@t275005746/gse 0.1.0 → 0.1.2
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/.github/ISSUE_TEMPLATE/bug_report.yml +42 -42
- package/.github/ISSUE_TEMPLATE/change_request.yml +50 -50
- package/.github/ISSUE_TEMPLATE/config.yml +5 -5
- package/.github/PULL_REQUEST_TEMPLATE.md +38 -38
- package/.github/workflows/validate-gse.yml +33 -33
- package/.gse/README.md +18 -18
- package/.gse/gse-development-protocol.md +50 -50
- package/.gse/project-profile.md +29 -29
- package/.gse/quality-gates.md +25 -25
- package/.gse/releases/public-registry-publication-npm.md +49 -0
- package/.gse/releases/public-release-owner-required.md +65 -65
- package/.gse/releases/public-security-contact-owner-required.md +45 -45
- package/.gse/state.json +147 -27
- package/CHANGELOG.md +31 -15
- package/CONTRIBUTING.md +64 -64
- package/LICENSE +21 -21
- package/README.md +14 -7
- package/README.zh-CN.md +14 -7
- package/SECURITY.md +41 -41
- package/SKILL.md +32 -12
- package/SUPPORT.md +38 -38
- package/assets/marketplace/README.md +7 -7
- package/assets/marketplace/gse-listing.json +75 -75
- package/assets/templates/acceptance-execution-packet.md +73 -73
- package/assets/templates/adr.md +14 -14
- package/assets/templates/change-brief.md +16 -16
- package/assets/templates/design.md +18 -18
- package/assets/templates/dispatch-packet.md +100 -92
- package/assets/templates/evidence.md +15 -9
- package/assets/templates/execution-quality-pack.md +65 -65
- package/assets/templates/goal-map.md +21 -21
- package/assets/templates/host-adapter.md +48 -48
- package/assets/templates/host-ui-invocation-record.md +42 -42
- package/assets/templates/incident-review.md +60 -60
- package/assets/templates/public-channel-publication-record.md +49 -49
- package/assets/templates/public-ci-run-record.md +53 -53
- package/assets/templates/public-release-record.md +65 -65
- package/assets/templates/public-repository-settings-record.md +59 -59
- package/assets/templates/public-security-contact-record.md +45 -45
- package/assets/templates/release-trust-record.md +32 -32
- package/assets/templates/review.md +18 -18
- package/assets/templates/role-fallback-packet.md +49 -0
- package/assets/templates/spec.md +16 -16
- package/assets/templates/target-adoption-evidence.md +29 -29
- package/assets/templates/tasks.md +17 -17
- package/assets/templates/update-release-acceptance-record.md +58 -58
- package/examples/README.md +22 -22
- package/examples/agent-runtime-host/.claude/gse-adapter.md +6 -6
- package/examples/agent-runtime-host/.codex/gse-adapter.md +7 -7
- package/examples/agent-runtime-host/.gse/goal-map.md +7 -7
- package/examples/agent-runtime-host/.gse/project-profile.md +27 -27
- package/examples/agent-runtime-host/.gse/tooling.md +5 -5
- package/examples/agent-runtime-host/.mcp.json +9 -9
- package/examples/agent-runtime-host/AGENTS.md +5 -5
- package/examples/agent-runtime-host/README.md +10 -10
- package/examples/agent-runtime-host/docs/model-routing.md +5 -5
- package/examples/cli-tool/.gse/project-profile.md +21 -21
- package/examples/cli-tool/AGENTS.md +5 -5
- package/examples/cli-tool/README.md +12 -12
- package/examples/cli-tool/package.json +21 -21
- package/examples/small-app/.env.example +2 -2
- package/examples/small-app/.github/workflows/ci.yml +8 -8
- package/examples/small-app/AGENTS.md +5 -5
- package/examples/small-app/README.md +12 -12
- package/examples/small-app/package.json +26 -26
- package/examples/small-app/playwright.config.ts +4 -4
- package/package.json +52 -44
- package/references/adoption-recipes.md +171 -171
- package/references/agent-roles.md +42 -21
- package/references/architecture-health.md +101 -101
- package/references/benchmark-audit.md +73 -73
- package/references/commands.md +74 -45
- package/references/community-channels.md +46 -46
- package/references/compatibility.md +70 -70
- package/references/design-basis.md +38 -38
- package/references/domain-model.md +129 -129
- package/references/domain-quality-gates.md +75 -75
- package/references/drift-audit.md +81 -80
- package/references/evidence-taxonomy.md +145 -108
- package/references/file-ownership.md +97 -93
- package/references/final-form-roadmap.md +201 -0
- package/references/final-readiness.md +84 -84
- package/references/forward-test.md +133 -133
- package/references/goal-map.md +36 -36
- package/references/host-adapters.md +129 -101
- package/references/learning-system.md +42 -26
- package/references/maintenance-cadence.md +51 -0
- package/references/marketplace-discovery.md +46 -46
- package/references/model-routing.md +103 -103
- package/references/open-source-defaults.md +39 -39
- package/references/operating-model.md +52 -52
- package/references/packaging.md +277 -277
- package/references/project-agent-workspace.md +89 -89
- package/references/project-bootstrap.md +122 -122
- package/references/project-guards.md +52 -0
- package/references/project-profile.md +57 -57
- package/references/public-release.md +174 -174
- package/references/quality-gates.md +96 -89
- package/references/recovery.md +176 -176
- package/references/release-trust.md +43 -43
- package/references/release.md +126 -126
- package/references/review.md +141 -141
- package/references/role-dispatch-fallback.md +54 -0
- package/references/router.md +90 -90
- package/references/spec-workflow.md +66 -66
- package/references/task-levels.md +81 -81
- package/references/tool-adapters.md +80 -70
- package/scripts/audit-acceptance-execution-packet.mjs +133 -133
- package/scripts/audit-adoption-recipes.mjs +99 -99
- package/scripts/audit-change-lifecycle.mjs +77 -77
- package/scripts/audit-change-system.mjs +134 -134
- package/scripts/audit-ci-readiness.mjs +107 -107
- package/scripts/audit-close-gate-hardening.mjs +188 -0
- package/scripts/audit-close-gate.mjs +448 -262
- package/scripts/audit-command-adapters.mjs +91 -91
- package/scripts/audit-command-execution.mjs +212 -199
- package/scripts/audit-commands.mjs +7 -5
- package/scripts/audit-compatibility.mjs +149 -149
- package/scripts/audit-completion-plan-drill.mjs +230 -0
- package/scripts/audit-completion-readiness.mjs +290 -287
- package/scripts/audit-continue-preflight.mjs +234 -0
- package/scripts/audit-distribution.mjs +251 -251
- package/scripts/audit-domain-quality-gates.mjs +108 -108
- package/scripts/audit-evidence-levels.mjs +217 -0
