scene-capability-engine 3.6.37 → 3.6.39

package/lib/state/state-storage-policy.js

@@ -0,0 +1,179 @@
+'use strict';
+
+const DEFAULT_STATE_STORAGE_POLICY = Object.freeze({
+  schema_version: '1.0',
+  strategy: 'selective-sqlite-advancement',
+  tiers: {
+    'file-source': {
+      description: 'Canonical file-backed storage for low-cardinality config, raw evidence, audit streams, and recovery-oriented payloads.'
+    },
+    'sqlite-index': {
+      description: 'SQLite index/registry layer for file-backed resources that need high-frequency filtering, sorting, and cross-run aggregation.'
+    },
+    'derived-sqlite-projection': {
+      description: 'Disposable SQLite projection rebuilt from canonical files for append-only streams with query pressure.'
+    }
+  },
+  admission: {
+    required_signals: [
+      'cross-run or cross-session query pressure is proven',
+      'file scans are materially weaker than indexed filtering/sorting',
+      'sqlite content remains rebuildable from a canonical source',
+      'operator diagnostics and reconcile path are defined before rollout'
+    ],
+    deny_if_any: [
+      'resource is the only copy of raw audit or evidence payload',
+      'resource is low-cardinality personal workspace or preference state',
+      'human-readable diff and manual recovery are more valuable than query speed',
+      'migration would introduce silent source-of-truth cutover'
+    ],
+    future_candidate_checklist: [
+      'identify canonical source path or stream',
+      'document expected query patterns and consumers',
+      'define rebuild and reconcile semantics',
+      'define release gate or audit behavior for drift states',
+      'document why existing file-only storage is insufficient'
+    ]
+  },
+  component_scope: [
+    {
+      component_id: 'collab.agent-registry',
+      tier: 'sqlite-index',
+      canonical_source: 'file',
+      source_path: '.sce/config/agent-registry.json',
+      sqlite_tables: ['agent_runtime_registry'],
+      rationale: 'Registry-style lookup with repeated status and capability queries.'
+    },
+    {
+      component_id: 'runtime.timeline-index',
+      tier: 'sqlite-index',
+      canonical_source: 'file',
+      source_path: '.sce/timeline/index.json',
+      sqlite_tables: ['timeline_snapshot_registry'],
+      rationale: 'Timeline index benefits from filtered and cross-session reads while file snapshots remain recoverable source artifacts.'
+    },
+    {
+      component_id: 'runtime.scene-session-index',
+      tier: 'sqlite-index',
+      canonical_source: 'file',
+      source_path: '.sce/session-governance/scene-index.json',
+      sqlite_tables: ['scene_session_cycle_registry'],
+      rationale: 'Scene/session lookups have query pressure and consistency checks but still rely on file session payloads.'
+    },
+    {
+      component_id: 'errorbook.entry-index',
+      tier: 'sqlite-index',
+      canonical_source: 'file',
+      source_path: '.sce/errorbook/index.json',
+      sqlite_tables: ['errorbook_entry_index_registry'],
+      rationale: 'Promoted errorbook registry queries benefit from indexed status and quality filtering.'
+    },
+    {
+      component_id: 'errorbook.incident-index',
+      tier: 'sqlite-index',
+      canonical_source: 'file',
+      source_path: '.sce/errorbook/staging/index.json',
+      sqlite_tables: ['errorbook_incident_index_registry'],
+      rationale: 'Incident staging state requires queryable triage views without replacing raw incident artifacts.'
+    },
+    {
+      component_id: 'governance.spec-scene-overrides',
+      tier: 'sqlite-index',
+      canonical_source: 'file',
+      source_path: '.sce/spec-governance/spec-scene-overrides.json',
+      sqlite_tables: ['governance_spec_scene_override_registry'],
+      rationale: 'Override lookups are registry-like and join naturally with other governance indexes.'
+    },
+    {
+      component_id: 'governance.scene-index',
+      tier: 'sqlite-index',
+      canonical_source: 'file',
+      source_path: '.sce/spec-governance/scene-index.json',
+      sqlite_tables: ['governance_scene_index_registry'],
+      rationale: 'Scene governance summaries are better served by indexed counts and status filters.'
+    },
+    {
+      component_id: 'release.evidence-runs-index',
+      tier: 'sqlite-index',
+      canonical_source: 'file',
+      source_path: '.sce/reports/release-evidence/handoff-runs.json',
+      sqlite_tables: ['release_evidence_run_registry'],
+      rationale: 'Release evidence run summaries need fast historical querying while release assets remain file-backed.'
+    },
+    {
+      component_id: 'release.gate-history-index',
+      tier: 'sqlite-index',
+      canonical_source: 'file',
+      source_path: '.sce/reports/release-evidence/release-gate-history.json',
+      sqlite_tables: ['release_gate_history_registry'],
+      rationale: 'Gate history is registry-shaped and queried by tag, pass/fail, and drift metrics.'
+    }
+  ],
+  resource_rules: [
+    {
+      rule_id: 'workspace-personal-state',
+      tier: 'file-source',
+      explicit_paths: ['~/.sce/workspace-state.json'],
+      derived_projection_allowed: false,
+      source_replacement_allowed: false,
+      rationale: 'Personal workspace selection and preferences are low-cardinality, atomic, and not worth migrating into SQLite.'
+    },
+    {
+      rule_id: 'append-only-report-streams',
+      tier: 'file-source',
+      path_patterns: ['.sce/reports/**/*.jsonl'],
+      derived_projection_allowed: true,
+      source_replacement_allowed: false,
+      rationale: 'Raw governance and evidence streams must stay append-only files; projection is allowed only for query acceleration.'
+    },
+    {
+      rule_id: 'append-only-audit-streams',
+      tier: 'file-source',
+      path_patterns: ['.sce/audit/**/*.jsonl'],
+      derived_projection_allowed: true,
+      source_replacement_allowed: false,
+      rationale: 'Audit streams remain canonical evidence and should never become SQLite-only write paths.'
+    },
+    {
+      rule_id: 'timeline-snapshot-payloads',
+      tier: 'file-source',
+      path_patterns: ['.sce/timeline/snapshots/**'],
+      derived_projection_allowed: false,
+      source_replacement_allowed: false,
+      rationale: 'Timeline snapshots are recovery-oriented payload artifacts, not registry data.'
+    },
+    {
+      rule_id: 'session-payload-artifacts',
+      tier: 'file-source',
+      path_patterns: ['.sce/session-governance/sessions/**'],
+      derived_projection_allowed: false,
+      source_replacement_allowed: false,
+      rationale: 'Session payloads must stay file-backed for recovery, archive, and manual debugging.'
+    },
+    {
+      rule_id: 'release-evidence-assets',
+      tier: 'file-source',
+      path_patterns: [
+        '.sce/reports/release-evidence/**/*.json',
+        '.sce/reports/release-evidence/**/*.md',
+        '.sce/reports/release-evidence/**/*.jsonl',
+        '.sce/reports/release-evidence/**/*.lines'
+      ],
+      derived_projection_allowed: true,
+      source_replacement_allowed: false,
+      rationale: 'Release evidence assets remain portable files even when selected summary indexes are mirrored into SQLite.'
+    }
+  ]
+});
+
+const REQUIRED_COMPONENT_IDS = Object.freeze(DEFAULT_STATE_STORAGE_POLICY.component_scope.map((item) => item.component_id));
+
+function cloneStateStoragePolicyDefaults() {
+  return JSON.parse(JSON.stringify(DEFAULT_STATE_STORAGE_POLICY));
+}
+
+module.exports = {
+  DEFAULT_STATE_STORAGE_POLICY,
+  REQUIRED_COMPONENT_IDS,
+  cloneStateStoragePolicyDefaults
+};

