@t275005746/gse 0.1.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/.github/ISSUE_TEMPLATE/bug_report.yml +42 -0
- package/.github/ISSUE_TEMPLATE/change_request.yml +50 -0
- package/.github/ISSUE_TEMPLATE/config.yml +5 -0
- package/.github/PULL_REQUEST_TEMPLATE.md +38 -0
- package/.github/workflows/validate-gse.yml +33 -0
- package/.gse/README.md +18 -0
- package/.gse/gse-development-protocol.md +50 -0
- package/.gse/project-profile.md +29 -0
- package/.gse/quality-gates.md +25 -0
- package/.gse/releases/public-channel-publication-pending.md +49 -0
- package/.gse/releases/public-ci-run-pending.md +53 -0
- package/.gse/releases/public-release-owner-required.md +65 -0
- package/.gse/releases/public-repository-settings-owner-required.md +59 -0
- package/.gse/releases/public-security-contact-owner-required.md +45 -0
- package/.gse/state.json +27 -0
- package/CHANGELOG.md +24 -0
- package/CONTRIBUTING.md +64 -0
- package/LICENSE +21 -0
- package/README.md +236 -0
- package/README.zh-CN.md +236 -0
- package/SECURITY.md +41 -0
- package/SKILL.md +148 -0
- package/SUPPORT.md +38 -0
- package/agents/openai.yaml +4 -0
- package/assets/marketplace/README.md +7 -0
- package/assets/marketplace/gse-listing.json +75 -0
- package/assets/templates/acceptance-execution-packet.md +73 -0
- package/assets/templates/adr.md +14 -0
- package/assets/templates/change-brief.md +16 -0
- package/assets/templates/design.md +18 -0
- package/assets/templates/dispatch-packet.md +104 -0
- package/assets/templates/evidence.md +14 -0
- package/assets/templates/execution-quality-pack.md +65 -0
- package/assets/templates/goal-map.md +21 -0
- package/assets/templates/host-adapter.md +48 -0
- package/assets/templates/host-ui-invocation-record.md +42 -0
- package/assets/templates/incident-review.md +60 -0
- package/assets/templates/public-channel-publication-record.md +49 -0
- package/assets/templates/public-ci-run-record.md +53 -0
- package/assets/templates/public-release-record.md +65 -0
- package/assets/templates/public-repository-settings-record.md +59 -0
- package/assets/templates/public-security-contact-record.md +45 -0
- package/assets/templates/release-trust-record.md +32 -0
- package/assets/templates/review.md +18 -0
- package/assets/templates/spec.md +16 -0
- package/assets/templates/target-adoption-evidence.md +29 -0
- package/assets/templates/tasks.md +17 -0
- package/assets/templates/update-release-acceptance-record.md +58 -0
- package/examples/README.md +22 -0
- package/examples/agent-runtime-host/.claude/gse-adapter.md +6 -0
- package/examples/agent-runtime-host/.codex/gse-adapter.md +7 -0
- package/examples/agent-runtime-host/.gse/goal-map.md +7 -0
- package/examples/agent-runtime-host/.gse/project-profile.md +27 -0
- package/examples/agent-runtime-host/.gse/tooling.md +5 -0
- package/examples/agent-runtime-host/.mcp.json +9 -0
- package/examples/agent-runtime-host/AGENTS.md +5 -0
- package/examples/agent-runtime-host/README.md +10 -0
- package/examples/agent-runtime-host/docs/model-routing.md +5 -0
- package/examples/cli-tool/.gse/project-profile.md +21 -0
- package/examples/cli-tool/AGENTS.md +5 -0
- package/examples/cli-tool/README.md +12 -0
- package/examples/cli-tool/package.json +21 -0
- package/examples/small-app/.env.example +2 -0
- package/examples/small-app/.github/workflows/ci.yml +8 -0
- package/examples/small-app/AGENTS.md +5 -0
- package/examples/small-app/README.md +12 -0
- package/examples/small-app/package.json +26 -0
- package/examples/small-app/playwright.config.ts +4 -0
- package/package.json +53 -0
- package/references/adoption-recipes.md +171 -0
- package/references/agent-roles.md +49 -0
- package/references/architecture-health.md +101 -0
- package/references/benchmark-audit.md +73 -0
- package/references/commands.md +295 -0
- package/references/community-channels.md +46 -0
- package/references/compatibility.md +70 -0
- package/references/design-basis.md +38 -0
- package/references/domain-model.md +129 -0
- package/references/domain-quality-gates.md +75 -0
- package/references/drift-audit.md +81 -0
- package/references/evidence-taxonomy.md +123 -0
- package/references/file-ownership.md +107 -0
- package/references/final-readiness.md +84 -0
- package/references/forward-test.md +133 -0
- package/references/goal-map.md +36 -0
- package/references/host-adapters.md +119 -0
- package/references/learning-system.md +35 -0
- package/references/marketplace-discovery.md +46 -0
- package/references/model-routing.md +103 -0
- package/references/open-source-defaults.md +39 -0
- package/references/operating-model.md +52 -0
- package/references/packaging.md +277 -0
- package/references/project-agent-workspace.md +89 -0
- package/references/project-bootstrap.md +122 -0
- package/references/project-profile.md +57 -0
- package/references/public-release.md +174 -0
- package/references/quality-gates.md +100 -0
- package/references/recovery.md +176 -0
- package/references/release-trust.md +43 -0
- package/references/release.md +126 -0
- package/references/review.md +141 -0
- package/references/router.md +90 -0
- package/references/spec-workflow.md +66 -0
- package/references/task-levels.md +81 -0
- package/references/tool-adapters.md +73 -0
- package/scripts/audit-acceptance-execution-packet.mjs +133 -0
- package/scripts/audit-adoption-recipes.mjs +99 -0
- package/scripts/audit-adoption.mjs +154 -0
- package/scripts/audit-change-lifecycle.mjs +77 -0
- package/scripts/audit-change-system.mjs +134 -0