- package/scripts/audit-evidence-placeholders.mjs +126 -126
- package/scripts/audit-evidence-review-queue.mjs +206 -0
- package/scripts/audit-final-acceptance-packet.mjs +9 -9
- package/scripts/audit-final-form-progress-report.mjs +19 -18
- package/scripts/audit-final-form-roadmap.mjs +157 -0
- package/scripts/audit-final-form-stale-copy.mjs +2 -2
- package/scripts/audit-final-readiness-promotion.mjs +255 -255
- package/scripts/audit-final-readiness.mjs +226 -226
- package/scripts/audit-fixtures.mjs +154 -154
- package/scripts/audit-fresh-session-readiness.mjs +177 -177
- package/scripts/audit-host-capabilities.mjs +237 -0
- package/scripts/audit-host-runtime-evidence-handoff.mjs +159 -159
- package/scripts/audit-host-runtime-invocation-drill.mjs +240 -240
- package/scripts/audit-host-runtime-invocations.mjs +254 -254
- package/scripts/audit-host-ui-invocation.mjs +132 -132
- package/scripts/audit-installed-sync.mjs +203 -0
- package/scripts/audit-learning-drift.mjs +292 -0
- package/scripts/audit-learning-promotion.mjs +351 -0
- package/scripts/audit-learning-system.mjs +24 -14
- package/scripts/audit-local-final-form-completion.mjs +11 -10
- package/scripts/audit-maintenance-cadence.mjs +139 -0
- package/scripts/audit-maintenance-snapshot.mjs +181 -0
- package/scripts/audit-marketplace-discovery.mjs +122 -122
- package/scripts/audit-npm-package-metadata.mjs +160 -154
- package/scripts/audit-npm-publish-dry-run.mjs +194 -166
- package/scripts/audit-npm-tarball-install.mjs +195 -189
- package/scripts/audit-open-source-defaults.mjs +92 -92
- package/scripts/audit-open-source-readiness.mjs +97 -97
- package/scripts/audit-owner-external-gate-kit.mjs +12 -11
- package/scripts/audit-project-guards.mjs +189 -0
- package/scripts/audit-project.mjs +144 -141
- package/scripts/audit-public-acceptance-command-dry-run-drill.mjs +203 -203
- package/scripts/audit-public-acceptance-handoff.mjs +10 -10
- package/scripts/audit-public-acceptance-readiness.mjs +222 -222
- package/scripts/audit-public-channel-publication.mjs +248 -248
- package/scripts/audit-public-ci-run.mjs +184 -184
- package/scripts/audit-public-collaboration-templates.mjs +98 -98
- package/scripts/audit-public-external-gate-probe.mjs +206 -206
- package/scripts/audit-public-release-checklist.mjs +17 -15
- package/scripts/audit-public-release-decision.mjs +201 -201
- package/scripts/audit-public-release-metadata.mjs +176 -176
- package/scripts/audit-public-repository-settings.mjs +237 -237
- package/scripts/audit-public-security-contact.mjs +171 -171
- package/scripts/audit-readme-docs.mjs +6 -4
- package/scripts/audit-recovery-readiness.mjs +98 -98
- package/scripts/audit-release-bundle.mjs +13 -11
- package/scripts/audit-release-owner-action-plan-drill.mjs +5 -4
- package/scripts/audit-release-owner-action-plan.mjs +10 -10
- package/scripts/audit-release-readiness.mjs +106 -106
- package/scripts/audit-release-status-manifest.mjs +4 -4
- package/scripts/audit-release-trust.mjs +62 -62
- package/scripts/audit-remote-distribution.mjs +266 -266
- package/scripts/audit-roadmap-consistency.mjs +234 -230
- package/scripts/audit-role-dispatch-fallback.mjs +212 -0
- package/scripts/audit-session-sync.mjs +127 -0
- package/scripts/audit-signing.mjs +147 -147
- package/scripts/audit-state-freshness.mjs +20 -14
- package/scripts/audit-state-repair.mjs +360 -0
- package/scripts/audit-target-adoption-evidence.mjs +117 -117
- package/scripts/audit-target-hardening-drills.mjs +267 -0
- package/scripts/audit-target-project.mjs +507 -507
- package/scripts/audit-tool-fallback-policy.mjs +180 -0
- package/scripts/audit-ui-browser-evidence-policy.mjs +191 -0
- package/scripts/audit-update-release-acceptance.mjs +136 -136
- package/scripts/audit-v1-target-validation.mjs +269 -269
- package/scripts/audit-validation-profiles.mjs +125 -123
- package/scripts/backfill-evidence-levels.mjs +98 -0
- package/scripts/check-encoding.mjs +72 -0
- package/scripts/close-change.mjs +116 -116
- package/scripts/discover-project-profile.mjs +307 -307
- package/scripts/generate-command-adapter.mjs +231 -231
- package/scripts/generate-continue-packet.mjs +1214 -0
- package/scripts/generate-final-acceptance-packet.mjs +188 -173
- package/scripts/generate-final-form-progress-report.mjs +191 -189
- package/scripts/generate-host-runtime-evidence-handoff.mjs +198 -191
- package/scripts/generate-maintenance-snapshot.mjs +216 -0
- package/scripts/generate-owner-external-gate-kit.mjs +295 -295
- package/scripts/generate-public-acceptance-handoff.mjs +168 -156
- package/scripts/generate-public-release-checklist.mjs +207 -207
- package/scripts/generate-release-bundle.mjs +505 -505
- package/scripts/generate-release-owner-action-plan.mjs +172 -171
- package/scripts/generate-release-status-manifest.mjs +199 -198
- package/scripts/generate-session-prompt.mjs +188 -188
- package/scripts/gse.mjs +67 -67
- package/scripts/init-change.mjs +265 -265
- package/scripts/init-project.mjs +793 -712
- package/scripts/install-gse.mjs +234 -234
- package/scripts/lib/evidence-placeholders.mjs +28 -28
- package/scripts/package-gse.mjs +174 -174
- package/scripts/probe-public-external-gates.mjs +167 -167
- package/scripts/record-host-invocation.mjs +151 -151
- package/scripts/record-learning.mjs +37 -8
- package/scripts/record-public-channel-publication.mjs +178 -178
- package/scripts/record-public-ci-run.mjs +180 -180
- package/scripts/record-public-release.mjs +175 -175
- package/scripts/record-public-repository-settings.mjs +209 -209
- package/scripts/record-public-security-contact.mjs +157 -157
- package/scripts/record-session-sync.mjs +87 -0
- package/scripts/run-gse-command.mjs +79 -47
- package/scripts/run-validation-profile.mjs +24 -5
- package/scripts/sign-gse-package.mjs +83 -83
- package/scripts/update-project-state.mjs +223 -223
- package/scripts/validate-gse.mjs +216 -0
- package/scripts/verify-gse-package.mjs +85 -85
|
@@ -1,171 +1,171 @@
|
|
|
1
|
-
# Adoption Recipes
|
|
2
|
-
|
|
3
|
-
Use this when applying GSE to a project or updating an existing GSE installation.
|
|
4
|
-
|
|
5
|
-
These recipes are host-neutral. They do not certify arbitrary repositories, install external tools, publish GSE, or verify host runtime capabilities. Treat project and host capabilities as `unknown` until checked in that project/session.
