scene-capability-engine 3.0.8 → 3.2.0

package/docs/interactive-customization/page-context.sample.json

@@ -0,0 +1,73 @@
+{
+  "product": "moqui-poc",
+  "module": "governance-platform",
+  "page": "screen-explorer-workbench",
+  "entity": "Screen",
+  "scene_id": "sce.scene--platform-screen-explorer-assist--0.1.0",
+  "workflow_node": "screen-analysis",
+  "fields": [
+    {
+      "name": "screen_name",
+      "type": "string",
+      "sensitive": false
+    },
+    {
+      "name": "component_type",
+      "type": "enum",
+      "sensitive": false
+    },
+    {
+      "name": "api_token",
+      "type": "string",
+      "sensitive": true
+    }
+  ],
+  "current_state": {
+    "screen_name": "Screen Explorer",
+    "component_type": "Entity",
+    "api_token": "tok_live_example_abc",
+    "operator": "platform_manager"
+  },
+  "scene_workspace": {
+    "scene_name": "Screen 探索场景",
+    "scene_type": "screen-analysis",
+    "screen_explorer": {
+      "active_tab": "Overview",
+      "selected_screen": "Screen Explorer",
+      "selected_component": "Entity",
+      "filters": [
+        "AI Components",
+        "Forms",
+        "Widgets"
+      ],
+      "result_total": 0
+    },
+    "ontology": {
+      "entities": [
+        "Screen",
+        "Form",
+        "Widget"
+      ],
+      "relations": [
+        "Screen_has_Form",
+        "Screen_has_Widget"
+      ],
+      "business_rules": [
+        "screen_name_unique",
+        "component_reference_consistency",
+        "change_requires_audit_record"
+      ],
+      "decision_policies": [
+        "publish_requires_risk_review",
+        "fallback_to_read_only_when_gate_non_allow"
+      ]
+    }
+  },
+  "assistant_panel": {
+    "session_id": "session-1771",
+    "agent_id": "codex-gpt4-1",
+    "model": "Spec-Expert",
+    "mode": "read-only",
+    "current_page_context": "Ask what should be fixed on the current page and propose actionable plan."
+  }
+}

package/docs/interactive-customization/page-context.schema.json

@@ -0,0 +1,150 @@
+{
+  "$schema": "https://json-schema.org/draft/2020-12/schema",
+  "$id": "https://scene-capability-engine.dev/schemas/interactive/page-context.schema.json",
+  "title": "Interactive Page Context",
+  "type": "object",
+  "additionalProperties": true,
+  "required": [
+    "product",
+    "module",
+    "page"
+  ],
+  "properties": {
+    "product": {
+      "type": "string",
+      "minLength": 1
+    },
+    "module": {
+      "type": "string",
+      "minLength": 1
+    },
+    "page": {
+      "type": "string",
+      "minLength": 1
+    },
+    "entity": {
+      "type": "string"
+    },
+    "scene_id": {
+      "type": "string"
+    },
+    "workflow_node": {
+      "type": "string"
+    },
+    "fields": {
+      "type": "array",
+      "items": {
+        "type": "object",
+        "required": [
+          "name"
+        ],
+        "properties": {
+          "name": {
+            "type": "string",
+            "minLength": 1
+          },
+          "type": {
+            "type": "string"
+          },
+          "sensitive": {
+            "type": "boolean"
+          },
+          "description": {
+            "type": "string"
+          }
+        }
+      }
+    },
+    "current_state": {
+      "type": "object"
+    },
+    "scene_workspace": {
+      "type": "object",
+      "additionalProperties": true,
+      "properties": {
+        "scene_name": {
+          "type": "string"
+        },
+        "scene_type": {
+          "type": "string"
+        },
+        "screen_explorer": {
+          "type": "object",
+          "additionalProperties": true,
+          "properties": {
+            "active_tab": {
+              "type": "string"
+            },
+            "selected_screen": {
+              "type": "string"
+            },
+            "selected_component": {
+              "type": "string"
+            },
+            "filters": {
+              "type": "array",
+              "items": {
+                "type": "string"
+              }
+            },
+            "result_total": {
+              "type": "integer",
+              "minimum": 0
+            }
+          }
+        },
+        "ontology": {
+          "type": "object",
+          "additionalProperties": true,
+          "properties": {
+            "entities": {
+              "type": "array",
+              "items": {
+                "type": "string"
+              }
+            },
+            "relations": {
+              "type": "array",
+              "items": {
+                "type": "string"
+              }
+            },
+            "business_rules": {
+              "type": "array",
+              "items": {
+                "type": "string"
+              }
+            },
+            "decision_policies": {
+              "type": "array",
+              "items": {
+                "type": "string"
+              }
+            }
+          }
+        }
+      }
+    },
+    "assistant_panel": {
+      "type": "object",
+      "additionalProperties": true,
+      "properties": {
+        "session_id": {
+          "type": "string"
+        },
+        "agent_id": {
+          "type": "string"
+        },
+        "model": {
+          "type": "string"
+        },
+        "mode": {
+          "type": "string"
+        },
+        "current_page_context": {
+          "type": "string"
+        }
+      }
+    }
+  }
+}

