scene-capability-engine 3.6.38 → 3.6.44

package/CHANGELOG.md

@@ -7,6 +7,69 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 
 ## [Unreleased]
 
+## [3.6.44] - 2026-03-13
+
+### Fixed
+- Fixed spec delivery sync auditing in GitHub tag-release workflows so detached `HEAD` checkouts no longer fail the hard gate for missing upstream tracking, while declared deliverable tracking and worktree integrity checks remain enforced.
+
+## [3.6.43] - 2026-03-13
+
+### Changed
+- Tightened release-gate preflight blocking semantics so advisory drift alerts no longer hard-block release publish unless drift produced blocked runs.
+- Updated the release workflow preflight step to print the captured preflight JSON when `sce auto handoff preflight-check --require-pass` fails, so future release failures expose the actual blocking reasons immediately.
+
+## [3.6.42] - 2026-03-13
+
+### Changed
+- Hardened release-gate preflight loading so `sce auto handoff preflight-check` now falls back to the latest `release-gate-*.json` report when the history index is missing, empty, or temporarily unavailable during release execution.
+- Improved release workflow diagnostics for `Build release gate history index` by capturing and surfacing the command stderr in release evidence artifacts instead of masking the underlying failure behind an empty summary.
+
+### Fixed
+- Fixed release history loading so a single malformed release-gate report or seed entry is skipped with a warning instead of aborting the entire gate-index build.
+
+## [3.6.41] - 2026-03-13
+
+### Added
+- Added targeted regression coverage in `tests/unit/collab/collab-manager.test.js` to lock the collaboration assignment metadata migration on `sceInstance` while preserving legacy read compatibility.
+
+### Changed
+- Completed SCE takeover baseline alignment for the repository and committed the managed `.sce` baseline state used by takeover audit/apply flows.
+- Migrated active runtime naming from legacy `kiro*` internals to `sce*` across backup, adoption, bootstrap, spec-gate, auto, repo-config, and CLI-init paths so the live codebase reflects SCE ownership consistently.
+- Updated developer-facing docs and adoption tests to use `hasSceDir` / `sceInstance` as the canonical naming while preserving compatibility aliases where old project state may still exist.
+
+### Fixed
+- Fixed collaboration assignment persistence so new metadata writes `sceInstance` instead of the stale `kiroInstance` field, while graph/status readers still accept older metadata written by previous versions.
+
+## [3.6.40] - 2026-03-13
+
+### Added
+- Added spec delivery sync auditing via `lib/workspace/spec-delivery-audit.js` and the new `sce workspace delivery-audit` command so specs can declare required deliverables in `.sce/specs/<spec>/deliverables.json`.
+- Added Spec `121-00-spec-delivery-sync-integrity-gate` with requirements, design, tasks, and a dogfooded delivery manifest to formalize this governance capability.
+- Added unit/integration coverage for delivery-sync behavior across workspace CLI, handoff preflight/run orchestration, and studio release gating.
+
+### Changed
+- Wired auto-handoff preflight and run precheck to evaluate declared spec deliverables against git tracking, worktree cleanliness, and upstream sync state.
+- Extended studio release gating so spec delivery sync audit is now a required release-evidence step alongside the existing git/errorbook/handoff gates.
+- Exported reusable git helper functions from `scripts/git-managed-gate.js` so higher-level workspace governance checks can share the same branch/upstream parsing logic.
+
+## [3.6.39] - 2026-03-13
+
+### Added
+- Added state storage tiering policy artifacts and guidance in `docs/state-storage-tiering.md`, `docs/state-migration-reconciliation-runbook.md`, `.sce/config/state-storage-policy.json`, and `template/.sce/config/state-storage-policy.json`.
+- Added append-only evidence projection and audit tooling via `scripts/interactive-approval-event-projection.js`, `scripts/state-storage-tiering-audit.js`, and the `audit:state-storage` / `report:state-storage` package scripts.
+- Added scene command coverage and helper fixtures for the expanded `scene` subcommand surface, including publish/install/info/diff/validate/owner/tag/stats/lock/contribute/version and related property tests.
+- Added release-facing closeout evidence for the scene command specs and the quality hardening master spec under `.sce/specs/*/custom/`.
+
+### Changed
+- Expanded `lib/commands/scene.js` to cover the newer scene command flows and stabilized JSON summary output so CLI JSON mode preserves edge-case numeric payloads such as `-0`.
+- Hardened state migration and storage behavior in `lib/state/sce-state-store.js`, `lib/state/state-migration-manager.js`, `lib/runtime/session-store.js`, and related governance/config plumbing while keeping file sources canonical.
+- Completed the `115-00-sce-quality-hardening-program` integration closeout, including `watch logs --follow` completion, open-handle governance follow-through, and master/sub-spec status convergence.
+- Updated `docs/command-reference.md`, `docs/document-governance.md`, and multiple Spec task ledgers to reflect the shipped command surface and governance posture.
+
+### Fixed
+- Removed the remaining `forceExit` dependency from the validated Jest path and confirmed `npm run test:handles` passes without open-handle leakage.
+- Stabilized watch/integration helper timing and watcher cleanup paths so `test:smoke`, `test:full`, and `test:handles` can run cleanly in sequence.
+
 ## [3.6.38] - 2026-03-12
 