|
|
6
|
-
|
|
7
|
-
## Recipe 1: Fresh Project Install
|
|
8
|
-
|
|
9
|
-
Use when a project has no `.gse/` folder yet.
|
|
10
|
-
|
|
11
|
-
Steps:
|
|
12
|
-
|
|
13
|
-
1. Read project rules first: `AGENTS.md`, `CLAUDE.md`, README, or equivalent.
|
|
14
|
-
2. Choose mode from `references/task-levels.md` and `references/project-bootstrap.md`: `lite`, `standard`, or `enterprise`.
|
|
15
|
-
3. Run:
|
|
16
|
-
|
|
17
|
-
```text
|
|
18
|
-
node <gse-skill>/scripts/init-project.mjs --target <project-root> --mode <mode>
|
|
19
|
-
```
|
|
20
|
-
|
|
21
|
-
4. Inspect generated `.gse/state.json`, `.gse/project-profile.md`, `.gse/goal-map.md`, `.gse/quality-gates.md`, `.gse/tooling.md`, and `.gse/evidence/index.jsonl`.
|
|
22
|
-
5. Record project-specific commands, standards, permissions, and owners in `.gse/project-profile.md`.
|
|
23
|
-
6. Run the smallest project verification that proves the install is usable, such as checking files exist and reading `.gse/README.md`.
|
|
24
|
-
Prefer the target doctor when available:
|
|
25
|
-
|
|
26
|
-
```text
|
|
27
|
-
node <gse-skill>/scripts/audit-target-project.mjs --target <project-root>
|
|
28
|
-
```
|
|
29
|
-
|
|
30
|
-
7. Record residual risk: commands, CI, browser, MCP, LSP, subagents, models, and release paths remain `unknown` until executed.
|
|
31
|
-
|
|
32
|
-
Evidence status: `result` when files exist; `verified` only after focused project inspection or smoke proves the generated workflow is usable.
|
|
33
|
-
|
|
34
|
-
## Recipe 2: Existing Repo Adoption
|
|
35
|
-
|
|
36
|
-
Use when a repository already has rules, scripts, CI, host folders, or partial `.gse/` files.
|
|
37
|
-
|
|
38
|
-
Steps:
|
|
39
|
-
|
|
40
|
-
1. Read project rules and existing workflow docs before generating anything.
|
|
41
|
-
2. Run discovery without writing:
|
|
42
|
-
|
|
43
|
-
```text
|
|
44
|
-
node <gse-skill>/scripts/discover-project-profile.mjs --target <project-root> --json
|
|
45
|
-
```
|
|
46
|
-
|
|
47
|
-
3. Treat discovered scripts/configs as `documented`, not `verified`, until the commands actually run.
|
|
48
|
-
4. If `.gse/project-profile.md` already exists, do not overwrite it without explicit `--force` and a reason. Do not overwrite existing project workflow files just because GSE has defaults.
|
|
49
|
-
5. If writing is approved, use:
|
|
50
|
-
|
|
51
|
-
```text
|
|
52
|
-
node <gse-skill>/scripts/discover-project-profile.mjs --target <project-root> --write
|
|
53
|
-
```
|
|
54
|
-
|
|
55
|
-
6. Preserve project-specific standards, host adapters, existing evidence logs, and owner decisions.
|
|
56
|
-
7. Record whether adoption is `result`, `verified`, or `accepted` using `references/evidence-taxonomy.md`.
|
|
57
|
-
|
|
58
|
-
Evidence status: `verified` for controlled fixture behavior when `scripts/audit-adoption.mjs` passes; real repos need project-specific evidence.
|
|
59
|
-
|
|
60
|
-
## Recipe 3: Update Existing GSE
|
|
61
|
-
|
|
62
|
-
Use when a project already follows GSE and the skill or project-local `.gse/` files need an update.
|
|
63
|
-
|
|
64
|
-
Steps:
|
|
65
|
-
|
|
66
|
-
1. Read `.gse/project-profile.md`, `.gse/goal-map.md`, `.gse/current-slice.md` if present, and host adapter notes.
|
|
67
|
-
Prefer `.gse/state.json` and `.gse/evidence/index.jsonl` when present because they are the machine-readable continuation state.
|
|
68
|
-
2. Identify whether the update affects templates, scripts, host adapters, quality gates, release/recovery, or project rules.
|
|
69
|
-
3. Preserve local project decisions. Do not replace project `.gse/` files with skill defaults unless the project owner approves.
|
|
70
|
-
4. Run skill validation after updating the skill package:
|
|
71
|
-
|
|
72
|
-
```text
|
|
73
|
-
node <gse-skill>/scripts/validate-gse.mjs --root <gse-skill>
|
|
74
|
-
```
|
|
75
|
-
|
|
76
|
-
5. Run project-local validation or smoke for the affected workflow.
|
|
77
|
-
For read-only workflow drift checks, run:
|
|
78
|
-
|
|
79
|
-
```text
|
|
80
|
-
node <gse-skill>/scripts/audit-target-project.mjs --target <project-root>
|
|
81
|
-
```
|
|
82
|
-
|
|
83
|
-
If the project predates `.gse/state.json` and `.gse/evidence/index.jsonl`, add only the missing machine-readable continuation files:
|
|
84
|
-
|
|
85
|
-
```text
|
|
86
|
-
node <gse-skill>/scripts/update-project-state.mjs --target <project-root>
|
|
87
|
-
```
|
|
88
|
-
|
|
89
|
-
6. Record changed files, migration/rollback notes, evidence status, residual risks, and next action in the project evidence log.
|
|
90
|
-
|
|
91
|
-
Evidence status: `verified` only when the project-local update path and affected workflow have focused evidence.
|
|
92
|
-
|
|
93
|
-
## Recipe 4: Host Adapter Adoption
|
|
94
|
-
|
|
95
|
-
Use when a project needs Codex, Claude Code, Hermes/AION-style runtime, WorkBuddy, Copilot/Gemini-style, or custom host pointers.
|
|
96
|
-
|
|
97
|
-
Steps:
|
|
98
|
-
|
|
99
|
-
1. Read `references/compatibility.md` and `references/host-adapters.md`.
|
|
100
|
-
2. Generate short command/pointer adapters only when the host has a real adapter location:
|
|
101
|
-
|
|
102
|
-
```text
|
|
103
|
-
node <gse-skill>/scripts/generate-command-adapter.mjs --target <project-root> --host claude|codex|hermes|workbuddy|copilot|gemini|generic|all
|
|
104
|
-
```
|
|
105
|
-
|
|
106
|
-
`scripts/generate-host-adapter.mjs` is a legacy fixture helper for the older Codex/Claude markdown adapter smoke. Prefer `generate-command-adapter.mjs` for new project adoption.