- package/scripts/audit-ci-readiness.mjs +107 -0
- package/scripts/audit-close-gate.mjs +323 -0
- package/scripts/audit-command-adapters.mjs +91 -0
- package/scripts/audit-command-execution.mjs +210 -0
- package/scripts/audit-commands.mjs +117 -0
- package/scripts/audit-compatibility.mjs +149 -0
- package/scripts/audit-completion-readiness.mjs +292 -0
- package/scripts/audit-distribution.mjs +251 -0
- package/scripts/audit-domain-quality-gates.mjs +108 -0
- package/scripts/audit-evidence-placeholders.mjs +126 -0
- package/scripts/audit-final-acceptance-packet.mjs +148 -0
- package/scripts/audit-final-form-progress-report.mjs +161 -0
- package/scripts/audit-final-form-stale-copy.mjs +221 -0
- package/scripts/audit-final-readiness-promotion.mjs +255 -0
- package/scripts/audit-final-readiness.mjs +226 -0
- package/scripts/audit-fixtures.mjs +154 -0
- package/scripts/audit-fresh-session-readiness.mjs +177 -0
- package/scripts/audit-gse.mjs +275 -0
- package/scripts/audit-host-adapters.mjs +119 -0
- package/scripts/audit-host-runtime-evidence-handoff.mjs +159 -0
- package/scripts/audit-host-runtime-invocation-drill.mjs +240 -0
- package/scripts/audit-host-runtime-invocations.mjs +254 -0
- package/scripts/audit-host-ui-invocation.mjs +132 -0
- package/scripts/audit-learning-system.mjs +103 -0
- package/scripts/audit-local-final-form-completion.mjs +131 -0
- package/scripts/audit-marketplace-discovery.mjs +122 -0
- package/scripts/audit-npm-package-metadata.mjs +155 -0
- package/scripts/audit-npm-publish-dry-run.mjs +169 -0
- package/scripts/audit-npm-tarball-install.mjs +191 -0
- package/scripts/audit-open-source-defaults.mjs +92 -0
- package/scripts/audit-open-source-readiness.mjs +97 -0
- package/scripts/audit-owner-external-gate-kit.mjs +218 -0
- package/scripts/audit-project.mjs +323 -0
- package/scripts/audit-public-acceptance-command-dry-run-drill.mjs +203 -0
- package/scripts/audit-public-acceptance-handoff.mjs +142 -0
- package/scripts/audit-public-acceptance-readiness.mjs +224 -0
- package/scripts/audit-public-channel-publication.mjs +248 -0
- package/scripts/audit-public-ci-run.mjs +184 -0
- package/scripts/audit-public-collaboration-templates.mjs +98 -0
- package/scripts/audit-public-external-gate-probe.mjs +206 -0
- package/scripts/audit-public-release-checklist.mjs +133 -0
- package/scripts/audit-public-release-decision.mjs +201 -0
- package/scripts/audit-public-release-metadata.mjs +176 -0
- package/scripts/audit-public-repository-settings.mjs +237 -0
- package/scripts/audit-public-security-contact.mjs +171 -0
- package/scripts/audit-readme-docs.mjs +185 -0
- package/scripts/audit-recovery-readiness.mjs +98 -0
- package/scripts/audit-release-bundle.mjs +251 -0
- package/scripts/audit-release-owner-action-plan-drill.mjs +277 -0
- package/scripts/audit-release-owner-action-plan.mjs +164 -0
- package/scripts/audit-release-readiness.mjs +106 -0
- package/scripts/audit-release-status-manifest.mjs +165 -0
- package/scripts/audit-release-trust.mjs +62 -0
- package/scripts/audit-remote-distribution.mjs +266 -0
- package/scripts/audit-roadmap-consistency.mjs +235 -0
- package/scripts/audit-signing.mjs +147 -0
- package/scripts/audit-state-freshness.mjs +113 -0
- package/scripts/audit-target-adoption-evidence.mjs +117 -0
- package/scripts/audit-target-project.mjs +507 -0
- package/scripts/audit-update-release-acceptance.mjs +136 -0
- package/scripts/audit-v1-target-validation.mjs +269 -0
- package/scripts/audit-validation-profiles.mjs +125 -0
- package/scripts/close-change.mjs +116 -0
- package/scripts/discover-project-profile.mjs +307 -0
- package/scripts/forward-test-gse.mjs +146 -0
- package/scripts/generate-command-adapter.mjs +231 -0
- package/scripts/generate-final-acceptance-packet.mjs +181 -0
- package/scripts/generate-final-form-progress-report.mjs +205 -0
- package/scripts/generate-host-adapter.mjs +73 -0
- package/scripts/generate-host-runtime-evidence-handoff.mjs +206 -0
- package/scripts/generate-owner-external-gate-kit.mjs +295 -0
- package/scripts/generate-public-acceptance-handoff.mjs +168 -0
- package/scripts/generate-public-release-checklist.mjs +207 -0
- package/scripts/generate-release-bundle.mjs +505 -0
- package/scripts/generate-release-owner-action-plan.mjs +172 -0
- package/scripts/generate-release-status-manifest.mjs +200 -0
- package/scripts/generate-session-prompt.mjs +188 -0
- package/scripts/gse.mjs +67 -0
- package/scripts/init-change.mjs +265 -0
- package/scripts/init-project.mjs +785 -0
- package/scripts/install-gse.mjs +234 -0
- package/scripts/lib/evidence-placeholders.mjs +28 -0
- package/scripts/package-gse.mjs +174 -0
- package/scripts/probe-public-external-gates.mjs +167 -0
- package/scripts/record-host-invocation.mjs +151 -0
- package/scripts/record-learning.mjs +137 -0
- package/scripts/record-public-channel-publication.mjs +178 -0
- package/scripts/record-public-ci-run.mjs +180 -0
- package/scripts/record-public-release.mjs +175 -0
- package/scripts/record-public-repository-settings.mjs +209 -0
- package/scripts/record-public-security-contact.mjs +157 -0
- package/scripts/run-gse-command.mjs +538 -0
- package/scripts/run-validation-profile.mjs +146 -0
- package/scripts/sign-gse-package.mjs +83 -0
- package/scripts/update-project-state.mjs +223 -0
- package/scripts/validate-gse.mjs +1168 -0
- package/scripts/verify-gse-package.mjs +85 -0
|
@@ -0,0 +1,42 @@
|
|
|
1
|
+
name: Bug report
|
|
2
|
+
description: Report a reproducible GSE workflow, install, validation, or host-adapter issue.