 ### Added

package/bin/scene-capability-engine.js

@@ -33,6 +33,7 @@ const {
   migrateLegacyKiroDirectories,
 } = require('../lib/workspace/legacy-kiro-migrator');
 const { auditSceTracking } = require('../lib/workspace/sce-tracking-audit');
+const { auditSpecDeliverySync } = require('../lib/workspace/spec-delivery-audit');
 const { applyTakeoverBaseline } = require('../lib/workspace/takeover-baseline');
 
 const i18n = getI18n();
@@ -259,8 +260,8 @@ program
     }
 
     // 检查是否已存在 .sce 目录
-    const kiroDir = path.join(process.cwd(), '.sce');
-    if (fs.existsSync(kiroDir) && !options.force) {
+    const sceDir = path.join(process.cwd(), '.sce');
+    if (fs.existsSync(sceDir) && !options.force) {
       console.log(chalk.yellow(t('cli.commands.init.alreadyExists')));
       const { overwrite } = await inquirer.prompt([
         {
@@ -783,6 +784,45 @@ workspaceCmd
     console.log(chalk.gray(`Conflict files: ${report.conflict_files}`));
   });
 
+workspaceCmd
+  .command('delivery-audit')
+  .description('Audit spec delivery manifests against git tracking and upstream sync state')
+  .option('--spec <name>', 'Audit one spec only')
+  .option('--require-manifest', 'Fail when no deliverables.json manifests are found')
+  .option('--json', 'Output in JSON format')
+  .option('--strict', 'Exit non-zero when delivery sync violations are found')
+  .action(async (options) => {
+    const report = await auditSpecDeliverySync(process.cwd(), {
+      spec: options.spec,
+      requireManifest: options.requireManifest === true
+    });
+
+    if (options.json) {
+      console.log(JSON.stringify(report, null, 2));
+    } else if (report.passed) {
+      if (report.reason === 'no-manifests') {
+        console.log(chalk.yellow('⚠ Spec delivery audit found no manifests.'));
+      } else {
+        console.log(chalk.green('✓ Spec delivery audit passed.'));
+      }
+      console.log(chalk.gray(`Manifest count: ${report.summary.manifest_count}`));
+      if (report.warnings.length > 0) {
+        report.warnings.forEach((item) => console.log(chalk.gray(`  - ${item}`)));
+      }
+    } else {
+      console.log(chalk.red('✖ Spec delivery audit failed.'));
+      report.violations.forEach((item) => console.log(chalk.gray(`  - ${item}`)));
+      if (report.warnings.length > 0) {
+        console.log(chalk.yellow('Warnings:'));
+        report.warnings.forEach((item) => console.log(chalk.gray(`  - ${item}`)));
+      }
+    }
+
+    if (!report.passed && options.strict) {
+      process.exitCode = 1;
+    }
+  });
+
 workspaceCmd
   .command('tracking-audit')
   .description('Audit tracked .sce assets required for deterministic CI/release behavior')

