@t275005746/gse 0.1.0 → 0.1.2
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/.github/ISSUE_TEMPLATE/bug_report.yml +42 -42
- package/.github/ISSUE_TEMPLATE/change_request.yml +50 -50
- package/.github/ISSUE_TEMPLATE/config.yml +5 -5
- package/.github/PULL_REQUEST_TEMPLATE.md +38 -38
- package/.github/workflows/validate-gse.yml +33 -33
- package/.gse/README.md +18 -18
- package/.gse/gse-development-protocol.md +50 -50
- package/.gse/project-profile.md +29 -29
- package/.gse/quality-gates.md +25 -25
- package/.gse/releases/public-registry-publication-npm.md +49 -0
- package/.gse/releases/public-release-owner-required.md +65 -65
- package/.gse/releases/public-security-contact-owner-required.md +45 -45
- package/.gse/state.json +147 -27
- package/CHANGELOG.md +31 -15
- package/CONTRIBUTING.md +64 -64
- package/LICENSE +21 -21
- package/README.md +14 -7
- package/README.zh-CN.md +14 -7
- package/SECURITY.md +41 -41
- package/SKILL.md +32 -12
- package/SUPPORT.md +38 -38
- package/assets/marketplace/README.md +7 -7
- package/assets/marketplace/gse-listing.json +75 -75
- package/assets/templates/acceptance-execution-packet.md +73 -73
- package/assets/templates/adr.md +14 -14
- package/assets/templates/change-brief.md +16 -16
- package/assets/templates/design.md +18 -18
- package/assets/templates/dispatch-packet.md +100 -92
- package/assets/templates/evidence.md +15 -9
- package/assets/templates/execution-quality-pack.md +65 -65
- package/assets/templates/goal-map.md +21 -21
- package/assets/templates/host-adapter.md +48 -48
- package/assets/templates/host-ui-invocation-record.md +42 -42
- package/assets/templates/incident-review.md +60 -60
- package/assets/templates/public-channel-publication-record.md +49 -49
- package/assets/templates/public-ci-run-record.md +53 -53
- package/assets/templates/public-release-record.md +65 -65
- package/assets/templates/public-repository-settings-record.md +59 -59
- package/assets/templates/public-security-contact-record.md +45 -45
- package/assets/templates/release-trust-record.md +32 -32
- package/assets/templates/review.md +18 -18
- package/assets/templates/role-fallback-packet.md +49 -0
- package/assets/templates/spec.md +16 -16
- package/assets/templates/target-adoption-evidence.md +29 -29
- package/assets/templates/tasks.md +17 -17
- package/assets/templates/update-release-acceptance-record.md +58 -58
- package/examples/README.md +22 -22
- package/examples/agent-runtime-host/.claude/gse-adapter.md +6 -6
- package/examples/agent-runtime-host/.codex/gse-adapter.md +7 -7
- package/examples/agent-runtime-host/.gse/goal-map.md +7 -7
- package/examples/agent-runtime-host/.gse/project-profile.md +27 -27
- package/examples/agent-runtime-host/.gse/tooling.md +5 -5
- package/examples/agent-runtime-host/.mcp.json +9 -9
- package/examples/agent-runtime-host/AGENTS.md +5 -5
- package/examples/agent-runtime-host/README.md +10 -10
- package/examples/agent-runtime-host/docs/model-routing.md +5 -5
- package/examples/cli-tool/.gse/project-profile.md +21 -21
- package/examples/cli-tool/AGENTS.md +5 -5
- package/examples/cli-tool/README.md +12 -12
- package/examples/cli-tool/package.json +21 -21
- package/examples/small-app/.env.example +2 -2
- package/examples/small-app/.github/workflows/ci.yml +8 -8
- package/examples/small-app/AGENTS.md +5 -5