|
|
3
|
+
title: "[Bug]: "
|
|
4
|
+
labels: ["bug", "needs-evidence"]
|
|
5
|
+
body:
|
|
6
|
+
- type: textarea
|
|
7
|
+
id: outcome
|
|
8
|
+
attributes:
|
|
9
|
+
label: Outcome
|
|
10
|
+
description: What should have happened?
|
|
11
|
+
validations:
|
|
12
|
+
required: true
|
|
13
|
+
- type: textarea
|
|
14
|
+
id: actual
|
|
15
|
+
attributes:
|
|
16
|
+
label: Actual behavior
|
|
17
|
+
description: What happened instead?
|
|
18
|
+
validations:
|
|
19
|
+
required: true
|
|
20
|
+
- type: textarea
|
|
21
|
+
id: reproduce
|
|
22
|
+
attributes:
|
|
23
|
+
label: Reproduction
|
|
24
|
+
description: Minimal commands, project shape, or host steps.
|
|
25
|
+
placeholder: |
|
|
26
|
+
node scripts/validate-gse.mjs --root . --json
|
|
27
|
+
validations:
|
|
28
|
+
required: true
|
|
29
|
+
- type: textarea
|
|
30
|
+
id: evidence
|
|
31
|
+
attributes:
|
|
32
|
+
label: Evidence
|
|
33
|
+
description: Focused logs, audit output, host invocation record, or screenshots. Do not paste secrets.
|
|
34
|
+
validations:
|
|
35
|
+
required: true
|
|
36
|
+
- type: textarea
|
|
37
|
+
id: risk
|
|
38
|
+
attributes:
|
|
39
|
+
label: Risk and claim boundary
|
|
40
|
+
description: Note whether this affects install, release, public CI, native slash commands, or host support claims.
|
|
41
|
+
validations:
|
|
42
|
+
required: true
|
|
@@ -0,0 +1,50 @@
|
|
|
1
|
+
name: Change request
|
|
2
|
+
description: Propose a GSE capability, adapter, gate, template, or workflow change.
|
|
3
|
+
title: "[Change]: "
|
|
4
|
+
labels: ["change", "needs-spec"]
|
|
5
|
+
body:
|
|
6
|
+
- type: textarea
|
|
7
|
+
id: goal
|
|
8
|
+
attributes:
|
|
9
|
+
label: Goal
|
|
10
|
+
description: What durable GSE capability should become true?
|
|
11
|
+
validations:
|
|
12
|
+
required: true
|
|
13
|
+
- type: textarea
|
|
14
|
+
id: spec
|
|
15
|
+
attributes:
|
|
16
|
+
label: Spec
|
|
17
|
+
description: Outcome, scope, acceptance, evidence, risk, and next action.
|
|
18
|
+
placeholder: |
|
|
19
|
+
Outcome:
|
|
20
|
+
Scope:
|
|
21
|
+
Acceptance:
|
|
22
|
+
Evidence:
|
|
23
|
+
Risk:
|
|
24
|
+
Next action:
|
|
25
|
+
validations:
|
|
26
|
+
required: true
|
|
27
|
+
- type: dropdown
|
|
28
|
+
id: level
|
|
29
|
+
attributes:
|
|
30
|
+
label: Task level
|
|
31
|
+
options:
|
|
32
|
+
- lite
|
|
33
|
+
- standard
|
|
34
|
+
- enterprise
|
|
35
|
+
validations:
|
|
36
|
+
required: true
|
|
37
|
+
- type: textarea
|
|
38
|
+
id: tools
|
|
39
|
+
attributes:
|
|
40
|
+
label: Tool or host impact
|
|
41
|
+
description: Which hosts, scripts, adapters, CI, package, marketplace, or release gates are affected?
|
|
42
|
+
validations:
|
|
43
|
+
required: true
|
|
44
|
+
- type: textarea
|
|
45
|
+
id: evidence
|
|
46
|
+
attributes:
|
|
47
|
+
label: Proposed evidence
|
|
48
|
+
description: Which focused audit, test, or external record would prove this?
|
|
49
|
+
validations:
|
|
50
|
+
required: true
|
|
@@ -0,0 +1,38 @@
|
|
|
1
|
+
## Outcome
|
|
2
|
+
|
|
3
|
+
What does this change make true for GSE users or maintainers?
