@t275005746/gse 0.1.0 → 0.1.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (228) hide show
  1. package/.github/ISSUE_TEMPLATE/bug_report.yml +42 -42
  2. package/.github/ISSUE_TEMPLATE/change_request.yml +50 -50
  3. package/.github/ISSUE_TEMPLATE/config.yml +5 -5
  4. package/.github/PULL_REQUEST_TEMPLATE.md +38 -38
  5. package/.github/workflows/validate-gse.yml +33 -33
  6. package/.gse/README.md +18 -18
  7. package/.gse/gse-development-protocol.md +50 -50
  8. package/.gse/project-profile.md +29 -29
  9. package/.gse/quality-gates.md +25 -25
  10. package/.gse/releases/public-registry-publication-npm.md +49 -0
  11. package/.gse/releases/public-release-owner-required.md +65 -65
  12. package/.gse/releases/public-security-contact-owner-required.md +45 -45
  13. package/.gse/state.json +147 -27
  14. package/CHANGELOG.md +31 -15
  15. package/CONTRIBUTING.md +64 -64
  16. package/LICENSE +21 -21
  17. package/README.md +14 -7
  18. package/README.zh-CN.md +14 -7
  19. package/SECURITY.md +41 -41
  20. package/SKILL.md +32 -12
  21. package/SUPPORT.md +38 -38
  22. package/assets/marketplace/README.md +7 -7
  23. package/assets/marketplace/gse-listing.json +75 -75
  24. package/assets/templates/acceptance-execution-packet.md +73 -73
  25. package/assets/templates/adr.md +14 -14
  26. package/assets/templates/change-brief.md +16 -16
  27. package/assets/templates/design.md +18 -18
  28. package/assets/templates/dispatch-packet.md +100 -92
  29. package/assets/templates/evidence.md +15 -9
  30. package/assets/templates/execution-quality-pack.md +65 -65
  31. package/assets/templates/goal-map.md +21 -21
  32. package/assets/templates/host-adapter.md +48 -48
  33. package/assets/templates/host-ui-invocation-record.md +42 -42
  34. package/assets/templates/incident-review.md +60 -60
  35. package/assets/templates/public-channel-publication-record.md +49 -49
  36. package/assets/templates/public-ci-run-record.md +53 -53
  37. package/assets/templates/public-release-record.md +65 -65
  38. package/assets/templates/public-repository-settings-record.md +59 -59
  39. package/assets/templates/public-security-contact-record.md +45 -45
  40. package/assets/templates/release-trust-record.md +32 -32
  41. package/assets/templates/review.md +18 -18
  42. package/assets/templates/role-fallback-packet.md +49 -0
  43. package/assets/templates/spec.md +16 -16
  44. package/assets/templates/target-adoption-evidence.md +29 -29
  45. package/assets/templates/tasks.md +17 -17
  46. package/assets/templates/update-release-acceptance-record.md +58 -58
  47. package/examples/README.md +22 -22
  48. package/examples/agent-runtime-host/.claude/gse-adapter.md +6 -6
  49. package/examples/agent-runtime-host/.codex/gse-adapter.md +7 -7
  50. package/examples/agent-runtime-host/.gse/goal-map.md +7 -7
  51. package/examples/agent-runtime-host/.gse/project-profile.md +27 -27
  52. package/examples/agent-runtime-host/.gse/tooling.md +5 -5
  53. package/examples/agent-runtime-host/.mcp.json +9 -9
  54. package/examples/agent-runtime-host/AGENTS.md +5 -5
  55. package/examples/agent-runtime-host/README.md +10 -10
  56. package/examples/agent-runtime-host/docs/model-routing.md +5 -5
  57. package/examples/cli-tool/.gse/project-profile.md +21 -21
  58. package/examples/cli-tool/AGENTS.md +5 -5
  59. package/examples/cli-tool/README.md +12 -12
  60. package/examples/cli-tool/package.json +21 -21
  61. package/examples/small-app/.env.example +2 -2
  62. package/examples/small-app/.github/workflows/ci.yml +8 -8
  63. package/examples/small-app/AGENTS.md +5 -5
  64. package/examples/small-app/README.md +12 -12
  65. package/examples/small-app/package.json +26 -26
  66. package/examples/small-app/playwright.config.ts +4 -4
  67. package/package.json +52 -44
  68. package/references/adoption-recipes.md +171 -171
  69. package/references/agent-roles.md +42 -21
  70. package/references/architecture-health.md +101 -101
  71. package/references/benchmark-audit.md +73 -73
  72. package/references/commands.md +74 -45
  73. package/references/community-channels.md +46 -46
  74. package/references/compatibility.md +70 -70
  75. package/references/design-basis.md +38 -38
  76. package/references/domain-model.md +129 -129
  77. package/references/domain-quality-gates.md +75 -75
  78. package/references/drift-audit.md +81 -80
  79. package/references/evidence-taxonomy.md +145 -108
  80. package/references/file-ownership.md +97 -93
  81. package/references/final-form-roadmap.md +201 -0
  82. package/references/final-readiness.md +84 -84
  83. package/references/forward-test.md +133 -133
  84. package/references/goal-map.md +36 -36
  85. package/references/host-adapters.md +129 -101
  86. package/references/learning-system.md +42 -26
  87. package/references/maintenance-cadence.md +51 -0
  88. package/references/marketplace-discovery.md +46 -46
  89. package/references/model-routing.md +103 -103
  90. package/references/open-source-defaults.md +39 -39
  91. package/references/operating-model.md +52 -52
  92. package/references/packaging.md +277 -277
  93. package/references/project-agent-workspace.md +89 -89
  94. package/references/project-bootstrap.md +122 -122
  95. package/references/project-guards.md +52 -0
  96. package/references/project-profile.md +57 -57
  97. package/references/public-release.md +174 -174
  98. package/references/quality-gates.md +96 -89
  99. package/references/recovery.md +176 -176
  100. package/references/release-trust.md +43 -43
