@t275005746/gse 0.1.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (207) hide show
  1. package/.github/ISSUE_TEMPLATE/bug_report.yml +42 -0
  2. package/.github/ISSUE_TEMPLATE/change_request.yml +50 -0
  3. package/.github/ISSUE_TEMPLATE/config.yml +5 -0
  4. package/.github/PULL_REQUEST_TEMPLATE.md +38 -0
  5. package/.github/workflows/validate-gse.yml +33 -0
  6. package/.gse/README.md +18 -0
  7. package/.gse/gse-development-protocol.md +50 -0
  8. package/.gse/project-profile.md +29 -0
  9. package/.gse/quality-gates.md +25 -0
  10. package/.gse/releases/public-channel-publication-pending.md +49 -0
  11. package/.gse/releases/public-ci-run-pending.md +53 -0
  12. package/.gse/releases/public-release-owner-required.md +65 -0
  13. package/.gse/releases/public-repository-settings-owner-required.md +59 -0
  14. package/.gse/releases/public-security-contact-owner-required.md +45 -0
  15. package/.gse/state.json +27 -0
  16. package/CHANGELOG.md +24 -0
  17. package/CONTRIBUTING.md +64 -0
  18. package/LICENSE +21 -0
  19. package/README.md +236 -0
  20. package/README.zh-CN.md +236 -0
  21. package/SECURITY.md +41 -0
  22. package/SKILL.md +148 -0
  23. package/SUPPORT.md +38 -0
  24. package/agents/openai.yaml +4 -0
  25. package/assets/marketplace/README.md +7 -0
  26. package/assets/marketplace/gse-listing.json +75 -0
  27. package/assets/templates/acceptance-execution-packet.md +73 -0
  28. package/assets/templates/adr.md +14 -0
  29. package/assets/templates/change-brief.md +16 -0
  30. package/assets/templates/design.md +18 -0
  31. package/assets/templates/dispatch-packet.md +104 -0
  32. package/assets/templates/evidence.md +14 -0
  33. package/assets/templates/execution-quality-pack.md +65 -0
  34. package/assets/templates/goal-map.md +21 -0
  35. package/assets/templates/host-adapter.md +48 -0
  36. package/assets/templates/host-ui-invocation-record.md +42 -0
  37. package/assets/templates/incident-review.md +60 -0
  38. package/assets/templates/public-channel-publication-record.md +49 -0
  39. package/assets/templates/public-ci-run-record.md +53 -0
  40. package/assets/templates/public-release-record.md +65 -0
  41. package/assets/templates/public-repository-settings-record.md +59 -0
  42. package/assets/templates/public-security-contact-record.md +45 -0
  43. package/assets/templates/release-trust-record.md +32 -0
  44. package/assets/templates/review.md +18 -0
  45. package/assets/templates/spec.md +16 -0
  46. package/assets/templates/target-adoption-evidence.md +29 -0
  47. package/assets/templates/tasks.md +17 -0
  48. package/assets/templates/update-release-acceptance-record.md +58 -0
  49. package/examples/README.md +22 -0
  50. package/examples/agent-runtime-host/.claude/gse-adapter.md +6 -0
  51. package/examples/agent-runtime-host/.codex/gse-adapter.md +7 -0
  52. package/examples/agent-runtime-host/.gse/goal-map.md +7 -0
  53. package/examples/agent-runtime-host/.gse/project-profile.md +27 -0
  54. package/examples/agent-runtime-host/.gse/tooling.md +5 -0
  55. package/examples/agent-runtime-host/.mcp.json +9 -0
  56. package/examples/agent-runtime-host/AGENTS.md +5 -0
  57. package/examples/agent-runtime-host/README.md +10 -0
  58. package/examples/agent-runtime-host/docs/model-routing.md +5 -0
  59. package/examples/cli-tool/.gse/project-profile.md +21 -0
  60. package/examples/cli-tool/AGENTS.md +5 -0
  61. package/examples/cli-tool/README.md +12 -0
  62. package/examples/cli-tool/package.json +21 -0
  63. package/examples/small-app/.env.example +2 -0
  64. package/examples/small-app/.github/workflows/ci.yml +8 -0
  65. package/examples/small-app/AGENTS.md +5 -0
  66. package/examples/small-app/README.md +12 -0
  67. package/examples/small-app/package.json +26 -0
  68. package/examples/small-app/playwright.config.ts +4 -0
  69. package/package.json +53 -0
  70. package/references/adoption-recipes.md +171 -0
  71. package/references/agent-roles.md +49 -0
  72. package/references/architecture-health.md +101 -0
  73. package/references/benchmark-audit.md +73 -0
  74. package/references/commands.md +295 -0
  75. package/references/community-channels.md +46 -0
  76. package/references/compatibility.md +70 -0
  77. package/references/design-basis.md +38 -0
  78. package/references/domain-model.md +129 -0
  79. package/references/domain-quality-gates.md +75 -0
  80. package/references/drift-audit.md +81 -0
  81. package/references/evidence-taxonomy.md +123 -0
  82. package/references/file-ownership.md +107 -0
  83. package/references/final-readiness.md +84 -0
  84. package/references/forward-test.md +133 -0
  85. package/references/goal-map.md +36 -0
  86. package/references/host-adapters.md +119 -0
  87. package/references/learning-system.md +35 -0
  88. package/references/marketplace-discovery.md +46 -0
  89. package/references/model-routing.md +103 -0
  90. package/references/open-source-defaults.md +39 -0
  91. package/references/operating-model.md +52 -0
  92. package/references/packaging.md +277 -0
