kiro-spec-engine 1.47.15 → 1.47.26

package/docs/331-poc-adaptation-roadmap.md

@@ -29,12 +29,73 @@
 11. 新增跨轮次回归分析：
    - `kse auto handoff regression` 对比相邻批次成功率/风险/失败目标/耗时变化。
    - `handoff run` 结果中自动附加 regression 摘要。
+12. 新增断点续跑能力：
+   - `kse auto handoff run --continue-from <session|latest|file>`。
+   - 支持 `--continue-strategy auto|pending|failed-only`。
+13. 新增 release evidence 自动归并：
+   - `handoff run` 结束后自动将批次结果合并到 `.kiro/reports/release-evidence/handoff-runs.json`。
+   - 按 `session_id` 去重更新，失败时写 warning 不阻塞主流程。
+14. 新增回归可视化报表增强：
+   - `handoff regression` 输出增加 `risk_layers` 风险分层视图（low/medium/high/unknown）。
+   - markdown 报表新增 `Trend Series` 与 `Risk Layer View`，支持多轮趋势快速审阅。
+15. 新增 release evidence 趋势窗口快照：
+   - `handoff run` 支持 `--release-evidence-window <n>`（默认 5）。
+   - release evidence 自动写入 `latest_trend_window` 与每个 session 的 `trend_window`，支持发布包一键审阅。
+16. 新增 release evidence 快速审阅命令：
+   - `kse auto handoff evidence` 直接聚合当前批次 gate/ontology/regression/risk-layer 概览。
+   - 支持 JSON/markdown 输出与 `--window` 会话窗口聚合。
+17. 新增 release draft 自动生成：
+   - `kse auto handoff evidence --release-draft <path>` 一次命令生成 evidence 审阅 markdown + release notes 草稿。
+   - 草稿自动注入当前批次 gate/ontology/regression/risk-layer 摘要与证据路径。
+18. 新增 CI 发布链路集成：
+   - `release.yml` 在 tag 发布时自动尝试基于 `handoff-runs.json` 生成 release notes 草稿。
+   - 若证据缺失或生成失败，自动回退到默认 CHANGELOG 引导文案，避免发布流水卡死。
+19. 新增 release evidence 附件发布：
+   - tag 发布时自动将 release notes 草稿、evidence 审阅 markdown、summary JSON 作为 GitHub Release 资产上传。
+   - 无 evidence 时至少上传 fallback notes，保证发布资产结构稳定。
+20. 新增可配置发布门禁（workflow 级）：
+   - 支持通过 `KSE_RELEASE_*` 仓库变量配置 success rate/risk/ontology 阈值。
+   - 支持 advisory（默认）与 enforce（阻断发布）两种模式，且门禁在 `npm publish` 前执行。
+21. 新增 release gate 审计产物：
+   - 每次 tag 发布生成 `release-gate-<tag>.json`，记录阈值、观测信号、违规项和判定结果。
+   - `release-gate` 报告随 GitHub Release 资产一起发布，便于后续追溯。
+22. 增强多 Agent 限流韧性：
+   - 编排引擎在 429/RateLimit 错误重试时，支持解析 `Retry-After`/`try again in` 提示并抬升 backoff。
+   - 减少服务端限流窗口内的无效重试与“卡死感”。
+23. 新增 release gate 历史索引命令：
+   - `kse auto handoff gate-index` 聚合 `release-gate-*.json` 为跨版本历史索引。
+   - 支持与已有历史索引合并去重（按 tag/file），输出门禁通过率与风险分布聚合指标。
+24. 发布流程自动产出门禁历史索引：
+   - `release.yml` 在 gate 评估后自动执行 `handoff gate-index`，生成 `release-gate-history.json` 与当次 summary。
+   - 两份索引产物随 GitHub Release 资产发布，便于对外审计与回放。
+25. 发布流程支持跨版本历史增量：
+   - `release.yml` 在构建索引前自动尝试下载上一版 Release 的 `release-gate-history.json`。
+   - 当前 tag 发布时基于上一版历史做增量合并，持续积累趋势数据。
+26. 发布说明自动注入门禁趋势摘要：
+   - `release.yml` 在发布前将 `release-gate-history` 的近 5 版趋势追加到 Release Notes。
+   - 发布页可直接看到 gate pass ratio、风险分布与近期版本轨迹。
+27. 新增 gate-index Markdown 趋势卡片：
+   - `kse auto handoff gate-index --markdown-out <path>` 直接产出可读趋势卡片。
+   - 便于在 PR/Issue 中复用，降低历史门禁审阅成本。
+28. 发布流程附带趋势卡片资产：
+   - `release.yml` 自动生成并上传 `release-gate-history-<tag>.md`。
+   - Release Notes 趋势段落附带卡片资产文件名，便于发布后检索。
+29. Release Notes 资产链接增强：
+   - 趋势段落自动生成 `release-gate-history` 相关资产的可点击下载链接。
+   - 发布页可直接跳转趋势卡片/索引 JSON，无需手工查找资产列表。
+30. 发布说明新增门禁漂移告警：
+   - 自动检测连续 gate 失败、高风险占比过高、短期风险占比上升。
+   - 在 Release Notes 中显式给出 drift alerts，提前暴露质量恶化趋势。
+31. 漂移告警阈值参数化：
+   - 支持通过 `KSE_RELEASE_DRIFT_*` 仓库变量调节 fail streak/high-risk share/delta 阈值。
+   - 不同项目可按发布策略调整灵敏度，减少误报或漏报。
+32. 漂移告警阻断模式：
+   - 新增 `KSE_RELEASE_DRIFT_ENFORCE`，可在漂移告警触发时阻断发布。
+   - 保留默认 advisory 模式，确保历史数据不足时不误阻断。
 