|
|
107
|
-
|
|
108
|
-
3. Keep `.gse/` as the source of truth. Do not copy goal maps, quality gates, or evidence into host folders.
|
|
109
|
-
4. Mark host capabilities as `verified`, `documented`, `unknown`, or `unavailable` based on current evidence.
|
|
110
|
-
5. Run `scripts/audit-host-adapters.mjs` for GSE fixture coverage, then run project-specific inspection for the target project.
|
|
111
|
-
|
|
112
|
-
Evidence status: fixture generation can be `verified`; actual host runtime tools remain project/session-specific.
|
|
113
|
-
|
|
114
|
-
## Recipe 5: CLI Or Package Project Adoption
|
|
115
|
-
|
|
116
|
-
Use when a project is primarily a command-line tool, reusable package, SDK, plugin, or library rather than a web app.
|
|
117
|
-
|
|
118
|
-
Steps:
|
|
119
|
-
|
|
120
|
-
1. Read package docs and project rules before changing workflow files: `README.md`, `AGENTS.md`, `CONTRIBUTING.md`, package manifest, and release notes if present.
|
|
121
|
-
2. Run discovery first:
|
|
122
|
-
|
|
123
|
-
```text
|
|
124
|
-
node <gse-skill>/scripts/discover-project-profile.mjs --target <project-root> --json
|
|
125
|
-
```
|
|
126
|
-
|
|
127
|
-
3. Treat `bin` entries, package scripts, publish commands, signing, registry, and shell integration as `documented` or `unknown` until a focused smoke proves them.
|
|
128
|
-
4. Preserve package metadata, release notes, compatibility policy, and existing publish/rollback instructions.
|
|
129
|
-
5. Prefer a small command smoke before broader tests, such as `npm run smoke`, `node ./bin/<name> --help`, `npm pack --dry-run`, or the project equivalent.
|
|
130
|
-
6. Record exit-code behavior, changed files, package artifacts intentionally ignored, residual release risk, and next action.
|
|
131
|
-
|
|
132
|
-
Evidence status: fixture coverage can be `verified`; real package install, registry access, publish permissions, global install, and shell completion require project-specific evidence.
|
|
133
|
-
|
|
134
|
-
## Adoption Record
|
|
135
|
-
|
|
136
|
-
Use this compact record in `.gse/evidence/` or the project evidence log:
|
|
137
|
-
|
|
138
|
-
```text
|
|
139
|
-
Adoption recipe:
|
|
140
|
-
Project path:
|
|
141
|
-
Mode or host:
|
|
142
|
-
Project rules read:
|
|
143
|
-
Commands run:
|
|
144
|
-
Files created or changed:
|
|
145
|
-
Preserved project-specific rules:
|
|
146
|
-
Host/tool statuses:
|
|
147
|
-
Validation evidence:
|
|
148
|
-
Evidence status: result | verified | accepted | not ready
|
|
149
|
-
Residual risk:
|
|
150
|
-
Next action:
|
|
151
|
-
```
|
|
152
|
-
|
|
153
|
-
For real target-project evidence, use `assets/templates/target-adoption-evidence.md`. Keep discovered scripts and configs as `documented` until executed, and keep `Accepted by: not accepted` unless a real acceptance gate ran.
|
|
154
|
-
|
|
155
|
-
Use `assets/templates/acceptance-execution-packet.md` before writing project-local `.gse/` artifacts or claiming owner-approved adoption acceptance.
|
|
156
|
-
|
|
157
|
-
## Verification Commands
|
|
158
|
-
|
|
159
|
-
Use only the commands that match the recipe and risk:
|
|
160
|
-
|
|
161
|
-
```text
|
|
162
|
-
node <gse-skill>/scripts/audit-project.mjs --root <gse-skill>
|
|
163
|
-
node <gse-skill>/scripts/audit-adoption.mjs --root <gse-skill>
|
|
164
|
-
node <gse-skill>/scripts/audit-command-adapters.mjs --root <gse-skill>
|
|
165
|
-
node <gse-skill>/scripts/audit-host-adapters.mjs --root <gse-skill>
|
|
166
|
-
node <gse-skill>/scripts/audit-fixtures.mjs --root <gse-skill>
|
|
167
|
-
node <gse-skill>/scripts/audit-target-project.mjs --target <project-root>
|
|
168
|
-
node <gse-skill>/scripts/validate-gse.mjs --root <gse-skill>
|
|
169
|
-
```
|
|
170
|
-
|
|
171
|
-
These commands verify GSE fixtures and skill readiness. They do not certify arbitrary production repositories. Real adoption still needs project-specific inspection, focused smokes, and evidence.
|
|
1
|
+
# Adoption Recipes
|
|
2
|
+
|
|
3
|
+
Use this when applying GSE to a project or updating an existing GSE installation.
|
|
4
|
+
|
|
5
|
+
These recipes are host-neutral. They do not certify arbitrary repositories, install external tools, publish GSE, or verify host runtime capabilities. Treat project and host capabilities as `unknown` until checked in that project/session.
|
|
6
|
+
|
|
7
|
+
## Recipe 1: Fresh Project Install
|
|
8
|
+
|
|
9
|
+
Use when a project has no `.gse/` folder yet.
|
|
10
|
+
|
|
11
|
+
Steps:
|
|
12
|
+
|
|
13
|
+
1. Read project rules first: `AGENTS.md`, `CLAUDE.md`, README, or equivalent.
|
|
14
|
+
2. Choose mode from `references/task-levels.md` and `references/project-bootstrap.md`: `lite`, `standard`, or `enterprise`.
|
|
15
|
+
3. Run:
|
|
16
|
+
|
|
17
|
+
```text
|
|
18
|
+
node <gse-skill>/scripts/init-project.mjs --target <project-root> --mode <mode>
|
|
19
|
+
```
|
|
20
|
+
|
|
21
|
+
4. Inspect generated `.gse/state.json`, `.gse/project-profile.md`, `.gse/goal-map.md`, `.gse/quality-gates.md`, `.gse/tooling.md`, and `.gse/evidence/index.jsonl`.
|
|
22
|
+
5. Record project-specific commands, standards, permissions, and owners in `.gse/project-profile.md`.
|
|
23
|
+
6. Run the smallest project verification that proves the install is usable, such as checking files exist and reading `.gse/README.md`.
|
|
24
|
+
Prefer the target doctor when available:
|
|
25
|
+
|
|
26
|
+
```text
|
|
27
|
+
node <gse-skill>/scripts/audit-target-project.mjs --target <project-root>
|
|
28
|
+
```
|
|
29
|
+
|
|
30
|
+
7. Record residual risk: commands, CI, browser, MCP, LSP, subagents, models, and release paths remain `unknown` until executed.
|
|
31
|
+
|
|
32
|
+
Evidence status: `result` when files exist; `verified` only after focused project inspection or smoke proves the generated workflow is usable.
|
|
33
|
+
|
|
34
|
+
## Recipe 2: Existing Repo Adoption
|
|
35
|
+
|
|
36
|
+
Use when a repository already has rules, scripts, CI, host folders, or partial `.gse/` files.
