npm - scene-capability-engine - Versions diffs - 3.3.18 → 3.3.22 - Mend

scene-capability-engine 3.3.18 → 3.3.22

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (16) hide show

package/CHANGELOG.md +51 -0
package/README.md +19 -10
package/README.zh.md +21 -11
package/docs/command-reference.md +71 -12
package/docs/release-checklist.md +7 -0
package/docs/zh/release-checklist.md +7 -0
package/lib/commands/errorbook.js +455 -2
package/lib/commands/spec-bootstrap.js +126 -51
package/lib/commands/spec-gate.js +92 -25
package/lib/commands/spec-pipeline.js +86 -7
package/lib/commands/studio.js +265 -30
package/lib/runtime/multi-spec-scene-session.js +147 -0
package/lib/runtime/scene-session-binding.js +109 -0
package/lib/runtime/session-store.js +475 -3
package/package.json +4 -2
package/template/.sce/steering/CORE_PRINCIPLES.md +35 -1

package/lib/commands/errorbook.js CHANGED Viewed

@@ -7,6 +7,7 @@ const Table = require('cli-table3');
 const ERRORBOOK_INDEX_API_VERSION = 'sce.errorbook.index/v0.1';
 const ERRORBOOK_ENTRY_API_VERSION = 'sce.errorbook.entry/v0.1';
 const ERRORBOOK_STATUSES = Object.freeze(['candidate', 'verified', 'promoted', 'deprecated']);
+const TEMPORARY_MITIGATION_TAG = 'temporary-mitigation';
 const STATUS_RANK = Object.freeze({
   deprecated: 0,
   candidate: 1,
@@ -37,6 +38,17 @@ const ONTOLOGY_TAG_ALIASES = Object.freeze({
   action_chain: 'execution_flow'
 });
 const DEFAULT_PROMOTE_MIN_QUALITY = 75;
+const ERRORBOOK_RISK_LEVELS = Object.freeze(['low', 'medium', 'high']);
+const HIGH_RISK_SIGNAL_TAGS = Object.freeze([
+  'release-blocker',
+  'security',
+  'auth',
+  'payment',
+  'data-loss',
+  'integrity',
+  'compliance',
+  'incident'
+]);
 function resolveErrorbookPaths(projectPath = process.cwd()) {
   const baseDir = path.join(projectPath, '.sce', 'errorbook');
@@ -60,6 +72,23 @@ function normalizeText(value) {
   return value.trim();
 }
+function normalizeBoolean(value, fallback = false) {
+  if (typeof value === 'boolean') {
+    return value;
+  }
+  const normalized = normalizeText(`${value || ''}`).toLowerCase();
+  if (!normalized) {
+    return fallback;
+  }
+  if (['1', 'true', 'yes', 'y', 'on'].includes(normalized)) {
+    return true;
+  }
+  if (['0', 'false', 'no', 'n', 'off'].includes(normalized)) {
+    return false;
+  }
+  return fallback;
+}
 function normalizeCsv(value) {
   if (Array.isArray(value)) {
     return value;
@@ -98,6 +127,18 @@ function normalizeStringList(...rawInputs) {
   return Array.from(new Set(merged));
 }
+function normalizeIsoTimestamp(value, fieldName = 'datetime') {
+  const normalized = normalizeText(value);
+  if (!normalized) {
+    return '';
+  }
+  const parsed = Date.parse(normalized);
+  if (Number.isNaN(parsed)) {
+    throw new Error(`${fieldName} must be a valid ISO datetime`);
+  }
+  return new Date(parsed).toISOString();
+}
 function normalizeOntologyTags(...rawInputs) {
   const normalized = normalizeStringList(...rawInputs).map((item) => item.toLowerCase());
   const mapped = normalized.map((item) => ONTOLOGY_TAG_ALIASES[item] || item);
@@ -105,6 +146,140 @@ function normalizeOntologyTags(...rawInputs) {
   return Array.from(new Set(valid));
 }
+function hasMitigationInput(options = {}, fromFilePayload = {}) {
+  const mitigation = fromFilePayload && typeof fromFilePayload.temporary_mitigation === 'object'
+    ? fromFilePayload.temporary_mitigation
+    : {};
+  return Boolean(
+    options.temporaryMitigation === true ||
+    normalizeBoolean(mitigation.enabled, false) ||
+    normalizeText(options.mitigationReason || mitigation.reason || mitigation.notes) ||
+    normalizeText(options.mitigationExit || mitigation.exit_criteria || mitigation.exitCriteria) ||
+    normalizeText(options.mitigationCleanup || mitigation.cleanup_task || mitigation.cleanupTask) ||
