@t275005746/gse 0.1.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/.github/ISSUE_TEMPLATE/bug_report.yml +42 -0
- package/.github/ISSUE_TEMPLATE/change_request.yml +50 -0
- package/.github/ISSUE_TEMPLATE/config.yml +5 -0
- package/.github/PULL_REQUEST_TEMPLATE.md +38 -0
- package/.github/workflows/validate-gse.yml +33 -0
- package/.gse/README.md +18 -0
- package/.gse/gse-development-protocol.md +50 -0
- package/.gse/project-profile.md +29 -0
- package/.gse/quality-gates.md +25 -0
- package/.gse/releases/public-channel-publication-pending.md +49 -0
- package/.gse/releases/public-ci-run-pending.md +53 -0
- package/.gse/releases/public-release-owner-required.md +65 -0
- package/.gse/releases/public-repository-settings-owner-required.md +59 -0
- package/.gse/releases/public-security-contact-owner-required.md +45 -0
- package/.gse/state.json +27 -0
- package/CHANGELOG.md +24 -0
- package/CONTRIBUTING.md +64 -0
- package/LICENSE +21 -0
- package/README.md +236 -0
- package/README.zh-CN.md +236 -0
- package/SECURITY.md +41 -0
- package/SKILL.md +148 -0
- package/SUPPORT.md +38 -0
- package/agents/openai.yaml +4 -0
- package/assets/marketplace/README.md +7 -0
- package/assets/marketplace/gse-listing.json +75 -0
- package/assets/templates/acceptance-execution-packet.md +73 -0
- package/assets/templates/adr.md +14 -0
- package/assets/templates/change-brief.md +16 -0
- package/assets/templates/design.md +18 -0
- package/assets/templates/dispatch-packet.md +104 -0
- package/assets/templates/evidence.md +14 -0
- package/assets/templates/execution-quality-pack.md +65 -0
- package/assets/templates/goal-map.md +21 -0
- package/assets/templates/host-adapter.md +48 -0
- package/assets/templates/host-ui-invocation-record.md +42 -0
- package/assets/templates/incident-review.md +60 -0
- package/assets/templates/public-channel-publication-record.md +49 -0
- package/assets/templates/public-ci-run-record.md +53 -0
- package/assets/templates/public-release-record.md +65 -0
- package/assets/templates/public-repository-settings-record.md +59 -0
- package/assets/templates/public-security-contact-record.md +45 -0
- package/assets/templates/release-trust-record.md +32 -0
- package/assets/templates/review.md +18 -0
- package/assets/templates/spec.md +16 -0
- package/assets/templates/target-adoption-evidence.md +29 -0
- package/assets/templates/tasks.md +17 -0
- package/assets/templates/update-release-acceptance-record.md +58 -0
- package/examples/README.md +22 -0
- package/examples/agent-runtime-host/.claude/gse-adapter.md +6 -0
- package/examples/agent-runtime-host/.codex/gse-adapter.md +7 -0
- package/examples/agent-runtime-host/.gse/goal-map.md +7 -0
- package/examples/agent-runtime-host/.gse/project-profile.md +27 -0
- package/examples/agent-runtime-host/.gse/tooling.md +5 -0
- package/examples/agent-runtime-host/.mcp.json +9 -0
- package/examples/agent-runtime-host/AGENTS.md +5 -0
- package/examples/agent-runtime-host/README.md +10 -0
- package/examples/agent-runtime-host/docs/model-routing.md +5 -0
- package/examples/cli-tool/.gse/project-profile.md +21 -0
- package/examples/cli-tool/AGENTS.md +5 -0
- package/examples/cli-tool/README.md +12 -0
- package/examples/cli-tool/package.json +21 -0
- package/examples/small-app/.env.example +2 -0
- package/examples/small-app/.github/workflows/ci.yml +8 -0
- package/examples/small-app/AGENTS.md +5 -0
- package/examples/small-app/README.md +12 -0
- package/examples/small-app/package.json +26 -0
- package/examples/small-app/playwright.config.ts +4 -0
- package/package.json +53 -0
- package/references/adoption-recipes.md +171 -0
- package/references/agent-roles.md +49 -0
- package/references/architecture-health.md +101 -0
- package/references/benchmark-audit.md +73 -0
- package/references/commands.md +295 -0
- package/references/community-channels.md +46 -0
- package/references/compatibility.md +70 -0
- package/references/design-basis.md +38 -0
- package/references/domain-model.md +129 -0
- package/references/domain-quality-gates.md +75 -0
- package/references/drift-audit.md +81 -0
- package/references/evidence-taxonomy.md +123 -0
- package/references/file-ownership.md +107 -0
- package/references/final-readiness.md +84 -0
- package/references/forward-test.md +133 -0
- package/references/goal-map.md +36 -0
- package/references/host-adapters.md +119 -0
- package/references/learning-system.md +35 -0
- package/references/marketplace-discovery.md +46 -0
- package/references/model-routing.md +103 -0
- package/references/open-source-defaults.md +39 -0
- package/references/operating-model.md +52 -0
- package/references/packaging.md +277 -0
- package/references/project-agent-workspace.md +89 -0
- package/references/project-bootstrap.md +122 -0
- package/references/project-profile.md +57 -0
- package/references/public-release.md +174 -0
- package/references/quality-gates.md +100 -0
- package/references/recovery.md +176 -0
- package/references/release-trust.md +43 -0
- package/references/release.md +126 -0
- package/references/review.md +141 -0
- package/references/router.md +90 -0
- package/references/spec-workflow.md +66 -0
- package/references/task-levels.md +81 -0
- package/references/tool-adapters.md +73 -0
- package/scripts/audit-acceptance-execution-packet.mjs +133 -0
- package/scripts/audit-adoption-recipes.mjs +99 -0
- package/scripts/audit-adoption.mjs +154 -0
- package/scripts/audit-change-lifecycle.mjs +77 -0
- package/scripts/audit-change-system.mjs +134 -0