package/docs/interactive-customization/phase-acceptance-evidence.md

@@ -0,0 +1,110 @@
+# Interactive Phase Acceptance Evidence
+
+This document provides stage-level acceptance evidence for the Moqui interactive customization experiment.
+
+## Stage A (Read-only Dialogue)
+
+Scope:
+
+- Page context ingestion and masking.
+- Change_Intent generation.
+- Read-only explain output and audit trace.
+
+Evidence:
+
+- `scripts/interactive-context-bridge.js`
+- `scripts/interactive-intent-build.js`
+- `scripts/interactive-flow.js`
+- `docs/interactive-customization/page-context.schema.json`
+- `docs/interactive-customization/moqui-copilot-context-contract.json`
+- `docs/interactive-customization/moqui-context-provider.sample.json`
+- `docs/interactive-customization/moqui-copilot-integration-guide.md`
+- `tests/unit/scripts/interactive-context-bridge.test.js`
+- `tests/unit/scripts/interactive-intent-build.test.js`
+- `tests/unit/scripts/interactive-flow.test.js`
+
+Verification:
+
+```bash
+npx jest tests/unit/scripts/interactive-intent-build.test.js --runInBand
+npx jest tests/unit/scripts/interactive-context-bridge.test.js --runInBand
+npx jest tests/unit/scripts/interactive-flow.test.js --runInBand
+npm run report:interactive-context-bridge
+npm run report:interactive-intent
+```
+
+## Stage B (Suggestion + Approval)
+
+Scope:
+
+- Change_Plan generation.
+- Guardrail gate decision (`allow/review-required/deny`).
+- Approval workflow state machine.
+
+Evidence:
+
+- `scripts/interactive-plan-build.js`
+- `scripts/interactive-change-plan-gate.js`
+- `scripts/interactive-approval-workflow.js`
+- `tests/unit/scripts/interactive-plan-build.test.js`
+- `tests/unit/scripts/interactive-change-plan-gate.test.js`
+- `tests/unit/scripts/interactive-approval-workflow.test.js`
+
+Verification:
+
+```bash
+npx jest tests/unit/scripts/interactive-plan-build.test.js tests/unit/scripts/interactive-change-plan-gate.test.js tests/unit/scripts/interactive-approval-workflow.test.js --runInBand
+npm run report:interactive-plan
+npm run gate:interactive-plan
+```
+
+## Stage C (Controlled Execute + Rollback)
+
+Scope:
+
+- Adapter minimal interface (`capabilities/plan/validate/apply/rollback`).
+- Low-risk one-click apply path.
+- Execution/rollback audit records.
+
+Evidence:
+
+- `lib/interactive-customization/moqui-interactive-adapter.js`
+- `scripts/interactive-moqui-adapter.js`
+- `docs/interactive-customization/moqui-adapter-interface.md`
+- `tests/unit/scripts/interactive-moqui-adapter.test.js`
+
+Verification:
+
+```bash
+npx jest tests/unit/scripts/interactive-moqui-adapter.test.js --runInBand
+npm run report:interactive-adapter-capabilities
+```
+
+## Stage D (Template Sedimentation + Extension)
+
+Scope:
+
+- Moqui interactive loop template package.
+- Adapter extension contract.
+- Domain_Pack extension flow.
+
+Evidence:
+
+- `.kiro/templates/scene-packages/kse.scene--moqui-interactive-customization-loop--0.1.0/scene-package.json`
+- `.kiro/templates/scene-packages/kse.scene--moqui-interactive-customization-loop--0.1.0/scene.template.yaml`
+- `docs/interactive-customization/moqui-interactive-template-playbook.md`
+- `docs/interactive-customization/adapter-extension-contract.schema.json`
+- `docs/interactive-customization/domain-pack-extension-flow.md`
+
+Verification:
+
+```bash
+node scripts/moqui-template-baseline-report.js --json
+npm run report:interactive-governance
+```
+
+## Acceptance Conclusion
+
+- Stage A/B/C/D evidence artifacts are present.
+- Associated unit tests and report commands are executable.
+- Governance and ontology baseline remain default-on without bypass flags.

