@t275005746/gse 0.1.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (207) hide show
  1. package/.github/ISSUE_TEMPLATE/bug_report.yml +42 -0
  2. package/.github/ISSUE_TEMPLATE/change_request.yml +50 -0
  3. package/.github/ISSUE_TEMPLATE/config.yml +5 -0
  4. package/.github/PULL_REQUEST_TEMPLATE.md +38 -0
  5. package/.github/workflows/validate-gse.yml +33 -0
  6. package/.gse/README.md +18 -0
  7. package/.gse/gse-development-protocol.md +50 -0
  8. package/.gse/project-profile.md +29 -0
  9. package/.gse/quality-gates.md +25 -0
  10. package/.gse/releases/public-channel-publication-pending.md +49 -0
  11. package/.gse/releases/public-ci-run-pending.md +53 -0
  12. package/.gse/releases/public-release-owner-required.md +65 -0
  13. package/.gse/releases/public-repository-settings-owner-required.md +59 -0
  14. package/.gse/releases/public-security-contact-owner-required.md +45 -0
  15. package/.gse/state.json +27 -0
  16. package/CHANGELOG.md +24 -0
  17. package/CONTRIBUTING.md +64 -0
  18. package/LICENSE +21 -0
  19. package/README.md +236 -0
  20. package/README.zh-CN.md +236 -0
  21. package/SECURITY.md +41 -0
  22. package/SKILL.md +148 -0
  23. package/SUPPORT.md +38 -0
  24. package/agents/openai.yaml +4 -0
  25. package/assets/marketplace/README.md +7 -0
  26. package/assets/marketplace/gse-listing.json +75 -0
  27. package/assets/templates/acceptance-execution-packet.md +73 -0
  28. package/assets/templates/adr.md +14 -0
  29. package/assets/templates/change-brief.md +16 -0
  30. package/assets/templates/design.md +18 -0
  31. package/assets/templates/dispatch-packet.md +104 -0
  32. package/assets/templates/evidence.md +14 -0
  33. package/assets/templates/execution-quality-pack.md +65 -0
  34. package/assets/templates/goal-map.md +21 -0
  35. package/assets/templates/host-adapter.md +48 -0
  36. package/assets/templates/host-ui-invocation-record.md +42 -0
  37. package/assets/templates/incident-review.md +60 -0
  38. package/assets/templates/public-channel-publication-record.md +49 -0
  39. package/assets/templates/public-ci-run-record.md +53 -0
  40. package/assets/templates/public-release-record.md +65 -0
  41. package/assets/templates/public-repository-settings-record.md +59 -0
  42. package/assets/templates/public-security-contact-record.md +45 -0
  43. package/assets/templates/release-trust-record.md +32 -0
  44. package/assets/templates/review.md +18 -0
  45. package/assets/templates/spec.md +16 -0
  46. package/assets/templates/target-adoption-evidence.md +29 -0
  47. package/assets/templates/tasks.md +17 -0
  48. package/assets/templates/update-release-acceptance-record.md +58 -0
  49. package/examples/README.md +22 -0
  50. package/examples/agent-runtime-host/.claude/gse-adapter.md +6 -0
  51. package/examples/agent-runtime-host/.codex/gse-adapter.md +7 -0
  52. package/examples/agent-runtime-host/.gse/goal-map.md +7 -0
  53. package/examples/agent-runtime-host/.gse/project-profile.md +27 -0
  54. package/examples/agent-runtime-host/.gse/tooling.md +5 -0
  55. package/examples/agent-runtime-host/.mcp.json +9 -0
  56. package/examples/agent-runtime-host/AGENTS.md +5 -0
  57. package/examples/agent-runtime-host/README.md +10 -0
  58. package/examples/agent-runtime-host/docs/model-routing.md +5 -0
  59. package/examples/cli-tool/.gse/project-profile.md +21 -0
  60. package/examples/cli-tool/AGENTS.md +5 -0
  61. package/examples/cli-tool/README.md +12 -0
  62. package/examples/cli-tool/package.json +21 -0
  63. package/examples/small-app/.env.example +2 -0
  64. package/examples/small-app/.github/workflows/ci.yml +8 -0
  65. package/examples/small-app/AGENTS.md +5 -0
  66. package/examples/small-app/README.md +12 -0
  67. package/examples/small-app/package.json +26 -0
  68. package/examples/small-app/playwright.config.ts +4 -0
  69. package/package.json +53 -0
  70. package/references/adoption-recipes.md +171 -0
  71. package/references/agent-roles.md +49 -0
  72. package/references/architecture-health.md +101 -0
  73. package/references/benchmark-audit.md +73 -0
  74. package/references/commands.md +295 -0
  75. package/references/community-channels.md +46 -0
  76. package/references/compatibility.md +70 -0
  77. package/references/design-basis.md +38 -0
  78. package/references/domain-model.md +129 -0
  79. package/references/domain-quality-gates.md +75 -0
  80. package/references/drift-audit.md +81 -0
  81. package/references/evidence-taxonomy.md +123 -0
  82. package/references/file-ownership.md +107 -0
  83. package/references/final-readiness.md +84 -0
  84. package/references/forward-test.md +133 -0
  85. package/references/goal-map.md +36 -0
  86. package/references/host-adapters.md +119 -0
  87. package/references/learning-system.md +35 -0
  88. package/references/marketplace-discovery.md +46 -0
  89. package/references/model-routing.md +103 -0
  90. package/references/open-source-defaults.md +39 -0
  91. package/references/operating-model.md +52 -0
  92. package/references/packaging.md +277 -0
  93. package/references/project-agent-workspace.md +89 -0
  94. package/references/project-bootstrap.md +122 -0
  95. package/references/project-profile.md +57 -0
  96. package/references/public-release.md +174 -0
  97. package/references/quality-gates.md +100 -0
  98. package/references/recovery.md +176 -0
  99. package/references/release-trust.md +43 -0
  100. package/references/release.md +126 -0
  101. package/references/review.md +141 -0
  102. package/references/router.md +90 -0
  103. package/references/spec-workflow.md +66 -0
  104. package/references/task-levels.md +81 -0
  105. package/references/tool-adapters.md +73 -0
  106. package/scripts/audit-acceptance-execution-packet.mjs +133 -0
  107. package/scripts/audit-adoption-recipes.mjs +99 -0
  108. package/scripts/audit-adoption.mjs +154 -0
  109. package/scripts/audit-change-lifecycle.mjs +77 -0
  110. package/scripts/audit-change-system.mjs +134 -0
  111. package/scripts/audit-ci-readiness.mjs +107 -0
  112. package/scripts/audit-close-gate.mjs +323 -0
  113. package/scripts/audit-command-adapters.mjs +91 -0
