@t275005746/gse 0.1.1 → 0.1.2
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/.gse/state.json +147 -26
- package/CHANGELOG.md +19 -3
- package/README.md +13 -6
- package/README.zh-CN.md +13 -6
- package/SKILL.md +32 -12
- package/assets/templates/dispatch-packet.md +22 -14
- package/assets/templates/evidence.md +11 -5
- package/assets/templates/role-fallback-packet.md +49 -0
- package/package.json +18 -10
- package/references/agent-roles.md +41 -20
- package/references/commands.md +74 -45
- package/references/drift-audit.md +2 -1
- package/references/evidence-taxonomy.md +46 -9
- package/references/file-ownership.md +17 -13
- package/references/final-form-roadmap.md +201 -0
- package/references/final-readiness.md +3 -3
- package/references/host-adapters.md +38 -10
- package/references/learning-system.md +24 -8
- package/references/maintenance-cadence.md +51 -0
- package/references/project-guards.md +52 -0
- package/references/quality-gates.md +18 -11
- package/references/role-dispatch-fallback.md +54 -0
- package/references/tool-adapters.md +13 -3
- package/scripts/audit-close-gate-hardening.mjs +188 -0
- package/scripts/audit-close-gate.mjs +219 -33
- package/scripts/audit-command-execution.mjs +30 -17
- package/scripts/audit-commands.mjs +7 -5
- package/scripts/audit-completion-plan-drill.mjs +230 -0
- package/scripts/audit-completion-readiness.mjs +9 -6
- package/scripts/audit-continue-preflight.mjs +234 -0
- package/scripts/audit-evidence-levels.mjs +217 -0
- package/scripts/audit-evidence-review-queue.mjs +206 -0
- package/scripts/audit-final-acceptance-packet.mjs +9 -9
- package/scripts/audit-final-form-progress-report.mjs +19 -18
- package/scripts/audit-final-form-roadmap.mjs +157 -0
- package/scripts/audit-final-form-stale-copy.mjs +2 -2
- package/scripts/audit-final-readiness.mjs +3 -3
- package/scripts/audit-fresh-session-readiness.mjs +1 -1
- package/scripts/audit-host-capabilities.mjs +237 -0
- package/scripts/audit-installed-sync.mjs +203 -0
- package/scripts/audit-learning-drift.mjs +292 -0
- package/scripts/audit-learning-promotion.mjs +351 -0
- package/scripts/audit-learning-system.mjs +24 -14
- package/scripts/audit-local-final-form-completion.mjs +11 -10
- package/scripts/audit-maintenance-cadence.mjs +139 -0
- package/scripts/audit-maintenance-snapshot.mjs +181 -0
- package/scripts/audit-npm-package-metadata.mjs +8 -2
- package/scripts/audit-npm-publish-dry-run.mjs +10 -4
- package/scripts/audit-npm-tarball-install.mjs +9 -3
- package/scripts/audit-owner-external-gate-kit.mjs +12 -11
- package/scripts/audit-project-guards.mjs +189 -0
- package/scripts/audit-project.mjs +14 -11
- package/scripts/audit-public-acceptance-handoff.mjs +10 -10
- package/scripts/audit-public-acceptance-readiness.mjs +6 -6
- package/scripts/audit-public-release-checklist.mjs +17 -15
- package/scripts/audit-release-bundle.mjs +13 -11
- package/scripts/audit-release-owner-action-plan-drill.mjs +5 -4
- package/scripts/audit-release-owner-action-plan.mjs +10 -10
- package/scripts/audit-release-status-manifest.mjs +4 -4
- package/scripts/audit-roadmap-consistency.mjs +11 -7
- package/scripts/audit-role-dispatch-fallback.mjs +212 -0
- package/scripts/audit-session-sync.mjs +127 -0
- package/scripts/audit-state-freshness.mjs +6 -5
- package/scripts/audit-state-repair.mjs +360 -0
- package/scripts/audit-target-hardening-drills.mjs +267 -0
- package/scripts/audit-tool-fallback-policy.mjs +180 -0
- package/scripts/audit-ui-browser-evidence-policy.mjs +191 -0
- package/scripts/audit-validation-profiles.mjs +6 -4
- package/scripts/backfill-evidence-levels.mjs +98 -0
- package/scripts/check-encoding.mjs +72 -0
- package/scripts/generate-continue-packet.mjs +1214 -0
- package/scripts/generate-final-acceptance-packet.mjs +23 -8
- package/scripts/generate-final-form-progress-report.mjs +25 -23
- package/scripts/generate-host-runtime-evidence-handoff.mjs +23 -16
- package/scripts/generate-maintenance-snapshot.mjs +216 -0
- package/scripts/generate-public-acceptance-handoff.mjs +26 -14
- package/scripts/generate-release-owner-action-plan.mjs +4 -3
- package/scripts/generate-release-status-manifest.mjs +4 -3
- package/scripts/init-project.mjs +144 -63
- package/scripts/record-learning.mjs +37 -8
- package/scripts/record-session-sync.mjs +87 -0
- package/scripts/run-gse-command.mjs +79 -47
- package/scripts/run-validation-profile.mjs +24 -5
- package/scripts/validate-gse.mjs +216 -0
|
@@ -0,0 +1,157 @@
|
|
|
1
|
+
#!/usr/bin/env node
|
|
2
|
+
import fs from 'node:fs'
|
|
3
|
+
import path from 'node:path'
|
|
4
|
+
|
|
5
|
+
const args = process.argv.slice(2)
|
|
6
|
+
|
|
7
|
+
function readArg(name, fallback = null) {
|
|
8
|
+
const index = args.indexOf(name)
|
|
9
|
+
if (index === -1) return fallback
|
|
10
|
+
return args[index + 1] ?? fallback
|
|
11
|
+
}
|
|
12
|
+
|
|
13
|
+
const root = path.resolve(readArg('--root', path.join(import.meta.dirname, '..')))
