@t275005746/gse 0.1.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (207) hide show
  1. package/.github/ISSUE_TEMPLATE/bug_report.yml +42 -0
  2. package/.github/ISSUE_TEMPLATE/change_request.yml +50 -0
  3. package/.github/ISSUE_TEMPLATE/config.yml +5 -0
  4. package/.github/PULL_REQUEST_TEMPLATE.md +38 -0
  5. package/.github/workflows/validate-gse.yml +33 -0
  6. package/.gse/README.md +18 -0
  7. package/.gse/gse-development-protocol.md +50 -0
  8. package/.gse/project-profile.md +29 -0
  9. package/.gse/quality-gates.md +25 -0
  10. package/.gse/releases/public-channel-publication-pending.md +49 -0
  11. package/.gse/releases/public-ci-run-pending.md +53 -0
  12. package/.gse/releases/public-release-owner-required.md +65 -0
  13. package/.gse/releases/public-repository-settings-owner-required.md +59 -0
  14. package/.gse/releases/public-security-contact-owner-required.md +45 -0
  15. package/.gse/state.json +27 -0
  16. package/CHANGELOG.md +24 -0
  17. package/CONTRIBUTING.md +64 -0
  18. package/LICENSE +21 -0
  19. package/README.md +236 -0
  20. package/README.zh-CN.md +236 -0
  21. package/SECURITY.md +41 -0
  22. package/SKILL.md +148 -0
  23. package/SUPPORT.md +38 -0
  24. package/agents/openai.yaml +4 -0
  25. package/assets/marketplace/README.md +7 -0
  26. package/assets/marketplace/gse-listing.json +75 -0
  27. package/assets/templates/acceptance-execution-packet.md +73 -0
  28. package/assets/templates/adr.md +14 -0
  29. package/assets/templates/change-brief.md +16 -0
  30. package/assets/templates/design.md +18 -0
  31. package/assets/templates/dispatch-packet.md +104 -0
  32. package/assets/templates/evidence.md +14 -0
  33. package/assets/templates/execution-quality-pack.md +65 -0
  34. package/assets/templates/goal-map.md +21 -0
  35. package/assets/templates/host-adapter.md +48 -0
  36. package/assets/templates/host-ui-invocation-record.md +42 -0
  37. package/assets/templates/incident-review.md +60 -0
  38. package/assets/templates/public-channel-publication-record.md +49 -0
  39. package/assets/templates/public-ci-run-record.md +53 -0
  40. package/assets/templates/public-release-record.md +65 -0
  41. package/assets/templates/public-repository-settings-record.md +59 -0
  42. package/assets/templates/public-security-contact-record.md +45 -0
  43. package/assets/templates/release-trust-record.md +32 -0
  44. package/assets/templates/review.md +18 -0
  45. package/assets/templates/spec.md +16 -0
  46. package/assets/templates/target-adoption-evidence.md +29 -0
  47. package/assets/templates/tasks.md +17 -0
  48. package/assets/templates/update-release-acceptance-record.md +58 -0
  49. package/examples/README.md +22 -0
  50. package/examples/agent-runtime-host/.claude/gse-adapter.md +6 -0
  51. package/examples/agent-runtime-host/.codex/gse-adapter.md +7 -0
  52. package/examples/agent-runtime-host/.gse/goal-map.md +7 -0
  53. package/examples/agent-runtime-host/.gse/project-profile.md +27 -0
  54. package/examples/agent-runtime-host/.gse/tooling.md +5 -0
  55. package/examples/agent-runtime-host/.mcp.json +9 -0
  56. package/examples/agent-runtime-host/AGENTS.md +5 -0
  57. package/examples/agent-runtime-host/README.md +10 -0
  58. package/examples/agent-runtime-host/docs/model-routing.md +5 -0
  59. package/examples/cli-tool/.gse/project-profile.md +21 -0
  60. package/examples/cli-tool/AGENTS.md +5 -0
  61. package/examples/cli-tool/README.md +12 -0
  62. package/examples/cli-tool/package.json +21 -0
  63. package/examples/small-app/.env.example +2 -0
  64. package/examples/small-app/.github/workflows/ci.yml +8 -0
  65. package/examples/small-app/AGENTS.md +5 -0
  66. package/examples/small-app/README.md +12 -0
  67. package/examples/small-app/package.json +26 -0
  68. package/examples/small-app/playwright.config.ts +4 -0
  69. package/package.json +53 -0
  70. package/references/adoption-recipes.md +171 -0
  71. package/references/agent-roles.md +49 -0
  72. package/references/architecture-health.md +101 -0
  73. package/references/benchmark-audit.md +73 -0
  74. package/references/commands.md +295 -0
  75. package/references/community-channels.md +46 -0
  76. package/references/compatibility.md +70 -0
  77. package/references/design-basis.md +38 -0
  78. package/references/domain-model.md +129 -0
  79. package/references/domain-quality-gates.md +75 -0
  80. package/references/drift-audit.md +81 -0
  81. package/references/evidence-taxonomy.md +123 -0
  82. package/references/file-ownership.md +107 -0
  83. package/references/final-readiness.md +84 -0
  84. package/references/forward-test.md +133 -0
  85. package/references/goal-map.md +36 -0
  86. package/references/host-adapters.md +119 -0
  87. package/references/learning-system.md +35 -0
  88. package/references/marketplace-discovery.md +46 -0
  89. package/references/model-routing.md +103 -0
  90. package/references/open-source-defaults.md +39 -0
  91. package/references/operating-model.md +52 -0
  92. package/references/packaging.md +277 -0
  93. package/references/project-agent-workspace.md +89 -0
  94. package/references/project-bootstrap.md +122 -0
  95. package/references/project-profile.md +57 -0