|
|
4
|
+
|
|
5
|
+
## Scope
|
|
6
|
+
|
|
7
|
+
Changed files or areas:
|
|
8
|
+
|
|
9
|
+
-
|
|
10
|
+
|
|
11
|
+
Out of scope:
|
|
12
|
+
|
|
13
|
+
-
|
|
14
|
+
|
|
15
|
+
## Acceptance
|
|
16
|
+
|
|
17
|
+
How should reviewers know this is complete?
|
|
18
|
+
|
|
19
|
+
-
|
|
20
|
+
|
|
21
|
+
## Evidence
|
|
22
|
+
|
|
23
|
+
Commands, logs, screenshots, or records:
|
|
24
|
+
|
|
25
|
+
- [ ] `node scripts/validate-gse.mjs --root . --json`
|
|
26
|
+
- [ ] Focused audit or test:
|
|
27
|
+
|
|
28
|
+
## Risk
|
|
29
|
+
|
|
30
|
+
Residual risk, unsupported claims, migration notes, or rollback path:
|
|
31
|
+
|
|
32
|
+
-
|
|
33
|
+
|
|
34
|
+
## Claim Boundary
|
|
35
|
+
|
|
36
|
+
- [ ] This PR does not claim public release acceptance unless owner/public evidence is attached.
|
|
37
|
+
- [ ] This PR does not claim host-native support unless a host invocation record is attached.
|
|
38
|
+
- [ ] This PR does not duplicate `.gse/` policy in host-specific folders.
|
|
@@ -0,0 +1,33 @@
|
|
|
1
|
+
name: Validate GSE
|
|
2
|
+
|
|
3
|
+
on:
|
|
4
|
+
pull_request:
|
|
5
|
+
push:
|
|
6
|
+
branches:
|
|
7
|
+
- main
|
|
8
|
+
- master
|
|
9
|
+
workflow_dispatch:
|
|
10
|
+
|
|
11
|
+
jobs:
|
|
12
|
+
validate:
|
|
13
|
+
name: Validate skill package
|
|
14
|
+
runs-on: ubuntu-latest
|
|
15
|
+
timeout-minutes: 15
|
|
16
|
+
|
|
17
|
+
steps:
|
|
18
|
+
- name: Checkout
|
|
19
|
+
uses: actions/checkout@v4
|
|
20
|
+
|
|
21
|
+
- name: Setup Node.js
|
|
22
|
+
uses: actions/setup-node@v4
|
|
23
|
+
with:
|
|
24
|
+
node-version: "20"
|
|
25
|
+
|
|
26
|
+
- name: Run GSE validation
|
|
27
|
+
run: node scripts/validate-gse.mjs --root . --skip-skill-validator --json
|
|
28
|
+
|
|
29
|
+
- name: Audit final readiness boundaries
|
|
30
|
+
run: node scripts/audit-final-readiness.mjs --root . --json
|
|
31
|
+
|
|
32
|
+
- name: Audit final acceptance packet
|
|
33
|
+
run: node scripts/audit-final-acceptance-packet.mjs --root . --json
|
package/.gse/README.md
ADDED
|
@@ -0,0 +1,18 @@
|
|
|
1
|
+
# GSE Self-Development Workspace
|
|
2
|
+
|
|
3
|
+
This folder tracks development of the GSE skill itself.
|
|
4
|
+
|
|
5
|
+
Read order:
|
|
6
|
+
|
|
7
|
+
1. `SKILL.md`
|
|
8
|
+
2. `.gse/state.json`
|
|
9
|
+
3. `.gse/project-profile.md`
|
|
10
|
+
4. `.gse/goal-map.md`
|
|
11
|
+
5. `.gse/quality-gates.md`
|
|
12
|
+
6. `.gse/current-slice.md`
|
|
13
|
+
7. `.gse/gse-design-master-plan.md`
|
|
14
|
+
8. `.gse/evidence/index.jsonl`
|
|
15
|
+
|
|
16
|
+
The canonical product plan is `.gse/gse-design-master-plan.md`.
|
|
17
|
+
|
|
18
|
+
Keep this folder short and evidence-driven. Long command output belongs in terminal logs, not in roadmap files.
|
|
@@ -0,0 +1,50 @@
|
|
|
1
|
+
# GSE Development Protocol
|
|
2
|
+
|
|
3
|
+
This file governs changes to the GSE skill itself.
|
|
4
|
+
|
|
5
|
+
## Purpose
|
|
6
|
+
|
|
7
|
+
GSE development must be proactive. When improving this skill, do not wait for the user to discover missing workflow requirements through manual testing.
|
|
8
|
+
|
|
9
|
+
## Required Loop For GSE Changes
|
|
10
|
+
|
|
11
|
+
1. Read `SKILL.md`, `.gse/goal-map.md`, and `.gse/current-slice.md`.
|
|
12
|
+
2. Classify the GSE change: wording, reference, template, script, scaffold, adapter, validation, or release.
|
|
13
|
+
3. Run or update `references/benchmark-audit.md` for any non-trivial change.
|
|
14
|
+
4. Compare against verified mature sources before adding design goals.
|
|
15
|
+
5. Separate verified facts, design judgments, and open questions.
|
|
16
|
+
6. Prefer scripts/templates over prose when the behavior should be repeatable.
|
|
17
|
+
7. Validate the changed behavior with focused smoke tests.
|
|
18
|
+
8. Update `.gse/evidence/YYYY-MM-DD.md` and the short goal map status.
|
|
19
|
+
|
|
20
|
+
## Benchmark Sources To Check First
|
|
21
|
+
|
|
22
|
+
- `skill-creator` for skill structure, progressive disclosure, validation, and forward testing.