- package/scripts/audit-ci-readiness.mjs +107 -0
- package/scripts/audit-close-gate.mjs +323 -0
- package/scripts/audit-command-adapters.mjs +91 -0
- package/scripts/audit-command-execution.mjs +210 -0
- package/scripts/audit-commands.mjs +117 -0
- package/scripts/audit-compatibility.mjs +149 -0
- package/scripts/audit-completion-readiness.mjs +292 -0
- package/scripts/audit-distribution.mjs +251 -0
- package/scripts/audit-domain-quality-gates.mjs +108 -0
- package/scripts/audit-evidence-placeholders.mjs +126 -0
- package/scripts/audit-final-acceptance-packet.mjs +148 -0
- package/scripts/audit-final-form-progress-report.mjs +161 -0
- package/scripts/audit-final-form-stale-copy.mjs +221 -0
- package/scripts/audit-final-readiness-promotion.mjs +255 -0
- package/scripts/audit-final-readiness.mjs +226 -0
- package/scripts/audit-fixtures.mjs +154 -0
- package/scripts/audit-fresh-session-readiness.mjs +177 -0
- package/scripts/audit-gse.mjs +275 -0
- package/scripts/audit-host-adapters.mjs +119 -0
- package/scripts/audit-host-runtime-evidence-handoff.mjs +159 -0
- package/scripts/audit-host-runtime-invocation-drill.mjs +240 -0
- package/scripts/audit-host-runtime-invocations.mjs +254 -0
- package/scripts/audit-host-ui-invocation.mjs +132 -0
- package/scripts/audit-learning-system.mjs +103 -0
- package/scripts/audit-local-final-form-completion.mjs +131 -0
- package/scripts/audit-marketplace-discovery.mjs +122 -0
- package/scripts/audit-npm-package-metadata.mjs +155 -0
- package/scripts/audit-npm-publish-dry-run.mjs +169 -0
- package/scripts/audit-npm-tarball-install.mjs +191 -0
- package/scripts/audit-open-source-defaults.mjs +92 -0
- package/scripts/audit-open-source-readiness.mjs +97 -0
- package/scripts/audit-owner-external-gate-kit.mjs +218 -0
- package/scripts/audit-project.mjs +323 -0
- package/scripts/audit-public-acceptance-command-dry-run-drill.mjs +203 -0
- package/scripts/audit-public-acceptance-handoff.mjs +142 -0
- package/scripts/audit-public-acceptance-readiness.mjs +224 -0
- package/scripts/audit-public-channel-publication.mjs +248 -0
- package/scripts/audit-public-ci-run.mjs +184 -0
- package/scripts/audit-public-collaboration-templates.mjs +98 -0
- package/scripts/audit-public-external-gate-probe.mjs +206 -0
- package/scripts/audit-public-release-checklist.mjs +133 -0
- package/scripts/audit-public-release-decision.mjs +201 -0
- package/scripts/audit-public-release-metadata.mjs +176 -0
- package/scripts/audit-public-repository-settings.mjs +237 -0
- package/scripts/audit-public-security-contact.mjs +171 -0
- package/scripts/audit-readme-docs.mjs +185 -0
- package/scripts/audit-recovery-readiness.mjs +98 -0
- package/scripts/audit-release-bundle.mjs +251 -0
- package/scripts/audit-release-owner-action-plan-drill.mjs +277 -0
- package/scripts/audit-release-owner-action-plan.mjs +164 -0
- package/scripts/audit-release-readiness.mjs +106 -0
- package/scripts/audit-release-status-manifest.mjs +165 -0
- package/scripts/audit-release-trust.mjs +62 -0
- package/scripts/audit-remote-distribution.mjs +266 -0
- package/scripts/audit-roadmap-consistency.mjs +235 -0
- package/scripts/audit-signing.mjs +147 -0
- package/scripts/audit-state-freshness.mjs +113 -0
- package/scripts/audit-target-adoption-evidence.mjs +117 -0
- package/scripts/audit-target-project.mjs +507 -0
- package/scripts/audit-update-release-acceptance.mjs +136 -0
- package/scripts/audit-v1-target-validation.mjs +269 -0
- package/scripts/audit-validation-profiles.mjs +125 -0
- package/scripts/close-change.mjs +116 -0
- package/scripts/discover-project-profile.mjs +307 -0
- package/scripts/forward-test-gse.mjs +146 -0
- package/scripts/generate-command-adapter.mjs +231 -0
- package/scripts/generate-final-acceptance-packet.mjs +181 -0
- package/scripts/generate-final-form-progress-report.mjs +205 -0
- package/scripts/generate-host-adapter.mjs +73 -0
- package/scripts/generate-host-runtime-evidence-handoff.mjs +206 -0
- package/scripts/generate-owner-external-gate-kit.mjs +295 -0
- package/scripts/generate-public-acceptance-handoff.mjs +168 -0
- package/scripts/generate-public-release-checklist.mjs +207 -0
- package/scripts/generate-release-bundle.mjs +505 -0
- package/scripts/generate-release-owner-action-plan.mjs +172 -0
- package/scripts/generate-release-status-manifest.mjs +200 -0
- package/scripts/generate-session-prompt.mjs +188 -0
- package/scripts/gse.mjs +67 -0
- package/scripts/init-change.mjs +265 -0
- package/scripts/init-project.mjs +785 -0
- package/scripts/install-gse.mjs +234 -0
- package/scripts/lib/evidence-placeholders.mjs +28 -0
- package/scripts/package-gse.mjs +174 -0
- package/scripts/probe-public-external-gates.mjs +167 -0
- package/scripts/record-host-invocation.mjs +151 -0
- package/scripts/record-learning.mjs +137 -0
- package/scripts/record-public-channel-publication.mjs +178 -0
- package/scripts/record-public-ci-run.mjs +180 -0
- package/scripts/record-public-release.mjs +175 -0
- package/scripts/record-public-repository-settings.mjs +209 -0
- package/scripts/record-public-security-contact.mjs +157 -0
- package/scripts/run-gse-command.mjs +538 -0
- package/scripts/run-validation-profile.mjs +146 -0
- package/scripts/sign-gse-package.mjs +83 -0
- package/scripts/update-project-state.mjs +223 -0
- package/scripts/validate-gse.mjs +1168 -0
- package/scripts/verify-gse-package.mjs +85 -0
package/CONTRIBUTING.md
ADDED
|
@@ -0,0 +1,64 @@
|
|
|
1
|
+
# Contributing to GSE
|
|
2
|
+
|
|
3
|
+
Thanks for helping improve GSE.