package/docs/interactive-customization/runtime-mode-policy-baseline.json

@@ -0,0 +1,99 @@
+{
+  "version": "1.0.0",
+  "profile": "interactive-runtime-default",
+  "defaults": {
+    "runtime_mode": "ops-fix",
+    "runtime_environment": "staging"
+  },
+  "modes": {
+    "user-assist": {
+      "description": "Business user guidance mode. Prefer suggestion and controlled changes.",
+      "allow_execution_modes": [
+        "suggestion",
+        "apply"
+      ],
+      "allow_mutating_apply": false,
+      "deny_action_types": [
+        "credential_export",
+        "permission_grant_super_admin",
+        "bulk_delete_without_filter"
+      ],
+      "review_required_action_types": [
+        "workflow_approval_chain_change",
+        "payment_rule_change",
+        "inventory_adjustment_bulk"
+      ],
+      "require_work_order": true
+    },
+    "ops-fix": {
+      "description": "Operational maintenance and bug-fix mode.",
+      "allow_execution_modes": [
+        "suggestion",
+        "apply"
+      ],
+      "allow_mutating_apply": true,
+      "deny_action_types": [
+        "credential_export"
+      ],
+      "review_required_action_types": [
+        "permission_grant_super_admin",
+        "bulk_delete_without_filter"
+      ],
+      "require_work_order": true
+    },
+    "feature-dev": {
+      "description": "Feature development mode for controlled iterative delivery.",
+      "allow_execution_modes": [
+        "suggestion",
+        "apply"
+      ],
+      "allow_mutating_apply": true,
+      "deny_action_types": [
+        "credential_export"
+      ],
+      "review_required_action_types": [
+        "workflow_approval_chain_change",
+        "permission_grant_super_admin",
+        "bulk_delete_without_filter"
+      ],
+      "require_work_order": true
+    }
+  },
+  "environments": {
+    "dev": {
+      "allow_live_apply": true,
+      "require_dry_run_before_live_apply": false,
+      "require_password_for_apply_mutations": true,
+      "require_approval_for_risk_levels": [
+        "high"
+      ],
+      "max_risk_level_for_apply": "high",
+      "max_auto_execute_risk_level": "medium",
+      "manual_review_required_for_apply": false
+    },
+    "staging": {
+      "allow_live_apply": true,
+      "require_dry_run_before_live_apply": true,
+      "require_password_for_apply_mutations": true,
+      "require_approval_for_risk_levels": [
+        "medium",
+        "high"
+      ],
+      "max_risk_level_for_apply": "high",
+      "max_auto_execute_risk_level": "low",
+      "manual_review_required_for_apply": false
+    },
+    "prod": {
+      "allow_live_apply": false,
+      "require_dry_run_before_live_apply": true,
+      "require_password_for_apply_mutations": true,
+      "require_approval_for_risk_levels": [
+        "medium",
+        "high"
+      ],
+      "max_risk_level_for_apply": "medium",
+      "max_auto_execute_risk_level": "low",
+      "manual_review_required_for_apply": true
+    }
+  }
+}

package/docs/moqui-template-core-library-playbook.md

@@ -33,6 +33,17 @@ Emergency bypass exists but is not recommended:
 - `--no-require-moqui-baseline`
 - `--no-require-capability-coverage`
 
