scene-capability-engine 3.3.21 → 3.3.22

package/CHANGELOG.md

@@ -7,6 +7,26 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 
 ## [Unreleased]
 
+## [3.3.22] - 2026-02-27
+
+### Added
+- Errorbook now supports governed temporary mitigation records (stop-bleeding only):
+  - `--temporary-mitigation`
+  - `--mitigation-reason`
+  - `--mitigation-exit`
+  - `--mitigation-cleanup`
+  - `--mitigation-deadline`
+
+### Changed
+- `errorbook release-gate` now blocks release on temporary mitigation policy violations in addition to risk threshold violations:
+  - missing exit criteria / cleanup task / deadline
+  - expired mitigation deadline
+- Steering baseline strengthened with explicit anti-workaround rules:
+  - core-path fail-fast (no silent swallow-and-continue)
+  - temporary fallback must be governed and time-bounded
+  - release must be blocked until fallback cleanup is completed
+- Command reference and release checklists updated (EN/ZH) for temporary mitigation governance.
+
 ## [3.3.21] - 2026-02-27
 
 ### Fixed

package/docs/command-reference.md

@@ -361,6 +361,19 @@ sce errorbook deprecate <entry-id> --reason "superseded by v2 policy" --json
 # Requalify deprecated entry after remediation review
 sce errorbook requalify <entry-id> --status verified --json
 
+# Record controlled temporary mitigation (stop-bleeding only, must include governance fields)
+sce errorbook record \
+  --title "Temporary fallback for order approval lock contention" \
+  --symptom "Fallback path enabled to keep approval flow available" \
+  --root-cause "Primary lock ordering fix is in progress" \
+  --fix-action "Ship lock ordering fix and remove fallback path" \
+  --temporary-mitigation \
+  --mitigation-reason "Emergency stop-bleeding in production" \
+  --mitigation-exit "Primary path concurrency tests are green" \
+  --mitigation-cleanup "spec/remove-order-approval-fallback" \
+  --mitigation-deadline 2026-03-15T00:00:00Z \
+  --json
+
 # Release hard gate (default in prepublish and studio release preflight)
 sce errorbook release-gate --min-risk high --fail-on-block --json
 
@@ -380,6 +393,13 @@ Curated quality policy (`宁缺毋滥，优胜略汰`) defaults:
 - `deprecate` requires explicit `--reason` to preserve elimination traceability.
 - `requalify` only accepts `candidate|verified`; `promoted` must still go through `promote` gate.
 - `release-gate` blocks release when unresolved high-risk `candidate` entries remain.
+- Temporary mitigation is allowed only as stop-bleeding and must include:
+  - `mitigation_exit` (exit criteria)
+  - `mitigation_cleanup` (cleanup task/spec)
+  - `mitigation_deadline` (deadline)
+- `release-gate` also blocks when temporary mitigation policy is violated:
+  - missing exit/cleanup/deadline metadata
+  - expired mitigation deadline
 - `git-managed-gate` blocks release when:
   - worktree has uncommitted changes
   - branch has no upstream

package/docs/release-checklist.md

@@ -107,6 +107,7 @@ Verify:
 - If GitHub/GitLab remote exists, current branch is upstream-tracked and fully synced (ahead=0, behind=0).
 - If customer has no GitHub/GitLab, gate can be bypassed by policy (`SCE_GIT_MANAGEMENT_ALLOW_NO_REMOTE=1`, default).
 - In CI/tag detached-HEAD contexts, branch/upstream sync checks are relaxed by default; enforce strict mode with `SCE_GIT_MANAGEMENT_STRICT_CI=1` when needed.
+- Errorbook release gate also enforces temporary mitigation governance: active fallback entries must include cleanup task + exit criteria + deadline, and must not be expired.
 
