@t275005746/gse 0.1.0 → 0.1.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (228) hide show
  1. package/.github/ISSUE_TEMPLATE/bug_report.yml +42 -42
  2. package/.github/ISSUE_TEMPLATE/change_request.yml +50 -50
  3. package/.github/ISSUE_TEMPLATE/config.yml +5 -5
  4. package/.github/PULL_REQUEST_TEMPLATE.md +38 -38
  5. package/.github/workflows/validate-gse.yml +33 -33
  6. package/.gse/README.md +18 -18
  7. package/.gse/gse-development-protocol.md +50 -50
  8. package/.gse/project-profile.md +29 -29
  9. package/.gse/quality-gates.md +25 -25
  10. package/.gse/releases/public-registry-publication-npm.md +49 -0
  11. package/.gse/releases/public-release-owner-required.md +65 -65
  12. package/.gse/releases/public-security-contact-owner-required.md +45 -45
  13. package/.gse/state.json +147 -27
  14. package/CHANGELOG.md +31 -15
  15. package/CONTRIBUTING.md +64 -64
  16. package/LICENSE +21 -21
  17. package/README.md +14 -7
  18. package/README.zh-CN.md +14 -7
  19. package/SECURITY.md +41 -41
  20. package/SKILL.md +32 -12
  21. package/SUPPORT.md +38 -38
  22. package/assets/marketplace/README.md +7 -7
  23. package/assets/marketplace/gse-listing.json +75 -75
  24. package/assets/templates/acceptance-execution-packet.md +73 -73
  25. package/assets/templates/adr.md +14 -14
  26. package/assets/templates/change-brief.md +16 -16
  27. package/assets/templates/design.md +18 -18
  28. package/assets/templates/dispatch-packet.md +100 -92
  29. package/assets/templates/evidence.md +15 -9
  30. package/assets/templates/execution-quality-pack.md +65 -65
  31. package/assets/templates/goal-map.md +21 -21
  32. package/assets/templates/host-adapter.md +48 -48
  33. package/assets/templates/host-ui-invocation-record.md +42 -42
  34. package/assets/templates/incident-review.md +60 -60
  35. package/assets/templates/public-channel-publication-record.md +49 -49
  36. package/assets/templates/public-ci-run-record.md +53 -53
  37. package/assets/templates/public-release-record.md +65 -65
  38. package/assets/templates/public-repository-settings-record.md +59 -59
  39. package/assets/templates/public-security-contact-record.md +45 -45
  40. package/assets/templates/release-trust-record.md +32 -32
  41. package/assets/templates/review.md +18 -18
  42. package/assets/templates/role-fallback-packet.md +49 -0
  43. package/assets/templates/spec.md +16 -16
  44. package/assets/templates/target-adoption-evidence.md +29 -29
  45. package/assets/templates/tasks.md +17 -17
  46. package/assets/templates/update-release-acceptance-record.md +58 -58
  47. package/examples/README.md +22 -22
  48. package/examples/agent-runtime-host/.claude/gse-adapter.md +6 -6
  49. package/examples/agent-runtime-host/.codex/gse-adapter.md +7 -7
  50. package/examples/agent-runtime-host/.gse/goal-map.md +7 -7
  51. package/examples/agent-runtime-host/.gse/project-profile.md +27 -27
  52. package/examples/agent-runtime-host/.gse/tooling.md +5 -5
  53. package/examples/agent-runtime-host/.mcp.json +9 -9
  54. package/examples/agent-runtime-host/AGENTS.md +5 -5
  55. package/examples/agent-runtime-host/README.md +10 -10
  56. package/examples/agent-runtime-host/docs/model-routing.md +5 -5
  57. package/examples/cli-tool/.gse/project-profile.md +21 -21
  58. package/examples/cli-tool/AGENTS.md +5 -5
  59. package/examples/cli-tool/README.md +12 -12
  60. package/examples/cli-tool/package.json +21 -21
  61. package/examples/small-app/.env.example +2 -2
  62. package/examples/small-app/.github/workflows/ci.yml +8 -8
  63. package/examples/small-app/AGENTS.md +5 -5
  64. package/examples/small-app/README.md +12 -12
  65. package/examples/small-app/package.json +26 -26
  66. package/examples/small-app/playwright.config.ts +4 -4
  67. package/package.json +52 -44
  68. package/references/adoption-recipes.md +171 -171
  69. package/references/agent-roles.md +42 -21
  70. package/references/architecture-health.md +101 -101
  71. package/references/benchmark-audit.md +73 -73
  72. package/references/commands.md +74 -45
  73. package/references/community-channels.md +46 -46
  74. package/references/compatibility.md +70 -70
  75. package/references/design-basis.md +38 -38
  76. package/references/domain-model.md +129 -129
  77. package/references/domain-quality-gates.md +75 -75
  78. package/references/drift-audit.md +81 -80
  79. package/references/evidence-taxonomy.md +145 -108
  80. package/references/file-ownership.md +97 -93
  81. package/references/final-form-roadmap.md +201 -0
  82. package/references/final-readiness.md +84 -84
  83. package/references/forward-test.md +133 -133
  84. package/references/goal-map.md +36 -36
  85. package/references/host-adapters.md +129 -101
  86. package/references/learning-system.md +42 -26
  87. package/references/maintenance-cadence.md +51 -0
  88. package/references/marketplace-discovery.md +46 -46
  89. package/references/model-routing.md +103 -103
  90. package/references/open-source-defaults.md +39 -39
  91. package/references/operating-model.md +52 -52
  92. package/references/packaging.md +277 -277
  93. package/references/project-agent-workspace.md +89 -89
  94. package/references/project-bootstrap.md +122 -122
  95. package/references/project-guards.md +52 -0
  96. package/references/project-profile.md +57 -57
  97. package/references/public-release.md +174 -174
  98. package/references/quality-gates.md +96 -89
  99. package/references/recovery.md +176 -176
  100. package/references/release-trust.md +43 -43
  101. package/references/release.md +126 -126
  102. package/references/review.md +141 -141
  103. package/references/role-dispatch-fallback.md +54 -0
  104. package/references/router.md +90 -90
  105. package/references/spec-workflow.md +66 -66
  106. package/references/task-levels.md +81 -81
  107. package/references/tool-adapters.md +80 -70
  108. package/scripts/audit-acceptance-execution-packet.mjs +133 -133
  109. package/scripts/audit-adoption-recipes.mjs +99 -99
  110. package/scripts/audit-change-lifecycle.mjs +77 -77
  111. package/scripts/audit-change-system.mjs +134 -134
  112. package/scripts/audit-ci-readiness.mjs +107 -107
  113. package/scripts/audit-close-gate-hardening.mjs +188 -0
  114. package/scripts/audit-close-gate.mjs +448 -262
  115. package/scripts/audit-command-adapters.mjs +91 -91
  116. package/scripts/audit-command-execution.mjs +212 -199
  117. package/scripts/audit-commands.mjs +7 -5
  118. package/scripts/audit-compatibility.mjs +149 -149
  119. package/scripts/audit-completion-plan-drill.mjs +230 -0
  120. package/scripts/audit-completion-readiness.mjs +290 -287
  121. package/scripts/audit-continue-preflight.mjs +234 -0
  122. package/scripts/audit-distribution.mjs +251 -251
  123. package/scripts/audit-domain-quality-gates.mjs +108 -108
  124. package/scripts/audit-evidence-levels.mjs +217 -0
  125. package/scripts/audit-evidence-placeholders.mjs +126 -126
  126. package/scripts/audit-evidence-review-queue.mjs +206 -0
  127. package/scripts/audit-final-acceptance-packet.mjs +9 -9
  128. package/scripts/audit-final-form-progress-report.mjs +19 -18
  129. package/scripts/audit-final-form-roadmap.mjs +157 -0
  130. package/scripts/audit-final-form-stale-copy.mjs +2 -2
  131. package/scripts/audit-final-readiness-promotion.mjs +255 -255
  132. package/scripts/audit-final-readiness.mjs +226 -226
  133. package/scripts/audit-fixtures.mjs +154 -154
  134. package/scripts/audit-fresh-session-readiness.mjs +177 -177
  135. package/scripts/audit-host-capabilities.mjs +237 -0
  136. package/scripts/audit-host-runtime-evidence-handoff.mjs +159 -159
  137. package/scripts/audit-host-runtime-invocation-drill.mjs +240 -240
  138. package/scripts/audit-host-runtime-invocations.mjs +254 -254
  139. package/scripts/audit-host-ui-invocation.mjs +132 -132
  140. package/scripts/audit-installed-sync.mjs +203 -0
  141. package/scripts/audit-learning-drift.mjs +292 -0