  114. package/scripts/audit-command-execution.mjs +210 -0
  115. package/scripts/audit-commands.mjs +117 -0
  116. package/scripts/audit-compatibility.mjs +149 -0
  117. package/scripts/audit-completion-readiness.mjs +292 -0
  118. package/scripts/audit-distribution.mjs +251 -0
  119. package/scripts/audit-domain-quality-gates.mjs +108 -0
  120. package/scripts/audit-evidence-placeholders.mjs +126 -0
  121. package/scripts/audit-final-acceptance-packet.mjs +148 -0
  122. package/scripts/audit-final-form-progress-report.mjs +161 -0
  123. package/scripts/audit-final-form-stale-copy.mjs +221 -0
  124. package/scripts/audit-final-readiness-promotion.mjs +255 -0
  125. package/scripts/audit-final-readiness.mjs +226 -0
  126. package/scripts/audit-fixtures.mjs +154 -0
  127. package/scripts/audit-fresh-session-readiness.mjs +177 -0
  128. package/scripts/audit-gse.mjs +275 -0
  129. package/scripts/audit-host-adapters.mjs +119 -0
  130. package/scripts/audit-host-runtime-evidence-handoff.mjs +159 -0
  131. package/scripts/audit-host-runtime-invocation-drill.mjs +240 -0
  132. package/scripts/audit-host-runtime-invocations.mjs +254 -0
  133. package/scripts/audit-host-ui-invocation.mjs +132 -0
  134. package/scripts/audit-learning-system.mjs +103 -0
  135. package/scripts/audit-local-final-form-completion.mjs +131 -0
  136. package/scripts/audit-marketplace-discovery.mjs +122 -0
  137. package/scripts/audit-npm-package-metadata.mjs +155 -0
  138. package/scripts/audit-npm-publish-dry-run.mjs +169 -0
  139. package/scripts/audit-npm-tarball-install.mjs +191 -0
  140. package/scripts/audit-open-source-defaults.mjs +92 -0
  141. package/scripts/audit-open-source-readiness.mjs +97 -0
  142. package/scripts/audit-owner-external-gate-kit.mjs +218 -0
  143. package/scripts/audit-project.mjs +323 -0
  144. package/scripts/audit-public-acceptance-command-dry-run-drill.mjs +203 -0
  145. package/scripts/audit-public-acceptance-handoff.mjs +142 -0
  146. package/scripts/audit-public-acceptance-readiness.mjs +224 -0
  147. package/scripts/audit-public-channel-publication.mjs +248 -0
  148. package/scripts/audit-public-ci-run.mjs +184 -0
  149. package/scripts/audit-public-collaboration-templates.mjs +98 -0
  150. package/scripts/audit-public-external-gate-probe.mjs +206 -0
  151. package/scripts/audit-public-release-checklist.mjs +133 -0
  152. package/scripts/audit-public-release-decision.mjs +201 -0
  153. package/scripts/audit-public-release-metadata.mjs +176 -0
  154. package/scripts/audit-public-repository-settings.mjs +237 -0
  155. package/scripts/audit-public-security-contact.mjs +171 -0
  156. package/scripts/audit-readme-docs.mjs +185 -0
  157. package/scripts/audit-recovery-readiness.mjs +98 -0
  158. package/scripts/audit-release-bundle.mjs +251 -0
  159. package/scripts/audit-release-owner-action-plan-drill.mjs +277 -0
  160. package/scripts/audit-release-owner-action-plan.mjs +164 -0
  161. package/scripts/audit-release-readiness.mjs +106 -0
  162. package/scripts/audit-release-status-manifest.mjs +165 -0
  163. package/scripts/audit-release-trust.mjs +62 -0
  164. package/scripts/audit-remote-distribution.mjs +266 -0
  165. package/scripts/audit-roadmap-consistency.mjs +235 -0
  166. package/scripts/audit-signing.mjs +147 -0
  167. package/scripts/audit-state-freshness.mjs +113 -0
  168. package/scripts/audit-target-adoption-evidence.mjs +117 -0
  169. package/scripts/audit-target-project.mjs +507 -0
  170. package/scripts/audit-update-release-acceptance.mjs +136 -0
  171. package/scripts/audit-v1-target-validation.mjs +269 -0
  172. package/scripts/audit-validation-profiles.mjs +125 -0
  173. package/scripts/close-change.mjs +116 -0
  174. package/scripts/discover-project-profile.mjs +307 -0
  175. package/scripts/forward-test-gse.mjs +146 -0
  176. package/scripts/generate-command-adapter.mjs +231 -0
  177. package/scripts/generate-final-acceptance-packet.mjs +181 -0
  178. package/scripts/generate-final-form-progress-report.mjs +205 -0
  179. package/scripts/generate-host-adapter.mjs +73 -0
  180. package/scripts/generate-host-runtime-evidence-handoff.mjs +206 -0
  181. package/scripts/generate-owner-external-gate-kit.mjs +295 -0
  182. package/scripts/generate-public-acceptance-handoff.mjs +168 -0
  183. package/scripts/generate-public-release-checklist.mjs +207 -0
  184. package/scripts/generate-release-bundle.mjs +505 -0
  185. package/scripts/generate-release-owner-action-plan.mjs +172 -0
  186. package/scripts/generate-release-status-manifest.mjs +200 -0
  187. package/scripts/generate-session-prompt.mjs +188 -0
  188. package/scripts/gse.mjs +67 -0
  189. package/scripts/init-change.mjs +265 -0
  190. package/scripts/init-project.mjs +785 -0
  191. package/scripts/install-gse.mjs +234 -0
  192. package/scripts/lib/evidence-placeholders.mjs +28 -0
  193. package/scripts/package-gse.mjs +174 -0
  194. package/scripts/probe-public-external-gates.mjs +167 -0
  195. package/scripts/record-host-invocation.mjs +151 -0
  196. package/scripts/record-learning.mjs +137 -0
  197. package/scripts/record-public-channel-publication.mjs +178 -0
  198. package/scripts/record-public-ci-run.mjs +180 -0
  199. package/scripts/record-public-release.mjs +175 -0
  200. package/scripts/record-public-repository-settings.mjs +209 -0
  201. package/scripts/record-public-security-contact.mjs +157 -0
  202. package/scripts/run-gse-command.mjs +538 -0
  203. package/scripts/run-validation-profile.mjs +146 -0
  204. package/scripts/sign-gse-package.mjs +83 -0
  205. package/scripts/update-project-state.mjs +223 -0
  206. package/scripts/validate-gse.mjs +1168 -0
  207. package/scripts/verify-gse-package.mjs +85 -0
@@ -0,0 +1,292 @@
1
+ #!/usr/bin/env node
2
+ import fs from 'node:fs'
3
+ import path from 'node:path'
4
+
5
+ const args = process.argv.slice(2)
6
+
7
+ function readArg(name, fallback = null) {
8
+ const index = args.indexOf(name)
9
+ if (index === -1) return fallback
10
+ return args[index + 1] ?? fallback
11
+ }
12
+
13
+ const root = path.resolve(readArg('--root', path.join(import.meta.dirname, '..')))
