@t275005746/gse 0.1.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (207) hide show
  1. package/.github/ISSUE_TEMPLATE/bug_report.yml +42 -0
  2. package/.github/ISSUE_TEMPLATE/change_request.yml +50 -0
  3. package/.github/ISSUE_TEMPLATE/config.yml +5 -0
  4. package/.github/PULL_REQUEST_TEMPLATE.md +38 -0
  5. package/.github/workflows/validate-gse.yml +33 -0
  6. package/.gse/README.md +18 -0
  7. package/.gse/gse-development-protocol.md +50 -0
  8. package/.gse/project-profile.md +29 -0
  9. package/.gse/quality-gates.md +25 -0
  10. package/.gse/releases/public-channel-publication-pending.md +49 -0
  11. package/.gse/releases/public-ci-run-pending.md +53 -0
  12. package/.gse/releases/public-release-owner-required.md +65 -0
  13. package/.gse/releases/public-repository-settings-owner-required.md +59 -0
  14. package/.gse/releases/public-security-contact-owner-required.md +45 -0
  15. package/.gse/state.json +27 -0
  16. package/CHANGELOG.md +24 -0
  17. package/CONTRIBUTING.md +64 -0
  18. package/LICENSE +21 -0
  19. package/README.md +236 -0
  20. package/README.zh-CN.md +236 -0
  21. package/SECURITY.md +41 -0
  22. package/SKILL.md +148 -0
  23. package/SUPPORT.md +38 -0
  24. package/agents/openai.yaml +4 -0
  25. package/assets/marketplace/README.md +7 -0
  26. package/assets/marketplace/gse-listing.json +75 -0
  27. package/assets/templates/acceptance-execution-packet.md +73 -0
  28. package/assets/templates/adr.md +14 -0
  29. package/assets/templates/change-brief.md +16 -0
  30. package/assets/templates/design.md +18 -0
  31. package/assets/templates/dispatch-packet.md +104 -0
  32. package/assets/templates/evidence.md +14 -0
  33. package/assets/templates/execution-quality-pack.md +65 -0
  34. package/assets/templates/goal-map.md +21 -0
  35. package/assets/templates/host-adapter.md +48 -0
  36. package/assets/templates/host-ui-invocation-record.md +42 -0
  37. package/assets/templates/incident-review.md +60 -0
  38. package/assets/templates/public-channel-publication-record.md +49 -0
  39. package/assets/templates/public-ci-run-record.md +53 -0
  40. package/assets/templates/public-release-record.md +65 -0
  41. package/assets/templates/public-repository-settings-record.md +59 -0
  42. package/assets/templates/public-security-contact-record.md +45 -0
  43. package/assets/templates/release-trust-record.md +32 -0
  44. package/assets/templates/review.md +18 -0
  45. package/assets/templates/spec.md +16 -0
  46. package/assets/templates/target-adoption-evidence.md +29 -0
  47. package/assets/templates/tasks.md +17 -0
  48. package/assets/templates/update-release-acceptance-record.md +58 -0
  49. package/examples/README.md +22 -0
  50. package/examples/agent-runtime-host/.claude/gse-adapter.md +6 -0
  51. package/examples/agent-runtime-host/.codex/gse-adapter.md +7 -0
  52. package/examples/agent-runtime-host/.gse/goal-map.md +7 -0
  53. package/examples/agent-runtime-host/.gse/project-profile.md +27 -0
  54. package/examples/agent-runtime-host/.gse/tooling.md +5 -0
  55. package/examples/agent-runtime-host/.mcp.json +9 -0
  56. package/examples/agent-runtime-host/AGENTS.md +5 -0
  57. package/examples/agent-runtime-host/README.md +10 -0
  58. package/examples/agent-runtime-host/docs/model-routing.md +5 -0
  59. package/examples/cli-tool/.gse/project-profile.md +21 -0
  60. package/examples/cli-tool/AGENTS.md +5 -0
  61. package/examples/cli-tool/README.md +12 -0
  62. package/examples/cli-tool/package.json +21 -0
  63. package/examples/small-app/.env.example +2 -0
  64. package/examples/small-app/.github/workflows/ci.yml +8 -0
  65. package/examples/small-app/AGENTS.md +5 -0
  66. package/examples/small-app/README.md +12 -0
  67. package/examples/small-app/package.json +26 -0
  68. package/examples/small-app/playwright.config.ts +4 -0
  69. package/package.json +53 -0
  70. package/references/adoption-recipes.md +171 -0
  71. package/references/agent-roles.md +49 -0
  72. package/references/architecture-health.md +101 -0
  73. package/references/benchmark-audit.md +73 -0
  74. package/references/commands.md +295 -0
  75. package/references/community-channels.md +46 -0
  76. package/references/compatibility.md +70 -0
  77. package/references/design-basis.md +38 -0
  78. package/references/domain-model.md +129 -0
  79. package/references/domain-quality-gates.md +75 -0
  80. package/references/drift-audit.md +81 -0
  81. package/references/evidence-taxonomy.md +123 -0
  82. package/references/file-ownership.md +107 -0
  83. package/references/final-readiness.md +84 -0