  142. package/scripts/audit-learning-promotion.mjs +351 -0
  143. package/scripts/audit-learning-system.mjs +24 -14
  144. package/scripts/audit-local-final-form-completion.mjs +11 -10
  145. package/scripts/audit-maintenance-cadence.mjs +139 -0
  146. package/scripts/audit-maintenance-snapshot.mjs +181 -0
  147. package/scripts/audit-marketplace-discovery.mjs +122 -122
  148. package/scripts/audit-npm-package-metadata.mjs +160 -154
  149. package/scripts/audit-npm-publish-dry-run.mjs +194 -166
  150. package/scripts/audit-npm-tarball-install.mjs +195 -189
  151. package/scripts/audit-open-source-defaults.mjs +92 -92
  152. package/scripts/audit-open-source-readiness.mjs +97 -97
  153. package/scripts/audit-owner-external-gate-kit.mjs +12 -11
  154. package/scripts/audit-project-guards.mjs +189 -0
  155. package/scripts/audit-project.mjs +144 -141
  156. package/scripts/audit-public-acceptance-command-dry-run-drill.mjs +203 -203
  157. package/scripts/audit-public-acceptance-handoff.mjs +10 -10
  158. package/scripts/audit-public-acceptance-readiness.mjs +222 -222
  159. package/scripts/audit-public-channel-publication.mjs +248 -248
  160. package/scripts/audit-public-ci-run.mjs +184 -184
  161. package/scripts/audit-public-collaboration-templates.mjs +98 -98
  162. package/scripts/audit-public-external-gate-probe.mjs +206 -206
  163. package/scripts/audit-public-release-checklist.mjs +17 -15
  164. package/scripts/audit-public-release-decision.mjs +201 -201
  165. package/scripts/audit-public-release-metadata.mjs +176 -176
  166. package/scripts/audit-public-repository-settings.mjs +237 -237
  167. package/scripts/audit-public-security-contact.mjs +171 -171
  168. package/scripts/audit-readme-docs.mjs +6 -4
  169. package/scripts/audit-recovery-readiness.mjs +98 -98
  170. package/scripts/audit-release-bundle.mjs +13 -11
  171. package/scripts/audit-release-owner-action-plan-drill.mjs +5 -4
  172. package/scripts/audit-release-owner-action-plan.mjs +10 -10
  173. package/scripts/audit-release-readiness.mjs +106 -106
  174. package/scripts/audit-release-status-manifest.mjs +4 -4
  175. package/scripts/audit-release-trust.mjs +62 -62
  176. package/scripts/audit-remote-distribution.mjs +266 -266
  177. package/scripts/audit-roadmap-consistency.mjs +234 -230
  178. package/scripts/audit-role-dispatch-fallback.mjs +212 -0
  179. package/scripts/audit-session-sync.mjs +127 -0
  180. package/scripts/audit-signing.mjs +147 -147
  181. package/scripts/audit-state-freshness.mjs +20 -14
  182. package/scripts/audit-state-repair.mjs +360 -0
  183. package/scripts/audit-target-adoption-evidence.mjs +117 -117
  184. package/scripts/audit-target-hardening-drills.mjs +267 -0
  185. package/scripts/audit-target-project.mjs +507 -507
  186. package/scripts/audit-tool-fallback-policy.mjs +180 -0
  187. package/scripts/audit-ui-browser-evidence-policy.mjs +191 -0
  188. package/scripts/audit-update-release-acceptance.mjs +136 -136
  189. package/scripts/audit-v1-target-validation.mjs +269 -269
  190. package/scripts/audit-validation-profiles.mjs +125 -123
  191. package/scripts/backfill-evidence-levels.mjs +98 -0
  192. package/scripts/check-encoding.mjs +72 -0
  193. package/scripts/close-change.mjs +116 -116
  194. package/scripts/discover-project-profile.mjs +307 -307
  195. package/scripts/generate-command-adapter.mjs +231 -231
  196. package/scripts/generate-continue-packet.mjs +1214 -0
  197. package/scripts/generate-final-acceptance-packet.mjs +188 -173
  198. package/scripts/generate-final-form-progress-report.mjs +191 -189
  199. package/scripts/generate-host-runtime-evidence-handoff.mjs +198 -191
  200. package/scripts/generate-maintenance-snapshot.mjs +216 -0
  201. package/scripts/generate-owner-external-gate-kit.mjs +295 -295
  202. package/scripts/generate-public-acceptance-handoff.mjs +168 -156
  203. package/scripts/generate-public-release-checklist.mjs +207 -207
  204. package/scripts/generate-release-bundle.mjs +505 -505
  205. package/scripts/generate-release-owner-action-plan.mjs +172 -171
  206. package/scripts/generate-release-status-manifest.mjs +199 -198
  207. package/scripts/generate-session-prompt.mjs +188 -188
  208. package/scripts/gse.mjs +67 -67
  209. package/scripts/init-change.mjs +265 -265
  210. package/scripts/init-project.mjs +793 -712
  211. package/scripts/install-gse.mjs +234 -234
  212. package/scripts/lib/evidence-placeholders.mjs +28 -28
  213. package/scripts/package-gse.mjs +174 -174
  214. package/scripts/probe-public-external-gates.mjs +167 -167
  215. package/scripts/record-host-invocation.mjs +151 -151
  216. package/scripts/record-learning.mjs +37 -8
  217. package/scripts/record-public-channel-publication.mjs +178 -178
  218. package/scripts/record-public-ci-run.mjs +180 -180
  219. package/scripts/record-public-release.mjs +175 -175
  220. package/scripts/record-public-repository-settings.mjs +209 -209
  221. package/scripts/record-public-security-contact.mjs +157 -157
  222. package/scripts/record-session-sync.mjs +87 -0
  223. package/scripts/run-gse-command.mjs +79 -47
  224. package/scripts/run-validation-profile.mjs +24 -5
  225. package/scripts/sign-gse-package.mjs +83 -83
  226. package/scripts/update-project-state.mjs +223 -223
  227. package/scripts/validate-gse.mjs +216 -0
  228. package/scripts/verify-gse-package.mjs +85 -85
@@ -1,785 +1,866 @@
1
- #!/usr/bin/env node
2
- import fs from 'node:fs'
3
- import path from 'node:path'
4
-
5
- const args = process.argv.slice(2)
6
-
7
- function readArg(name, fallback = null) {
8
- const index = args.indexOf(name)
9
- if (index === -1) return fallback
10
- return args[index + 1] ?? fallback
11
- }
12
-
13
- const target = path.resolve(readArg('--target', process.cwd()))
14
- const force = args.includes('--force')
15
- const requestedMode = readArg('--mode', 'auto')
16
- const hostAdaptersArg = readArg('--host-adapters', 'auto')
17
- const validModes = new Set(['auto', 'lite', 'standard', 'enterprise'])
18
- const validHostAdapters = new Set(['auto', 'all', 'none'])
19
-
20
- if (!validModes.has(requestedMode)) {
21
- console.error(`Invalid --mode "${requestedMode}". Expected one of: auto, lite, standard, enterprise.`)
22
- process.exit(1)
23
- }
24
-
25
- if (!validHostAdapters.has(hostAdaptersArg) && !hostAdaptersArg.split(',').every((item) => ['codex', 'claude'].includes(item.trim()))) {
26
- console.error(`Invalid --host-adapters "${hostAdaptersArg}". Expected auto, all, none, codex, claude, or codex,claude.`)
27
- process.exit(1)
28
- }
29
-
30
- const gseDir = path.join(target, '.gse')
31
- const date = new Date().toISOString().slice(0, 10)
32
-
33
- function exists(relativePath) {
34
- return fs.existsSync(path.join(target, relativePath))
35
- }
36
-
37
- function safeJson(relativePath) {
38
- const fullPath = path.join(target, relativePath)
39
- if (!fs.existsSync(fullPath)) return null
40
- try {
41
- return JSON.parse(fs.readFileSync(fullPath, 'utf8').replace(/^\uFEFF/, ''))
42
- } catch {
43
- return null
44
- }
45
- }
46
-
47
- function listTopLevelDirs() {
48
- if (!fs.existsSync(target)) return []
49
- return fs
50
- .readdirSync(target, { withFileTypes: true })
51
- .filter((entry) => entry.isDirectory())
52
- .map((entry) => entry.name)
53
- }
54
-
55
- function detectMode() {
56
- const pkg = safeJson('package.json')
57
- const scripts = pkg?.scripts ?? {}
58
- const deps = { ...(pkg?.dependencies ?? {}), ...(pkg?.devDependencies ?? {}) }
59
- const topLevelDirs = listTopLevelDirs()
60
- const reasons = []
61
-
62
- const enterpriseSignals = [
63
- ['.mcp.json', exists('.mcp.json')],
64
- ['.claude/', exists('.claude')],
65
- ['.codex/', exists('.codex')],
66
- ['.agents/', exists('.agents')],
67
- ['hooks/', exists('hooks') || exists('.gse/hooks')],
68
- ['plugins/', exists('plugins') || exists('.gse/plugins')],
69