|
|
4
|
+
|
|
5
|
+
GSE is a workflow skill and project scaffold for agent-assisted software engineering. Contributions should make long-running project work more explicit, verifiable, portable, or easier to recover.
|
|
6
|
+
|
|
7
|
+
## What To Contribute
|
|
8
|
+
|
|
9
|
+
Good contributions usually fit one of these paths:
|
|
10
|
+
|
|
11
|
+
- Improve the Goal -> Spec -> Execute -> Evidence -> Learn workflow.
|
|
12
|
+
- Add or tighten an audit script.
|
|
13
|
+
- Improve project scaffold templates.
|
|
14
|
+
- Clarify host adapter boundaries.
|
|
15
|
+
- Add examples that prove a workflow in a small, reproducible project.
|
|
16
|
+
- Fix documentation that overstates support or leaves future agents guessing.
|
|
17
|
+
|
|
18
|
+
Avoid changes that make optional tools mandatory unless there is a clear fallback path.
|
|
19
|
+
|
|
20
|
+
## Development Rules
|
|
21
|
+
|
|
22
|
+
- Keep `SKILL.md` short and route details into `references/`.
|
|
23
|
+
- Prefer scripts and templates over repeated prose when behavior must be repeatable.
|
|
24
|
+
- Do not claim support for a host, marketplace, model, MCP server, subagent, or slash command unless there is evidence.
|
|
25
|
+
- Keep evidence statuses honest: `result`, `verified`, or `accepted`.
|
|
26
|
+
- Do not choose a public license on behalf of the owner. Use `references/public-release.md` and `scripts/record-public-release.mjs`.
|
|
27
|
+
|
|
28
|
+
## Validation
|
|
29
|
+
|
|
30
|
+
Before proposing a change, run:
|
|
31
|
+
|
|
32
|
+
```text
|
|
33
|
+
node scripts/validate-gse.mjs --root <gse-root> --json
|
|
34
|
+
```
|
|
35
|
+
|
|
36
|
+
For packaging or install behavior, also run:
|
|
37
|
+
|
|
38
|
+
```text
|
|
39
|
+
node scripts/audit-distribution.mjs --root <gse-root> --json
|
|
40
|
+
node scripts/audit-remote-distribution.mjs --root <gse-root> --json
|
|
41
|
+
```
|
|
42
|
+
|
|
43
|
+
For public release handoff, also run:
|
|
44
|
+
|
|
45
|
+
```text
|
|
46
|
+
node scripts/audit-release-bundle.mjs --root <gse-root> --json
|
|
47
|
+
node scripts/audit-public-release-metadata.mjs --root <gse-root> --json
|
|
48
|
+
```
|
|
49
|
+
|
|
50
|
+
## Evidence
|
|
51
|
+
|
|
52
|
+
Record meaningful changes in `.gse/evidence/YYYY-MM-DD.md` and append a compact record to `.gse/evidence/index.jsonl`.
|
|
53
|
+
|
|
54
|
+
Do not paste secrets, raw provider payloads, private reasoning, long command logs, screenshots, or noisy transient output into evidence files.
|
|
55
|
+
|
|
56
|
+
## Review
|
|
57
|
+
|
|
58
|
+
Review should check:
|
|
59
|
+
|
|
60
|
+
- The change maps to `.gse/goal-map.md` or the design master plan.
|
|
61
|
+
- Scope did not expand silently.
|
|
62
|
+
- Validation covers the changed behavior.
|
|
63
|
+
- Unsupported claims remain explicit.
|
|
64
|
+
- Installed-copy validation still passes when package behavior changes.
|
package/LICENSE
ADDED
|
@@ -0,0 +1,21 @@
|
|
|
1
|
+
MIT License
|
|
2
|
+
|
|
3
|
+
Copyright (c) 2026 GSE contributors
|
|
4
|
+
|
|
5
|
+
Permission is hereby granted, free of charge, to any person obtaining a copy
|
|
6
|
+
of this software and associated documentation files (the "Software"), to deal
|
|
7
|
+
in the Software without restriction, including without limitation the rights
|
|
8
|
+
to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
|
|
9
|
+
copies of the Software, and to permit persons to whom the Software is
|
|
10
|
+
furnished to do so, subject to the following conditions:
|
|
11
|
+
|
|
12
|
+
The above copyright notice and this permission notice shall be included in all
|
|
13
|
+
copies or substantial portions of the Software.
|
|
14
|
+
|
|
15
|
+
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
|
|
16
|
+
IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
|
|
17
|
+
FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
|
|
18
|
+
AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
|
|
19
|
+
LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
|
|
20
|
+
OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
|
|
21
|
+
SOFTWARE.