  101. package/references/release.md +126 -126
  102. package/references/review.md +141 -141
  103. package/references/role-dispatch-fallback.md +54 -0
  104. package/references/router.md +90 -90
  105. package/references/spec-workflow.md +66 -66
  106. package/references/task-levels.md +81 -81
  107. package/references/tool-adapters.md +80 -70
  108. package/scripts/audit-acceptance-execution-packet.mjs +133 -133
  109. package/scripts/audit-adoption-recipes.mjs +99 -99
  110. package/scripts/audit-change-lifecycle.mjs +77 -77
  111. package/scripts/audit-change-system.mjs +134 -134
  112. package/scripts/audit-ci-readiness.mjs +107 -107
  113. package/scripts/audit-close-gate-hardening.mjs +188 -0
  114. package/scripts/audit-close-gate.mjs +448 -262
  115. package/scripts/audit-command-adapters.mjs +91 -91
  116. package/scripts/audit-command-execution.mjs +212 -199
  117. package/scripts/audit-commands.mjs +7 -5
  118. package/scripts/audit-compatibility.mjs +149 -149
  119. package/scripts/audit-completion-plan-drill.mjs +230 -0
  120. package/scripts/audit-completion-readiness.mjs +290 -287
  121. package/scripts/audit-continue-preflight.mjs +234 -0
  122. package/scripts/audit-distribution.mjs +251 -251
  123. package/scripts/audit-domain-quality-gates.mjs +108 -108
  124. package/scripts/audit-evidence-levels.mjs +217 -0
  125. package/scripts/audit-evidence-placeholders.mjs +126 -126
  126. package/scripts/audit-evidence-review-queue.mjs +206 -0
  127. package/scripts/audit-final-acceptance-packet.mjs +9 -9
  128. package/scripts/audit-final-form-progress-report.mjs +19 -18
  129. package/scripts/audit-final-form-roadmap.mjs +157 -0
  130. package/scripts/audit-final-form-stale-copy.mjs +2 -2
  131. package/scripts/audit-final-readiness-promotion.mjs +255 -255
  132. package/scripts/audit-final-readiness.mjs +226 -226
  133. package/scripts/audit-fixtures.mjs +154 -154
  134. package/scripts/audit-fresh-session-readiness.mjs +177 -177
  135. package/scripts/audit-host-capabilities.mjs +237 -0
  136. package/scripts/audit-host-runtime-evidence-handoff.mjs +159 -159
  137. package/scripts/audit-host-runtime-invocation-drill.mjs +240 -240
  138. package/scripts/audit-host-runtime-invocations.mjs +254 -254
  139. package/scripts/audit-host-ui-invocation.mjs +132 -132
  140. package/scripts/audit-installed-sync.mjs +203 -0
  141. package/scripts/audit-learning-drift.mjs +292 -0
  142. package/scripts/audit-learning-promotion.mjs +351 -0
  143. package/scripts/audit-learning-system.mjs +24 -14
  144. package/scripts/audit-local-final-form-completion.mjs +11 -10
  145. package/scripts/audit-maintenance-cadence.mjs +139 -0
  146. package/scripts/audit-maintenance-snapshot.mjs +181 -0
  147. package/scripts/audit-marketplace-discovery.mjs +122 -122
  148. package/scripts/audit-npm-package-metadata.mjs +160 -154
  149. package/scripts/audit-npm-publish-dry-run.mjs +194 -166
  150. package/scripts/audit-npm-tarball-install.mjs +195 -189
  151. package/scripts/audit-open-source-defaults.mjs +92 -92
  152. package/scripts/audit-open-source-readiness.mjs +97 -97
  153. package/scripts/audit-owner-external-gate-kit.mjs +12 -11
  154. package/scripts/audit-project-guards.mjs +189 -0
  155. package/scripts/audit-project.mjs +144 -141
  156. package/scripts/audit-public-acceptance-command-dry-run-drill.mjs +203 -203
  157. package/scripts/audit-public-acceptance-handoff.mjs +10 -10
  158. package/scripts/audit-public-acceptance-readiness.mjs +222 -222
  159. package/scripts/audit-public-channel-publication.mjs +248 -248
  160. package/scripts/audit-public-ci-run.mjs +184 -184
  161. package/scripts/audit-public-collaboration-templates.mjs +98 -98
  162. package/scripts/audit-public-external-gate-probe.mjs +206 -206
  163. package/scripts/audit-public-release-checklist.mjs +17 -15
  164. package/scripts/audit-public-release-decision.mjs +201 -201
  165. package/scripts/audit-public-release-metadata.mjs +176 -176
  166. package/scripts/audit-public-repository-settings.mjs +237 -237
  167. package/scripts/audit-public-security-contact.mjs +171 -171
  168. package/scripts/audit-readme-docs.mjs +6 -4
  169. package/scripts/audit-recovery-readiness.mjs +98 -98
  170. package/scripts/audit-release-bundle.mjs +13 -11
  171. package/scripts/audit-release-owner-action-plan-drill.mjs +5 -4
  172. package/scripts/audit-release-owner-action-plan.mjs +10 -10
  173. package/scripts/audit-release-readiness.mjs +106 -106
  174. package/scripts/audit-release-status-manifest.mjs +4 -4
  175. package/scripts/audit-release-trust.mjs +62 -62
  176. package/scripts/audit-remote-distribution.mjs +266 -266
  177. package/scripts/audit-roadmap-consistency.mjs +234 -230
  178. package/scripts/audit-role-dispatch-fallback.mjs +212 -0
  179. package/scripts/audit-session-sync.mjs +127 -0
  180. package/scripts/audit-signing.mjs +147 -147
  181. package/scripts/audit-state-freshness.mjs +20 -14
  182. package/scripts/audit-state-repair.mjs +360 -0
  183. package/scripts/audit-target-adoption-evidence.mjs +117 -117
  184. package/scripts/audit-target-hardening-drills.mjs +267 -0
  185. package/scripts/audit-target-project.mjs +507 -507
  186. package/scripts/audit-tool-fallback-policy.mjs +180 -0
  187. package/scripts/audit-ui-browser-evidence-policy.mjs +191 -0
  188. package/scripts/audit-update-release-acceptance.mjs +136 -136
  189. package/scripts/audit-v1-target-validation.mjs +269 -269
  190. package/scripts/audit-validation-profiles.mjs +125 -123