- ['release workflow', exists('release.md') || exists('CHANGELOG.md') || Boolean(scripts.release || scripts.deploy || scripts['release:dry-run'])],
70
- ['multiple app/package directories', topLevelDirs.filter((name) => ['apps', 'packages', 'services', 'workers'].includes(name)).length >= 2],
71
- ].filter(([, ok]) => ok)
72
-
73
- if (enterpriseSignals.length > 0) {
74
- reasons.push(...enterpriseSignals.map(([label]) => label))
75
- return { mode: 'enterprise', reasons }
76
- }
77
-
78
- const standardSignals = [
79
- ['package.json', Boolean(pkg)],
80
- ['project rules', exists('AGENTS.md') || exists('CLAUDE.md') || exists('README.md')],
81
- ['CI workflow', exists('.github/workflows') || exists('.gitlab-ci.yml')],
82
- ['browser/test config', exists('playwright.config.ts') || exists('playwright.config.js') || exists('vitest.config.ts') || exists('jest.config.js')],
83
- ['TypeScript', exists('tsconfig.json') || Boolean(deps.typescript)],
84
- ['test/build scripts', Boolean(scripts.test || scripts.build || scripts.typecheck || scripts.lint)],
85
- ['docs directory', exists('docs')],
86
- ].filter(([, ok]) => ok)
87
-
88
- if (standardSignals.length >= 2) {
89
- reasons.push(...standardSignals.map(([label]) => label))
90
- return { mode: 'standard', reasons }
91
- }
92
-
93
- if (standardSignals.length === 1) reasons.push(...standardSignals.map(([label]) => label))
94
- if (reasons.length === 0) reasons.push('empty or minimal project')
95
- return { mode: 'lite', reasons }
96
- }
97
-
98
- const autoSelection = requestedMode === 'auto' ? detectMode() : { mode: requestedMode, reasons: ['explicit --mode ' + requestedMode] }
99
- const mode = autoSelection.mode
100
-
101
- function renderJson(value) {
102
- return JSON.stringify(value, null, 2) + '\n'
103
- }
104
-
105
- function writeIfMissing(relativePath, content) {
106
- const filePath = path.join(gseDir, relativePath)
107
- fs.mkdirSync(path.dirname(filePath), { recursive: true })
108
- if (!force && fs.existsSync(filePath)) {
109
- return { relativePath, status: 'skipped' }
110
- }
111
- fs.writeFileSync(filePath, content.trimStart().replace(/\n/g, '\r\n'), 'utf8')
112
- return { relativePath, status: 'written' }
113
- }
114
-
115
- function writeProjectFileIfMissing(relativePath, content) {
116
- const filePath = path.join(target, relativePath)
117
- fs.mkdirSync(path.dirname(filePath), { recursive: true })
118
- if (!force && fs.existsSync(filePath)) return { relativePath, status: 'skipped' }
119
- fs.writeFileSync(filePath, content.trimStart().replace(/\n/g, '\r\n'), 'utf8')
120
- return { relativePath, status: 'written' }
121
- }
122
-
123
- const hostAdapterConfigs = {
124
- codex: {
125
- path: '.codex/gse-adapter.md',
126
- title: 'Codex Adapter',
127
- bullets: [
128
- 'Start meaningful work from `.gse/project-profile.md`, `.gse/goal-map.md`, and `.gse/quality-gates.md`.',
129
- 'Use `.gse/goals/` for module-level goal details when the root goal map becomes too large.',
130
- 'Record current-session evidence before marking subagents, MCP, browser, LSP, or model routing as verified.',
131
- ],
132
- },
133
- claude: {
134
- path: '.claude/gse-adapter.md',
135
- title: 'Claude Code Adapter',
136
- bullets: [
137
- 'Commands, agents, hooks, and skills should point back to `.gse/` for goals, evidence, quality gates, and learning rules.',
138
- 'Keep host-specific prompts short; keep reusable workflow policy in `.gse/`.',
139
- 'Use `.gse/goals/` for module-level goal details when the root goal map becomes too large.',
140
- ],
141
- },
142
- }
143
-
144
- function selectedHostAdapters() {
145
- if (mode !== 'enterprise') return []
146
- if (hostAdaptersArg === 'none') return []
147
- if (hostAdaptersArg === 'all') return Object.keys(hostAdapterConfigs)
148
- if (hostAdaptersArg !== 'auto') return hostAdaptersArg.split(',').map((item) => item.trim()).filter(Boolean)
149
- return Object.keys(hostAdapterConfigs).filter((host) => exists(host === 'codex' ? '.codex' : '.claude'))
150
- }
151
-
152
- function renderHostAdapter(config) {
153
- return `# ${config.title}
154
-
155
- Source of truth: \`.gse/\`.
156
-
157
- ${config.bullets.map((item) => '- ' + item).join('\n')}
158
-
159
- Capability status vocabulary: \`verified\`, \`documented\`, \`unknown\`, \`unavailable\`.
160
- `
161
- }
162
-
163
- fs.mkdirSync(gseDir, { recursive: true })
164
- fs.mkdirSync(path.join(gseDir, 'changes'), { recursive: true })
165
- fs.mkdirSync(path.join(gseDir, 'evidence'), { recursive: true })
166
- fs.mkdirSync(path.join(gseDir, 'templates'), { recursive: true })
167
- fs.mkdirSync(path.join(gseDir, 'goals'), { recursive: true })
168
-
169
- if (mode === 'standard' || mode === 'enterprise') {
170
- for (const dir of ['agents', 'skills', 'lsp']) {
171
- fs.mkdirSync(path.join(gseDir, dir), { recursive: true })
172
- }
173
- }
174
-
175
- if (mode === 'enterprise') {
176
- for (const dir of ['hooks', 'mcp', 'plugins']) {
177
- fs.mkdirSync(path.join(gseDir, dir), { recursive: true })
178
- }
179
- }
180
-
181
- const results = [
182
- writeIfMissing(
183
- 'state.json',
184
- renderJson({
185
- schemaVersion: 1,
186
- projectName: path.basename(target),
187
- mode,
188
- canonicalPlan: '',
189
- phase: 'adopt',
190
- currentSlice: {
191
- id: '',
192
- outcome: '',
193
- status: 'planned',
194
- nextAction: 'Fill .gse/goal-map.md and choose the next verifiable slice.',
195
- },
196
- toolStatuses: {
197
- browser: 'unknown',
198
- lsp: 'unknown',
199
- mcp: 'unknown',
200
- subagents: 'unknown',
201
- ci: 'unknown',
202
- },
203
- lastEvidence: '.gse/evidence/index.jsonl',
204
- residualRisks: [
205
- 'Project commands and host tools are unknown until verified in this repository.',
206
- ],
207
- }),
208
- ),
1
+ #!/usr/bin/env node
2
+ import fs from 'node:fs'
3
+ import path from 'node:path'
4
+
5
+ const args = process.argv.slice(2)
6
+
7
+ function readArg(name, fallback = null) {
8
+ const index = args.indexOf(name)
9
+ if (index === -1) return fallback
10
+ return args[index + 1] ?? fallback
11
+ }
12
+
13
+ const target = path.resolve(readArg('--target', process.cwd()))
14
+ const force = args.includes('--force')
15
+ const requestedMode = readArg('--mode', 'auto')
16
+ const hostAdaptersArg = readArg('--host-adapters', 'auto')
17
+ const validModes = new Set(['auto', 'lite', 'standard', 'enterprise'])
18
+ const validHostAdapters = new Set(['auto', 'all', 'none'])
19
+
20
+ if (!validModes.has(requestedMode)) {
21
+ console.error(`Invalid --mode "${requestedMode}". Expected one of: auto, lite, standard, enterprise.`)
22
+ process.exit(1)
23
+ }
24
+
25
+ if (!validHostAdapters.has(hostAdaptersArg) && !hostAdaptersArg.split(',').every((item) => ['codex', 'claude'].includes(item.trim()))) {
26
+ console.error(`Invalid --host-adapters "${hostAdaptersArg}". Expected auto, all, none, codex, claude, or codex,claude.`)
27
+ process.exit(1)
28
+ }
29
+
30
+ const gseDir = path.join(target, '.gse')
31
+ const date = new Date().toISOString().slice(0, 10)
32
+
33
+ function exists(relativePath) {
34
+ return fs.existsSync(path.join(target, relativePath))
35
+ }
36
+
37
+ function safeJson(relativePath) {
38
+ const fullPath = path.join(target, relativePath)
39
+ if (!fs.existsSync(fullPath)) return null
40
+ try {
41
+ return JSON.parse(fs.readFileSync(fullPath, 'utf8').replace(/^\uFEFF/, ''))
42
+ } catch {
43
+ return null
44
+ }
45
+ }
46
+
47
+ function listTopLevelDirs() {
48
+ if (!fs.existsSync(target)) return []
49
+ return fs
50
+ .readdirSync(target, { withFileTypes: true })
51
+ .filter((entry) => entry.isDirectory())
52
+ .map((entry) => entry.name)
53
+ }
54
+
55
+ function detectMode() {
56
+ const pkg = safeJson('package.json')
57
+ const scripts = pkg?.scripts ?? {}
58
+ const deps = { ...(pkg?.dependencies ?? {}), ...(pkg?.devDependencies ?? {}) }
59
+ const topLevelDirs = listTopLevelDirs()
60
+ const reasons = []
61
+
62
+ const enterpriseSignals = [
63
+ ['.mcp.json', exists('.mcp.json')],
64