+    normalizeText(options.mitigationDeadline || mitigation.deadline_at || mitigation.deadlineAt)
+  );
+}
+function normalizeTemporaryMitigation(options = {}, fromFilePayload = {}) {
+  const mitigationFromFile = fromFilePayload && typeof fromFilePayload.temporary_mitigation === 'object'
+    ? fromFilePayload.temporary_mitigation
+    : {};
+  if (!hasMitigationInput(options, fromFilePayload)) {
+    return { enabled: false };
+  }
+  return {
+    enabled: true,
+    reason: normalizeText(options.mitigationReason || mitigationFromFile.reason || mitigationFromFile.notes),
+    exit_criteria: normalizeText(options.mitigationExit || mitigationFromFile.exit_criteria || mitigationFromFile.exitCriteria),
+    cleanup_task: normalizeText(options.mitigationCleanup || mitigationFromFile.cleanup_task || mitigationFromFile.cleanupTask),
+    deadline_at: normalizeIsoTimestamp(
+      options.mitigationDeadline || mitigationFromFile.deadline_at || mitigationFromFile.deadlineAt,
+      '--mitigation-deadline'
+    ),
+    created_at: normalizeIsoTimestamp(mitigationFromFile.created_at || mitigationFromFile.createdAt, 'temporary_mitigation.created_at') || '',
+    updated_at: normalizeIsoTimestamp(mitigationFromFile.updated_at || mitigationFromFile.updatedAt, 'temporary_mitigation.updated_at') || '',
+    resolved_at: normalizeIsoTimestamp(mitigationFromFile.resolved_at || mitigationFromFile.resolvedAt, 'temporary_mitigation.resolved_at') || ''
+  };
+}
+function normalizeExistingTemporaryMitigation(value = {}) {
+  if (!value || typeof value !== 'object' || normalizeBoolean(value.enabled, false) !== true) {
+    return { enabled: false };
+  }
+  return {
+    enabled: true,
+    reason: normalizeText(value.reason || value.notes),
+    exit_criteria: normalizeText(value.exit_criteria || value.exitCriteria),
+    cleanup_task: normalizeText(value.cleanup_task || value.cleanupTask),
+    deadline_at: normalizeText(value.deadline_at || value.deadlineAt),
+    created_at: normalizeText(value.created_at || value.createdAt),
+    updated_at: normalizeText(value.updated_at || value.updatedAt),
+    resolved_at: normalizeText(value.resolved_at || value.resolvedAt)
+  };
+}
+function resolveMergedTemporaryMitigation(existingEntry = {}, incomingPayload = {}) {
+  const existing = normalizeExistingTemporaryMitigation(existingEntry.temporary_mitigation);
+  const incoming = normalizeExistingTemporaryMitigation(incomingPayload.temporary_mitigation);
+  if (!incoming.enabled) {
+    return existing;
+  }
+  return {
+    enabled: true,
+    reason: normalizeText(incoming.reason) || existing.reason || '',
+    exit_criteria: normalizeText(incoming.exit_criteria) || existing.exit_criteria || '',
+    cleanup_task: normalizeText(incoming.cleanup_task) || existing.cleanup_task || '',
+    deadline_at: normalizeText(incoming.deadline_at) || existing.deadline_at || '',
+    created_at: normalizeText(existing.created_at) || nowIso(),
+    updated_at: nowIso(),
+    resolved_at: ''
+  };
+}
+function markTemporaryMitigationResolved(entry = {}, resolvedAt = nowIso()) {
+  const current = normalizeExistingTemporaryMitigation(entry.temporary_mitigation);
+  if (!current.enabled || normalizeText(current.resolved_at)) {
+    return current.enabled ? {
+      ...current,
+      resolved_at: normalizeText(current.resolved_at) || resolvedAt,
+      updated_at: normalizeText(current.updated_at) || resolvedAt
+    } : { enabled: false };
+  }
+  return {
+    ...current,
+    resolved_at: resolvedAt,
+    updated_at: resolvedAt
+  };
+}
+function evaluateTemporaryMitigationPolicy(entry = {}) {
+  const mitigation = normalizeExistingTemporaryMitigation(entry.temporary_mitigation);