|
|
37
|
+
|
|
38
|
+
Steps:
|
|
39
|
+
|
|
40
|
+
1. Read project rules and existing workflow docs before generating anything.
|
|
41
|
+
2. Run discovery without writing:
|
|
42
|
+
|
|
43
|
+
```text
|
|
44
|
+
node <gse-skill>/scripts/discover-project-profile.mjs --target <project-root> --json
|
|
45
|
+
```
|
|
46
|
+
|
|
47
|
+
3. Treat discovered scripts/configs as `documented`, not `verified`, until the commands actually run.
|
|
48
|
+
4. If `.gse/project-profile.md` already exists, do not overwrite it without explicit `--force` and a reason. Do not overwrite existing project workflow files just because GSE has defaults.
|
|
49
|
+
5. If writing is approved, use:
|
|
50
|
+
|
|
51
|
+
```text
|
|
52
|
+
node <gse-skill>/scripts/discover-project-profile.mjs --target <project-root> --write
|
|
53
|
+
```
|
|
54
|
+
|
|
55
|
+
6. Preserve project-specific standards, host adapters, existing evidence logs, and owner decisions.
|
|
56
|
+
7. Record whether adoption is `result`, `verified`, or `accepted` using `references/evidence-taxonomy.md`.
|
|
57
|
+
|
|
58
|
+
Evidence status: `verified` for controlled fixture behavior when `scripts/audit-adoption.mjs` passes; real repos need project-specific evidence.
|
|
59
|
+
|
|
60
|
+
## Recipe 3: Update Existing GSE
|
|
61
|
+
|
|
62
|
+
Use when a project already follows GSE and the skill or project-local `.gse/` files need an update.
|
|
63
|
+
|
|
64
|
+
Steps:
|
|
65
|
+
|
|
66
|
+
1. Read `.gse/project-profile.md`, `.gse/goal-map.md`, `.gse/current-slice.md` if present, and host adapter notes.
|
|
67
|
+
Prefer `.gse/state.json` and `.gse/evidence/index.jsonl` when present because they are the machine-readable continuation state.
|
|
68
|
+
2. Identify whether the update affects templates, scripts, host adapters, quality gates, release/recovery, or project rules.
|
|
69
|
+
3. Preserve local project decisions. Do not replace project `.gse/` files with skill defaults unless the project owner approves.
|
|
70
|
+
4. Run skill validation after updating the skill package:
|
|
71
|
+
|
|
72
|
+
```text
|
|
73
|
+
node <gse-skill>/scripts/validate-gse.mjs --root <gse-skill>
|
|
74
|
+
```
|
|
75
|
+
|
|
76
|
+
5. Run project-local validation or smoke for the affected workflow.
|
|
77
|
+
For read-only workflow drift checks, run:
|
|
78
|
+
|
|
79
|
+
```text
|
|
80
|
+
node <gse-skill>/scripts/audit-target-project.mjs --target <project-root>
|
|
81
|
+
```
|
|
82
|
+
|
|
83
|
+
If the project predates `.gse/state.json` and `.gse/evidence/index.jsonl`, add only the missing machine-readable continuation files:
|
|
84
|
+
|
|
85
|
+
```text
|
|
86
|
+
node <gse-skill>/scripts/update-project-state.mjs --target <project-root>
|
|
87
|
+
```
|
|
88
|
+
|
|
89
|
+
6. Record changed files, migration/rollback notes, evidence status, residual risks, and next action in the project evidence log.
|
|
90
|
+
|
|
91
|
+
Evidence status: `verified` only when the project-local update path and affected workflow have focused evidence.
|
|
92
|
+
|
|
93
|
+
## Recipe 4: Host Adapter Adoption
|
|
94
|
+
|
|
95
|
+
Use when a project needs Codex, Claude Code, Hermes/AION-style runtime, WorkBuddy, Copilot/Gemini-style, or custom host pointers.
|
|
96
|
+
|
|
97
|
+
Steps:
|
|
98
|
+
|
|
99
|
+
1. Read `references/compatibility.md` and `references/host-adapters.md`.
|
|
100
|
+
2. Generate short command/pointer adapters only when the host has a real adapter location:
|
|
101
|
+
|
|
102
|
+
```text
|
|
103
|
+
node <gse-skill>/scripts/generate-command-adapter.mjs --target <project-root> --host claude|codex|hermes|workbuddy|copilot|gemini|generic|all
|
|
104
|
+
```
|
|
105
|
+
|
|
106
|
+
`scripts/generate-host-adapter.mjs` is a legacy fixture helper for the older Codex/Claude markdown adapter smoke. Prefer `generate-command-adapter.mjs` for new project adoption.
|
|
107
|
+
|
|
108
|
+
3. Keep `.gse/` as the source of truth. Do not copy goal maps, quality gates, or evidence into host folders.
|
|
109
|
+
4. Mark host capabilities as `verified`, `documented`, `unknown`, or `unavailable` based on current evidence.
|
|
110
|
+
5. Run `scripts/audit-host-adapters.mjs` for GSE fixture coverage, then run project-specific inspection for the target project.
|
|
111
|
+
|
|
112
|
+
Evidence status: fixture generation can be `verified`; actual host runtime tools remain project/session-specific.
|
|
113
|
+
|
|
114
|
+
## Recipe 5: CLI Or Package Project Adoption
|
|
115
|
+
|
|
116
|
+
Use when a project is primarily a command-line tool, reusable package, SDK, plugin, or library rather than a web app.
|
|
117
|
+
|
|
118
|
+
Steps:
|
|
119
|
+
|
|
120
|
+
1. Read package docs and project rules before changing workflow files: `README.md`, `AGENTS.md`, `CONTRIBUTING.md`, package manifest, and release notes if present.
|
|
121
|
+
2. Run discovery first:
|
|
122
|
+
|
|
123
|
+
```text
|
|
124
|
+
node <gse-skill>/scripts/discover-project-profile.mjs --target <project-root> --json
|
|
125
|
+
```
|
|
126
|
+
|
|
127
|
+
3. Treat `bin` entries, package scripts, publish commands, signing, registry, and shell integration as `documented` or `unknown` until a focused smoke proves them.
|
|
128
|
+
4. Preserve package metadata, release notes, compatibility policy, and existing publish/rollback instructions.
|
|
129
|
+
5. Prefer a small command smoke before broader tests, such as `npm run smoke`, `node ./bin/<name> --help`, `npm pack --dry-run`, or the project equivalent.
|
|
130
|
+
6. Record exit-code behavior, changed files, package artifacts intentionally ignored, residual release risk, and next action.
|
|
131
|
+
|
|
132
|
+
Evidence status: fixture coverage can be `verified`; real package install, registry access, publish permissions, global install, and shell completion require project-specific evidence.