  191. package/scripts/backfill-evidence-levels.mjs +98 -0
  192. package/scripts/check-encoding.mjs +72 -0
  193. package/scripts/close-change.mjs +116 -116
  194. package/scripts/discover-project-profile.mjs +307 -307
  195. package/scripts/generate-command-adapter.mjs +231 -231
  196. package/scripts/generate-continue-packet.mjs +1214 -0
  197. package/scripts/generate-final-acceptance-packet.mjs +188 -173
  198. package/scripts/generate-final-form-progress-report.mjs +191 -189
  199. package/scripts/generate-host-runtime-evidence-handoff.mjs +198 -191
  200. package/scripts/generate-maintenance-snapshot.mjs +216 -0
  201. package/scripts/generate-owner-external-gate-kit.mjs +295 -295
  202. package/scripts/generate-public-acceptance-handoff.mjs +168 -156
  203. package/scripts/generate-public-release-checklist.mjs +207 -207
  204. package/scripts/generate-release-bundle.mjs +505 -505
  205. package/scripts/generate-release-owner-action-plan.mjs +172 -171
  206. package/scripts/generate-release-status-manifest.mjs +199 -198
  207. package/scripts/generate-session-prompt.mjs +188 -188
  208. package/scripts/gse.mjs +67 -67
  209. package/scripts/init-change.mjs +265 -265
  210. package/scripts/init-project.mjs +793 -712
  211. package/scripts/install-gse.mjs +234 -234
  212. package/scripts/lib/evidence-placeholders.mjs +28 -28
  213. package/scripts/package-gse.mjs +174 -174
  214. package/scripts/probe-public-external-gates.mjs +167 -167
  215. package/scripts/record-host-invocation.mjs +151 -151
  216. package/scripts/record-learning.mjs +37 -8
  217. package/scripts/record-public-channel-publication.mjs +178 -178
  218. package/scripts/record-public-ci-run.mjs +180 -180
  219. package/scripts/record-public-release.mjs +175 -175
  220. package/scripts/record-public-repository-settings.mjs +209 -209
  221. package/scripts/record-public-security-contact.mjs +157 -157
  222. package/scripts/record-session-sync.mjs +87 -0
  223. package/scripts/run-gse-command.mjs +79 -47
  224. package/scripts/run-validation-profile.mjs +24 -5
  225. package/scripts/sign-gse-package.mjs +83 -83
  226. package/scripts/update-project-state.mjs +223 -223
  227. package/scripts/validate-gse.mjs +216 -0
  228. package/scripts/verify-gse-package.mjs +85 -85
@@ -1,97 +1,97 @@
1
- #!/usr/bin/env node
2
- import fs from 'node:fs'
3
- import path from 'node:path'
4
-
5
- const args = process.argv.slice(2)
6
-
7
- function readArg(name, fallback = null) {
8
- const index = args.indexOf(name)
9
- if (index === -1) return fallback
10
- return args[index + 1] ?? fallback
11
- }
12
-
13
- const root = path.resolve(readArg('--root', path.join(import.meta.dirname, '..')))
14
- const jsonOnly = args.includes('--json')
15
-
16
- function read(relativePath) {
17
- const fullPath = path.join(root, relativePath)
18
- return fs.existsSync(fullPath) ? fs.readFileSync(fullPath, 'utf8') : ''
19
- }
20
-
21
- function exists(relativePath) {
22
- return fs.existsSync(path.join(root, relativePath))
23
- }
24
-
25
- function check(id, label, ok, evidence, risk = '') {
26
- return { id, label, status: ok ? 'passed' : 'failed', evidence, risk }
27
- }
28
-
29
- const contributing = read('CONTRIBUTING.md')
30
- const security = read('SECURITY.md')
31
- const support = read('SUPPORT.md')
32
- const readme = read('README.md')
33
- const readmeZh = read('README.zh-CN.md')
34
- const communityChannels = read('references/community-channels.md')
35
- const publicRelease = read('references/public-release.md')
36
- const packaging = read('references/packaging.md')
37
- const validate = read('scripts/validate-gse.mjs')
38
- const changelog = read('CHANGELOG.md')
39
- const ciWorkflow = read('.github/workflows/validate-gse.yml')
40
- const prTemplate = read('.github/PULL_REQUEST_TEMPLATE.md')
41
-
42
- const checks = [
43
- check('OS01', 'contributing guide exists', exists('CONTRIBUTING.md') && contributing.includes('Validation') && contributing.includes('Evidence') && contributing.includes('Do not claim support'), 'CONTRIBUTING.md'),
44
- check('OS02', 'security policy exists without fake public contact', exists('SECURITY.md') && security.includes('Until a public security contact is chosen') && security.includes('release trust') && security.includes('No public vulnerability disclosure address has been owner-approved yet'), 'SECURITY.md'),
45
- check('OS03', 'support guide exists with first diagnostic commands and community entry', exists('SUPPORT.md') && support.includes('validate-gse.mjs') && support.includes('audit-target-project.mjs') && support.includes('GateHub (`https://gatehub.top/`)'), 'SUPPORT.md'),
46
- check('OS04', 'open-source readiness keeps license owner-gated', publicRelease.includes('GSE must not choose a license by guessing') && changelog.includes('Open-source license selection remains an owner decision'), 'references/public-release.md, CHANGELOG.md'),
47
- check('OS05', 'package boundary includes open-source docs', packaging.includes('CONTRIBUTING.md') && packaging.includes('SECURITY.md') && packaging.includes('SUPPORT.md'), 'references/packaging.md'),
48
- check('OS06', 'validator includes open-source readiness audit', validate.includes('audit-open-source-readiness.mjs'), 'scripts/validate-gse.mjs'),
49
- check('OS07', 'public repository CI workflow is present and audited', ciWorkflow.includes('node scripts/validate-gse.mjs --root . --skip-skill-validator --json') && validate.includes('audit-ci-readiness.mjs'), '.github/workflows/validate-gse.yml, scripts/validate-gse.mjs'),
50