- package/examples/small-app/README.md +12 -12
- package/examples/small-app/package.json +26 -26
- package/examples/small-app/playwright.config.ts +4 -4
- package/package.json +52 -44
- package/references/adoption-recipes.md +171 -171
- package/references/agent-roles.md +42 -21
- package/references/architecture-health.md +101 -101
- package/references/benchmark-audit.md +73 -73
- package/references/commands.md +74 -45
- package/references/community-channels.md +46 -46
- package/references/compatibility.md +70 -70
- package/references/design-basis.md +38 -38
- package/references/domain-model.md +129 -129
- package/references/domain-quality-gates.md +75 -75
- package/references/drift-audit.md +81 -80
- package/references/evidence-taxonomy.md +145 -108
- package/references/file-ownership.md +97 -93
- package/references/final-form-roadmap.md +201 -0
- package/references/final-readiness.md +84 -84
- package/references/forward-test.md +133 -133
- package/references/goal-map.md +36 -36
- package/references/host-adapters.md +129 -101
- package/references/learning-system.md +42 -26
- package/references/maintenance-cadence.md +51 -0
- package/references/marketplace-discovery.md +46 -46
- package/references/model-routing.md +103 -103
- package/references/open-source-defaults.md +39 -39
- package/references/operating-model.md +52 -52
- package/references/packaging.md +277 -277
- package/references/project-agent-workspace.md +89 -89
- package/references/project-bootstrap.md +122 -122
- package/references/project-guards.md +52 -0
- package/references/project-profile.md +57 -57
- package/references/public-release.md +174 -174
- package/references/quality-gates.md +96 -89
- package/references/recovery.md +176 -176
- package/references/release-trust.md +43 -43
- package/references/release.md +126 -126
- package/references/review.md +141 -141
- package/references/role-dispatch-fallback.md +54 -0
- package/references/router.md +90 -90
- package/references/spec-workflow.md +66 -66
- package/references/task-levels.md +81 -81
- package/references/tool-adapters.md +80 -70
- package/scripts/audit-acceptance-execution-packet.mjs +133 -133
- package/scripts/audit-adoption-recipes.mjs +99 -99
- package/scripts/audit-change-lifecycle.mjs +77 -77
- package/scripts/audit-change-system.mjs +134 -134
- package/scripts/audit-ci-readiness.mjs +107 -107
- package/scripts/audit-close-gate-hardening.mjs +188 -0
- package/scripts/audit-close-gate.mjs +448 -262
- package/scripts/audit-command-adapters.mjs +91 -91
- package/scripts/audit-command-execution.mjs +212 -199
- package/scripts/audit-commands.mjs +7 -5
- package/scripts/audit-compatibility.mjs +149 -149
- package/scripts/audit-completion-plan-drill.mjs +230 -0
- package/scripts/audit-completion-readiness.mjs +290 -287
- package/scripts/audit-continue-preflight.mjs +234 -0
- package/scripts/audit-distribution.mjs +251 -251
- package/scripts/audit-domain-quality-gates.mjs +108 -108
- package/scripts/audit-evidence-levels.mjs +217 -0
- package/scripts/audit-evidence-placeholders.mjs +126 -126
- package/scripts/audit-evidence-review-queue.mjs +206 -0
- package/scripts/audit-final-acceptance-packet.mjs +9 -9
- package/scripts/audit-final-form-progress-report.mjs +19 -18
- package/scripts/audit-final-form-roadmap.mjs +157 -0