  93. package/references/project-agent-workspace.md +89 -0
  94. package/references/project-bootstrap.md +122 -0
  95. package/references/project-profile.md +57 -0
  96. package/references/public-release.md +174 -0
  97. package/references/quality-gates.md +100 -0
  98. package/references/recovery.md +176 -0
  99. package/references/release-trust.md +43 -0
  100. package/references/release.md +126 -0
  101. package/references/review.md +141 -0
  102. package/references/router.md +90 -0
  103. package/references/spec-workflow.md +66 -0
  104. package/references/task-levels.md +81 -0
  105. package/references/tool-adapters.md +73 -0
  106. package/scripts/audit-acceptance-execution-packet.mjs +133 -0
  107. package/scripts/audit-adoption-recipes.mjs +99 -0
  108. package/scripts/audit-adoption.mjs +154 -0
  109. package/scripts/audit-change-lifecycle.mjs +77 -0
  110. package/scripts/audit-change-system.mjs +134 -0
  111. package/scripts/audit-ci-readiness.mjs +107 -0
  112. package/scripts/audit-close-gate.mjs +323 -0
  113. package/scripts/audit-command-adapters.mjs +91 -0
  114. package/scripts/audit-command-execution.mjs +210 -0
  115. package/scripts/audit-commands.mjs +117 -0
  116. package/scripts/audit-compatibility.mjs +149 -0
  117. package/scripts/audit-completion-readiness.mjs +292 -0
  118. package/scripts/audit-distribution.mjs +251 -0
  119. package/scripts/audit-domain-quality-gates.mjs +108 -0
  120. package/scripts/audit-evidence-placeholders.mjs +126 -0
  121. package/scripts/audit-final-acceptance-packet.mjs +148 -0
  122. package/scripts/audit-final-form-progress-report.mjs +161 -0
  123. package/scripts/audit-final-form-stale-copy.mjs +221 -0
  124. package/scripts/audit-final-readiness-promotion.mjs +255 -0
  125. package/scripts/audit-final-readiness.mjs +226 -0
  126. package/scripts/audit-fixtures.mjs +154 -0
  127. package/scripts/audit-fresh-session-readiness.mjs +177 -0
  128. package/scripts/audit-gse.mjs +275 -0
  129. package/scripts/audit-host-adapters.mjs +119 -0
  130. package/scripts/audit-host-runtime-evidence-handoff.mjs +159 -0
  131. package/scripts/audit-host-runtime-invocation-drill.mjs +240 -0
  132. package/scripts/audit-host-runtime-invocations.mjs +254 -0
  133. package/scripts/audit-host-ui-invocation.mjs +132 -0
  134. package/scripts/audit-learning-system.mjs +103 -0
  135. package/scripts/audit-local-final-form-completion.mjs +131 -0
  136. package/scripts/audit-marketplace-discovery.mjs +122 -0
  137. package/scripts/audit-npm-package-metadata.mjs +155 -0
  138. package/scripts/audit-npm-publish-dry-run.mjs +169 -0
  139. package/scripts/audit-npm-tarball-install.mjs +191 -0
  140. package/scripts/audit-open-source-defaults.mjs +92 -0
  141. package/scripts/audit-open-source-readiness.mjs +97 -0
  142. package/scripts/audit-owner-external-gate-kit.mjs +218 -0
  143. package/scripts/audit-project.mjs +323 -0
  144. package/scripts/audit-public-acceptance-command-dry-run-drill.mjs +203 -0
  145. package/scripts/audit-public-acceptance-handoff.mjs +142 -0
  146. package/scripts/audit-public-acceptance-readiness.mjs +224 -0
  147. package/scripts/audit-public-channel-publication.mjs +248 -0
  148. package/scripts/audit-public-ci-run.mjs +184 -0
  149. package/scripts/audit-public-collaboration-templates.mjs +98 -0
  150. package/scripts/audit-public-external-gate-probe.mjs +206 -0
  151. package/scripts/audit-public-release-checklist.mjs +133 -0
  152. package/scripts/audit-public-release-decision.mjs +201 -0
  153. package/scripts/audit-public-release-metadata.mjs +176 -0
  154. package/scripts/audit-public-repository-settings.mjs +237 -0
  155. package/scripts/audit-public-security-contact.mjs +171 -0
  156. package/scripts/audit-readme-docs.mjs +185 -0
  157. package/scripts/audit-recovery-readiness.mjs +98 -0
  158. package/scripts/audit-release-bundle.mjs +251 -0
  159. package/scripts/audit-release-owner-action-plan-drill.mjs +277 -0
  160. package/scripts/audit-release-owner-action-plan.mjs +164 -0
  161. package/scripts/audit-release-readiness.mjs +106 -0
  162. package/scripts/audit-release-status-manifest.mjs +165 -0
  163. package/scripts/audit-release-trust.mjs +62 -0
  164. package/scripts/audit-remote-distribution.mjs +266 -0
  165. package/scripts/audit-roadmap-consistency.mjs +235 -0
  166. package/scripts/audit-signing.mjs +147 -0
  167. package/scripts/audit-state-freshness.mjs +113 -0
  168. package/scripts/audit-target-adoption-evidence.mjs +117 -0
  169. package/scripts/audit-target-project.mjs +507 -0
  170. package/scripts/audit-update-release-acceptance.mjs +136 -0
  171. package/scripts/audit-v1-target-validation.mjs +269 -0
  172. package/scripts/audit-validation-profiles.mjs +125 -0
  173. package/scripts/close-change.mjs +116 -0
  174. package/scripts/discover-project-profile.mjs +307 -0
  175. package/scripts/forward-test-gse.mjs +146 -0
  176. package/scripts/generate-command-adapter.mjs +231 -0
  177. package/scripts/generate-final-acceptance-packet.mjs +181 -0