+ ['.claude/', exists('.claude')],
65
+ ['.codex/', exists('.codex')],
66
+ ['.agents/', exists('.agents')],
67
+ ['hooks/', exists('hooks') || exists('.gse/hooks')],
68
+ ['plugins/', exists('plugins') || exists('.gse/plugins')],
69
+ ['release workflow', exists('release.md') || exists('CHANGELOG.md') || Boolean(scripts.release || scripts.deploy || scripts['release:dry-run'])],
70
+ ['multiple app/package directories', topLevelDirs.filter((name) => ['apps', 'packages', 'services', 'workers'].includes(name)).length >= 2],
71
+ ].filter(([, ok]) => ok)
72
+
73
+ if (enterpriseSignals.length > 0) {
74
+ reasons.push(...enterpriseSignals.map(([label]) => label))
75
+ return { mode: 'enterprise', reasons }
76
+ }
77
+
78
+ const standardSignals = [
79
+ ['package.json', Boolean(pkg)],
80
+ ['project rules', exists('AGENTS.md') || exists('CLAUDE.md') || exists('README.md')],
81
+ ['CI workflow', exists('.github/workflows') || exists('.gitlab-ci.yml')],
82
+ ['browser/test config', exists('playwright.config.ts') || exists('playwright.config.js') || exists('vitest.config.ts') || exists('jest.config.js')],
83
+ ['TypeScript', exists('tsconfig.json') || Boolean(deps.typescript)],
84
+ ['test/build scripts', Boolean(scripts.test || scripts.build || scripts.typecheck || scripts.lint)],
85
+ ['docs directory', exists('docs')],
86
+ ].filter(([, ok]) => ok)
87
+
88
+ if (standardSignals.length >= 2) {
89
+ reasons.push(...standardSignals.map(([label]) => label))
90
+ return { mode: 'standard', reasons }
91
+ }
92
+
93
+ if (standardSignals.length === 1) reasons.push(...standardSignals.map(([label]) => label))
94
+ if (reasons.length === 0) reasons.push('empty or minimal project')
95
+ return { mode: 'lite', reasons }
96
+ }
97
+
98
+ const autoSelection = requestedMode === 'auto' ? detectMode() : { mode: requestedMode, reasons: ['explicit --mode ' + requestedMode] }
99
+ const mode = autoSelection.mode
100
+
101
+ function renderJson(value) {
102
+ return JSON.stringify(value, null, 2) + '\n'
103
+ }
104
+
105
+ function writeIfMissing(relativePath, content) {
106
+ const filePath = path.join(gseDir, relativePath)
107
+ fs.mkdirSync(path.dirname(filePath), { recursive: true })
108
+ if (!force && fs.existsSync(filePath)) {
109
+ return { relativePath, status: 'skipped' }
110
+ }
111
+ fs.writeFileSync(filePath, content.trimStart().replace(/\n/g, '\r\n'), 'utf8')
112
+ return { relativePath, status: 'written' }
113
+ }
114
+
115
+ function writeProjectFileIfMissing(relativePath, content) {
116
+ const filePath = path.join(target, relativePath)
117
+ fs.mkdirSync(path.dirname(filePath), { recursive: true })
118
+ if (!force && fs.existsSync(filePath)) return { relativePath, status: 'skipped' }
119
+ fs.writeFileSync(filePath, content.trimStart().replace(/\n/g, '\r\n'), 'utf8')
120
+ return { relativePath, status: 'written' }
121
+ }
122
+
123
+ const hostAdapterConfigs = {
124
+ codex: {
125
+ path: '.codex/gse-adapter.md',
126
+ title: 'Codex Adapter',
127
+ bullets: [
128
+ 'Start meaningful work from `.gse/project-profile.md`, `.gse/goal-map.md`, and `.gse/quality-gates.md`.',
129
+ 'Use `.gse/goals/` for module-level goal details when the root goal map becomes too large.',
130
+ 'Record current-session evidence before marking subagents, MCP, browser, LSP, or model routing as verified.',
131
+ ],
132
+ },
133
+ claude: {
134
+ path: '.claude/gse-adapter.md',
135
+ title: 'Claude Code Adapter',
136
+ bullets: [
137
+ 'Commands, agents, hooks, and skills should point back to `.gse/` for goals, evidence, quality gates, and learning rules.',
138
+ 'Keep host-specific prompts short; keep reusable workflow policy in `.gse/`.',
139
+ 'Use `.gse/goals/` for module-level goal details when the root goal map becomes too large.',
140
+ ],
141
+ },
142
+ }
143
+
144
+ function selectedHostAdapters() {
145
+ if (mode !== 'enterprise') return []
146
+ if (hostAdaptersArg === 'none') return []
147
+ if (hostAdaptersArg === 'all') return Object.keys(hostAdapterConfigs)
148
+ if (hostAdaptersArg !== 'auto') return hostAdaptersArg.split(',').map((item) => item.trim()).filter(Boolean)
149
+ return Object.keys(hostAdapterConfigs).filter((host) => exists(host === 'codex' ? '.codex' : '.claude'))
150
+ }
151
+
152
+ function renderHostAdapter(config) {
153
+ return `# ${config.title}
154
+
155
+ Source of truth: \`.gse/\`.
156
+
157
+ ${config.bullets.map((item) => '- ' + item).join('\n')}
158
+
159
+ Capability status vocabulary: \`verified\`, \`documented\`, \`unknown\`, \`unavailable\`.
160
+ `
161
+ }
162
+
163
+ fs.mkdirSync(gseDir, { recursive: true })
164
+ fs.mkdirSync(path.join(gseDir, 'changes'), { recursive: true })
165
+ fs.mkdirSync(path.join(gseDir, 'evidence'), { recursive: true })
166
+ fs.mkdirSync(path.join(gseDir, 'templates'), { recursive: true })
167
+ fs.mkdirSync(path.join(gseDir, 'goals'), { recursive: true })
168
+
169
+ if (mode === 'standard' || mode === 'enterprise') {
170
+ for (const dir of ['agents', 'skills', 'lsp']) {
171
+ fs.mkdirSync(path.join(gseDir, dir), { recursive: true })
172
+ }
173
+ }
174
+
175
+ if (mode === 'enterprise') {
176
+ for (const dir of ['hooks', 'mcp', 'plugins']) {
177
+ fs.mkdirSync(path.join(gseDir, dir), { recursive: true })
178
+ }
179
+ }
180
+
181
+ const results = [
182
+ writeIfMissing(
183
+ 'state.json',
184
+ renderJson({
185
+ schemaVersion: 1,
186
+ projectName: path.basename(target),
187
+ mode,
188
+ canonicalPlan: '',
189
+ phase: 'adopt',
190
+ currentSlice: {
191
+ id: '',
192
+ outcome: '',
193
+ status: 'planned',
194
+ nextAction: 'Fill .gse/goal-map.md and choose the next verifiable slice.',
195
+ },
196
+ toolStatuses: {
197
+ browser: 'unknown',
198
+ lsp: 'unknown',
199
+ mcp: 'unknown',
200
+ subagents: 'unknown',
201
+ ci: 'unknown',
202
+ },
203
+ lastEvidence: `.gse/evidence/${date}.md`,
204
+ residualRisks: [
205
+ 'Project commands and host tools are unknown until verified in this repository.',
206
+ ],
207
+ }),
208
+ ),
209
209
  writeIfMissing(
210
210
  'evidence/index.jsonl',
211
- JSON.stringify({
211
+ JSON.stringify({
212
212
  date,
213
213
  recordType: 'adoption',
214
214
  status: 'result',
215
+ evidenceLevel: 'result',
216
+ requiredEvidenceLevel: 'verified-unit',
215
217
  summary: `Initialized GSE ${mode} scaffold.`,
216
218
  evidenceFile: `.gse/evidence/${date}.md`,
217
- commands: [`node <gse-skill>/scripts/init-project.mjs --target <project-root> --mode ${requestedMode}`],
219
+ commands: [`node <gse-skill>/scripts/init-project.mjs --target <project-root> --mode ${requestedMode}`],
218
220
  nextAction: 'Record project-specific profile, canonical plan, quality gates, and first verified slice.',
219
221
  }) + '\n',
220
222
  ),
221
223
  writeIfMissing(
222
- 'README.md',
223
- `# GSE Workflow
224
+ `evidence/${date}.md`,
225
+ `# GSE Adoption Evidence
224
226
 
225
- This project uses GSE: Goal-Spec-Evidence Engineering.
227
+ - Date: ${date}
228
+ - Status: result
229
+ - Evidence level: result
230
+ - Summary: Initialized GSE ${mode} scaffold.
231
+ - Command: \`node <gse-skill>/scripts/init-project.mjs --target <project-root> --mode ${requestedMode}\`
226
232
 
227
- Start meaningful work by reading:
228
-
229
- 1. Project agent rules, such as AGENTS.md or CLAUDE.md.
230
- 2. .gse/state.json.
231
- 3. .gse/project-profile.md.
232
- 4. .gse/goal-map.md.
233
- 5. .gse/quality-gates.md.
234
- 6. The relevant change folder under .gse/changes/ when one exists.
235
-
236
- Core loop:
237
-
238
- \`\`\`text
239
- Goal -> Spec -> Execute -> Evidence -> Learn
240
- \`\`\`
241
-
242
- Keep the workflow as light as the task allows and as rigorous as the risk requires.
243
-
244
- Bootstrap mode: ${mode}
245
- Mode selection: ${requestedMode === 'auto' ? 'auto' : 'manual'}
246
- Selection reasons: ${autoSelection.reasons.join(', ')}
233
+ Next action: Record project-specific profile, canonical plan, quality gates, and first verified slice.