package/docs/command-reference.md

@@ -876,6 +876,29 @@ Runtime read preference:
 - `sce state doctor --json` now includes:
   - `summary` aggregate (`pending_components`, `total_record_drift`, `blocking_count`, `alert_count`)
   - runtime read diagnostics (`runtime.timeline`, `runtime.scene_session`) with read-source/read-preference and consistency status
+  - hardened severity model:
+    - `blocking`: `sqlite-unavailable`, `source-parse-error`, `sqlite-ahead`, `sqlite-only`
+    - `alert`: `pending-migration`, `missing-source`, runtime `pending-sync`
+  - current release guidance:
+    - treat `sqlite-ahead` and `sqlite-only` as anomalies requiring repair before release
+    - treat `pending-migration` as repairable drift, not a steady-state
+    - only allow `missing-source` to persist when the component is intentionally out of scope for the project
+
+State storage tiering policy:
+- Policy file: `.sce/config/state-storage-policy.json`
+- Audit command: `npm run audit:state-storage`
+- Machine-readable report: `npm run report:state-storage`
+- Tier meanings:
+  - `file-source`: canonical evidence, audit, recovery payloads, and low-cardinality personal state
+  - `sqlite-index`: query-oriented registry/index layer with files still canonical
+  - `derived-sqlite-projection`: rebuildable SQLite projection for append-only stream queries
+- Explicit non-candidates for SQLite source replacement:
+  - `~/.sce/workspace-state.json`
+  - `.sce/reports/**/*.jsonl`
+  - `.sce/audit/**/*.jsonl`
+- Supporting docs:
+  - `docs/state-storage-tiering.md`
+  - `docs/state-migration-reconciliation-runbook.md`
 
 Write lease model (optional, policy-driven, SQLite-backed):
 - Policy file: `.sce/config/authorization-policy.json`
@@ -1836,6 +1859,10 @@ Interactive approval workflow helper (script-level stage-B approval state machin
 - `node scripts/interactive-approval-workflow.js --action <init|submit|approve|reject|execute|verify|archive|status> [--plan <path>] [--state-file <path>] [--audit-file <path>] [--actor <id>] [--actor-role <name>] [--role-policy <path>] [--comment <text>] [--password <text>] [--password-hash <sha256>] [--password-hash-env <name>] [--password-required] [--password-scope <csv>] [--json]`: maintain approval lifecycle state for interactive change plans and append approval events to JSONL audit logs.
   - Default state file: `.sce/reports/interactive-approval-state.json`
   - Default audit file: `.sce/reports/interactive-approval-events.jsonl`
+- `node scripts/interactive-approval-event-projection.js --action <rebuild|doctor|query> [--input <path>] [--read-source <auto|file|projection>] [--workflow-id <id>] [--actor <id>] [--approval-action <name>] [--event-type <type>] [--blocked|--not-blocked] [--limit <n>] [--fail-on-drift] [--fail-on-parse-error] [--json]`: build and inspect a rebuildable SQLite projection for `interactive-approval-events.jsonl` while keeping raw JSONL as canonical evidence.
+  - `rebuild` clears and rebuilds the projection for the target audit file
+  - `doctor` compares raw file count vs projection count and flags `projection-missing`, `pending-projection`, `projection-ahead`, or parse errors
+  - `query` discloses `read_source=file|projection`
   - `init` requires `--plan`; high-risk plans are marked as `approval_required=true`.
   - Password authorization can be required per plan (`plan.authorization.password_required=true`) or overridden in `init`.
   - `execute` is blocked (exit code `2`) when approval is required but current status is not `approved`.

package/docs/developer-guide.md

@@ -424,7 +424,7 @@ Analyzes project structure and returns analysis result.
 {
   mode: 'fresh' | 'partial' | 'full',
   projectType: 'nodejs' | 'python' | 'mixed',
-  hasKiroDir: boolean,
+  hasSceDir: boolean,
   hasSpecs: boolean,
   hasVersion: boolean,
   conflicts: string[],

package/docs/document-governance.md

@@ -21,7 +21,7 @@ Document governance ensures your project follows these rules:
 