|
|
14
|
+
const jsonOnly = args.includes('--json')
|
|
15
|
+
|
|
16
|
+
function read(relativePath) {
|
|
17
|
+
const fullPath = path.join(root, relativePath)
|
|
18
|
+
return fs.existsSync(fullPath) ? fs.readFileSync(fullPath, 'utf8').replace(/^\uFEFF/, '') : ''
|
|
19
|
+
}
|
|
20
|
+
|
|
21
|
+
function exists(relativePath) {
|
|
22
|
+
return fs.existsSync(path.join(root, relativePath))
|
|
23
|
+
}
|
|
24
|
+
|
|
25
|
+
function check(id, label, ok, evidence, risk = '') {
|
|
26
|
+
return { id, label, status: ok ? 'passed' : 'failed', evidence, risk }
|
|
27
|
+
}
|
|
28
|
+
|
|
29
|
+
const roadmap = read('references/final-form-roadmap.md')
|
|
30
|
+
const masterPlan = read('.gse/gse-design-master-plan.md')
|
|
31
|
+
const goalMap = read('.gse/goal-map.md')
|
|
32
|
+
const currentSlice = read('.gse/current-slice.md')
|
|
33
|
+
const stateRaw = read('.gse/state.json')
|
|
34
|
+
const evidenceIndexRaw = read('.gse/evidence/index.jsonl')
|
|
35
|
+
const skill = read('SKILL.md')
|
|
36
|
+
|
|
37
|
+
let state = null
|
|
38
|
+
try {
|
|
39
|
+
state = JSON.parse(stateRaw)
|
|
40
|
+
} catch {
|
|
41
|
+
state = null
|
|
42
|
+
}
|
|
43
|
+
|
|
44
|
+
let evidenceRecords = []
|
|
45
|
+
try {
|
|
46
|
+
evidenceRecords = evidenceIndexRaw
|
|
47
|
+
.split(/\r?\n/)
|
|
48
|
+
.map((line) => line.trim())
|
|
49
|
+
.filter(Boolean)
|
|
50
|
+
.map((line) => JSON.parse(line))
|
|
51
|
+
} catch {
|
|
52
|
+
evidenceRecords = []
|
|
53
|
+
}
|
|
54
|
+
|
|
55
|
+
const latestEvidence = evidenceRecords.at(-1)
|
|
56
|
+
const stateHasCurrentEvidence =
|
|
57
|
+
state?.phase === 'final-form' &&
|
|
58
|
+
typeof state?.currentSlice?.id === 'string' &&
|
|
59
|
+
state.currentSlice.id.startsWith('GSE-') &&
|
|
60
|
+
typeof state?.currentSlice?.nextAction === 'string' &&
|
|
61
|
+
typeof state?.lastEvidence === 'string' &&
|
|
62
|
+
state.lastEvidence.startsWith('.gse/evidence/') &&
|
|
63
|
+
exists(state.lastEvidence) &&
|
|
64
|
+
latestEvidence?.evidenceFile === state.lastEvidence &&
|
|
65
|
+
latestEvidence?.nextAction === state.currentSlice.nextAction
|
|
66
|
+
|
|
67
|
+
const priorities = Array.from({ length: 11 }, (_, index) => `P${index}`)
|
|
68
|
+
const roadmapHasPriorities = priorities.every((item) => roadmap.includes(`| ${item} |`))
|
|
69
|
+
const requiredTerms = [
|
|
70
|
+
'/gse continue',
|
|
71
|
+
'Completion Definition',
|
|
72
|
+
'Short entry takeover',
|
|
73
|
+
'State system',
|
|
74
|
+
'Evidence gate',
|
|
75
|
+
'Spec and change lifecycle',
|
|
76
|
+
'Roles and subagents',
|
|
77
|
+
'Learning automation',
|
|
78
|
+
'Final Form Execution Plan',
|
|
79
|
+
'Current Final-Form Gap List',
|
|
80
|
+
'Goal Mode Operating Contract',
|
|
81
|
+
'Claim Boundary',
|
|
82
|
+
]
|
|
83
|
+
|
|
84
|
+
const executionWaveTerms = [
|
|
85
|
+
'Wave 1 - Short Entry And State Control',
|
|
86
|
+
'Wave 2 - Spec, Role, And Execution Discipline',
|
|
87
|
+
'Wave 3 - Learning To Guard Promotion',
|
|
88
|
+
'Wave 4 - Tool And Host Runtime Adapters',
|
|
89
|
+
'Wave 5 - Distribution, Public Trust, And Maintenance',
|
|
90
|
+
]
|
|
91
|
+
|
|
92
|
+
const checks = [
|
|
93
|
+
check('FFR01', 'final form roadmap exists', exists('references/final-form-roadmap.md'), 'references/final-form-roadmap.md'),
|
|
94
|
+
check('FFR02', 'roadmap covers P0 through P10', roadmapHasPriorities, priorities.join(', ')),
|
|
95
|
+
check('FFR03', 'roadmap contains required final-form concepts', requiredTerms.every((term) => roadmap.includes(term)), requiredTerms.join(', ')),
|
|
96
|
+
check('FFR04', 'master plan points to the final-form roadmap', masterPlan.includes('references/final-form-roadmap.md') && masterPlan.includes('Final Form Roadmap'), '.gse/gse-design-master-plan.md'),
|
|
97
|
+
check('FFR05', 'goal map has an active final-form roadmap contract node', goalMap.includes('GSE-109') && goalMap.includes('final-form roadmap contract') && goalMap.includes('references/final-form-roadmap.md'), '.gse/goal-map.md'),
|
|
98
|
+