- check('OS08', 'public collaboration templates require GSE evidence fields', prTemplate.includes('## Outcome') && prTemplate.includes('## Evidence') && validate.includes('audit-public-collaboration-templates.mjs'), '.github/PULL_REQUEST_TEMPLATE.md, scripts/validate-gse.mjs'),
51
- check('OS09', 'community support channel is documented with release boundaries', exists('references/community-channels.md') && readme.includes('GateHub ([gatehub.top](https://gatehub.top/))') && readmeZh.includes('GateHub([gatehub.top](https://gatehub.top/))') && support.includes('GateHub (`https://gatehub.top/`)') && publicRelease.includes('references/community-channels.md') && communityChannels.includes('Do not describe GateHub as') && communityChannels.includes('vulnerability disclosure channel'), 'README.md, README.zh-CN.md, SUPPORT.md, references/community-channels.md, references/public-release.md'),
52
- ]
53
-
54
- const passed = checks.filter((item) => item.status === 'passed').length
55
- const failed = checks.length - passed
56
- const report = {
57
- root,
58
- generatedAt: new Date().toISOString(),
59
- summary: { status: failed === 0 ? 'passed' : 'failed', passed, failed, total: checks.length },
60
- workflows: { openSourceReadiness: failed === 0 ? 'verified' : 'failed' },
61
- limits: [
62
- 'This audit verifies repository collaboration, security, and support documents.',
63
- 'It does not choose a license, create a public security address, publish to GitHub, or approve a marketplace listing.',
64
- ],
65
- checks,
66
- }
67
-
68
- function renderMarkdown(data) {
69
- const lines = []
70
- lines.push('# GSE Open Source Readiness Audit')
71
- lines.push('')
72
- lines.push('Generated: ' + data.generatedAt)
73
- lines.push('Root: ' + data.root)
74
- lines.push('')
75
- lines.push('## Summary')
76
- lines.push('')
77
- lines.push('- Status: ' + data.summary.status)
78
- lines.push('- Checks: ' + data.summary.passed + '/' + data.summary.total)
79
- lines.push('- Open source readiness: ' + data.workflows.openSourceReadiness)
80
- lines.push('')
81
- lines.push('## Checks')
82
- lines.push('')
83
- for (const item of data.checks) {
84
- const marker = item.status === 'passed' ? '[x]' : '[ ]'
85
- lines.push('- ' + marker + ' ' + item.id + ' ' + item.label + ': ' + item.evidence)
86
- }
87
- lines.push('')
88
- lines.push('## Limits')
89
- lines.push('')
90
- for (const item of data.limits) lines.push('- ' + item)
91
- return lines.join('\n') + '\n'
92
- }
93
-
94
- if (jsonOnly) console.log(JSON.stringify(report, null, 2))
95
- else console.log(renderMarkdown(report))
96
-
97
- if (failed > 0) process.exit(1)
1
+ #!/usr/bin/env node
2
+ import fs from 'node:fs'
3
+ import path from 'node:path'
4
+
5
+ const args = process.argv.slice(2)
6
+
7
+ function readArg(name, fallback = null) {
8
+ const index = args.indexOf(name)
9
+ if (index === -1) return fallback
10
+ return args[index + 1] ?? fallback
11
+ }
12
+
13
+ const root = path.resolve(readArg('--root', path.join(import.meta.dirname, '..')))
14
+ const jsonOnly = args.includes('--json')
15
+
16
+ function read(relativePath) {
17
+ const fullPath = path.join(root, relativePath)
18
+ return fs.existsSync(fullPath) ? fs.readFileSync(fullPath, 'utf8') : ''
19
+ }
20
+
21
+ function exists(relativePath) {
22
+ return fs.existsSync(path.join(root, relativePath))
23
+ }
24
+
25
+ function check(id, label, ok, evidence, risk = '') {
26
+ return { id, label, status: ok ? 'passed' : 'failed', evidence, risk }
27
+ }
28
+
29
+ const contributing = read('CONTRIBUTING.md')
30
+ const security = read('SECURITY.md')
31
+ const support = read('SUPPORT.md')
32
+ const readme = read('README.md')
33
+ const readmeZh = read('README.zh-CN.md')
34
+ const communityChannels = read('references/community-channels.md')
35
+ const publicRelease = read('references/public-release.md')
36
+ const packaging = read('references/packaging.md')
37
+ const validate = read('scripts/validate-gse.mjs')
38
+ const changelog = read('CHANGELOG.md')
39
+ const ciWorkflow = read('.github/workflows/validate-gse.yml')
40
+ const prTemplate = read('.github/PULL_REQUEST_TEMPLATE.md')
41
+
42
+ const checks = [
43
+ check('OS01', 'contributing guide exists', exists('CONTRIBUTING.md') && contributing.includes('Validation') && contributing.includes('Evidence') && contributing.includes('Do not claim support'), 'CONTRIBUTING.md'),
44
+ check('OS02', 'security policy exists without fake public contact', exists('SECURITY.md') && security.includes('Until a public security contact is chosen') && security.includes('release trust') && security.includes('No public vulnerability disclosure address has been owner-approved yet'), 'SECURITY.md'),
45
+ check('OS03', 'support guide exists with first diagnostic commands and community entry', exists('SUPPORT.md') && support.includes('validate-gse.mjs') && support.includes('audit-target-project.mjs') && support.includes('GateHub (`https://gatehub.top/`)'), 'SUPPORT.md'),
46
+ check('OS04', 'open-source readiness keeps license owner-gated', publicRelease.includes('GSE must not choose a license by guessing') && changelog.includes('Open-source license selection remains an owner decision'), 'references/public-release.md, CHANGELOG.md'),
47
+ check('OS05', 'package boundary includes open-source docs', packaging.includes('CONTRIBUTING.md') && packaging.includes('SECURITY.md') && packaging.includes('SUPPORT.md'), 'references/packaging.md'),
48
+ check('OS06', 'validator includes open-source readiness audit', validate.includes('audit-open-source-readiness.mjs'), 'scripts/validate-gse.mjs'),