package/lib/watch/action-executor.js

@@ -4,6 +4,15 @@ const { promisify } = require('util');
 
 const execAsync = promisify(exec);
 
+function sleep(ms) {
+  return new Promise(resolve => {
+    const timer = setTimeout(resolve, ms);
+    if (typeof timer.unref === 'function') {
+      timer.unref();
+    }
+  });
+}
+
 /**
  * ActionExecutor - 动作执行器
  * 
@@ -203,7 +212,7 @@ class ActionExecutor extends EventEmitter {
       });
 
       // 等待
-      await new Promise(resolve => setTimeout(resolve, delay));
+      await sleep(delay);
 
       try {
         // 重新执行

package/lib/watch/event-debouncer.js

@@ -71,6 +71,9 @@ class EventDebouncer extends EventEmitter {
         this.emit('error', { error, key, type: 'debounce' });
       }
     }, actualDelay);
+    if (typeof timer.unref === 'function') {
+      timer.unref();
+    }
 
     this.debounceTimers.set(key, timer);
   }

package/lib/watch/file-watcher.js

@@ -41,6 +41,9 @@ class FileWatcher extends EventEmitter {
     };
     this.retryCount = 0;
     this.lastError = null;
+    this.basePath = process.cwd();
+    this.initializationTimer = null;
+    this.recoveryTimer = null;
   }
 