 ## 下一阶段（P2）
 
-1. 让 `handoff run` 输出与 release evidence 自动合并，形成可发布证据包。
-2. 增加 `handoff run --continue-from <session>` 断点续跑能力。
-3. 增加回归对比可视化报表（多轮趋势图 + 风险分层视图）。
+1. 将 drift alerts 结果写入 `release-gate-<tag>.json`，统一门禁与漂移审计口径。
 
 ## 长期目标（P3）
 

package/docs/331-poc-weekly-delivery-checklist.md

@@ -0,0 +1,53 @@
+# 331-poc Weekly Delivery Checklist (For KSE Integration)
+
+Use this checklist before each integration batch.
+
+## Required Inputs From 331-poc
+
+- Complete spec bundle for each target spec:
+  - `requirements.md`
+  - `design.md`
+  - `tasks.md`
+  - `custom/scene.yaml`
+  - `custom/scene-package.json`
+- Exported template folder:
+  - `.kiro/templates/exports/<template-name>/`
+- Handoff package:
+  - `docs/handoffs/handoff-manifest.json`
+  - ontology validation evidence in the same batch window
+
+## Mandatory Quality Constraints
+
+- `specs[]` is non-empty.
+- `templates[]` is non-empty.
+- `ontology_validation` exists and is recent.
+- Dependency relations (`depends_on`) are present for multi-spec batches.
+- High-risk gaps have mitigation notes.
+
+## KSE Acceptance Commands
+
+```bash
+npx kse auto handoff run --manifest ../331-poc/docs/handoffs/handoff-manifest.json \\
+  --require-ontology-validation \\
+  --min-spec-success-rate 95 \\
+  --max-risk-level medium \\
+  --json
+
+npx kse auto handoff template-diff --manifest ../331-poc/docs/handoffs/handoff-manifest.json --json
+npx kse auto handoff regression --session-id latest --json
+```
+
+## Scene Package Gate Commands
+
+```bash
+npx kse scene package-registry --template-dir .kiro/templates/scene-packages --strict --json
+npx kse scene package-gate-template --out .kiro/templates/scene-package-gate-policy.json --profile three-layer --force --json
+npx kse scene package-gate --registry .kiro/templates/scene-packages/registry.json --policy .kiro/templates/scene-package-gate-policy.json --strict --json
+```
+
+## Batch Exit Criteria
+
+- No strict validation error.
+- Ontology graph is valid and traceable.
+- Close-loop execution is successful for the batch.
+- Evidence snapshot is archived and linked to release notes.

package/docs/autonomous-control-guide.md

@@ -117,24 +117,26 @@ kse auto close-loop-recover .kiro/auto/close-loop-batch-summaries/batch-20260215
   --program-audit-out .kiro/reports/close-loop-recover-audit.json \
   --dry-run --json
 
+# Default autonomous batch run (continue-on-error + adaptive scheduling + retry-until-complete)
+kse auto close-loop-batch .kiro/goals.json --json
+
 # Batch parallel mode: run multiple goals concurrently
-kse auto close-loop-batch .kiro/goals.json --batch-parallel 3 --continue-on-error --json
+kse auto close-loop-batch .kiro/goals.json --batch-parallel 3 --json
 
 # Batch with global agent budget (automatic per-goal maxParallel throttling)
 kse auto close-loop-batch .kiro/goals.json \
   --batch-parallel 3 \
   --batch-agent-budget 6 \
-  --continue-on-error --json
+  --json
 
 # Batch priority scheduling with aging (favor complex goals, prevent starvation)
 kse auto close-loop-batch .kiro/goals.json \
   --batch-priority critical-first \
   --batch-aging-factor 3 \
-  --continue-on-error --json
+  --json
 
 # Auto-retry failed/stopped goals in the same batch run
 kse auto close-loop-batch .kiro/goals.json \
-  --continue-on-error \
   --batch-retry-rounds 1 \
   --batch-retry-strategy adaptive \
   --json
@@ -145,9 +147,9 @@ kse auto close-loop-batch .kiro/goals.json \
   --batch-retry-max-rounds 10 \
   --json
 
-# Enable autonomous closed-loop batch policy (recommended for multi-goal programs)
+# Disable autonomous closed-loop batch policy (only when you need legacy/manual tuning)
 kse auto close-loop-batch .kiro/goals.json \
-  --batch-autonomous \
+  --no-batch-autonomous \
   --json
 