  178. package/scripts/generate-final-form-progress-report.mjs +205 -0
  179. package/scripts/generate-host-adapter.mjs +73 -0
  180. package/scripts/generate-host-runtime-evidence-handoff.mjs +206 -0
  181. package/scripts/generate-owner-external-gate-kit.mjs +295 -0
  182. package/scripts/generate-public-acceptance-handoff.mjs +168 -0
  183. package/scripts/generate-public-release-checklist.mjs +207 -0
  184. package/scripts/generate-release-bundle.mjs +505 -0
  185. package/scripts/generate-release-owner-action-plan.mjs +172 -0
  186. package/scripts/generate-release-status-manifest.mjs +200 -0
  187. package/scripts/generate-session-prompt.mjs +188 -0
  188. package/scripts/gse.mjs +67 -0
  189. package/scripts/init-change.mjs +265 -0
  190. package/scripts/init-project.mjs +785 -0
  191. package/scripts/install-gse.mjs +234 -0
  192. package/scripts/lib/evidence-placeholders.mjs +28 -0
  193. package/scripts/package-gse.mjs +174 -0
  194. package/scripts/probe-public-external-gates.mjs +167 -0
  195. package/scripts/record-host-invocation.mjs +151 -0
  196. package/scripts/record-learning.mjs +137 -0
  197. package/scripts/record-public-channel-publication.mjs +178 -0
  198. package/scripts/record-public-ci-run.mjs +180 -0
  199. package/scripts/record-public-release.mjs +175 -0
  200. package/scripts/record-public-repository-settings.mjs +209 -0
  201. package/scripts/record-public-security-contact.mjs +157 -0
  202. package/scripts/run-gse-command.mjs +538 -0
  203. package/scripts/run-validation-profile.mjs +146 -0
  204. package/scripts/sign-gse-package.mjs +83 -0
  205. package/scripts/update-project-state.mjs +223 -0
  206. package/scripts/validate-gse.mjs +1168 -0
  207. package/scripts/verify-gse-package.mjs +85 -0
@@ -0,0 +1,81 @@
1
+ # Drift Audit
2
+
3
+ Use this when project reality may have diverged from `.gse/`, project docs, generated scaffolds, host adapters, tool assumptions, model routing, or recorded evidence.
4
+
5
+ Drift audit keeps long-running agent work from following stale instructions. It is a focused consistency check, not a broad rewrite.
6
+
7
+ ## Trigger Conditions
8
+
9
+ Run a drift audit when any of these are true:
10
+
11
+ - A command fails because package manager, runtime, service port, CI, browser, MCP, LSP, model, or host capability assumptions were stale.
12
+ - The user says a tool, standard, permission, or host capability exists but GSE cannot see it.
13
+ - `.gse/project-profile.md`, `.gse/tooling.md`, `.gse/goal-map.md`, `.gse/quality-gates.md`, or evidence records disagree with current project files.
14
+ - Generated scaffolds or host adapters were copied earlier and may no longer point to `.gse/` as the source of truth.
15
+ - A model/provider/tool route was previously documented but not recently verified.
16
+ - Release, recovery, incident, or repeated failure evidence suggests stale rules or stale assumptions.
17
+ - A future agent would likely choose the wrong workflow because old docs are more visible than current facts.
18
+
19
+ Do not run a broad drift audit for a tiny local edit unless the edit exposes stale project facts.
20
+
21
+ ## Drift Categories
22
+
23
+ | Category | Examples | Default remediation |
24
+ |---|---|---|
25
+ | stale docs | README, AGENTS.md, architecture docs, ADRs, comments, old handoffs | Update or mark outdated; link to current source of truth |
26
+ | stale generated scaffolds | `.gse/` templates, copied host folders, generated commands, stale examples | Regenerate or patch the smallest affected artifact |
27
+ | stale host adapters | `.codex/`, `.claude/`, `.agents/`, MCP, hooks, subagent notes, runtime bridges | Point back to `.gse/`; update verified/unknown capability status |
28
+ | stale tool assumptions | package manager, scripts, ports, CI, browser, LSP, MCP, deployment, observability | Re-read project config; mark verified, documented, unknown, or unavailable |
29
+ | stale model assumptions | provider/model ids, capability fit, cost, latency, privacy, fallback, hosted tools | Reclassify with model-routing evidence; avoid claiming support without proof |
30
+ | stale project profile facts | identity, commands, standards, release rules, permissions, known gotchas | Refresh `.gse/project-profile.md` from current files only |
31
+ | stale evidence or goal-map state | completed work not reflected, obsolete next action, old risk still listed, missing residual risk | Update `.gse/evidence/`, `.gse/goal-map.md`, or `.gse/current-slice.md` concisely |
32
+
33
+ ## Minimum Audit Record
34
+
35
+ Use this format in evidence logs or handoff notes:
36
+
37
+ ```text
38
+ Drift scope:
39
+ Drift category:
40
+ Current source checked:
41
+ Stale or conflicting record:
42
+ Finding:
43
+ Remediation:
44
+ Evidence:
45
+ Follow-up slices:
46
+ ```
47
+
48
+ Findings must come from current files, command output, local tool help, trusted project docs, or focused experiments. If the evidence is indirect, record a risk instead of a finding.