14
+ const jsonOnly = args.includes('--json')
15
+
16
+ function read(relativePath) {
17
+ const fullPath = path.join(root, relativePath)
18
+ return fs.existsSync(fullPath) ? fs.readFileSync(fullPath, 'utf8') : ''
19
+ }
20
+
21
+ function exists(relativePath) {
22
+ return fs.existsSync(path.join(root, relativePath))
23
+ }
24
+
25
+ function check(id, label, ok, evidence, risk = '') {
26
+ return { id, label, status: ok ? 'passed' : 'failed', evidence, risk }
27
+ }
28
+
29
+ const masterPlan = read('.gse/gse-design-master-plan.md')
30
+ const goalMap = read('.gse/goal-map.md')
31
+ const currentSlice = read('.gse/current-slice.md')
32
+ const evidence = read('.gse/evidence/2026-07-05.md')
33
+ const validate = read('scripts/validate-gse.mjs')
34
+ const ownerAcceptanceRecorded =
35
+ evidence.includes('Owner-approved AION project-local GSE adoption acceptance') &&
36
+ evidence.includes('Evidence status: accepted') &&
37
+ evidence.includes('Accepted by: owner-approved project write policy')
38
+
39
+ const localCapabilityAudits = [
40
+ 'audit-gse.mjs',
41
+ 'audit-project.mjs',
42
+ 'audit-fixtures.mjs',
43
+ 'audit-adoption.mjs',
44
+ 'audit-host-adapters.mjs',
45
+ 'audit-compatibility.mjs',
46
+ 'audit-fresh-session-readiness.mjs',
47
+ 'audit-release-readiness.mjs',
48
+ 'audit-npm-package-metadata.mjs',
49
+ 'audit-update-release-acceptance.mjs',
50
+ 'audit-target-adoption-evidence.mjs',
51
+ 'audit-target-project.mjs',
52
+ 'audit-acceptance-execution-packet.mjs',
53
+ 'audit-roadmap-consistency.mjs',
54
+ 'audit-recovery-readiness.mjs',
55
+ 'audit-domain-quality-gates.mjs',
56
+ 'audit-adoption-recipes.mjs',
57
+ 'audit-commands.mjs',
58
+ 'audit-readme-docs.mjs',
59
+ 'generate-session-prompt.mjs',
60
+ 'run-gse-command.mjs',
61
+ 'audit-command-execution.mjs',
62
+ 'audit-close-gate.mjs',
63
+ 'update-project-state.mjs',
64
+ 'audit-v1-target-validation.mjs',
65
+ 'audit-command-adapters.mjs',
66
+ 'audit-change-lifecycle.mjs',
67
+ 'audit-remote-distribution.mjs',
68
+ 'audit-signing.mjs',
69
+ 'audit-release-trust.mjs',
70
+ 'audit-open-source-defaults.mjs',
71
+ 'audit-public-release-metadata.mjs',
72
+ 'record-public-release.mjs',
73
+ 'audit-public-release-decision.mjs',
74
+ 'audit-evidence-placeholders.mjs',
75
+ 'record-public-ci-run.mjs',
76
+ 'audit-public-ci-run.mjs',
77
+ 'audit-release-bundle.mjs',
78
+ 'generate-release-bundle.mjs',
79
+ 'audit-open-source-readiness.mjs',
80
+ 'audit-ci-readiness.mjs',
81
+ 'audit-public-collaboration-templates.mjs',
82
+ 'record-public-security-contact.mjs',
83
+ 'audit-public-security-contact.mjs',
84
+ 'record-public-repository-settings.mjs',
85
+ 'audit-public-repository-settings.mjs',
86
+ 'record-public-channel-publication.mjs',
87
+ 'audit-public-channel-publication.mjs',
88
+ 'audit-marketplace-discovery.mjs',
89
+ 'audit-validation-profiles.mjs',
90
+ 'audit-host-ui-invocation.mjs',
91
+ 'audit-host-runtime-invocations.mjs',
92
+ 'audit-host-runtime-invocation-drill.mjs',
93
+ 'audit-final-readiness.mjs',
94
+ 'audit-final-readiness-promotion.mjs',
95
+ 'audit-public-acceptance-readiness.mjs',
96
+ 'audit-public-acceptance-command-dry-run-drill.mjs',
97
+ 'audit-public-external-gate-probe.mjs',
98
+ 'audit-public-acceptance-handoff.mjs',
99
+ 'audit-release-status-manifest.mjs',
100
+ 'audit-release-owner-action-plan.mjs',
101
+ 'audit-public-release-checklist.mjs',
102
+ 'audit-release-owner-action-plan-drill.mjs',
103
+ 'audit-final-form-progress-report.mjs',
104
+ 'audit-local-final-form-completion.mjs',
105
+ 'audit-final-form-stale-copy.mjs',
106
+ 'audit-npm-tarball-install.mjs',
107
+ 'audit-npm-publish-dry-run.mjs',
108
+ 'audit-host-runtime-evidence-handoff.mjs',
109
+ 'audit-owner-external-gate-kit.mjs',
110
+ 'generate-final-acceptance-packet.mjs',
111
+ 'audit-final-acceptance-packet.mjs',
112
+ ]
113
+
114
+ const requiredArtifacts = [
115
+ 'SKILL.md',
116
+ '.gse/gse-design-master-plan.md',
117
+ '.gse/goal-map.md',
118
+ '.gse/current-slice.md',
119
+ 'assets/templates/acceptance-execution-packet.md',
120
+ 'assets/templates/target-adoption-evidence.md',
121
+ 'assets/templates/update-release-acceptance-record.md',
122
+ 'references/evidence-taxonomy.md',
123
+ 'references/forward-test.md',
124
+ 'references/adoption-recipes.md',
125
+ 'references/commands.md',
126
+ 'README.md',
127
+ 'README.zh-CN.md',
128
+ 'CONTRIBUTING.md',
129
+ 'SECURITY.md',
130
+ 'SUPPORT.md',
131
+ '.github/workflows/validate-gse.yml',
132
+ '.github/PULL_REQUEST_TEMPLATE.md',
133
+ '.github/ISSUE_TEMPLATE/bug_report.yml',
134
+ '.github/ISSUE_TEMPLATE/change_request.yml',
135
+ 'assets/templates/public-channel-publication-record.md',
136
+ 'assets/templates/public-ci-run-record.md',
137
+ 'assets/templates/public-security-contact-record.md',
138
+ 'assets/templates/public-repository-settings-record.md',
139
+ '.gse/state.json',
140
+ '.gse/evidence/index.jsonl',
141
+ 'scripts/generate-session-prompt.mjs',
142
+ 'scripts/run-gse-command.mjs',
143
+ 'scripts/audit-command-execution.mjs',
144
+ 'scripts/audit-close-gate.mjs',
145
+ 'scripts/update-project-state.mjs',
146
+ 'scripts/audit-v1-target-validation.mjs',
147
+ 'scripts/package-gse.mjs',
148
+ 'scripts/install-gse.mjs',
149
+ 'scripts/audit-npm-package-metadata.mjs',
150
+ 'scripts/generate-command-adapter.mjs',
151
+ 'scripts/audit-command-adapters.mjs',
152