 # Resume a stopped/failed batch from previous summary output
@@ -270,15 +272,15 @@ Batch multi-goal autonomous execution:
 - `--resume-from-summary <path>`: resume only pending goals from previous batch summary
 - `--resume-from-summary latest`: resolve and resume from latest persisted batch summary session
 - `--resume-strategy <pending|failed-only>`: control whether summary resume includes unprocessed goals (`pending`) or only failed/error goals (`failed-only`)
-- `--batch-parallel <n>`: run multiple goals concurrently (`1-20`, default `1`)
+- `--batch-parallel <n>`: run multiple goals concurrently (`1-20`, default adaptive under autonomous policy)
 - `--batch-agent-budget <n>`: set global agent parallel budget shared across all active goals (`1-500`)
-- `--batch-priority <strategy>`: choose `fifo` (default), `complex-first`, `complex-last`, or `critical-first` scheduling
-- `--batch-aging-factor <n>`: increase waiting-goal score per scheduling cycle (`0-100`, default `0`)
-- `--batch-retry-rounds <n>`: automatically retry failed/stopped goals for `n` extra rounds (`0-5`, default `0`)
+- `--batch-priority <strategy>`: choose `fifo`, `complex-first`, `complex-last`, or `critical-first` scheduling (default `complex-first` under autonomous policy)
+- `--batch-aging-factor <n>`: increase waiting-goal score per scheduling cycle (`0-100`, default `2` under autonomous policy)
+- `--batch-retry-rounds <n>`: automatically retry failed/stopped goals for `n` extra rounds (`0-5`, default `0`, or until-complete under autonomous policy)
 - `--batch-retry-strategy <strategy>`: choose `adaptive` (default) or `strict` retry behavior
 - `--batch-retry-until-complete`: enable goal-draining retry mode until completion or max rounds
 - `--batch-retry-max-rounds <n>`: max extra rounds for until-complete mode (`1-20`, default `10`)
-- `--batch-autonomous`: enable autonomous defaults (`continue-on-error`, adaptive `batch-parallel`, `complex-first`, aging `2`, retry-until-complete)
+- `--no-batch-autonomous`: disable autonomous defaults and use explicit batch flags only
 - `--batch-session-id <id>`: set explicit id for persisted batch summary session
 - `--batch-session-keep <n>`: keep newest `n` persisted batch summary sessions (`0-1000`)
 - `--batch-session-older-than-days <n>`: when pruning persisted batch summaries, only delete sessions older than `n` days (`0-36500`)
@@ -292,8 +294,7 @@ Batch multi-goal autonomous execution:
 - `--spec-session-max-duplicate-goals <n>`: goal-input duplicate guard for batch inputs (`0-500000`)
 - `--spec-session-budget-hard-fail`: fail run when spec count exceeds `--spec-session-max-total` before/after execution
 - `--no-batch-session`: disable persisted batch summary session archive for this run
-- `--batch-retry-max-rounds` requires `--batch-retry-until-complete`
-- `--continue-on-error`: continue remaining goals when one goal fails
+- `--continue-on-error`: continue remaining goals when one goal fails (enabled by default under autonomous policy)
 - Returns one summary with per-goal statuses (`completed`, `failed`, `error`, `planned`)
 - Summary includes `resource_plan` and aggregate `metrics` (success rate, status breakdown, avg sub-spec count, avg replan cycles)
 - `--program-goals` requires `--decompose-goal`, and goal sources are mutually exclusive (`<goals-file>` vs `--resume-from-summary` vs `--decompose-goal`)
@@ -343,7 +344,7 @@ Close-loop controller command:
 - Queue file defaults to `.kiro/auto/close-loop-controller-goals.lines`; supports `auto|json|lines` parsing via `--queue-format`.
 - `--controller-resume <session-or-file>` resumes queue/controller context from persisted controller session (`latest`, session id, or file path).
 - Duplicate broad goals are deduped by default; use `--no-controller-dedupe` to preserve raw queue duplicates.
-- `--dequeue-limit <n>` controls how many queued goals are consumed in one cycle (`1-100`, default `1`).
+- `--dequeue-limit <n>` controls how many queued goals are consumed in one cycle (`1-100`, default: all pending goals).
 - `--wait-on-empty` + `--poll-seconds <n>` enables long-running poll mode for continuously appended program queues.
 - `--max-cycles <n>` + `--max-minutes <n>` bound controller runtime to prevent unbounded loops.
 - Controller lease lock is enabled by default to prevent concurrent queue corruption (`--controller-lock-file`, `--controller-lock-ttl-seconds`, `--no-controller-lock`).

package/docs/command-reference.md

@@ -382,27 +382,26 @@ kse auto close-loop-recover .kiro/auto/close-loop-batch-summaries/batch-20260215
   --program-audit-out .kiro/reports/close-loop-recover-audit.json \
   --dry-run --json
 
-# Continue processing later goals even if one goal fails
-kse auto close-loop-batch .kiro/goals.json --continue-on-error --json
+# Default autonomous batch run (continue-on-error + adaptive scheduling + retry-until-complete)
+kse auto close-loop-batch .kiro/goals.json --json
 
 # Run batch goals with concurrent close-loop workers
-kse auto close-loop-batch .kiro/goals.json --batch-parallel 3 --continue-on-error --json
+kse auto close-loop-batch .kiro/goals.json --batch-parallel 3 --json
 
 # Apply global agent budget across all concurrent goals
 kse auto close-loop-batch .kiro/goals.json \
   --batch-parallel 3 \
   --batch-agent-budget 6 \
-  --continue-on-error --json
+  --json
 
 # Prioritize complex goals first and enable anti-starvation aging
 kse auto close-loop-batch .kiro/goals.json \
   --batch-priority critical-first \
   --batch-aging-factor 3 \
-  --continue-on-error --json
+  --json
 
 # Automatically retry failed/stopped goals for one extra round
 kse auto close-loop-batch .kiro/goals.json \
-  --continue-on-error \
   --batch-retry-rounds 1 \
   --batch-retry-strategy adaptive \
   --json
@@ -413,9 +412,9 @@ kse auto close-loop-batch .kiro/goals.json \
   --batch-retry-max-rounds 10 \
   --json
 