49
+
50
+ ## Evidence Requirements
51
+
52
+ A drift audit should prove at least one of these:
53
+
54
+ - The recorded assumption still matches current project reality.
55
+ - The recorded assumption is stale and has been corrected or marked outdated.
56
+ - The current evidence is insufficient, so the status is `unknown` or a follow-up slice is required.
57
+ - The project has conflicting sources of truth and an owner decision is needed.
58
+
59
+ Use `verified`, `documented`, `unknown`, and `unavailable` consistently with references/tool-adapters.md. Do not promote `documented` or `unknown` to `verified` without current evidence.
60
+
61
+ ## Remediation Paths
62
+
63
+ Choose the smallest durable remediation:
64
+
65
+ - Refresh `.gse/project-profile.md` when project commands, tools, standards, permissions, release rules, or known gotchas changed.
66
+ - Refresh `.gse/goal-map.md` or `.gse/current-slice.md` when next action, risks, or landed evidence are stale.
67
+ - Refresh host adapter notes when host-specific folders duplicate policy or claim unavailable capabilities.
68
+ - Refresh tool/model routing notes when provider, model, MCP, LSP, browser, CI, or deployment assumptions changed.
69
+ - Add a learning entry only when the drift pattern is reusable beyond the current slice.
70
+ - Add or update a script/template/gate when the same drift appears repeatedly.
71
+
72
+ Never update stale docs by inventing support. Prefer `unknown` plus a focused verification action.
73
+
74
+ ## Integration
75
+
76
+ - Use references/project-profile.md when drift affects project-specific standards, commands, tools, permissions, release rules, or known gotchas.
77
+ - Use references/host-adapters.md when drift affects Codex, Claude Code, Hermes/AION-style runtime, WorkBuddy, MCP, hooks, skills, subagents, or host-specific folders.
78
+ - Use references/tool-adapters.md when drift affects tool status, LSP/index, browser, CI, MCP, package manager, or command assumptions.
79
+ - Use references/model-routing.md when drift affects provider/model capability, cost, latency, privacy, fallback, or hosted tool behavior.
80
+ - Use references/learning-system.md when a drift pattern should be promoted into a lesson, checklist, gate, script, or skill update.
81
+ - Use references/recovery.md when drift is discovered during interrupted, failed, or handed-off work.
@@ -0,0 +1,123 @@
1
+ # Evidence Taxonomy
2
+
3
+ Use this to decide whether work is only produced, actually verified, or accepted.
4
+
5
+ GSE uses three evidence gates:
6
+
7
+ ```text
8
+ result -> verified -> accepted
9
+ ```
10
+
11
+ Do not skip gates. Do not claim a higher gate when the evidence only proves a lower gate.
12
+
13
+ ## Gate 1: Result
14
+
15
+ `result` means the requested artifact or change exists.
16
+
17
+ Enough evidence:
18
+
19
+ - File, script, template, reference, commit, report, screenshot, or generated output exists.
20
+ - The change is scoped to the requested slice.
21
+ - The agent can point to the exact path or output.
22
+
23
+ Not enough for `result`:
24
+
25
+ - A plan to create the artifact.
26
+ - A final answer describing what would be changed.
27
+ - A command that was intended to write a file but did not confirm the file exists.
28
+
29
+ Example:
30
+
31
+ - `scripts/audit-gse.mjs` exists: result.
32
+ - `.gse/project-profile.md` was written in a temp fixture: result.
33
+
34
+ ## Gate 2: Verified
35
+
36
+ `verified` means the result was checked against acceptance criteria with evidence appropriate to the risk.
37
+
38
+ Enough evidence:
39
+
40
+ - Focused test, smoke, structure check, build, typecheck, lint, browser check, API check, or manual inspection directly covers the acceptance criteria.
41
+ - The command output or inspected artifact proves the expected behavior.
42
+ - Known residual risk is recorded.
43
+
44
+ Not enough for `verified`:
45
+
46
+ - The file exists but was not inspected.
47
+ - A broad test passed but does not cover the changed behavior.
48
+ - A command ran without checking the relevant output.
49
+ - A tool is merely configured or documented but not run.
50
+ - The agent says it looks right without evidence.
51
+
52
+ Example:
53
+
54
+ - `audit-gse.mjs` reports `GSE-C04` as `strong (2/2, score 1)` after adding `router.md`: verified for the router structural criterion.
55
+ - A project profile lists Playwright as `documented` because config exists: not verified tool availability.
56
+
57
+ ## Gate 3: Accepted
58
+
59
+ `accepted` means the verified result has been accepted by the required authority.
60
+
61
+ Enough evidence:
62
+
63
+ - The user explicitly accepts the result.
64
+ - A required reviewer or gate approves it.
65
+ - A release, archive, or project process marks it accepted.
66
+ - A pre-defined acceptance policy says verified evidence is sufficient for this task level.
67
+
68
+ Not enough for `accepted`:
69
+
70
+ - The agent is satisfied.
71
+ - The result passed a local smoke but no acceptance policy says that is enough.
72
+ - The user has not reviewed a user-facing, policy, release, or irreversible change when review is required.