|
|
23
|
+
- `mattpocock/skills` snapshot for setup skill, router, domain docs, TDD, review, and architecture scan patterns.
|
|
24
|
+
- `comet` for state machine, phase detection, OpenSpec/Superpowers split, verification, and archive rules.
|
|
25
|
+
- `openspec-*` for proposal/design/tasks/spec lifecycle.
|
|
26
|
+
- `agentic-engineering` for eval-first loop, decomposition, model routing, session strategy, and cost discipline.
|
|
27
|
+
- `subagent-driven-development` for role isolation, dispatch packets, review loops, and no fake delegation.
|
|
28
|
+
- `self-improvement` for reusable learning capture and promotion.
|
|
29
|
+
|
|
30
|
+
## Design Bar
|
|
31
|
+
|
|
32
|
+
A GSE change should improve at least one of these:
|
|
33
|
+
|
|
34
|
+
- New-agent startup success.
|
|
35
|
+
- Long-project continuity.
|
|
36
|
+
- Requirement completeness before implementation.
|
|
37
|
+
- Evidence quality.
|
|
38
|
+
- Tool efficiency without hard prerequisites.
|
|
39
|
+
- Cross-agent portability.
|
|
40
|
+
- Failure prevention or recovery.
|
|
41
|
+
- Learning reuse.
|
|
42
|
+
|
|
43
|
+
## Anti-Patterns
|
|
44
|
+
|
|
45
|
+
- Adding process because it sounds professional but does not prevent a real failure.
|
|
46
|
+
- Copying a tool-specific folder layout as the portable source of truth.
|
|
47
|
+
- Treating optional tools as required.
|
|
48
|
+
- Claiming a benchmark source says something without reading it.
|
|
49
|
+
- Letting GSE become only documentation with no scripts, templates, or validation.
|
|
50
|
+
|
|
@@ -0,0 +1,29 @@
|
|
|
1
|
+
# Project Profile
|
|
2
|
+
|
|
3
|
+
## Product
|
|
4
|
+
|
|
5
|
+
GSE is a portable Goal-Spec-Evidence Engineering skill for long-running agent-assisted software projects.
|
|
6
|
+
|
|
7
|
+
## Canonical Plan
|
|
8
|
+
|
|
9
|
+
- Master plan: `.gse/gse-design-master-plan.md`
|
|
10
|
+
- Goal map: `.gse/goal-map.md`
|
|
11
|
+
- Current slice: `.gse/current-slice.md`
|
|
12
|
+
- Evidence index: `.gse/evidence/index.jsonl`
|
|
13
|
+
|
|
14
|
+
## Commands
|
|
15
|
+
|
|
16
|
+
- Full validation: `node scripts/validate-gse.mjs --root <skill-root> --json`
|
|
17
|
+
- Structural audit: `node scripts/audit-gse.mjs --root <skill-root> --json`
|
|
18
|
+
- Change pack audit: `node scripts/audit-change-system.mjs --root <skill-root> --json`
|
|
19
|
+
- Close gate: `node scripts/audit-close-gate.mjs --target <skill-root> --json`
|
|
20
|
+
|
|
21
|
+
## Tool Notes
|
|
22
|
+
|
|
23
|
+
- This skill folder is not a git repository.
|
|
24
|
+
- Use `py` instead of bare `python` for skill validator commands on this machine.
|
|
25
|
+
- Keep OpenSpec, Superpowers, Comet, subagents, MCP, LSP, and browser automation optional unless current-session evidence proves they are available.
|
|
26
|
+
|
|
27
|
+
## Ownership
|
|
28
|
+
|
|
29
|
+
Do not mark GSE v1.0 complete until configured target-project evidence confirms real consumption or an explicit owner acceptance policy replaces that requirement.
|
|
@@ -0,0 +1,25 @@
|
|
|
1
|
+
# Quality Gates
|
|
2
|
+
|
|
3
|
+
## Universal
|
|
4
|
+
|
|
5
|
+
- One slice must have outcome, scope, acceptance, evidence, risk, and next action.
|
|
6
|
+
- Do not claim external tools ran unless command output or host evidence proves it.
|
|
7
|
+
- Keep `result`, `verified`, and `accepted` distinct.
|
|
8
|
+
- Preserve optional adapters: GSE must work without OpenSpec, Superpowers, Comet, subagents, MCP, LSP, or browser tooling.
|
|
9
|
+
|
|
10
|
+
## GSE Skill Changes
|
|
11
|
+
|
|
12
|
+
- Run `node scripts/validate-gse.mjs --root <skill-root> --json` before closing a GSE skill change.
|
|
13
|
+
- For change/spec behavior, run `node scripts/audit-change-system.mjs --root <skill-root> --json`.
|
|
14
|
+
- For README or command behavior, ensure the relevant audit remains wired into `scripts/validate-gse.mjs`.
|
|
15
|
+
- Update `.gse/evidence/YYYY-MM-DD.md` and `.gse/evidence/index.jsonl` for verified slices.
|
|
16
|
+
|
|
17
|
+
## Target-Project Claims
|
|
18
|
+
|
|
19
|
+
- Use `scripts/audit-target-project.mjs` before claiming a target project is GSE-ready.
|
|
20
|
+
- Use `scripts/audit-close-gate.mjs` before saying a slice can close.
|
|
21
|
+
- Real project adoption still needs project-specific tests, smokes, or owner acceptance according to that repo's rules.