check('FFR06', 'current slice continues from the final-form roadmap', currentSlice.includes('references/final-form-roadmap.md') && currentSlice.includes('final-form') && currentSlice.includes('Next Action'), '.gse/current-slice.md'),
|
|
99
|
+
check('FFR07', 'state points to a current final-form execution slice and current evidence', stateHasCurrentEvidence, '.gse/state.json + .gse/evidence/index.jsonl'),
|
|
100
|
+
check('FFR08', 'skill reference routing includes final-form roadmap', skill.includes('references/final-form-roadmap.md'), 'SKILL.md'),
|
|
101
|
+
check('FFR09', 'roadmap contains ordered final-form execution waves', executionWaveTerms.every((term) => roadmap.includes(term)), executionWaveTerms.join(', ')),
|
|
102
|
+
check('FFR10', 'roadmap separates current gaps from optional adapter claims', roadmap.includes('Current Final-Form Gap List') && roadmap.includes('host-native slash-command evidence is optional per host adapter') && roadmap.includes('no AION/MuseFlow-specific behavior is hardcoded'), 'references/final-form-roadmap.md'),
|
|
103
|
+
check(
|
|
104
|
+
'FFR11',
|
|
105
|
+
'roadmap preserves process-skill versus host-capability boundary',
|
|
106
|
+
roadmap.includes('OpenSpec-style and Superpowers-style workflows define requirements') &&
|
|
107
|
+
roadmap.includes('They do not provide native slash commands') &&
|
|
108
|
+
roadmap.includes('Process skills such as OpenSpec, Superpowers, Comet, and GSE provide workflow discipline') &&
|
|
109
|
+
roadmap.includes('they do not satisfy host-native slash-command, subagent, browser, MCP, LSP, CI, or host UI evidence rows'),
|
|
110
|
+
'references/final-form-roadmap.md',
|
|
111
|
+
),
|
|
112
|
+
]
|
|
113
|
+
|
|
114
|
+
const passed = checks.filter((item) => item.status === 'passed').length
|
|
115
|
+
const failed = checks.length - passed
|
|
116
|
+
const report = {
|
|
117
|
+
root,
|
|
118
|
+
generatedAt: new Date().toISOString(),
|
|
119
|
+
summary: { status: failed === 0 ? 'passed' : 'failed', passed, failed, total: checks.length },
|
|
120
|
+
workflows: { finalFormRoadmap: failed === 0 ? 'verified' : 'failed' },
|
|
121
|
+
limits: [
|
|
122
|
+
'This audit verifies the final-form roadmap contract and routing.',
|
|
123
|
+
'It does not prove every final-form capability is complete.',
|
|
124
|
+
],
|
|
125
|
+
checks,
|
|
126
|
+
}
|
|
127
|
+
|
|
128
|
+
function renderMarkdown(data) {
|
|
129
|
+
const lines = []
|
|
130
|
+
lines.push('# GSE Final Form Roadmap Audit')
|
|
131
|
+
lines.push('')
|
|
132
|
+
lines.push('Generated: ' + data.generatedAt)
|
|
133
|
+
lines.push('Root: ' + data.root)
|
|
134
|
+
lines.push('')
|
|
135
|
+
lines.push('## Summary')
|
|
136
|
+
lines.push('')
|
|
137
|
+
lines.push('- Status: ' + data.summary.status)
|
|
138
|
+
lines.push('- Checks: ' + data.summary.passed + '/' + data.summary.total)
|
|
139
|
+
lines.push('- Final form roadmap: ' + data.workflows.finalFormRoadmap)
|
|
140
|
+
lines.push('')
|
|
141
|
+
lines.push('## Checks')
|
|
142
|
+
lines.push('')
|
|
143
|
+
for (const item of data.checks) {
|
|
144
|
+
const marker = item.status === 'passed' ? '[x]' : '[ ]'
|
|
145
|
+
lines.push('- ' + marker + ' ' + item.id + ' ' + item.label + ': ' + item.evidence)
|
|
146
|
+
}
|
|
147
|
+
lines.push('')
|
|
148
|
+
lines.push('## Limits')
|
|
149
|
+
lines.push('')
|
|
150
|
+
for (const item of data.limits) lines.push('- ' + item)
|
|
151
|
+
return lines.join('\n') + '\n'
|
|
152
|
+
}
|
|
153
|
+
|
|
154
|
+
if (jsonOnly) console.log(JSON.stringify(report, null, 2))
|
|
155
|
+
else console.log(renderMarkdown(report))
|
|
156
|
+
|
|
157
|
+
if (failed > 0) process.exit(1)
|
|
@@ -145,7 +145,7 @@ const bundleReleaseStatus = jsonFile('.gse/release-bundles/gse-release-bundle-au
|
|
|
145
145
|
const bundleOwnerKit = jsonFile('.gse/release-bundles/gse-release-bundle-audit/owner-external-gate-kit/kit-manifest.json')
|
|
146
146
|
|
|
147
147
|
const artifactPendingSets = [
|
|
148
|
-
['final progress', (finalProgress?.