- package/scripts/audit-final-form-stale-copy.mjs +2 -2
- package/scripts/audit-final-readiness-promotion.mjs +255 -255
- package/scripts/audit-final-readiness.mjs +226 -226
- package/scripts/audit-fixtures.mjs +154 -154
- package/scripts/audit-fresh-session-readiness.mjs +177 -177
- package/scripts/audit-host-capabilities.mjs +237 -0
- package/scripts/audit-host-runtime-evidence-handoff.mjs +159 -159
- package/scripts/audit-host-runtime-invocation-drill.mjs +240 -240
- package/scripts/audit-host-runtime-invocations.mjs +254 -254
- package/scripts/audit-host-ui-invocation.mjs +132 -132
- package/scripts/audit-installed-sync.mjs +203 -0
- package/scripts/audit-learning-drift.mjs +292 -0
- package/scripts/audit-learning-promotion.mjs +351 -0
- package/scripts/audit-learning-system.mjs +24 -14
- package/scripts/audit-local-final-form-completion.mjs +11 -10
- package/scripts/audit-maintenance-cadence.mjs +139 -0
- package/scripts/audit-maintenance-snapshot.mjs +181 -0
- package/scripts/audit-marketplace-discovery.mjs +122 -122
- package/scripts/audit-npm-package-metadata.mjs +160 -154
- package/scripts/audit-npm-publish-dry-run.mjs +194 -166
- package/scripts/audit-npm-tarball-install.mjs +195 -189
- package/scripts/audit-open-source-defaults.mjs +92 -92
- package/scripts/audit-open-source-readiness.mjs +97 -97
- package/scripts/audit-owner-external-gate-kit.mjs +12 -11
- package/scripts/audit-project-guards.mjs +189 -0
- package/scripts/audit-project.mjs +144 -141
- package/scripts/audit-public-acceptance-command-dry-run-drill.mjs +203 -203
- package/scripts/audit-public-acceptance-handoff.mjs +10 -10
- package/scripts/audit-public-acceptance-readiness.mjs +222 -222
- package/scripts/audit-public-channel-publication.mjs +248 -248
- package/scripts/audit-public-ci-run.mjs +184 -184
- package/scripts/audit-public-collaboration-templates.mjs +98 -98
- package/scripts/audit-public-external-gate-probe.mjs +206 -206
- package/scripts/audit-public-release-checklist.mjs +17 -15
- package/scripts/audit-public-release-decision.mjs +201 -201
- package/scripts/audit-public-release-metadata.mjs +176 -176
- package/scripts/audit-public-repository-settings.mjs +237 -237
- package/scripts/audit-public-security-contact.mjs +171 -171
- package/scripts/audit-readme-docs.mjs +6 -4
- package/scripts/audit-recovery-readiness.mjs +98 -98
- package/scripts/audit-release-bundle.mjs +13 -11
- package/scripts/audit-release-owner-action-plan-drill.mjs +5 -4
- package/scripts/audit-release-owner-action-plan.mjs +10 -10
- package/scripts/audit-release-readiness.mjs +106 -106
- package/scripts/audit-release-status-manifest.mjs +4 -4
- package/scripts/audit-release-trust.mjs +62 -62
- package/scripts/audit-remote-distribution.mjs +266 -266
- package/scripts/audit-roadmap-consistency.mjs +234 -230
- package/scripts/audit-role-dispatch-fallback.mjs +212 -0
- package/scripts/audit-session-sync.mjs +127 -0
- package/scripts/audit-signing.mjs +147 -147
- package/scripts/audit-state-freshness.mjs +20 -14
- package/scripts/audit-state-repair.mjs +360 -0
- package/scripts/audit-target-adoption-evidence.mjs +117 -117
- package/scripts/audit-target-hardening-drills.mjs +267 -0
- package/scripts/audit-target-project.mjs +507 -507
- package/scripts/audit-tool-fallback-policy.mjs +180 -0