  96. package/references/public-release.md +174 -0
  97. package/references/quality-gates.md +100 -0
  98. package/references/recovery.md +176 -0
  99. package/references/release-trust.md +43 -0
  100. package/references/release.md +126 -0
  101. package/references/review.md +141 -0
  102. package/references/router.md +90 -0
  103. package/references/spec-workflow.md +66 -0
  104. package/references/task-levels.md +81 -0
  105. package/references/tool-adapters.md +73 -0
  106. package/scripts/audit-acceptance-execution-packet.mjs +133 -0
  107. package/scripts/audit-adoption-recipes.mjs +99 -0
  108. package/scripts/audit-adoption.mjs +154 -0
  109. package/scripts/audit-change-lifecycle.mjs +77 -0
  110. package/scripts/audit-change-system.mjs +134 -0
  111. package/scripts/audit-ci-readiness.mjs +107 -0
  112. package/scripts/audit-close-gate.mjs +323 -0
  113. package/scripts/audit-command-adapters.mjs +91 -0
  114. package/scripts/audit-command-execution.mjs +210 -0
  115. package/scripts/audit-commands.mjs +117 -0
  116. package/scripts/audit-compatibility.mjs +149 -0
  117. package/scripts/audit-completion-readiness.mjs +292 -0
  118. package/scripts/audit-distribution.mjs +251 -0
  119. package/scripts/audit-domain-quality-gates.mjs +108 -0
  120. package/scripts/audit-evidence-placeholders.mjs +126 -0
  121. package/scripts/audit-final-acceptance-packet.mjs +148 -0
  122. package/scripts/audit-final-form-progress-report.mjs +161 -0
  123. package/scripts/audit-final-form-stale-copy.mjs +221 -0
  124. package/scripts/audit-final-readiness-promotion.mjs +255 -0
  125. package/scripts/audit-final-readiness.mjs +226 -0
  126. package/scripts/audit-fixtures.mjs +154 -0
  127. package/scripts/audit-fresh-session-readiness.mjs +177 -0
  128. package/scripts/audit-gse.mjs +275 -0
  129. package/scripts/audit-host-adapters.mjs +119 -0
  130. package/scripts/audit-host-runtime-evidence-handoff.mjs +159 -0
  131. package/scripts/audit-host-runtime-invocation-drill.mjs +240 -0
  132. package/scripts/audit-host-runtime-invocations.mjs +254 -0
  133. package/scripts/audit-host-ui-invocation.mjs +132 -0
  134. package/scripts/audit-learning-system.mjs +103 -0
  135. package/scripts/audit-local-final-form-completion.mjs +131 -0
  136. package/scripts/audit-marketplace-discovery.mjs +122 -0
  137. package/scripts/audit-npm-package-metadata.mjs +155 -0
  138. package/scripts/audit-npm-publish-dry-run.mjs +169 -0
  139. package/scripts/audit-npm-tarball-install.mjs +191 -0
  140. package/scripts/audit-open-source-defaults.mjs +92 -0
  141. package/scripts/audit-open-source-readiness.mjs +97 -0
  142. package/scripts/audit-owner-external-gate-kit.mjs +218 -0
  143. package/scripts/audit-project.mjs +323 -0
  144. package/scripts/audit-public-acceptance-command-dry-run-drill.mjs +203 -0
  145. package/scripts/audit-public-acceptance-handoff.mjs +142 -0
  146. package/scripts/audit-public-acceptance-readiness.mjs +224 -0
  147. package/scripts/audit-public-channel-publication.mjs +248 -0
  148. package/scripts/audit-public-ci-run.mjs +184 -0
  149. package/scripts/audit-public-collaboration-templates.mjs +98 -0
  150. package/scripts/audit-public-external-gate-probe.mjs +206 -0
  151. package/scripts/audit-public-release-checklist.mjs +133 -0
  152. package/scripts/audit-public-release-decision.mjs +201 -0
  153. package/scripts/audit-public-release-metadata.mjs +176 -0
  154. package/scripts/audit-public-repository-settings.mjs +237 -0
  155. package/scripts/audit-public-security-contact.mjs +171 -0
  156. package/scripts/audit-readme-docs.mjs +185 -0
  157. package/scripts/audit-recovery-readiness.mjs +98 -0
  158. package/scripts/audit-release-bundle.mjs +251 -0
  159. package/scripts/audit-release-owner-action-plan-drill.mjs +277 -0
  160. package/scripts/audit-release-owner-action-plan.mjs +164 -0
  161. package/scripts/audit-release-readiness.mjs +106 -0
  162. package/scripts/audit-release-status-manifest.mjs +165 -0
  163. package/scripts/audit-release-trust.mjs +62 -0
  164. package/scripts/audit-remote-distribution.mjs +266 -0
  165. package/scripts/audit-roadmap-consistency.mjs +235 -0
  166. package/scripts/audit-signing.mjs +147 -0
  167. package/scripts/audit-state-freshness.mjs +113 -0
  168. package/scripts/audit-target-adoption-evidence.mjs +117 -0
  169. package/scripts/audit-target-project.mjs +507 -0
  170. package/scripts/audit-update-release-acceptance.mjs +136 -0
  171. package/scripts/audit-v1-target-validation.mjs +269 -0
  172. package/scripts/audit-validation-profiles.mjs +125 -0
  173. package/scripts/close-change.mjs +116 -0
  174. package/scripts/discover-project-profile.mjs +307 -0
  175. package/scripts/forward-test-gse.mjs +146 -0
  176. package/scripts/generate-command-adapter.mjs +231 -0
  177. package/scripts/generate-final-acceptance-packet.mjs +181 -0
  178. package/scripts/generate-final-form-progress-report.mjs +205 -0
  179. package/scripts/generate-host-adapter.mjs +73 -0
  180. package/scripts/generate-host-runtime-evidence-handoff.mjs +206 -0
  181. package/scripts/generate-owner-external-gate-kit.mjs +295 -0
  182. package/scripts/generate-public-acceptance-handoff.mjs +168 -0