   /**
@@ -93,6 +96,8 @@ class FileWatcher extends EventEmitter {
     }
 
     try {
+      this.basePath = basePath;
+
       // 将相对路径转换为绝对路径
       const absolutePatterns = this.config.patterns.map(pattern => {
         if (path.isAbsolute(pattern)) {
@@ -120,19 +125,22 @@ class FileWatcher extends EventEmitter {
 
       // 等待 watcher 准备就绪
       await new Promise((resolve, reject) => {
-        const timeout = setTimeout(() => {
+        this._clearInitializationTimer();
+        this.initializationTimer = setTimeout(() => {
+          this.initializationTimer = null;
           reject(new Error('FileWatcher initialization timeout'));
         }, 10000);
+        this._unrefTimer(this.initializationTimer);
 
         this.watcher.once('ready', () => {
-          clearTimeout(timeout);
+          this._clearInitializationTimer();
           this.isWatching = true;
           this.stats.startedAt = new Date();
           resolve();
         });
 
         this.watcher.once('error', (error) => {
-          clearTimeout(timeout);
+          this._clearInitializationTimer();
           reject(error);
         });
       });
@@ -140,6 +148,7 @@ class FileWatcher extends EventEmitter {
       this.emit('started', { patterns: this.config.patterns });
     } catch (error) {
       this.isWatching = false;
+      await this._disposeWatcher();
       throw error;
     }
   }
@@ -150,15 +159,14 @@ class FileWatcher extends EventEmitter {
    * @returns {Promise<void>}
    */
   async stop() {
-    if (!this.isWatching) {
+    if (!this.isWatching && !this.watcher && !this.initializationTimer && !this.recoveryTimer) {
       return;
     }
 
     try {
-      if (this.watcher) {
-        await this.watcher.close();
-        this.watcher = null;
-      }
+      this._clearInitializationTimer();
+      this._clearRecoveryTimer();
+      await this._disposeWatcher();
 
       this.isWatching = false;
       this.watchedFiles.clear();
@@ -300,10 +308,12 @@ class FileWatcher extends EventEmitter {
     });
 
     // 延迟后重试
-    setTimeout(async () => {
+    this._clearRecoveryTimer();
+    this.recoveryTimer = setTimeout(async () => {
+      this.recoveryTimer = null;
       try {
         // 重启 watcher
-        const basePath = this.watcher ? this.watcher.options.cwd : process.cwd();
+        const basePath = this.basePath || process.cwd();
         
         await this.stop();
         await this.start(basePath);
@@ -326,6 +336,7 @@ class FileWatcher extends EventEmitter {
         await this._attemptRecovery(recoveryError);
       }
     }, this.config.retryDelay);
+    this._unrefTimer(this.recoveryTimer);
   }
 
   /**
@@ -494,6 +505,36 @@ class FileWatcher extends EventEmitter {
       lastError: this.lastError ? this.lastError.message : null
     };
   }
+
+  _unrefTimer(timer) {
+    if (timer && typeof timer.unref === 'function') {
+      timer.unref();
+    }
+  }
+
+  _clearInitializationTimer() {
+    if (this.initializationTimer) {
+      clearTimeout(this.initializationTimer);
+      this.initializationTimer = null;
+    }
+  }
+
+  _clearRecoveryTimer() {
+    if (this.recoveryTimer) {
+      clearTimeout(this.recoveryTimer);
+      this.recoveryTimer = null;
+    }
+  }
+
+  async _disposeWatcher() {
+    if (!this.watcher) {
+      return;
+    }
+
+    const watcher = this.watcher;
+    this.watcher = null;
+    await watcher.close();
+  }
 }
 
 module.exports = FileWatcher;

package/lib/watch/watch-manager.js

@@ -6,6 +6,15 @@ const EventDebouncer = require('./event-debouncer');
 const ActionExecutor = require('./action-executor');
 const ExecutionLogger = require('./execution-logger');
 