73
+
74
+ Example:
75
+
76
+ - A focused smoke passes for an internal script: can be accepted by policy if the task is Lite or Standard and no human approval is required.
77
+ - A release plan or public workflow change usually needs explicit human acceptance or release-gate acceptance.
78
+
79
+ ## Required Evidence Record
80
+
81
+ Every non-trivial GSE slice should record:
82
+
83
+ ```text
84
+ Outcome:
85
+ Scope:
86
+ Acceptance:
87
+ Result evidence:
88
+ Verification evidence:
89
+ Accepted by:
90
+ Residual risk:
91
+ Next action:
92
+ ```
93
+
94
+ Use `accepted by: policy` only when the applicable policy is named, such as `Lite focused smoke policy`.
95
+
96
+ For project-local GSE updates, scaffold changes, host adapter changes, and release-readiness work, use `assets/templates/update-release-acceptance-record.md` so local decisions preserved, changed files, rollback notes, owner gate, accepted-by status, residual risks, and next action are not lost.
97
+
98
+ ## Status Rules
99
+
100
+ - `planned`: desired but no result yet.
101
+ - `result`: artifact/change exists but has not been verified.
102
+ - `verified`: acceptance criteria are directly covered by evidence.
103
+ - `accepted`: verified result has user, reviewer, release, archive, or policy acceptance.
104
+ - `blocked`: meaningful progress cannot continue and the blocker satisfies the project's blocked rule.
105
+
106
+ ## Tool Status Is Separate
107
+
108
+ Do not confuse evidence gates with tool availability status.
109
+
110
+ - `documented`: a file says a tool or command exists.
111
+ - `verified`: the tool or command was actually run or checked.
112
+ - `unknown`: no trustworthy evidence yet.
113
+ - `unavailable`: expected tool is missing or failing.
114
+
115
+ These tool statuses can support the evidence taxonomy, but they do not replace result/verified/accepted gates.
116
+
117
+ ## Common Mistakes
118
+
119
+ - Treating generated files as verified behavior.
120
+ - Treating config presence as a working tool.
121
+ - Treating a broad green test as evidence for a narrow change without coverage proof.
122
+ - Treating an internal smoke as user acceptance for visible product behavior.
123
+ - Updating goal status to complete when the evidence only proves one slice.
@@ -0,0 +1,107 @@
1
+ # File Ownership And Dirty Worktree
2
+
3
+ Use this when GSE work touches files in a dirty worktree, uses real subagents, simulates roles sequentially, or coordinates multiple agents, branches, worktrees, or review loops.
4
+
5
+ ## Core Rule
6
+
7
+ Protect user work first. Then protect agent work from other agent work.
8
+
9
+ A file is not safe to edit just because it is in scope. First inspect whether it already has unrelated changes, generated output, local-only edits, or another active owner.
10
+
11
+ ## Ownership Levels
12
+
13
+ | Level | Use when | Required action |
14
+ |---|---|---|
15
+ | Observe | Read-only location, review, QA, code search | Do not write. Report files inspected if useful. |
16
+ | Soft claim | One agent edits a small bounded slice | State intended files before editing and keep diff scoped. |
17
+ | Explicit claim | Multi-agent work, broad refactor, dirty worktree, shared files | Record owner, allowed files, forbidden files, and release condition. |
18
+ | Isolated worktree | Parallel implementation, risky experiment, long-running branch | Use a separate branch/worktree when the project supports git. |
19
+
20
+ Level 1 and 2 tasks should not require formal lock files. Escalate only when collision risk is real.
21
+
22
+ ## Dirty Worktree Policy
23
+
24
+ Before editing implementation or shared docs:
25
+
26
+ 1. Check project status with the safest available command, usually `git status --short` when the directory is a git repo.
27
+ 2. If the directory is not a git repo, state that git ownership evidence is unavailable and rely on file scope plus timestamps/diff if available.
28
+ 3. Identify files already modified before your work.
29
+ 4. Treat pre-existing changes as user or another agent changes unless evidence proves otherwise.
30
+ 5. Do not revert, overwrite, format, move, or delete unrelated changes.
31
+ 6. If the target file is already dirty, inspect it and merge around existing changes. Ask only if the existing change makes the requested edit ambiguous or unsafe.
32
+ 7. After editing, verify the final changed-file set matches the slice.
33
+
34
+ ## Claim Format
35
+
36
+ Use this lightweight claim in dispatch packets, slice notes, or comments when explicit ownership is needed:
37
+
38
+ For delegated or role-separated work, prefer `assets/templates/dispatch-packet.md` so the claim also includes objective, context, expected output, verification, and stop conditions.
39
+
40
+ ```text
41
+ Owner:
42
+ Purpose:
43
+ Allowed files:
44
+ Forbidden files:
45
+ Expected edits:
46
+ Verification:
47
+ Release condition:
48
+ ```
49
+
50
+ Claims should be short and local to the task. Do not create permanent process artifacts for one-off edits unless the project already requires them.
51
+
52
+ ## Subagent And Role Rules
53
+
54
+ When real subagent tools exist:
55
+
56
+ - Give each subagent a role, objective, allowed files, forbidden files, and expected output.
57
+ - Prefer read-only locator/reviewer/QA roles for broad exploration.
58
+ - Do not dispatch parallel builders to the same files or tightly coupled modules.
59
+ - Require implementers to report files changed and verification run.
60
+ - Run spec review before code-quality review when both exist.