  84. package/references/forward-test.md +133 -0
  85. package/references/goal-map.md +36 -0
  86. package/references/host-adapters.md +119 -0
  87. package/references/learning-system.md +35 -0
  88. package/references/marketplace-discovery.md +46 -0
  89. package/references/model-routing.md +103 -0
  90. package/references/open-source-defaults.md +39 -0
  91. package/references/operating-model.md +52 -0
  92. package/references/packaging.md +277 -0
  93. package/references/project-agent-workspace.md +89 -0
  94. package/references/project-bootstrap.md +122 -0
  95. package/references/project-profile.md +57 -0
  96. package/references/public-release.md +174 -0
  97. package/references/quality-gates.md +100 -0
  98. package/references/recovery.md +176 -0
  99. package/references/release-trust.md +43 -0
  100. package/references/release.md +126 -0
  101. package/references/review.md +141 -0
  102. package/references/router.md +90 -0
  103. package/references/spec-workflow.md +66 -0
  104. package/references/task-levels.md +81 -0
  105. package/references/tool-adapters.md +73 -0
  106. package/scripts/audit-acceptance-execution-packet.mjs +133 -0
  107. package/scripts/audit-adoption-recipes.mjs +99 -0
  108. package/scripts/audit-adoption.mjs +154 -0
  109. package/scripts/audit-change-lifecycle.mjs +77 -0
  110. package/scripts/audit-change-system.mjs +134 -0
  111. package/scripts/audit-ci-readiness.mjs +107 -0
  112. package/scripts/audit-close-gate.mjs +323 -0
  113. package/scripts/audit-command-adapters.mjs +91 -0
  114. package/scripts/audit-command-execution.mjs +210 -0
  115. package/scripts/audit-commands.mjs +117 -0
  116. package/scripts/audit-compatibility.mjs +149 -0
  117. package/scripts/audit-completion-readiness.mjs +292 -0
  118. package/scripts/audit-distribution.mjs +251 -0
  119. package/scripts/audit-domain-quality-gates.mjs +108 -0
  120. package/scripts/audit-evidence-placeholders.mjs +126 -0
  121. package/scripts/audit-final-acceptance-packet.mjs +148 -0
  122. package/scripts/audit-final-form-progress-report.mjs +161 -0
  123. package/scripts/audit-final-form-stale-copy.mjs +221 -0
  124. package/scripts/audit-final-readiness-promotion.mjs +255 -0
  125. package/scripts/audit-final-readiness.mjs +226 -0
  126. package/scripts/audit-fixtures.mjs +154 -0
  127. package/scripts/audit-fresh-session-readiness.mjs +177 -0
  128. package/scripts/audit-gse.mjs +275 -0
  129. package/scripts/audit-host-adapters.mjs +119 -0
  130. package/scripts/audit-host-runtime-evidence-handoff.mjs +159 -0
  131. package/scripts/audit-host-runtime-invocation-drill.mjs +240 -0
  132. package/scripts/audit-host-runtime-invocations.mjs +254 -0
  133. package/scripts/audit-host-ui-invocation.mjs +132 -0
  134. package/scripts/audit-learning-system.mjs +103 -0
  135. package/scripts/audit-local-final-form-completion.mjs +131 -0
  136. package/scripts/audit-marketplace-discovery.mjs +122 -0
  137. package/scripts/audit-npm-package-metadata.mjs +155 -0
  138. package/scripts/audit-npm-publish-dry-run.mjs +169 -0
  139. package/scripts/audit-npm-tarball-install.mjs +191 -0
  140. package/scripts/audit-open-source-defaults.mjs +92 -0
  141. package/scripts/audit-open-source-readiness.mjs +97 -0
  142. package/scripts/audit-owner-external-gate-kit.mjs +218 -0
  143. package/scripts/audit-project.mjs +323 -0
  144. package/scripts/audit-public-acceptance-command-dry-run-drill.mjs +203 -0
  145. package/scripts/audit-public-acceptance-handoff.mjs +142 -0
  146. package/scripts/audit-public-acceptance-readiness.mjs +224 -0
  147. package/scripts/audit-public-channel-publication.mjs +248 -0
  148. package/scripts/audit-public-ci-run.mjs +184 -0
  149. package/scripts/audit-public-collaboration-templates.mjs +98 -0
  150. package/scripts/audit-public-external-gate-probe.mjs +206 -0
  151. package/scripts/audit-public-release-checklist.mjs +133 -0
  152. package/scripts/audit-public-release-decision.mjs +201 -0
  153. package/scripts/audit-public-release-metadata.mjs +176 -0
  154. package/scripts/audit-public-repository-settings.mjs +237 -0
  155. package/scripts/audit-public-security-contact.mjs +171 -0
  156. package/scripts/audit-readme-docs.mjs +185 -0
  157. package/scripts/audit-recovery-readiness.mjs +98 -0
  158. package/scripts/audit-release-bundle.mjs +251 -0
  159. package/scripts/audit-release-owner-action-plan-drill.mjs +277 -0
  160. package/scripts/audit-release-owner-action-plan.mjs +164 -0
  161. package/scripts/audit-release-readiness.mjs +106 -0