|
|
22
|
+
|
|
23
|
+
## Release Boundary
|
|
24
|
+
|
|
25
|
+
Local validation is not marketplace release, external install verification, CI publication, or owner acceptance.
|
|
@@ -0,0 +1,49 @@
|
|
|
1
|
+
# Public Channel Publication Record
|
|
2
|
+
|
|
3
|
+
Publication status: accepted
|
|
4
|
+
|
|
5
|
+
Channel type: catalog
|
|
6
|
+
|
|
7
|
+
Channel name: GSE GitHub Pages catalog
|
|
8
|
+
|
|
9
|
+
Channel URL: https://275005746.github.io/gse/
|
|
10
|
+
|
|
11
|
+
Package or listing version: 0.1.0
|
|
12
|
+
|
|
13
|
+
Artifact digest:
|
|
14
|
+
|
|
15
|
+
Review or approval status: published
|
|
16
|
+
|
|
17
|
+
Evidence owner: 275005746
|
|
18
|
+
|
|
19
|
+
Evidence date: 2026-07-08
|
|
20
|
+
|
|
21
|
+
Evidence URL or run id: https://275005746.github.io/gse/
|
|
22
|
+
|
|
23
|
+
## Verification
|
|
24
|
+
|
|
25
|
+
Verification command: Invoke-WebRequest https://275005746.github.io/gse/
|
|
26
|
+
|
|
27
|
+
Verification result: passed
|
|
28
|
+
|
|
29
|
+
## Acceptance
|
|
30
|
+
|
|
31
|
+
Evidence status: accepted
|
|
32
|
+
|
|
33
|
+
Accepted by: 275005746
|
|
34
|
+
|
|
35
|
+
Accepted at: 2026-07-08
|
|
36
|
+
|
|
37
|
+
## Boundaries
|
|
38
|
+
|
|
39
|
+
- Does this prove public registry publication? unknown
|
|
40
|
+
- Does this prove marketplace approval? true
|
|
41
|
+
- Does this prove installability from the channel? true
|
|
42
|
+
|
|
43
|
+
## Residual Risk
|
|
44
|
+
|
|
45
|
+
- Public channel publication is not accepted until real external evidence is attached.
|
|
46
|
+
|
|
47
|
+
## Next Action
|
|
48
|
+
|
|
49
|
+
- Attach public channel publication evidence and re-run final readiness.
|
|
@@ -0,0 +1,53 @@
|
|
|
1
|
+
# Public CI Run Record
|
|
2
|
+
|
|
3
|
+
Repository URL: https://github.com/275005746/gse
|
|
4
|
+
|
|
5
|
+
Workflow name: Validate GSE
|
|
6
|
+
|
|
7
|
+
Workflow file: .github/workflows/validate-gse.yml
|
|
8
|
+
|
|
9
|
+
Run URL: https://github.com/275005746/gse/actions/runs/28881044974
|
|
10
|
+
|
|
11
|
+
Run status: accepted
|
|
12
|
+
|
|
13
|
+
Run conclusion: success
|
|
14
|
+
|
|
15
|
+
Commit SHA: 81c3c5a97272bce51e65f1b4ffb15e2ff77b4569
|
|
16
|
+
|
|
17
|
+
Branch: main
|
|
18
|
+
|
|
19
|
+
Required checks: Validate skill package
|
|
20
|
+
|
|
21
|
+
Evidence owner: 275005746
|
|
22
|
+
|
|
23
|
+
Evidence date: 2026-07-08
|
|
24
|
+
|
|
25
|
+
Evidence URL or run id: https://github.com/275005746/gse/actions/runs/28881044974
|
|
26
|
+
|
|
27
|
+
## Verification
|
|
28
|
+
|
|
29
|
+
Verification command: node scripts/validate-gse.mjs --root . --json
|
|
30
|
+
|
|
31
|
+
Verification result: passed
|
|
32
|
+
|
|
33
|
+
## Acceptance
|
|
34
|
+
|
|
35
|
+
Evidence status: accepted
|
|
36
|
+
|
|
37
|
+
Accepted by: 275005746
|
|
38
|
+
|
|
39
|
+
Accepted at: 2026-07-08
|
|
40
|
+
|
|
41
|
+
## Boundaries
|
|
42
|
+
|
|
43
|
+
- Does this prove a public CI run? true
|
|
44
|
+
- Does this prove required checks passed? true
|
|
45
|
+
- Does this prove the current release commit? true
|
|
46
|
+
|
|
47
|
+
## Residual Risk
|
|
48
|
+
|
|
49
|
+
- Public CI run is not accepted until real external run evidence is attached.
|
|
50
|
+
|
|
51
|
+
## Next Action
|
|
52
|
+
|
|
53
|
+
- Attach public CI run evidence and re-run final readiness.
|
|
@@ -0,0 +1,65 @@
|
|
|
1
|
+
# Public Release Record
|
|
2
|
+
|
|
3
|
+
Release name: GSE
|
|
4
|
+
|
|
5
|
+
Release version or label: public-defaults
|
|
6
|
+
|
|
7
|
+
Release date: 2026-07-06
|
|
8
|
+
|
|
9
|
+
Distribution channel: github-public-repo-and-release-planned
|
|
10
|
+
|
|
11
|
+
Release scope: GSE public release metadata and distribution readiness
|
|
12
|
+
|
|
13
|
+
## License
|
|
14
|
+
|
|
15
|
+
License status: selected
|
|
16
|
+
|
|
17
|
+
SPDX identifier: MIT
|
|
18
|
+
|
|
19
|
+
License file: LICENSE
|
|
20
|
+
|
|
21
|
+
Approved by: owner-confirmed-in-current-codex-thread
|
|
22
|
+
|
|
23
|
+
Decision date: 2026-07-07
|
|
24
|
+
|
|
25
|
+
Notes: Owner-selected license decision recorded.