 ---
 

package/docs/zh/release-checklist.md

@@ -92,6 +92,7 @@ node scripts/git-managed-gate.js --fail-on-violation --json
 - 若配置了 GitHub/GitLab 远端：当前分支必须已设置 upstream 且与远端完全同步（ahead=0, behind=0）。
 - 若客户确实没有 GitHub/GitLab：可通过策略放行（`SCE_GIT_MANAGEMENT_ALLOW_NO_REMOTE=1`，默认开启）。
 - 在 CI/tag 的 detached HEAD 场景下，默认放宽分支/upstream 同步检查；如需强制严格校验，设置 `SCE_GIT_MANAGEMENT_STRICT_CI=1`。
+- Errorbook release gate 同时强制临时兜底治理：活动中的兜底记录必须包含退出条件、清理任务和截止时间，且不得过期。
 
 ---
 

package/lib/commands/errorbook.js

@@ -7,6 +7,7 @@ const Table = require('cli-table3');
 const ERRORBOOK_INDEX_API_VERSION = 'sce.errorbook.index/v0.1';
 const ERRORBOOK_ENTRY_API_VERSION = 'sce.errorbook.entry/v0.1';
 const ERRORBOOK_STATUSES = Object.freeze(['candidate', 'verified', 'promoted', 'deprecated']);
+const TEMPORARY_MITIGATION_TAG = 'temporary-mitigation';
 const STATUS_RANK = Object.freeze({
   deprecated: 0,
   candidate: 1,
@@ -71,6 +72,23 @@ function normalizeText(value) {
   return value.trim();
 }
 
+function normalizeBoolean(value, fallback = false) {
+  if (typeof value === 'boolean') {
+    return value;
+  }
+  const normalized = normalizeText(`${value || ''}`).toLowerCase();
+  if (!normalized) {
+    return fallback;
+  }
+  if (['1', 'true', 'yes', 'y', 'on'].includes(normalized)) {
+    return true;
+  }
+  if (['0', 'false', 'no', 'n', 'off'].includes(normalized)) {
+    return false;
+  }
+  return fallback;
+}
+
 function normalizeCsv(value) {
   if (Array.isArray(value)) {
     return value;
@@ -109,6 +127,18 @@ function normalizeStringList(...rawInputs) {
   return Array.from(new Set(merged));
 }
 
+function normalizeIsoTimestamp(value, fieldName = 'datetime') {
+  const normalized = normalizeText(value);
+  if (!normalized) {
+    return '';
+  }
+  const parsed = Date.parse(normalized);
+  if (Number.isNaN(parsed)) {
+    throw new Error(`${fieldName} must be a valid ISO datetime`);
+  }
+  return new Date(parsed).toISOString();
+}
+
 function normalizeOntologyTags(...rawInputs) {
   const normalized = normalizeStringList(...rawInputs).map((item) => item.toLowerCase());
   const mapped = normalized.map((item) => ONTOLOGY_TAG_ALIASES[item] || item);
@@ -116,6 +146,140 @@ function normalizeOntologyTags(...rawInputs) {
   return Array.from(new Set(valid));
 }
 