 1. **Root Directory** - Only 4 markdown files allowed: `README.md`, `README.zh.md`, `CHANGELOG.md`, `CONTRIBUTING.md`
 2. **Spec Structure** - Each Spec must have `requirements.md`, `design.md`, `tasks.md`
-3. **Artifact Organization** - Spec artifacts must be in subdirectories: `reports/`, `scripts/`, `tests/`, `results/`, `docs/`
+3. **Artifact Organization** - Spec artifacts must be in subdirectories, except approved Spec-root metadata such as `requirements.md`, `design.md`, `tasks.md`, and `collaboration.json`
 4. **No Temporary Files** - Temporary documents (like `*-SUMMARY.md`, `SESSION-*.md`) must be deleted after use
 
 ### Why Use Document Governance?
@@ -128,7 +128,7 @@ sce docs diagnose
 - Root directory for non-allowed markdown files
 - Root directory for temporary documents
 - Spec directories for missing required files
-- Spec directories for misplaced artifacts
+- Spec directories for misplaced artifacts outside approved Spec-root metadata
 - Spec directories for temporary documents
 
 **Output:**
@@ -240,6 +240,7 @@ sce docs validate [options]
 **What it validates:**
 - Root directory has only allowed markdown files
 - Spec directories have required files (requirements.md, design.md, tasks.md)
+- Spec root contains only approved metadata files plus governed subdirectories
 - Spec subdirectories follow naming conventions
 - No misplaced artifacts
 
@@ -443,6 +444,7 @@ sce docs config [options]
 
 **Configuration keys:**
 - `root-allowed-files` - Allowed markdown files in root
+- `spec-allowed-root-files` - Allowed files at Spec root before artifact warnings apply
 - `spec-subdirs` - Recognized Spec subdirectories
 - `temporary-patterns` - Patterns for temporary files
 