+function sleep(ms) {
+  return new Promise(resolve => {
+    const timer = setTimeout(resolve, ms);
+    if (typeof timer.unref === 'function') {
+      timer.unref();
+    }
+  });
+}
+
 /**
  * WatchManager - Watch 模式管理器
  * 
@@ -137,7 +146,7 @@ class WatchManager extends EventEmitter {
    */
   async restart() {
     await this.stop();
-    await new Promise(resolve => setTimeout(resolve, 1000));
+    await sleep(1000);
     await this.start();
   }
 

package/lib/workspace/takeover-baseline.js

@@ -7,6 +7,9 @@ const {
   MANIFEST_FILENAME,
   SCE_STEERING_DIR,
 } = require('../runtime/steering-contract');
+const {
+  cloneStateStoragePolicyDefaults
+} = require('../state/state-storage-policy');
 
 const TAKEOVER_BASELINE_SCHEMA_VERSION = '1.0';
 
@@ -479,6 +482,7 @@ async function applyTakeoverBaseline(projectPath = process.cwd(), options = {})
   const problemEvalPolicyPath = path.join(sceRoot, 'config', 'problem-eval-policy.json');
   const problemClosurePolicyPath = path.join(sceRoot, 'config', 'problem-closure-policy.json');
   const studioIntakePolicyPath = path.join(sceRoot, 'config', 'studio-intake-policy.json');
+  const stateStoragePolicyPath = path.join(sceRoot, 'config', 'state-storage-policy.json');
   const reportPath = path.join(sceRoot, 'reports', 'takeover-baseline-latest.json');
 
   const existingAdoption = await _readJsonSafe(adoptionPath, fileSystem);
@@ -489,6 +493,7 @@ async function applyTakeoverBaseline(projectPath = process.cwd(), options = {})
   const existingProblemEvalPolicy = await _readJsonSafe(problemEvalPolicyPath, fileSystem);
   const existingProblemClosurePolicy = await _readJsonSafe(problemClosurePolicyPath, fileSystem);
   const existingStudioIntakePolicy = await _readJsonSafe(studioIntakePolicyPath, fileSystem);
+  const existingStateStoragePolicy = await _readJsonSafe(stateStoragePolicyPath, fileSystem);
 
   const desiredAdoption = _buildAdoptionConfig(existingAdoption, nowIso, sceVersion);
   const desiredAutoConfig = _buildAutoConfig(existingAuto);
@@ -498,6 +503,7 @@ async function applyTakeoverBaseline(projectPath = process.cwd(), options = {})
   const desiredProblemEvalPolicy = _deepMerge(existingProblemEvalPolicy || {}, PROBLEM_EVAL_POLICY_DEFAULTS);
   const desiredProblemClosurePolicy = _deepMerge(existingProblemClosurePolicy || {}, PROBLEM_CLOSURE_POLICY_DEFAULTS);
   const desiredStudioIntakePolicy = _deepMerge(existingStudioIntakePolicy || {}, STUDIO_INTAKE_POLICY_DEFAULTS);
+  const desiredStateStoragePolicy = _deepMerge(existingStateStoragePolicy || {}, cloneStateStoragePolicyDefaults());
 
   const fileResults = [];
   fileResults.push(await _reconcileJsonFile(adoptionPath, desiredAdoption, {
@@ -540,6 +546,11 @@ async function applyTakeoverBaseline(projectPath = process.cwd(), options = {})
     apply,
     fileSystem
   }));
+  fileResults.push(await _reconcileJsonFile(stateStoragePolicyPath, desiredStateStoragePolicy, {
+    projectPath,
+    apply,
+    fileSystem
+  }));
   fileResults.push(await _reconcileSteeringContract(projectPath, {
     apply,
     fileSystem