61
+ - Coordinator owns final integration and evidence.
62
+
63
+ When no real subagent tool exists:
64
+
65
+ - Execute roles sequentially in the main session.
66
+ - Say that no real subagent dispatch occurred if the distinction matters.
67
+ - Keep the same ownership boundaries: locator is read-only, builder writes assigned files, reviewer is read-only, QA writes evidence only.
68
+ - Do not fake parallelism, independent review, or subagent status.
69
+
70
+ ## Shared File Rules
71
+
72
+ Shared files include routing docs, config, package manifests, migration files, generated clients, lockfiles, schemas, shared types, and design-system primitives.
73
+
74
+ For shared files:
75
+
76
+ - Read surrounding patterns before editing.
77
+ - Avoid formatting churn.
78
+ - Keep behavior and formatting changes separate when feasible.
79
+ - Check for generated-file policy before editing generated outputs.
80
+ - If multiple slices need the same shared file, serialize edits through the coordinator.
81
+
82
+ ## Ownership Conflicts
83
+
84
+ If two tasks need the same file:
85
+
86
+ 1. Prefer sequencing over parallel edits.
87
+ 2. If both are small and related, merge into one slice.
88
+ 3. If they are independent but touch the same file, split by branch/worktree or pick one owner.
89
+ 4. If an unexpected dirty change appears, stop destructive actions, inspect the diff, and continue only if the merge path is clear.
90
+ 5. Record unresolved conflict as a risk or blocker, not as completed work.
91
+
92
+ ## Verification Checklist
93
+
94
+ Before claiming completion:
95
+
96
+ - Intended files are the only files changed, or every extra file is explained.
97
+ - Pre-existing dirty files were not reverted or overwritten.
98
+ - Generated/test/output artifacts are excluded unless the project requires them.
99
+ - Subagent work, if any, has role, allowed files, and verification evidence.
100
+ - The evidence record names focused validation and residual risk.
101
+
102
+ ## Project Integration
103
+
104
+ - `references/agent-roles.md` defines role responsibilities.
105
+ - `references/operating-model.md` defines when ownership is checked in the execute loop.
106
+ - `references/quality-gates.md` requires dirty-worktree evidence before completion.
107
+ - `.gse/project-profile.md` should record project-specific branching, generated-file, and lockfile rules.
@@ -0,0 +1,84 @@
1
+ # Final Readiness Matrix
2
+
3
+ Use this when deciding whether GSE can be called open-source-ready, installable, and cross-host usable.
4
+
5
+ This matrix is a claim boundary. It separates local verified capability from owner-required or external evidence. Do not collapse these states into a single "done" label.
6
+
7
+ ## Status Vocabulary
8
+
9
+ - `verified`: GSE has current local evidence from scripts, records, or package/install audits.
10
+ - `owner-required`: the owner must make or approve a decision before the claim can become accepted.
11
+ - `external-required`: a marketplace, public registry, host runtime, security contact, CI, or other external system must provide evidence.
12
+ - `not-claimed`: GSE deliberately does not claim this capability.
13
+
14
+ ## Readiness Areas
15
+
16
+ The table below describes the baseline/status source for each row. The current truth is computed by `scripts/audit-final-readiness.mjs`; record-driven rows can promote from `owner-required` or `external-required` to `verified` only after accepted evidence records exist.
17
+
18
+ | Area | Accepted claim requires | Status source / baseline |
19
+ |---|---|---|
20
+ | Skill structure | `SKILL.md`, references, scripts, assets, metadata, and validator pass | verified |
21
+ | Project scaffold | `init-project`, project doctor, state, goal map, evidence index, close gate | verified |
22
+ | Local install | package, install, installed-copy validation, package CLI entrypoint, and installed short CLI status command | verified |
23
+ | npm tarball install | real local npm tarball creation, install into a clean consumer project, installed `gse` bin execution, and installed README audit | verified |
24
+ | npm publish dry-run | npm publish dry-run keeps package identity, CLI bin metadata, required runtime files, and integrity fields without harmful metadata auto-correction | verified |
25
+ | URL install | remote URL install, installed-copy validation, URL-installed short CLI status command, manifest integrity, and tamper rejection | verified |
26
+ | Signing | package signing, verification, signed install, and tamper rejection | verified |
27
+ | Open-source collaboration | README, contributing, security, support, changelog, public release metadata | verified |
28
+ | CI workflow template | public repository workflow file plus local CI-readiness audit | verified |
29
+ | Public CI run record | pending and accepted public CI run record mechanics | verified |
30
+ | Public collaboration templates | issue and PR templates that require outcome, scope, evidence, risk, and claim boundaries | verified |
31
+ | Public repository settings record | pending, verified, and accepted repository settings record mechanics | verified |
32
+ | Public CI run | real public CI run URL or status-check evidence | record-driven external gate |
33
+ | Public repository settings | real repository URL, issue/PR settings, branch protection, required checks, and maintainer acceptance | record-driven external gate |
34
+ | License decision | owner-selected license or explicit not-public decision | record-driven owner gate |
35
+ | Public security contact record | pending and accepted public security contact record mechanics | verified |
36
+ | Public security contact | owner-approved vulnerability disclosure path | record-driven owner gate |
37
+ | Public channel publication record | pending, registry publication, and marketplace approval record mechanics | verified |
38
+ | Public registry publication | real public package or registry publication evidence | record-driven external gate |
39
+ | Marketplace approval | real marketplace/catalog approval or publication evidence | record-driven external gate |
40
+ | Portable command execution | `run-gse-command.mjs` command semantics audit | verified |
41
+ | Host adapters | generated adapter files and compatibility matrix audit | verified |
42
+ | Native slash command | verified host invocation record with native slash support | record-driven external gate |
43
+ | Other host runtime invocation | verified invocation records per host | record-driven external gate |
44
+
45
+ Do not read the baseline column as live status. For example, once the owner-selected license record is accepted, the audit reports `License decision` as `verified` even though the row remains an owner-gated claim type.