49
+ check('OS07', 'public repository CI workflow is present and audited', ciWorkflow.includes('node scripts/validate-gse.mjs --root . --skip-skill-validator --json') && validate.includes('audit-ci-readiness.mjs'), '.github/workflows/validate-gse.yml, scripts/validate-gse.mjs'),
50
+ check('OS08', 'public collaboration templates require GSE evidence fields', prTemplate.includes('## Outcome') && prTemplate.includes('## Evidence') && validate.includes('audit-public-collaboration-templates.mjs'), '.github/PULL_REQUEST_TEMPLATE.md, scripts/validate-gse.mjs'),
51
+ check('OS09', 'community support channel is documented with release boundaries', exists('references/community-channels.md') && readme.includes('GateHub ([gatehub.top](https://gatehub.top/))') && readmeZh.includes('GateHub([gatehub.top](https://gatehub.top/))') && support.includes('GateHub (`https://gatehub.top/`)') && publicRelease.includes('references/community-channels.md') && communityChannels.includes('Do not describe GateHub as') && communityChannels.includes('vulnerability disclosure channel'), 'README.md, README.zh-CN.md, SUPPORT.md, references/community-channels.md, references/public-release.md'),
52
+ ]
53
+
54
+ const passed = checks.filter((item) => item.status === 'passed').length
55
+ const failed = checks.length - passed
56
+ const report = {
57
+ root,
58
+ generatedAt: new Date().toISOString(),
59
+ summary: { status: failed === 0 ? 'passed' : 'failed', passed, failed, total: checks.length },
60
+ workflows: { openSourceReadiness: failed === 0 ? 'verified' : 'failed' },
61
+ limits: [
62
+ 'This audit verifies repository collaboration, security, and support documents.',
63
+ 'It does not choose a license, create a public security address, publish to GitHub, or approve a marketplace listing.',
64
+ ],
65
+ checks,
66
+ }
67
+
68
+ function renderMarkdown(data) {
69
+ const lines = []
70
+ lines.push('# GSE Open Source Readiness Audit')
71
+ lines.push('')
72
+ lines.push('Generated: ' + data.generatedAt)
73
+ lines.push('Root: ' + data.root)
74
+ lines.push('')
75
+ lines.push('## Summary')
76
+ lines.push('')
77
+ lines.push('- Status: ' + data.summary.status)
78
+ lines.push('- Checks: ' + data.summary.passed + '/' + data.summary.total)
79
+ lines.push('- Open source readiness: ' + data.workflows.openSourceReadiness)
80
+ lines.push('')
81
+ lines.push('## Checks')
82
+ lines.push('')
83
+ for (const item of data.checks) {
84
+ const marker = item.status === 'passed' ? '[x]' : '[ ]'
85
+ lines.push('- ' + marker + ' ' + item.id + ' ' + item.label + ': ' + item.evidence)
86
+ }
87
+ lines.push('')
88
+ lines.push('## Limits')
89
+ lines.push('')
90
+ for (const item of data.limits) lines.push('- ' + item)
91
+ return lines.join('\n') + '\n'
92
+ }
93
+
94
+ if (jsonOnly) console.log(JSON.stringify(report, null, 2))
95
+ else console.log(renderMarkdown(report))
96
+
97
+ if (failed > 0) process.exit(1)
@@ -120,10 +120,11 @@ const skill = read('SKILL.md')
120
120
  const validate = read('scripts/validate-gse.mjs')
121
121
  const bundleGenerator = read('scripts/generate-release-bundle.mjs')
122
122
  const bundleAudit = read('scripts/audit-release-bundle.mjs')
123
- const expectedAreas = (manifest?.gates ?? []).map((gate) => gate.area)
124
- const expectedScripts = [...new Set((manifest?.gates ?? [])
125
- .map((gate) => String(gate.recordCommand ?? '').match(/node scripts\/([^ ]+)/)?.[1] ?? '')
126
- .filter(Boolean))]
123
+ const expectedAreas = (manifest?.gates ?? []).map((gate) => gate.area)
124
+ const hasPendingGates = expectedAreas.length > 0
125
+ const expectedScripts = [...new Set((manifest?.gates ?? [])
126
+ .map((gate) => String(gate.recordCommand ?? '').match(/node scripts\/([^ ]+)/)?.[1] ?? '')
127
+ .filter(Boolean))]
127
128
  const kitRecordTemplatesAreComplete = !commands.includes('--invocation-status') &&
128
129
  !finalPacket.includes('--invocation-status') &&
129
130
  !publicHandoff.includes('--invocation-status') &&
@@ -138,7 +139,7 @@ const kitRecordTemplatesAreComplete = !commands.includes('--invocation-status')
138
139
  !/record-[a-z-]+\.mjs[^\n`]*[<>]/.test(publicHandoff) &&
139
140
  !/record-[a-z-]+\.mjs[^\n`]*[<>]/.test(releaseOwnerActionPlan) &&
140
141
  !/record-[a-z-]+\.mjs[^\n`]*[<>]/.test(hostHandoff) &&
141
- commands.includes('--status accepted')
142
+ (hasPendingGates ? commands.includes('--status accepted') : manifest?.publicAccepted === 'verified')
142
143
  const kitVerificationCommandsAreShellSafe = !/(audit-[a-z-]+|validate-gse|generate-release-status-manifest)\.mjs[^\n`]*[<>]/.test(verificationCommands) &&
143
144
  !/(audit-[a-z-]+|validate-gse)\.mjs[^\n`]*[<>]/.test(releaseStatusManifest) &&
144
145
  !/(audit-[a-z-]+|validate-gse|generate-release-status-manifest)\.mjs[^\n`]*[<>]/.test(releaseOwnerActionPlan) &&
@@ -148,22 +149,22 @@ const checks = [
148
149
  check('OEG01', 'owner/external gate kit generator exists', exists('scripts/generate-owner-external-gate-kit.mjs'), 'scripts/generate-owner-external-gate-kit.mjs'),
149
150
  check('OEG02', 'generator produces the kit directory', generated?.status === 0 && generatedData?.status === 'written', generated?.stderr || out),
150
151
  check('OEG03', 'kit includes required files', requiredKitFilesPresent, requiredKitFiles.join(', ')),
151