+function hasMitigationInput(options = {}, fromFilePayload = {}) {
+  const mitigation = fromFilePayload && typeof fromFilePayload.temporary_mitigation === 'object'
+    ? fromFilePayload.temporary_mitigation
+    : {};
+  return Boolean(
+    options.temporaryMitigation === true ||
+    normalizeBoolean(mitigation.enabled, false) ||
+    normalizeText(options.mitigationReason || mitigation.reason || mitigation.notes) ||
+    normalizeText(options.mitigationExit || mitigation.exit_criteria || mitigation.exitCriteria) ||
+    normalizeText(options.mitigationCleanup || mitigation.cleanup_task || mitigation.cleanupTask) ||
+    normalizeText(options.mitigationDeadline || mitigation.deadline_at || mitigation.deadlineAt)
+  );
+}
+
+function normalizeTemporaryMitigation(options = {}, fromFilePayload = {}) {
+  const mitigationFromFile = fromFilePayload && typeof fromFilePayload.temporary_mitigation === 'object'
+    ? fromFilePayload.temporary_mitigation
+    : {};
+  if (!hasMitigationInput(options, fromFilePayload)) {
+    return { enabled: false };
+  }
+
+  return {
+    enabled: true,
+    reason: normalizeText(options.mitigationReason || mitigationFromFile.reason || mitigationFromFile.notes),
+    exit_criteria: normalizeText(options.mitigationExit || mitigationFromFile.exit_criteria || mitigationFromFile.exitCriteria),
+    cleanup_task: normalizeText(options.mitigationCleanup || mitigationFromFile.cleanup_task || mitigationFromFile.cleanupTask),
+    deadline_at: normalizeIsoTimestamp(
+      options.mitigationDeadline || mitigationFromFile.deadline_at || mitigationFromFile.deadlineAt,
+      '--mitigation-deadline'
+    ),
+    created_at: normalizeIsoTimestamp(mitigationFromFile.created_at || mitigationFromFile.createdAt, 'temporary_mitigation.created_at') || '',
+    updated_at: normalizeIsoTimestamp(mitigationFromFile.updated_at || mitigationFromFile.updatedAt, 'temporary_mitigation.updated_at') || '',
+    resolved_at: normalizeIsoTimestamp(mitigationFromFile.resolved_at || mitigationFromFile.resolvedAt, 'temporary_mitigation.resolved_at') || ''
+  };
+}
+
+function normalizeExistingTemporaryMitigation(value = {}) {
+  if (!value || typeof value !== 'object' || normalizeBoolean(value.enabled, false) !== true) {
+    return { enabled: false };
+  }
+  return {
+    enabled: true,
+    reason: normalizeText(value.reason || value.notes),
+    exit_criteria: normalizeText(value.exit_criteria || value.exitCriteria),
+    cleanup_task: normalizeText(value.cleanup_task || value.cleanupTask),
+    deadline_at: normalizeText(value.deadline_at || value.deadlineAt),
+    created_at: normalizeText(value.created_at || value.createdAt),
+    updated_at: normalizeText(value.updated_at || value.updatedAt),
+    resolved_at: normalizeText(value.resolved_at || value.resolvedAt)
+  };
+}
+
+function resolveMergedTemporaryMitigation(existingEntry = {}, incomingPayload = {}) {
+  const existing = normalizeExistingTemporaryMitigation(existingEntry.temporary_mitigation);
+  const incoming = normalizeExistingTemporaryMitigation(incomingPayload.temporary_mitigation);
+  if (!incoming.enabled) {
+    return existing;
+  }
+
+  return {
+    enabled: true,
+    reason: normalizeText(incoming.reason) || existing.reason || '',
+    exit_criteria: normalizeText(incoming.exit_criteria) || existing.exit_criteria || '',
+    cleanup_task: normalizeText(incoming.cleanup_task) || existing.cleanup_task || '',
+    deadline_at: normalizeText(incoming.deadline_at) || existing.deadline_at || '',
+    created_at: normalizeText(existing.created_at) || nowIso(),
+    updated_at: nowIso(),
+    resolved_at: ''
+  };
+}
+
+function markTemporaryMitigationResolved(entry = {}, resolvedAt = nowIso()) {
+  const current = normalizeExistingTemporaryMitigation(entry.temporary_mitigation);
+  if (!current.enabled || normalizeText(current.resolved_at)) {
+    return current.enabled ? {
+      ...current,
+      resolved_at: normalizeText(current.resolved_at) || resolvedAt,
+      updated_at: normalizeText(current.updated_at) || resolvedAt
+    } : { enabled: false };
+  }
+  return {
+    ...current,
+    resolved_at: resolvedAt,
+    updated_at: resolvedAt
+  };
+}
+
+function evaluateTemporaryMitigationPolicy(entry = {}) {
+  const mitigation = normalizeExistingTemporaryMitigation(entry.temporary_mitigation);
+  const status = normalizeStatus(entry.status, 'candidate');
+  if (!mitigation.enabled || ['promoted', 'deprecated'].includes(status)) {
+    return null;
+  }
+  if (normalizeText(mitigation.resolved_at)) {
+    return null;
+  }
+
+  const policyViolations = [];
+  if (!normalizeText(mitigation.exit_criteria)) {
+    policyViolations.push('temporary_mitigation.exit_criteria');
+  }
+  if (!normalizeText(mitigation.cleanup_task)) {
+    policyViolations.push('temporary_mitigation.cleanup_task');
+  }
+  const deadlineAtRaw = normalizeText(mitigation.deadline_at);
+  let deadlineAt = deadlineAtRaw;
+  let deadlineExpired = false;
+  if (!deadlineAtRaw) {
+    policyViolations.push('temporary_mitigation.deadline_at');
+  } else {
+    const parsed = Date.parse(deadlineAtRaw);
+    if (Number.isNaN(parsed)) {
+      policyViolations.push('temporary_mitigation.deadline_at:invalid_datetime');
+    } else {
+      deadlineAt = new Date(parsed).toISOString();
+      if (parsed <= Date.now()) {
+        deadlineExpired = true;
+        policyViolations.push('temporary_mitigation.deadline_at:expired');
+      }
+    }
+  }
+
+  return {
+    enabled: true,
+    reason: mitigation.reason,
+    exit_criteria: mitigation.exit_criteria,
+    cleanup_task: mitigation.cleanup_task,
+    deadline_at: deadlineAt,
+    deadline_expired: deadlineExpired,
+    policy_violations: policyViolations
+  };
+}
+
 function normalizeStatus(input, fallback = 'candidate') {
   const normalized = normalizeText(`${input || ''}`).toLowerCase();
   if (!normalized) {
@@ -273,9 +437,22 @@ function validateRecordPayload(payload) {
   if (status === 'verified' && (!Array.isArray(payload.verification_evidence) || payload.verification_evidence.length === 0)) {
     throw new Error('status=verified requires at least one --verification evidence');
   }
+  const mitigation = normalizeExistingTemporaryMitigation(payload.temporary_mitigation);
+  if (mitigation.enabled) {
+    if (!normalizeText(mitigation.exit_criteria)) {
+      throw new Error('temporary mitigation requires --mitigation-exit');
+    }
+    if (!normalizeText(mitigation.cleanup_task)) {
+      throw new Error('temporary mitigation requires --mitigation-cleanup');
+    }
+    if (!normalizeText(mitigation.deadline_at)) {
+      throw new Error('temporary mitigation requires --mitigation-deadline');
+    }
+  }
 }
 