+  const status = normalizeStatus(entry.status, 'candidate');
+  if (!mitigation.enabled || ['promoted', 'deprecated'].includes(status)) {
+    return null;
+  }
+  if (normalizeText(mitigation.resolved_at)) {
+    return null;
+  }
+  const policyViolations = [];
+  if (!normalizeText(mitigation.exit_criteria)) {
+    policyViolations.push('temporary_mitigation.exit_criteria');
+  }
+  if (!normalizeText(mitigation.cleanup_task)) {
+    policyViolations.push('temporary_mitigation.cleanup_task');
+  }
+  const deadlineAtRaw = normalizeText(mitigation.deadline_at);
+  let deadlineAt = deadlineAtRaw;
+  let deadlineExpired = false;
+  if (!deadlineAtRaw) {
+    policyViolations.push('temporary_mitigation.deadline_at');
+  } else {
+    const parsed = Date.parse(deadlineAtRaw);
+    if (Number.isNaN(parsed)) {
+      policyViolations.push('temporary_mitigation.deadline_at:invalid_datetime');
+    } else {
+      deadlineAt = new Date(parsed).toISOString();
+      if (parsed <= Date.now()) {
+        deadlineExpired = true;
+        policyViolations.push('temporary_mitigation.deadline_at:expired');
+      }
+    }
+  }
+  return {
+    enabled: true,
+    reason: mitigation.reason,
+    exit_criteria: mitigation.exit_criteria,
+    cleanup_task: mitigation.cleanup_task,
+    deadline_at: deadlineAt,
+    deadline_expired: deadlineExpired,
+    policy_violations: policyViolations
+  };
+}
 function normalizeStatus(input, fallback = 'candidate') {
   const normalized = normalizeText(`${input || ''}`).toLowerCase();
   if (!normalized) {
@@ -262,9 +437,22 @@ function validateRecordPayload(payload) {
   if (status === 'verified' && (!Array.isArray(payload.verification_evidence) || payload.verification_evidence.length === 0)) {
     throw new Error('status=verified requires at least one --verification evidence');
   }
+  const mitigation = normalizeExistingTemporaryMitigation(payload.temporary_mitigation);
+  if (mitigation.enabled) {
+    if (!normalizeText(mitigation.exit_criteria)) {
+      throw new Error('temporary mitigation requires --mitigation-exit');
+    }
+    if (!normalizeText(mitigation.cleanup_task)) {
+      throw new Error('temporary mitigation requires --mitigation-cleanup');
+    }
+    if (!normalizeText(mitigation.deadline_at)) {
+      throw new Error('temporary mitigation requires --mitigation-deadline');
+    }
+  }
 }
 function normalizeRecordPayload(options = {}, fromFilePayload = {}) {
+  const temporaryMitigation = normalizeTemporaryMitigation(options, fromFilePayload);
   const payload = {
     title: normalizeText(options.title || fromFilePayload.title),
     symptom: normalizeText(options.symptom || fromFilePayload.symptom),
@@ -276,7 +464,11 @@ function normalizeRecordPayload(options = {}, fromFilePayload = {}) {
       options.verification,
       options.verificationEvidence
     ),
-    tags: normalizeStringList(fromFilePayload.tags, options.tags),
+    tags: normalizeStringList(
+      fromFilePayload.tags,
+      options.tags,
+      temporaryMitigation.enabled ? TEMPORARY_MITIGATION_TAG : []
+    ),
     ontology_tags: normalizeOntologyTags(fromFilePayload.ontology_tags, fromFilePayload.ontology, options.ontology),
     status: normalizeStatus(options.status || fromFilePayload.status || 'candidate'),
     source: {
@@ -284,6 +476,7 @@ function normalizeRecordPayload(options = {}, fromFilePayload = {}) {
       files: normalizeStringList(fromFilePayload?.source?.files, options.files),
       tests: normalizeStringList(fromFilePayload?.source?.tests, options.tests)
     },
+    temporary_mitigation: temporaryMitigation,
     notes: normalizeText(options.notes || fromFilePayload.notes),
     fingerprint: createFingerprint({
       fingerprint: options.fingerprint || fromFilePayload.fingerprint,