46
+
47
+ ## Audit Command
48
+
49
+ ```text
50
+ node <gse-skill>/scripts/audit-final-readiness.mjs --root <gse-skill>
51
+ ```
52
+
53
+ The audit must report external and owner gates as incomplete unless corresponding records exist. It is valid for the audit to pass while still reporting `owner-required` or `external-required`; passing means the matrix is honest and complete, not that every external gate is satisfied.
54
+
55
+ Accepted owner/external records promote final rows only when the record contains accepted evidence and the relevant boundary proof. For example, a public CI row requires an accepted public CI run record with a successful conclusion and required-check proof; a registry row requires accepted publication evidence with registry proof; native slash command support requires a host invocation record that proves native slash-command support.
56
+
57
+ Use the promotion audit to verify that this path still works:
58
+
59
+ ```text
60
+ node <gse-skill>/scripts/audit-final-readiness-promotion.mjs --root <gse-skill>
61
+ ```
62
+
63
+ ## Acceptance Packet
64
+
65
+ When owner-required or external-required rows remain, generate a handoff packet instead of burying follow-up work in prose:
66
+
67
+ ```text
68
+ node <gse-skill>/scripts/generate-final-acceptance-packet.mjs --root <gse-skill> --out <gse-skill>/.gse/acceptance/final-acceptance-packet.md --force
69
+ ```
70
+
71
+ The packet lists the verified local capabilities, every pending owner/external gate, the exact next evidence action, and the anti-overclaim rules. It is a continuation artifact, not acceptance by itself.
72
+
73
+ ## Completion Boundary
74
+
75
+ GSE can be described as locally verified and release-ready for handoff when the matrix passes and the verified rows have evidence.
76
+
77
+ GSE can be described as publicly accepted only after:
78
+
79
+ - owner-selected license or explicit not-public decision is recorded,
80
+ - public security contact policy is approved when public release is intended,
81
+ - public repository settings evidence exists when a public source repository is claimed,
82
+ - public CI run evidence exists when public CI is claimed,
83
+ - registry or marketplace publication evidence exists when those channels are claimed,
84
+ - native slash-command support is recorded per host before it is claimed.
@@ -0,0 +1,133 @@
1
+ # Forward Test Protocol
2
+
3
+ Use this when changing GSE itself, changing reusable project scaffolds, or changing workflow rules that future agents must follow.
4
+
5
+ Forward testing asks: can a future agent, fresh session, or fixture project use this change without relying on the author's memory?
6
+
7
+ ## Test Levels
8
+
9
+ | Level | Meaning | Evidence gate | Use when |
10
+ |---|---|---|---|
11
+ | Structural smoke | Files, routing, audit criteria, and key text exist | verified for structure | Small reference/template/script changes |
12
+ | Fixture forward test | A temp project or example repo uses the GSE path end to end | verified for workflow behavior | Bootstrap/profile/templates/adapters change |
13
+ | Fresh-session forward test | A separate agent/session follows GSE with minimal context | accepted candidate | Non-trivial skill behavior, routing, multi-agent, release, recovery, or public-facing workflow changes |
14
+
15
+ Do not call structural smoke a true forward-test acceptance. It proves the artifact is wired; it does not prove future-agent usability.
16
+
17
+ ## When Required
18
+
19
+ Forward testing is required for:
20
+
21
+ - New or changed scripts under `scripts/` that future projects will run.
22
+ - Project scaffold changes under `scripts/init-project.mjs` or `assets/templates/` that affect downstream projects.
23
+ - Router, quality gate, evidence, role, ownership, host adapter, release, recovery, or packaging rules.
24
+ - Any change that claims a GSE capability is accepted rather than merely present or structurally verified.
25
+
26
+ Forward testing is optional for:
27
+
28
+ - Narrow wording edits that do not change behavior.
29
+ - Evidence log updates.
30
+ - Internal goal-map/current-slice status updates.
31
+ - Small typo fixes in already tested references.
32
+
33
+ Forward testing is unnecessary for:
34
+
35
+ - Purely transient notes.
36
+ - Local-only command output not used as reusable workflow evidence.
37
+ - Work explicitly marked as draft or design judgment.
38
+
39
+ ## Core Scenarios
40
+
41
+ Pick the smallest scenario that covers the changed behavior.
42
+
43
+ ### Fresh Project Bootstrap
44
+
45
+ Use when bootstrap, templates, project profile, quality gates, or scaffold layout changes.
46
+
47
+ Smoke:
48
+
49
+ 1. Create a temp project directory.
50
+ 2. Run `node <gse>/scripts/init-project.mjs --target <temp> --mode lite|standard|enterprise` as appropriate.
51
+ 3. Verify expected `.gse/` files exist.
52
+ 4. Verify rerun safety without `--force` when relevant.
53
+ 5. Record generated-file and cleanup policy.