|
|
148
|
+
['final progress', (finalProgress?.pendingReleaseEvidence ?? []).map((gate) => gate.area).sort()],
|
|
149
149
|
['release status', (releaseStatus?.publicAcceptance?.pendingGates ?? []).map((gate) => gate.area).sort()],
|
|
150
150
|
['owner kit', (ownerKit?.gates ?? []).map((gate) => gate.area).sort()],
|
|
151
151
|
['bundle release status', (bundleReleaseStatus?.publicAcceptance?.pendingGates ?? []).map((gate) => gate.area).sort()],
|
|
@@ -159,7 +159,7 @@ const pathMatches = localPathMatches()
|
|
|
159
159
|
|
|
160
160
|
const checks = [
|
|
161
161
|
check('FFSC01', 'live final readiness resolves the MIT license decision', finalReadiness.status === 0 && licenseVerified && publicReleaseRecord.includes('License status: selected') && publicReleaseRecord.includes('SPDX identifier: MIT') && publicReleaseRecord.includes('Evidence status: accepted'), 'audit-final-readiness.mjs, .gse/releases/public-release-owner-required.md'),
|
|
162
|
-
check('FFSC02', 'live public acceptance pending gates are current non-license gates', publicAcceptance.status === 0 &&
|
|
162
|
+
check('FFSC02', 'live public acceptance pending gates are current non-license gates', publicAcceptance.status === 0 && sameList(pendingAreas, expectedPendingAreas) && !pendingAreas.includes('License decision') && (pendingAreas.length > 0 || publicAcceptanceData?.summary?.publicAccepted === 'verified'), pendingAreas.join(', ')),
|
|
163
163
|
check('FFSC03', 'current control and handoff docs do not describe resolved license decision as pending', matches.length === 0, matches.length ? matches.join('; ') : currentFiles.join(', ')),
|
|
164
164
|
check('FFSC04', 'canonical and bundled artifacts expose the same current pending gates', artifactPendingSets.every(([, areas]) => sameList(areas, expectedPendingAreas)), artifactPendingSets.map(([name, areas]) => `${name}: ${areas.join(', ')}`).join(' | ')),
|
|
165
165
|
check('FFSC05', 'public release record accepted license wording is not contradictory', publicReleaseRecord.includes('Owner license decision accepted') && !publicReleaseRecord.includes('Owner license decision and validation evidence required'), '.gse/releases/public-release-owner-required.md'),
|
|
@@ -144,14 +144,14 @@ const matrix = [
|
|
|
144
144
|
{ area: 'Marketplace approval', status: acceptedMarketplaceApprovalRecord ? 'verified' : 'external-required', evidence: acceptedMarketplaceApprovalRecord ? relative(acceptedMarketplaceApprovalRecord.filePath) : 'references/marketplace-discovery.md' },
|
|
145
145
|
{ area: 'Portable command execution', status: exists('scripts/audit-command-execution.mjs') && exists('scripts/run-gse-command.mjs') ? 'verified' : 'missing', evidence: 'run-gse-command and audit-command-execution' },
|
|
146
146
|
{ area: 'Host adapters', status: exists('scripts/generate-command-adapter.mjs') && exists('scripts/audit-command-adapters.mjs') ? 'verified' : 'missing', evidence: 'command adapter generator and audit' },
|
|
147
|
-
{ area: 'Native slash command', status: nativeHostRecords.length > 0 ? 'verified' : '
|
|
147
|
+
{ area: 'Native slash command', status: nativeHostRecords.length > 0 ? 'verified' : 'not-claimed', evidence: nativeHostRecords.length > 0 ? nativeHostRecords.map(relative).join(', ') : 'optional host-native adapter claim; GSE core uses portable command execution' },
|
|
148
148
|
{ area: 'Other host runtime invocation', status: otherHostRuntimeRecords.length > 0 ? 'verified' : 'external-required', evidence: otherHostRuntimeRecords.length > 0 ? otherHostRuntimeRecords.map(relative).join(', ') : `${closeableHostRecords.length} verified/accepted host record(s), ${portableHostRecords.length} portable text record(s)` },
|
|
149
149
|
]
|
|
150
150
|
|
|
151
151
|
const allowedStatuses = new Set(['verified', 'owner-required', 'external-required', 'not-claimed'])
|
|
152
152
|
const matrixStatusesHonest = matrix.every((item) => allowedStatuses.has(item.status))
|
|
153
153
|
const verifiedRowsHaveEvidence = matrix.filter((item) => item.status === 'verified').every((item) => item.evidence && item.evidence !== '0')
|
|
154
|
-
const publicAccepted = matrix.every((item) => item.status === 'verified')
|
|
154
|
+
const publicAccepted = matrix.every((item) => item.status === 'verified' || item.status === 'not-claimed')
|
|
155
155
|