- check('OEG04', 'machine-readable pending gates cover current final owner/external gates', expectedAreas.length > 0 && expectedAreas.every((area) => manifest?.gates?.some((gate) => gate.area === area)) && !manifest?.gates?.some((gate) => gate.area === 'License decision'), expectedAreas.join(', ') + '; License decision resolved'),
152
- check('OEG05', 'record commands map to real scripts', expectedScripts.length > 0 && expectedScripts.every((script) => commands.includes(script)) && !commands.includes('proves-public-registry-publication') && (!commands.includes('record-public-channel-publication.mjs') || commands.includes('--proves-registry-publication true') || commands.includes('--proves-marketplace-approval true')), expectedScripts.join(', ')),
153
- check('OEG05b', 'record commands include dry-run preflight commands for accepted evidence', commands.includes('Preflight command') && commands.includes('--dry-run --json'), 'record-commands.md'),
152
+ check('OEG04', 'machine-readable pending gates cover current final owner/external gates', (hasPendingGates ? expectedAreas.every((area) => manifest?.gates?.some((gate) => gate.area === area)) : manifest?.pendingGateCount === 0 && manifest?.publicAccepted === 'verified') && !manifest?.gates?.some((gate) => gate.area === 'License decision'), hasPendingGates ? expectedAreas.join(', ') + '; License decision resolved' : '0 pending gates; publicAccepted verified; License decision resolved'),
153
+ check('OEG05', 'record commands map to real scripts', hasPendingGates ? (expectedScripts.length > 0 && expectedScripts.every((script) => commands.includes(script)) && !commands.includes('proves-public-registry-publication') && (!commands.includes('record-public-channel-publication.mjs') || commands.includes('--proves-registry-publication true') || commands.includes('--proves-marketplace-approval true'))) : commands.includes('GSE Owner / External Gate Record Commands'), expectedScripts.join(', ')),
154
+ check('OEG05b', 'record commands include dry-run preflight commands for accepted evidence', hasPendingGates ? (commands.includes('Preflight command') && commands.includes('--dry-run --json')) : !commands.includes('Preflight command'), 'record-commands.md'),
154
155
  check('OEG05c', 'kit uses complete record command templates', kitRecordTemplatesAreComplete, 'no ellipsis, no stale host invocation flag, host records use --status accepted'),
155
156
  check('OEG06', 'kit preserves anti-overclaim boundaries', readme.includes('does not choose a license') && readme.includes('Do not claim native slash-command support') && verificationCommands.includes('Local fixture drills, pointer adapters, and generated handoff files do not count as external acceptance'), 'README.md, verification-commands.md'),
156
157
  check('OEG07', 'kit verification commands include portable probe, final readiness, preflight drill, and close gate', verificationCommands.includes('run-gse-command.mjs') && verificationCommands.includes('/gse probe') && !verificationCommands.includes('node scripts/probe-public-external-gates.mjs') && verificationCommands.includes('audit-final-readiness.mjs') && verificationCommands.includes('audit-public-acceptance-readiness.mjs') && verificationCommands.includes('audit-public-acceptance-command-dry-run-drill.mjs') && verificationCommands.includes('audit-close-gate.mjs'), 'verification-commands.md'),
157
- check('OEG08', 'kit contains fresh final acceptance, public handoff, host handoff, manifest, and owner action plan', finalPacket.includes('GSE Final Acceptance Packet') && publicHandoff.includes('GSE Public Acceptance Handoff') && hostHandoff.includes('GSE Host Runtime Evidence Handoff') && releaseStatusManifest.includes('"publicAccepted": "not-accepted"') && releaseOwnerActionPlan.includes('GSE Release Owner Action Plan'), 'generated kit artifacts'),
158
+ check('OEG08', 'kit contains fresh final acceptance, public handoff, host handoff, manifest, and owner action plan', finalPacket.includes('GSE Final Acceptance Packet') && publicHandoff.includes('GSE Public Acceptance Handoff') && hostHandoff.includes('GSE Host Runtime Evidence Handoff') && releaseStatusManifest.includes('"publicAccepted": "' + (manifest?.publicAccepted ?? 'unknown') + '"') && releaseOwnerActionPlan.includes('GSE Release Owner Action Plan'), 'generated kit artifacts'),
158
159
  check('OEG09', 'kit manifest marks generated handoff artifacts as fresh', manifest?.generatedFresh?.finalAcceptancePacket === true && manifest?.generatedFresh?.publicAcceptanceHandoff === true && manifest?.generatedFresh?.hostRuntimeEvidenceHandoff === true && manifest?.generatedFresh?.releaseStatusManifest === true && manifest?.generatedFresh?.releaseOwnerActionPlan === true, 'kit-manifest.json'),
159
- check('OEG09b', 'kit manifest carries preflight commands for every pending gate', (manifest?.gates?.length ?? 0) > 0 && manifest.gates.every((gate) => gate.preflightCommand?.includes('--dry-run --json')), 'kit-manifest.json'),
160
+ check('OEG09b', 'kit manifest carries preflight commands for every pending gate', hasPendingGates ? manifest.gates.every((gate) => gate.preflightCommand?.includes('--dry-run --json')) : manifest?.pendingGateCount === 0, 'kit-manifest.json'),
160
161
  check('OEG10', 'skill routes users to the owner/external gate kit', skill.includes('generate-owner-external-gate-kit.mjs') && skill.includes('audit-owner-external-gate-kit.mjs'), 'SKILL.md'),
161
162
  check('OEG11', 'validator includes owner/external gate kit audit', validate.includes('audit-owner-external-gate-kit.mjs'), 'scripts/validate-gse.mjs'),
162
163