-# Enable autonomous batch policy (closed-loop defaults for program-scale runs)
+# Disable autonomous batch policy explicitly (only when you need legacy/manual tuning)
 kse auto close-loop-batch .kiro/goals.json \
-  --batch-autonomous \
+  --no-batch-autonomous \
   --json
 
 # Resume only pending goals from a previous batch summary
@@ -529,7 +528,7 @@ kse auto handoff regression --session-id latest --json
 kse auto handoff regression --session-id latest --window 5 --json
 kse auto handoff regression --session-id latest --format markdown --out .kiro/reports/handoff-regression.md --json
 kse auto handoff regression --session-id latest --window 5 --out .kiro/reports/handoff-regression.json --json
-kse auto close-loop-batch .kiro/auto/handoff-goals.lines --format lines --batch-autonomous --continue-on-error --json
+kse auto close-loop-batch .kiro/auto/handoff-goals.lines --format lines --json
 ``` 
 
 DoD-related options:
@@ -570,15 +569,15 @@ Close-loop batch (`kse auto close-loop-batch <goals-file>`) options:
 - `--resume-from-summary <path>`: derive pending goals from an existing batch summary (reruns failed/error and previously unprocessed goals)
 - `--resume-from-summary latest`: load the most recent persisted batch session summary automatically
 - `--resume-strategy <strategy>`: `pending` (default) or `failed-only` for summary resume scope
-- `--batch-parallel <n>`: run up to `n` goals concurrently (`1-20`, default `1`)
+- `--batch-parallel <n>`: run up to `n` goals concurrently (`1-20`, default adaptive under autonomous policy)
 - `--batch-agent-budget <n>`: global agent parallel budget shared by all running goals (`1-500`)
-- `--batch-priority <strategy>`: scheduling strategy `fifo` (default), `complex-first`, `complex-last`, or `critical-first`
-- `--batch-aging-factor <n>`: waiting-goal aging boost per scheduling cycle (`0-100`, default `0`)
-- `--batch-retry-rounds <n>`: retry failed/stopped goals for `n` additional rounds (`0-5`, default `0`)
+- `--batch-priority <strategy>`: scheduling strategy `fifo`, `complex-first`, `complex-last`, or `critical-first` (default `complex-first` under autonomous policy)
+- `--batch-aging-factor <n>`: waiting-goal aging boost per scheduling cycle (`0-100`, default `2` under autonomous policy)
+- `--batch-retry-rounds <n>`: retry failed/stopped goals for `n` additional rounds (`0-5`, default `0`, or until-complete under autonomous policy)
 - `--batch-retry-strategy <strategy>`: retry strategy `adaptive` (default) or `strict`
 - `--batch-retry-until-complete`: keep retrying until no failed/stopped goals remain or max rounds reached
 - `--batch-retry-max-rounds <n>`: max extra rounds for `--batch-retry-until-complete` (`1-20`, default `10`)
-- `--batch-autonomous`: apply autonomous closed-loop defaults (`continue-on-error`, adaptive `batch-parallel`, `complex-first`, aging `2`, retry-until-complete)
+- `--no-batch-autonomous`: disable autonomous closed-loop defaults and rely on explicit batch flags
 - `--batch-session-id <id>`: set explicit persisted batch session id
 - `--batch-session-keep <n>`: keep newest `n` persisted batch summaries after each run (`0-1000`)
 - `--batch-session-older-than-days <n>`: when pruning persisted batch summaries, only delete sessions older than `n` days (`0-36500`)
@@ -592,15 +591,15 @@ Close-loop batch (`kse auto close-loop-batch <goals-file>`) options:
 - `--spec-session-max-duplicate-goals <n>`: goal-input duplicate guard for batch runs (`0-500000`)
 - `--spec-session-budget-hard-fail`: fail run when spec count exceeds `--spec-session-max-total` before/after execution
 - `--no-batch-session`: disable automatic persisted batch summary session archive
-- `--batch-retry-max-rounds` requires `--batch-retry-until-complete`
-- `--continue-on-error`: continue remaining goals after a failed/error goal
+- `--continue-on-error`: continue remaining goals after a failed/error goal (enabled by default under autonomous policy)
 - `--out <path>`: write batch summary JSON output file
 - `--resume` and `--session-id` are not supported in batch mode (sessions are per-goal)
 - `--program-goals` requires `--decompose-goal`
 - `<goals-file>`, `--resume-from-summary`, and `--decompose-goal` are mutually exclusive goal sources
-- Batch summary includes `resource_plan` (budget/effective parallel/per-goal maxParallel/scheduling strategy/aging/starvation wait metrics/criticality summary) and `metrics` (`success_rate_percent`, `status_breakdown`, `average_sub_specs_per_goal`, `average_replan_cycles_per_goal`)
+- Batch summary includes `resource_plan` (budget/effective parallel/per-goal maxParallel/scheduling strategy/aging/starvation wait metrics/criticality summary) and `metrics` (`success_rate_percent`, `status_breakdown`, `average_sub_specs_per_goal`, `average_replan_cycles_per_goal`, `total_rate_limit_signals`, `average_rate_limit_signals_per_goal`, `total_rate_limit_backoff_ms`)
   - Under budget mode, scheduler is complexity-weighted (`goal_weight`/`scheduling_weight`) so higher-complexity goals consume more shared slots and can reduce same-batch concurrency.
   - Batch summary includes `batch_retry` telemetry (strategy, until-complete mode, configured/max/performed rounds, exhausted flag, per-round history).