  183. package/scripts/generate-public-release-checklist.mjs +207 -0
  184. package/scripts/generate-release-bundle.mjs +505 -0
  185. package/scripts/generate-release-owner-action-plan.mjs +172 -0
  186. package/scripts/generate-release-status-manifest.mjs +200 -0
  187. package/scripts/generate-session-prompt.mjs +188 -0
  188. package/scripts/gse.mjs +67 -0
  189. package/scripts/init-change.mjs +265 -0
  190. package/scripts/init-project.mjs +785 -0
  191. package/scripts/install-gse.mjs +234 -0
  192. package/scripts/lib/evidence-placeholders.mjs +28 -0
  193. package/scripts/package-gse.mjs +174 -0
  194. package/scripts/probe-public-external-gates.mjs +167 -0
  195. package/scripts/record-host-invocation.mjs +151 -0
  196. package/scripts/record-learning.mjs +137 -0
  197. package/scripts/record-public-channel-publication.mjs +178 -0
  198. package/scripts/record-public-ci-run.mjs +180 -0
  199. package/scripts/record-public-release.mjs +175 -0
  200. package/scripts/record-public-repository-settings.mjs +209 -0
  201. package/scripts/record-public-security-contact.mjs +157 -0
  202. package/scripts/run-gse-command.mjs +538 -0
  203. package/scripts/run-validation-profile.mjs +146 -0
  204. package/scripts/sign-gse-package.mjs +83 -0
  205. package/scripts/update-project-state.mjs +223 -0
  206. package/scripts/validate-gse.mjs +1168 -0
  207. package/scripts/verify-gse-package.mjs +85 -0
@@ -0,0 +1,248 @@
1
+ #!/usr/bin/env node
2
+ import fs from 'node:fs'
3
+ import os from 'node:os'
4
+ import path from 'node:path'
5
+ import { spawnSync } from 'node:child_process'
6
+
7
+ const args = process.argv.slice(2)
8
+
9
+ function readArg(name, fallback = null) {
10
+ const index = args.indexOf(name)
11
+ if (index === -1) return fallback
12
+ return args[index + 1] ?? fallback
13
+ }
14
+
15
+ const root = path.resolve(readArg('--root', path.join(import.meta.dirname, '..')))
16
+ const jsonOnly = args.includes('--json')
17
+
18
+ function read(relativePath) {
19
+ const fullPath = path.join(root, relativePath)
20
+ return fs.existsSync(fullPath) ? fs.readFileSync(fullPath, 'utf8') : ''
21
+ }
22
+
23
+ function exists(relativePath) {
24
+ return fs.existsSync(path.join(root, relativePath))
25
+ }
26
+
27
+ function run(command, commandArgs, cwd = root) {
28
+ const result = spawnSync(command, commandArgs, {
29
+ cwd,
30
+ encoding: 'utf8',
31
+ windowsHide: true,
32
+ })
33
+ return {
34
+ status: result.status ?? 1,
35
+ stdout: (result.stdout ?? '').trim(),
36
+ stderr: (result.stderr ?? '').trim(),
37
+ command: [command, ...commandArgs].join(' '),
38
+ }
39
+ }
40
+
41
+ function parseJson(stdout) {
42
+ try {
43
+ return JSON.parse(stdout)
44
+ } catch {
45
+ return null
46
+ }
47
+ }
48
+
49
+ function check(id, label, ok, evidence, risk = '') {
50
+ return { id, label, status: ok ? 'passed' : 'failed', evidence, risk }
51
+ }
52
+
53
+ function createFixture() {
54
+ const fixture = fs.mkdtempSync(path.join(os.tmpdir(), 'gse-public-channel-publication-'))
55
+ fs.mkdirSync(path.join(fixture, '.gse', 'releases'), { recursive: true })
56
+ return fixture
57
+ }
58
+
59
+ const recordScript = path.join(root, 'scripts', 'record-public-channel-publication.mjs')
60
+ const template = read('assets/templates/public-channel-publication-record.md')
61
+ const publicRelease = read('references/public-release.md')
62
+ const marketplace = read('references/marketplace-discovery.md')
63
+ const packaging = read('references/packaging.md')
64
+ const finalReadiness = read('references/final-readiness.md')
65
+ const validate = read('scripts/validate-gse.mjs')
66
+
67
+ const fixture = exists('scripts/record-public-channel-publication.mjs') ? createFixture() : null
68
+ const pending = fixture ? run(process.execPath, [recordScript, '--root', fixture, '--publication-status', 'pending', '--dry-run', '--json']) : null
69
+ const registryOk = fixture ? run(process.execPath, [
70
+ recordScript,
71
+ '--root', fixture,
72
+ '--publication-status', 'accepted',
73
+ '--channel-type', 'package-registry',
74
+ '--channel-name', 'npm',
75
+ '--channel-url', 'https://registry.example/gse',
76
+ '--version', '1.0.0',
77
+ '--artifact-digest', 'sha256:fixture',
78
+ '--review-status', 'published',
79
+ '--evidence-owner', 'fixture-owner',
80
+ '--evidence-date', '2026-07-06',
81
+ '--evidence-url', 'https://registry.example/gse/1.0.0',
82
+ '--evidence-status', 'accepted',
83
+ '--accepted-by', 'fixture-owner',
84
+ '--accepted-at', '2026-07-06',
85
+ '--proves-registry-publication', 'true',
86
+ '--proves-channel-installability', 'true',
87
+ '--dry-run',
88
+ '--json',
89
+ ]) : null
90
+ const marketplaceOk = fixture ? run(process.execPath, [
91
+ recordScript,
92
+ '--root', fixture,
93
+ '--publication-status', 'accepted',
94
+ '--channel-type', 'marketplace',
95
+ '--channel-name', 'Example Marketplace',
96
+ '--channel-url', 'https://marketplace.example/gse',
97
+ '--version', '1.0.0',
98
+ '--review-status', 'approved',
99
+ '--evidence-owner', 'fixture-owner',
100
+ '--evidence-date', '2026-07-06',
101
+ '--evidence-url', 'https://marketplace.example/gse/review',
102
+ '--evidence-status', 'accepted',
103
+ '--accepted-by', 'fixture-owner',