  162. package/scripts/audit-release-status-manifest.mjs +165 -0
  163. package/scripts/audit-release-trust.mjs +62 -0
  164. package/scripts/audit-remote-distribution.mjs +266 -0
  165. package/scripts/audit-roadmap-consistency.mjs +235 -0
  166. package/scripts/audit-signing.mjs +147 -0
  167. package/scripts/audit-state-freshness.mjs +113 -0
  168. package/scripts/audit-target-adoption-evidence.mjs +117 -0
  169. package/scripts/audit-target-project.mjs +507 -0
  170. package/scripts/audit-update-release-acceptance.mjs +136 -0
  171. package/scripts/audit-v1-target-validation.mjs +269 -0
  172. package/scripts/audit-validation-profiles.mjs +125 -0
  173. package/scripts/close-change.mjs +116 -0
  174. package/scripts/discover-project-profile.mjs +307 -0
  175. package/scripts/forward-test-gse.mjs +146 -0
  176. package/scripts/generate-command-adapter.mjs +231 -0
  177. package/scripts/generate-final-acceptance-packet.mjs +181 -0
  178. package/scripts/generate-final-form-progress-report.mjs +205 -0
  179. package/scripts/generate-host-adapter.mjs +73 -0
  180. package/scripts/generate-host-runtime-evidence-handoff.mjs +206 -0
  181. package/scripts/generate-owner-external-gate-kit.mjs +295 -0
  182. package/scripts/generate-public-acceptance-handoff.mjs +168 -0
  183. package/scripts/generate-public-release-checklist.mjs +207 -0
  184. package/scripts/generate-release-bundle.mjs +505 -0
  185. package/scripts/generate-release-owner-action-plan.mjs +172 -0
  186. package/scripts/generate-release-status-manifest.mjs +200 -0
  187. package/scripts/generate-session-prompt.mjs +188 -0
  188. package/scripts/gse.mjs +67 -0
  189. package/scripts/init-change.mjs +265 -0
  190. package/scripts/init-project.mjs +785 -0
  191. package/scripts/install-gse.mjs +234 -0
  192. package/scripts/lib/evidence-placeholders.mjs +28 -0
  193. package/scripts/package-gse.mjs +174 -0
  194. package/scripts/probe-public-external-gates.mjs +167 -0
  195. package/scripts/record-host-invocation.mjs +151 -0
  196. package/scripts/record-learning.mjs +137 -0
  197. package/scripts/record-public-channel-publication.mjs +178 -0
  198. package/scripts/record-public-ci-run.mjs +180 -0
  199. package/scripts/record-public-release.mjs +175 -0
  200. package/scripts/record-public-repository-settings.mjs +209 -0
  201. package/scripts/record-public-security-contact.mjs +157 -0
  202. package/scripts/run-gse-command.mjs +538 -0
  203. package/scripts/run-validation-profile.mjs +146 -0
  204. package/scripts/sign-gse-package.mjs +83 -0
  205. package/scripts/update-project-state.mjs +223 -0
  206. package/scripts/validate-gse.mjs +1168 -0
  207. package/scripts/verify-gse-package.mjs +85 -0
@@ -0,0 +1,5 @@
1
+ # CLI Tool Fixture Rules
2
+
3
+ - Preserve package scripts and release notes when adopting GSE.
4
+ - Treat `bin` entries and publish scripts as documented until a focused smoke runs.
5
+ - Do not claim package publishing, npm access, shell completion, or global install support without evidence.
@@ -0,0 +1,12 @@
1
+ # cli-tool fixture
2
+
3
+ Purpose: representative command-line package shape for GSE adoption tests.
4
+
5
+ Suggested checks:
6
+
7
+ - Run `node <gse>/scripts/discover-project-profile.mjs --target <fixture> --json`.
8
+ - Confirm package scripts are documented, not verified.
9
+ - Confirm CLI smoke, package validation, and release/publish signals are discovered from `package.json`.
10
+ - Confirm host capabilities remain `unknown` unless a host-specific adapter or current-session evidence exists.
11
+
12
+ No install or package publish is required for structural fixture use.
@@ -0,0 +1,21 @@
1
+ {
2
+ "name": "gse-cli-tool-fixture",
3
+ "version": "0.0.0-fixture",
4
+ "private": true,
5
+ "type": "module",
6
+ "bin": {
7
+ "gse-fixture": "./src/cli.mjs"
8
+ },
9
+ "scripts": {
10
+ "test": "node --test",
11
+ "typecheck": "tsc --noEmit",
12
+ "lint": "eslint .",
13
+ "smoke": "node ./src/cli.mjs --help",
14
+ "build": "tsc -p tsconfig.json",
15
+ "release:dry-run": "npm pack --dry-run"
16
+ },
17
+ "devDependencies": {
18
+ "typescript": "^5.0.0",
19
+ "eslint": "^9.0.0"
20
+ }
21
+ }
@@ -0,0 +1,2 @@
1
+ PUBLIC_API_BASE_URL=http://localhost:3000
2
+ FEATURE_FLAG_EXAMPLE=false
@@ -0,0 +1,8 @@
1
+ name: fixture-ci
2
+ on: [push]
3
+ jobs:
4
+ check:
5
+ runs-on: ubuntu-latest
6
+ steps:
7
+ - uses: actions/checkout@v4
8
+ - run: echo "fixture only; commands are documented, not verified"
@@ -0,0 +1,5 @@
1
+ # Fixture Agent Rules
2
+
3
+ - Use `.gse/project-profile.md` when present.