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "scene-capability-engine",
-  "version": "3.6.37",
+  "version": "3.6.39",
   "description": "SCE (Scene Capability Engine) - A CLI tool and npm package for spec-driven development with AI coding assistants.",
   "main": "index.js",
   "bin": {
@@ -38,6 +38,12 @@
     "test:skip-audit": "node scripts/check-skip-allowlist.js",
     "test:sce-tracking": "node scripts/check-sce-tracking.js",
     "test:brand-consistency": "node scripts/check-branding-consistency.js",
+    "audit:steering": "node scripts/steering-content-audit.js --fail-on-error",
+    "audit:state-storage": "node scripts/state-storage-tiering-audit.js",
+    "report:steering-audit": "node scripts/steering-content-audit.js --json",
+    "report:state-storage": "node scripts/state-storage-tiering-audit.js --json",
+    "report:interactive-approval-projection": "node scripts/interactive-approval-event-projection.js --action doctor --json",
+    "audit:interactive-approval-projection": "node scripts/interactive-approval-event-projection.js --action doctor --fail-on-drift --fail-on-parse-error",
     "test:watch": "npx jest --watch",
     "coverage": "npx jest --coverage",
     "report:moqui-metadata": "node scripts/moqui-metadata-extract.js --json",
@@ -76,7 +82,7 @@
     "gate:release-asset-integrity": "node scripts/release-asset-integrity-check.js",
     "report:release-risk-remediation": "node scripts/release-risk-remediation-bundle.js --json",
     "report:moqui-core-regression": "node scripts/moqui-core-regression-suite.js --json",
-    "prepublishOnly": "npm run test:release && npm run test:skip-audit && npm run test:sce-tracking && npm run test:brand-consistency && npm run gate:git-managed && npm run gate:errorbook-registry-health && npm run gate:errorbook-release && npm run report:interactive-governance -- --fail-on-alert",
+    "prepublishOnly": "npm run test:release && npm run test:skip-audit && npm run test:sce-tracking && npm run test:brand-consistency && npm run audit:steering && npm run gate:git-managed && npm run gate:errorbook-registry-health && npm run gate:errorbook-release && npm run report:interactive-governance -- --fail-on-alert",
     "publish:manual": "npm publish --access public",
     "install-global": "npm install -g .",
     "uninstall-global": "npm uninstall -g scene-capability-engine"

