.gse/gse-design-master-plan.md`
|
|
33
|
-
- `.gse/goal-map.md`
|
|
34
|
-
- `.gse/current-slice.md`
|
|
35
|
-
- `references/forward-test.md`
|
|
36
|
-
- `references/evidence-taxonomy.md`
|
|
37
|
-
|
|
38
|
-
Acceptance gate: the separate session identifies the current slice, states outcome/scope/acceptance/evidence/risk/next action, runs or describes the smallest valid verification, and records `Accepted by: fresh-session` only if it actually executed the packet.
|
|
39
|
-
|
|
40
|
-
## Owner-Approved Project Write Path
|
|
41
|
-
|
|
42
|
-
Use when a target project owner explicitly allows GSE to write project-local `.gse/` adoption or update artifacts.
|
|
43
|
-
|
|
44
|
-
Required inputs:
|
|
45
|
-
|
|
46
|
-
- Project owner approval text or issue/task link.
|
|
47
|
-
- Target project rule file such as `AGENTS.md`, `CLAUDE.md`, or README.
|
|
48
|
-
- `references/adoption-recipes.md`
|
|
49
|
-
- `assets/templates/target-adoption-evidence.md`
|
|
50
|
-
- `assets/templates/update-release-acceptance-record.md`
|
|
51
|
-
|
|
52
|
-
Default allowed files:
|
|
53
|
-
|
|
54
|
-
- `.gse/README.md`
|
|
55
|
-
- `.gse/project-profile.md`
|
|
56
|
-
- `.gse/goal-map.md`
|
|
57
|
-
- `.gse/quality-gates.md`
|
|
58
|
-
- `.gse/tooling.md`
|
|
59
|
-
- `.gse/evidence/YYYY-MM-DD.md`
|
|
60
|
-
|
|
61
|
-
Default forbidden files:
|
|
62
|
-
|
|
63
|
-
- Source code, lockfiles, secrets, generated outputs, screenshots, build artifacts, and unrelated host config.
|
|
64
|
-
|
|
65
|
-
Acceptance gate: the owner-approved project record exists, project-local verification ran, residual risks are recorded, and the owner or named policy accepts the verified record.
|
|
66
|
-
|
|
67
|
-
## Anti-Overclaim Rules
|
|
68
|
-
|
|
69
|
-
- Do not write `Accepted by: fresh-session` unless a separate session actually ran the packet.
|
|
70
|
-
- Do not write `Accepted by: owner` unless owner approval is explicit and recorded.
|
|
71
|
-
- Do not treat a generated packet, local validation, fixture audit, or read-only discovery as acceptance.
|
|
72
|
-
- Do not expand allowed files or commands without updating the packet and recording why.
|
|
73
|
-
- If a stop condition occurs, record `Evidence status: not ready` or `verified` with `Accepted by: not accepted`.
|
|
1
|
+
# Acceptance Execution Packet
|
|
2
|
+
|
|
3
|
+
Use this packet when GSE needs external acceptance evidence instead of another structural audit.
|
|
4
|
+
|
|
5
|
+
Choose exactly one path per packet.
|
|
6
|
+
|
|
7
|
+
```text
|
|
8
|
+
Acceptance path: fresh-session | owner-approved project write
|
|
9
|
+
Target project or session:
|
|
10
|
+
Purpose:
|
|
11
|
+
Required inputs:
|
|
12
|
+
Allowed files:
|
|
13
|
+
Forbidden files:
|
|
14
|
+
Allowed commands:
|
|
15
|
+
Forbidden commands:
|
|
16
|
+
Expected output:
|
|
17
|
+
Evidence record path:
|
|
18
|
+
Acceptance gate:
|
|
19
|
+
Accepted by:
|
|
20
|
+
Stop conditions:
|
|
21
|
+
Residual risk if incomplete:
|
|
22
|
+
Next action after completion:
|
|
23
|
+
```
|
|
24
|
+
|
|
25
|
+
## Fresh-Session Path
|
|
26
|
+
|
|
27
|
+
Use when a separate session, thread, host worker, or equivalent can run the GSE continuation path without hidden conversation history.
|
|
28
|
+
|
|
29
|
+
Required inputs:
|
|
30
|
+
|
|
31
|
+
- `SKILL.md`
|
|
32
|
+
- `.gse/gse-design-master-plan.md`
|
|
33
|
+
- `.gse/goal-map.md`
|
|
34
|
+
- `.gse/current-slice.md`
|
|
35
|
+
- `references/forward-test.md`
|
|
36
|
+
- `references/evidence-taxonomy.md`
|
|
37
|
+
|
|
38
|
+
Acceptance gate: the separate session identifies the current slice, states outcome/scope/acceptance/evidence/risk/next action, runs or describes the smallest valid verification, and records `Accepted by: fresh-session` only if it actually executed the packet.
|
|
39
|
+
|
|
40
|
+
## Owner-Approved Project Write Path
|
|
41
|
+
|
|
42
|
+
Use when a target project owner explicitly allows GSE to write project-local `.gse/` adoption or update artifacts.
|
|
43
|
+
|
|
44
|
+
Required inputs:
|
|
45
|
+
|
|
46
|
+
- Project owner approval text or issue/task link.
|
|
47
|
+
- Target project rule file such as `AGENTS.md`, `CLAUDE.md`, or README.
|
|
48
|
+
- `references/adoption-recipes.md`
|
|
49
|
+
- `assets/templates/target-adoption-evidence.md`
|
|
50
|
+
- `assets/templates/update-release-acceptance-record.md`
|
|
51
|
+
|
|
52
|
+
Default allowed files:
|
|
53
|
+
|
|
54
|
+
- `.gse/README.md`
|
|
55
|
+
- `.gse/project-profile.md`
|
|
56
|
+
- `.gse/goal-map.md`
|
|
57
|
+
- `.gse/quality-gates.md`
|
|
58
|
+
- `.gse/tooling.md`
|
|
59
|
+
- `.gse/evidence/YYYY-MM-DD.md`
|
|
60
|
+
|
|
61
|
+
Default forbidden files:
|
|
62
|
+
|
|
63
|
+
- Source code, lockfiles, secrets, generated outputs, screenshots, build artifacts, and unrelated host config.
|
|
64
|
+
|
|
65
|
+
Acceptance gate: the owner-approved project record exists, project-local verification ran, residual risks are recorded, and the owner or named policy accepts the verified record.
|
|
66
|
+
|
|
67
|
+
## Anti-Overclaim Rules
|
|
68
|
+
|
|
69
|
+
- Do not write `Accepted by: fresh-session` unless a separate session actually ran the packet.
|
|
70
|
+
- Do not write `Accepted by: owner` unless owner approval is explicit and recorded.
|
|
71
|
+
- Do not treat a generated packet, local validation, fixture audit, or read-only discovery as acceptance.
|
|
72
|
+
- Do not expand allowed files or commands without updating the packet and recording why.
|
|
73
|
+
- If a stop condition occurs, record `Evidence status: not ready` or `verified` with `Accepted by: not accepted`.
|