4
+ - Keep changes small and verified.
5
+ - Do not commit secrets, lockfiles, caches, screenshots, or build outputs from this fixture.
@@ -0,0 +1,12 @@
1
+ # small-app fixture
2
+
3
+ Purpose: representative small web app shape for GSE bootstrap and project-profile discovery tests.
4
+
5
+ Suggested checks:
6
+
7
+ - Run `node <gse>/scripts/discover-project-profile.mjs --target <fixture> --json`.
8
+ - Confirm package scripts are documented, not verified.
9
+ - Confirm browser/Playwright and CI are detected from config files.
10
+ - Confirm `.env.example` is treated as secrets documentation without reading real secrets.
11
+
12
+ No install is required for structural fixture use.
@@ -0,0 +1,26 @@
1
+ {
2
+ "name": "gse-small-app-fixture",
3
+ "private": true,
4
+ "type": "module",
5
+ "scripts": {
6
+ "dev": "vite",
7
+ "test": "vitest run",
8
+ "test:e2e": "playwright test",
9
+ "lint": "eslint .",
10
+ "typecheck": "tsc --noEmit",
11
+ "build": "vite build"
12
+ },
13
+ "dependencies": {
14
+ "@vitejs/plugin-react": "latest",
15
+ "react": "latest",
16
+ "react-dom": "latest",
17
+ "vite": "latest"
18
+ },
19
+ "devDependencies": {
20
+ "@playwright/test": "latest",
21
+ "eslint": "latest",
22
+ "prettier": "latest",
23
+ "typescript": "latest",
24
+ "vitest": "latest"
25
+ }
26
+ }
@@ -0,0 +1,4 @@
1
+ export default {
2
+ testDir: "./tests/e2e",
3
+ use: { baseURL: "http://localhost:5173" },
4
+ };
package/package.json ADDED
@@ -0,0 +1,53 @@
1
+ {
2
+ "name": "@t275005746/gse",
3
+ "version": "0.1.0",
4
+ "description": "Goal-Spec-Evidence Engineering workflow skill for long-running agent-assisted software projects.",
5
+ "type": "module",
6
+ "license": "MIT",
7
+ "homepage": "https://gatehub.top/",
8
+ "bin": {
9
+ "gse": "scripts/gse.mjs"
10
+ },
11
+ "files": [
12
+ "SKILL.md",
13
+ "README.md",
14
+ "README.zh-CN.md",
15
+ "CHANGELOG.md",
16
+ "CONTRIBUTING.md",
17
+ "LICENSE",
18
+ "SECURITY.md",
19
+ "SUPPORT.md",
20
+ ".github",
21
+ ".gse/README.md",
22
+ ".gse/project-profile.md",
23
+ ".gse/quality-gates.md",
24
+ ".gse/gse-development-protocol.md",
25
+ ".gse/state.json",
26
+ ".gse/releases",
27
+ "agents",
28
+ "assets",
29
+ "examples",
30
+ "references",
31
+ "scripts"
32
+ ],
33
+ "scripts": {
34
+ "audit:npm": "node scripts/audit-npm-package-metadata.mjs --root . --json",
35
+ "audit:npm-install": "node scripts/audit-npm-tarball-install.mjs --root . --json",
36
+ "audit:npm-publish": "node scripts/audit-npm-publish-dry-run.mjs --root . --json",
37
+ "validate": "node scripts/validate-gse.mjs --root . --json",
38
+ "pack:dry-run": "npm pack --dry-run --json"
39
+ },
40
+ "keywords": [
41
+ "gse",
42
+ "goal-spec-evidence",
43
+ "agentic-engineering",
44
+ "ai-coding-agent",
45
+ "spec-driven-development",
46
+ "sdd",
47
+ "evidence-gates",
48
+ "workflow"
49
+ ],
50
+ "engines": {
51
+ "node": ">=18"
52
+ }
53
+ }
@@ -0,0 +1,171 @@
1
+ # Adoption Recipes
2
+
3
+ Use this when applying GSE to a project or updating an existing GSE installation.
4
+
5
+ These recipes are host-neutral. They do not certify arbitrary repositories, install external tools, publish GSE, or verify host runtime capabilities. Treat project and host capabilities as `unknown` until checked in that project/session.
6
+
7
+ ## Recipe 1: Fresh Project Install
8
+
9
+ Use when a project has no `.gse/` folder yet.
10
+
11
+ Steps:
12
+
13
+ 1. Read project rules first: `AGENTS.md`, `CLAUDE.md`, README, or equivalent.
14
+ 2. Choose mode from `references/task-levels.md` and `references/project-bootstrap.md`: `lite`, `standard`, or `enterprise`.
15
+ 3. Run:
16
+
17
+ ```text
18
+ node <gse-skill>/scripts/init-project.mjs --target <project-root> --mode <mode>
19
+ ```
20
+
21
+ 4. Inspect generated `.gse/state.json`, `.gse/project-profile.md`, `.gse/goal-map.md`, `.gse/quality-gates.md`, `.gse/tooling.md`, and `.gse/evidence/index.jsonl`.