const ownerAndExternalRowsRemainExplicit = publicAccepted || matrix.some((item) => item.status === 'owner-required' || item.status === 'external-required')
|
|
156
156
|
const finalReadinessUsesStatusSourceBoundary = finalReadiness.includes('Status source / baseline') &&
|
|
157
157
|
finalReadiness.includes('current truth is computed by `scripts/audit-final-readiness.mjs`') &&
|
|
@@ -184,7 +184,7 @@ const report = {
|
|
|
184
184
|
limits: [
|
|
185
185
|
'This audit verifies that GSE has an honest final-readiness matrix.',
|
|
186
186
|
'It may pass while owner-required or external-required rows remain incomplete.',
|
|
187
|
-
'It does not
|
|
187
|
+
'It does not prove native slash-command support; that remains a per-host optional adapter claim.',
|
|
188
188
|
],
|
|
189
189
|
checks,
|
|
190
190
|
}
|
|
@@ -97,7 +97,7 @@ const probePacket = probePacketLines.join('\n') + '\n'
|
|
|
97
97
|
const checks = [
|
|
98
98
|
check('FS01', 'required startup inputs exist', requiredInputs.every(exists), requiredInputs.join(', ')),
|
|
99
99
|
check('FS02', 'SKILL routes GSE changes through control and validation', skill.includes('references/router.md') && skill.includes('scripts/validate-gse.mjs') && skill.includes('references/forward-test.md'), 'SKILL.md'),
|
|
100
|
-
check('FS03', 'master plan preserves fresh-session boundary after owner acceptance', masterPlan.includes('owner-approved AION project-write acceptance is executed') && (masterPlan.includes('fresh-session acceptance remains optional future confidence evidence') || masterPlan.includes('Marketplace discovery, public key custody, and cross-host native command execution remain final-form work') || masterPlan.includes('Marketplace discovery and real host UI invocation remain final-form work') || masterPlan.includes('Public marketplace approval, public registry publication, other host runtime invocation records, and host-native slash-command execution remain final-form work') || masterPlan.includes('Remaining final-form work is host-native slash-command support with real host runtime evidence.')), '.gse/gse-design-master-plan.md'),
|
|
100
|
+
check('FS03', 'master plan preserves fresh-session boundary after owner acceptance', masterPlan.includes('owner-approved AION project-write acceptance is executed') && (masterPlan.includes('fresh-session acceptance remains optional future confidence evidence') || masterPlan.includes('Marketplace discovery, public key custody, and cross-host native command execution remain final-form work') || masterPlan.includes('Marketplace discovery and real host UI invocation remain final-form work') || masterPlan.includes('Public marketplace approval, public registry publication, other host runtime invocation records, and host-native slash-command execution remain final-form work') || masterPlan.includes('Remaining final-form work is host-native slash-command support with real host runtime evidence.') || masterPlan.includes('The Final Form Roadmap now lives in `references/final-form-roadmap.md`')), '.gse/gse-design-master-plan.md'),
|
|
101
101
|
check('FS04', 'goal map exposes active slice and next action without hidden history', goalMap.includes('- Active slice:') && goalMap.includes('- Next action:') && goalMap.includes('scripts/audit-fresh-session-readiness.mjs'), '.gse/goal-map.md'),
|
|
102
102
|
check('FS05', 'current slice has required GSE fields', Boolean(outcome && scope && acceptance && evidence && nextAction), 'Outcome, Scope, Acceptance, Evidence or Evidence Plan, Next Action'),
|
|
103
103
|
check('FS06', 'probe packet explicitly avoids false acceptance', probePacket.includes('Do not claim accepted unless a separate session actually ran the path or an explicit policy accepts it.'), 'generated probe packet'),
|
|
@@ -0,0 +1,237 @@
|
|
|
1
|
+
#!/usr/bin/env node
|
|
2
|
+
import fs from 'node:fs'
|
|
3
|
+
import os from 'node:os'
|
|
4
|
+
import path from 'node:path'
|
|
5
|
+
import { fileURLToPath } from 'node:url'
|
|
6
|
+
import { spawnSync } from 'node:child_process'
|
|
7
|
+
|
|
8
|
+
const args = process.argv.slice(2)
|
|
9
|
+
|
|
10
|
+
function readArg(name, fallback = null) {
|
|
11
|
+
const index = args.indexOf(name)
|
|
12
|
+
if (index === -1) return fallback
|
|
13
|
+
return args[index + 1] ?? fallback
|
|
14
|
+
}
|
|
15
|
+
|
|
16
|
+
const root = path.resolve(readArg('--root', path.join(import.meta.dirname, '..')))