|
|
26
|
+
|
|
27
|
+
## Artifacts
|
|
28
|
+
|
|
29
|
+
Package or source path: <install-skill-dir>
|
|
30
|
+
|
|
31
|
+
Changelog path: CHANGELOG.md
|
|
32
|
+
|
|
33
|
+
Install/update instructions: references/packaging.md
|
|
34
|
+
|
|
35
|
+
Integrity or signing record: references/release-trust.md
|
|
36
|
+
|
|
37
|
+
Marketplace/catalog record: references/marketplace-discovery.md
|
|
38
|
+
|
|
39
|
+
## Verification
|
|
40
|
+
|
|
41
|
+
Validation command: node scripts/validate-gse.mjs --root <skill> --json
|
|
42
|
+
|
|
43
|
+
Validation result: pending current run
|
|
44
|
+
|
|
45
|
+
Focused smoke: scripts/audit-public-release-metadata.mjs
|
|
46
|
+
|
|
47
|
+
Acceptance evidence: Owner license decision accepted; public release still requires remaining public and host evidence.
|
|
48
|
+
|
|
49
|
+
## Risks
|
|
50
|
+
|
|
51
|
+
Known unsupported claims: public marketplace approval, public registry publication, legal suitability, and host-native slash-command runtime support are not implied by this record.
|
|
52
|
+
|
|
53
|
+
Known compatibility limits: host behavior must be verified per host runtime.
|
|
54
|
+
|
|
55
|
+
Rollback or unpublish path: remove public listing/package and publish corrected release record.
|
|
56
|
+
|
|
57
|
+
## Acceptance
|
|
58
|
+
|
|
59
|
+
Evidence status: accepted
|
|
60
|
+
|
|
61
|
+
Accepted by: owner-confirmed-in-current-codex-thread
|
|
62
|
+
|
|
63
|
+
Accepted at: 2026-07-07
|
|
64
|
+
|
|
65
|
+
Next action: Run release validation and preserve acceptance evidence.
|
|
@@ -0,0 +1,59 @@
|
|
|
1
|
+
# Public Repository Settings Record
|
|
2
|
+
|
|
3
|
+
Repository URL: https://github.com/275005746/gse
|
|
4
|
+
|
|
5
|
+
Default branch: main
|
|
6
|
+
|
|
7
|
+
Visibility: public
|
|
8
|
+
|
|
9
|
+
Settings status: accepted
|
|
10
|
+
|
|
11
|
+
Evidence owner: 275005746
|
|
12
|
+
|
|
13
|
+
Evidence date: 2026-07-07
|
|
14
|
+
|
|
15
|
+
Evidence URL or run id: https://api.github.com/repos/275005746/gse/branches/main/protection
|
|
16
|
+
|
|
17
|
+
## Required Public Settings
|
|
18
|
+
|
|
19
|
+
- Issues enabled: true
|
|
20
|
+
- Pull requests enabled: true
|
|
21
|
+
- Discussions enabled: unknown
|
|
22
|
+
- Security policy visible: true
|
|
23
|
+
- Branch protection enabled: true
|
|
24
|
+
- Required status checks enabled: true
|
|
25
|
+
- Required checks: Validate skill package
|
|
26
|
+
- Require review before merge: true
|
|
27
|
+
- Require conversation resolution: true
|
|
28
|
+
- Restrict force pushes: true
|
|
29
|
+
- Restrict deletions: true
|
|
30
|
+
|
|
31
|
+
## GSE-Specific Checks
|
|
32
|
+
|
|
33
|
+
- CI workflow path: `.github/workflows/validate-gse.yml`
|
|
34
|
+
- PR template path: `.github/PULL_REQUEST_TEMPLATE.md`
|
|
35
|
+
- Issue templates path: `.github/ISSUE_TEMPLATE/`
|
|
36
|
+
- Public release record path: `.gse/releases/public-release-owner-required.md`
|
|
37
|
+
- Final acceptance packet path: `.gse/acceptance/final-acceptance-packet.md`
|
|
38
|
+
|
|
39
|
+
## Verification
|
|
40
|
+
|
|
41
|
+
Verification command: node scripts/validate-gse.mjs --root . --json
|
|
42
|
+
|
|
43
|
+
Verification result: passed
|
|
44
|
+
|
|
45
|
+
## Acceptance
|
|
46
|
+
|
|
47
|
+
Evidence status: accepted
|
|
48
|
+
|
|
49
|
+
Accepted by: 275005746
|
|
50
|
+
|
|
51
|
+
Accepted at: 2026-07-07
|
|
52
|
+
|
|
53
|
+
## Residual Risk
|
|
54
|
+
|
|
55
|
+
- Public repository settings are not verified until owner/external evidence is attached.
|
|
56
|
+
|
|
57
|
+
## Next Action
|
|
58
|
+
|
|
59
|
+
- Attach public repository settings evidence and re-run repository settings audit.