+ 'scripts/close-change.mjs',
153
+ 'scripts/audit-change-lifecycle.mjs',
154
+ 'scripts/audit-remote-distribution.mjs',
155
+ 'scripts/sign-gse-package.mjs',
156
+ 'scripts/verify-gse-package.mjs',
157
+ 'scripts/audit-signing.mjs',
158
+ 'references/release-trust.md',
159
+ 'assets/templates/release-trust-record.md',
160
+ 'scripts/audit-release-trust.mjs',
161
+ 'scripts/audit-open-source-defaults.mjs',
162
+ 'references/public-release.md',
163
+ 'assets/templates/public-release-record.md',
164
+ 'scripts/audit-public-release-metadata.mjs',
165
+ 'scripts/record-public-release.mjs',
166
+ 'scripts/audit-public-release-decision.mjs',
167
+ 'scripts/audit-evidence-placeholders.mjs',
168
+ 'scripts/record-public-ci-run.mjs',
169
+ 'scripts/audit-public-ci-run.mjs',
170
+ 'scripts/generate-release-bundle.mjs',
171
+ 'scripts/audit-release-bundle.mjs',
172
+ 'scripts/audit-open-source-readiness.mjs',
173
+ 'scripts/audit-ci-readiness.mjs',
174
+ 'scripts/audit-public-collaboration-templates.mjs',
175
+ 'scripts/record-public-security-contact.mjs',
176
+ 'scripts/audit-public-security-contact.mjs',
177
+ 'scripts/record-public-repository-settings.mjs',
178
+ 'scripts/audit-public-repository-settings.mjs',
179
+ 'scripts/record-public-channel-publication.mjs',
180
+ 'scripts/audit-public-channel-publication.mjs',
181
+ '.gse/releases/public-release-owner-required.md',
182
+ '.gse/releases/public-security-contact-owner-required.md',
183
+ 'references/marketplace-discovery.md',
184
+ 'assets/marketplace/gse-listing.json',
185
+ 'scripts/audit-marketplace-discovery.mjs',
186
+ 'scripts/audit-validation-profiles.mjs',
187
+ 'scripts/run-validation-profile.mjs',
188
+ 'assets/templates/host-ui-invocation-record.md',
189
+ 'scripts/audit-host-ui-invocation.mjs',
190
+ 'scripts/record-host-invocation.mjs',
191
+ 'scripts/audit-host-runtime-invocations.mjs',
192
+ 'scripts/audit-host-runtime-invocation-drill.mjs',
193
+ 'references/final-readiness.md',
194
+ 'scripts/audit-final-readiness.mjs',
195
+ 'scripts/audit-final-readiness-promotion.mjs',
196
+ 'scripts/audit-public-acceptance-readiness.mjs',
197
+ 'scripts/audit-public-acceptance-command-dry-run-drill.mjs',
198
+ 'scripts/probe-public-external-gates.mjs',
199
+ 'scripts/audit-public-external-gate-probe.mjs',
200
+ 'scripts/generate-public-acceptance-handoff.mjs',
201
+ 'scripts/audit-public-acceptance-handoff.mjs',
202
+ 'scripts/generate-release-status-manifest.mjs',
203
+ 'scripts/audit-release-status-manifest.mjs',
204
+ 'scripts/generate-release-owner-action-plan.mjs',
205
+ 'scripts/audit-release-owner-action-plan.mjs',
206
+ 'scripts/generate-public-release-checklist.mjs',
207
+ 'scripts/audit-public-release-checklist.mjs',
208
+ 'scripts/audit-release-owner-action-plan-drill.mjs',
209
+ 'scripts/generate-final-form-progress-report.mjs',
210
+ 'scripts/audit-final-form-progress-report.mjs',
211
+ 'scripts/audit-local-final-form-completion.mjs',
212
+ 'scripts/audit-final-form-stale-copy.mjs',
213
+ 'scripts/audit-npm-tarball-install.mjs',
214
+ 'scripts/audit-npm-publish-dry-run.mjs',
215
+ 'scripts/generate-host-runtime-evidence-handoff.mjs',
216
+ 'scripts/audit-host-runtime-evidence-handoff.mjs',
217
+ 'scripts/generate-owner-external-gate-kit.mjs',
218
+ 'scripts/audit-owner-external-gate-kit.mjs',
219
+ 'scripts/generate-final-acceptance-packet.mjs',
220
+ 'scripts/audit-final-acceptance-packet.mjs',
221
+ '.gse/acceptance/final-form-progress-report.md',
222
+ '.gse/acceptance/final-form-progress-report.json',
223
+ '.gse/acceptance/public-acceptance-handoff.md',
224
+ '.gse/acceptance/release-status-manifest.json',
225
+ '.gse/acceptance/release-owner-action-plan.md',
226
+ '.gse/acceptance/public-release-checklist.md',
227
+ '.gse/acceptance/owner-external-gate-kit/README.md',
228
+ '.gse/acceptance/owner-external-gate-kit/kit-manifest.json',
229
+ '.gse/release-bundles/gse-release-bundle-audit/installable-package/gse-package-manifest.json',
230
+ '.gse/release-bundles/gse-release-bundle-audit/public-release-checklist.md',
231
+ '.gse/release-bundles/gse-release-bundle-audit/provenance.json',
232
+ '.gse/release-bundles/gse-release-bundle-audit/checksums.sha256',
233
+ ]
234
+
235
+ const checks = [
236
+ check('CR01', 'completion readiness audit is wired into validator', validate.includes('audit-completion-readiness.mjs'), 'scripts/validate-gse.mjs'),
237
+ check('CR02', 'all local capability audits are wired into validator', localCapabilityAudits.every((item) => validate.includes(item)), localCapabilityAudits.join(', ')),
238
+ check('CR03', 'required completion artifacts exist', requiredArtifacts.every(exists), requiredArtifacts.join(', ')),
239
+ check('CR04', 'master plan records verified v1 execution-state target validation and current license state', masterPlan.includes('owner-approved AION project-write acceptance is executed') && masterPlan.includes('Status: verified.') && masterPlan.includes('AION/MuseFlow v1 target validation are verified') && masterPlan.includes('MIT license decision') && !masterPlan.includes('owner license selection remains required before an accepted public release'), '.gse/gse-design-master-plan.md'),
240
+ check('CR05', 'current slice preserves required GSE slice fields after acceptance', currentSlice.includes('## Outcome') && currentSlice.includes('## Scope') && currentSlice.includes('## Acceptance') && currentSlice.includes('## Evidence Plan') && currentSlice.includes('## Risk') && currentSlice.includes('## Next Action'), '.gse/current-slice.md'),