 function normalizeRecordPayload(options = {}, fromFilePayload = {}) {
+  const temporaryMitigation = normalizeTemporaryMitigation(options, fromFilePayload);
   const payload = {
     title: normalizeText(options.title || fromFilePayload.title),
     symptom: normalizeText(options.symptom || fromFilePayload.symptom),
@@ -287,7 +464,11 @@ function normalizeRecordPayload(options = {}, fromFilePayload = {}) {
       options.verification,
       options.verificationEvidence
     ),
-    tags: normalizeStringList(fromFilePayload.tags, options.tags),
+    tags: normalizeStringList(
+      fromFilePayload.tags,
+      options.tags,
+      temporaryMitigation.enabled ? TEMPORARY_MITIGATION_TAG : []
+    ),
     ontology_tags: normalizeOntologyTags(fromFilePayload.ontology_tags, fromFilePayload.ontology, options.ontology),
     status: normalizeStatus(options.status || fromFilePayload.status || 'candidate'),
     source: {
@@ -295,6 +476,7 @@ function normalizeRecordPayload(options = {}, fromFilePayload = {}) {
       files: normalizeStringList(fromFilePayload?.source?.files, options.files),
       tests: normalizeStringList(fromFilePayload?.source?.tests, options.tests)
     },
+    temporary_mitigation: temporaryMitigation,
     notes: normalizeText(options.notes || fromFilePayload.notes),
     fingerprint: createFingerprint({
       fingerprint: options.fingerprint || fromFilePayload.fingerprint,
@@ -312,6 +494,8 @@ function createEntryId() {
 }
 
 function buildIndexSummary(entry) {
+  const mitigation = normalizeExistingTemporaryMitigation(entry.temporary_mitigation);
+  const mitigationActive = mitigation.enabled && !normalizeText(mitigation.resolved_at);
   return {
     id: entry.id,
     fingerprint: entry.fingerprint,
@@ -320,6 +504,8 @@ function buildIndexSummary(entry) {
     quality_score: entry.quality_score,
     tags: entry.tags,
     ontology_tags: entry.ontology_tags,
+    temporary_mitigation_active: mitigationActive,
+    temporary_mitigation_deadline_at: mitigationActive ? normalizeText(mitigation.deadline_at) : '',
     occurrences: entry.occurrences || 1,
     created_at: entry.created_at,
     updated_at: entry.updated_at
@@ -348,6 +534,12 @@ function findSummaryById(index, id) {
 }
 