  check('OEG12', 'release bundle includes owner/external gate kit', bundleGenerator.includes('generate-owner-external-gate-kit.mjs') && bundleAudit.includes('owner-external-gate-kit'), 'release bundle generator/audit'),
163
164
  check('OEG13', 'kit verification commands use shell-safe placeholders', kitVerificationCommandsAreShellSafe, 'verification commands use __GSE__ instead of <gse>'),
164
165
  check('OEG14', 'canonical owner/external gate kit exists', canonicalRequiredKitFilesPresent, '.gse/acceptance/owner-external-gate-kit/'),
165
166
  check('OEG15', 'canonical owner/external gate kit matches current generated gate snapshot', canonicalManifest?.publicAccepted === manifest?.publicAccepted && canonicalManifest?.pendingGateCount === manifest?.pendingGateCount && sameJson(stableGateSnapshot(canonicalManifest), stableGateSnapshot(manifest)), '.gse/acceptance/owner-external-gate-kit/kit-manifest.json'),
166
- check('OEG16', 'canonical owner/external gate kit preserves current handoff commands and boundaries', canonicalReadme.includes('GSE Owner / External Gate Kit') && canonicalActionPacket.includes('Public accepted: ' + (manifest?.publicAccepted ?? 'unknown')) && canonicalCommands.includes('--dry-run --json') && canonicalCommands.includes('--status accepted') && canonicalVerificationCommands.includes('run-gse-command.mjs') && canonicalVerificationCommands.includes('/gse probe') && !canonicalVerificationCommands.includes('node scripts/probe-public-external-gates.mjs') && canonicalVerificationCommands.includes('audit-public-acceptance-command-dry-run-drill.mjs') && canonicalVerificationCommands.includes('__GSE__'), '.gse/acceptance/owner-external-gate-kit/'),
167
+ check('OEG16', 'canonical owner/external gate kit preserves current handoff commands and boundaries', canonicalReadme.includes('GSE Owner / External Gate Kit') && canonicalActionPacket.includes('Public accepted: ' + (manifest?.publicAccepted ?? 'unknown')) && (hasPendingGates ? (canonicalCommands.includes('--dry-run --json') && canonicalCommands.includes('--status accepted')) : !canonicalCommands.includes('Preflight command')) && canonicalVerificationCommands.includes('run-gse-command.mjs') && canonicalVerificationCommands.includes('/gse probe') && !canonicalVerificationCommands.includes('node scripts/probe-public-external-gates.mjs') && canonicalVerificationCommands.includes('audit-public-acceptance-command-dry-run-drill.mjs') && canonicalVerificationCommands.includes('__GSE__'), '.gse/acceptance/owner-external-gate-kit/'),
167
168
  ]
168
169
 
169
170
  const passed = checks.filter((item) => item.status === 'passed').length
@@ -0,0 +1,189 @@
1
+ #!/usr/bin/env node
2
+ import fs from 'node:fs'
3
+ import os from 'node:os'
4
+ import path from 'node:path'
5
+ import { fileURLToPath } from 'node:url'
6
+ import { spawnSync } from 'node:child_process'
7
+
8
+ const args = process.argv.slice(2)
9
+
10
+ function readArg(name, fallback = null) {
11
+ const index = args.indexOf(name)
12
+ if (index === -1) return fallback
13
+ return args[index + 1] ?? fallback
14
+ }
15
+
16
+ const root = path.resolve(readArg('--root', path.join(import.meta.dirname, '..')))
17
+ const targetArg = readArg('--target')
18
+ const jsonOnly = args.includes('--json')
19
+
20
+ function readText(filePath) {
21
+ return fs.existsSync(filePath) ? fs.readFileSync(filePath, 'utf8').replace(/^\uFEFF/, '') : ''
22
+ }
23
+
24
+ function parseGuardTable(text) {
25
+ const rows = []
26
+ for (const line of text.split(/\r?\n/)) {
27
+ const trimmed = line.trim()
28
+ if (!trimmed.startsWith('|')) continue
29
+ if (/^\|\s*-+/.test(trimmed)) continue
30
+ if (/^\|\s*ID\s*\|/i.test(trimmed)) continue
31
+ const cells = trimmed
32
+ .slice(1, trimmed.endsWith('|') ? -1 : undefined)
33
+ .split('|')
34
+ .map((cell) => cell.trim())
35
+ if (cells.length < 6) continue
36
+ rows.push({
37
+ id: cells[0],
38
+ guard: cells[1],
39
+ severity: cells[2],
40
+ trigger: cells[3],
41
+ check: cells[4],
42
+ status: cells[5],
43
+ })
44
+ }
45
+ return rows
46
+ }
47
+
48
+ export function readProjectGuards(target) {
49
+ const filePath = path.join(target, '.gse', 'project-guards.md')
50
+ const exists = fs.existsSync(filePath)
51
+ const text = exists ? readText(filePath) : ''
52
+ const guards = parseGuardTable(text)
53
+ const active = guards.filter((guard) => guard.status.toLowerCase() === 'active')
54
+ const requiredIds = ['WIN-SHELL', 'SPARSE-GIT', 'UTF8-DOC', 'EVIDENCE-STALE', 'UI-EVIDENCE', 'SUBAGENT-HONEST', 'SYNC-NO-INTERRUPT']
55
+ const ids = new Set(guards.map((guard) => guard.id))
56
+ const missingDefaultIds = requiredIds.filter((id) => !ids.has(id))
57
+ const incomplete = guards.filter((guard) =>
58
+ !guard.id ||
59
+ !guard.guard ||
60
+ !guard.severity ||
61
+ !guard.trigger ||
62
+ !guard.check ||
63
+ !guard.status,
64
+ )
65
+ const invalidSeverity = guards.filter((guard) => !['low', 'medium', 'high', 'critical'].includes(guard.severity.toLowerCase()))
66
+ const invalidStatus = guards.filter((guard) => !['active', 'inactive', 'candidate'].includes(guard.status.toLowerCase()))
67
+ const status = !exists
68
+ ? 'warning'
69
+ : guards.length === 0 || incomplete.length > 0 || invalidSeverity.length > 0 || invalidStatus.length > 0
70
+ ? 'failed'
71
+ : missingDefaultIds.length > 0
72
+ ? 'warning'
73
+ : 'passed'
74
+ return {
75
+ path: '.gse/project-guards.md',
76
+ exists,
77
+ status,
78
+ guards,
79
+ active,
80
+ summary: {
81
+ total: guards.length,
82
+ active: active.length,
83
+ missingDefaultIds,
84
+ incomplete: incomplete.map((guard) => guard.id || '(blank)'),