22
+ 5. Record project-specific commands, standards, permissions, and owners in `.gse/project-profile.md`.
23
+ 6. Run the smallest project verification that proves the install is usable, such as checking files exist and reading `.gse/README.md`.
24
+ Prefer the target doctor when available:
25
+
26
+ ```text
27
+ node <gse-skill>/scripts/audit-target-project.mjs --target <project-root>
28
+ ```
29
+
30
+ 7. Record residual risk: commands, CI, browser, MCP, LSP, subagents, models, and release paths remain `unknown` until executed.
31
+
32
+ Evidence status: `result` when files exist; `verified` only after focused project inspection or smoke proves the generated workflow is usable.
33
+
34
+ ## Recipe 2: Existing Repo Adoption
35
+
36
+ Use when a repository already has rules, scripts, CI, host folders, or partial `.gse/` files.
37
+
38
+ Steps:
39
+
40
+ 1. Read project rules and existing workflow docs before generating anything.
41
+ 2. Run discovery without writing:
42
+
43
+ ```text
44
+ node <gse-skill>/scripts/discover-project-profile.mjs --target <project-root> --json
45
+ ```
46
+
47
+ 3. Treat discovered scripts/configs as `documented`, not `verified`, until the commands actually run.
48
+ 4. If `.gse/project-profile.md` already exists, do not overwrite it without explicit `--force` and a reason. Do not overwrite existing project workflow files just because GSE has defaults.
49
+ 5. If writing is approved, use:
50
+
51
+ ```text
52
+ node <gse-skill>/scripts/discover-project-profile.mjs --target <project-root> --write
53
+ ```
54
+
55
+ 6. Preserve project-specific standards, host adapters, existing evidence logs, and owner decisions.
56
+ 7. Record whether adoption is `result`, `verified`, or `accepted` using `references/evidence-taxonomy.md`.
57
+
58
+ Evidence status: `verified` for controlled fixture behavior when `scripts/audit-adoption.mjs` passes; real repos need project-specific evidence.
59
+
60
+ ## Recipe 3: Update Existing GSE
61
+
62
+ Use when a project already follows GSE and the skill or project-local `.gse/` files need an update.
63
+
64
+ Steps:
65
+
66
+ 1. Read `.gse/project-profile.md`, `.gse/goal-map.md`, `.gse/current-slice.md` if present, and host adapter notes.
67
+ Prefer `.gse/state.json` and `.gse/evidence/index.jsonl` when present because they are the machine-readable continuation state.
68
+ 2. Identify whether the update affects templates, scripts, host adapters, quality gates, release/recovery, or project rules.
69
+ 3. Preserve local project decisions. Do not replace project `.gse/` files with skill defaults unless the project owner approves.
70
+ 4. Run skill validation after updating the skill package:
71
+
72
+ ```text
73
+ node <gse-skill>/scripts/validate-gse.mjs --root <gse-skill>
74
+ ```
75
+
76
+ 5. Run project-local validation or smoke for the affected workflow.
77
+ For read-only workflow drift checks, run:
78
+
79
+ ```text
80
+ node <gse-skill>/scripts/audit-target-project.mjs --target <project-root>
81
+ ```
82
+
83
+ If the project predates `.gse/state.json` and `.gse/evidence/index.jsonl`, add only the missing machine-readable continuation files:
84
+
85
+ ```text
86
+ node <gse-skill>/scripts/update-project-state.mjs --target <project-root>
87
+ ```
88
+
89
+ 6. Record changed files, migration/rollback notes, evidence status, residual risks, and next action in the project evidence log.
90
+
91
+ Evidence status: `verified` only when the project-local update path and affected workflow have focused evidence.
92
+
93
+ ## Recipe 4: Host Adapter Adoption
94
+
95
+ Use when a project needs Codex, Claude Code, Hermes/AION-style runtime, WorkBuddy, Copilot/Gemini-style, or custom host pointers.
96
+
97
+ Steps:
98
+
99
+ 1. Read `references/compatibility.md` and `references/host-adapters.md`.
100
+ 2. Generate short command/pointer adapters only when the host has a real adapter location:
101
+
102
+ ```text
103
+ node <gse-skill>/scripts/generate-command-adapter.mjs --target <project-root> --host claude|codex|hermes|workbuddy|copilot|gemini|generic|all
104
+ ```
105
+
106
+ `scripts/generate-host-adapter.mjs` is a legacy fixture helper for the older Codex/Claude markdown adapter smoke. Prefer `generate-command-adapter.mjs` for new project adoption.
107
+
108
+ 3. Keep `.gse/` as the source of truth. Do not copy goal maps, quality gates, or evidence into host folders.
109
+ 4. Mark host capabilities as `verified`, `documented`, `unknown`, or `unavailable` based on current evidence.
110
+ 5. Run `scripts/audit-host-adapters.mjs` for GSE fixture coverage, then run project-specific inspection for the target project.
111
+
112
+ Evidence status: fixture generation can be `verified`; actual host runtime tools remain project/session-specific.