+  - Under `--batch-retry-strategy adaptive`, retry history includes rate-limit pressure and next-round backpressure decisions (`applied_batch_parallel`, `next_batch_parallel`, `adaptive_backpressure_applied`).
   - Batch summary includes `batch_session` metadata when persisted (session id + file path).
   - When using `--decompose-goal`, summary includes `generated_from_goal` metadata (strategy, target count, produced count, clause/category diagnostics, decomposition `quality`, and refinement telemetry).
 
@@ -646,7 +645,7 @@ Close-loop program (`kse auto close-loop-program "<goal>"`) options:
 - With `--program-govern-until-stable`, summary additionally includes:
   - `program_governance` (round history, stop reason, exhausted/converged state)
   - `program_governance` includes action-selection metadata (`auto_action_enabled`, `action_selection_enabled`, `pinned_action_index`, per-round `selected_action*`).
-  - `program_kpi_trend` and `program_kpi_anomalies` (anomaly-aware governance context)
+  - `program_kpi_trend` and `program_kpi_anomalies` (anomaly-aware governance context, including `rate-limit-spike` pressure that can auto-reduce `batchParallel`/`batchAgentBudget`).
 - Program summary includes `program_diagnostics` with `failure_clusters` and `remediation_actions` (prioritized follow-up commands for convergence).
 - Program summary includes `program_coordination` (master/sub topology, unresolved goal indexes, scheduler snapshot) and `auto_recovery` metadata.
 
@@ -655,7 +654,7 @@ Close-loop controller (`kse auto close-loop-controller [queue-file]`) options:
 - `--controller-resume <session-or-file>`: resume from persisted controller session (`latest`, session id, or file path)
 - `--queue-format <auto|json|lines>`: queue parser mode (default `auto`)
 - `--no-controller-dedupe`: disable duplicate broad-goal deduplication (default dedupe enabled)
-- `--dequeue-limit <n>`: consume up to `n` goals per controller cycle (`1-100`, default `1`)
+- `--dequeue-limit <n>`: consume up to `n` goals per controller cycle (`1-100`, default `all` pending goals)
 - `--wait-on-empty`: keep polling when queue is empty instead of stopping
 - `--poll-seconds <n>`: polling interval for `--wait-on-empty` (`1-3600`, default `30`)
 - `--max-cycles <n>`: max controller cycles (`1-100000`, default `1000`)
@@ -682,7 +681,7 @@ Close-loop recovery (`kse auto close-loop-recover [summary]`) options:
 - `--recover-max-minutes <n>`: elapsed-time budget for recovery loop (minutes, default unlimited)
 - `--recovery-memory-ttl-days <n>`: prune stale recovery memory entries before auto action selection (`0-36500`)
 - `--recovery-memory-scope <scope>`: scope key for recovery memory isolation (default auto: project + git branch)
-- Supports batch controls (`--batch-parallel`, `--batch-agent-budget`, `--batch-priority`, `--batch-aging-factor`, `--batch-retry*`, `--batch-autonomous`)
+- Supports batch controls (`--batch-parallel`, `--batch-agent-budget`, `--batch-priority`, `--batch-aging-factor`, `--batch-retry*`, `--no-batch-autonomous`)
 - Supports spec retention controls (`--spec-session-keep`, `--spec-session-older-than-days`, `--no-spec-session-protect-active`)
   - Includes `--spec-session-protect-window-days` to tune recent-reference protection window.
   - Includes `--spec-session-max-total` and optional `--spec-session-budget-hard-fail` for spec-count budget governance.
@@ -747,7 +746,7 @@ Autonomous KPI trend:
 - `kse auto kpi trend [--weeks <n>] [--mode <all|batch|program|recover|controller>] [--period <week|day>] [--csv] [--out <path>] [--json]`: aggregate periodic KPI trend from persisted autonomous summary sessions.
   - `--period <week|day>` selects weekly (default) or daily buckets.
   - `--csv` prints CSV rows to stdout and writes CSV when used with `--out` (JSON remains default).
-  - JSON output includes `mode_breakdown` (batch/program/recover/controller/other run distribution), `anomaly_detection`, and flattened `anomalies` (latest-period regression checks against historical baseline).
+  - JSON output includes `mode_breakdown` (batch/program/recover/controller/other run distribution), `anomaly_detection`, and flattened `anomalies` (latest-period regression checks against historical baseline, including rate-limit pressure via `average_rate_limit_signals` / `average_rate_limit_backoff_ms`).
 
 Unified observability snapshot:
 - `kse auto observability snapshot [--days <n>] [--status <csv>] [--weeks <n>] [--trend-mode <mode>] [--trend-period <period>] [--out <path>] [--json]`: generate one unified observability snapshot that combines close-loop session stats, batch stats, controller stats, governance session stats, governance health, and KPI trend.
@@ -766,18 +765,35 @@ Dual-track handoff integration:
 - `kse auto handoff plan --manifest <path> [--out <path>] [--strict] [--strict-warnings] [--json]`: parse handoff manifest (source project, specs, templates, known gaps) and generate an executable KSE integration phase plan.
 - `kse auto handoff queue --manifest <path> [--out <path>] [--append] [--no-include-known-gaps] [--dry-run] [--json]`: generate close-loop batch goal queue from handoff manifest and optionally persist line-based queue file (default `.kiro/auto/handoff-goals.lines`).
 - `kse auto handoff template-diff --manifest <path> [--json]`: compare manifest templates against local template exports/registry and report `missing_in_local` and `extra_in_local`.