241
+ check('CR06', 'goal map records v1 execution-state work as verified', goalMap.includes('GSE-008') && goalMap.includes('Productize v1.0 execution-state workflow') && goalMap.includes('verified') && goalMap.includes('audit-v1-target-validation.mjs'), '.gse/goal-map.md'),
242
+ check('CR07', 'evidence log records owner-approved external acceptance', ownerAcceptanceRecorded, '.gse/evidence/2026-07-05.md'),
243
+ check('CR08', 'final-form limits are explicit after current scope can be claimed', masterPlan.includes('Remaining final-form work is real public security contact approval, real public repository settings, public CI run, real public registry publication, real public marketplace approval, host-native slash-command support, and other host runtime invocation records.') && goalMap.includes('Final-form gaps'), 'control docs keep final-form limits scoped'),
244
+ ]
245
+
246
+ const passed = checks.filter((item) => item.status === 'passed').length
247
+ const failed = checks.length - passed
248
+ const report = {
249
+ root,
250
+ generatedAt: new Date().toISOString(),
251
+ summary: { status: failed === 0 ? 'passed' : 'failed', passed, failed, total: checks.length },
252
+ workflows: { completionReadiness: failed === 0 ? 'current-scope-validated' : 'failed' },
253
+ completionStatus: failed === 0 ? 'complete for current verified scope: target validation, local distribution, npm package metadata, npm tarball installability, remote URL distribution with integrity, package signing/verification, portable command execution, validation profiles, release trust policy, open-source defaults, public release metadata workflow, MIT license decision, public release decision lifecycle, public evidence placeholder rejection, public CI run record mechanics, public channel publication record mechanics, public external gate live probe mechanics, release bundle generation, release status manifest, release owner action plan, release owner action plan drill, open-source repository readiness, CI workflow readiness, public collaboration templates, public security contact record mechanics, public repository settings record mechanics, marketplace discovery metadata, host runtime invocation record mechanics, host runtime invocation fixture drill, host runtime evidence handoff, final readiness matrix, final readiness accepted-record promotion, public acceptance doctor, public acceptance command dry-run drill, public acceptance handoff, final-form progress report, final acceptance packet, owner/external gate kit and canonical freshness audit, final-form stale-copy audit, Codex text-command host invocation, command-adapter generation, and real-workspace change archive lifecycle are verified; public security contact acceptance, public repository settings evidence, public CI run, public registry publication, public marketplace approval, native slash-command support, and other host runtime invocation records remain external or owner-gated work' : 'not ready: roadmap or evidence state is inconsistent',
254
+ limits: [
255
+ 'This audit verifies GSE scaffold readiness and v1 execution-state target validation tracking.',
256
+ 'It does not certify arbitrary repositories, public registry publication, marketplace install, CI, MCP, LSP, subagent runtime, or fresh-session execution.',
257
+ 'It does not certify real remote-machine network conditions, marketplace approval, native slash-command execution, other host runtime invocation, or arbitrary repositories.',
258
+ ],
259
+ checks,
260
+ }
261
+
262
+ function renderMarkdown(data) {
263
+ const lines = []
264
+ lines.push('# GSE Completion Readiness Audit')
265
+ lines.push('')
266
+ lines.push('Generated: ' + data.generatedAt)
267
+ lines.push('Root: ' + data.root)
268
+ lines.push('')
269
+ lines.push('## Summary')
270
+ lines.push('')
271
+ lines.push('- Status: ' + data.summary.status)
272
+ lines.push('- Checks: ' + data.summary.passed + '/' + data.summary.total)
273
+ lines.push('- Completion readiness: ' + data.workflows.completionReadiness)
274
+ lines.push('- Completion status: ' + data.completionStatus)
275
+ lines.push('')
276
+ lines.push('## Checks')
277
+ lines.push('')
278
+ for (const item of data.checks) {
279
+ const marker = item.status === 'passed' ? '[x]' : '[ ]'
280
+ lines.push('- ' + marker + ' ' + item.id + ' ' + item.label + ': ' + item.evidence)
281
+ }
282
+ lines.push('')
283
+ lines.push('## Limits')
284
+ lines.push('')
285
+ for (const item of data.limits) lines.push('- ' + item)
286
+ return lines.join('\n') + '\n'
287
+ }
288
+
289
+ if (jsonOnly) console.log(JSON.stringify(report, null, 2))
290
+ else console.log(renderMarkdown(report))
291
+
292
+ if (failed > 0) process.exit(1)
@@ -0,0 +1,251 @@
1
+ #!/usr/bin/env node
2
+ import fs from 'node:fs'
3
+ import os from 'node:os'
4
+ import path from 'node:path'
5
+ import { spawnSync } from 'node:child_process'
6
+
7
+ const args = process.argv.slice(2)
8
+
9
+ function readArg(name, fallback = null) {
10
+ const index = args.indexOf(name)
11
+ if (index === -1) return fallback
12
+ return args[index + 1] ?? fallback
13
+ }
14
+
15
+ const root = path.resolve(readArg('--root', path.join(import.meta.dirname, '..')))