 function mergeEntry(existingEntry, incomingPayload) {
+  const temporaryMitigation = resolveMergedTemporaryMitigation(existingEntry, incomingPayload);
+  const mergedTags = normalizeStringList(
+    existingEntry.tags,
+    incomingPayload.tags,
+    temporaryMitigation.enabled ? TEMPORARY_MITIGATION_TAG : []
+  );
   const merged = {
     ...existingEntry,
     title: normalizeText(incomingPayload.title) || existingEntry.title,
@@ -355,7 +547,7 @@ function mergeEntry(existingEntry, incomingPayload) {
     root_cause: normalizeText(incomingPayload.root_cause) || existingEntry.root_cause,
     fix_actions: normalizeStringList(existingEntry.fix_actions, incomingPayload.fix_actions),
     verification_evidence: normalizeStringList(existingEntry.verification_evidence, incomingPayload.verification_evidence),
-    tags: normalizeStringList(existingEntry.tags, incomingPayload.tags),
+    tags: mergedTags,
     ontology_tags: normalizeOntologyTags(existingEntry.ontology_tags, incomingPayload.ontology_tags),
     status: selectStatus(existingEntry.status, incomingPayload.status),
     notes: normalizeText(incomingPayload.notes) || existingEntry.notes || '',
@@ -364,6 +556,7 @@ function mergeEntry(existingEntry, incomingPayload) {
       files: normalizeStringList(existingEntry?.source?.files, incomingPayload?.source?.files),
       tests: normalizeStringList(existingEntry?.source?.tests, incomingPayload?.source?.tests)
     },
+    temporary_mitigation: temporaryMitigation,
     occurrences: Number(existingEntry.occurrences || 1) + 1,
     updated_at: nowIso()
   };
@@ -529,6 +722,8 @@ async function evaluateErrorbookReleaseGate(options = {}, dependencies = {}) {
   const includeVerified = options.includeVerified === true;
 
   const inspected = [];
+  const mitigationInspected = [];
+  const mitigationBlocked = [];
   for (const summary of index.entries) {
     const entry = await readErrorbookEntry(paths, summary.id, fileSystem);
     if (!entry) {
@@ -536,12 +731,34 @@ async function evaluateErrorbookReleaseGate(options = {}, dependencies = {}) {
     }
 
     const status = normalizeStatus(entry.status, 'candidate');
+    const risk = evaluateEntryRisk(entry);
+    const mitigation = evaluateTemporaryMitigationPolicy(entry);
+    if (mitigation) {
+      const mitigationItem = {
+        id: entry.id,
+        title: entry.title,
+        status,
+        risk,
+        quality_score: Number(entry.quality_score || 0),
+        tags: normalizeStringList(entry.tags),
+        updated_at: entry.updated_at,
+        temporary_mitigation: mitigation
+      };
+      mitigationInspected.push(mitigationItem);
+      if (Array.isArray(mitigation.policy_violations) && mitigation.policy_violations.length > 0) {
+        mitigationBlocked.push({
+          ...mitigationItem,
+          block_reasons: ['temporary_mitigation_policy'],
+          policy_violations: mitigation.policy_violations
+        });
+      }
+    }
+
     const unresolved = status === 'candidate' || (includeVerified && status === 'verified');
     if (!unresolved) {
       continue;
     }
 
-    const risk = evaluateEntryRisk(entry);
     inspected.push({
       id: entry.id,
       title: entry.title,
@@ -553,9 +770,43 @@ async function evaluateErrorbookReleaseGate(options = {}, dependencies = {}) {
     });
   }
 
