scene-capability-engine 3.3.21 → 3.3.23

package/CHANGELOG.md

@@ -7,6 +7,26 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 
 ## [Unreleased]
 
+## [3.3.22] - 2026-02-27
+
+### Added
+- Errorbook now supports governed temporary mitigation records (stop-bleeding only):
+  - `--temporary-mitigation`
+  - `--mitigation-reason`
+  - `--mitigation-exit`
+  - `--mitigation-cleanup`
+  - `--mitigation-deadline`
+
+### Changed
+- `errorbook release-gate` now blocks release on temporary mitigation policy violations in addition to risk threshold violations:
+  - missing exit criteria / cleanup task / deadline
+  - expired mitigation deadline
+- Steering baseline strengthened with explicit anti-workaround rules:
+  - core-path fail-fast (no silent swallow-and-continue)
+  - temporary fallback must be governed and time-bounded
+  - release must be blocked until fallback cleanup is completed
+- Command reference and release checklists updated (EN/ZH) for temporary mitigation governance.
+
 ## [3.3.21] - 2026-02-27
 
 ### Fixed

package/docs/command-reference.md

@@ -351,6 +351,16 @@ sce errorbook record \
 sce errorbook list --status promoted --min-quality 75 --json
 sce errorbook show <entry-id> --json
 sce errorbook find --query "approve order timeout" --limit 10 --json
+sce errorbook find --query "approve order timeout" --include-registry --json
+# Prefer remote indexed search for large registry
+sce errorbook find --query "approve order timeout" --include-registry --registry-mode remote --json
+sce errorbook find --query "approve order timeout" --include-registry --registry-mode hybrid --json
+
+# Export curated local entries for central registry publication
+sce errorbook export --status promoted --min-quality 75 --out .sce/errorbook/exports/registry.json --json
+
+# Sync central registry (GitHub raw URL or local file) to local cache
+sce errorbook sync-registry --source https://raw.githubusercontent.com/heguangyong/sce-errorbook-registry/main/registry/errorbook-registry.json --json
 
 # Promote only after strict gate checks pass
 sce errorbook promote <entry-id> --json
@@ -361,6 +371,19 @@ sce errorbook deprecate <entry-id> --reason "superseded by v2 policy" --json
 # Requalify deprecated entry after remediation review
 sce errorbook requalify <entry-id> --status verified --json
 
+# Record controlled temporary mitigation (stop-bleeding only, must include governance fields)
+sce errorbook record \
+  --title "Temporary fallback for order approval lock contention" \
+  --symptom "Fallback path enabled to keep approval flow available" \
+  --root-cause "Primary lock ordering fix is in progress" \
+  --fix-action "Ship lock ordering fix and remove fallback path" \
+  --temporary-mitigation \
+  --mitigation-reason "Emergency stop-bleeding in production" \
+  --mitigation-exit "Primary path concurrency tests are green" \
+  --mitigation-cleanup "spec/remove-order-approval-fallback" \
+  --mitigation-deadline 2026-03-15T00:00:00Z \
+  --json
+
 # Release hard gate (default in prepublish and studio release preflight)
 sce errorbook release-gate --min-risk high --fail-on-block --json
 
@@ -380,6 +403,17 @@ Curated quality policy (`宁缺毋滥，优胜略汰`) defaults:
 - `deprecate` requires explicit `--reason` to preserve elimination traceability.
 - `requalify` only accepts `candidate|verified`; `promoted` must still go through `promote` gate.
 - `release-gate` blocks release when unresolved high-risk `candidate` entries remain.
+- Temporary mitigation is allowed only as stop-bleeding and must include:
+  - `mitigation_exit` (exit criteria)
+  - `mitigation_cleanup` (cleanup task/spec)
+  - `mitigation_deadline` (deadline)
+- `release-gate` also blocks when temporary mitigation policy is violated:
+  - missing exit/cleanup/deadline metadata
+  - expired mitigation deadline
+- `export` outputs a machine-readable registry bundle from curated local entries (recommended default: `promoted`, `quality>=75`).
+- `sync-registry` pulls external registry JSON into local cache (`.sce/errorbook/registry-cache.json`) for unified `find` retrieval.
+- `find --include-registry --registry-mode remote` supports direct remote query for large registries (no full local sync required).
+- Recommended for large registries: maintain a remote index file (`registry/errorbook-registry.index.json`) and shard files, then provide `index_url` in registry config.
 - `git-managed-gate` blocks release when:
   - worktree has uncommitted changes
   - branch has no upstream
@@ -2016,6 +2050,7 @@ Overall Health: 2 healthy, 1 unhealthy
 - [Cross-Tool Guide](./cross-tool-guide.md)
 - [Adoption Guide](./adoption-guide.md)
 - [Developer Guide](./developer-guide.md)
+- [Errorbook Registry Guide](./errorbook-registry.md)
 