@@ -301,6 +494,8 @@ function createEntryId() {
 }
 function buildIndexSummary(entry) {
+  const mitigation = normalizeExistingTemporaryMitigation(entry.temporary_mitigation);
+  const mitigationActive = mitigation.enabled && !normalizeText(mitigation.resolved_at);
   return {
     id: entry.id,
     fingerprint: entry.fingerprint,
@@ -309,6 +504,8 @@ function buildIndexSummary(entry) {
     quality_score: entry.quality_score,
     tags: entry.tags,
     ontology_tags: entry.ontology_tags,
+    temporary_mitigation_active: mitigationActive,
+    temporary_mitigation_deadline_at: mitigationActive ? normalizeText(mitigation.deadline_at) : '',
     occurrences: entry.occurrences || 1,
     created_at: entry.created_at,
     updated_at: entry.updated_at
@@ -337,6 +534,12 @@ function findSummaryById(index, id) {
 }
 function mergeEntry(existingEntry, incomingPayload) {
+  const temporaryMitigation = resolveMergedTemporaryMitigation(existingEntry, incomingPayload);
+  const mergedTags = normalizeStringList(
+    existingEntry.tags,
+    incomingPayload.tags,
+    temporaryMitigation.enabled ? TEMPORARY_MITIGATION_TAG : []
+  );
   const merged = {
     ...existingEntry,
     title: normalizeText(incomingPayload.title) || existingEntry.title,
@@ -344,7 +547,7 @@ function mergeEntry(existingEntry, incomingPayload) {
     root_cause: normalizeText(incomingPayload.root_cause) || existingEntry.root_cause,
     fix_actions: normalizeStringList(existingEntry.fix_actions, incomingPayload.fix_actions),
     verification_evidence: normalizeStringList(existingEntry.verification_evidence, incomingPayload.verification_evidence),
-    tags: normalizeStringList(existingEntry.tags, incomingPayload.tags),
+    tags: mergedTags,
     ontology_tags: normalizeOntologyTags(existingEntry.ontology_tags, incomingPayload.ontology_tags),
     status: selectStatus(existingEntry.status, incomingPayload.status),
     notes: normalizeText(incomingPayload.notes) || existingEntry.notes || '',
@@ -353,6 +556,7 @@ function mergeEntry(existingEntry, incomingPayload) {
       files: normalizeStringList(existingEntry?.source?.files, incomingPayload?.source?.files),
       tests: normalizeStringList(existingEntry?.source?.tests, incomingPayload?.source?.tests)
     },
+    temporary_mitigation: temporaryMitigation,
     occurrences: Number(existingEntry.occurrences || 1) + 1,
     updated_at: nowIso()
   };
@@ -458,6 +662,179 @@ function scoreSearchMatch(entry, queryTokens) {
   return Number(score.toFixed(3));
 }
+function normalizeRiskLevel(value, fallback = 'high') {
+  const normalized = normalizeText(`${value || ''}`).toLowerCase();
+  if (!normalized) {
+    return fallback;
+  }
+  if (!ERRORBOOK_RISK_LEVELS.includes(normalized)) {
+    throw new Error(`risk level must be one of: ${ERRORBOOK_RISK_LEVELS.join(', ')}`);
+  }
+  return normalized;
+}
+function riskRank(level) {
+  const normalized = normalizeRiskLevel(level, 'high');
+  if (normalized === 'high') {
+    return 3;
+  }
+  if (normalized === 'medium') {
+    return 2;
+  }
+  return 1;
+}
+function evaluateEntryRisk(entry = {}) {
+  const status = normalizeStatus(entry.status, 'candidate');
+  if (status === 'promoted' || status === 'deprecated') {
+    return 'low';
+  }
+  const qualityScore = Number(entry.quality_score || 0);
+  const tags = normalizeStringList(entry.tags).map((item) => item.toLowerCase());
+  const ontologyTags = normalizeOntologyTags(entry.ontology_tags);
+  const hasHighRiskTag = tags.some((tag) => HIGH_RISK_SIGNAL_TAGS.includes(tag));
+  if (hasHighRiskTag) {
+    return 'high';
+  }
+  if (status === 'candidate' && qualityScore >= 85) {
+    return 'high';
+  }
+  if (status === 'candidate' && qualityScore >= 75 && ontologyTags.includes('decision_policy')) {
+    return 'high';