+Profile presets are available for external intake standardization:
+
+- `--profile default`: baseline strict intake defaults.
+- `--profile moqui`: explicit Moqui baseline alias (same strict defaults).
+- `--profile enterprise`: stricter release control baseline (`max-risk-level=medium`, `require-release-gate-preflight=true`, `release-evidence-window=10`).
+
+Default onboarding and safety baselines:
+
+- Starter intake assets: `docs/starter-kit/README.md`
+- Default security/governance controls: `docs/security-governance-default-baseline.md`
+
 ## Template Capability Matrix Contract
 
 Use the baseline report as the canonical matrix contract (`.kiro/reports/moqui-template-baseline.json`):
@@ -101,6 +112,9 @@ node scripts/moqui-release-summary.js \
   --fail-on-gate-fail \
   --json
 
+# 0.5) Weekly ops closed-loop card (handoff + gate history + governance + matrix)
+node scripts/release-ops-weekly-summary.js --json
+
 # 1) Handoff close-loop
 sce auto handoff run --manifest docs/handoffs/handoff-manifest.json --json
 
@@ -142,6 +156,8 @@ Required artifacts for each intake batch:
 - `.kiro/reports/release-evidence/moqui-lexicon-audit.md`
 - `.kiro/reports/release-evidence/moqui-release-summary.json`
 - `.kiro/reports/release-evidence/moqui-release-summary.md`
+- `.kiro/reports/release-evidence/weekly-ops-summary.json`
+- `.kiro/reports/release-evidence/weekly-ops-summary.md`
 - `.kiro/reports/handoff-capability-matrix.md` (or JSON equivalent from `sce auto handoff capability-matrix`)
 - `.kiro/reports/handoff-runs/<session>.json`
 - `.kiro/reports/scene-package-ontology-batch.json`
@@ -180,3 +196,15 @@ sce scene package-publish-batch \
 
 sce auto close-loop-batch .kiro/auto/ontology-remediation.lines --format lines --json
 ```
+
+## Interactive Customization Template Baseline
+
+Stage-D baseline package for the interactive business customization loop:
+
+- `kse.scene--moqui-interactive-customization-loop--0.1.0`
+
+This package captures:
+
+- intent -> plan -> gate -> approval -> low-risk apply -> rollback flow
+- ontology entities/relations for plan/decision/execution trace
+- governance rules and decision strategy for approval and rollback constraints

package/docs/release-checklist.md

@@ -31,16 +31,31 @@ node bin/scene-capability-engine.js value metrics --help
 ```bash
 sce value metrics sample --out ./kpi-input.json --json
 sce value metrics snapshot --input ./kpi-input.json --json
+node scripts/release-ops-weekly-summary.js --json
+node scripts/release-risk-remediation-bundle.js --gate-report .kiro/reports/release-evidence/release-gate.json --json
 ```
 
 Expected:
 
 - `sample` writes a valid JSON scaffold.
 - `snapshot` returns machine-readable result with `snapshot_path` and risk metadata.
+- `release-ops-weekly-summary` emits weekly governance risk card (`json` + `markdown`) under release-evidence.
+- `release-risk-remediation-bundle` outputs unified weekly/drift remediation commands (`json` + `markdown` + `lines`).
 
 ---
 
-## 3. Packaging Hygiene
+## 3. Security Governance Baseline
+
+Confirm default baseline controls are still active:
+
+- `docs/security-governance-default-baseline.md` is aligned with current release policy.
+- interactive governance gate uses `--fail-on-alert` in CI/release.
+- approval/execution ledgers are retained for audit (`interactive-approval-events.jsonl`, `interactive-execution-ledger.jsonl`).
+- release evidence includes weekly ops summary and governance snapshot assets.
+
+---
+
+## 4. Packaging Hygiene
 