104
+ '--accepted-at', '2026-07-06',
105
+ '--proves-marketplace-approval', 'true',
106
+ '--proves-channel-installability', 'true',
107
+ '--dry-run',
108
+ '--json',
109
+ ]) : null
110
+ const registryMissingInstallability = fixture ? run(process.execPath, [
111
+ recordScript,
112
+ '--root', fixture,
113
+ '--publication-status', 'accepted',
114
+ '--channel-type', 'package-registry',
115
+ '--channel-name', 'npm',
116
+ '--channel-url', 'https://registry.example/gse',
117
+ '--version', '1.0.0',
118
+ '--artifact-digest', 'sha256:fixture',
119
+ '--review-status', 'published',
120
+ '--evidence-owner', 'fixture-owner',
121
+ '--evidence-date', '2026-07-06',
122
+ '--evidence-url', 'https://registry.example/gse/1.0.0',
123
+ '--evidence-status', 'accepted',
124
+ '--accepted-by', 'fixture-owner',
125
+ '--accepted-at', '2026-07-06',
126
+ '--proves-registry-publication', 'true',
127
+ '--proves-channel-installability', 'false',
128
+ '--dry-run',
129
+ '--json',
130
+ ]) : null
131
+ const marketplaceMissingInstallability = fixture ? run(process.execPath, [
132
+ recordScript,
133
+ '--root', fixture,
134
+ '--publication-status', 'accepted',
135
+ '--channel-type', 'marketplace',
136
+ '--channel-name', 'Example Marketplace',
137
+ '--channel-url', 'https://marketplace.example/gse',
138
+ '--version', '1.0.0',
139
+ '--review-status', 'approved',
140
+ '--evidence-owner', 'fixture-owner',
141
+ '--evidence-date', '2026-07-06',
142
+ '--evidence-url', 'https://marketplace.example/gse/review',
143
+ '--evidence-status', 'accepted',
144
+ '--accepted-by', 'fixture-owner',
145
+ '--accepted-at', '2026-07-06',
146
+ '--proves-marketplace-approval', 'true',
147
+ '--proves-channel-installability', 'false',
148
+ '--dry-run',
149
+ '--json',
150
+ ]) : null
151
+ const acceptedMissing = fixture ? run(process.execPath, [recordScript, '--root', fixture, '--publication-status', 'accepted', '--evidence-status', 'pending', '--dry-run', '--json']) : null
152
+ const registryPlaceholderWrite = fixture ? run(process.execPath, [
153
+ recordScript,
154
+ '--root', fixture,
155
+ '--publication-status', 'accepted',
156
+ '--channel-type', 'package-registry',
157
+ '--channel-name', 'npm',
158
+ '--channel-url', 'https://registry.example/gse',
159
+ '--version', '1.0.0',
160
+ '--artifact-digest', 'sha256:fixture',
161
+ '--review-status', 'published',
162
+ '--evidence-owner', 'fixture-owner',
163
+ '--evidence-date', '2026-07-06',
164
+ '--evidence-url', 'https://registry.example/gse/1.0.0',
165
+ '--evidence-status', 'accepted',
166
+ '--accepted-by', 'fixture-owner',
167
+ '--accepted-at', '2026-07-06',
168
+ '--proves-registry-publication', 'true',
169
+ '--proves-channel-installability', 'true',
170
+ '--json',
171
+ ]) : null
172
+
173
+ const pendingData = pending ? parseJson(pending.stdout) : null
174
+ const registryOkData = registryOk ? parseJson(registryOk.stdout) : null
175
+ const marketplaceOkData = marketplaceOk ? parseJson(marketplaceOk.stdout) : null
176
+ const registryMissingInstallabilityData = registryMissingInstallability ? parseJson(registryMissingInstallability.stdout) : null
177
+ const marketplaceMissingInstallabilityData = marketplaceMissingInstallability ? parseJson(marketplaceMissingInstallability.stdout) : null
178
+ const acceptedMissingData = acceptedMissing ? parseJson(acceptedMissing.stdout) : null
179
+ const registryPlaceholderWriteData = registryPlaceholderWrite ? parseJson(registryPlaceholderWrite.stdout) : null
180
+
181
+ const checks = [
182
+ check('PCP01', 'public channel publication record command exists', exists('scripts/record-public-channel-publication.mjs'), 'scripts/record-public-channel-publication.mjs'),
183
+ check('PCP02', 'public channel publication template exists', exists('assets/templates/public-channel-publication-record.md') && template.includes('Channel type') && template.includes('Does this prove public registry publication?'), 'assets/templates/public-channel-publication-record.md'),
184
+ check('PCP03', 'pending publication path remains writable without external proof', pending?.status === 0 && pendingData?.status === 'ready' && pendingData?.publicationStatus === 'pending' && pendingData?.evidenceStatus === 'pending', 'record-public-channel-publication pending dry-run'),
185
+ check('PCP04', 'accepted registry path requires and accepts digest/publication evidence', registryOk?.status === 0 && registryOkData?.status === 'ready' && registryOkData?.channelType === 'package-registry' && registryOkData?.evidenceStatus === 'accepted', 'record-public-channel-publication package-registry dry-run'),
186
+ check('PCP05', 'accepted marketplace path requires and accepts approval evidence', marketplaceOk?.status === 0 && marketplaceOkData?.status === 'ready' && marketplaceOkData?.channelType === 'marketplace' && marketplaceOkData?.evidenceStatus === 'accepted', 'record-public-channel-publication marketplace dry-run'),
187
+ check('PCP06', 'accepted registry path rejects missing channel installability proof', registryMissingInstallability?.status !== 0 && registryMissingInstallabilityData?.status === 'failed' && registryMissingInstallabilityData?.errors?.some((item) => item.includes('--proves-channel-installability true')), 'record-public-channel-publication package-registry installability guard'),