@@ -467,6 +469,12 @@ Spec Subdirectories:
   • results
   • docs
 
+Spec Allowed Root Files:
+  • requirements.md
+  • design.md
+  • tasks.md
+  • collaboration.json
+
 Temporary Patterns:
   • *-SUMMARY.md
   • SESSION-*.md
@@ -724,6 +732,12 @@ The default configuration is:
     "CHANGELOG.md",
     "CONTRIBUTING.md"
   ],
+  "specAllowedRootFiles": [
+    "requirements.md",
+    "design.md",
+    "tasks.md",
+    "collaboration.json"
+  ],
   "specSubdirs": [
     "reports",
     "scripts",
@@ -749,6 +763,11 @@ The default configuration is:
 sce docs config --set root-allowed-files "README.md,README.zh.md,CHANGELOG.md,CONTRIBUTING.md,LICENSE.md,SECURITY.md"
 ```
 
+**Allow additional Spec-root metadata:**
+```bash
+sce docs config --set spec-allowed-root-files "requirements.md,design.md,tasks.md,collaboration.json"
+```
+
 **Add custom subdirectories:**
 ```bash
 sce docs config --set spec-subdirs "reports,scripts,tests,results,docs,diagrams,examples"
@@ -768,6 +787,7 @@ You can also edit this file directly:
 ```json
 {
   "rootAllowedFiles": ["README.md", "CUSTOM.md"],
+  "specAllowedRootFiles": ["requirements.md", "design.md", "tasks.md", "collaboration.json"],
   "specSubdirs": ["reports", "scripts", "custom"],
   "temporaryPatterns": ["*-TEMP.md"]
 }

package/docs/releases/README.md

@@ -9,6 +9,12 @@ This directory stores release-facing documents:
 ## Archived Versions
 
 - [Release checklist](../release-checklist.md)
+- [v3.6.44 release notes](./v3.6.44.md)
+- [v3.6.43 release notes](./v3.6.43.md)
+- [v3.6.42 release notes](./v3.6.42.md)
+- [v3.6.41 release notes](./v3.6.41.md)
+- [v3.6.40 release notes](./v3.6.40.md)
+- [v3.6.39 release notes](./v3.6.39.md)
 - [v3.6.38 release notes](./v3.6.38.md)
 - [v3.6.37 release notes](./v3.6.37.md)
 - [v1.46.2 release notes](./v1.46.2.md) (historical)

package/docs/releases/v3.6.39.md

@@ -0,0 +1,24 @@
+# v3.6.39 Release Notes
+
+Release date: 2026-03-13
+
+## Highlights
+
+- Added a canonical state-storage tiering policy, reconciliation runbook, and audit/report tooling so SQLite remains a scoped index layer rather than a silent source-of-truth replacement.
+- Expanded and hardened the `sce scene` command surface with broader command coverage, stronger property tests, and JSON summary output that preserves edge-case numeric payloads.
+- Closed the `115-00-sce-quality-hardening-program` integration loop, including `watch logs --follow` completion and Jest open-handle governance without relying on `forceExit`.
+
+## Verification
+
+- `node bin/sce.js collab status 115-00-sce-quality-hardening-program --graph`
+- `npm run test:smoke`
+- `npm run test:skip-audit`
+- `npm run test:brand-consistency`
+- `npm run test:full`
+- `npm run test:handles`
+
+## Release Notes
+
+- State persistence is now explicitly tiered: evidence and operator-facing files remain canonical, while SQLite stays limited to rebuildable index/projection use cases.
+- The scene command family is substantially more release-ready, with dedicated tests and closeout artifacts across publish/install/info/diff/validate/owner/tag/stats/lock/contribute/version flows.
+- Quality hardening gates should be executed in sequence for release validation; `test:full` and `test:handles` are both green when run serially.

package/docs/releases/v3.6.40.md

@@ -0,0 +1,19 @@
+# v3.6.40 Release Notes
+
+Release date: 2026-03-13
+
+## Highlights
+
+- Added spec delivery sync governance so each spec can declare its real deliverables and SCE can verify those files are tracked, committed, and upstream-synced before release or handoff.
+- Added a dedicated `sce workspace delivery-audit` command and wired it into auto-handoff preflight/run plus studio release gates.
+- Dogfooded the capability with a new `121-00-spec-delivery-sync-integrity-gate` spec and matching delivery manifest.
+
+## Verification
+
+- `npx jest tests/unit/workspace/spec-delivery-audit.test.js tests/unit/commands/auto.test.js tests/unit/auto/handoff-run-service.test.js tests/unit/commands/studio.test.js tests/integration/workspace-delivery-audit-cli.integration.test.js --runInBand`
+
+## Release Notes
+
+- Delivery sync is intentionally implemented as `manifest + audit + gate`, not as an automatic file copy/sync mechanism. Git remains the only source of truth.