 ---
 

package/docs/errorbook-registry.md

@@ -0,0 +1,116 @@
+# Errorbook Registry Guide
+
+This guide defines how to run a shared, cross-project `errorbook` registry as a dedicated GitHub repository.
+
+## 1) Repository Scope
+
+- Repository role: shared curated failure/remediation knowledge.
+- Recommended repo name: `sce-errorbook-registry`.
+- Keep this repository independent from scene/spec template repositories.
+
+## 2) Recommended Repository Structure
+
+```text
+sce-errorbook-registry/
+  registry/
+    errorbook-registry.json
+  README.md
+```
+
+`registry/errorbook-registry.json` should follow:
+
+```json
+{
+  "api_version": "sce.errorbook.registry/v0.1",
+  "generated_at": "2026-02-27T00:00:00.000Z",
+  "source": {
+    "project": "curation-pipeline",
+    "statuses": ["promoted"],
+    "min_quality": 75
+  },
+  "total_entries": 0,
+  "entries": []
+}
+```
+
+For large registries, add an index + shard layout:
+
+```text
+registry/
+  errorbook-registry.index.json
+  shards/
+    order.json
+    payment.json
+    auth.json
+```
+
+Example `registry/errorbook-registry.index.json`:
+
+```json
+{
+  "api_version": "sce.errorbook.registry-index/v0.1",
+  "generated_at": "2026-02-27T00:00:00.000Z",
+  "min_token_length": 2,
+  "token_to_bucket": {
+    "order": "order",
+    "approve": "order",
+    "payment": "payment"
+  },
+  "buckets": {
+    "order": "https://raw.githubusercontent.com/heguangyong/sce-errorbook-registry/main/registry/shards/order.json",
+    "payment": "https://raw.githubusercontent.com/heguangyong/sce-errorbook-registry/main/registry/shards/payment.json"
+  }
+}
+```
+
+## 3) Project-Side Configuration
+
+Create `.sce/config/errorbook-registry.json`:
+
+```json
+{
+  "enabled": true,
+  "search_mode": "remote",
+  "cache_file": ".sce/errorbook/registry-cache.json",
+  "sources": [
+    {
+      "name": "central",
+      "enabled": true,
+      "url": "https://raw.githubusercontent.com/heguangyong/sce-errorbook-registry/main/registry/errorbook-registry.json",
+      "index_url": "https://raw.githubusercontent.com/heguangyong/sce-errorbook-registry/main/registry/errorbook-registry.index.json"
+    }
+  ]
+}
+```
+
+Notes:
+- `url` must be a raw JSON URL (`raw.githubusercontent.com`) or use a local file path.
+- `search_mode` supports `cache|remote|hybrid` (recommended: `remote` for very large registries).
+- Local cache file is used by cache/hybrid mode.
+
+## 4) Daily Workflow
+
+1. Export curated local entries:
+```bash
+sce errorbook export --status promoted --min-quality 75 --out .sce/errorbook/exports/registry.json --json
+```
+
+2. Merge approved entries into central repo `registry/errorbook-registry.json`.
+
+3. Sync central registry into local cache:
+```bash
+sce errorbook sync-registry --source https://raw.githubusercontent.com/heguangyong/sce-errorbook-registry/main/registry/errorbook-registry.json --json
+```
+
+4. Search local + shared entries:
+```bash
+sce errorbook find --query "approve order timeout" --include-registry --json
+sce errorbook find --query "approve order timeout" --include-registry --registry-mode remote --json
+```
+
+## 5) Governance Rules
+
+- Publish to central registry only curated entries (recommended: `status=promoted` and `quality>=75`).
+- Do not publish sensitive tenant/customer data.
+- Temporary mitigation entries must remain bounded and governed (exit criteria, cleanup task, deadline).
+- Keep central registry append-only by PR review; deprecate low-value entries through normal curation.