188
+ check('PCP07', 'accepted marketplace path rejects missing channel installability proof', marketplaceMissingInstallability?.status !== 0 && marketplaceMissingInstallabilityData?.status === 'failed' && marketplaceMissingInstallabilityData?.errors?.some((item) => item.includes('--proves-channel-installability true')), 'record-public-channel-publication marketplace installability guard'),
189
+ check('PCP08', 'accepted publication rejects missing external evidence', acceptedMissing?.status !== 0 && acceptedMissingData?.status === 'failed' && acceptedMissingData?.errors?.some((item) => item.includes('--channel-url')) && acceptedMissingData?.errors?.some((item) => item.includes('--accepted-by')) && acceptedMissingData?.errors?.some((item) => item.includes('--evidence-status accepted')), 'record-public-channel-publication accepted missing-fields dry-run'),
190
+ check('PCP09', 'accepted publication real write rejects placeholder or example evidence', registryPlaceholderWrite?.status !== 0 && registryPlaceholderWriteData?.status === 'failed' && registryPlaceholderWriteData?.errors?.some((item) => item.includes('not a placeholder')), 'record-public-channel-publication accepted placeholder write'),
191
+ check('PCP10', 'public release docs reference channel publication evidence', publicRelease.includes('Public channel publication') && publicRelease.includes('record-public-channel-publication.mjs'), 'references/public-release.md'),
192
+ check('PCP11', 'marketplace and packaging docs keep approval/publication external', marketplace.includes('Discovery metadata is not marketplace approval') && packaging.includes('It still does not publish GSE'), 'references/marketplace-discovery.md, references/packaging.md'),
193
+ check('PCP12', 'final readiness matrix includes public channel publication record', finalReadiness.includes('Public channel publication record') && finalReadiness.includes('Public registry publication') && finalReadiness.includes('Marketplace approval'), 'references/final-readiness.md'),
194
+ check('PCP13', 'consolidated validator includes public channel publication audit', validate.includes('audit-public-channel-publication.mjs'), 'scripts/validate-gse.mjs'),
195
+ ]
196
+
197
+ const passed = checks.filter((item) => item.status === 'passed').length
198
+ const failed = checks.length - passed
199
+ const report = {
200
+ root,
201
+ generatedAt: new Date().toISOString(),
202
+ fixtureRoot: fixture,
203
+ summary: { status: failed === 0 ? 'passed' : 'failed', passed, failed, total: checks.length },
204
+ workflows: {
205
+ publicChannelPublication: failed === 0 ? 'verified' : 'failed',
206
+ acceptedRegistryPublication: registryOkData?.status === 'ready' ? 'fixture-verified' : 'not-verified',
207
+ acceptedMarketplaceApproval: marketplaceOkData?.status === 'ready' ? 'fixture-verified' : 'not-verified',
208
+ },
209
+ limits: [
210
+ 'This audit verifies record mechanics and guardrails for public channel publication evidence.',
211
+ 'It does not publish to a registry, approve a marketplace listing, or prove public installability.',
212
+ 'Accepted publication still requires real external evidence from the chosen channel.',
213
+ ],
214
+ checks,
215
+ }
216
+
217
+ function renderMarkdown(data) {
218
+ const lines = []
219
+ lines.push('# GSE Public Channel Publication Audit')
220
+ lines.push('')
221
+ lines.push('Generated: ' + data.generatedAt)
222
+ lines.push('Root: ' + data.root)
223
+ lines.push('')
224
+ lines.push('## Summary')
225
+ lines.push('')
226
+ lines.push('- Status: ' + data.summary.status)
227
+ lines.push('- Checks: ' + data.summary.passed + '/' + data.summary.total)
228
+ lines.push('- Public channel publication: ' + data.workflows.publicChannelPublication)
229
+ lines.push('- Accepted registry publication path: ' + data.workflows.acceptedRegistryPublication)
230
+ lines.push('- Accepted marketplace approval path: ' + data.workflows.acceptedMarketplaceApproval)
231
+ lines.push('')
232
+ lines.push('## Checks')
233
+ lines.push('')
234
+ for (const item of data.checks) {
235
+ const marker = item.status === 'passed' ? '[x]' : '[ ]'
236
+ lines.push('- ' + marker + ' ' + item.id + ' ' + item.label + ': ' + item.evidence)
237
+ }
238
+ lines.push('')
239
+ lines.push('## Limits')
240
+ lines.push('')
241
+ for (const item of data.limits) lines.push('- ' + item)
242
+ return lines.join('\n') + '\n'
243
+ }
244
+
245
+ if (jsonOnly) console.log(JSON.stringify(report, null, 2))
246
+ else console.log(renderMarkdown(report))
247
+
248
+ if (failed > 0) process.exit(1)
@@ -0,0 +1,184 @@
1
+ #!/usr/bin/env node
2
+ import fs from 'node:fs'
3
+ import os from 'node:os'
4
+ import path from 'node:path'
5
+ import { spawnSync } from 'node:child_process'
6
+
7
+ const args = process.argv.slice(2)
8
+
9
+ function readArg(name, fallback = null) {
10
+ const index = args.indexOf(name)
11
+ if (index === -1) return fallback
12
+ return args[index + 1] ?? fallback
13
+ }
14
+
15
+ const root = path.resolve(readArg('--root', path.join(import.meta.dirname, '..')))