+  }
+  if (status === 'candidate') {
+    return 'medium';
+  }
+  if (qualityScore >= 85 && ontologyTags.includes('decision_policy')) {
+    return 'high';
+  }
+  return 'medium';
+}
+async function evaluateErrorbookReleaseGate(options = {}, dependencies = {}) {
+  const projectPath = dependencies.projectPath || process.cwd();
+  const fileSystem = dependencies.fileSystem || fs;
+  const paths = resolveErrorbookPaths(projectPath);
+  const index = await readErrorbookIndex(paths, fileSystem);
+  const minRisk = normalizeRiskLevel(options.minRisk || options.min_risk || 'high', 'high');
+  const includeVerified = options.includeVerified === true;
+  const inspected = [];
+  const mitigationInspected = [];
+  const mitigationBlocked = [];
+  for (const summary of index.entries) {
+    const entry = await readErrorbookEntry(paths, summary.id, fileSystem);
+    if (!entry) {
+      continue;
+    }
+    const status = normalizeStatus(entry.status, 'candidate');
+    const risk = evaluateEntryRisk(entry);
+    const mitigation = evaluateTemporaryMitigationPolicy(entry);
+    if (mitigation) {
+      const mitigationItem = {
+        id: entry.id,
+        title: entry.title,
+        status,
+        risk,
+        quality_score: Number(entry.quality_score || 0),
+        tags: normalizeStringList(entry.tags),
+        updated_at: entry.updated_at,
+        temporary_mitigation: mitigation
+      };
+      mitigationInspected.push(mitigationItem);
+      if (Array.isArray(mitigation.policy_violations) && mitigation.policy_violations.length > 0) {
+        mitigationBlocked.push({
+          ...mitigationItem,
+          block_reasons: ['temporary_mitigation_policy'],
+          policy_violations: mitigation.policy_violations
+        });
+      }
+    }
+    const unresolved = status === 'candidate' || (includeVerified && status === 'verified');
+    if (!unresolved) {
+      continue;
+    }
+    inspected.push({
+      id: entry.id,
+      title: entry.title,
+      status,
+      risk,
+      quality_score: Number(entry.quality_score || 0),
+      tags: normalizeStringList(entry.tags),
+      updated_at: entry.updated_at
+    });
+  }
+  const riskBlocked = inspected
+    .filter((item) => riskRank(item.risk) >= riskRank(minRisk))
+    .map((item) => ({
+      ...item,
+      block_reasons: ['risk_threshold']
+    }));
+  const blockedById = new Map();
+  for (const item of riskBlocked) {
+    blockedById.set(item.id, {
+      ...item,
+      policy_violations: []
+    });
+  }
+  for (const item of mitigationBlocked) {
+    const existing = blockedById.get(item.id);
+    if (!existing) {
+      blockedById.set(item.id, {
+        ...item,
+        policy_violations: Array.isArray(item.policy_violations) ? item.policy_violations : []
+      });
+      continue;
+    }
+    existing.block_reasons = normalizeStringList(existing.block_reasons, item.block_reasons);
+    existing.policy_violations = normalizeStringList(existing.policy_violations, item.policy_violations);
+    if (!existing.temporary_mitigation && item.temporary_mitigation) {
+      existing.temporary_mitigation = item.temporary_mitigation;
+    }
+    blockedById.set(existing.id, existing);
+  }
+  const blocked = Array.from(blockedById.values())
+    .sort((left, right) => {
+      const mitigationDiff = Number((right.policy_violations || []).length > 0) - Number((left.policy_violations || []).length > 0);
+      if (mitigationDiff !== 0) {
+        return mitigationDiff;
+      }
+      const riskDiff = riskRank(right.risk) - riskRank(left.risk);
+      if (riskDiff !== 0) {
+        return riskDiff;
+      }
+      const qualityDiff = Number(right.quality_score || 0) - Number(left.quality_score || 0);
+      if (qualityDiff !== 0) {
+        return qualityDiff;