package/docs/release-checklist.md

@@ -107,6 +107,7 @@ Verify:
 - If GitHub/GitLab remote exists, current branch is upstream-tracked and fully synced (ahead=0, behind=0).
 - If customer has no GitHub/GitLab, gate can be bypassed by policy (`SCE_GIT_MANAGEMENT_ALLOW_NO_REMOTE=1`, default).
 - In CI/tag detached-HEAD contexts, branch/upstream sync checks are relaxed by default; enforce strict mode with `SCE_GIT_MANAGEMENT_STRICT_CI=1` when needed.
+- Errorbook release gate also enforces temporary mitigation governance: active fallback entries must include cleanup task + exit criteria + deadline, and must not be expired.
 
 ---
 

package/docs/zh/release-checklist.md

@@ -92,6 +92,7 @@ node scripts/git-managed-gate.js --fail-on-violation --json
 - 若配置了 GitHub/GitLab 远端：当前分支必须已设置 upstream 且与远端完全同步（ahead=0, behind=0）。
 - 若客户确实没有 GitHub/GitLab：可通过策略放行（`SCE_GIT_MANAGEMENT_ALLOW_NO_REMOTE=1`，默认开启）。
 - 在 CI/tag 的 detached HEAD 场景下，默认放宽分支/upstream 同步检查；如需强制严格校验，设置 `SCE_GIT_MANAGEMENT_STRICT_CI=1`。
+- Errorbook release gate 同时强制临时兜底治理：活动中的兜底记录必须包含退出条件、清理任务和截止时间，且不得过期。
 
 ---
 

package/lib/adoption/adoption-strategy.js

@@ -113,6 +113,8 @@ class AdoptionStrategy {
       'steering/CURRENT_CONTEXT.md',
       'steering/RULES_GUIDE.md',
       'config/studio-security.json',
+      'config/orchestrator.json',
+      'config/errorbook-registry.json',
       'specs/SPEC_WORKFLOW_GUIDE.md',
       'hooks/sync-tasks-on-edit.sce.hook',
       'hooks/check-spec-on-create.sce.hook',

package/lib/adoption/backup-manager.js

@@ -316,6 +316,8 @@ class BackupManager {
       'steering/CORE_PRINCIPLES.md',
       'steering/ENVIRONMENT.md',
       'config/studio-security.json',
+      'config/orchestrator.json',
+      'config/errorbook-registry.json',
       'version.json',
       'adoption-config.json'
     ];

package/lib/adoption/detection-engine.js

@@ -162,6 +162,8 @@ class DetectionEngine {
         'steering/RULES_GUIDE.md',
         'tools/ultrawork_enhancer.py',
         'config/studio-security.json',
+        'config/orchestrator.json',
+        'config/errorbook-registry.json',
         'README.md',
         'ultrawork-application-guide.md',
         'ultrawork-integration-summary.md',

package/lib/adoption/file-classifier.js

@@ -63,7 +63,9 @@ class FileClassifier {
     this.configPatterns = [
       'version.json',
       'adoption-config.json',
-      'config/studio-security.json'
+      'config/studio-security.json',
+      'config/orchestrator.json',
+      'config/errorbook-registry.json'
     ];
 
     // Generated directory patterns

package/lib/adoption/smart-orchestrator.js

@@ -283,6 +283,8 @@ class SmartOrchestrator {
       'steering/RULES_GUIDE.md',
       'tools/ultrawork_enhancer.py',
       'config/studio-security.json',
+      'config/orchestrator.json',
+      'config/errorbook-registry.json',
       'README.md'
     ];
 

package/lib/adoption/strategy-selector.js

@@ -110,6 +110,8 @@ class StrategySelector {
         'steering/RULES_GUIDE.md',
         'tools/ultrawork_enhancer.py',
         'config/studio-security.json',
+        'config/orchestrator.json',
+        'config/errorbook-registry.json',
         'README.md'
       ];
 

package/lib/adoption/template-sync.js

@@ -29,6 +29,8 @@ class TemplateSync {
       'steering/RULES_GUIDE.md',
       'tools/ultrawork_enhancer.py',
       'config/studio-security.json',
+      'config/orchestrator.json',
+      'config/errorbook-registry.json',
       'README.md',
       'ultrawork-application-guide.md',
       'ultrawork-integration-summary.md',