- package/scripts/audit-ui-browser-evidence-policy.mjs +191 -0
- package/scripts/audit-update-release-acceptance.mjs +136 -136
- package/scripts/audit-v1-target-validation.mjs +269 -269
- package/scripts/audit-validation-profiles.mjs +125 -123
- package/scripts/backfill-evidence-levels.mjs +98 -0
- package/scripts/check-encoding.mjs +72 -0
- package/scripts/close-change.mjs +116 -116
- package/scripts/discover-project-profile.mjs +307 -307
- package/scripts/generate-command-adapter.mjs +231 -231
- package/scripts/generate-continue-packet.mjs +1214 -0
- package/scripts/generate-final-acceptance-packet.mjs +188 -173
- package/scripts/generate-final-form-progress-report.mjs +191 -189
- package/scripts/generate-host-runtime-evidence-handoff.mjs +198 -191
- package/scripts/generate-maintenance-snapshot.mjs +216 -0
- package/scripts/generate-owner-external-gate-kit.mjs +295 -295
- package/scripts/generate-public-acceptance-handoff.mjs +168 -156
- package/scripts/generate-public-release-checklist.mjs +207 -207
- package/scripts/generate-release-bundle.mjs +505 -505
- package/scripts/generate-release-owner-action-plan.mjs +172 -171
- package/scripts/generate-release-status-manifest.mjs +199 -198
- package/scripts/generate-session-prompt.mjs +188 -188
- package/scripts/gse.mjs +67 -67
- package/scripts/init-change.mjs +265 -265
- package/scripts/init-project.mjs +793 -712
- package/scripts/install-gse.mjs +234 -234
- package/scripts/lib/evidence-placeholders.mjs +28 -28
- package/scripts/package-gse.mjs +174 -174
- package/scripts/probe-public-external-gates.mjs +167 -167
- package/scripts/record-host-invocation.mjs +151 -151
- package/scripts/record-learning.mjs +37 -8
- package/scripts/record-public-channel-publication.mjs +178 -178
- package/scripts/record-public-ci-run.mjs +180 -180
- package/scripts/record-public-release.mjs +175 -175
- package/scripts/record-public-repository-settings.mjs +209 -209
- package/scripts/record-public-security-contact.mjs +157 -157
- package/scripts/record-session-sync.mjs +87 -0
- package/scripts/run-gse-command.mjs +79 -47
- package/scripts/run-validation-profile.mjs +24 -5
- package/scripts/sign-gse-package.mjs +83 -83
- package/scripts/update-project-state.mjs +223 -223
- package/scripts/validate-gse.mjs +216 -0
- package/scripts/verify-gse-package.mjs +85 -85
|
@@ -0,0 +1,267 @@
|
|
|
1
|
+
#!/usr/bin/env node
|
|
2
|
+
import fs from 'node:fs'
|
|
3
|
+
import os from 'node:os'
|
|
4
|
+
import path from 'node:path'
|
|
5
|
+
import { spawnSync } from 'node:child_process'
|
|
6
|
+
|
|
7
|
+
const args = process.argv.slice(2)
|
|
8
|
+
|
|
9
|
+
function readArg(name, fallback = null) {
|
|
10
|
+
const index = args.indexOf(name)
|
|
11
|
+
if (index === -1) return fallback
|
|
12
|
+
return args[index + 1] ?? fallback
|
|
13
|
+
}
|
|
14
|
+
|
|
15
|
+
function readAllArgs(name) {
|
|
16
|
+
const values = []
|
|
17
|
+
for (let index = 0; index < args.length; index += 1) {
|
|
18
|
+
if (args[index] === name && args[index + 1]) values.push(args[index + 1])
|
|
19
|
+
}
|
|
20
|
+
return values
|
|
21
|
+
}
|
|
22
|
+
|
|
23
|
+
const root = path.resolve(readArg('--root', path.join(import.meta.dirname, '..')))
|
|
24
|
+
const jsonOnly = args.includes('--json')
|
|
25
|
+
const strictWarnings = args.includes('--strict-warnings')