+      }
+      return `${right.updated_at || ''}`.localeCompare(`${left.updated_at || ''}`);
+    });
+  return {
+    mode: 'errorbook-release-gate',
+    gate: {
+      min_risk: minRisk,
+      include_verified: includeVerified,
+      mitigation_policy_enforced: true
+    },
+    passed: blocked.length === 0,
+    inspected_count: inspected.length,
+    risk_blocked_count: riskBlocked.length,
+    mitigation_inspected_count: mitigationInspected.length,
+    mitigation_blocked_count: mitigationBlocked.length,
+    blocked_count: blocked.length,
+    blocked_entries: blocked
+  };
+}
 function validatePromoteCandidate(entry, minQuality = DEFAULT_PROMOTE_MIN_QUALITY) {
   const missing = [];
   if (!normalizeText(entry.root_cause)) {
@@ -506,6 +883,15 @@ async function runErrorbookRecordCommand(options = {}, dependencies = {}) {
     entry = mergeEntry(existingEntry, normalized);
     deduplicated = true;
   } else {
+    const temporaryMitigation = normalizeExistingTemporaryMitigation(normalized.temporary_mitigation);
+    const mitigationPayload = temporaryMitigation.enabled
+      ? {
+        ...temporaryMitigation,
+        created_at: nowIso(),
+        updated_at: nowIso(),
+        resolved_at: ''
+      }
+      : { enabled: false };
     entry = {
       api_version: ERRORBOOK_ENTRY_API_VERSION,
       id: createEntryId(),
@@ -521,6 +907,7 @@ async function runErrorbookRecordCommand(options = {}, dependencies = {}) {
       ontology_tags: normalized.ontology_tags,
       status: normalized.status,
       source: normalized.source,
+      temporary_mitigation: mitigationPayload,
       notes: normalized.notes || '',
       occurrences: 1
     };
@@ -643,6 +1030,7 @@ async function runErrorbookShowCommand(options = {}, dependencies = {}) {
   if (options.json) {
     console.log(JSON.stringify(result, null, 2));
   } else if (!options.silent) {
+    const mitigation = normalizeExistingTemporaryMitigation(entry.temporary_mitigation);
     console.log(chalk.cyan.bold(entry.title));
     console.log(chalk.gray(`id: ${entry.id}`));
     console.log(chalk.gray(`status: ${entry.status}`));
@@ -653,6 +1041,16 @@ async function runErrorbookShowCommand(options = {}, dependencies = {}) {
     console.log(chalk.gray(`fix_actions: ${entry.fix_actions.join(' | ')}`));
     console.log(chalk.gray(`verification: ${entry.verification_evidence.join(' | ') || '(none)'}`));
     console.log(chalk.gray(`ontology: ${entry.ontology_tags.join(', ') || '(none)'}`));
+    if (mitigation.enabled) {
+      const active = !normalizeText(mitigation.resolved_at);
+      console.log(chalk.gray(`temporary_mitigation: ${active ? 'active' : 'resolved'}`));
+      console.log(chalk.gray(`  exit: ${mitigation.exit_criteria || '(none)'}`));
+      console.log(chalk.gray(`  cleanup: ${mitigation.cleanup_task || '(none)'}`));
+      console.log(chalk.gray(`  deadline: ${mitigation.deadline_at || '(none)'}`));
+      if (mitigation.resolved_at) {
+        console.log(chalk.gray(`  resolved_at: ${mitigation.resolved_at}`));
+      }
+    }
   }
   return result;
@@ -758,6 +1156,7 @@ async function runErrorbookPromoteCommand(options = {}, dependencies = {}) {
   entry.status = 'promoted';
   entry.promoted_at = nowIso();
+  entry.temporary_mitigation = markTemporaryMitigationResolved(entry, entry.promoted_at);
   entry.updated_at = entry.promoted_at;
   await writeErrorbookEntry(paths, entry, fileSystem);
@@ -789,6 +1188,33 @@ async function runErrorbookPromoteCommand(options = {}, dependencies = {}) {
   return result;
 }
+async function runErrorbookReleaseGateCommand(options = {}, dependencies = {}) {
+  const payload = await evaluateErrorbookReleaseGate(options, dependencies);
+  if (options.json) {
+    console.log(JSON.stringify(payload, null, 2));