85
+ invalidSeverity: invalidSeverity.map((guard) => guard.id),
86
+ invalidStatus: invalidStatus.map((guard) => guard.id),
87
+ },
88
+ }
89
+ }
90
+
91
+ function run(script, commandArgs) {
92
+ const result = spawnSync(process.execPath, [path.join(root, 'scripts', script), ...commandArgs], {
93
+ cwd: root,
94
+ encoding: 'utf8',
95
+ windowsHide: true,
96
+ })
97
+ return {
98
+ command: [process.execPath, path.join(root, 'scripts', script), ...commandArgs].join(' '),
99
+ status: result.status ?? 1,
100
+ stdout: (result.stdout ?? '').trim(),
101
+ stderr: (result.stderr ?? '').trim(),
102
+ }
103
+ }
104
+
105
+ function check(id, label, ok, evidence, risk = '') {
106
+ return { id, label, status: ok ? 'passed' : 'failed', evidence, risk }
107
+ }
108
+
109
+ function createFixture() {
110
+ const dir = fs.mkdtempSync(path.join(os.tmpdir(), 'gse-project-guards-'))
111
+ const init = run('init-project.mjs', ['--target', dir, '--mode', 'lite', '--json'])
112
+ return { dir, init }
113
+ }
114
+
115
+ function audit(target) {
116
+ const resolvedTarget = path.resolve(target)
117
+ const guardResult = readProjectGuards(resolvedTarget)
118
+ const checks = [
119
+ check('PG01', 'project guard file is present or reported as warning', guardResult.exists || guardResult.status === 'warning', guardResult.exists ? guardResult.path : 'missing guard file warning'),
120
+ check('PG02', 'guard table parses at least one active guard when file exists', !guardResult.exists || guardResult.active.length > 0, `${guardResult.active.length} active guard(s)`),
121
+ check('PG03', 'guard rows have valid severity and status values', guardResult.summary.invalidSeverity.length === 0 && guardResult.summary.invalidStatus.length === 0, 'severity/status vocabulary'),
122
+ check('PG04', 'default guard IDs are present when scaffolded', !guardResult.exists || guardResult.summary.missingDefaultIds.length === 0, guardResult.summary.missingDefaultIds.join(', ') || 'default guards present'),
123
+ check('PG05', 'guard audit keeps missing file as warning instead of hard failure', true, 'missing file policy is warning'),
124
+ ]
125
+ const passed = checks.filter((item) => item.status === 'passed').length
126
+ const failed = checks.length - passed
127
+ return {
128
+ target: resolvedTarget,
129
+ generatedAt: new Date().toISOString(),
130
+ summary: { status: failed === 0 ? guardResult.status : 'failed', passed, failed, total: checks.length },
131
+ workflows: {
132
+ projectGuards: guardResult.status === 'failed' ? 'failed' : 'verified',
133
+ continuePreflightGuardSection: 'available',
134
+ },
135
+ projectGuards: guardResult,
136
+ checks,
137
+ limits: [
138
+ 'Project guards are soft continuation preflight rules in this slice.',
139
+ 'Broken state or evidence index remains the hard /gse continue failure.',
140
+ 'AION and MuseFlow lessons are examples; this audit does not hardcode product-specific behavior.',
141
+ ],
142
+ }
143
+ }
144
+
145
+ function selfTestReport() {
146
+ const fixture = createFixture()
147
+ const fixtureReport = audit(fixture.dir)
148
+ const missingDir = fs.mkdtempSync(path.join(os.tmpdir(), 'gse-project-guards-missing-'))
149
+ fs.mkdirSync(path.join(missingDir, '.gse'), { recursive: true })
150
+ const missingReport = audit(missingDir)
151
+ fs.rmSync(fixture.dir, { recursive: true, force: true })
152
+ fs.rmSync(missingDir, { recursive: true, force: true })
153
+ const checks = [
154
+ check('PGA01', 'init-project creates project guards', fixture.init.status === 0 && fixtureReport.projectGuards.exists, 'scripts/init-project.mjs'),
155
+ check('PGA02', 'default scaffold contains seven active guards', fixtureReport.projectGuards.summary.active === 7, `${fixtureReport.projectGuards.summary.active} active guard(s)`),
156
+ check('PGA03', 'missing guard file is warning, not hard failure', missingReport.projectGuards.status === 'warning', 'missing fixture'),
157
+ check('PGA04', 'default guard set includes real-project lesson categories', ['WIN-SHELL', 'SPARSE-GIT', 'UTF8-DOC', 'EVIDENCE-STALE', 'UI-EVIDENCE', 'SUBAGENT-HONEST', 'SYNC-NO-INTERRUPT'].every((id) => fixtureReport.projectGuards.guards.some((guard) => guard.id === id)), 'default guard IDs'),
158
+ ]
159
+ const passed = checks.filter((item) => item.status === 'passed').length
160
+ const failed = checks.length - passed
161
+ return {
162
+ root,
163
+ generatedAt: new Date().toISOString(),
164
+ summary: { status: failed === 0 ? 'passed' : 'failed', passed, failed, total: checks.length },
165
+ workflows: {
166
+ projectGuards: failed === 0 ? 'verified' : 'failed',
167
+ initProjectGuardScaffold: failed === 0 ? 'verified' : 'failed',
168
+ },
169
+ fixture: {
170
+ scaffoldStatus: fixtureReport.projectGuards.status,
171
+ missingStatus: missingReport.projectGuards.status,
172
+ activeGuards: fixtureReport.projectGuards.active.map((guard) => guard.id),
173
+ },
174
+ checks,
175
+ limits: [
176
+ 'This audit verifies guard scaffold and parsing mechanics.',
177
+ 'It does not prove every project-specific guard has been promoted yet.',
178
+ ],
179
+ }
180
+ }
181
+
182
+ const isCli = process.argv[1] && fileURLToPath(import.meta.url) === path.resolve(process.argv[1])
183
+
184
+ if (isCli) {
185
+ const report = targetArg ? audit(targetArg) : selfTestReport()
186
+ if (jsonOnly) console.log(JSON.stringify(report, null, 2))
187
+ else console.log(JSON.stringify(report, null, 2))
188
+ if (report.summary.status === 'failed') process.exit(1)
189
+ }