|
|
@@ -0,0 +1,45 @@
|
|
|
1
|
+
# Public Security Contact Record
|
|
2
|
+
|
|
3
|
+
Contact status: accepted
|
|
4
|
+
|
|
5
|
+
Contact type: url
|
|
6
|
+
|
|
7
|
+
Contact value: https://github.com/275005746/gse/blob/main/SECURITY.md
|
|
8
|
+
|
|
9
|
+
Policy path: `SECURITY.md`
|
|
10
|
+
|
|
11
|
+
Evidence owner: 275005746
|
|
12
|
+
|
|
13
|
+
Evidence date: 2026-07-07
|
|
14
|
+
|
|
15
|
+
Evidence URL or run id: https://github.com/275005746/gse/blob/main/SECURITY.md
|
|
16
|
+
|
|
17
|
+
## Public Disclosure Policy
|
|
18
|
+
|
|
19
|
+
- Is this contact public? true
|
|
20
|
+
- Security policy updated? true
|
|
21
|
+
- Private fallback channel: owner private coordination channel
|
|
22
|
+
- Response expectation: pending owner policy
|
|
23
|
+
- Embargo or disclosure notes: Do not publish exploit details until the public contact is owner-accepted.
|
|
24
|
+
|
|
25
|
+
## Verification
|
|
26
|
+
|
|
27
|
+
Verification command: node scripts/audit-open-source-readiness.mjs --root . --json
|
|
28
|
+
|
|
29
|
+
Verification result: pending
|
|
30
|
+
|
|
31
|
+
## Acceptance
|
|
32
|
+
|
|
33
|
+
Evidence status: accepted
|
|
34
|
+
|
|
35
|
+
Accepted by: 275005746
|
|
36
|
+
|
|
37
|
+
Accepted at: 2026-07-07
|
|
38
|
+
|
|
39
|
+
## Residual Risk
|
|
40
|
+
|
|
41
|
+
- Public security contact is not accepted until owner evidence is attached.
|
|
42
|
+
|
|
43
|
+
## Next Action
|
|
44
|
+
|
|
45
|
+
- Attach owner-approved public security contact evidence and re-run final readiness.
|
package/.gse/state.json
ADDED
|
@@ -0,0 +1,27 @@
|
|
|
1
|
+
{
|
|
2
|
+
"schemaVersion": 1,
|
|
3
|
+
"projectName": "gse",
|
|
4
|
+
"mode": "enterprise",
|
|
5
|
+
"canonicalPlan": ".gse/gse-design-master-plan.md",
|
|
6
|
+
"phase": "release",
|
|
7
|
+
"currentSlice": {
|
|
8
|
+
"id": "GSE-108-public-registry-publication",
|
|
9
|
+
"outcome": "Complete the real public registry publication gate for @t275005746/gse, then record accepted publication evidence.",
|
|
10
|
+
"status": "blocked-external-auth",
|
|
11
|
+
"nextAction": "Publish @t275005746/gse to npm with an authorized token, record the accepted package-registry publication evidence, then collect real native slash-command host evidence."
|
|
12
|
+
},
|
|
13
|
+
"toolStatuses": {
|
|
14
|
+
"browser": "unknown",
|
|
15
|
+
"lsp": "unknown",
|
|
16
|
+
"mcp": "unknown",
|
|
17
|
+
"subagents": "unknown",
|
|
18
|
+
"ci": "verified-public"
|
|
19
|
+
},
|
|
20
|
+
"lastEvidence": ".gse/evidence/2026-07-07.md",
|
|
21
|
+
"residualRisks": [
|
|
22
|
+
"Public registry publication remains external-required because @t275005746/gse is not yet published on npm.",
|
|
23
|
+
"Native slash-command support remains external-required until a real host runtime proves native /gse invocation with accepted evidence.",
|
|
24
|
+
"Do not treat portable text-command routing, generated command pointers, package dry-runs, local tarball installs, or release bundles as public registry publication or native slash-command evidence.",
|
|
25
|
+
"Use /gse doctor and audit-public-acceptance-readiness.mjs as the current source of truth for pending final-form gates."
|
|
26
|
+
]
|
|
27
|
+
}
|
package/CHANGELOG.md
ADDED
|
@@ -0,0 +1,24 @@
|
|
|
1
|
+
# Changelog
|
|
2
|
+
|
|
3
|
+
All notable GSE changes should be recorded here before a public package, catalog entry, or release handoff is marked ready.
|
|
4
|
+
|
|
5
|
+
## Unreleased
|
|
6
|
+
|
|
7
|
+
### Added
|
|
8
|
+
|
|
9
|
+
- Project bootstrap modes for Lite, Standard, and Enterprise `.gse/` scaffolds.
|
|
10
|
+
- Native Goal-Spec-Evidence operating model with change packs, execution-quality packs, evidence taxonomy, close gates, and target project audits.
|
|
11
|
+
- Portable `/gse` command semantics plus a host-neutral command runner.
|
|
12
|
+
- Local package/install, URL install with manifest integrity, Ed25519 signing, verification, and signed install audits.
|
|
13
|
+
- Release trust, marketplace discovery metadata, host invocation evidence records, and public-release metadata guidance.
|
|
14
|
+
|
|
15
|
+
### Verified
|
|
16
|
+
|
|
17
|
+
- `validate-gse.mjs` consolidates structural, project bootstrap, adoption, host adapter, compatibility, release, distribution, signing, command, target validation, and lifecycle audits.
|
|
18
|
+
- AION and MuseFlow were used as real long-running target-project validation fixtures for GSE adoption checks.
|
|
19
|
+
|
|
20
|
+
### Not Yet Accepted
|
|
21
|
+
|
|
22
|
+
- Public registry publication and marketplace approval are not verified.
|
|
23
|
+
- Host-native slash-command execution is not verified except where a host-specific record explicitly says so.
|
|
24
|
+
- Open-source license selection remains an owner decision and must be recorded before a public release is accepted.
|