package/template/.sce/config/state-storage-policy.json

@@ -0,0 +1,165 @@
+{
+  "schema_version": "1.0",
+  "strategy": "selective-sqlite-advancement",
+  "tiers": {
+    "file-source": {
+      "description": "Canonical file-backed storage for low-cardinality config, raw evidence, audit streams, and recovery-oriented payloads."
+    },
+    "sqlite-index": {
+      "description": "SQLite index/registry layer for file-backed resources that need high-frequency filtering, sorting, and cross-run aggregation."
+    },
+    "derived-sqlite-projection": {
+      "description": "Disposable SQLite projection rebuilt from canonical files for append-only streams with query pressure."
+    }
+  },
+  "admission": {
+    "required_signals": [
+      "cross-run or cross-session query pressure is proven",
+      "file scans are materially weaker than indexed filtering/sorting",
+      "sqlite content remains rebuildable from a canonical source",
+      "operator diagnostics and reconcile path are defined before rollout"
+    ],
+    "deny_if_any": [
+      "resource is the only copy of raw audit or evidence payload",
+      "resource is low-cardinality personal workspace or preference state",
+      "human-readable diff and manual recovery are more valuable than query speed",
+      "migration would introduce silent source-of-truth cutover"
+    ],
+    "future_candidate_checklist": [
+      "identify canonical source path or stream",
+      "document expected query patterns and consumers",
+      "define rebuild and reconcile semantics",
+      "define release gate or audit behavior for drift states",
+      "document why existing file-only storage is insufficient"
+    ]
+  },
+  "component_scope": [
+    {
+      "component_id": "collab.agent-registry",
+      "tier": "sqlite-index",
+      "canonical_source": "file",
+      "source_path": ".sce/config/agent-registry.json",
+      "sqlite_tables": ["agent_runtime_registry"],
+      "rationale": "Registry-style lookup with repeated status and capability queries."
+    },
+    {
+      "component_id": "runtime.timeline-index",
+      "tier": "sqlite-index",
+      "canonical_source": "file",
+      "source_path": ".sce/timeline/index.json",
+      "sqlite_tables": ["timeline_snapshot_registry"],
+      "rationale": "Timeline index benefits from filtered and cross-session reads while file snapshots remain recoverable source artifacts."
+    },
+    {
+      "component_id": "runtime.scene-session-index",
+      "tier": "sqlite-index",
+      "canonical_source": "file",
+      "source_path": ".sce/session-governance/scene-index.json",
+      "sqlite_tables": ["scene_session_cycle_registry"],
+      "rationale": "Scene/session lookups have query pressure and consistency checks but still rely on file session payloads."
+    },
+    {
+      "component_id": "errorbook.entry-index",
+      "tier": "sqlite-index",
+      "canonical_source": "file",
+      "source_path": ".sce/errorbook/index.json",
+      "sqlite_tables": ["errorbook_entry_index_registry"],
+      "rationale": "Promoted errorbook registry queries benefit from indexed status and quality filtering."
+    },
+    {
+      "component_id": "errorbook.incident-index",
+      "tier": "sqlite-index",
+      "canonical_source": "file",
+      "source_path": ".sce/errorbook/staging/index.json",
+      "sqlite_tables": ["errorbook_incident_index_registry"],
+      "rationale": "Incident staging state requires queryable triage views without replacing raw incident artifacts."
+    },
+    {
+      "component_id": "governance.spec-scene-overrides",
+      "tier": "sqlite-index",
+      "canonical_source": "file",
+      "source_path": ".sce/spec-governance/spec-scene-overrides.json",
+      "sqlite_tables": ["governance_spec_scene_override_registry"],
+      "rationale": "Override lookups are registry-like and join naturally with other governance indexes."
+    },
+    {
+      "component_id": "governance.scene-index",
+      "tier": "sqlite-index",
+      "canonical_source": "file",
+      "source_path": ".sce/spec-governance/scene-index.json",
+      "sqlite_tables": ["governance_scene_index_registry"],
+      "rationale": "Scene governance summaries are better served by indexed counts and status filters."
+    },
+    {
+      "component_id": "release.evidence-runs-index",
+      "tier": "sqlite-index",
+      "canonical_source": "file",
+      "source_path": ".sce/reports/release-evidence/handoff-runs.json",
+      "sqlite_tables": ["release_evidence_run_registry"],
+      "rationale": "Release evidence run summaries need fast historical querying while release assets remain file-backed."
+    },
+    {
+      "component_id": "release.gate-history-index",
+      "tier": "sqlite-index",
+      "canonical_source": "file",
+      "source_path": ".sce/reports/release-evidence/release-gate-history.json",
+      "sqlite_tables": ["release_gate_history_registry"],
+      "rationale": "Gate history is registry-shaped and queried by tag, pass/fail, and drift metrics."
+    }
+  ],
+  "resource_rules": [
+    {
+      "rule_id": "workspace-personal-state",
+      "tier": "file-source",
+      "explicit_paths": ["~/.sce/workspace-state.json"],
+      "derived_projection_allowed": false,
+      "source_replacement_allowed": false,
+      "rationale": "Personal workspace selection and preferences are low-cardinality, atomic, and not worth migrating into SQLite."
+    },
+    {
+      "rule_id": "append-only-report-streams",
+      "tier": "file-source",
+      "path_patterns": [".sce/reports/**/*.jsonl"],
+      "derived_projection_allowed": true,
+      "source_replacement_allowed": false,
+      "rationale": "Raw governance and evidence streams must stay append-only files; projection is allowed only for query acceleration."
+    },
+    {
+      "rule_id": "append-only-audit-streams",
+      "tier": "file-source",
+      "path_patterns": [".sce/audit/**/*.jsonl"],
+      "derived_projection_allowed": true,
+      "source_replacement_allowed": false,
+      "rationale": "Audit streams remain canonical evidence and should never become SQLite-only write paths."
+    },
+    {
+      "rule_id": "timeline-snapshot-payloads",
+      "tier": "file-source",
+      "path_patterns": [".sce/timeline/snapshots/**"],
+      "derived_projection_allowed": false,
+      "source_replacement_allowed": false,
+      "rationale": "Timeline snapshots are recovery-oriented payload artifacts, not registry data."
+    },
+    {
+      "rule_id": "session-payload-artifacts",
+      "tier": "file-source",
+      "path_patterns": [".sce/session-governance/sessions/**"],
+      "derived_projection_allowed": false,
+      "source_replacement_allowed": false,
+      "rationale": "Session payloads must stay file-backed for recovery, archive, and manual debugging."
+    },
+    {
+      "rule_id": "release-evidence-assets",
+      "tier": "file-source",
+      "path_patterns": [
+        ".sce/reports/release-evidence/**/*.json",
+        ".sce/reports/release-evidence/**/*.md",
+        ".sce/reports/release-evidence/**/*.jsonl",
+        ".sce/reports/release-evidence/**/*.lines"
+      ],
+      "derived_projection_allowed": true,
+      "source_replacement_allowed": false,
+      "rationale": "Release evidence assets remain portable files even when selected summary indexes are mirrored into SQLite."
+    }
+  ]
+}