|
|
133
|
+
|
|
134
|
+
## Adoption Record
|
|
135
|
+
|
|
136
|
+
Use this compact record in `.gse/evidence/` or the project evidence log:
|
|
137
|
+
|
|
138
|
+
```text
|
|
139
|
+
Adoption recipe:
|
|
140
|
+
Project path:
|
|
141
|
+
Mode or host:
|
|
142
|
+
Project rules read:
|
|
143
|
+
Commands run:
|
|
144
|
+
Files created or changed:
|
|
145
|
+
Preserved project-specific rules:
|
|
146
|
+
Host/tool statuses:
|
|
147
|
+
Validation evidence:
|
|
148
|
+
Evidence status: result | verified | accepted | not ready
|
|
149
|
+
Residual risk:
|
|
150
|
+
Next action:
|
|
151
|
+
```
|
|
152
|
+
|
|
153
|
+
For real target-project evidence, use `assets/templates/target-adoption-evidence.md`. Keep discovered scripts and configs as `documented` until executed, and keep `Accepted by: not accepted` unless a real acceptance gate ran.
|
|
154
|
+
|
|
155
|
+
Use `assets/templates/acceptance-execution-packet.md` before writing project-local `.gse/` artifacts or claiming owner-approved adoption acceptance.
|
|
156
|
+
|
|
157
|
+
## Verification Commands
|
|
158
|
+
|
|
159
|
+
Use only the commands that match the recipe and risk:
|
|
160
|
+
|
|
161
|
+
```text
|
|
162
|
+
node <gse-skill>/scripts/audit-project.mjs --root <gse-skill>
|
|
163
|
+
node <gse-skill>/scripts/audit-adoption.mjs --root <gse-skill>
|
|
164
|
+
node <gse-skill>/scripts/audit-command-adapters.mjs --root <gse-skill>
|
|
165
|
+
node <gse-skill>/scripts/audit-host-adapters.mjs --root <gse-skill>
|
|
166
|
+
node <gse-skill>/scripts/audit-fixtures.mjs --root <gse-skill>
|
|
167
|
+
node <gse-skill>/scripts/audit-target-project.mjs --target <project-root>
|
|
168
|
+
node <gse-skill>/scripts/validate-gse.mjs --root <gse-skill>
|
|
169
|
+
```
|
|
170
|
+
|
|
171
|
+
These commands verify GSE fixtures and skill readiness. They do not certify arbitrary production repositories. Real adoption still needs project-specific inspection, focused smokes, and evidence.
|
|
@@ -1,49 +1,70 @@
|
|
|
1
|
-
# Agent Roles
|
|
2
|
-
|
|
3
|
-
Use roles to make multi-agent work predictable.
|
|
4
|
-
|
|
1
|
+
# Agent Roles
|
|
2
|
+
|
|
3
|
+
Use roles to make multi-agent work predictable.
|
|
4
|
+
|
|
5
5
|
## Coordinator
|
|
6
6
|
|
|
7
7
|
Owns scope, task level, context selection, final integration, and final answer.
|
|
8
8
|
|
|
9
9
|
Never delegates final judgment.
|
|
10
10
|
|
|
11
|
-
##
|
|
12
|
-
|
|
13
|
-
Clarifies user outcome, pain, audience, competitive baseline, and priority.
|
|
11
|
+
## Planner
|
|
14
12
|
|
|
15
|
-
|
|
16
|
-
|
|
17
|
-
Defines state, data flow, module boundaries, contracts, risks, and rollback.
|
|
13
|
+
Defines the slice outcome, scope, acceptance, evidence, residual risk, and next action.
|
|
18
14
|
|
|
15
|
+
Maps to Coordinator or Product Analyst in smaller tasks.
|
|
16
|
+
|
|
17
|
+
## Product Analyst
|
|
18
|
+
|
|
19
|
+
Clarifies user outcome, pain, audience, competitive baseline, and priority.
|
|
20
|
+
|
|
21
|
+
## Architect
|
|
22
|
+
|
|
23
|
+
Defines state, data flow, module boundaries, contracts, risks, and rollback.
|
|
24
|
+
|
|
19
25
|
## Code Locator
|
|
20
26
|
|
|
21
27
|
Read-only. Finds files, symbols, call chains, existing tests, and local patterns.
|
|
22
28
|
|
|
29
|
+
Also called Locator in portable role fallback packets.
|
|
30
|
+
|
|
23
31
|
## Builder
|
|
24
32
|
|
|
25
33
|
Implements a bounded slice. Avoids unrelated refactors.
|
|
26
34
|
|
|
27
|
-
|
|
35
|
+
Also called Implementer in portable role fallback packets.
|
|
28
36
|
|
|
29
|
-
|
|
37
|
+
## Verifier
|
|
30
38
|
|
|
31
|
-
|
|
32
|
-
|
|
33
|
-
Runs focused verification, browser smoke, API smoke, or screenshot checks.
|
|
39
|
+
Runs focused checks and records what evidence level the check proves.
|
|
34
40
|
|
|
41
|
+
Maps to QA in smaller tasks.
|
|
42
|
+
|
|
43
|
+
## Reviewer
|
|
44
|
+
|
|
45
|
+
Checks correctness, regressions, architecture drift, security, and missing tests using `references/review.md`.
|
|
46
|
+
|
|
47
|
+
## QA
|
|
48
|
+
|
|
49
|
+
Runs focused verification, browser smoke, API smoke, or screenshot checks.
|
|
50
|
+
|
|
35
51
|
## Docs/Evidence
|
|
36
52
|
|
|
37
53
|
Writes evidence, changelog notes, ADR links, and learning entries. Does not modify implementation unless explicitly assigned.
|
|
38
54
|
|
|
39
|
-
##
|
|
55
|
+
## Release
|
|
40
56
|
|
|
57
|
+
Checks release, CI, package, public, owner, marketplace, registry, and host-runtime claim boundaries. Does not turn local evidence into external acceptance.
|
|
58
|
+
|
|
59
|
+
## Dispatch Rules
|
|
60
|
+
|
|
41
61
|
- Use real subagent tools only when exposed by the current host.
|
|
42
62
|
- Give each agent a role, files allowed, expected output, and forbidden actions. Use `assets/templates/dispatch-packet.md` when the assignment needs durable boundaries or evidence.
|
|
63
|
+
- For portable fallback packets, use `references/role-dispatch-fallback.md` and `assets/templates/role-fallback-packet.md`.
|
|
43
64
|
- Avoid parallel writes to the same files.
|
|
44
65
|
- If subagents are unavailable, execute roles sequentially in the main session and say so.
|
|
45
|
-
|
|
46
|
-
## File Ownership
|
|
47
|
-
|
|
48
|
-
Use `references/file-ownership.md` before assigning write access, running parallel implementation, or editing in a dirty worktree. Keep locator, reviewer, and QA roles read-only unless explicitly assigned otherwise.
|
|
49
|
-
|
|
66
|
+
|
|
67
|
+
## File Ownership
|
|
68
|
+
|
|
69
|
+
Use `references/file-ownership.md` before assigning write access, running parallel implementation, or editing in a dirty worktree. Keep locator, verifier, reviewer, release, and QA roles read-only unless explicitly assigned otherwise.