247
234
  `,
248
235
  ),
236
+ writeIfMissing(
237
+ 'README.md',
238
+ `# GSE Workflow
239
+
240
+ This project uses GSE: Goal-Spec-Evidence Engineering.
241
+
242
+ Start meaningful work by reading:
243
+
244
+ 1. Project agent rules, such as AGENTS.md or CLAUDE.md.
245
+ 2. .gse/state.json.
246
+ 3. .gse/project-profile.md.
247
+ 4. .gse/goal-map.md.
248
+ 5. .gse/quality-gates.md.
249
+ 6. .gse/project-guards.md.
250
+ 7. The relevant change folder under .gse/changes/ when one exists.
251
+
252
+ Core loop:
253
+
254
+ \`\`\`text
255
+ Goal -> Spec -> Execute -> Evidence -> Learn
256
+ \`\`\`
257
+
258
+ Keep the workflow as light as the task allows and as rigorous as the risk requires.
259
+
260
+ Bootstrap mode: ${mode}
261
+ Mode selection: ${requestedMode === 'auto' ? 'auto' : 'manual'}
262
+ Selection reasons: ${autoSelection.reasons.join(', ')}
263
+ `,
264
+ ),
265
+ writeIfMissing(
266
+ 'project-profile.md',
267
+ `# Project Profile
268
+
269
+ Keep this file short and factual. Project-specific rules override generic GSE defaults.
270
+
271
+ ## Identity
272
+
273
+ - Product/system name:
274
+ - Repository type:
275
+ - Main languages/frameworks:
276
+
277
+ ## Development Commands
278
+
279
+ - Install:
280
+ - Dev server:
281
+ - Focused test:
282
+ - Typecheck/lint/build:
283
+ - Encoding or generated-file checks:
284
+
285
+ ## Standards
286
+
287
+ - Coding standards:
288
+ - Formatting:
289
+ - Testing expectations:
290
+ - Documentation expectations:
291
+
292
+ ## Tool Connections
293
+
294
+ | Tool | Purpose | Command/config | Status |
295
+ |---|---|---|---|
296
+ | rg | Search files/text | rg / rg --files | recommended |
297
+ | LSP/index | Symbol navigation | - | unknown |
298
+ | Browser/Playwright | UI smoke | - | unknown |
299
+ | MCP | External tools/data | - | unknown |
300
+ | CI | Automated gates | - | unknown |
301
+ | Deploy | Release path | - | unknown |
302
+
303
+ ## Agent Host Adapters
304
+
305
+ - Codex:
306
+ - Claude Code:
307
+ - Hermes/AION-style runtime:
308
+ - WorkBuddy/other:
309
+
310
+ ## Security And Permissions
311
+
312
+ - Secrets handling:
313
+ - Write-capable tools:
314
+ - Destructive commands:
315
+ - External services:
316
+
317
+ ## Release And Rollback
318
+
319
+ - Release command/process:
320
+ - Rollback:
321
+ - Smoke checks:
322
+
323
+ ## Known Gotchas
324
+
325
+ - Add recurring project-specific issues here.
326
+ `,
327
+ ),
328
+ writeIfMissing(
329
+ 'goal-map.md',
330
+ `# Goal Map
331
+
332
+ Updated: ${date}
333
+
334
+ ## North Star
335
+
336
+ Describe the durable project outcome here.
337
+
338
+ ## Current Focus
339
+
340
+ - Priority: P0
341
+ - Active slice: Define the next verifiable slice.
342
+ - Next action: Fill this in before implementation starts.
343
+
344
+ ## Goal Nodes
345
+
346
+ | ID | Goal | Status | Priority | Evidence | Next Slice |
347
+ |---|---|---|---|---|---|
348
+ | G-001 | Establish project workflow | planned | P1 | - | Initialize GSE and bind first real task |
349
+
350
+ ## Risks
351
+
352
+ - Add project-specific risks here.
353
+ `,
354
+ ),
249
355
  writeIfMissing(
250
- 'project-profile.md',
251
- `# Project Profile
252
-
253
- Keep this file short and factual. Project-specific rules override generic GSE defaults.
254
-
255
- ## Identity
256
-
257
- - Product/system name:
258
- - Repository type:
259
- - Main languages/frameworks:
260
-
261
- ## Development Commands
262
-
263
- - Install:
264
- - Dev server:
265
- - Focused test:
266
- - Typecheck/lint/build:
267
- - Encoding or generated-file checks:
268
-
269
- ## Standards
270
-
271
- - Coding standards:
272
- - Formatting:
273
- - Testing expectations:
274
- - Documentation expectations:
275
-
276
- ## Tool Connections
277
-
278
- | Tool | Purpose | Command/config | Status |
279
- |---|---|---|---|
280
- | rg | Search files/text | rg / rg --files | recommended |
281
- | LSP/index | Symbol navigation | - | unknown |
282
- | Browser/Playwright | UI smoke | - | unknown |
283
- | MCP | External tools/data | - | unknown |
284
- | CI | Automated gates | - | unknown |
285
- | Deploy | Release path | - | unknown |
286
-
287
- ## Agent Host Adapters
288
-
289
- - Codex:
290
- - Claude Code:
291
- - Hermes/AION-style runtime:
292
- - WorkBuddy/other:
293
-
294
- ## Security And Permissions
295
-
296
- - Secrets handling:
297
- - Write-capable tools:
298
- - Destructive commands:
299
- - External services:
300
-
301
- ## Release And Rollback
302
-
303
- - Release command/process:
304
- - Rollback:
305
- - Smoke checks:
306
-
307
- ## Known Gotchas
308
-
309
- - Add recurring project-specific issues here.
356
+ 'quality-gates.md',
357
+ `# Quality Gates
358
+
359
+ ## Universal
360
+
361
+ - Outcome, scope, acceptance, evidence, and next action are explicit.
362
+ - Verification matches the task risk.
363
+ - No unrelated files are staged or committed.
364
+
365
+ ## Code
366
+
367
+ - Run focused tests for changed behavior.
368
+ - Run typecheck, lint, or build when relevant.
369
+
370
+ ## UI
371
+
372
+ - Use browser, Playwright, component tests, or screenshots for visible behavior.
373
+
374
+ ## Release
375
+
376
+ - Record migration, rollback, and known risks for release-impacting work.
377
+
378
+ ## Learning
379
+
380
+ - Capture reusable lessons and promote recurring issues into gates.
310
381
  `,
311
382
  ),
312
383
  writeIfMissing(
313
- 'goal-map.md',
314
- `# Goal Map
315
-
316
- Updated: ${date}
317
-
318
- ## North Star
319
-
320
- Describe the durable project outcome here.
321
-
322
- ## Current Focus
384
+ 'project-guards.md',
385
+ `# Project Guards
323
386
 
324
- - Priority: P0
325
- - Active slice: Define the next verifiable slice.
326
- - Next action: Fill this in before implementation starts.
387
+ Project guards are reusable preflight rules promoted from repeated project lessons.
327
388
 
328
- ## Goal Nodes
389
+ GSE reads this file during \`/gse continue\` and surfaces active guards before implementation. Keep it short, project-local, and evidence-bound.
329
390
 
330
- | ID | Goal | Status | Priority | Evidence | Next Slice |
391
+ | ID | Guard | Severity | Trigger | Check | Status |
331
392
  |---|---|---|---|---|---|
332
- | G-001 | Establish project workflow | planned | P1 | - | Initialize GSE and bind first real task |
333
-
334
- ## Risks
335
-
336
- - Add project-specific risks here.
337
- `,
338
- ),
339
- writeIfMissing(
340
- 'quality-gates.md',
341
- `# Quality Gates
342
-
343
- ## Universal
344
-
345
- - Outcome, scope, acceptance, evidence, and next action are explicit.
346
- - Verification matches the task risk.
347
- - No unrelated files are staged or committed.
348
-
349
- ## Code
350
-
351
- - Run focused tests for changed behavior.
352
- - Run typecheck, lint, or build when relevant.
353
-
354
- ## UI
355
-
356
- - Use browser, Playwright, component tests, or screenshots for visible behavior.
357
-
358
- ## Release
359
-
360
- - Record migration, rollback, and known risks for release-impacting work.
361
-
362
- ## Learning
363
-
364
- - Capture reusable lessons and promote recurring issues into gates.