16
+ const jsonOnly = args.includes('--json')
17
+ const profile = readArg('--profile', 'full')
18
+ if (!['smoke', 'full'].includes(profile)) {
19
+ console.error('Unsupported --profile. Expected smoke or full.')
20
+ process.exit(1)
21
+ }
22
+ const smokeProfile = profile === 'smoke'
23
+
24
+ function run(command, commandArgs, cwd = root) {
25
+ const result = spawnSync(command, commandArgs, {
26
+ cwd,
27
+ encoding: 'utf8',
28
+ windowsHide: true,
29
+ })
30
+ return {
31
+ command: [command, ...commandArgs].join(' '),
32
+ status: result.status ?? 1,
33
+ stdout: (result.stdout ?? '').trim(),
34
+ stderr: (result.stderr ?? '').trim(),
35
+ }
36
+ }
37
+
38
+ function parseJson(text) {
39
+ try {
40
+ return JSON.parse(text)
41
+ } catch {
42
+ return null
43
+ }
44
+ }
45
+
46
+ function check(id, label, ok, evidence, risk = '') {
47
+ return { id, label, status: ok ? 'passed' : 'failed', evidence, risk }
48
+ }
49
+
50
+ function skipped(id, label, evidence, risk = '') {
51
+ return { id, label, status: 'skipped', evidence, risk }
52
+ }
53
+
54
+ function runInstalledPackageValidation(target) {
55
+ const validationCommands = [
56
+ ['audit-gse.mjs', ['--root', target, '--json']],
57
+ ['audit-project.mjs', ['--root', target, '--json']],
58
+ ['audit-fixtures.mjs', ['--root', target, '--json']],
59
+ ['audit-commands.mjs', ['--root', target, '--json']],
60
+ ['audit-command-execution.mjs', ['--root', target, '--profile', 'lite', '--json']],
61
+ ['audit-readme-docs.mjs', ['--root', target, '--json']],
62
+ ['audit-open-source-readiness.mjs', ['--root', target, '--json']],
63
+ ['audit-marketplace-discovery.mjs', ['--root', target, '--json']],
64
+ ['generate-session-prompt.mjs', ['--root', target, '--json']],
65
+ ]
66
+ const results = validationCommands.map(([script, commandArgs]) => {
67
+ const result = run(process.execPath, [path.join(target, 'scripts', script), ...commandArgs], target)
68
+ const parsed = parseJson(result.stdout)
69
+ const failed = parsed?.summary?.failed
70
+ const ok = result.status === 0 || failed === 0
71
+ return {
72
+ script,
73
+ command: result.command,
74
+ status: result.status,
75
+ ok,
76
+ summary: parsed?.summary ?? null,
77
+ stderr: result.stderr,
78
+ }
79
+ })
80
+ const passed = results.filter((item) => item.ok).length
81
+ const failed = results.length - passed
82
+ return {
83
+ command: 'installed package validation: ' + validationCommands.map(([script]) => script).join(', '),
84
+ status: failed === 0 ? 0 : 1,
85
+ stdout: JSON.stringify({
86
+ summary: {
87
+ status: failed === 0 ? 'passed' : 'failed',
88
+ passed,
89
+ failed,
90
+ total: results.length,
91
+ },
92
+ results,
93
+ limits: [
94
+ 'Installed-package validation checks portable skill structure, bootstrap fixtures, command semantics, lite command execution, README docs, open-source readiness, marketplace metadata, and session prompt generation.',
95
+ 'It intentionally excludes source-workspace-only roadmap, long evidence logs, release-bundle cache, and owner/external acceptance artifacts.',
96
+ ],
97
+ }),
98
+ stderr: results.filter((item) => !item.ok).map((item) => item.script + ': ' + item.stderr).filter(Boolean).join('\n'),
99
+ }
100
+ }
101
+
102
+ const scanExtensions = new Set(['.md', '.json', '.mjs', '.yaml', '.yml', '.txt'])
103
+ const forbiddenContentPatterns = [
104
+ { id: 'winUserHome', pattern: new RegExp(['C:', 'Users', 'Admin'].join('[\\\\\\\\/]'), 'i') },
105
+ { id: 'posixUserHome', pattern: new RegExp(['C:', 'Users', 'Admin'].join('/'), 'i') },
106
+ { id: 'workspaceRoot', pattern: new RegExp(['D:', 'codex'].join('[\\\\\\\\/]'), 'i') },
107
+ { id: 'aionWorkspace', pattern: new RegExp(['hermes', 'workspace'].join('[-_]'), 'i') },
108
+ { id: 'museflowWorkspace', pattern: new RegExp(['node', 'banana'].join('[-_]'), 'i') },
109
+ ]
110
+
111
+ function scanPackageLeaks(scanRoot) {
112
+ const findings = []
113
+
114
+ function visit(itemPath) {
115
+ if (!fs.existsSync(itemPath)) return
116
+ const stat = fs.statSync(itemPath)
117
+ if (stat.isDirectory()) {
118
+ for (const child of fs.readdirSync(itemPath)) visit(path.join(itemPath, child))
119
+ return
120
+ }
121
+ if (!stat.isFile()) return
122
+ const ext = path.extname(itemPath)
123
+ if (!scanExtensions.has(ext) && path.basename(itemPath) !== 'SKILL.md') return
124
+ const content = fs.readFileSync(itemPath, 'utf8')
125
+ for (const item of forbiddenContentPatterns) {
126
+ if (item.pattern.test(content)) {
127
+ findings.push({
128
+ file: path.relative(scanRoot, itemPath).replace(/\\/g, '/'),
129
+ pattern: item.id,
130
+ })
131
+ }
132
+ }
133
+ }
134
+
135
+ visit(scanRoot)
136
+ return findings
137
+ }
138
+
139
+ const tempRoot = fs.mkdtempSync(path.join(os.tmpdir(), 'gse-distribution-'))
140
+ const packageOut = path.join(tempRoot, 'package')
141
+ const installTarget = path.join(tempRoot, 'installed-gse')
142
+
143
+ const packageRun = run(process.execPath, [
144
+ path.join(root, 'scripts', 'package-gse.mjs'),
145
+ '--root',
146
+ root,
147
+ '--out',
148
+ packageOut,
149
+ '--label',
150
+ 'gse-audit',
151
+ '--json',
152
+ ])
153
+ const packageData = parseJson(packageRun.stdout)
154
+ const installRun = run(process.execPath, [
155
+ path.join(root, 'scripts', 'install-gse.mjs'),
156
+ '--source',
157
+ packageOut,
158
+ '--target',
159
+ installTarget,
160
+ '--json',
161
+ ])
162
+ const installData = parseJson(installRun.stdout)
163
+ const installedValidate = smokeProfile
164
+ ? { status: 0, command: 'skipped by --profile smoke', stdout: '', stderr: '' }
165
+ : runInstalledPackageValidation(installTarget)
166
+ const installedValidateData = parseJson(installedValidate.stdout)
167
+ const installedCli = run(process.execPath, [
168
+ path.join(installTarget, 'scripts', 'gse.mjs'),
169
+ 'status',
170
+ '--target',
171
+ installTarget,
172
+ '--json',
173
+ ], installTarget)
174
+ const installedCliData = parseJson(installedCli.stdout)
175
+
176