+- When manifests exist, blocking specs now fail if declared files are missing, untracked, dirty, or only local because the branch is ahead of upstream.
+- When no delivery manifests exist yet, the audit remains advisory by default, so older repos are not hard-blocked until they opt into explicit deliverable governance.

package/docs/releases/v3.6.41.md

@@ -0,0 +1,20 @@
+# v3.6.41 Release Notes
+
+Release date: 2026-03-13
+
+## Highlights
+
+- Completed a practical SCE takeover cleanup pass so the repo now aligns with the current takeover baseline and active code paths consistently use SCE naming.
+- Fixed collaboration assignment metadata so new writes persist `sceInstance`, while older `kiroInstance` metadata remains readable for backward compatibility.
+- Removed high-value legacy naming drift across active modules such as backup, adoption, bootstrap, spec gate, auto runtime, repo config, and CLI initialization without disturbing the intentional `.kiro` migration layer.
+
+## Verification
+
+- `npx jest tests/unit/collab/collab-manager.test.js tests/unit/adoption/strategy-selector.test.js tests/unit/adoption/adoption-logger.test.js tests/unit/adoption.test.js --runInBand`
+- `node bin/sce.js workspace takeover-audit --json`
+
+## Release Notes
+
+- This release is intentionally a value-focused cleanup, not a blind repository-wide rename. Real legacy migration support for `.kiro` remains in place.
+- Canonical runtime naming is now `hasSceDir` and `sceInstance`; compatibility aliases remain where existing project state or metadata may still depend on older keys.
+- No `.kiro-workspaces` runtime artifact was present in the repository. The shipped work targets only active naming debt and one real collaboration metadata bug.

package/docs/releases/v3.6.42.md

@@ -0,0 +1,19 @@
+# v3.6.42 Release Notes
+
+Release date: 2026-03-13
+
+## Highlights
+
+- Hardened handoff release preflight so release publishing can continue when `release-gate-history.json` is temporarily unavailable but the current `release-gate-*.json` report is present.
+- Made release-gate history loading more fault-tolerant by skipping malformed report or seed entries with warnings instead of aborting the full index build.
+- Improved release workflow diagnostics by persisting `gate-index` stderr into the release evidence bundle when history index generation fails.
+
+## Verification
+
+- `npx jest tests/unit/commands/auto.test.js --runInBand --testNamePattern "preflight-check|falls back to latest release gate report when history index is empty"`
+- `npx jest tests/unit/auto/handoff-release-gate-history-loaders-service.test.js --runInBand`
+
+## Release Notes
+
+- This patch is targeted at the failed `v3.6.41` release workflow path, specifically the chain where history index generation failed and the subsequent hard gate blocked publish.
+- The release policy remains strict. The change only adds a safe fallback to the current gate report and exposes better diagnostics for the real upstream failure.

package/docs/releases/v3.6.43.md

@@ -0,0 +1,17 @@
+# v3.6.43 Release Notes
+
+Release date: 2026-03-13
+
+## Highlights
+
+- Fixed the second-stage release blocker uncovered by `v3.6.42`: advisory drift alerts no longer cause `Enforce handoff preflight hard gate` to fail when there are no drift-blocked runs.
+- Improved release workflow observability again so a failed preflight gate now prints the generated JSON payload directly into the Actions log.
+
+## Verification
+
+- `npx jest tests/unit/commands/auto.test.js --runInBand --testNamePattern "preflight-check|advisory drift alerts without blocked runs|falls back to latest release gate report when history index is empty"`
+
+## Release Notes
+
+- `v3.6.42` fixed the missing-history path, but exposed a separate policy bug where advisory drift alerts were treated as hard blockers.
+- `v3.6.43` narrows the hard gate back to real release blockers: failed latest gate or drift-blocked history.

package/docs/releases/v3.6.44.md

@@ -0,0 +1,17 @@
+# v3.6.44 Release Notes
+
+Release date: 2026-03-13
+
+## Highlights
+
+- Fixed the final release blocker in GitHub Actions tag workflows: spec delivery sync now accepts detached `HEAD` release checkouts when declared deliverables are tracked and the worktree is clean.
+
+## Verification
+