393
+ | WIN-SHELL | Use shell syntax that matches the active host. On Windows, prefer \`cmd /c\` for npm, pnpm, npx, and similar commands when PowerShell shims or operators are unreliable. | high | Windows shell or package-manager command | Confirm command syntax is valid for the current shell before running or documenting it. | active |
394
+ | SPARSE-GIT | Check sparse checkout before staging generated workflow folders. | high | \`.gse/\`, host adapter, or generated scaffold changes | If sparse checkout is active and the path is outside the cone, use sparse-aware staging or record the limitation. | active |
395
+ | UTF8-DOC | Use UTF-8-safe readers for Chinese or multilingual docs before judging mojibake. | high | Chinese docs, encoding complaints, generated docs | Read with Node UTF-8 or another UTF-8-safe viewer; run the project encoding check when docs changed. | active |
396
+ | EVIDENCE-STALE | Treat stale, broken, or schema-weak evidence as a preflight problem. | high | \`.gse/evidence/index.jsonl\`, state, close gate | Validate JSONL and make sure latest evidence matches the current slice before closing. | active |
397
+ | UI-EVIDENCE | Label UI/browser verification downgrades explicitly. | medium | UI, browser, screenshot, component test, visual behavior | Mark evidence as unit, component, API, browser, CI, owner, release, or external instead of hiding downgrade under a generic verified label. | active |
398
+ | SUBAGENT-HONEST | Do not claim subagent dispatch unless the current host exposes real dispatch evidence. | high | multi-agent, subagent, role dispatch, parallel work | If no real dispatch tool exists, run roles sequentially or use file/tool parallelism and say so. | active |
399
+ | SYNC-NO-INTERRUPT | Do not interrupt running project sessions with cross-thread GSE sync messages. | high | GSE upgrade sync, delegation, background thread message | Prefer evidence records or owner action notes; only send a short cross-thread sync when the target session is idle or the owner explicitly asks. | active |
365
400
  `,
366
401
  ),
367
402
  writeIfMissing(
368
403
  'tooling.md',
369
404
  `# Tooling
370
-
371
- Minimum tools: git, shell, and project test/build commands.
372
-
373
- Recommended tools:
374
-
375
- - rg / rg --files for fast search.
376
- - LSP or code index for large projects.
377
- - Browser or Playwright for UI verification.
378
- - OpenSpec for capability specs.
379
- - Comet for change lifecycle when available.
380
- - Self-improvement or learnings files for durable lessons.
381
-
405
+
406
+ Minimum tools: git, shell, and project test/build commands.
407
+
408
+ Recommended tools:
409
+
410
+ - rg / rg --files for fast search.
411
+ - LSP or code index for large projects.
412
+ - Browser or Playwright for UI verification.
413
+ - OpenSpec for capability specs.
414
+ - Comet for change lifecycle when available.
415
+ - Self-improvement or learnings files for durable lessons.
416
+
382
417
  Do not claim a tool was used when it was not available.
383
418
  `,
384
419
  ),
385
420
  writeIfMissing(
386
- 'learnings.md',
387
- `# Learnings
388
-
389
- Record only reusable lessons.
421
+ 'host-capabilities.md',
422
+ `# Host Capabilities
390
423
 
391
- ## Template
424
+ Record current project and host capability facts here. A generated adapter, portable command, or another host's evidence is not proof for this host.
392
425
 
393
- ### YYYY-MM-DD - Short title
426
+ Status vocabulary: \`verified\`, \`documented\`, \`unknown\`, \`unavailable\`, \`external-required\`.
394
427
 
395
- - Trigger:
396
- - Lesson:
397
- - Prevention:
398
- - Promotion target:
428
+ | Capability | Host/Tool | Status | Evidence | Claim Boundary | Last Checked |
429
+ |---|---|---|---|---|---|
430
+ | native-slash-command | current host | external-required | - | Native slash-command support requires real host runtime invocation evidence, not portable \`/gse\` runner output. | - |
431
+ | browser | browser or Playwright | unknown | - | Browser proof requires a real browser/component/screenshot command for this project. | - |
432
+ | mcp | MCP servers | unknown | - | MCP status is host and project specific. | - |
433
+ | lsp | LSP or code index | unknown | - | LSP/index status is current-session specific unless project docs prove it. | - |
434
+ | subagent | host dispatch | unknown | - | Real subagent dispatch requires verified host/tool evidence; sequential role fallback is not real dispatch. | - |
435
+ | ci | project CI | unknown | - | CI is verified only after a workflow/config or run is checked for this project. | - |
399
436
  `,
400
437
  ),
401
438
  writeIfMissing(
402
- 'templates/change-brief.md',
403
- `# Change Brief
404
-
405
- ## Outcome
406
-
407
- ## Scope
408
-
409
- ## Non-goals
410
-
411
- ## Acceptance
412
-
413
- ## Evidence Plan
414
-
415
- ## Risks
416
-
417
- ## Next Action
418
- `,
419
- ),
439
+ 'learnings.md',
440
+ `# Learnings
441
+
442
+ Record only reusable lessons.
443
+
444
+ ## Template
445
+
446
+ ### YYYY-MM-DD - Short title
447
+
448
+ - Trigger:
449
+ - Lesson:
450
+ - Prevention:
451
+ - Promotion target:
452
+ `,
453
+ ),
454
+ writeIfMissing(
455
+ 'templates/change-brief.md',
456
+ `# Change Brief
457
+
458
+ ## Outcome
459
+
460
+ ## Scope
461
+
462
+ ## Non-goals
463
+
464
+ ## Acceptance
465
+
466
+ ## Evidence Plan
467
+
468
+ ## Risks
469
+
470
+ ## Next Action
471
+ `,
472
+ ),
420
473
  writeIfMissing(
421
474
  'templates/evidence.md',
422
475
  `# Evidence
423
476
 
424
- ## Commands
425
-
426
- ## Results
427
-
428
- ## Files Changed
429
-
430
- ## Residual Risk
431
-
432
- ## Follow-up
433
- `,
434
- ),
435
- writeIfMissing(
436
- 'templates/spec.md',
437
- `# Spec
438
-
439
- ## User Outcome
440
-
441
- ## Behavior
442
-
443
- ## State / Data Flow
444
-
445
- ## Error and Recovery
446
-
447
- ## Permissions and Privacy
448
-
449
- ## Acceptance Criteria
450
-
451
- ## Non-goals
452
- `,
453
- ),
454
- writeIfMissing(
455
- 'templates/design.md',
456
- `# Design
457
-
458
- ## Approach
459
-
460
- ## State / Data Flow
461
-
462
- ## Interfaces And Contracts
463
-
464
- ## Permissions And Privacy
465
-
466
- ## Error And Recovery
467
-
468
- ## Alternatives Considered
477
+ ## Status
469
478
 
470
- ## Rollback
479
+ - Evidence status:
480
+ - Evidence level:
481
+ - Required evidence level:
471
482
 
472
- ## Open Questions
473
- `,
474
- ),
475
- writeIfMissing(
476
- 'templates/tasks.md',
477
- `# Tasks
478
-
479
- ## Slice Plan
480
-
481
- - [ ] Define outcome, scope, acceptance, evidence, risk, and next action.
482
- - [ ] Locate existing patterns and ownership boundaries.
483
- - [ ] Implement the smallest verifiable change.
484
- - [ ] Run focused verification.
485
- - [ ] Record evidence and residual risk.
486
- - [ ] Update state, goal map, and handoff notes when relevant.
487
-
488
- ## Non-Goals
489
-
490
- ## Dependencies
491
-
492
- ## Stop Conditions
493
- `,
494
- ),
495
- writeIfMissing(
496
- 'templates/review.md',
497
- `# Review
498
-
499
- ## Spec Compliance
500
-
501
- ## Code Quality
502
-
503
- ## Architecture / Ownership
504
-
505
- ## Security / Privacy
506
-
507
- ## Regression Risk
508
-
509
- ## Evidence Review
510
-
511
- ## Findings
512
-
513
- ## Closure
514
- `,
515
- ),
516
- writeIfMissing(
517
- 'templates/execution-quality-pack.md',
518
- `# Execution Quality Pack
519
-
520
- ## Task Profile
521
-
522
- - Level: lite | standard | enterprise
523
- - Change type:
524
- - User-visible impact:
525
- - Data/security/release impact:
526
-
527
- ## Required Skills Or Roles
528
-
529
- | Role / Skill | Purpose | Required | Evidence |
530
- |---|---|---|---|
531
- | Coordinator | Scope, final judgment, integration | yes | plan/state/evidence |
532
- | Code Locator | Files, symbols, existing tests | when code changes | search/LSP notes |
533
- | Builder | Bounded implementation | when files change | diff + focused check |
534
- | QA / Verification | Focused proof | yes | command/browser/API smoke |
535
- | Reviewer | Spec, quality, architecture, security | risk-based | review notes |
536
-
537
- ## Tool Routing
538
-
539
- ## Quality Gates Selected
540
-
541
- ## Evidence Plan
542
-
543
- ## Review And Closure
544
- `,
545
- ),
546
- writeIfMissing(
547
- 'goals/README.md',
548
- `# Goal Details
549
-
550
- Use this folder for module-level or stream-level goal details when \`.gse/goal-map.md\` becomes too large.
551
-
552
- Keep \`.gse/goal-map.md\` as the short index:
553
-
554
- - North Star
555
- - Current focus
556
- - Top goal nodes
557
- - Risks
558
- - Next slices
559
-
560
- Put detailed module goals here, for example:
561
-
562
- - \`frontend.md\`
563
- - \`backend.md\`
564
- - \`memory.md\`
565
- - \`worker.md\`
566
- - \`release.md\`
567
- `,
568
- ),
569
- ]
570
-
571
- if (mode === 'standard' || mode === 'enterprise') {
572
- results.push(
573
- writeIfMissing(
574
- 'agent-workspace.md',
575
- `# Agent Workspace
576
-
577
- This project keeps portable agent workflow files under .gse/.
578
-
579
- Host-specific folders such as .codex/, .claude/, .agents/, or runtime-specific directories may point back here, but .gse/ is the source of truth.