 ```bash
 npm pack --dry-run
@@ -53,7 +68,7 @@ Verify:
 
 ---
 
-## 4. Documentation Consistency
+## 5. Documentation Consistency
 
 Check that key docs are aligned with current version and capabilities:
 
@@ -75,7 +90,7 @@ rg -n "github.com/scene-capability-engine/sce" README.md README.zh.md docs START
 
 ---
 
-## 5. Git Readiness
+## 6. Git Readiness
 
 ```bash
 git status -sb
@@ -89,7 +104,7 @@ Verify:
 
 ---
 
-## 6. Publish Readiness
+## 7. Publish Readiness
 
 Ensure:
 
@@ -115,6 +130,16 @@ Ensure:
   - `KSE_RELEASE_DRIFT_PREFLIGHT_BLOCK_RATE_MIN_PERCENT`: minimum release preflight blocked rate in latest 5 known runs (default `40`)
   - `KSE_RELEASE_DRIFT_HARD_GATE_BLOCK_STREAK_MIN`: minimum consecutive hard-gate preflight blocked streak (latest window, default `2`)
   - `KSE_RELEASE_DRIFT_PREFLIGHT_UNAVAILABLE_STREAK_MIN`: minimum consecutive release preflight unavailable streak (latest window, default `2`)
+- Optional: tune weekly ops release gate:
+  - `KSE_RELEASE_WEEKLY_OPS_ENFORCE`: `true|false` (default `true`)
+  - `KSE_RELEASE_WEEKLY_OPS_REQUIRE_SUMMARY`: require weekly summary artifact (`true|false`, default `true`)
+  - `KSE_RELEASE_WEEKLY_OPS_MAX_RISK_LEVEL`: `low|medium|high|unknown` (default `medium`)
+  - `KSE_RELEASE_WEEKLY_OPS_MAX_GOVERNANCE_BREACHES`: optional max breach count
+  - `KSE_RELEASE_WEEKLY_OPS_MAX_MATRIX_REGRESSION_RATE_PERCENT`: optional max regression-positive rate percent
+- Optional: tune release asset integrity gate:
+  - `KSE_RELEASE_ASSET_INTEGRITY_ENFORCE`: `true|false` (default `true`)
+  - `KSE_RELEASE_ASSET_INTEGRITY_REQUIRE_NON_EMPTY`: `true|false` (default `true`)
+  - `KSE_RELEASE_ASSET_INTEGRITY_REQUIRED_FILES`: override required asset list (comma-separated, supports `{tag}`)
 - Optional local dry-run for gate history index artifact:
   - `sce auto handoff gate-index --dir .kiro/reports/release-evidence --out .kiro/reports/release-evidence/release-gate-history.json --json`
 

package/docs/security-governance-default-baseline.md

@@ -0,0 +1,54 @@
+# Security Governance Default Baseline
+
+This baseline is the default operating policy for SCE-driven delivery, including Moqui template intake and interactive customization.
+
+## 1. Context and Data Safety
+
+- Enforce strict context contract validation (`--context-contract`, strict mode on).
+- Block forbidden keys (for example secrets/private keys) from UI/provider payloads.
+- Keep payload masking enabled for business data and identity fields.
+- Reject context payloads that exceed size budget or schema bounds.
+
+## 2. Approval and Execution Safety
+
+- High-risk plans must pass approval workflow before `apply`.
+- Low-risk auto-apply is allowed only when gate result is `allow`.
+- Runtime policy gate is mandatory before apply (`runtime_mode=ops-fix`, `runtime_environment=staging` by default).
+- Runtime non-allow (`deny|review-required`) should block unattended apply (`--fail-on-runtime-non-allow`).
+- Enable role-based action control when environment requires stronger separation of duties (`approval-role-policy-baseline.json` + `--actor-role`).
+- Apply-mode mutating plans require password authorization (`authorization.password_required=true` by default).
+- Password verifier hash must be supplied via `SCE_INTERACTIVE_AUTH_PASSWORD_SHA256` (or explicit override).
+- Work-order artifacts (`interactive-work-order.json|.md`) are required for usage/maintenance/dev integrated auditing.
+- Every apply/rollback must write execution ledger evidence.
+- Stage-C adapters must keep dry-run behavior as default unless explicitly switched.
+