-- `kse auto handoff run --manifest <path> [--out <path>] [--queue-out <path>] [--append] [--no-include-known-gaps] [--continue-from <session|latest|file>] [--continue-strategy <auto|pending|failed-only>] [--dry-run] [--strict] [--strict-warnings] [--no-dependency-batching] [--min-spec-success-rate <n>] [--max-risk-level <level>] [--require-ontology-validation] [--json]`: execute handoff end-to-end (`plan -> queue -> close-loop-batch -> observability`) with automatic report archive to `.kiro/reports/handoff-runs/<session>.json`.
+- `kse auto handoff run --manifest <path> [--out <path>] [--queue-out <path>] [--append] [--no-include-known-gaps] [--continue-from <session|latest|file>] [--continue-strategy <auto|pending|failed-only>] [--dry-run] [--strict] [--strict-warnings] [--no-dependency-batching] [--min-spec-success-rate <n>] [--max-risk-level <level>] [--require-ontology-validation] [--release-evidence-window <n>] [--json]`: execute handoff end-to-end (`plan -> queue -> close-loop-batch -> observability`) with automatic report archive to `.kiro/reports/handoff-runs/<session>.json`.
   - Default mode is dependency-aware: spec integration goals are grouped into dependency batches and executed in topological order.
   - `--continue-from` resumes pending goals from an existing handoff run report (`latest`, session id, or JSON file path). For safety, KSE enforces manifest-path consistency between the previous report and current run.
   - `--continue-strategy auto|pending|failed-only` controls resumed scope. `auto` (default) derives the best strategy from prior run state (`pending` when unprocessed/planned goals exist, otherwise `failed-only` for pure failure replay).
+  - Non-dry runs auto-merge release evidence into `.kiro/reports/release-evidence/handoff-runs.json` with session-level gate/ontology/regression snapshots. Merge failures are recorded as warnings without aborting the run.
+  - `--release-evidence-window` controls trend snapshot window size (2-50, default `5`) used in merged release evidence (`latest_trend_window` and per-session `trend_window`).
   - Run result includes `recommendations` with executable follow-up commands (for example, auto-generated `--continue-from <session>` on failed/incomplete batches).
   - Gate defaults: `--min-spec-success-rate` defaults to `100`, `--max-risk-level` defaults to `high`.
   - When `--require-ontology-validation` is enabled, run fails fast at precheck if manifest ontology evidence is missing or not passed.
 - `kse auto handoff regression [--session-id <id|latest>] [--window <n>] [--format <json|markdown>] [--out <path>] [--json]`: compare one handoff run report with its previous run and output trend deltas (success-rate/risk/failed-goals/elapsed time).
   - `--window` (2-50, default `2`) returns multi-run `series`, `window_trend`, and `aggregates` for broader regression visibility.
+  - Regression JSON now includes `risk_layers` (low/medium/high/unknown buckets with per-layer session list and quality aggregates).
   - `--format` supports `json` (default) and `markdown` for human-readable report rendering.
+  - Markdown report includes `Trend Series` (ASCII success/ontology bars per session) and `Risk Layer View`.
   - `--out` writes the generated regression report using the selected format.
   - Output includes `recommendations` to guide next action when trend degrades or risk escalates.
+- `kse auto handoff evidence [--file <path>] [--session-id <id|latest>] [--window <n>] [--format <json|markdown>] [--out <path>] [--json]`: quick-review merged release evidence and render current-batch gate/ontology/regression/risk-layer overview.
+  - Default evidence file is `.kiro/reports/release-evidence/handoff-runs.json`.
+  - `--window` (1-50, default `5`) controls how many recent sessions are aggregated in review.
+  - JSON output includes `current_overview`, `aggregates.status_counts`, `aggregates.gate_pass_rate_percent`, and `risk_layers`.
+  - Markdown output includes `Current Gate`, `Current Ontology`, `Current Regression`, `Trend Series`, and `Risk Layer View`.
+  - Add `--release-draft <path>` to auto-generate a release notes draft and evidence review markdown in one run.
+  - `--release-version` sets draft version tag (defaults to `v<package.json version>`), and `--release-date` accepts `YYYY-MM-DD` (default: current UTC date).
+  - Use `--review-out <path>` to override the generated evidence review markdown path (default `.kiro/reports/release-evidence/handoff-evidence-review.md`).
+- `kse auto handoff gate-index [--dir <path>] [--history-file <path>] [--keep <n>] [--out <path>] [--json]`: aggregate `release-gate-*.json` audits into a cross-version history index.
+  - Default scan dir is `.kiro/reports/release-evidence`, default output file is `.kiro/reports/release-evidence/release-gate-history.json`.
+  - `--history-file` merges an existing index (for example, previous release asset) before dedup/refresh.
+  - `--keep` retains latest N entries (`1-5000`, default `200`).
+  - `--markdown-out <path>` writes a human-readable trend card markdown for PR/Issue handoff.
 
 Recommended `.kiro/config/orchestrator.json`:
 
@@ -799,7 +815,7 @@ Recommended `.kiro/config/orchestrator.json`:
 }
 ```
 