|
|
70
|
+
|
|
@@ -1,101 +1,101 @@
|
|
|
1
|
-
# Architecture Health
|
|
2
|
-
|
|
3
|
-
Use this when a change may affect the long-term shape of a project, not only the immediate behavior. Architecture health checks look for structural drift that can make future work slower, riskier, or harder for agents to understand.
|
|
4
|
-
|
|
5
|
-
## Trigger Conditions
|
|
6
|
-
|
|
7
|
-
Run an architecture health scan when any of these are true:
|
|
8
|
-
|
|
9
|
-
- A change crosses module boundaries, package boundaries, runtime boundaries, product boundaries, or host adapter boundaries.
|
|
10
|
-
- A new subsystem, provider, model route, worker, storage layer, queue, browser/runtime path, or deployment path is added.
|
|
11
|
-
- Repeated bugs suggest hidden coupling, unclear ownership, duplicated logic, or a missing source of truth.
|
|
12
|
-
- A dependency, security boundary, permission model, migration, release path, or rollback path changes.
|
|
13
|
-
- Performance, resilience, cancellation, retry, state recovery, or observability behavior is material to the slice.
|
|
14
|
-
- Project docs, generated artifacts, code, and .gse/ records disagree about the intended design.
|
|
15
|
-
|
|
16
|
-
Do not run a broad scan for tiny local edits unless the edit touches a structural boundary.
|
|
17
|
-
|
|
18
|
-
## Scope Levels
|
|
19
|
-
|
|
20
|
-
Pick the smallest scan that can prove the risk is understood.
|
|
21
|
-
|
|
22
|
-
| Level | Use when | Minimum evidence |
|
|
23
|
-
|---|---|---|
|
|
24
|
-
| Lightweight local scan | One file, one module, one adapter, or one narrow workflow changed | Relevant files, nearest tests/checks, project rules that govern the area |
|
|
25
|
-
| Subsystem scan | A feature crosses modules, storage/state, API/UI, worker/runtime, or tool boundaries | Call flow, data ownership, source-of-truth records, focused verification |
|
|
26
|
-
| Broad architecture review | Large refactor, new platform capability, release/migration risk, recurring failures, or uncertain ownership | Architecture docs, ADRs, project profile, dependency/release notes, evidence and follow-up slices |
|
|
27
|
-
|
|
28
|
-
## Scan Axes
|
|
29
|
-
|
|
30
|
-
### Module Boundaries
|
|
31
|
-
|
|
32
|
-
- Are module boundaries, package boundaries, runtime boundaries, and host adapter boundaries still clear?
|
|
33
|
-
- Did the change import across layers in a way the project does not already allow?
|
|
34
|
-
- Is shared behavior placed in the right owner instead of copied into callers?
|
|
35
|
-
|
|
36
|
-
### Coupling And Cohesion
|
|
37
|
-
|
|
38
|
-
- Did the change create tight coupling between UI, API, worker, storage, tools, models, or host-specific adapters?
|
|
39
|
-
- Can a future agent change one concern without understanding unrelated concerns?
|
|
40
|
-
- Are abstractions justified by repeated complexity or existing project patterns?
|
|
41
|
-
|
|
42
|
-
### Source Of Truth Drift
|
|
43
|
-
|
|
44
|
-
- Is there one source of truth for goals, specs, state, memory, routing, configuration, and evidence?
|
|
45
|
-
- Do docs, code, scripts, templates, generated files, and .gse/ records agree?
|
|
46
|
-
- Are compatibility names or legacy internal names contained behind adapters rather than exposed as product truth?
|
|
47
|
-
|
|
48
|
-
### Dependency And Security Risk
|
|
49
|
-
|
|
50
|
-
- Did dependencies, provider SDKs, MCP/tool integrations, or browser/runtime permissions change?
|
|
51
|
-
- Are dependency and security assumptions verified, documented, or explicitly unknown?
|
|
52
|
-
- Are secrets, raw provider payloads, hidden reasoning, and privileged tool traces excluded from user-visible or committed outputs?
|
|
53
|
-
|
|
54
|
-
### Ownership And Change Control
|
|
55
|
-
|
|
56
|
-
- Which module, team, role, or agent owns the changed behavior?
|
|
57
|
-
- Are file ownership and multi-agent lock rules clear enough to prevent overlapping edits?
|
|
58
|
-
- Does the change need an ADR, project-profile update, or future release note?
|
|
59
|
-
|
|
60
|
-
### Performance And Resilience
|
|
61
|
-
|
|
62
|
-
- Could the design add latency, heavy context loading, unnecessary worker paths, repeated browser loops, or expensive model routes?
|
|
63
|
-
- Are cancellation, retry, timeout, recovery, idempotency, and duplicate prevention considered where relevant?
|
|
64
|
-
- Is observability enough to diagnose failure without leaking sensitive data?
|
|
65
|
-
|
|
66
|
-
### Migration And Release Impact
|
|
67
|
-
|
|
68
|
-
- Does the change affect install, upgrade, data migration, backward compatibility, rollback, or release acceptance?
|
|
69
|
-
- Are migration and release risks captured as decisions or follow-up slices rather than hidden assumptions?
|
|
70
|
-
- Is the verification scope strong enough for the release risk?
|
|
71
|
-
|
|
72
|
-
## Output Format
|
|
73
|
-
|
|
74
|
-
Keep the output concise. Link to evidence instead of pasting long logs.
|
|
75
|
-
|
|
76
|
-
```text
|
|
77
|
-
Scan scope:
|
|
78
|
-
Findings:
|
|
79
|
-
Risks:
|
|
80
|
-
Decisions needed:
|
|
81
|
-
Follow-up slices:
|
|
82
|
-
Evidence:
|
|
83
|
-
```
|
|
84
|
-
|
|
85
|
-
## Classification Rules
|
|
86
|
-
|
|
87
|
-
- Findings are observed facts from code, docs, scripts, tests, or runtime behavior.
|
|
88
|
-
- Risks are plausible future failures or maintenance costs that the current evidence does not eliminate.
|
|
89
|
-
- Decisions needed are architecture choices that require owner, user, or project-standard confirmation.
|
|
90
|
-
- Follow-up slices are bounded implementation or documentation steps that can be verified later.
|
|
91
|
-
|
|
92
|
-
Do not label a guess as a finding. If evidence is indirect, record it as a risk or assumption and choose a follow-up slice.
|
|
93
|
-
|
|
94
|
-
## Integration
|
|
95
|
-
|
|
96
|
-
- Use references/review.md for the review axes and severity language.
|
|
97
|
-
- Use references/quality-gates.md to decide whether architecture health is required for the task risk.
|
|
98
|
-
- Use references/file-ownership.md when ownership, dirty worktree, or multi-agent overlap is unclear.
|
|
99
|
-
- Use references/project-profile.md and project architecture docs as the source of project-specific standards.
|
|
100
|
-
- Use references/release.md when architecture risk affects migration, rollback, compatibility, changelog/release notes, or release acceptance.
|
|
101
|
-
- Use references/evidence-taxonomy.md to classify the final claim as result, verified, or accepted.