|
|
17
|
+
const targetArg = readArg('--target')
|
|
18
|
+
const jsonOnly = args.includes('--json')
|
|
19
|
+
|
|
20
|
+
const requiredCapabilities = ['native-slash-command', 'browser', 'mcp', 'lsp', 'subagent', 'ci']
|
|
21
|
+
const allowedStatuses = new Set(['verified', 'documented', 'unknown', 'unavailable', 'external-required'])
|
|
22
|
+
|
|
23
|
+
function readText(filePath) {
|
|
24
|
+
return fs.existsSync(filePath) ? fs.readFileSync(filePath, 'utf8').replace(/^\uFEFF/, '') : ''
|
|
25
|
+
}
|
|
26
|
+
|
|
27
|
+
function parseCapabilityTable(text) {
|
|
28
|
+
const rows = []
|
|
29
|
+
for (const line of text.split(/\r?\n/)) {
|
|
30
|
+
const trimmed = line.trim()
|
|
31
|
+
if (!trimmed.startsWith('|')) continue
|
|
32
|
+
if (/^\|\s*-+/.test(trimmed)) continue
|
|
33
|
+
if (/^\|\s*Capability\s*\|/i.test(trimmed)) continue
|
|
34
|
+
const cells = trimmed
|
|
35
|
+
.slice(1, trimmed.endsWith('|') ? -1 : undefined)
|
|
36
|
+
.split('|')
|
|
37
|
+
.map((cell) => cell.trim())
|
|
38
|
+
if (cells.length < 6) continue
|
|
39
|
+
rows.push({
|
|
40
|
+
capability: cells[0].toLowerCase(),
|
|
41
|
+
hostOrTool: cells[1],
|
|
42
|
+
status: cells[2],
|
|
43
|
+
evidence: cells[3],
|
|
44
|
+
claimBoundary: cells[4],
|
|
45
|
+
lastChecked: cells[5],
|
|
46
|
+
})
|
|
47
|
+
}
|
|
48
|
+
return rows
|
|
49
|
+
}
|
|
50
|
+
|
|
51
|
+
function hasConcreteEvidence(value) {
|
|
52
|
+
const normalized = String(value || '').trim().toLowerCase()
|
|
53
|
+
return Boolean(normalized && !['-', 'n/a', 'none', 'unknown', 'tbd', 'todo'].includes(normalized))
|
|
54
|
+
}
|
|
55
|
+
|
|
56
|
+
export function readHostCapabilities(target) {
|
|
57
|
+
const filePath = path.join(target, '.gse', 'host-capabilities.md')
|
|
58
|
+
const exists = fs.existsSync(filePath)
|
|
59
|
+
const text = exists ? readText(filePath) : ''
|
|
60
|
+
const capabilities = parseCapabilityTable(text)
|
|
61
|
+
const byCapability = new Map(capabilities.map((item) => [item.capability, item]))
|
|
62
|
+
const missingRequired = requiredCapabilities.filter((capability) => !byCapability.has(capability))
|
|
63
|
+
const invalidStatus = capabilities.filter((item) => !allowedStatuses.has(item.status))
|
|
64
|
+
const missingEvidenceForVerified = capabilities.filter((item) => item.status === 'verified' && !hasConcreteEvidence(item.evidence))
|
|
65
|
+
const nativeSlash = byCapability.get('native-slash-command') ?? null
|
|
66
|
+
const nativeSlashOverclaim =
|
|
67
|
+
nativeSlash?.status === 'verified' &&
|
|
68
|
+
(
|
|
69
|
+
!/native/i.test(nativeSlash.evidence) ||
|
|
70
|
+
/portable|text-command|run-gse-command|generate-continue-packet/i.test(nativeSlash.evidence)
|
|
71
|
+
)
|
|
72
|
+
const documentedWithoutBoundary = capabilities.filter((item) =>
|
|
73
|
+
['documented', 'external-required'].includes(item.status) && !hasConcreteEvidence(item.claimBoundary),
|
|
74
|
+
)
|
|
75
|
+
const status = !exists
|
|
76
|
+
? 'warning'
|
|
77
|
+
: capabilities.length === 0 ||
|
|
78
|
+
missingRequired.length > 0 ||
|
|
79
|
+
invalidStatus.length > 0 ||
|
|
80
|
+
missingEvidenceForVerified.length > 0 ||
|
|
81
|
+
nativeSlashOverclaim ||
|
|
82
|
+
documentedWithoutBoundary.length > 0
|
|
83
|
+
? 'failed'
|
|
84
|
+
: 'passed'
|
|
85
|
+
return {
|
|
86
|
+
path: '.gse/host-capabilities.md',
|
|
87
|
+
exists,
|
|
88
|
+
status,
|
|
89
|
+
capabilities,
|
|
90
|
+
summary: {
|
|
91
|
+
requiredCapabilities,
|
|
92
|
+
total: capabilities.length,
|
|
93
|
+
verified: capabilities.filter((item) => item.status === 'verified').map((item) => item.capability),
|
|
94
|
+
documented: capabilities.filter((item) => item.status === 'documented').map((item) => item.capability),
|
|
95
|
+
unknown: capabilities.filter((item) => item.status === 'unknown').map((item) => item.capability),
|
|
96
|
+
unavailable: capabilities.filter((item) => item.status === 'unavailable').map((item) => item.capability),
|
|
97
|
+
externalRequired: capabilities.filter((item) => item.status === 'external-required').map((item) => item.capability),
|
|
98
|
+
missingRequired,
|
|
99
|
+
invalidStatus: invalidStatus.map((item) => item.capability),
|
|
100
|
+
missingEvidenceForVerified: missingEvidenceForVerified.map((item) => item.capability),
|
|
101
|
+
nativeSlashOverclaim: nativeSlashOverclaim ? ['native-slash-command'] : [],
|
|
102
|
+
documentedWithoutBoundary: documentedWithoutBoundary.map((item) => item.capability),
|
|
103
|
+
},
|
|
104
|
+
}
|
|
105
|
+
}
|
|
106
|
+
|
|
107
|
+
function run(script, commandArgs) {
|
|
108
|
+
const result = spawnSync(process.execPath, [path.join(root, 'scripts', script), ...commandArgs], {
|
|
109
|
+
cwd: root,
|
|
110
|
+
encoding: 'utf8',
|
|
111
|
+
windowsHide: true,
|
|
112
|
+
})
|
|
113
|
+
return {
|
|
114
|
+
command: [process.execPath, path.join(root, 'scripts', script), ...commandArgs].join(' '),