+ const manifestPath = path.join(packageOut, 'gse-package-manifest.json')
177
+ const manifestData = fs.existsSync(manifestPath) ? parseJson(fs.readFileSync(manifestPath, 'utf8')) : null
178
+ const packageLeakFindings = fs.existsSync(packageOut) ? scanPackageLeaks(packageOut) : []
179
+ const checks = [
180
+ check('D01', 'package script exists', fs.existsSync(path.join(root, 'scripts', 'package-gse.mjs')), 'scripts/package-gse.mjs'),
181
+ check('D02', 'install script exists', fs.existsSync(path.join(root, 'scripts', 'install-gse.mjs')), 'scripts/install-gse.mjs'),
182
+ check('D03', 'package command succeeds', packageRun.status === 0 && packageData?.status === 'written', packageRun.command),
183
+ check('D04', 'package manifest exists and includes core files', fs.existsSync(manifestPath) && packageData?.fileCount > 20, manifestPath),
184
+ check('D04b', 'package manifest does not expose local source root', manifestData && !Object.hasOwn(manifestData, 'sourceRoot') && !JSON.stringify(manifestData).includes(root), 'gse-package-manifest.json'),
185
+ check('D04c', 'package content does not expose local or pilot project paths', packageLeakFindings.length === 0, packageLeakFindings.length ? JSON.stringify(packageLeakFindings.slice(0, 10)) : 'no findings'),
186
+ check('D05', 'install command succeeds', installRun.status === 0 && installData?.status === 'passed', installRun.command),
187
+ check('D06', 'installed package has skill entrypoint', fs.existsSync(path.join(installTarget, 'SKILL.md')), 'installed SKILL.md'),
188
+ check('D07', 'installed package has validation script', fs.existsSync(path.join(installTarget, 'scripts', 'validate-gse.mjs')), 'installed validate-gse.mjs'),
189
+ smokeProfile
190
+ ? skipped('D08', 'installed package passes install-safe validation', installedValidate.command, 'Run --profile full for installed-copy validation.')
191
+ : check('D08', 'installed package passes install-safe validation', installedValidate.status === 0 && installedValidateData?.summary?.failed === 0, installedValidate.command),
192
+ check('D09', 'package manifest exposes short CLI entrypoint', manifestData?.entrypoints?.cli === 'scripts/gse.mjs' && fs.existsSync(path.join(installTarget, 'scripts', 'gse.mjs')), 'gse-package-manifest.json entrypoints.cli'),
193
+ check('D10', 'installed short CLI wrapper runs status command', installedCli.status === 0 && installedCliData?.command === '/gse status' && installedCliData?.project?.stateValid === true, installedCli.command),
194
+ check('D11', 'package and installed copy include Node package metadata', manifestData?.entrypoints?.nodePackage === 'package.json' && manifestData?.entrypoints?.npmPackageAudit === 'scripts/audit-npm-package-metadata.mjs' && fs.existsSync(path.join(installTarget, 'package.json')), 'package.json and npm package audit entrypoint'),
195
+ ]
196
+
197
+ const passed = checks.filter((item) => item.status === 'passed').length
198
+ const skippedCount = checks.filter((item) => item.status === 'skipped').length
199
+ const failed = checks.filter((item) => item.status === 'failed').length
200
+ const report = {
201
+ root,
202
+ generatedAt: new Date().toISOString(),
203
+ tempRoot,
204
+ profile,
205
+ summary: { status: failed === 0 ? 'passed' : 'failed', passed, failed, skipped: skippedCount, total: checks.length },
206
+ workflows: {
207
+ localPackage: packageRun.status === 0 ? 'verified' : 'failed',
208
+ localInstall: installRun.status === 0 ? 'verified' : 'failed',
209
+ installedValidation: smokeProfile ? 'skipped' : installedValidate.status === 0 ? 'verified' : 'failed',
210
+ },
211
+ commands: [packageRun.command, installRun.command, installedValidate.command, installedCli.command],
212
+ limits: [
213
+ 'This audit verifies local file-based package, install, and installed-copy validation.',
214
+ 'Use --profile smoke for routine package/install/CLI checks; use --profile full before release or when installed-package validation matters.',
215
+ 'Installed-package validation intentionally excludes source-workspace-only roadmap, long evidence logs, release-bundle cache, and owner/external acceptance artifacts.',
216
+ 'It does not publish to a registry, verify marketplace discovery, sign artifacts, or test remote machine installation.',
217
+ ],
218
+ checks,
219
+ }
220
+
221
+ function renderMarkdown(data) {
222
+ const lines = []
223
+ lines.push('# GSE Distribution Audit')
224
+ lines.push('')
225
+ lines.push('Generated: ' + data.generatedAt)
226
+ lines.push('Root: ' + data.root)
227
+ lines.push('Temp root: ' + data.tempRoot)
228
+ lines.push('Profile: ' + data.profile)
229
+ lines.push('')
230
+ lines.push('## Summary')
231
+ lines.push('')
232
+ lines.push('- Status: ' + data.summary.status)
233
+ lines.push('- Checks: ' + data.summary.passed + ' passed, ' + data.summary.failed + ' failed, ' + data.summary.skipped + ' skipped, ' + data.summary.total + ' total')
234
+ lines.push('')
235
+ lines.push('## Checks')
236
+ lines.push('')
237
+ for (const item of data.checks) {
238
+ const marker = item.status === 'passed' ? '[x]' : item.status === 'skipped' ? '[-]' : '[ ]'
239
+ lines.push('- ' + marker + ' ' + item.id + ' ' + item.label + ': ' + item.evidence)
240
+ }
241
+ lines.push('')
242
+ lines.push('## Limits')
243
+ lines.push('')
244
+ for (const item of data.limits) lines.push('- ' + item)
245
+ return lines.join('\n') + '\n'
246
+ }
247
+
248
+ if (jsonOnly) console.log(JSON.stringify(report, null, 2))
249
+ else console.log(renderMarkdown(report))
250
+
251
+ if (failed > 0) process.exit(1)
@@ -0,0 +1,108 @@
1
+ #!/usr/bin/env node
2
+ import fs from 'node:fs'
3
+ import path from 'node:path'
4
+
5
+ const args = process.argv.slice(2)
6
+
7
+ function readArg(name, fallback = null) {
8
+ const index = args.indexOf(name)
9
+ if (index === -1) return fallback
10
+ return args[index + 1] ?? fallback
11
+ }
12
+
13
+ const root = path.resolve(readArg('--root', path.join(import.meta.dirname, '..')))