|
package/README.md
ADDED
|
@@ -0,0 +1,236 @@
|
|
|
1
|
+
# GSE
|
|
2
|
+
|
|
3
|
+
English | [简体中文](README.zh-CN.md)
|
|
4
|
+
|
|
5
|
+
Goal-Spec-Evidence Engineering for long-running agent-assisted software projects.
|
|
6
|
+
|
|
7
|
+
GSE gives coding agents and human teams a small project workspace for goals, specs, execution notes, evidence, and handoff. It keeps the next change clear, the proof close to the work, and future sessions easy to resume.
|
|
8
|
+
|
|
9
|
+
It is designed for agentic engineering, spec-driven development, SDD-style project work, and evidence-based delivery across different AI coding hosts.
|
|
10
|
+
|
|
11
|
+
```text
|
|
12
|
+
Goal -> Spec -> Execute -> Evidence -> Learn
|
|
13
|
+
```
|
|
14
|
+
|
|
15
|
+
## Highlights
|
|
16
|
+
|
|
17
|
+
- Project-local `.gse/` workspace for durable engineering context
|
|
18
|
+
- Goal maps, change specs, quality gates, evidence logs, and handoff notes
|
|
19
|
+
- Lite, standard, and enterprise scaffolds for different project sizes
|
|
20
|
+
- Portable `/gse ...` command semantics for Codex, Claude Code, Hermes-style runtimes, WorkBuddy, and similar agent hosts
|
|
21
|
+
- Focused validation profiles for day-to-day work and release checks
|
|
22
|
+
- Optional adapters for host folders, LSP notes, MCP notes, hooks, plugins, and project skills
|
|
23
|
+
- Release, packaging, public-collaboration, and evidence-gate workflows for mature projects
|
|
24
|
+
|
|
25
|
+
## Installation
|
|
26
|
+
|
|
27
|
+
Use GSE from a checked-out copy:
|
|
28
|
+
|
|
29
|
+
```bash
|
|
30
|
+
node scripts/validate-gse.mjs --root . --json
|
|
31
|
+
```
|
|
32
|
+
|
|
33
|
+
Package a checked-out copy for handoff:
|
|
34
|
+
|
|
35
|
+
```bash
|
|
36
|
+
node scripts/package-gse.mjs --root . --out <package-dir> --label <release-label>
|
|
37
|
+
```
|
|
38
|
+
|
|
39
|
+
Install from a local package:
|
|
40
|
+
|
|
41
|
+
```bash
|
|
42
|
+
node scripts/install-gse.mjs --source <package-dir> --target <install-skill-dir>
|
|
43
|
+
```
|
|
44
|
+
|
|
45
|
+
Install from a URL-shaped package source:
|
|
46
|
+
|
|
47
|
+
```bash
|
|
48
|
+
node scripts/install-gse.mjs --source-url <file-or-http-package-url> --target <install-skill-dir>
|
|
49
|
+
```
|
|
50
|
+
|
|
51
|
+
For release bundles, signing, and trust records, see `references/packaging.md`.
|
|
52
|
+
|
|
53
|
+
## Quick Start
|
|
54
|
+
|
|
55
|
+
Initialize GSE in a project:
|
|
56
|
+
|
|
57
|
+
```bash
|
|
58
|
+
node scripts/init-project.mjs --target <project-root>
|
|
59
|
+
```
|
|
60
|
+
|
|
61
|
+
Choose a scaffold explicitly when you already know the project shape:
|
|
62
|
+
|
|
63
|
+
```bash
|
|
64
|
+
node scripts/init-project.mjs --target <project-root> --mode lite
|
|
65
|
+
node scripts/init-project.mjs --target <project-root> --mode standard
|
|
66
|
+
node scripts/init-project.mjs --target <project-root> --mode enterprise
|
|
67
|
+
```
|
|
68
|
+
|
|
69
|
+
Inspect a project without writing files:
|
|
70
|
+
|
|
71
|
+
```bash
|
|
72
|
+
node scripts/discover-project-profile.mjs --target <project-root> --json
|
|
73
|
+
```
|
|
74
|
+
|
|
75
|
+
Validate this GSE package:
|
|
76
|
+
|
|
77
|
+
```bash
|
|
78
|
+
node scripts/validate-gse.mjs --root . --json
|
|
79
|
+
```
|
|
80
|
+
|
|
81
|
+
Check Node package metadata before publishing or handoff:
|
|
82
|
+
|
|
83
|
+
```bash
|
|
84
|
+
node scripts/audit-npm-package-metadata.mjs --root . --json
|
|
85
|
+
node scripts/audit-npm-tarball-install.mjs --root . --json
|
|
86
|
+
node scripts/audit-npm-publish-dry-run.mjs --root . --json
|
|
87
|
+
npm pack --dry-run --json
|
|
88
|
+
```
|
|
89
|
+
|
|
90
|
+
## When To Use GSE
|
|
91
|
+
|
|
92
|
+
Use GSE when:
|
|
93
|
+
|
|
94
|
+
- the project will continue across many agent sessions,
|
|
95
|
+
- requirements and decisions are getting buried in chat history,
|
|
96
|
+
- each change needs a clear scope and acceptance check,
|
|
97
|
+
- multiple agents, workers, tools, or model routes touch the same project,
|
|
98
|
+
- you want evidence before calling work done.
|
|
99
|
+
|
|
100
|
+
For a small one-off task, use the lightest path. For a product, runtime, platform, or open-source release, use the stricter gates.