|
|
115
|
+
status: result.status ?? 1,
|
|
116
|
+
stdout: (result.stdout ?? '').trim(),
|
|
117
|
+
stderr: (result.stderr ?? '').trim(),
|
|
118
|
+
}
|
|
119
|
+
}
|
|
120
|
+
|
|
121
|
+
function check(id, label, ok, evidence, risk = '') {
|
|
122
|
+
return { id, label, status: ok ? 'passed' : 'failed', evidence, risk }
|
|
123
|
+
}
|
|
124
|
+
|
|
125
|
+
function createFixture(content) {
|
|
126
|
+
const dir = fs.mkdtempSync(path.join(os.tmpdir(), 'gse-host-capabilities-'))
|
|
127
|
+
const init = run('init-project.mjs', ['--target', dir, '--mode', 'enterprise', '--json'])
|
|
128
|
+
if (content) {
|
|
129
|
+
fs.writeFileSync(path.join(dir, '.gse', 'host-capabilities.md'), content.trimStart().replace(/\n/g, '\r\n'), 'utf8')
|
|
130
|
+
}
|
|
131
|
+
return { dir, init }
|
|
132
|
+
}
|
|
133
|
+
|
|
134
|
+
function audit(target) {
|
|
135
|
+
const resolvedTarget = path.resolve(target)
|
|
136
|
+
const hostCapabilities = readHostCapabilities(resolvedTarget)
|
|
137
|
+
const hostAdapters = readText(path.join(root, 'references', 'host-adapters.md'))
|
|
138
|
+
const toolAdapters = readText(path.join(root, 'references', 'tool-adapters.md'))
|
|
139
|
+
const qualityGates = readText(path.join(root, 'references', 'quality-gates.md'))
|
|
140
|
+
const initProject = readText(path.join(root, 'scripts', 'init-project.mjs'))
|
|
141
|
+
const continuePacket = readText(path.join(root, 'scripts', 'generate-continue-packet.mjs'))
|
|
142
|
+
const validationProfile = readText(path.join(root, 'scripts', 'run-validation-profile.mjs'))
|
|
143
|
+
const validator = readText(path.join(root, 'scripts', 'validate-gse.mjs'))
|
|
144
|
+
const checks = [
|
|
145
|
+
check('HC01', 'host capability record is present or reported as warning', hostCapabilities.exists || hostCapabilities.status === 'warning', hostCapabilities.exists ? hostCapabilities.path : 'missing host capability record warning'),
|
|
146
|
+
check('HC02', 'capability table covers required capability rows when present', !hostCapabilities.exists || hostCapabilities.summary.missingRequired.length === 0, hostCapabilities.summary.missingRequired.join(', ') || 'required capabilities present'),
|
|
147
|
+
check('HC03', 'capability statuses use allowed vocabulary', !hostCapabilities.exists || hostCapabilities.summary.invalidStatus.length === 0, hostCapabilities.summary.invalidStatus.join(', ') || Array.from(allowedStatuses).join(', ')),
|
|
148
|
+
check('HC04', 'verified capabilities include concrete evidence', !hostCapabilities.exists || hostCapabilities.summary.missingEvidenceForVerified.length === 0, hostCapabilities.summary.missingEvidenceForVerified.join(', ') || 'verified rows have evidence'),
|
|
149
|
+
check('HC05', 'native slash-command is not verified from portable command evidence', !hostCapabilities.exists || hostCapabilities.summary.nativeSlashOverclaim.length === 0, hostCapabilities.summary.nativeSlashOverclaim.join(', ') || 'native slash-command boundary preserved'),
|
|
150
|
+
check('HC06', 'documented and external-required rows include claim boundaries', !hostCapabilities.exists || hostCapabilities.summary.documentedWithoutBoundary.length === 0, hostCapabilities.summary.documentedWithoutBoundary.join(', ') || 'claim boundaries present'),
|
|
151
|
+
check('HC07', 'host/tool docs explain capability record and claim boundary', hostAdapters.includes('.gse/host-capabilities.md') && toolAdapters.includes('.gse/host-capabilities.md') && qualityGates.includes('host-capabilities'), 'references host/tool/quality docs'),
|
|
152
|
+
check('HC08', 'init-project scaffolds host capability records', initProject.includes('host-capabilities.md') && initProject.includes('native-slash-command') && initProject.includes('external-required'), 'scripts/init-project.mjs'),
|
|
153
|
+
check('HC09', 'continue packet surfaces host capability readiness', continuePacket.includes('readHostCapabilities') && continuePacket.includes('CP16') && continuePacket.includes('hostCapabilities'), 'scripts/generate-continue-packet.mjs'),
|
|
154
|
+
check('HC10', 'validation routes include host capability audit', validationProfile.includes('audit-host-capabilities.mjs') && validator.includes('audit-host-capabilities.mjs'), 'validation profile and validate-gse'),
|
|
155
|
+
]
|
|
156
|
+
const passed = checks.filter((item) => item.status === 'passed').length
|
|
157
|
+
const failed = checks.length - passed
|
|
158
|
+
return {
|
|
159
|
+
target: resolvedTarget,
|
|
160
|
+
generatedAt: new Date().toISOString(),
|
|
161
|
+
summary: { status: failed === 0 ? hostCapabilities.status : 'failed', passed, failed, total: checks.length },
|
|
162
|
+
workflows: {
|
|
163
|
+
hostCapabilityRecords: failed === 0 && hostCapabilities.status !== 'failed' ? 'verified' : 'failed',
|
|
164
|
+