14
+ const jsonOnly = args.includes('--json')
15
+
16
+ function read(relativePath) {
17
+ const fullPath = path.join(root, relativePath)
18
+ return fs.existsSync(fullPath) ? fs.readFileSync(fullPath, 'utf8') : ''
19
+ }
20
+
21
+ function exists(relativePath) {
22
+ return fs.existsSync(path.join(root, relativePath))
23
+ }
24
+
25
+ function check(id, label, ok, evidence, risk = '') {
26
+ return { id, label, status: ok ? 'passed' : 'failed', evidence, risk }
27
+ }
28
+
29
+ const domain = read('references/domain-quality-gates.md')
30
+ const quality = read('references/quality-gates.md')
31
+ const review = read('references/review.md')
32
+ const architecture = read('references/architecture-health.md')
33
+ const skill = read('SKILL.md')
34
+
35
+ const domains = [
36
+ 'Security/privacy',
37
+ 'Performance/cost',
38
+ 'Accessibility',
39
+ 'Resilience/recovery',
40
+ 'UI/browser',
41
+ 'API/state',
42
+ 'Data/migration',
43
+ 'Model/tool routing',
44
+ 'Release/operations',
45
+ ]
46
+ const evidenceTerms = ['File inspection', 'Focused tests', 'API smokes', 'Browser smokes', 'Architecture/review scans']
47
+ const outputFields = ['Domain gates selected:', 'Why selected:', 'Evidence run:', 'Evidence status:', 'Unverified tools:', 'Residual risk:', 'Next action:']
48
+ const scaleTerms = ['Lite', 'Standard', 'Enterprise']
49
+
50
+ const checks = [
51
+ check('DQ01', 'domain quality gates reference exists', exists('references/domain-quality-gates.md'), 'references/domain-quality-gates.md'),
52
+ check('DQ02', 'SKILL routes domain quality gates', skill.includes('references/domain-quality-gates.md'), 'SKILL.md Reference Routing'),
53
+ check('DQ03', 'quality-gates routes to domain gates', quality.includes('references/domain-quality-gates.md') && quality.includes('## Domain Gates'), 'references/quality-gates.md'),
54
+ check('DQ04', 'review protocol routes to domain gates', review.includes('references/domain-quality-gates.md'), 'references/review.md'),
55
+ check('DQ05', 'all required domains are represented', domains.every((item) => domain.includes(item)), domains.join(', ')),
56
+ check('DQ06', 'scale adaptation is explicit', scaleTerms.every((item) => domain.includes(item)) && domain.includes('Lite work should not inherit every gate by default'), 'Lite, Standard, Enterprise'),
57
+ check('DQ07', 'evidence taxonomy routing is explicit', domain.includes('references/evidence-taxonomy.md') && domain.includes('result') && domain.includes('verified') && domain.includes('accepted'), 'evidence taxonomy labels'),
58
+ check('DQ08', 'tool execution is not faked', domain.includes('Do not claim scan, benchmark, browser, accessibility, security, or resilience results unless') && domain.includes('actually executed'), 'tool execution claim rule'),
59
+ check('DQ09', 'minimum evidence mapping covers major evidence modes', evidenceTerms.every((item) => domain.includes(item)), evidenceTerms.join(', ')),
60
+ check('DQ10', 'output format includes selected gates and residual risk', outputFields.every((item) => domain.includes(item)), outputFields.join(', ')),
61
+ check('DQ11', 'architecture health covers performance and resilience risk', architecture.includes('Performance And Resilience') && architecture.includes('migration') && architecture.includes('release'), 'references/architecture-health.md'),
62
+ check('DQ12', 'quality gates remain risk-based instead of mandatory for every task', domain.includes('Pick only the gates that match the changed behavior and project risk') && quality.includes('Do not force all gates onto Lite tasks'), 'risk-based gate language'),
63
+ ]
64
+
65
+ const passed = checks.filter((item) => item.status === 'passed').length
66
+ const failed = checks.length - passed
67
+ const report = {
68
+ root,
69
+ generatedAt: new Date().toISOString(),
70
+ summary: { status: failed === 0 ? 'passed' : 'failed', passed, failed, total: checks.length },
71
+ workflows: { domainQualityGates: failed === 0 ? 'verified' : 'failed' },
72
+ limits: [
73
+ 'Domain quality gate audit verifies reusable guidance and routing; it does not run project-specific security scans, benchmarks, accessibility tools, browser tests, or API smokes.',
74
+ 'Projects must still execute the selected gates with their own commands, tools, owners, and evidence.',
75
+ ],
76
+ checks,
77
+ }
78
+
79
+ function renderMarkdown(data) {
80
+ const lines = []
81
+ lines.push('# GSE Domain Quality Gate Audit')
82
+ lines.push('')
83
+ lines.push('Generated: ' + data.generatedAt)
84
+ lines.push('Root: ' + data.root)
85
+ lines.push('')
86
+ lines.push('## Summary')
87
+ lines.push('')
88
+ lines.push('- Status: ' + data.summary.status)
89
+ lines.push('- Checks: ' + data.summary.passed + '/' + data.summary.total)
90
+ lines.push('- Domain quality gates: ' + data.workflows.domainQualityGates)
91
+ lines.push('')
92
+ lines.push('## Checks')
93
+ lines.push('')
94
+ for (const item of data.checks) {
95
+ const marker = item.status === 'passed' ? '[x]' : '[ ]'
96
+ lines.push('- ' + marker + ' ' + item.id + ' ' + item.label + ': ' + item.evidence)
97
+ }
98
+ lines.push('')
99
+ lines.push('## Limits')
100
+ lines.push('')
101
+ for (const item of data.limits) lines.push('- ' + item)
102
+ return lines.join('\n') + '\n'
103
+ }
104
+
105
+ if (jsonOnly) console.log(JSON.stringify(report, null, 2))
106
+ else console.log(renderMarkdown(report))
107
+
108
+ if (failed > 0) process.exit(1)