|
|
26
|
+
|
|
27
|
+
function run(script, commandArgs, options = {}) {
|
|
28
|
+
const result = spawnSync(process.execPath, [path.join(root, 'scripts', script), ...commandArgs], {
|
|
29
|
+
cwd: root,
|
|
30
|
+
encoding: 'utf8',
|
|
31
|
+
windowsHide: true,
|
|
32
|
+
...options,
|
|
33
|
+
})
|
|
34
|
+
const stdout = (result.stdout ?? '').trim()
|
|
35
|
+
let parsed = null
|
|
36
|
+
try {
|
|
37
|
+
parsed = JSON.parse(stdout)
|
|
38
|
+
} catch {
|
|
39
|
+
parsed = null
|
|
40
|
+
}
|
|
41
|
+
return {
|
|
42
|
+
script,
|
|
43
|
+
command: [process.execPath, path.join(root, 'scripts', script), ...commandArgs].join(' '),
|
|
44
|
+
status: result.status ?? 1,
|
|
45
|
+
stdout,
|
|
46
|
+
stderr: (result.stderr ?? '').trim(),
|
|
47
|
+
parsed,
|
|
48
|
+
}
|
|
49
|
+
}
|
|
50
|
+
|
|
51
|
+
function check(id, label, status, evidence, recommendation = '') {
|
|
52
|
+
return { id, label, status, evidence, recommendation }
|
|
53
|
+
}
|
|
54
|
+
|
|
55
|
+
function parseTargets() {
|
|
56
|
+
const explicitTargets = readAllArgs('--target')
|
|
57
|
+
const namedTargets = [
|
|
58
|
+
{ id: 'aion', root: readArg('--aion-target', process.env.GSE_AION_TARGET || null) },
|
|
59
|
+
{ id: 'museflow', root: readArg('--museflow-target', process.env.GSE_MUSEFLOW_TARGET || null) },
|
|
60
|
+
].filter((item) => item.root)
|
|
61
|
+
const explicit = explicitTargets.map((target, index) => ({
|
|
62
|
+
id: `target-${index + 1}`,
|
|
63
|
+
root: target,
|
|
64
|
+
}))
|
|
65
|
+
return [...namedTargets, ...explicit].map((item) => ({
|
|
66
|
+
...item,
|
|
67
|
+
root: path.resolve(item.root),
|
|
68
|
+
}))
|
|
69
|
+
}
|
|
70
|
+
|
|
71
|
+
function statusFromRun(runResult) {
|
|
72
|
+
if (!runResult.parsed) return runResult.status === 0 ? 'passed' : 'failed'
|
|
73
|
+
const summaryStatus = runResult.parsed.summary?.status
|
|
74
|
+
if (summaryStatus === 'failed' || summaryStatus === 'not-ready') return 'failed'
|
|
75
|
+
if (summaryStatus === 'warning' || summaryStatus === 'ready-with-warnings') return 'warning'
|
|
76
|
+
if ((runResult.parsed.summary?.failed ?? 0) > 0) return 'failed'
|
|
77
|
+
if ((runResult.parsed.summary?.warnings ?? 0) > 0) return 'warning'
|
|
78
|
+
return runResult.status === 0 ? 'passed' : 'failed'
|
|
79
|
+
}
|
|
80
|
+
|
|
81
|
+
function evidenceFromRun(runResult) {
|
|
82
|
+
const summary = runResult.parsed?.summary
|
|
83
|
+
if (!summary) return runResult.stderr || runResult.stdout.slice(0, 160) || `exit:${runResult.status}`
|
|
84
|
+
const parts = []
|
|
85
|
+
if (summary.status) parts.push(`status:${summary.status}`)
|
|
86
|
+
if (Number.isFinite(summary.passed) && Number.isFinite(summary.total)) parts.push(`checks:${summary.passed}/${summary.total}`)
|
|
87
|
+
if (Number.isFinite(summary.warnings)) parts.push(`warnings:${summary.warnings}`)
|
|
88
|
+
if (Number.isFinite(summary.failed)) parts.push(`failed:${summary.failed}`)
|
|
89
|
+
if (Number.isFinite(summary.blockedGates)) parts.push(`blockedGates:${summary.blockedGates}`)
|
|
90
|
+
if (Number.isFinite(summary.highUnenforced)) parts.push(`highUnenforced:${summary.highUnenforced}`)
|
|
91
|
+
return parts.join(', ') || `exit:${runResult.status}`
|
|
92
|
+
}
|
|
93
|
+
|
|
94
|
+
function createFixture(label) {
|
|
95
|
+