16
+ const jsonOnly = args.includes('--json')
17
+
18
+ function read(relativePath) {
19
+ const fullPath = path.join(root, relativePath)
20
+ return fs.existsSync(fullPath) ? fs.readFileSync(fullPath, 'utf8') : ''
21
+ }
22
+
23
+ function exists(relativePath) {
24
+ return fs.existsSync(path.join(root, relativePath))
25
+ }
26
+
27
+ function run(command, commandArgs, cwd = root) {
28
+ const result = spawnSync(command, commandArgs, {
29
+ cwd,
30
+ encoding: 'utf8',
31
+ windowsHide: true,
32
+ })
33
+ return {
34
+ status: result.status ?? 1,
35
+ stdout: (result.stdout ?? '').trim(),
36
+ stderr: (result.stderr ?? '').trim(),
37
+ command: [command, ...commandArgs].join(' '),
38
+ }
39
+ }
40
+
41
+ function parseJson(stdout) {
42
+ try {
43
+ return JSON.parse(stdout)
44
+ } catch {
45
+ return null
46
+ }
47
+ }
48
+
49
+ function check(id, label, ok, evidence, risk = '') {
50
+ return { id, label, status: ok ? 'passed' : 'failed', evidence, risk }
51
+ }
52
+
53
+ function createFixture() {
54
+ const fixture = fs.mkdtempSync(path.join(os.tmpdir(), 'gse-public-ci-run-'))
55
+ fs.mkdirSync(path.join(fixture, '.gse', 'releases'), { recursive: true })
56
+ fs.mkdirSync(path.join(fixture, '.github', 'workflows'), { recursive: true })
57
+ fs.writeFileSync(path.join(fixture, '.github', 'workflows', 'validate-gse.yml'), 'name: Validate GSE\n', 'utf8')
58
+ return fixture
59
+ }
60
+
61
+ const recordScript = path.join(root, 'scripts', 'record-public-ci-run.mjs')
62
+ const template = read('assets/templates/public-ci-run-record.md')
63
+ const publicRelease = read('references/public-release.md')
64
+ const finalReadiness = read('references/final-readiness.md')
65
+ const validate = read('scripts/validate-gse.mjs')
66
+
67
+ const fixture = exists('scripts/record-public-ci-run.mjs') ? createFixture() : null
68
+ const pending = fixture ? run(process.execPath, [recordScript, '--root', fixture, '--run-status', 'pending', '--dry-run', '--json']) : null
69
+ const acceptedOk = fixture ? run(process.execPath, [
70
+ recordScript,
71
+ '--root', fixture,
72
+ '--run-status', 'accepted',
73
+ '--run-conclusion', 'success',
74
+ '--repository-url', 'https://github.com/example/gse',
75
+ '--workflow-name', 'Validate GSE',
76
+ '--workflow-file', '.github/workflows/validate-gse.yml',
77
+ '--run-url', 'https://github.com/example/gse/actions/runs/123',
78
+ '--commit-sha', '0123456789abcdef0123456789abcdef01234567',
79
+ '--branch', 'main',
80
+ '--required-checks', 'Validate GSE',
81
+ '--evidence-owner', 'fixture-owner',
82
+ '--evidence-date', '2026-07-06',
83
+ '--evidence-url', 'https://github.com/example/gse/actions/runs/123',
84
+ '--evidence-status', 'accepted',
85
+ '--accepted-by', 'fixture-owner',
86
+ '--accepted-at', '2026-07-06',
87
+ '--proves-public-ci-run', 'true',
88
+ '--proves-required-checks', 'true',
89
+ '--proves-release-commit', 'true',
90
+ '--dry-run',
91
+ '--json',
92
+ ]) : null
93
+ const acceptedMissing = fixture ? run(process.execPath, [recordScript, '--root', fixture, '--run-status', 'accepted', '--run-conclusion', 'failure', '--evidence-status', 'pending', '--dry-run', '--json']) : null
94
+ const acceptedPlaceholderWrite = fixture ? run(process.execPath, [
95
+ recordScript,
96
+ '--root', fixture,
97
+ '--run-status', 'accepted',
98
+ '--run-conclusion', 'success',
99
+ '--repository-url', 'https://github.com/example/gse',
100
+ '--workflow-name', 'Validate GSE',
101
+ '--workflow-file', '.github/workflows/validate-gse.yml',
102
+ '--run-url', 'https://github.com/example/gse/actions/runs/123',
103
+ '--commit-sha', '0123456789abcdef0123456789abcdef01234567',
104
+ '--branch', 'main',
105
+ '--required-checks', 'Validate GSE',
106
+ '--evidence-owner', 'fixture-owner',
107
+ '--evidence-date', '2026-07-06',
108
+ '--evidence-url', 'https://github.com/example/gse/actions/runs/123',
109
+ '--evidence-status', 'accepted',
110
+ '--accepted-by', 'fixture-owner',
111
+ '--accepted-at', '2026-07-06',
112
+ '--proves-public-ci-run', 'true',
113
+ '--proves-required-checks', 'true',
114
+ '--proves-release-commit', 'true',
115
+ '--json',
116
+ ]) : null
117
+
118
+ const pendingData = pending ? parseJson(pending.stdout) : null
119
+ const acceptedOkData = acceptedOk ? parseJson(acceptedOk.stdout) : null
120
+ const acceptedMissingData = acceptedMissing ? parseJson(acceptedMissing.stdout) : null
121
+ const acceptedPlaceholderWriteData = acceptedPlaceholderWrite ? parseJson(acceptedPlaceholderWrite.stdout) : null
122
+
123
+ const checks = [
124
+ check('PCR01', 'public CI run record command exists', exists('scripts/record-public-ci-run.mjs'), 'scripts/record-public-ci-run.mjs'),
125