113
+
114
+ ## Recipe 5: CLI Or Package Project Adoption
115
+
116
+ Use when a project is primarily a command-line tool, reusable package, SDK, plugin, or library rather than a web app.
117
+
118
+ Steps:
119
+
120
+ 1. Read package docs and project rules before changing workflow files: `README.md`, `AGENTS.md`, `CONTRIBUTING.md`, package manifest, and release notes if present.
121
+ 2. Run discovery first:
122
+
123
+ ```text
124
+ node <gse-skill>/scripts/discover-project-profile.mjs --target <project-root> --json
125
+ ```
126
+
127
+ 3. Treat `bin` entries, package scripts, publish commands, signing, registry, and shell integration as `documented` or `unknown` until a focused smoke proves them.
128
+ 4. Preserve package metadata, release notes, compatibility policy, and existing publish/rollback instructions.
129
+ 5. Prefer a small command smoke before broader tests, such as `npm run smoke`, `node ./bin/<name> --help`, `npm pack --dry-run`, or the project equivalent.
130
+ 6. Record exit-code behavior, changed files, package artifacts intentionally ignored, residual release risk, and next action.
131
+
132
+ Evidence status: fixture coverage can be `verified`; real package install, registry access, publish permissions, global install, and shell completion require project-specific evidence.
133
+
134
+ ## Adoption Record
135
+
136
+ Use this compact record in `.gse/evidence/` or the project evidence log:
137
+
138
+ ```text
139
+ Adoption recipe:
140
+ Project path:
141
+ Mode or host:
142
+ Project rules read:
143
+ Commands run:
144
+ Files created or changed:
145
+ Preserved project-specific rules:
146
+ Host/tool statuses:
147
+ Validation evidence:
148
+ Evidence status: result | verified | accepted | not ready
149
+ Residual risk:
150
+ Next action:
151
+ ```
152
+
153
+ For real target-project evidence, use `assets/templates/target-adoption-evidence.md`. Keep discovered scripts and configs as `documented` until executed, and keep `Accepted by: not accepted` unless a real acceptance gate ran.
154
+
155
+ Use `assets/templates/acceptance-execution-packet.md` before writing project-local `.gse/` artifacts or claiming owner-approved adoption acceptance.
156
+
157
+ ## Verification Commands
158
+
159
+ Use only the commands that match the recipe and risk:
160
+
161
+ ```text
162
+ node <gse-skill>/scripts/audit-project.mjs --root <gse-skill>
163
+ node <gse-skill>/scripts/audit-adoption.mjs --root <gse-skill>
164
+ node <gse-skill>/scripts/audit-command-adapters.mjs --root <gse-skill>
165
+ node <gse-skill>/scripts/audit-host-adapters.mjs --root <gse-skill>
166
+ node <gse-skill>/scripts/audit-fixtures.mjs --root <gse-skill>
167
+ node <gse-skill>/scripts/audit-target-project.mjs --target <project-root>
168
+ node <gse-skill>/scripts/validate-gse.mjs --root <gse-skill>
169
+ ```
170
+
171
+ These commands verify GSE fixtures and skill readiness. They do not certify arbitrary production repositories. Real adoption still needs project-specific inspection, focused smokes, and evidence.
@@ -0,0 +1,49 @@
1
+ # Agent Roles
2
+
3
+ Use roles to make multi-agent work predictable.
4
+
5
+ ## Coordinator
6
+
7
+ Owns scope, task level, context selection, final integration, and final answer.
8
+
9
+ Never delegates final judgment.
10
+
11
+ ## Product Analyst
12
+
13
+ Clarifies user outcome, pain, audience, competitive baseline, and priority.
14
+
15
+ ## Architect
16
+
17
+ Defines state, data flow, module boundaries, contracts, risks, and rollback.
18
+
19
+ ## Code Locator
20
+
21
+ Read-only. Finds files, symbols, call chains, existing tests, and local patterns.
22
+
23
+ ## Builder
24
+
25
+ Implements a bounded slice. Avoids unrelated refactors.
26
+
27
+ ## Reviewer
28
+
29
+ Checks correctness, regressions, architecture drift, security, and missing tests using `references/review.md`.
30
+
31
+ ## QA
32
+
33
+ Runs focused verification, browser smoke, API smoke, or screenshot checks.
34
+
35
+ ## Docs/Evidence
36
+
37
+ Writes evidence, changelog notes, ADR links, and learning entries. Does not modify implementation unless explicitly assigned.
38
+
39
+ ## Dispatch Rules
40
+
41
+ - Use real subagent tools only when exposed by the current host.
42
+ - Give each agent a role, files allowed, expected output, and forbidden actions. Use `assets/templates/dispatch-packet.md` when the assignment needs durable boundaries or evidence.
43
+ - Avoid parallel writes to the same files.
44
+ - If subagents are unavailable, execute roles sequentially in the main session and say so.
45
+
46
+ ## File Ownership
47
+
48
+ Use `references/file-ownership.md` before assigning write access, running parallel implementation, or editing in a dirty worktree. Keep locator, reviewer, and QA roles read-only unless explicitly assigned otherwise.