54
+
55
+ ### Existing Repo Adoption
56
+
57
+ Use when project-profile, discovery, dirty-worktree, tool adapters, or quality gates change.
58
+
59
+ Smoke:
60
+
61
+ 1. Use a fixture or temp repo with representative files such as `package.json`, `AGENTS.md`, CI config, browser config, and `.env.example`.
62
+ 2. Run discovery or manual project-profile steps.
63
+ 3. Verify tool statuses stay `documented`, `verified`, `unknown`, or `unavailable` without inventing support.
64
+ 4. Verify dirty or pre-existing files are not overwritten.
65
+
66
+ ### Host Adapter Usage
67
+
68
+ Use when `.codex/`, `.claude/`, `.agents/`, Hermes/AION-style runtime, WorkBuddy, MCP, hook, skill, or plugin adapter rules change.
69
+
70
+ Smoke:
71
+
72
+ 1. Create or inspect a host adapter note using `assets/templates/host-adapter.md`.
73
+ 2. Confirm it points back to `.gse/` as source of truth.
74
+ 3. Mark host-specific capabilities with tool status evidence.
75
+ 4. Confirm no unsupported subagent, MCP, hook, or browser capability is claimed as verified.
76
+
77
+ ### Subagent Or Role Fallback
78
+
79
+ Use when agent roles, dispatch packets, ownership, review, or multi-agent rules change.
80
+
81
+ Smoke:
82
+
83
+ 1. Fill `assets/templates/dispatch-packet.md` for one locator, builder, reviewer, QA, or docs role.
84
+ 2. Include role, objective, required context, allowed files, forbidden files, expected output, verification, and stop conditions.
85
+ 3. State whether execution is real-subagent, sequential-role, or handoff-session.
86
+ 4. Verify fallback says no real delegation occurred when subagent tools are unavailable.
87
+ 5. Verify final evidence distinguishes result, verified, and accepted.
88
+
89
+ ## Evidence Requirements
90
+
91
+ Every forward-test record should include:
92
+
93
+ ```text
94
+ Forward-test level:
95
+ Scenario:
96
+ Changed behavior:
97
+ Commands or inspection:
98
+ Result evidence:
99
+ Verification evidence:
100
+ Accepted by:
101
+ Residual risk:
102
+ Next action:
103
+ ```
104
+
105
+ Use `accepted by: policy` only when the applicable policy is named. Use `accepted by: fresh-session` only when a separate agent/session actually ran the path.
106
+
107
+ Use `assets/templates/acceptance-execution-packet.md` when a fresh-session or owner-approved project write needs an explicit execution boundary before acceptance can be claimed.
108
+
109
+ ## Acceptance Rules
110
+
111
+ - Structural smoke can make a slice `verified` for file/routing coverage.
112
+ - Fixture forward test can make a workflow `verified` for the tested scenario.
113
+ - Fresh-session forward test can support `accepted` when the fresh agent completes the intended path with only the documented GSE inputs.
114
+ - If only structural smoke ran, record the remaining need for fixture or fresh-session testing as residual risk.
115
+ - If a host tool is unavailable, the fallback path can be verified, but the unavailable tool capability is not verified.
116
+
117
+ ## Failure Handling
118
+
119
+ If a forward test fails:
120
+
121
+ 1. Record the exact missing context, broken route, command failure, or ambiguity.
122
+ 2. Fix the smallest reusable artifact: script, template, reference, router, or gate.
123
+ 3. Re-run the same scenario.
124
+ 4. Add a learning entry only when the failure is reusable beyond the current slice.
125
+
126
+ ## Integration Points
127
+
128
+ - `references/evidence-taxonomy.md` decides result, verified, and accepted status.
129
+ - `references/benchmark-audit.md` decides when a GSE change needs forward-test coverage.
130
+ - `references/quality-gates.md` applies forward-test requirements before completion.
131
+ - `scripts/audit-project.mjs` verifies bootstrap scaffold generation and rerun safety in temporary project directories.
132
+ - `scripts/audit-fixtures.mjs` provides a lightweight fixture audit for project-profile discovery and host-adapter/drift scenarios.
133
+ - `.gse/evidence/YYYY-MM-DD.md` records scenario, commands, results, residual risk, and next action.
@@ -0,0 +1,36 @@
1
+ # Goal Map
2
+
3
+ Goal maps keep long-running agent work from drifting.
4
+
5
+ ## Minimal Goal Node
6
+
7
+ ```yaml
8
+ id: short-id
9
+ title: Human-readable goal
10
+ outcome: User or business outcome
11
+ status: planned | in_progress | verified | accepted | blocked
12
+ priority: P0 | P1 | P2 | P3
13
+ dependencies: []
14
+ acceptance: []
15
+ evidence: []
16
+ risks: []
17
+ next_slice: Short next action
18
+ last_updated: YYYY-MM-DD
19
+ ```
20
+
21
+ ## Update Rules
22
+
23
+ - Keep the goal map short enough to guide the next session.
24
+ - Put long logs under `.gse/evidence/` or project-specific evidence logs.
25
+ - Update status only when evidence supports the change.
26
+ - Show the next three slices for large projects.
27
+
28
+ ## Drift Checks
29
+
30
+ Run a goal-map review when:
31
+
32
+ - The same topic repeats without progress.
33
+ - A module is marked done but lacks evidence.
34
+ - The project has many commits but no visible product progress.
35
+ - Agent sessions keep rediscovering the same context.
36
+