580
-
581
- ## Local Map
483
+ ## Commands
582
484
 
583
- - Goal map: .gse/goal-map.md
584
- - Quality gates: .gse/quality-gates.md
485
+ ## Results
486
+
487
+ ## Files Changed
488
+
489
+ ## Residual Risk
490
+
491
+ ## Follow-up
492
+ `,
493
+ ),
494
+ writeIfMissing(
495
+ 'templates/spec.md',
496
+ `# Spec
497
+
498
+ ## User Outcome
499
+
500
+ ## Behavior
501
+
502
+ ## State / Data Flow
503
+
504
+ ## Error and Recovery
505
+
506
+ ## Permissions and Privacy
507
+
508
+ ## Acceptance Criteria
509
+
510
+ ## Non-goals
511
+ `,
512
+ ),
513
+ writeIfMissing(
514
+ 'templates/design.md',
515
+ `# Design
516
+
517
+ ## Approach
518
+
519
+ ## State / Data Flow
520
+
521
+ ## Interfaces And Contracts
522
+
523
+ ## Permissions And Privacy
524
+
525
+ ## Error And Recovery
526
+
527
+ ## Alternatives Considered
528
+
529
+ ## Rollback
530
+
531
+ ## Open Questions
532
+ `,
533
+ ),
534
+ writeIfMissing(
535
+ 'templates/tasks.md',
536
+ `# Tasks
537
+
538
+ ## Slice Plan
539
+
540
+ - [ ] Define outcome, scope, acceptance, evidence, risk, and next action.
541
+ - [ ] Locate existing patterns and ownership boundaries.
542
+ - [ ] Implement the smallest verifiable change.
543
+ - [ ] Run focused verification.
544
+ - [ ] Record evidence and residual risk.
545
+ - [ ] Update state, goal map, and handoff notes when relevant.
546
+
547
+ ## Non-Goals
548
+
549
+ ## Dependencies
550
+
551
+ ## Stop Conditions
552
+ `,
553
+ ),
554
+ writeIfMissing(
555
+ 'templates/review.md',
556
+ `# Review
557
+
558
+ ## Spec Compliance
559
+
560
+ ## Code Quality
561
+
562
+ ## Architecture / Ownership
563
+
564
+ ## Security / Privacy
565
+
566
+ ## Regression Risk
567
+
568
+ ## Evidence Review
569
+
570
+ ## Findings
571
+
572
+ ## Closure
573
+ `,
574
+ ),
575
+ writeIfMissing(
576
+ 'templates/execution-quality-pack.md',
577
+ `# Execution Quality Pack
578
+
579
+ ## Task Profile
580
+
581
+ - Level: lite | standard | enterprise
582
+ - Change type:
583
+ - User-visible impact:
584
+ - Data/security/release impact:
585
+
586
+ ## Required Skills Or Roles
587
+
588
+ | Role / Skill | Purpose | Required | Evidence |
589
+ |---|---|---|---|
590
+ | Coordinator | Scope, final judgment, integration | yes | plan/state/evidence |
591
+ | Code Locator | Files, symbols, existing tests | when code changes | search/LSP notes |
592
+ | Builder | Bounded implementation | when files change | diff + focused check |
593
+ | QA / Verification | Focused proof | yes | command/browser/API smoke |
594
+ | Reviewer | Spec, quality, architecture, security | risk-based | review notes |
595
+
596
+ ## Tool Routing
597
+
598
+ ## Quality Gates Selected
599
+
600
+ ## Evidence Plan
601
+
602
+ ## Review And Closure
603
+ `,
604
+ ),
605
+ writeIfMissing(
606
+ 'goals/README.md',
607
+ `# Goal Details
608
+
609
+ Use this folder for module-level or stream-level goal details when \`.gse/goal-map.md\` becomes too large.
610
+
611
+ Keep \`.gse/goal-map.md\` as the short index:
612
+
613
+ - North Star
614
+ - Current focus
615
+ - Top goal nodes
616
+ - Risks
617
+ - Next slices
618
+
619
+ Put detailed module goals here, for example:
620
+
621
+ - \`frontend.md\`
622
+ - \`backend.md\`
623
+ - \`memory.md\`
624
+ - \`worker.md\`
625
+ - \`release.md\`
626
+ `,
627
+ ),
628
+ ]
629
+
630
+ if (mode === 'standard' || mode === 'enterprise') {
631
+ results.push(
632
+ writeIfMissing(
633
+ 'agent-workspace.md',
634
+ `# Agent Workspace
635
+
636
+ This project keeps portable agent workflow files under .gse/.
637
+
638
+ Host-specific folders such as .codex/, .claude/, .agents/, or runtime-specific directories may point back here, but .gse/ is the source of truth.
639
+
640
+ ## Local Map
641
+
642
+ - Goal map: .gse/goal-map.md
643
+ - Quality gates: .gse/quality-gates.md
585
644
  - Agent roles: .gse/agents/roles.md
586
645
  - Dispatch rules: .gse/agents/dispatch.md
646
+ - Role fallback packets: .gse/agents/role-fallback-packets.md
587
647
  - Project skills: .gse/skills/README.md
588
648
  - LSP/index notes: .gse/lsp/README.md
589
-
590
- ## Adapter Rule
591
-
592
- Do not duplicate the whole workflow into a host-specific folder. Add a short pointer from that host folder back to .gse/ when needed.
593
- `,
594
- ),
595
- writeIfMissing(
596
- 'agents/roles.md',
597
- `# Agent Roles
598
-
599
- Use these roles as boundaries, whether they are executed by real subagents or sequentially by one agent.
600
-
649
+
650
+ ## Adapter Rule
651
+
652
+ Do not duplicate the whole workflow into a host-specific folder. Add a short pointer from that host folder back to .gse/ when needed.
653
+ `,
654
+ ),
655
+ writeIfMissing(
656
+ 'agents/roles.md',
657
+ `# Agent Roles
658
+
659
+ Use these roles as boundaries, whether they are executed by real subagents or sequentially by one agent.
660
+
601
661
  | Role | Responsibility | Write Access |
602
662
  |---|---|---|
603
663
  | Coordinator | Scope, context, final judgment, integration | yes |
664
+ | Planner | Outcome, scope, acceptance, evidence, risk, next action | docs/state only |
604
665
  | Product Analyst | Outcome, user pain, priority, non-goals | docs only |
605
666
  | Architect | Contracts, data flow, risks, rollback | docs/code by assignment |
606
- | Code Locator | Files, symbols, call chains, existing tests | no |
607
- | Builder | Bounded implementation slice | assigned files only |
667
+ | Locator | Files, symbols, call chains, existing tests | no |
668
+ | Implementer | Bounded implementation slice | assigned files only |
669
+ | Verifier | Focused checks and evidence level | evidence/test output only |
608
670
  | Reviewer | Diff review, regressions, missing tests | no |
609
- | QA | Focused verification and evidence | test/evidence only |
610
671
  | Docs/Evidence | Slice log, ADR links, learning entries | docs only |
672
+ | Release | Release, owner, CI, package, marketplace, registry, and host-runtime boundaries | docs/release only |
611
673
  `,
612
674
  ),
613
- writeIfMissing(
614
- 'agents/dispatch.md',
615
- `# Agent Dispatch
616
-
617
- Use real subagent tools only when the host exposes them.
618
-
675
+ writeIfMissing(
676
+ 'agents/dispatch.md',
677
+ `# Agent Dispatch
678
+
679
+ Use real subagent tools only when the host exposes them.
680
+
619
681
  ## Dispatch Packet
620
682
 
621
683
  - Role:
684
+ - Real delegation used: yes | no
622
685
  - Objective:
623
686
  - Allowed files:
624
687
  - Forbidden actions:
688
+ - Role output evidence:
625
689
  - Expected output:
626
690
  - Verification:
627
-
628
- ## Rules
629
-
630
- - Do not delegate final judgment.
631
- - Avoid parallel writes to the same file.
632
- - Say explicitly when subagent tools are unavailable and execute roles sequentially.
691
+
692
+ ## Rules
693
+
694
+ - Do not delegate final judgment.
695
+ - Avoid parallel writes to the same file.
696
+ - Say explicitly when subagent tools are unavailable and execute roles sequentially.
633
697
  - Keep prompts free of expected answers when using agents for validation.
634
698
  `,
635
699
  ),
636
700
  writeIfMissing(
637
- 'skills/README.md',
638
- `# Project Skills
639
-
640
- Record project-local skills and reusable workflows here.
641
-
642
- ## Inventory
643
-
644
- | Skill | Host | Purpose | Source | Status |
645
- |---|---|---|---|---|
646
-
647
- ## Rules
648
-
649
- - Prefer portable instructions under .gse/ when a workflow is useful across hosts.
650
- - Keep host-specific skills small and point back to .gse/ for project policy.
651
- - Do not claim a skill exists unless it is installed or documented here.
652
- `,
653
- ),
654
- writeIfMissing(
655
- 'lsp/README.md',
656
- `# LSP And Indexing
657
-
658
- Record code navigation tools for this project.
659
-
660
- ## Commands
661
-
662
- - Search files: rg --files
663
- - Search text: rg "pattern"
664
- - LSP/index command:
665
-
666
- ## Notes
667
-
668
- - Prefer symbol navigation for large projects when available.