|
|
101
|
+
|
|
102
|
+
## How It Works
|
|
103
|
+
|
|
104
|
+
GSE keeps five things visible:
|
|
105
|
+
|
|
106
|
+
| Step | Purpose |
|
|
107
|
+
|---|---|
|
|
108
|
+
| Goal | Keep the north star, current focus, risks, and next slices visible. |
|
|
109
|
+
| Spec | Define the current change before implementation drifts. |
|
|
110
|
+
| Execute | Follow the project rules and existing code patterns. |
|
|
111
|
+
| Evidence | Prove the change with focused tests, API smokes, browser smokes, review, or structural checks. |
|
|
112
|
+
| Learn | Record reusable lessons and promote repeated failures into gates or templates. |
|
|
113
|
+
|
|
114
|
+
The workflow scales by risk: light for small changes, stricter for shared behavior, release work, security-sensitive work, and cross-host claims.
|
|
115
|
+
|
|
116
|
+
## What It Creates
|
|
117
|
+
|
|
118
|
+
GSE creates a portable `.gse/` workspace inside the target project.
|
|
119
|
+
|
|
120
|
+
| Mode | Adds | Good for |
|
|
121
|
+
|---|---|---|
|
|
122
|
+
| `lite` | Goal map, project profile, quality gates, tooling notes, evidence logs, change templates | Small projects, low-risk tasks, first adoption |
|
|
123
|
+
| `standard` | Everything in `lite`, plus agent roles, dispatch notes, project skills, LSP/index notes | Projects that agents will continue over time |
|
|
124
|
+
| `enterprise` | Everything in `standard`, plus hooks, MCP notes, plugins, release notes, incident review, audit notes, host adapters | Larger projects, multiple hosts, runtime integrations, governance |
|
|
125
|
+
| `auto` | Selects a conservative scaffold from project signals | When you want GSE to choose |
|
|
126
|
+
|
|
127
|
+
Large projects can start directly with `standard` or `enterprise`.
|
|
128
|
+
|
|
129
|
+
## Project Layout
|
|
130
|
+
|
|
131
|
+
Typical workspace:
|
|
132
|
+
|
|
133
|
+
```text
|
|
134
|
+
.gse/
|
|
135
|
+
README.md
|
|
136
|
+
project-profile.md
|
|
137
|
+
goal-map.md
|
|
138
|
+
goals/
|
|
139
|
+
quality-gates.md
|
|
140
|
+
tooling.md
|
|
141
|
+
changes/
|
|
142
|
+
evidence/
|
|
143
|
+
templates/
|
|
144
|
+
```
|
|
145
|
+
|
|
146
|
+
Standard and enterprise projects may also include:
|
|
147
|
+
|
|
148
|
+
```text
|
|
149
|
+
.gse/
|
|
150
|
+
agents/
|
|
151
|
+
skills/
|
|
152
|
+
lsp/
|
|
153
|
+
hooks/
|
|
154
|
+
mcp/
|
|
155
|
+
plugins/
|
|
156
|
+
release.md
|
|
157
|
+
incident-review.md
|
|
158
|
+
audit.md
|
|
159
|
+
```
|
|
160
|
+
|
|
161
|
+
Use `.gse/goal-map.md` as the short index. Put module-level detail under `.gse/goals/`. Keep existing product roadmaps, architecture docs, and project rules where they already live; point to them from GSE instead of copying them.
|
|
162
|
+
|
|
163
|
+
## Commands
|
|
164
|
+
|
|
165
|
+
GSE defines portable command meanings that agents can follow when they can read this skill:
|
|
166
|
+
|
|
167
|
+
```text
|
|
168
|
+
/gse help
|
|
169
|
+
/gse init
|
|
170
|
+
/gse adopt
|
|
171
|
+
/gse continue
|
|
172
|
+
/gse status
|
|
173
|
+
/gse doctor
|
|
174
|
+
/gse acceptance
|
|
175
|
+
/gse owner-actions
|
|
176
|
+
/gse probe
|
|
177
|
+
/gse release
|
|
178
|
+
/gse package
|
|
179
|
+
/gse install
|
|
180
|
+
/gse public-release
|
|
181
|
+
/gse change
|
|
182
|
+
/gse slice
|
|
183
|
+
/gse verify
|
|
184
|
+
/gse learn
|
|
185
|
+
/gse audit
|
|
186
|
+
/gse close
|
|
187
|
+
```
|
|
188
|
+
|
|
189
|
+
`/gse close` is a read-only readiness check. Use `scripts/close-change.mjs` when you need to archive a named change pack after evidence exists.
|
|
190
|
+
|
|
191
|
+
Portable runner:
|
|
192
|
+
|
|
193
|
+
```bash
|
|
194
|
+
node scripts/gse.mjs continue --target <project-root>
|
|
195
|
+
node scripts/run-gse-command.mjs --target <project-root> --command "/gse continue"
|
|
196
|
+
node scripts/run-gse-command.mjs --target <project-root> --command "/gse learn --summary <lesson>" --execute --json
|
|
197
|
+
```
|
|
198
|
+
|
|
199
|
+
Validation profiles:
|
|
200
|
+
|
|
201
|
+
```bash
|
|
202
|
+
node scripts/run-validation-profile.mjs --target <project-root> --profile lite
|
|
203
|
+
node scripts/run-validation-profile.mjs --target <project-root> --profile standard
|
|
204
|
+
node scripts/run-validation-profile.mjs --target <project-root> --profile enterprise
|
|
205
|
+
node scripts/run-validation-profile.mjs --target <project-root> --profile release
|
|
206
|
+
```
|
|
207
|
+
|
|
208
|
+
## Evidence Model
|
|
209
|
+
|
|
210
|
+
GSE uses three evidence levels:
|
|
211
|
+
|
|
212
|
+
```text
|
|
213
|
+
result -> verified -> accepted
|
|
214
|
+
```
|
|
215
|
+
|
|
216
|
+
- `result`: an artifact exists or a command ran.