-`rateLimit*` settings provide dedicated retry/backoff and adaptive parallel throttling when providers return 429 / too-many-requests errors.
+`rateLimit*` settings provide dedicated retry/backoff and adaptive parallel throttling when providers return 429 / too-many-requests errors. Engine retry now also honors `Retry-After` / `try again in ...` hints from provider error messages when present, and pauses launching new pending specs during the active backoff window to reduce request bursts (launch hold remains active even if adaptive parallel throttling is disabled).
 
 ### Scene Template Engine
 
@@ -817,6 +833,59 @@ kse scene template-render --package <name> --values <json-or-path> --out <dir>
 kse scene template-render --package scene-erp --values '{"entity_name":"Order"}' --out ./output --json
 ```
 
+### Scene Package Batch Publish
+
+```bash
+# Publish scene package templates from a handoff manifest (default: completed specs only)
+kse scene package-publish-batch --manifest docs/handoffs/handoff-manifest.json --json
+
+# Use 331-poc preset defaults (manifest/docs paths + completed filter)
+kse scene package-publish-batch --from-331 --json
+
+# Preview batch publish plan without writing template files
+kse scene package-publish-batch --manifest docs/handoffs/handoff-manifest.json --dry-run --json
+
+# Publish selected specs only
+kse scene package-publish-batch --manifest docs/handoffs/handoff-manifest.json --include 62-00-moqui-full-capability-closure-program,62-01-moqui-capability-itemized-parity-matrix --json
+
+# Disable status filter and use docs/* fallback paths for manifest entries missing scene paths
+kse scene package-publish-batch --manifest docs/handoffs/handoff-manifest.json --status all --fallback-spec-package docs/scene-package.json --fallback-scene-manifest docs/scene.yaml --force --json
+
+# Read specs from non-standard manifest path
+kse scene package-publish-batch --manifest docs/handoffs/handoff-manifest.json --manifest-spec-path handoff.spec_items --json
+
+# Enforce ontology validation + semantic quality threshold before publish
+kse scene package-publish-batch --from-331 --require-ontology-validation --ontology-min-score 70 --json
+
+# Persist ontology/publish batch report for governance tracking
+kse scene package-publish-batch --from-331 --dry-run --ontology-report-out .kiro/reports/scene-package-ontology-batch.json --json
+
+# Enforce batch-level ontology portfolio gate (average score + valid-rate)
+kse scene package-publish-batch --from-331 --dry-run --ontology-min-average-score 60 --ontology-min-valid-rate 90 --json
+
+# Export ontology remediation task draft markdown
+kse scene package-publish-batch --from-331 --dry-run --ontology-task-out .kiro/reports/scene-package-ontology-task-draft.md --json
+
+# Export ontology remediation queue lines (directly consumable by close-loop-batch)
+kse scene package-publish-batch --from-331 --dry-run --ontology-task-queue-out .kiro/auto/ontology-remediation.lines --json
+```
+
+### Scene Package Ontology Backfill Batch
+
+```bash
+# Backfill ontology_model from a handoff manifest (commit mode)
+kse scene package-ontology-backfill-batch --manifest docs/handoffs/handoff-manifest.json --spec-package-path docs/scene-package.json --json
+
+# Use 331-poc preset defaults in dry-run mode
+kse scene package-ontology-backfill-batch --from-331 --dry-run --json
+
+# Backfill selected specs only
+kse scene package-ontology-backfill-batch --from-331 --include 62-00-moqui-full-capability-closure-program,62-01-moqui-capability-itemized-parity-matrix --dry-run --json
+
+# Export detailed backfill report for governance review
+kse scene package-ontology-backfill-batch --from-331 --dry-run --out-report .kiro/reports/scene-package-ontology-backfill-report.json --json
+```
+
 ### Moqui ERP Integration
 
 ```bash

package/docs/moqui-capability-matrix.md

@@ -0,0 +1,51 @@
+# Moqui Capability Matrix For KSE
+
+This document defines the execution boundary for converting Moqui capabilities into KSE capabilities.
+
+## Scope
+
+- Goal: turn Moqui ERP resources into reusable KSE scene templates.
+- Method: `extract -> normalize -> package-gate -> handoff-run -> release evidence`.
+- Output: template assets with ontology, governance, and runtime-safe bindings.
+
+## Capability Mapping
+
+| Priority | Moqui Capability | KSE Scene Pattern | Template ID | Ontology Anchors | Governance/Gate Focus | Status |
+| --- | --- | --- | --- | --- | --- | --- |
+| P0 | Order read (`OrderHeader`, `OrderItem`, query services) | `query` | `kse.scene--erp-order-query-read--0.1.0` | `order_header`, `order_item`, `order_projection`, `customer_party` | low risk, idempotent query, lineage complete | template-ready |
+| P0 | Order fulfillment (reserve, payment, release) | `workflow` | `kse.scene--erp-order-fulfillment-workflow--0.1.0` | `order_header`, `order_item`, `inventory_reservation`, `payment_authorization`, `fulfillment_execution` | medium risk, approval required, compensation strategy | template-ready |
+| P0 | Inventory reserve + adjust | `workflow/crud hybrid` | `kse.scene--erp-inventory-reserve-adjust--0.1.0` | `inventory_item`, `inventory_reservation`, `inventory_adjustment`, `inventory_snapshot` | medium risk, approval required, non-negative stock rule | template-ready |
+
+## Ownership Boundary
+
+### 331-poc owns
+
+- Business truth and domain semantics.
+- Complete specs (`requirements/design/tasks`) and scene manifests.
+- Handoff package (`docs/handoffs/handoff-manifest.json`) and ontology evidence.
+- Real-world acceptance cases and risk context.
+
+### KSE owns
+
+- Template contract normalization and packaging format.
+- Ontology/gate enforcement and strict checks.
+- Runtime routing, fallback behavior, and retry resilience.
+- Close-loop orchestration and release evidence aggregation.
+
+## Batch Workflow
+
+1. 331-poc exports spec/template/handoff artifacts.
+2. KSE runs `auto handoff run` with strict gates.
+3. KSE validates template registry and ontology consistency.
+4. KSE executes close-loop batch and snapshots observability.
+5. KSE archives evidence and publishes release.
+
+## Definition Of Done
+
+A capability is considered absorbed by KSE when all checks pass:
+
+- `kse scene package-validate --strict`
+- `kse scene lint --strict`
+- `kse scene score --threshold 85`
+- `kse scene ontology validate`
+- `kse auto handoff run --require-ontology-validation`