49
+
@@ -0,0 +1,101 @@
1
+ # Architecture Health
2
+
3
+ Use this when a change may affect the long-term shape of a project, not only the immediate behavior. Architecture health checks look for structural drift that can make future work slower, riskier, or harder for agents to understand.
4
+
5
+ ## Trigger Conditions
6
+
7
+ Run an architecture health scan when any of these are true:
8
+
9
+ - A change crosses module boundaries, package boundaries, runtime boundaries, product boundaries, or host adapter boundaries.
10
+ - A new subsystem, provider, model route, worker, storage layer, queue, browser/runtime path, or deployment path is added.
11
+ - Repeated bugs suggest hidden coupling, unclear ownership, duplicated logic, or a missing source of truth.
12
+ - A dependency, security boundary, permission model, migration, release path, or rollback path changes.
13
+ - Performance, resilience, cancellation, retry, state recovery, or observability behavior is material to the slice.
14
+ - Project docs, generated artifacts, code, and .gse/ records disagree about the intended design.
15
+
16
+ Do not run a broad scan for tiny local edits unless the edit touches a structural boundary.
17
+
18
+ ## Scope Levels
19
+
20
+ Pick the smallest scan that can prove the risk is understood.
21
+
22
+ | Level | Use when | Minimum evidence |
23
+ |---|---|---|
24
+ | Lightweight local scan | One file, one module, one adapter, or one narrow workflow changed | Relevant files, nearest tests/checks, project rules that govern the area |
25
+ | Subsystem scan | A feature crosses modules, storage/state, API/UI, worker/runtime, or tool boundaries | Call flow, data ownership, source-of-truth records, focused verification |
26
+ | Broad architecture review | Large refactor, new platform capability, release/migration risk, recurring failures, or uncertain ownership | Architecture docs, ADRs, project profile, dependency/release notes, evidence and follow-up slices |
27
+
28
+ ## Scan Axes
29
+
30
+ ### Module Boundaries
31
+
32
+ - Are module boundaries, package boundaries, runtime boundaries, and host adapter boundaries still clear?
33
+ - Did the change import across layers in a way the project does not already allow?
34
+ - Is shared behavior placed in the right owner instead of copied into callers?
35
+
36
+ ### Coupling And Cohesion
37
+
38
+ - Did the change create tight coupling between UI, API, worker, storage, tools, models, or host-specific adapters?
39
+ - Can a future agent change one concern without understanding unrelated concerns?
40
+ - Are abstractions justified by repeated complexity or existing project patterns?
41
+
42
+ ### Source Of Truth Drift
43
+
44
+ - Is there one source of truth for goals, specs, state, memory, routing, configuration, and evidence?
45
+ - Do docs, code, scripts, templates, generated files, and .gse/ records agree?
46
+ - Are compatibility names or legacy internal names contained behind adapters rather than exposed as product truth?
47
+
48
+ ### Dependency And Security Risk
49
+
50
+ - Did dependencies, provider SDKs, MCP/tool integrations, or browser/runtime permissions change?
51
+ - Are dependency and security assumptions verified, documented, or explicitly unknown?
52
+ - Are secrets, raw provider payloads, hidden reasoning, and privileged tool traces excluded from user-visible or committed outputs?
53
+
54
+ ### Ownership And Change Control
55
+
56
+ - Which module, team, role, or agent owns the changed behavior?
57
+ - Are file ownership and multi-agent lock rules clear enough to prevent overlapping edits?
58
+ - Does the change need an ADR, project-profile update, or future release note?
59
+
60
+ ### Performance And Resilience
61
+
62
+ - Could the design add latency, heavy context loading, unnecessary worker paths, repeated browser loops, or expensive model routes?
63
+ - Are cancellation, retry, timeout, recovery, idempotency, and duplicate prevention considered where relevant?
64
+ - Is observability enough to diagnose failure without leaking sensitive data?
65
+
66
+ ### Migration And Release Impact
67
+
68
+ - Does the change affect install, upgrade, data migration, backward compatibility, rollback, or release acceptance?
69
+ - Are migration and release risks captured as decisions or follow-up slices rather than hidden assumptions?
70
+ - Is the verification scope strong enough for the release risk?
71
+
72
+ ## Output Format
73
+
74
+ Keep the output concise. Link to evidence instead of pasting long logs.
75
+
76
+ ```text
77
+ Scan scope:
78
+ Findings:
79
+ Risks:
80
+ Decisions needed:
81
+ Follow-up slices:
82
+ Evidence:
83
+ ```
84
+
85
+ ## Classification Rules
86
+
87
+ - Findings are observed facts from code, docs, scripts, tests, or runtime behavior.
88
+ - Risks are plausible future failures or maintenance costs that the current evidence does not eliminate.
89
+ - Decisions needed are architecture choices that require owner, user, or project-standard confirmation.
90
+ - Follow-up slices are bounded implementation or documentation steps that can be verified later.
91
+
92
+ Do not label a guess as a finding. If evidence is indirect, record it as a risk or assumption and choose a follow-up slice.
93
+
94
+ ## Integration
95
+
96
+ - Use references/review.md for the review axes and severity language.
97
+ - Use references/quality-gates.md to decide whether architecture health is required for the task risk.
98
+ - Use references/file-ownership.md when ownership, dirty worktree, or multi-agent overlap is unclear.