669
- - Fall back to rg and existing tests when LSP is unavailable.
701
+ 'agents/role-fallback-packets.md',
702
+ `# Role Fallback Packets
703
+
704
+ These packets make role-separated work auditable even when real subagent tools are unavailable.
705
+
706
+ | Role | Mode | Real delegation used | Tool status | Fallback output | Evidence | Stop condition | Write access |
707
+ |---|---|---|---|---|---|---|---|
708
+ | Planner | sequential-role | no | unknown | Slice plan with outcome, scope, acceptance, evidence, risk, and next action | .gse/current-slice.md or planning note | Goal, roadmap, or acceptance source is contradictory | docs/state only |
709
+ | Locator | sequential-role | no | unknown | File, symbol, command, and existing-test map | search output or locator notes | Required files cannot be found or ownership is unclear | read-only |
710
+ | Implementer | sequential-role | no | unknown | Bounded diff in assigned files | git diff and changed-file list | Target files have unsafe unrelated dirty changes | assigned files only |
711
+ | Verifier | sequential-role | no | unknown | Focused command results and evidence level | command output summary and evidence record | Required focused check cannot run or fails without a repair path | evidence/test output only |
712
+ | Reviewer | sequential-role | no | unknown | Spec compliance and quality findings | review notes or explicit no-findings statement | Diff exceeds scope or missing tests are material | read-only |
713
+ | Docs/Evidence | sequential-role | no | unknown | Slice evidence, state, goal-map, and roadmap updates | .gse/evidence/index.jsonl and .gse/evidence/YYYY-MM-DD.md | Evidence cannot be recorded or JSONL is invalid | docs/evidence only |
714
+ | Release | sequential-role | no | unknown | Release, owner, external, CI, package, and host-runtime boundary check | final-readiness or public-acceptance audit summary | Local evidence is being used to claim owner/external support | docs/release only |
670
715
  `,
671
716
  ),
672
- )
673
- }
674
-
675
- if (mode === 'enterprise') {
676
- results.push(
677
717
  writeIfMissing(
678
- 'hooks/README.md',
679
- `# Hooks
680
-
681
- Record host-specific automation hooks here.
682
-
683
- ## Hook Inventory
684
-
685
- | Hook | Host | Trigger | Command | Risk |
686
- |---|---|---|---|---|
687
-
688
- ## Rules
689
-
690
- - Hooks must be explicit, reversible, and safe for the project.
691
- - Keep secrets out of hook files.
692
- - Document any destructive or networked behavior before enabling it.
693
- `,
694
- ),
695
- writeIfMissing(
696
- 'mcp/README.md',
697
- `# MCP
698
-
699
- Record MCP servers, permissions, and setup notes here.
700
-
701
- ## Servers
702
-
703
- | Server | Purpose | Permissions | Setup | Owner |
704
- |---|---|---|---|---|
705
-
706
- ## Rules
707
-
708
- - Keep real secrets out of source control.
709
- - Document write-capable tools and approval expectations.
710
- `,
711
- ),
712
- writeIfMissing(
713
- 'plugins/README.md',
714
- `# Plugins
715
-
716
- Record optional host plugins and runtime adapters here.
717
-
718
- ## Inventory
719
-
720
- | Plugin | Host | Purpose | Required | Notes |
721
- |---|---|---|---|---|
722
-
723
- ## Rules
724
-
725
- - Plugins are optional accelerators unless the project explicitly requires them.
726
- - Provide a markdown fallback when a plugin is unavailable.
727
- `,
728
- ),
729
- writeIfMissing(
730
- 'release.md',
731
- `# Release
732
-
733
- ## Checklist
734
-
735
- - Version or deployment target:
736
- - Migration:
737
- - Rollback:
738
- - Smoke test:
739
- - Known risks:
740
- `,
741
- ),
742
- writeIfMissing(
743
- 'incident-review.md',
744
- `# Incident Review
745
-
746
- ## Summary
747
-
748
- ## Impact
749
-
750
- ## Timeline
751
-
752
- ## Root Cause
753
-
754
- ## Fix
755
-
756
- ## Prevention
757
- `,
758
- ),
759
- writeIfMissing(
760
- 'audit.md',
761
- `# GSE Audit
762
-
763
- ## Coverage
764
-
765
- - Goal map:
766
- - Specs:
767
- - Evidence:
768
- - Quality gates:
769
- - Tooling:
770
- - Learning loop:
771
-
772
- ## Gaps
773
-
774
- ## Next Improvements
775
- `,
776
- ),
777
- )
778
- }
779
-
780
- for (const host of selectedHostAdapters()) {
781
- const config = hostAdapterConfigs[host]
782
- results.push(writeProjectFileIfMissing(config.path, renderHostAdapter(config)))
783
- }
784
-
785
- console.log(JSON.stringify({ target, gseDir, force, requestedMode, mode, selectionReasons: autoSelection.reasons, hostAdapters: selectedHostAdapters(), results }, null, 2))
718
+ 'skills/README.md',
719
+ `# Project Skills
720
+
721
+ Record project-local skills and reusable workflows here.
722
+
723
+ ## Inventory
724
+
725
+ | Skill | Host | Purpose | Source | Status |
726
+ |---|---|---|---|---|
727
+
728
+ ## Rules
729
+
730
+ - Prefer portable instructions under .gse/ when a workflow is useful across hosts.
731
+ - Keep host-specific skills small and point back to .gse/ for project policy.
732
+ - Do not claim a skill exists unless it is installed or documented here.
733
+ `,
734
+ ),
735
+ writeIfMissing(
736
+ 'lsp/README.md',
737
+ `# LSP And Indexing
738
+
739
+ Record code navigation tools for this project.
740
+
741
+ ## Commands
742
+
743
+ - Search files: rg --files
744
+ - Search text: rg "pattern"
745
+ - LSP/index command:
746
+
747
+ ## Notes
748
+
749
+ - Prefer symbol navigation for large projects when available.
750
+ - Fall back to rg and existing tests when LSP is unavailable.
751
+ `,
752
+ ),
753
+ )
754
+ }
755
+
756
+ if (mode === 'enterprise') {
757
+ results.push(
758
+ writeIfMissing(
759
+ 'hooks/README.md',
760
+ `# Hooks
761
+
762
+ Record host-specific automation hooks here.
763
+
764
+ ## Hook Inventory
765
+
766
+ | Hook | Host | Trigger | Command | Risk |
767
+ |---|---|---|---|---|
768
+
769
+ ## Rules
770
+
771
+ - Hooks must be explicit, reversible, and safe for the project.
772
+ - Keep secrets out of hook files.
773
+ - Document any destructive or networked behavior before enabling it.
774
+ `,
775
+ ),
776
+ writeIfMissing(
777
+ 'mcp/README.md',
778
+ `# MCP
779
+
780
+ Record MCP servers, permissions, and setup notes here.
781
+
782
+ ## Servers
783
+
784
+ | Server | Purpose | Permissions | Setup | Owner |
785
+ |---|---|---|---|---|
786
+
787
+ ## Rules
788
+
789
+ - Keep real secrets out of source control.
790
+ - Document write-capable tools and approval expectations.
791
+ `,
792
+ ),
793
+ writeIfMissing(
794
+ 'plugins/README.md',
795
+ `# Plugins
796
+
797
+ Record optional host plugins and runtime adapters here.
798
+
799
+ ## Inventory
800
+
801
+ | Plugin | Host | Purpose | Required | Notes |
802
+ |---|---|---|---|---|
803
+
804
+ ## Rules
805
+
806
+ - Plugins are optional accelerators unless the project explicitly requires them.
807
+ - Provide a markdown fallback when a plugin is unavailable.
808
+ `,
809
+ ),
810
+ writeIfMissing(
811
+ 'release.md',
812
+ `# Release
813
+
814
+ ## Checklist
815
+
816
+ - Version or deployment target:
817
+ - Migration:
818
+ - Rollback:
819
+ - Smoke test:
820
+ - Known risks:
821
+ `,
822
+ ),
823
+ writeIfMissing(
824
+ 'incident-review.md',
825
+ `# Incident Review
826
+
827
+ ## Summary
828
+
829
+ ## Impact
830
+
831
+ ## Timeline
832
+
833
+ ## Root Cause
834
+
835
+ ## Fix
836
+
837
+ ## Prevention
838
+ `,
839
+ ),
840
+ writeIfMissing(
841
+ 'audit.md',
842
+ `# GSE Audit
843
+
844
+ ## Coverage
845
+
846
+ - Goal map:
847
+ - Specs:
848
+ - Evidence:
849
+ - Quality gates:
850
+ - Tooling:
851
+ - Learning loop:
852
+
853
+ ## Gaps
854
+
855
+ ## Next Improvements
856
+ `,
857
+ ),
858
+ )
859
+ }
860
+
861
+ for (const host of selectedHostAdapters()) {
862
+ const config = hostAdapterConfigs[host]
863
+ results.push(writeProjectFileIfMissing(config.path, renderHostAdapter(config)))
864
+ }
865
+
866
+ console.log(JSON.stringify({ target, gseDir, force, requestedMode, mode, selectionReasons: autoSelection.reasons, hostAdapters: selectedHostAdapters(), results }, null, 2))