package/docs/release-checklist.md

@@ -96,5 +96,20 @@ Ensure:
 - `package.json` version is correct.
 - `CHANGELOG.md` includes release-relevant entries.
 - Release notes draft exists (for example `docs/releases/vX.Y.Z.md`).
+- Optional: configure release evidence gate with repository variables (`Settings -> Secrets and variables -> Actions -> Variables`):
+  - `KSE_RELEASE_GATE_ENFORCE`: `true|false` (default advisory, non-blocking)
+  - `KSE_RELEASE_GATE_REQUIRE_EVIDENCE`: require `handoff-runs.json` summary
+  - `KSE_RELEASE_GATE_REQUIRE_GATE_PASS`: require evidence gate `passed=true` (default true when evidence exists)
+  - `KSE_RELEASE_GATE_MIN_SPEC_SUCCESS_RATE`: minimum allowed success rate percent
+  - `KSE_RELEASE_GATE_MAX_RISK_LEVEL`: `low|medium|high|unknown` (default `unknown`)
+  - `KSE_RELEASE_GATE_MAX_UNMAPPED_RULES`: maximum allowed unmapped ontology business rules
+  - `KSE_RELEASE_GATE_MAX_UNDECIDED_DECISIONS`: maximum allowed undecided ontology decisions
+- Optional: tune release drift alerts in release notes:
+  - `KSE_RELEASE_DRIFT_ENFORCE`: `true|false` (default `false`), block publish when drift alerts are triggered
+  - `KSE_RELEASE_DRIFT_FAIL_STREAK_MIN`: minimum consecutive failed gates to trigger alert (default `2`)
+  - `KSE_RELEASE_DRIFT_HIGH_RISK_SHARE_MIN_PERCENT`: minimum high-risk share in latest 5 versions (default `60`)
+  - `KSE_RELEASE_DRIFT_HIGH_RISK_SHARE_DELTA_MIN_PERCENT`: minimum short-vs-long high-risk share delta (default `25`)
+- Optional local dry-run for gate history index artifact:
+  - `kse auto handoff gate-index --dir .kiro/reports/release-evidence --out .kiro/reports/release-evidence/release-gate-history.json --json`
 
 Then proceed with your release workflow (tag, push, npm publish, GitHub release).

package/docs/zh/release-checklist.md

@@ -96,5 +96,20 @@ git log --oneline -n 15
 - `package.json` 版本号正确；
 - `CHANGELOG.md` 已记录发布相关变化；
 - 发布说明草稿已就绪（如 `docs/releases/vX.Y.Z.md`）。
+- 可选：通过仓库变量配置 release evidence 门禁（`Settings -> Secrets and variables -> Actions -> Variables`）：
+  - `KSE_RELEASE_GATE_ENFORCE`：`true|false`（默认 advisory，不阻断发布）
+  - `KSE_RELEASE_GATE_REQUIRE_EVIDENCE`：是否要求存在 `handoff-runs.json` 摘要
+  - `KSE_RELEASE_GATE_REQUIRE_GATE_PASS`：是否要求 evidence gate `passed=true`（有 evidence 时默认要求）
+  - `KSE_RELEASE_GATE_MIN_SPEC_SUCCESS_RATE`：最小允许成功率（百分比）
+  - `KSE_RELEASE_GATE_MAX_RISK_LEVEL`：`low|medium|high|unknown`（默认 `unknown`）
+  - `KSE_RELEASE_GATE_MAX_UNMAPPED_RULES`：ontology 业务规则未映射最大允许值
+  - `KSE_RELEASE_GATE_MAX_UNDECIDED_DECISIONS`：ontology 决策未定最大允许值
+- 可选：通过仓库变量调节 Release Notes 中的漂移告警阈值：
+  - `KSE_RELEASE_DRIFT_ENFORCE`：`true|false`（默认 `false`），触发 drift alert 时阻断发布
+  - `KSE_RELEASE_DRIFT_FAIL_STREAK_MIN`：触发告警的最小连续失败次数（默认 `2`）
+  - `KSE_RELEASE_DRIFT_HIGH_RISK_SHARE_MIN_PERCENT`：近 5 版 high 风险占比告警阈值（默认 `60`）
+  - `KSE_RELEASE_DRIFT_HIGH_RISK_SHARE_DELTA_MIN_PERCENT`：短期相对长期 high 风险占比增量阈值（默认 `25`）
+- 可选本地预演 release gate 历史索引产物：
+  - `kse auto handoff gate-index --dir .kiro/reports/release-evidence --out .kiro/reports/release-evidence/release-gate-history.json --json`
 
 然后再执行你的正式发布流程（打 tag、push、npm publish、GitHub Release）。