+  } else if (!options.silent) {
+    if (payload.passed) {
+      console.log(chalk.green('✓ Errorbook release gate passed'));
+      console.log(chalk.gray(`  inspected: ${payload.inspected_count}`));
+      return payload;
+    }
+    console.log(chalk.red('✗ Errorbook release gate blocked'));
+    console.log(chalk.gray(`  blocked: ${payload.blocked_count}`));
+    payload.blocked_entries.slice(0, 10).forEach((item) => {
+      console.log(chalk.gray(`  - ${item.id} [${item.risk}] ${item.title}`));
+    });
+  }
+  if (options.failOnBlock && !payload.passed) {
+    throw new Error(
+      `errorbook release gate blocked: ${payload.blocked_count} unresolved entries (min-risk=${payload.gate.min_risk})`
+    );
+  }
+  return payload;
+}
 async function runErrorbookDeprecateCommand(options = {}, dependencies = {}) {
   const projectPath = dependencies.projectPath || process.cwd();
   const fileSystem = dependencies.fileSystem || fs;
@@ -822,6 +1248,7 @@ async function runErrorbookDeprecateCommand(options = {}, dependencies = {}) {
   entry.status = 'deprecated';
   entry.updated_at = nowIso();
+  entry.temporary_mitigation = markTemporaryMitigationResolved(entry, entry.updated_at);
   entry.deprecated_at = entry.updated_at;
   entry.deprecation = {
     reason,
@@ -960,6 +1387,11 @@ function registerErrorbookCommands(program) {
     .option('--tags <csv>', 'Tags, comma-separated')
     .option('--ontology <csv>', `Ontology focus tags (${ERRORBOOK_ONTOLOGY_TAGS.join(', ')})`)
     .option('--status <status>', 'candidate|verified', 'candidate')
+    .option('--temporary-mitigation', 'Mark this entry as temporary fallback/mitigation (requires governance fields)')
+    .option('--mitigation-reason <text>', 'Temporary mitigation reason/context')
+    .option('--mitigation-exit <text>', 'Exit criteria that define mitigation cleanup completion')
+    .option('--mitigation-cleanup <text>', 'Cleanup task/spec to remove temporary mitigation')
+    .option('--mitigation-deadline <iso>', 'Deadline for mitigation cleanup (ISO datetime)')
     .option('--fingerprint <text>', 'Custom deduplication fingerprint')
     .option('--from <path>', 'Load payload from JSON file')
     .option('--spec <spec>', 'Related spec id/name')
@@ -1028,6 +1460,21 @@ function registerErrorbookCommands(program) {
       }
     });
+  errorbook
+    .command('release-gate')
+    .description('Block release on unresolved high-risk entries and temporary-mitigation policy violations')
+    .option('--min-risk <level>', 'Risk threshold (low|medium|high)', 'high')
+    .option('--include-verified', 'Also inspect verified (non-promoted) entries')
+    .option('--fail-on-block', 'Exit with error when gate is blocked')
+    .option('--json', 'Emit machine-readable JSON')
+    .action(async (options) => {
+      try {
+        await runErrorbookReleaseGateCommand(options);
+      } catch (error) {
+        emitCommandError(error, options.json);
+      }
+    });
   errorbook
     .command('deprecate <id>')
     .description('Deprecate low-value or obsolete entry')
@@ -1059,16 +1506,22 @@ function registerErrorbookCommands(program) {
 module.exports = {
   ERRORBOOK_STATUSES,
   ERRORBOOK_ONTOLOGY_TAGS,
+  ERRORBOOK_RISK_LEVELS,
+  TEMPORARY_MITIGATION_TAG,
+  HIGH_RISK_SIGNAL_TAGS,
   DEFAULT_PROMOTE_MIN_QUALITY,
   resolveErrorbookPaths,
   normalizeOntologyTags,
   normalizeRecordPayload,
   scoreQuality,
+  evaluateEntryRisk,
+  evaluateErrorbookReleaseGate,
   runErrorbookRecordCommand,
   runErrorbookListCommand,
   runErrorbookShowCommand,
   runErrorbookFindCommand,
   runErrorbookPromoteCommand,
+  runErrorbookReleaseGateCommand,
   runErrorbookDeprecateCommand,
   runErrorbookRequalifyCommand,
   registerErrorbookCommands