+- `npx jest tests/unit/workspace/spec-delivery-audit.test.js --runInBand`
+- `npx jest tests/unit/commands/auto.test.js --runInBand --testNamePattern "preflight-check|advisory drift alerts without blocked runs|falls back to latest release gate report when history index is empty"`
+
+## Release Notes
+
+- This patch specifically targets GitHub Actions `push` workflows on `v*` tags, where the repository is checked out at detached `HEAD` and therefore has no upstream tracking branch by design.
+- Deliverable tracking, worktree cleanliness, and missing-file detection are still enforced; only the branch-upstream proof is skipped in that release context.

package/docs/spec-collaboration-guide.md

@@ -348,7 +348,7 @@ Collaboration metadata is stored in `.sce/specs/{spec-name}/collaboration.json`:
     }
   ],
   "assignment": {
-    "kiroInstance": "SCE-1",
+    "sceInstance": "SCE-1",
     "assignedAt": "2026-02-01T10:00:00Z"
   },
   "status": {

package/docs/state-migration-reconciliation-runbook.md

@@ -0,0 +1,76 @@
+# State Migration Reconciliation Runbook
+
+Use this runbook when working with the current file-to-SQLite migration surface.
+
+## Normal Flow
+
+1. Inspect scope
+   - `sce state plan --json`
+2. Diagnose drift
+   - `sce state doctor --json`
+3. Apply repair
+   - `sce state reconcile --all --apply --json`
+4. Re-check gate posture
+   - `node scripts/state-migration-reconciliation-gate.js --fail-on-blocking --fail-on-pending --json`
+
+## Severity Model
+
+### Blocking
+
+Treat these as release-blocking anomalies:
+
+- `sqlite-unavailable`
+- `source-parse-error`
+- `sqlite-ahead`
+- `sqlite-only`
+- runtime `sqlite-ahead`
+- runtime `sqlite-only`
+
+Typical meaning:
+
+- `sqlite-ahead`: SQLite contains index rows that are no longer represented by canonical files
+- `sqlite-only`: canonical file source disappeared but SQLite rows still exist
+
+### Alert
+
+Treat these as repairable but non-steady-state conditions:
+
+- `pending-migration`
+- `missing-source`
+- runtime `pending-sync`
+
+Typical meaning:
+
+- `pending-migration`: file source has more records than SQLite index
+- `missing-source`: the project does not currently have that source artifact
+
+## Operator Decisions
+
+### When `pending-migration`
+
+- Run `sce state reconcile --all --apply --json`
+- Re-run `sce state doctor --json`
+- If it persists, inspect source parser assumptions and source file health
+
+### When `sqlite-ahead`
+
+- Treat as anomaly first, not optimization
+- Inspect whether source artifacts were deleted, rotated, or never written
+- Rebuild or re-sync from canonical file source before release
+
+### When `sqlite-only`
+
+- Confirm whether the file source was removed accidentally
+- Restore canonical files when possible
+- Do not normalize this into a permanent state for current migration-scope components
+
+### When `missing-source`
+
+- If the component is intentionally unused in the current project, keep it advisory
+- If the component should exist for this workflow, generate or restore the source artifact and reconcile
+
+## Related Commands
+
+- `npm run gate:state-migration-reconciliation`
+- `npm run audit:state-storage`
+- `npm run report:interactive-approval-projection`

package/docs/state-storage-tiering.md

@@ -0,0 +1,104 @@
+# State Storage Tiering
+
+SCE uses a selective SQLite strategy.
+
+The operating rule is:
+
+- keep canonical evidence, audit, recovery payloads, and low-cardinality personal state in files
+- use SQLite for registry/index workloads with real query pressure
+- allow SQLite projections for append-only streams only when they are rebuildable from files
+
+## Tiers
+
+### `file-source`
+
+Use this tier when:
+
+- the file is the canonical evidence or audit artifact
+- the resource is a small personal or local configuration object
+- manual inspection, Git diff, and recovery are more important than indexed querying
+
+Examples:
+
+- `~/.sce/workspace-state.json`
+- `.sce/reports/**/*.jsonl`
+- `.sce/audit/**/*.jsonl`
+- `.sce/timeline/snapshots/**`
+- `.sce/session-governance/sessions/**`
+
+### `sqlite-index`
+
+Use this tier when:
+
+- the canonical content still lives in files
+- the resource behaves like a registry or index
+- repeated filtering, sorting, and cross-run queries justify an index
+
+Current active scope:
+