|
|
217
|
+
- `verified`: focused checks prove the behavior in the current environment.
|
|
218
|
+
- `accepted`: the project owner, policy, CI gate, release gate, review gate, or product acceptance gate accepts the verified result.
|
|
219
|
+
|
|
220
|
+
This keeps normal product work fast while still making release, security, and cross-host claims auditable.
|
|
221
|
+
|
|
222
|
+
## Documentation
|
|
223
|
+
|
|
224
|
+
- `SKILL.md`: agent entrypoint and routing rules
|
|
225
|
+
- `references/`: workflow references and deeper operating notes
|
|
226
|
+
- `scripts/`: project bootstrap, validation, release, and audit helpers
|
|
227
|
+
- `assets/templates/`: reusable records and handoff templates
|
|
228
|
+
- `README.zh-CN.md`: Chinese README
|
|
229
|
+
|
|
230
|
+
## Community
|
|
231
|
+
|
|
232
|
+
GateHub ([gatehub.top](https://gatehub.top/)) supports GSE development and contributor collaboration.
|
|
233
|
+
|
|
234
|
+
## License
|
|
235
|
+
|
|
236
|
+
MIT. See `LICENSE`.
|
package/README.zh-CN.md
ADDED
|
@@ -0,0 +1,236 @@
|
|
|
1
|
+
# GSE
|
|
2
|
+
|
|
3
|
+
[English](README.md) | 简体中文
|
|
4
|
+
|
|
5
|
+
面向长期 agent 辅助软件项目的 Goal-Spec-Evidence Engineering。
|
|
6
|
+
|
|
7
|
+
GSE 给 coding agent 和团队一个很小的项目工作区,用来保存目标、规格、执行说明、证据和交接信息。它让下一步更清楚,让验证贴近代码,让后续会话更容易接上。
|
|
8
|
+
|
|
9
|
+
它适合 agentic engineering、spec-driven development、SDD 风格的项目推进,也适合需要证据闭环的 AI coding agent 工作流。
|
|
10
|
+
|
|
11
|
+
```text
|
|
12
|
+
Goal -> Spec -> Execute -> Evidence -> Learn
|
|
13
|
+
```
|
|
14
|
+
|
|
15
|
+
## 亮点
|
|
16
|
+
|
|
17
|
+
- 项目本地 `.gse/` 工作区,用来保存长期工程上下文
|
|
18
|
+
- 目标地图、变更规格、质量门、证据日志和交接记录
|
|
19
|
+
- `lite`、`standard`、`enterprise` 三种脚手架,适配不同规模项目
|
|
20
|
+
- 面向 Codex、Claude Code、Hermes-style runtimes、WorkBuddy 等 host 的可迁移 `/gse ...` 命令语义
|
|
21
|
+
- 面向日常开发和发布检查的 focused validation profiles
|
|
22
|
+
- 可选 host folders、LSP、MCP、hooks、plugins、project skills 适配说明
|
|
23
|
+
- 面向成熟项目的 release、packaging、public collaboration 和 evidence gate 工作流
|
|
24
|
+
|
|
25
|
+
## 安装
|
|
26
|
+
|
|
27
|
+
从已检出的 GSE 副本直接使用:
|
|
28
|
+
|
|
29
|
+
```bash
|
|
30
|
+
node scripts/validate-gse.mjs --root . --json
|
|
31
|
+
```
|
|
32
|
+
|
|
33
|
+
把已检出的副本打包给其他环境:
|
|
34
|
+
|
|
35
|
+
```bash
|
|
36
|
+
node scripts/package-gse.mjs --root . --out <package-dir> --label <release-label>
|
|
37
|
+
```
|
|
38
|
+
|
|
39
|
+
从本地包安装:
|
|
40
|
+
|
|
41
|
+
```bash
|
|
42
|
+
node scripts/install-gse.mjs --source <package-dir> --target <install-skill-dir>
|
|
43
|
+
```
|
|
44
|
+
|
|
45
|
+
从 URL 形式的包源安装:
|
|
46
|
+
|
|
47
|
+
```bash
|
|
48
|
+
node scripts/install-gse.mjs --source-url <file-or-http-package-url> --target <install-skill-dir>
|
|
49
|
+
```
|
|
50
|
+
|
|
51
|
+
发布包、签名和信任记录见 `references/packaging.md`。
|
|
52
|
+
|
|
53
|
+
## 快速开始
|
|
54
|
+
|
|
55
|
+
给项目初始化 GSE:
|
|
56
|
+
|
|
57
|
+
```bash
|
|
58
|
+
node scripts/init-project.mjs --target <project-root>
|
|
59
|
+
```
|
|
60
|
+
|
|
61
|
+
如果已经知道项目形态,可以直接指定模式:
|
|
62
|
+
|
|
63
|
+
```bash
|
|
64
|
+
node scripts/init-project.mjs --target <project-root> --mode lite
|
|
65
|
+
node scripts/init-project.mjs --target <project-root> --mode standard
|
|
66
|
+
node scripts/init-project.mjs --target <project-root> --mode enterprise
|
|
67
|
+
```
|
|
68
|
+
|
|
69
|
+
只读检查项目画像:
|
|
70
|
+
|
|
71
|
+
```bash
|
|
72
|
+
node scripts/discover-project-profile.mjs --target <project-root> --json
|
|
73
|
+
```
|
|
74
|
+
|
|
75
|
+
验证 GSE 包:
|
|
76
|
+
|
|
77
|
+
```bash
|
|
78
|
+
node scripts/validate-gse.mjs --root . --json
|
|
79
|
+
```
|
|
80
|
+
|
|
81
|
+
发布或交接前检查 Node package metadata:
|
|
82
|
+
|
|
83
|
+
```bash
|
|
84
|
+
node scripts/audit-npm-package-metadata.mjs --root . --json