+ check('PCR02', 'public CI run template exists', exists('assets/templates/public-ci-run-record.md') && template.includes('Run URL') && template.includes('Does this prove a public CI run?'), 'assets/templates/public-ci-run-record.md'),
126
+ check('PCR03', 'pending CI run path remains writable without external proof', pending?.status === 0 && pendingData?.status === 'ready' && pendingData?.runStatus === 'pending' && pendingData?.evidenceStatus === 'pending', 'record-public-ci-run pending dry-run'),
127
+ check('PCR04', 'accepted CI run path accepts complete public run evidence', acceptedOk?.status === 0 && acceptedOkData?.status === 'ready' && acceptedOkData?.runStatus === 'accepted' && acceptedOkData?.runConclusion === 'success' && acceptedOkData?.evidenceStatus === 'accepted', 'record-public-ci-run accepted dry-run'),
128
+ check('PCR05', 'accepted CI run rejects missing external evidence or failed conclusion', acceptedMissing?.status !== 0 && acceptedMissingData?.status === 'failed' && acceptedMissingData?.errors?.some((item) => item.includes('--run-url')) && acceptedMissingData?.errors?.some((item) => item.includes('--run-conclusion success')) && acceptedMissingData?.errors?.some((item) => item.includes('--evidence-status accepted')), 'record-public-ci-run accepted missing-fields dry-run'),
129
+ check('PCR06', 'accepted CI run real write rejects placeholder or example evidence', acceptedPlaceholderWrite?.status !== 0 && acceptedPlaceholderWriteData?.status === 'failed' && acceptedPlaceholderWriteData?.errors?.some((item) => item.includes('not a placeholder')), 'record-public-ci-run accepted placeholder write'),
130
+ check('PCR07', 'public release docs reference public CI run evidence', publicRelease.includes('Public CI run') && publicRelease.includes('record-public-ci-run.mjs'), 'references/public-release.md'),
131
+ check('PCR08', 'final readiness matrix includes public CI run record and external CI run gate', finalReadiness.includes('Public CI run record') && finalReadiness.includes('Public CI run'), 'references/final-readiness.md'),
132
+ check('PCR09', 'consolidated validator includes public CI run audit', validate.includes('audit-public-ci-run.mjs'), 'scripts/validate-gse.mjs'),
133
+ ]
134
+
135
+ const passed = checks.filter((item) => item.status === 'passed').length
136
+ const failed = checks.length - passed
137
+ const report = {
138
+ root,
139
+ generatedAt: new Date().toISOString(),
140
+ fixtureRoot: fixture,
141
+ summary: { status: failed === 0 ? 'passed' : 'failed', passed, failed, total: checks.length },
142
+ workflows: {
143
+ publicCiRunRecord: failed === 0 ? 'verified' : 'failed',
144
+ acceptedPublicCiRun: acceptedOkData?.status === 'ready' ? 'fixture-verified' : 'not-verified',
145
+ },
146
+ limits: [
147
+ 'This audit verifies record mechanics and guardrails for public CI run evidence.',
148
+ 'It does not run GitHub Actions, configure required checks, or prove a real public CI run.',
149
+ 'Accepted public CI still requires real external evidence from the public repository.',
150
+ ],
151
+ checks,
152
+ }
153
+
154
+ function renderMarkdown(data) {
155
+ const lines = []
156
+ lines.push('# GSE Public CI Run Audit')
157
+ lines.push('')
158
+ lines.push('Generated: ' + data.generatedAt)
159
+ lines.push('Root: ' + data.root)
160
+ lines.push('')
161
+ lines.push('## Summary')
162
+ lines.push('')
163
+ lines.push('- Status: ' + data.summary.status)
164
+ lines.push('- Checks: ' + data.summary.passed + '/' + data.summary.total)
165
+ lines.push('- Public CI run record: ' + data.workflows.publicCiRunRecord)
166
+ lines.push('- Accepted public CI run path: ' + data.workflows.acceptedPublicCiRun)
167
+ lines.push('')
168
+ lines.push('## Checks')
169
+ lines.push('')
170
+ for (const item of data.checks) {
171
+ const marker = item.status === 'passed' ? '[x]' : '[ ]'
172
+ lines.push('- ' + marker + ' ' + item.id + ' ' + item.label + ': ' + item.evidence)
173
+ }
174
+ lines.push('')
175
+ lines.push('## Limits')
176
+ lines.push('')
177
+ for (const item of data.limits) lines.push('- ' + item)
178
+ return lines.join('\n') + '\n'
179
+ }
180
+
181
+ if (jsonOnly) console.log(JSON.stringify(report, null, 2))
182
+ else console.log(renderMarkdown(report))
183
+
184
+ if (failed > 0) process.exit(1)
@@ -0,0 +1,98 @@
1
+ #!/usr/bin/env node
2
+ import fs from 'node:fs'
3
+ import path from 'node:path'
4
+
5
+ const args = process.argv.slice(2)
6
+
7
+ function readArg(name, fallback = null) {
8
+ const index = args.indexOf(name)
9
+ if (index === -1) return fallback
10
+ return args[index + 1] ?? fallback
11
+ }
12
+
13
+ const root = path.resolve(readArg('--root', path.join(import.meta.dirname, '..')))