-  const blocked = inspected
+  const riskBlocked = inspected
     .filter((item) => riskRank(item.risk) >= riskRank(minRisk))
+    .map((item) => ({
+      ...item,
+      block_reasons: ['risk_threshold']
+    }));
+
+  const blockedById = new Map();
+  for (const item of riskBlocked) {
+    blockedById.set(item.id, {
+      ...item,
+      policy_violations: []
+    });
+  }
+  for (const item of mitigationBlocked) {
+    const existing = blockedById.get(item.id);
+    if (!existing) {
+      blockedById.set(item.id, {
+        ...item,
+        policy_violations: Array.isArray(item.policy_violations) ? item.policy_violations : []
+      });
+      continue;
+    }
+    existing.block_reasons = normalizeStringList(existing.block_reasons, item.block_reasons);
+    existing.policy_violations = normalizeStringList(existing.policy_violations, item.policy_violations);
+    if (!existing.temporary_mitigation && item.temporary_mitigation) {
+      existing.temporary_mitigation = item.temporary_mitigation;
+    }
+    blockedById.set(existing.id, existing);
+  }
+
+  const blocked = Array.from(blockedById.values())
     .sort((left, right) => {
+      const mitigationDiff = Number((right.policy_violations || []).length > 0) - Number((left.policy_violations || []).length > 0);
+      if (mitigationDiff !== 0) {
+        return mitigationDiff;
+      }
       const riskDiff = riskRank(right.risk) - riskRank(left.risk);
       if (riskDiff !== 0) {
         return riskDiff;
@@ -571,10 +822,14 @@ async function evaluateErrorbookReleaseGate(options = {}, dependencies = {}) {
     mode: 'errorbook-release-gate',
     gate: {
       min_risk: minRisk,
-      include_verified: includeVerified
+      include_verified: includeVerified,
+      mitigation_policy_enforced: true
     },
     passed: blocked.length === 0,
     inspected_count: inspected.length,
+    risk_blocked_count: riskBlocked.length,
+    mitigation_inspected_count: mitigationInspected.length,
+    mitigation_blocked_count: mitigationBlocked.length,
     blocked_count: blocked.length,
     blocked_entries: blocked
   };
@@ -628,6 +883,15 @@ async function runErrorbookRecordCommand(options = {}, dependencies = {}) {
     entry = mergeEntry(existingEntry, normalized);
     deduplicated = true;
   } else {
+    const temporaryMitigation = normalizeExistingTemporaryMitigation(normalized.temporary_mitigation);
+    const mitigationPayload = temporaryMitigation.enabled
+      ? {
+        ...temporaryMitigation,
+        created_at: nowIso(),
+        updated_at: nowIso(),
+        resolved_at: ''
+      }
+      : { enabled: false };
     entry = {
       api_version: ERRORBOOK_ENTRY_API_VERSION,
       id: createEntryId(),
@@ -643,6 +907,7 @@ async function runErrorbookRecordCommand(options = {}, dependencies = {}) {
       ontology_tags: normalized.ontology_tags,
       status: normalized.status,
       source: normalized.source,
+      temporary_mitigation: mitigationPayload,
       notes: normalized.notes || '',
       occurrences: 1
     };
@@ -765,6 +1030,7 @@ async function runErrorbookShowCommand(options = {}, dependencies = {}) {
   if (options.json) {
     console.log(JSON.stringify(result, null, 2));
   } else if (!options.silent) {
+    const mitigation = normalizeExistingTemporaryMitigation(entry.temporary_mitigation);
     console.log(chalk.cyan.bold(entry.title));
     console.log(chalk.gray(`id: ${entry.id}`));
     console.log(chalk.gray(`status: ${entry.status}`));
@@ -775,6 +1041,16 @@ async function runErrorbookShowCommand(options = {}, dependencies = {}) {
     console.log(chalk.gray(`fix_actions: ${entry.fix_actions.join(' | ')}`));
     console.log(chalk.gray(`verification: ${entry.verification_evidence.join(' | ') || '(none)'}`));
     console.log(chalk.gray(`ontology: ${entry.ontology_tags.join(', ') || '(none)'}`));
+    if (mitigation.enabled) {
+      const active = !normalizeText(mitigation.resolved_at);
+      console.log(chalk.gray(`temporary_mitigation: ${active ? 'active' : 'resolved'}`));
+      console.log(chalk.gray(`  exit: ${mitigation.exit_criteria || '(none)'}`));
+      console.log(chalk.gray(`  cleanup: ${mitigation.cleanup_task || '(none)'}`));
+      console.log(chalk.gray(`  deadline: ${mitigation.deadline_at || '(none)'}`));
+      if (mitigation.resolved_at) {
+        console.log(chalk.gray(`  resolved_at: ${mitigation.resolved_at}`));
+      }
+    }
   }
 
   return result;
@@ -880,6 +1156,7 @@ async function runErrorbookPromoteCommand(options = {}, dependencies = {}) {
 
   entry.status = 'promoted';
   entry.promoted_at = nowIso();
+  entry.temporary_mitigation = markTemporaryMitigationResolved(entry, entry.promoted_at);
   entry.updated_at = entry.promoted_at;
   await writeErrorbookEntry(paths, entry, fileSystem);
 
