scene-capability-engine 3.6.3 → 3.6.4

package/lib/steering/steering-compliance-checker.js

@@ -19,10 +19,42 @@ class SteeringComplianceChecker {
       'CORE_PRINCIPLES.md',
       'ENVIRONMENT.md',
       'CURRENT_CONTEXT.md',
-      'RULES_GUIDE.md'
+      'RULES_GUIDE.md',
+      'manifest.yaml'
     ];
   }
 
+  /**
+   * Get list of allowed subdirectories in steering directory.
+   *
+   * @returns {string[]} Array of allowed directory names
+   */
+  getAllowedDirectories() {
+    return [
+      'compiled'
+    ];
+  }
+
+  /**
+   * Runtime temporary files used by steering lock/session coordination.
+   *
+   * @param {string} entryName
+   * @returns {boolean}
+   */
+  isAllowedRuntimeFile(entryName) {
+    const name = `${entryName || ''}`.trim();
+    if (!name) {
+      return false;
+    }
+    if (/\.lock$/i.test(name)) {
+      return true;
+    }
+    if (/\.pending\.[^.]+$/i.test(name)) {
+      return true;
+    }
+    return false;
+  }
+
   /**
    * Check if steering directory is compliant
    * 
@@ -37,19 +69,22 @@ class SteeringComplianceChecker {
 
     const violations = [];
     const allowedFiles = this.getAllowedFiles();
+    const allowedDirectories = this.getAllowedDirectories();
     
     try {
       const entries = fs.readdirSync(steeringPath, { withFileTypes: true });
       
       for (const entry of entries) {
         if (entry.isDirectory()) {
-          // Subdirectories are not allowed
-          violations.push({
-            type: 'subdirectory',
-            name: entry.name,
-            path: path.join(steeringPath, entry.name)
-          });
-        } else if (!allowedFiles.includes(entry.name)) {
+          if (!allowedDirectories.includes(entry.name)) {
+            // Subdirectories are not allowed unless explicitly allowlisted
+            violations.push({
+              type: 'subdirectory',
+              name: entry.name,
+              path: path.join(steeringPath, entry.name)
+            });
+          }
+        } else if (!allowedFiles.includes(entry.name) && !this.isAllowedRuntimeFile(entry.name)) {
           // File not in allowlist
           violations.push({
             type: 'disallowed_file',

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "scene-capability-engine",
-  "version": "3.6.3",
+  "version": "3.6.4",
   "description": "SCE (Scene Capability Engine) - A CLI tool and npm package for spec-driven development with AI coding assistants.",
   "main": "index.js",
   "bin": {
@@ -71,6 +71,7 @@
     "gate:release-ops-weekly": "node scripts/release-weekly-ops-gate.js",
     "gate:errorbook-release": "node scripts/errorbook-release-gate.js --fail-on-block",
     "gate:errorbook-registry-health": "node scripts/errorbook-registry-health-gate.js",
+    "gate:state-migration-reconciliation": "node scripts/state-migration-reconciliation-gate.js --json",
     "gate:git-managed": "node scripts/git-managed-gate.js --fail-on-violation",
     "gate:release-asset-integrity": "node scripts/release-asset-integrity-check.js",
     "report:release-risk-remediation": "node scripts/release-risk-remediation-bundle.js --json",