14
+ const jsonOnly = args.includes('--json')
15
+
16
+ function read(relativePath) {
17
+ const fullPath = path.join(root, relativePath)
18
+ return fs.existsSync(fullPath) ? fs.readFileSync(fullPath, 'utf8') : ''
19
+ }
20
+
21
+ function exists(relativePath) {
22
+ return fs.existsSync(path.join(root, relativePath))
23
+ }
24
+
25
+ function check(id, label, ok, evidence, risk = '') {
26
+ return { id, label, status: ok ? 'passed' : 'failed', evidence, risk }
27
+ }
28
+
29
+ const pr = read('.github/PULL_REQUEST_TEMPLATE.md')
30
+ const bug = read('.github/ISSUE_TEMPLATE/bug_report.yml')
31
+ const change = read('.github/ISSUE_TEMPLATE/change_request.yml')
32
+ const config = read('.github/ISSUE_TEMPLATE/config.yml')
33
+ const openSourceAudit = read('scripts/audit-open-source-readiness.mjs')
34
+ const validate = read('scripts/validate-gse.mjs')
35
+
36
+ const prTerms = ['## Outcome', '## Scope', '## Acceptance', '## Evidence', '## Risk', '## Claim Boundary', 'validate-gse.mjs']
37
+ const bugTerms = ['Outcome', 'Actual behavior', 'Reproduction', 'Evidence', 'Risk and claim boundary', 'needs-evidence']
38
+ const changeTerms = ['Goal', 'Spec', 'Task level', 'Tool or host impact', 'Proposed evidence', 'needs-spec']
39
+
40
+ const checks = [
41
+ check('PCT01', 'pull request template exists', exists('.github/PULL_REQUEST_TEMPLATE.md'), '.github/PULL_REQUEST_TEMPLATE.md'),
42
+ check('PCT02', 'pull request template requires GSE evidence fields', prTerms.every((term) => pr.includes(term)), prTerms.join(', ')),
43
+ check('PCT03', 'bug report template exists', exists('.github/ISSUE_TEMPLATE/bug_report.yml'), '.github/ISSUE_TEMPLATE/bug_report.yml'),
44
+ check('PCT04', 'bug report requires reproduction, evidence, and claim boundary', bugTerms.every((term) => bug.includes(term)), bugTerms.join(', ')),
45
+ check('PCT05', 'change request template exists', exists('.github/ISSUE_TEMPLATE/change_request.yml'), '.github/ISSUE_TEMPLATE/change_request.yml'),
46
+ check('PCT06', 'change request requires spec, level, tool impact, and proposed evidence', changeTerms.every((term) => change.includes(term)), changeTerms.join(', ')),
47
+ check('PCT07', 'blank issues are disabled until templates capture evidence', config.includes('blank_issues_enabled: false'), '.github/ISSUE_TEMPLATE/config.yml'),
48
+ check('PCT08', 'templates avoid fake public contact or repository URL claims', config.includes('placeholder URL') && !config.includes('mailto:'), 'config keeps public URL owner-approved'),
49
+ check('PCT09', 'open-source readiness audit includes collaboration templates', openSourceAudit.includes('audit-public-collaboration-templates.mjs') || openSourceAudit.includes('PULL_REQUEST_TEMPLATE.md'), 'scripts/audit-open-source-readiness.mjs'),
50
+ check('PCT10', 'consolidated validator includes collaboration template audit', validate.includes('audit-public-collaboration-templates.mjs'), 'scripts/validate-gse.mjs'),
51
+ ]
52
+
53
+ const passed = checks.filter((item) => item.status === 'passed').length
54
+ const failed = checks.length - passed
55
+ const report = {
56
+ root,
57
+ generatedAt: new Date().toISOString(),
58
+ summary: { status: failed === 0 ? 'passed' : 'failed', passed, failed, total: checks.length },
59
+ workflows: {
60
+ publicCollaborationTemplates: failed === 0 ? 'verified' : 'failed',
61
+ },
62
+ limits: [
63
+ 'This audit verifies local GitHub collaboration templates.',
64
+ 'It does not prove public repository issue settings, public URL ownership, maintainer response policy, or marketplace support.',
65
+ ],
66
+ checks,
67
+ }
68
+
69
+ function renderMarkdown(data) {
70
+ const lines = []
71
+ lines.push('# GSE Public Collaboration Template Audit')
72
+ lines.push('')
73
+ lines.push('Generated: ' + data.generatedAt)
74
+ lines.push('Root: ' + data.root)
75
+ lines.push('')
76
+ lines.push('## Summary')
77
+ lines.push('')
78
+ lines.push('- Status: ' + data.summary.status)
79
+ lines.push('- Checks: ' + data.summary.passed + '/' + data.summary.total)
80
+ lines.push('- Public collaboration templates: ' + data.workflows.publicCollaborationTemplates)
81
+ lines.push('')
82
+ lines.push('## Checks')
83
+ lines.push('')
84
+ for (const item of data.checks) {
85
+ const marker = item.status === 'passed' ? '[x]' : '[ ]'
86
+ lines.push('- ' + marker + ' ' + item.id + ' ' + item.label + ': ' + item.evidence)
87
+ }
88
+ lines.push('')
89
+ lines.push('## Limits')
90
+ lines.push('')
91
+ for (const item of data.limits) lines.push('- ' + item)
92
+ return lines.join('\n') + '\n'
93
+ }
94
+
95
+ if (jsonOnly) console.log(JSON.stringify(report, null, 2))
96
+ else console.log(renderMarkdown(report))
97
+
98
+ if (failed > 0) process.exit(1)