+## 3. Release and Intake Gates
+
+- Run handoff with profile baseline (`--profile moqui` or stricter).
+- Keep scene package publish-batch gate enabled by default.
+- Keep capability lexicon unknown count at zero.
+- Keep release preflight hard-gate enabled for enterprise profile.
+- Keep interactive governance weekly gate enabled (`--fail-on-alert`).
+
+## 4. Mandatory Audit Artifacts
+
+- `.kiro/reports/release-evidence/handoff-runs.json`
+- `.kiro/reports/release-evidence/release-gate-history.json`
+- `.kiro/reports/release-evidence/governance-snapshot-<tag>.json`
+- `.kiro/reports/release-evidence/weekly-ops-summary-<tag>.json`
+- `.kiro/reports/interactive-governance-report.json`
+- `.kiro/reports/interactive-dialogue-governance.json`
+- `.kiro/reports/interactive-execution-ledger.jsonl`
+- `.kiro/reports/interactive-approval-events.jsonl`
+
+## 5. Weekly Control Loop
+
+```bash
+node scripts/interactive-governance-report.js --period weekly --fail-on-alert --json
+node scripts/release-ops-weekly-summary.js --json
+node scripts/release-weekly-ops-gate.js
+node scripts/release-risk-remediation-bundle.js --gate-report .kiro/reports/release-evidence/release-gate.json --json
+node scripts/release-asset-integrity-check.js
+```
+
+If weekly ops summary risk is `high`, freeze release and run remediation before next tag.

package/docs/starter-kit/README.md

@@ -0,0 +1,50 @@
+# SCE Release-Ready Starter Kit
+
+This starter kit is the default baseline for onboarding an external project (including Moqui-based solutions) into SCE without project-specific flags.
+
+## Included Assets
+
+- `handoff-manifest.starter.json`: minimal manifest contract that works with `sce auto handoff` and `sce scene package-publish-batch`.
+- `release.workflow.sample.yml`: GitHub Actions sample for release-gate + weekly ops evidence publication.
+- `handoff-profile-ci.sample.yml`: profile-based intake pipeline sample (`default|moqui|enterprise`).
+- profile fixture references (for validation/testing):
+  - `tests/fixtures/handoff-profile-intake/default/*`
+  - `tests/fixtures/handoff-profile-intake/moqui/*`
+  - `tests/fixtures/handoff-profile-intake/enterprise/*`
+
+## Quick Start
+
+1. Prepare your manifest using `handoff-manifest.starter.json` as baseline.
+2. Run default intake pipeline:
+
+```bash
+npx sce auto handoff capability-matrix --manifest docs/handoffs/handoff-manifest.json --profile moqui --fail-on-gap --json
+npx sce auto handoff run --manifest docs/handoffs/handoff-manifest.json --profile moqui --json
+node scripts/release-ops-weekly-summary.js --json
+```
+
+3. Wire release workflow using `release.workflow.sample.yml` sections:
+   - release-gate history index
+   - governance snapshot export
+   - weekly ops summary export
+4. Optional: use `handoff-profile-ci.sample.yml` to run profile-based intake against external projects.
+
+## Default Acceptance
+
+- `scene package publish-batch` gate passes.
+- capability lexicon unknown count is zero.
+- release preflight is not blocked for hard-gate profiles.
+- weekly ops summary risk is not `high` unless explicitly approved.
+
+## Profile Recommendation
+
+- `default`: generic strict baseline intake.
+- `moqui`: preferred profile for Moqui template sedimentation.
+- `enterprise`: production rollout profile (release preflight hard-gate enabled).
+
+## Default Evidence Set
+
+- `.kiro/reports/release-evidence/handoff-runs.json`
+- `.kiro/reports/release-evidence/release-gate-history.json`
+- `.kiro/reports/release-evidence/governance-snapshot-<tag>.json`
+- `.kiro/reports/release-evidence/weekly-ops-summary-<tag>.json`