@@ -971,6 +1248,7 @@ async function runErrorbookDeprecateCommand(options = {}, dependencies = {}) {
 
   entry.status = 'deprecated';
   entry.updated_at = nowIso();
+  entry.temporary_mitigation = markTemporaryMitigationResolved(entry, entry.updated_at);
   entry.deprecated_at = entry.updated_at;
   entry.deprecation = {
     reason,
@@ -1109,6 +1387,11 @@ function registerErrorbookCommands(program) {
     .option('--tags <csv>', 'Tags, comma-separated')
     .option('--ontology <csv>', `Ontology focus tags (${ERRORBOOK_ONTOLOGY_TAGS.join(', ')})`)
     .option('--status <status>', 'candidate|verified', 'candidate')
+    .option('--temporary-mitigation', 'Mark this entry as temporary fallback/mitigation (requires governance fields)')
+    .option('--mitigation-reason <text>', 'Temporary mitigation reason/context')
+    .option('--mitigation-exit <text>', 'Exit criteria that define mitigation cleanup completion')
+    .option('--mitigation-cleanup <text>', 'Cleanup task/spec to remove temporary mitigation')
+    .option('--mitigation-deadline <iso>', 'Deadline for mitigation cleanup (ISO datetime)')
     .option('--fingerprint <text>', 'Custom deduplication fingerprint')
     .option('--from <path>', 'Load payload from JSON file')
     .option('--spec <spec>', 'Related spec id/name')
@@ -1179,7 +1462,7 @@ function registerErrorbookCommands(program) {
 
   errorbook
     .command('release-gate')
-    .description('Block release on unresolved high-risk candidate entries')
+    .description('Block release on unresolved high-risk entries and temporary-mitigation policy violations')
     .option('--min-risk <level>', 'Risk threshold (low|medium|high)', 'high')
     .option('--include-verified', 'Also inspect verified (non-promoted) entries')
     .option('--fail-on-block', 'Exit with error when gate is blocked')
@@ -1224,6 +1507,7 @@ module.exports = {
   ERRORBOOK_STATUSES,
   ERRORBOOK_ONTOLOGY_TAGS,
   ERRORBOOK_RISK_LEVELS,
+  TEMPORARY_MITIGATION_TAG,
   HIGH_RISK_SIGNAL_TAGS,
   DEFAULT_PROMOTE_MIN_QUALITY,
   resolveErrorbookPaths,

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "scene-capability-engine",
-  "version": "3.3.21",
+  "version": "3.3.22",
   "description": "SCE (Scene Capability Engine) - A CLI tool and npm package for spec-driven development with AI coding assistants.",
   "main": "index.js",
   "bin": {

package/template/.sce/steering/CORE_PRINCIPLES.md

@@ -147,6 +147,15 @@
 
 **硬规则**: ❌ 禁止通过关闭校验、跳过测试、降级关键路径、屏蔽异常等方式“假修复”
 
+**失败显式原则**: 核心路径禁止吞错继续。无法确认安全修复时，必须 `fail-fast + 明确告警`，不得用静默回退伪装成功
+
+**兜底治理原则**: 允许临时兜底仅用于止血，不得替代根因修复；临时兜底必须结构化记录：
+1) 退出条件（exit criteria）  
+2) 清理任务（cleanup task/spec）  
+3) 截止时间（deadline）
+
+**发布门禁**: 若存在临时兜底但缺少上述治理信息，或已超过截止时间未清理，默认阻断发布（`errorbook release-gate`）
+
 **复杂问题定位方法**: 优先使用 debug 日志与可观测信号定位（输入、输出、关键分支、异常栈、上下文参数），先还原执行路径再下结论
 
 **修复后清理要求**: 问题修复并验证通过后，必须清理临时 debug 日志、临时埋点、一次性脚本和调试开关；需要长期保留的日志必须转为可配置观测项且默认关闭
@@ -182,4 +191,4 @@
 
 ---
 
-v17.0 | 2026-02-26 | 新增 Scene 主会话强制治理原则
+v18.0 | 2026-02-27 | 强化根因修复与临时兜底发布门禁原则