|
|
85
|
+
node scripts/audit-npm-tarball-install.mjs --root . --json
|
|
86
|
+
node scripts/audit-npm-publish-dry-run.mjs --root . --json
|
|
87
|
+
npm pack --dry-run --json
|
|
88
|
+
```
|
|
89
|
+
|
|
90
|
+
## 什么时候用 GSE
|
|
91
|
+
|
|
92
|
+
适合这些情况:
|
|
93
|
+
|
|
94
|
+
- 项目会跨很多 agent 会话持续推进,
|
|
95
|
+
- 需求和决策开始埋在聊天历史里,
|
|
96
|
+
- 每次变更都需要清楚的范围和验收方式,
|
|
97
|
+
- 多个 agents、workers、tools 或 model routes 会碰同一个项目,
|
|
98
|
+
- 希望先有证据,再说完成。
|
|
99
|
+
|
|
100
|
+
小型一次性任务可以走最轻路径。产品、runtime、平台或开源发布可以启用更严格的质量门。
|
|
101
|
+
|
|
102
|
+
## 工作方式
|
|
103
|
+
|
|
104
|
+
GSE 始终让五件事可见:
|
|
105
|
+
|
|
106
|
+
| 步骤 | 作用 |
|
|
107
|
+
|---|---|
|
|
108
|
+
| Goal | 记录北极星、当前焦点、风险和下一刀。 |
|
|
109
|
+
| Spec | 在实现漂移前定义当前变更。 |
|
|
110
|
+
| Execute | 按项目规则和现有代码模式执行。 |
|
|
111
|
+
| Evidence | 用 focused tests、API smokes、browser smokes、review 或结构检查证明结果。 |
|
|
112
|
+
| Learn | 记录可复用经验,把重复问题提升为质量门或模板。 |
|
|
113
|
+
|
|
114
|
+
流程按风险伸缩:小变更保持轻量;共享行为、发布、安全敏感和跨 host 声明走更严格的验证。
|
|
115
|
+
|
|
116
|
+
## 会创建什么
|
|
117
|
+
|
|
118
|
+
GSE 会在目标项目里创建一个可迁移的 `.gse/` 工作区。
|
|
119
|
+
|
|
120
|
+
| 模式 | 创建内容 | 适合场景 |
|
|
121
|
+
|---|---|---|
|
|
122
|
+
| `lite` | 目标地图、项目画像、质量门、工具说明、证据日志、变更模板 | 小项目、低风险任务、首次接入 |
|
|
123
|
+
| `standard` | 包含 `lite`,并增加 agent 角色、派发说明、项目 skills、LSP/index 说明 | 会持续由 agent 接续开发的项目 |
|
|
124
|
+
| `enterprise` | 包含 `standard`,并增加 hooks、MCP、plugins、release、incident review、audit、host adapters | 大型项目、多 host、runtime 集成、治理 |
|
|
125
|
+
| `auto` | 根据项目线索选择保守脚手架 | 希望 GSE 自动选择时 |
|
|
126
|
+
|
|
127
|
+
大项目第一次接入也可以直接使用 `standard` 或 `enterprise`。
|
|
128
|
+
|
|
129
|
+
## 项目结构
|
|
130
|
+
|
|
131
|
+
典型工作区:
|
|
132
|
+
|
|
133
|
+
```text
|
|
134
|
+
.gse/
|
|
135
|
+
README.md
|
|
136
|
+
project-profile.md
|
|
137
|
+
goal-map.md
|
|
138
|
+
goals/
|
|
139
|
+
quality-gates.md
|
|
140
|
+
tooling.md
|
|
141
|
+
changes/
|
|
142
|
+
evidence/
|
|
143
|
+
templates/
|
|
144
|
+
```
|
|
145
|
+
|
|
146
|
+
`standard` 和 `enterprise` 项目还可能包含:
|
|
147
|
+
|
|
148
|
+
```text
|
|
149
|
+
.gse/
|
|
150
|
+
agents/
|
|
151
|
+
skills/
|
|
152
|
+
lsp/
|
|
153
|
+
hooks/
|
|
154
|
+
mcp/
|
|
155
|
+
plugins/
|
|
156
|
+
release.md
|
|
157
|
+
incident-review.md
|
|
158
|
+
audit.md
|
|
159
|
+
```
|
|
160
|
+
|
|
161
|
+
`.gse/goal-map.md` 是短索引。模块级详情放在 `.gse/goals/`。已有产品路线图、架构文档和项目规则可以继续留在原位置,由 GSE 指向它们,不需要搬进 `.gse/`。
|
|
162
|
+
|
|
163
|
+
## 命令
|
|
164
|
+
|
|
165
|
+
GSE 定义了一组可迁移命令语义,能读取这个 skill 的 agent 可以按这些命令执行:
|
|
166
|
+
|
|
167
|
+
```text
|
|
168
|
+
/gse help
|
|
169
|
+
/gse init
|
|
170
|
+
/gse adopt
|
|
171
|
+
/gse continue
|
|
172
|
+
/gse status
|
|
173
|
+
/gse doctor
|
|
174
|
+
/gse acceptance
|
|
175
|
+
/gse owner-actions
|
|
176
|
+
/gse probe
|
|
177
|
+
/gse release
|
|
178
|
+
/gse package
|
|
179
|
+
/gse install
|
|
180
|
+
/gse public-release
|
|
181
|
+
/gse change
|
|
182
|
+
/gse slice
|
|
183
|
+
/gse verify
|
|
184
|
+
/gse learn
|
|
185
|
+
/gse audit
|
|
186
|
+
/gse close
|
|
187
|
+
```
|
|
188
|
+
|
|
189
|
+
`/gse close` 是只读的收口就绪检查。需要在证据存在后归档某个 change pack 时,使用 `scripts/close-change.mjs`。
|
|
190
|
+
|
|
191
|
+
可迁移 runner:
|
|
192
|
+
|
|
193
|
+
```bash
|
|
194
|
+
node scripts/gse.mjs continue --target <project-root>
|
|
195
|
+
node scripts/run-gse-command.mjs --target <project-root> --command "/gse continue"
|
|
196
|
+
node scripts/run-gse-command.mjs --target <project-root> --command "/gse learn --summary <lesson>" --execute --json
|
|
197
|
+
```
|
|
198
|
+
|
|
199
|
+
验证 profile:
|
|
200
|
+
|
|
201
|
+
```bash
|
|
202
|
+
node scripts/run-validation-profile.mjs --target <project-root> --profile lite
|
|
203
|
+
node scripts/run-validation-profile.mjs --target <project-root> --profile standard