|
|
1
|
+
# Architecture Health
|
|
2
|
+
|
|
3
|
+
Use this when a change may affect the long-term shape of a project, not only the immediate behavior. Architecture health checks look for structural drift that can make future work slower, riskier, or harder for agents to understand.
|
|
4
|
+
|
|
5
|
+
## Trigger Conditions
|
|
6
|
+
|
|
7
|
+
Run an architecture health scan when any of these are true:
|
|
8
|
+
|
|
9
|
+
- A change crosses module boundaries, package boundaries, runtime boundaries, product boundaries, or host adapter boundaries.
|
|
10
|
+
- A new subsystem, provider, model route, worker, storage layer, queue, browser/runtime path, or deployment path is added.
|
|
11
|
+
- Repeated bugs suggest hidden coupling, unclear ownership, duplicated logic, or a missing source of truth.
|
|
12
|
+
- A dependency, security boundary, permission model, migration, release path, or rollback path changes.
|
|
13
|
+
- Performance, resilience, cancellation, retry, state recovery, or observability behavior is material to the slice.
|
|
14
|
+
- Project docs, generated artifacts, code, and .gse/ records disagree about the intended design.
|
|
15
|
+
|
|
16
|
+
Do not run a broad scan for tiny local edits unless the edit touches a structural boundary.
|
|
17
|
+
|
|
18
|
+
## Scope Levels
|
|
19
|
+
|
|
20
|
+
Pick the smallest scan that can prove the risk is understood.
|
|
21
|
+
|
|
22
|
+
| Level | Use when | Minimum evidence |
|
|
23
|
+
|---|---|---|
|
|
24
|
+
| Lightweight local scan | One file, one module, one adapter, or one narrow workflow changed | Relevant files, nearest tests/checks, project rules that govern the area |
|
|
25
|
+
| Subsystem scan | A feature crosses modules, storage/state, API/UI, worker/runtime, or tool boundaries | Call flow, data ownership, source-of-truth records, focused verification |
|
|
26
|
+
| Broad architecture review | Large refactor, new platform capability, release/migration risk, recurring failures, or uncertain ownership | Architecture docs, ADRs, project profile, dependency/release notes, evidence and follow-up slices |
|
|
27
|
+
|
|
28
|
+
## Scan Axes
|
|
29
|
+
|
|
30
|
+
### Module Boundaries
|
|
31
|
+
|
|
32
|
+
- Are module boundaries, package boundaries, runtime boundaries, and host adapter boundaries still clear?
|
|
33
|
+
- Did the change import across layers in a way the project does not already allow?
|
|
34
|
+
- Is shared behavior placed in the right owner instead of copied into callers?
|
|
35
|
+
|
|
36
|
+
### Coupling And Cohesion
|
|
37
|
+
|
|
38
|
+
- Did the change create tight coupling between UI, API, worker, storage, tools, models, or host-specific adapters?
|
|
39
|
+
- Can a future agent change one concern without understanding unrelated concerns?
|
|
40
|
+
- Are abstractions justified by repeated complexity or existing project patterns?
|
|
41
|
+
|
|
42
|
+
### Source Of Truth Drift
|
|
43
|
+
|
|
44
|
+
- Is there one source of truth for goals, specs, state, memory, routing, configuration, and evidence?
|
|
45
|
+
- Do docs, code, scripts, templates, generated files, and .gse/ records agree?
|
|
46
|
+
- Are compatibility names or legacy internal names contained behind adapters rather than exposed as product truth?
|
|
47
|
+
|
|
48
|
+
### Dependency And Security Risk
|
|
49
|
+
|
|
50
|
+
- Did dependencies, provider SDKs, MCP/tool integrations, or browser/runtime permissions change?
|
|
51
|
+
- Are dependency and security assumptions verified, documented, or explicitly unknown?
|
|
52
|
+
- Are secrets, raw provider payloads, hidden reasoning, and privileged tool traces excluded from user-visible or committed outputs?
|
|
53
|
+
|
|
54
|
+
### Ownership And Change Control
|
|
55
|
+
|
|
56
|
+
- Which module, team, role, or agent owns the changed behavior?
|
|
57
|
+
- Are file ownership and multi-agent lock rules clear enough to prevent overlapping edits?
|
|
58
|
+
- Does the change need an ADR, project-profile update, or future release note?
|
|
59
|
+
|
|
60
|
+
### Performance And Resilience
|
|
61
|
+
|
|
62
|
+
- Could the design add latency, heavy context loading, unnecessary worker paths, repeated browser loops, or expensive model routes?
|
|
63
|
+
- Are cancellation, retry, timeout, recovery, idempotency, and duplicate prevention considered where relevant?
|
|
64
|
+
- Is observability enough to diagnose failure without leaking sensitive data?
|
|
65
|
+
|
|
66
|
+
### Migration And Release Impact
|
|
67
|
+
|
|
68
|
+
- Does the change affect install, upgrade, data migration, backward compatibility, rollback, or release acceptance?
|
|
69
|
+
- Are migration and release risks captured as decisions or follow-up slices rather than hidden assumptions?
|
|
70
|
+
- Is the verification scope strong enough for the release risk?
|
|
71
|
+
|
|
72
|
+
## Output Format
|
|
73
|
+
|
|
74
|
+
Keep the output concise. Link to evidence instead of pasting long logs.
|
|
75
|
+
|
|
76
|
+
```text
|
|
77
|
+
Scan scope:
|
|
78
|
+
Findings:
|
|
79
|
+
Risks:
|
|
80
|
+
Decisions needed:
|
|
81
|
+
Follow-up slices:
|
|
82
|
+
Evidence:
|
|
83
|
+
```
|
|
84
|
+
|
|
85
|
+
## Classification Rules
|
|
86
|
+
|
|
87
|
+
- Findings are observed facts from code, docs, scripts, tests, or runtime behavior.
|
|
88
|
+
- Risks are plausible future failures or maintenance costs that the current evidence does not eliminate.
|
|
89
|
+
- Decisions needed are architecture choices that require owner, user, or project-standard confirmation.
|
|
90
|
+
- Follow-up slices are bounded implementation or documentation steps that can be verified later.
|
|
91
|
+
|
|
92
|
+
Do not label a guess as a finding. If evidence is indirect, record it as a risk or assumption and choose a follow-up slice.
|
|
93
|
+
|
|
94
|
+
## Integration
|
|
95
|
+
|
|
96
|
+
- Use references/review.md for the review axes and severity language.
|
|
97
|
+
- Use references/quality-gates.md to decide whether architecture health is required for the task risk.
|
|
98
|
+
- Use references/file-ownership.md when ownership, dirty worktree, or multi-agent overlap is unclear.
|
|
99
|
+
- Use references/project-profile.md and project architecture docs as the source of project-specific standards.
|
|
100
|
+
- Use references/release.md when architecture risk affects migration, rollback, compatibility, changelog/release notes, or release acceptance.
|
|
101
|
+
- Use references/evidence-taxonomy.md to classify the final claim as result, verified, or accepted.
|