const dir = fs.mkdtempSync(path.join(os.tmpdir(), `gse-hardening-${label}-`))
|
|
96
|
+
const init = run('init-project.mjs', ['--target', dir, '--mode', 'enterprise', '--json'])
|
|
97
|
+
fs.mkdirSync(path.join(dir, 'docs'), { recursive: true })
|
|
98
|
+
fs.writeFileSync(path.join(dir, 'docs', 'productization-architecture.md'), `# ${label} Productization\n`, 'utf8')
|
|
99
|
+
|
|
100
|
+
const statePath = path.join(dir, '.gse', 'state.json')
|
|
101
|
+
const state = JSON.parse(fs.readFileSync(statePath, 'utf8'))
|
|
102
|
+
state.canonicalPlan = 'docs/productization-architecture.md'
|
|
103
|
+
state.phase = 'verify'
|
|
104
|
+
state.currentSlice = {
|
|
105
|
+
id: `${label}-hardening-fixture`,
|
|
106
|
+
outcome: `${label} hardening fixture.`,
|
|
107
|
+
status: 'verified',
|
|
108
|
+
nextAction: 'Continue target hardening drill.',
|
|
109
|
+
}
|
|
110
|
+
state.lastEvidence = '.gse/evidence/2026-07-09.md'
|
|
111
|
+
state.residualRisks = []
|
|
112
|
+
fs.writeFileSync(statePath, JSON.stringify(state, null, 2) + '\n', 'utf8')
|
|
113
|
+
fs.appendFileSync(path.join(dir, '.gse', 'README.md'), '\nCanonical plan: `docs/productization-architecture.md`.\n', 'utf8')
|
|
114
|
+
fs.writeFileSync(path.join(dir, '.gse', 'evidence', '2026-07-09.md'), '# Evidence\n\nFixture hardening evidence.\n', 'utf8')
|
|
115
|
+
fs.writeFileSync(path.join(dir, '.gse', 'evidence', 'index.jsonl'), JSON.stringify({
|
|
116
|
+
date: '2026-07-09',
|
|
117
|
+
recordType: 'slice',
|
|
118
|
+
status: 'verified',
|
|
119
|
+
evidenceLevel: 'verified-unit',
|
|
120
|
+
requiredEvidenceLevel: 'verified-unit',
|
|
121
|
+
summary: `${label} hardening fixture evidence.`,
|
|
122
|
+
evidenceFile: '.gse/evidence/2026-07-09.md',
|
|
123
|
+
commands: ['node scripts/audit-target-hardening-drills.mjs --self-test'],
|
|
124
|
+
nextAction: 'Continue target hardening drill.',
|
|
125
|
+
}) + '\n', 'utf8')
|
|
126
|
+
spawnSync('git', ['init'], { cwd: dir, encoding: 'utf8', windowsHide: true })
|
|
127
|
+
spawnSync('git', ['config', 'user.email', 'gse-fixture@example.local'], { cwd: dir, encoding: 'utf8', windowsHide: true })
|
|
128
|
+
spawnSync('git', ['config', 'user.name', 'GSE Fixture'], { cwd: dir, encoding: 'utf8', windowsHide: true })
|
|
129
|
+
spawnSync('git', ['add', '.'], { cwd: dir, encoding: 'utf8', windowsHide: true })
|
|
130
|
+
spawnSync('git', ['commit', '-m', 'fixture'], { cwd: dir, encoding: 'utf8', windowsHide: true })
|
|
131
|
+
return { dir, init }
|
|
132
|
+
}
|
|
133
|
+
|
|
134
|
+
function auditTarget(target) {
|
|
135
|
+
const commandRuns = {
|
|
136
|
+
doctor: run('audit-target-project.mjs', ['--root', root, '--target', target.root, '--json']),
|
|
137
|
+
continue: run('run-gse-command.mjs', ['--root', root, '--target', target.root, '--command', '/gse continue', '--json', '--compact']),
|
|
138
|
+
close: run('audit-close-gate.mjs', ['--target', target.root, '--json']),
|
|
139
|
+
hostCapabilities: run('audit-host-capabilities.mjs', ['--root', root, '--target', target.root, '--json']),
|
|
140
|
+
learningDrift: run('audit-learning-drift.mjs', ['--root', root, '--target', target.root, '--json']),
|
|
141
|
+
}
|
|
142
|
+
const checks = [
|
|
143
|
+