|
|
204
|
+
node scripts/run-validation-profile.mjs --target <project-root> --profile enterprise
|
|
205
|
+
node scripts/run-validation-profile.mjs --target <project-root> --profile release
|
|
206
|
+
```
|
|
207
|
+
|
|
208
|
+
## 证据模型
|
|
209
|
+
|
|
210
|
+
GSE 使用三层证据:
|
|
211
|
+
|
|
212
|
+
```text
|
|
213
|
+
result -> verified -> accepted
|
|
214
|
+
```
|
|
215
|
+
|
|
216
|
+
- `result`:产物存在,或者命令已经执行。
|
|
217
|
+
- `verified`:focused checks 证明当前环境里的行为有效。
|
|
218
|
+
- `accepted`:项目 owner、策略、CI gate、release gate、review gate 或产品验收门接受 verified 结果。
|
|
219
|
+
|
|
220
|
+
这样日常产品切片可以保持快速,发布、安全和跨 host 声明也能被追踪和审计。
|
|
221
|
+
|
|
222
|
+
## 文档
|
|
223
|
+
|
|
224
|
+
- `SKILL.md`:agent 入口和路由规则
|
|
225
|
+
- `references/`:工作流参考和更深的运行说明
|
|
226
|
+
- `scripts/`:项目初始化、验证、发布和审计 helper
|
|
227
|
+
- `assets/templates/`:可复用记录和交接模板
|
|
228
|
+
- `README.md`:英文 README
|
|
229
|
+
|
|
230
|
+
## 社区
|
|
231
|
+
|
|
232
|
+
GateHub([gatehub.top](https://gatehub.top/))支持 GSE 的开发和贡献者协作。
|
|
233
|
+
|
|
234
|
+
## License
|
|
235
|
+
|
|
236
|
+
MIT。见 `LICENSE`。
|
package/SECURITY.md
ADDED
|
@@ -0,0 +1,41 @@
|
|
|
1
|
+
# Security Policy
|
|
2
|
+
|
|
3
|
+
GSE is an agent workflow skill and scaffold. Security reports may involve scripts, generated project files, host adapters, package/install behavior, signing, release trust, or documentation that could cause unsafe claims.
|
|
4
|
+
|
|
5
|
+
## Supported Scope
|
|
6
|
+
|
|
7
|
+
Security-relevant areas include:
|
|
8
|
+
|
|
9
|
+
- Package, install, URL install, manifest integrity, signing, and verification scripts.
|
|
10
|
+
- Generated host adapters and command pointers.
|
|
11
|
+
- Tool permission guidance, MCP/tool routing guidance, and release trust policy.
|
|
12
|
+
- Evidence, logs, and templates that could leak secrets or raw provider payloads.
|
|
13
|
+
- Documentation that could cause agents to bypass owner approval, license decisions, or unsupported host boundaries.
|
|
14
|
+
|
|
15
|
+
## Reporting
|
|
16
|
+
|
|
17
|
+
Until a public security contact is chosen, do not publish exploit details in public issues.
|
|
18
|
+
|
|
19
|
+
Use the project owner's private reporting channel. If no channel exists, record the issue privately in the maintainers' current coordination channel and mark the public release status as blocked until a contact path exists.
|
|
20
|
+
|
|
21
|
+
Minimum report contents:
|
|
22
|
+
|
|
23
|
+
- Affected GSE version, release label, or commit.
|
|
24
|
+
- Affected file or generated artifact.
|
|
25
|
+
- Reproduction steps.
|
|
26
|
+
- Impact and likely affected users or hosts.
|
|
27
|
+
- Whether secrets, credentials, private prompts, provider payloads, or user data are involved.
|
|
28
|
+
- Suggested mitigation if known.
|
|
29
|
+
|
|
30
|
+
## Handling
|
|
31
|
+
|
|
32
|
+
- Do not claim a fix is verified until a focused reproduction or audit proves the changed behavior.
|
|
33
|
+
- Do not publish a release if signing, package integrity, or owner trust evidence is contradicted.
|
|
34
|
+
- If a public package may be affected, use `references/release-trust.md` and `assets/templates/release-trust-record.md` to record revocation, rotation, and follow-up.
|
|
35
|
+
- If a project-local GSE scaffold is affected, notify the affected project session or maintainer with the exact files and validation commands.
|
|
36
|
+
|
|
37
|
+
## Current Limits
|
|
38
|
+
|
|
39
|
+
- No public vulnerability disclosure address has been owner-approved yet.
|
|
40
|
+
- Public marketplace approval and registry publication are not verified.
|
|
41
|
+
- Host-native slash-command support is not verified unless a host-specific invocation record exists.
|