99
+ - Use references/project-profile.md and project architecture docs as the source of project-specific standards.
100
+ - Use references/release.md when architecture risk affects migration, rollback, compatibility, changelog/release notes, or release acceptance.
101
+ - Use references/evidence-taxonomy.md to classify the final claim as result, verified, or accepted.
@@ -0,0 +1,73 @@
1
+ # Benchmark Audit
2
+
3
+ Use this when improving GSE itself: changing the GSE skill, its scripts, templates, references, project scaffold, or development goals.
4
+
5
+ ## Purpose
6
+
7
+ GSE development must proactively find workflow gaps. Do not wait for the user to discover missing requirements through manual testing.
8
+
9
+ Run this audit against verified local skills, project files, tool help, official docs when available, and focused experiments. Label design judgments separately from verified facts.
10
+
11
+ ## Benchmark Sources
12
+
13
+ Use the best available sources for the current host:
14
+
15
+ - Local GSE files under `.gse/` or the skill folder.
16
+ - Installed workflow skills: Comet, OpenSpec, Superpowers-style skills, agentic-engineering, subagent-driven-development, TDD, code review, self-improvement, QA, CI/CD.
17
+ - Public or local skill repositories when explicitly referenced or already cloned, such as `mattpocock/skills`.
18
+ - Project rules only when GSE is being tested inside a real project: `AGENTS.md`, `CLAUDE.md`, `CONTEXT.md`, ADRs, issue tracker docs, CI config, test scripts.
19
+ - Official tool docs only when needed for a drift-prone claim.
20
+
21
+ ## GSE Development Audit Matrix
22
+
23
+ Score each area as `missing`, `thin`, `usable`, or `strong`.
24
+
25
+ | Area | Questions |
26
+ |---|---|
27
+ | Setup | Can a new agent install or initialize GSE without guessing? |
28
+ | Router | Is there a clear map from user intent to GSE references, scripts, and modes? |
29
+ | Goal Map | Are GSE's north star, current priority, risks, and next slice visible? |
30
+ | Domain Model | Is shared language captured, challenged, and updated? |
31
+ | Specs | Are GSE change outcome, scope, non-goals, contracts, and acceptance explicit? |
32
+ | Task Slicing | Are tasks vertical, independently verifiable, and sized by risk? |
33
+ | Tool Acceleration | Are search, LSP/index, browser, API, MCP, and CI tools recorded with fallbacks? |
34
+ | Multi-Agent | Are roles, dispatch packets, file ownership, review gates, and no-fake-delegation rules clear? |
35
+ | Implementation | Does GSE development preserve skill patterns and avoid unrelated expansion? |
36
+ | Testing | Are focused tests, TDD, smoke, regression, and UI verification rules present? |
37
+ | Review | Are spec compliance and code quality reviewed separately? |
38
+ | Evidence | Is GSE change evidence recorded with commands and residual risk? |
39
+ | Release | Are migration, rollout, rollback, smoke, and known-risk steps defined? |
40
+ | Incident | Is there a path for failures, postmortems, and prevention gates? |
41
+ | Learning | Are reusable lessons promoted into rules, gates, or templates? |
42
+ | Context Hygiene | Are handoff, compaction, stale-context, and token-budget rules defined? |
43
+ | Adapter Drift | Are host-specific GSE adapters prevented from diverging from the portable source of truth? |
44
+ | Security | Are secrets, permissions, destructive tools, and external services bounded? |
45
+ | Observability | Are traces, cost, retries, failures, and long-running state captured when relevant? |
46
+
47
+ ## Required Output
48
+
49
+ ```text
50
+ Outcome:
51
+ Benchmark sources:
52
+ Strong areas:
53
+ Gaps:
54
+ Design goal updates:
55
+ Next action:
56
+ Evidence:
57
+ ```
58
+
59
+ ## Design Goal Update Rules
60
+
61
+ - Add a goal only when it prevents a real failure mode or improves repeatable quality.
62
+ - Prefer a small artifact or script over a large prose rule.
63
+ - Keep hard prerequisites minimal; record optional adapters separately.
64
+ - Turn recurring user corrections into audits, gates, or templates.
65
+ - If a benchmark is tool-specific, extract the portable principle before adding it to GSE.
66
+ - For non-trivial GSE changes, use `references/forward-test.md` to decide whether structural smoke, fixture forward test, or fresh-session forward test is required.
67
+
68
+ ## Current Known GSE Gaps
69
+
70
+ - GSE has project scoring, bootstrap smoke, target doctor, command adapters, release gates, evidence taxonomy, quality gates, and final-form progress audits. Keep this section current when a gap is closed so future agents do not chase stale work.
71
+ - Host adapter pointer templates are verified through `scripts/generate-command-adapter.mjs` and `scripts/audit-command-adapters.mjs`; older `generate-host-adapter.mjs` coverage is legacy fixture compatibility, not the preferred adoption route.
72
+ - Remaining final-form gaps are owner/external evidence gates: public repository settings, public CI run, public security contact, registry publication, marketplace approval, native slash-command evidence, and other host runtime invocation.
73
+ - Local future-hardening candidates should come from fresh benchmark evidence, not from this historical list.