nativeSlashCommandBoundary: failed === 0 ? 'verified' : 'failed',
|
|
165
|
+
},
|
|
166
|
+
hostCapabilities,
|
|
167
|
+
checks,
|
|
168
|
+
limits: [
|
|
169
|
+
'Host capability records prove local record/audit mechanics and recorded project facts.',
|
|
170
|
+
'They do not create native slash-command, browser, MCP, LSP, subagent, or CI capability.',
|
|
171
|
+
'Native slash-command support still requires real host runtime invocation evidence.',
|
|
172
|
+
],
|
|
173
|
+
}
|
|
174
|
+
}
|
|
175
|
+
|
|
176
|
+
function selfTestReport() {
|
|
177
|
+
const valid = createFixture()
|
|
178
|
+
const invalid = createFixture([
|
|
179
|
+
'# Host Capabilities',
|
|
180
|
+
'',
|
|
181
|
+
'| Capability | Host/Tool | Status | Evidence | Claim Boundary | Last Checked |',
|
|
182
|
+
'|---|---|---|---|---|---|',
|
|
183
|
+
'| native-slash-command | Codex | verified | portable run-gse-command smoke | Claims native slash support | 2026-07-09 |',
|
|
184
|
+
'| browser | Playwright | verified | - | Browser smoke available | 2026-07-09 |',
|
|
185
|
+
'| mcp | MCP | maybe | - | Unknown | 2026-07-09 |',
|
|
186
|
+
'| lsp | LSP | unknown | - | Unknown | 2026-07-09 |',
|
|
187
|
+
'| subagent | Host dispatch | unknown | - | Unknown | 2026-07-09 |',
|
|
188
|
+
'| ci | GitHub Actions | documented | .github/workflows/validate-gse.yml | | 2026-07-09 |',
|
|
189
|
+
'',
|
|
190
|
+
].join('\n'))
|
|
191
|
+
const missingDir = fs.mkdtempSync(path.join(os.tmpdir(), 'gse-host-capabilities-missing-'))
|
|
192
|
+
fs.mkdirSync(path.join(missingDir, '.gse'), { recursive: true })
|
|
193
|
+
const validReport = audit(valid.dir)
|
|
194
|
+
const invalidReport = audit(invalid.dir)
|
|
195
|
+
const missingReport = audit(missingDir)
|
|
196
|
+
fs.rmSync(valid.dir, { recursive: true, force: true })
|
|
197
|
+
fs.rmSync(invalid.dir, { recursive: true, force: true })
|
|
198
|
+
fs.rmSync(missingDir, { recursive: true, force: true })
|
|
199
|
+
const checks = [
|
|
200
|
+
check('HCA01', 'init-project creates host capability record scaffold', valid.init.status === 0 && validReport.hostCapabilities.exists, 'scripts/init-project.mjs'),
|
|
201
|
+
check('HCA02', 'scaffold covers required capabilities', validReport.hostCapabilities.summary.missingRequired.length === 0, validReport.hostCapabilities.capabilities.map((item) => item.capability).join(', ')),
|
|
202
|
+
check('HCA03', 'missing host capability file is warning, not hard failure', missingReport.hostCapabilities.status === 'warning', 'missing fixture'),
|
|
203
|
+
check('HCA04', 'invalid status, missing verified evidence, missing boundary, and native overclaim fail', invalidReport.summary.status === 'failed' && invalidReport.hostCapabilities.summary.invalidStatus.includes('mcp') && invalidReport.hostCapabilities.summary.missingEvidenceForVerified.includes('browser') && invalidReport.hostCapabilities.summary.nativeSlashOverclaim.includes('native-slash-command') && invalidReport.hostCapabilities.summary.documentedWithoutBoundary.includes('ci'), 'invalid fixture'),
|
|
204
|
+
check('HCA05', 'audit source is wired to continue packet and validation scripts', validReport.checks.find((item) => item.id === 'HC09')?.status === 'passed' && validReport.checks.find((item) => item.id === 'HC10')?.status === 'passed', 'continue/validation wiring'),
|
|
205
|
+
]
|
|
206
|
+
const passed = checks.filter((item) => item.status === 'passed').length
|
|
207
|
+
const failed = checks.length - passed
|
|
208
|
+
return {
|
|
209
|
+
root,
|
|
210
|
+
generatedAt: new Date().toISOString(),
|
|
211
|
+
summary: { status: failed === 0 ? 'passed' : 'failed', passed, failed, total: checks.length },
|
|
212
|
+
workflows: {
|
|
213
|
+
hostCapabilityRecords: failed === 0 ? 'verified' : 'failed',
|
|
214
|
+
initProjectHostCapabilityScaffold: failed === 0 ? 'verified' : 'failed',
|
|
215
|
+
nativeSlashCommandBoundary: failed === 0 ? 'verified' : 'failed',
|
|
216
|
+
},
|
|
217
|
+
fixture: {
|
|
218
|
+
validStatus: validReport.hostCapabilities.status,
|
|
219
|
+
invalidStatus: invalidReport.hostCapabilities.status,
|
|
220
|
+
missingStatus: missingReport.hostCapabilities.status,
|
|
221
|
+
},
|
|
222
|
+
checks,
|
|
223
|
+
limits: [
|
|
224
|
+
'This self-test verifies scaffold, parsing, and claim-boundary mechanics.',
|
|
225
|
+
'It does not prove live host capabilities.',
|
|
226
|
+
],
|
|
227
|
+
}
|
|
228
|
+
}
|
|
229
|
+
|
|
230
|
+
const isCli = process.argv[1] && fileURLToPath(import.meta.url) === path.resolve(process.argv[1])
|
|
231
|
+
|
|
232
|
+
if (isCli) {
|
|
233
|
+
const report = targetArg ? audit(targetArg) : selfTestReport()
|
|
234
|
+
if (jsonOnly) console.log(JSON.stringify(report, null, 2))
|
|
235
|
+
else console.log(JSON.stringify(report, null, 2))
|
|
236
|
+
if (report.summary.status === 'failed') process.exit(1)
|
|
237
|
+
}
|