check(`${target.id}-doctor`, 'target project doctor has no hard failures', statusFromRun(commandRuns.doctor), evidenceFromRun(commandRuns.doctor), 'Repair target .gse adoption drift before claiming GSE-ready status.'),
|
|
144
|
+
check(`${target.id}-continue`, '/gse continue hard preflight returns a usable packet', statusFromRun(commandRuns.continue), evidenceFromRun(commandRuns.continue), 'Repair hard preflight failures before implementation starts.'),
|
|
145
|
+
check(`${target.id}-close`, 'close gate exposes close readiness and ownership state', statusFromRun(commandRuns.close), evidenceFromRun(commandRuns.close), 'Resolve close-gate failures before claiming the slice complete.'),
|
|
146
|
+
check(`${target.id}-host`, 'host capability records are audited with claim boundaries', statusFromRun(commandRuns.hostCapabilities), evidenceFromRun(commandRuns.hostCapabilities), 'Record missing host capability facts or keep unknown/external-required boundaries explicit.'),
|
|
147
|
+
check(`${target.id}-learning`, 'learning drift is audited for promoted guard candidates', statusFromRun(commandRuns.learningDrift), evidenceFromRun(commandRuns.learningDrift), 'Promote high-severity learning drift into guards, gates, or scripts before close.'),
|
|
148
|
+
]
|
|
149
|
+
const failed = checks.filter((item) => item.status === 'failed')
|
|
150
|
+
const warnings = checks.filter((item) => item.status === 'warning')
|
|
151
|
+
return {
|
|
152
|
+
id: target.id,
|
|
153
|
+
root: target.root,
|
|
154
|
+
status: failed.length > 0 ? 'failed' : warnings.length > 0 ? 'warning' : 'passed',
|
|
155
|
+
checks,
|
|
156
|
+
commands: Object.values(commandRuns).map((item) => item.command),
|
|
157
|
+
summaries: Object.fromEntries(Object.entries(commandRuns).map(([key, value]) => [key, value.parsed?.summary ?? { exit: value.status }])),
|
|
158
|
+
}
|
|
159
|
+
}
|
|
160
|
+
|
|
161
|
+
function runConfiguredTargets() {
|
|
162
|
+
const targets = parseTargets()
|
|
163
|
+
if (targets.length === 0) return null
|
|
164
|
+
return {
|
|
165
|
+
targets,
|
|
166
|
+
cleanup: () => {},
|
|
167
|
+
}
|
|
168
|
+
}
|
|
169
|
+
|
|
170
|
+
function runSelfTestTargets() {
|
|
171
|
+
const primary = createFixture('primary')
|
|
172
|
+
const secondary = createFixture('secondary')
|
|
173
|
+
return {
|
|
174
|
+
targets: [
|
|
175
|
+
{ id: 'fixture-primary', root: primary.dir },
|
|
176
|
+
{ id: 'fixture-secondary', root: secondary.dir },
|
|
177
|
+
],
|
|
178
|
+
cleanup: () => {
|
|
179
|
+
fs.rmSync(primary.dir, { recursive: true, force: true })
|
|
180
|
+
fs.rmSync(secondary.dir, { recursive: true, force: true })
|
|
181
|
+
},
|
|
182
|
+
}
|
|
183
|
+
}
|
|
184
|
+
|
|
185
|
+
function buildReport() {
|
|
186
|
+
const configured = runConfiguredTargets()
|
|
187
|
+
const targetSet = configured ?? runSelfTestTargets()
|
|
188
|
+
try {
|
|
189
|
+
const reports = targetSet.targets.map(auditTarget)
|
|
190
|
+
const checks = reports.flatMap((report) => report.checks)
|
|
191
|
+
const hardFailures = checks.filter((item) => item.status === 'failed')
|
|
192
|
+
const warnings = checks.filter((item) => item.status === 'warning')
|
|
193
|
+
const passed = checks.filter((item) => item.status === 'passed').length
|
|
194
|
+
const failed = hardFailures.length
|
|
195
|
+
const warningCount = warnings.length
|
|
196
|
+
const status = failed > 0 || (strictWarnings && warningCount > 0) ? 'failed' : warningCount > 0 ? 'warning' : 'passed'
|
|
197
|
+
return {
|
|
198
|
+
root,
|
|
199
|
+
generatedAt: new Date().toISOString(),
|
|
200
|
+
summary: {
|
|
201
|
+
status,
|
|
202
|
+
mode: configured ? 'configured-targets' : 'self-test',
|
|
203
|
+
passed,
|
|
204
|
+
warnings: warningCount,
|
|
205
|
+
failed,
|
|
206
|
+
hardFailures: failed,
|
|
207
|
+
total: checks.length,
|
|
208
|
+
targets: reports.length,
|
|
209
|
+
},
|
|
210
|
+
workflows: {
|
|
211
|
+
targetHardeningDrills: status === 'failed' ? 'failed' : 'verified',
|
|
212
|
+
closeGateHardening: hardFailures.length === 0 ? 'verified' : 'failed',
|
|
213
|
+
hostCapabilityBoundaries: hardFailures.length === 0 ? 'verified' : 'failed',
|
|
214
|
+
learningDriftCoverage: hardFailures.length === 0 ? 'verified' : 'failed',
|
|
215
|
+
},
|
|
216
|
+
targets: reports,
|
|
217
|
+
checks,
|
|
218
|
+
limits: [
|
|
219
|
+
'Target hardening drills are read-only for target projects.',
|
|
220
|
+
'They run GSE doctor, /gse continue, close gate, host capability audit, and learning drift audit.',
|
|
221
|
+
'Warnings mean the project can continue only if the current slice accepts that residual risk; hard failures must be fixed before close.',
|
|
222
|
+
'This drill does not run product tests, browser smokes, CI, or native host slash-command invocation.',
|
|
223
|
+
],
|
|
224
|
+
}
|
|
225
|
+
} finally {
|
|
226
|
+
targetSet.cleanup()
|
|
227
|
+
}
|
|
228
|
+
}
|
|
229
|
+
|
|
230
|
+
function renderMarkdown(report) {
|
|
231
|
+
const lines = []
|
|
232
|
+
lines.push('# GSE Target Hardening Drills')
|
|
233
|
+
lines.push('')
|
|
234
|
+
lines.push('Generated: ' + report.generatedAt)
|
|
235
|
+
lines.push('Root: ' + report.root)
|
|
236
|
+
lines.push('')
|
|
237
|
+
lines.push('## Summary')
|
|
238
|
+
lines.push('')
|
|
239
|
+
lines.push('- Status: ' + report.summary.status)
|
|
240
|
+
lines.push('- Mode: ' + report.summary.mode)
|
|
241
|
+
lines.push('- Targets: ' + report.summary.targets)
|
|
242
|
+
lines.push('- Checks: ' + report.summary.passed + ' passed, ' + report.summary.warnings + ' warnings, ' + report.summary.hardFailures + ' hard failures, ' + report.summary.total + ' total')
|
|
243
|
+
lines.push('')
|
|
244
|
+
lines.push('## Targets')
|
|
245
|
+
lines.push('')
|
|
246
|
+
for (const target of report.targets) {
|
|
247
|
+
lines.push('- ' + target.id + ': ' + target.status + ' at ' + target.root)
|
|
248
|
+
}
|
|
249
|
+
lines.push('')
|
|
250
|
+
lines.push('## Checks')
|
|
251
|
+
lines.push('')
|
|
252
|
+
for (const item of report.checks) {
|
|
253
|
+
const marker = item.status === 'passed' ? '[x]' : item.status === 'warning' ? '[!]' : '[ ]'
|
|
254
|
+
lines.push('- ' + marker + ' ' + item.id + ' ' + item.label + ': ' + item.evidence)
|
|
255
|
+
}
|
|
256
|
+
lines.push('')
|
|
257
|
+
lines.push('## Limits')
|
|
258
|
+
lines.push('')
|
|
259
|
+
for (const item of report.limits) lines.push('- ' + item)
|
|
260
|
+
return lines.join('\n') + '\n'
|
|
261
|
+
}
|
|
262
|
+
|
|
263
|
+
const report = buildReport()
|
|
264
|
+
if (jsonOnly) console.log(JSON.stringify(report, null, 2))
|
|
265
|
+
else console.log(renderMarkdown(report))
|
|
266
|
+
|
|
267
|
+
if (report.summary.status === 'failed') process.exit(1)
|