+- `collab.agent-registry` -> `.sce/config/agent-registry.json`
+- `runtime.timeline-index` -> `.sce/timeline/index.json`
+- `runtime.scene-session-index` -> `.sce/session-governance/scene-index.json`
+- `errorbook.entry-index` -> `.sce/errorbook/index.json`
+- `errorbook.incident-index` -> `.sce/errorbook/staging/index.json`
+- `governance.spec-scene-overrides` -> `.sce/spec-governance/spec-scene-overrides.json`
+- `governance.scene-index` -> `.sce/spec-governance/scene-index.json`
+- `release.evidence-runs-index` -> `.sce/reports/release-evidence/handoff-runs.json`
+- `release.gate-history-index` -> `.sce/reports/release-evidence/release-gate-history.json`
+
+### `derived-sqlite-projection`
+
+Use this tier only when:
+
+- the source remains append-only files
+- the projection can be deleted and rebuilt
+- reads clearly disclose when SQLite projection is used
+
+This tier is for query acceleration, not source-of-truth replacement.
+
+## Admission Rubric
+
+A resource should only enter SQLite scope when all of the following are true:
+
+1. Cross-run or cross-session query pressure is real.
+2. File scans are materially weaker than indexed filtering/sorting.
+3. SQLite rows are rebuildable from a canonical file or stream.
+4. Diagnostics, reconcile behavior, and operator guidance are defined up front.
+
+Reject SQLite source migration when any of the following are true:
+
+1. The resource is raw audit or evidence.
+2. The resource is low-cardinality workspace or preference state.
+3. Human-readable recovery and Git diff matter more than query speed.
+4. The change would silently cut over the source of truth.
+
+## Current Classification
+
+| Resource | Tier | Why |
+| --- | --- | --- |
+| `~/.sce/workspace-state.json` | `file-source` | Atomic personal state; no meaningful query pressure |
+| `.sce/reports/**/*.jsonl` | `file-source` | Canonical append-only governance/evidence streams |
+| `.sce/audit/**/*.jsonl` | `file-source` | Canonical audit evidence |
+| `.sce/timeline/index.json` | `sqlite-index` | Index-like query workload |
+| `.sce/session-governance/scene-index.json` | `sqlite-index` | Registry-like query workload |
+| `.sce/errorbook/index.json` | `sqlite-index` | Filtered status/quality lookup |
+| `.sce/errorbook/staging/index.json` | `sqlite-index` | Incident triage lookup |
+| `.sce/spec-governance/*.json` indexes | `sqlite-index` | Governance registry lookup |
+| `.sce/reports/release-evidence/handoff-runs.json` | `sqlite-index` | Historical release summary lookup |
+| `.sce/reports/release-evidence/release-gate-history.json` | `sqlite-index` | Gate history lookup |
+| `.sce/timeline/snapshots/**` | `file-source` | Recovery payloads |
+| `.sce/session-governance/sessions/**` | `file-source` | Session payload archives |
+
+## Operator Rules
+
+- Do not propose blanket sqlite-ization.
+- Before adding a new SQLite candidate, update `.sce/config/state-storage-policy.json`.
+- Run `npm run audit:state-storage` after changing state storage behavior.
+- If the resource is append-only evidence, prefer a projection pilot over source migration.
+
+## Related Assets
+
+- Policy file: `.sce/config/state-storage-policy.json`
+- Audit command: `npm run audit:state-storage`
+- Machine-readable report: `npm run report:state-storage`
+- State migration commands: `sce state plan|doctor|migrate|reconcile`

package/docs/zh/releases/README.md

@@ -9,6 +9,12 @@
 ## 历史版本归档
 
 - [发布检查清单](../release-checklist.md)
+- [v3.6.44 发布说明](./v3.6.44.md)
+- [v3.6.43 发布说明](./v3.6.43.md)
+- [v3.6.42 发布说明](./v3.6.42.md)
+- [v3.6.41 发布说明](./v3.6.41.md)
+- [v3.6.40 发布说明](./v3.6.40.md)
+- [v3.6.39 发布说明](./v3.6.39.md)
 - [v3.6.38 发布说明](./v3.6.38.md)
 - [v3.6.37 发布说明](./v3.6.37.md)
 - [v1.46.2 发布说明](./v1.46.2.md)（历史归档）

package/docs/zh/releases/v3.6.39.md

@@ -0,0 +1,24 @@
+# v3.6.39 发布说明
+
+发布日期：2026-03-13
+
+## 重点变化
+
+- 新增规范化的状态存储分层策略、迁移对账 runbook，以及配套 audit/report 工具，明确 SQLite 只承担受控索引层，不替代文件真源。
+- 扩展并加固了 `sce scene` 命令族，补齐多类命令覆盖、性质测试和 JSON summary 输出边界处理。
+- 完成 `115-00-sce-quality-hardening-program` 主 Spec 的集成收口，包含 `watch logs --follow` 补完，以及不依赖 `forceExit` 的 Jest open-handle 治理。
+
+## 验证
+
+- `node bin/sce.js collab status 115-00-sce-quality-hardening-program --graph`
+- `npm run test:smoke`
+- `npm run test:skip-audit`
+- `npm run test:brand-consistency`
+- `npm run test:full`
+- `npm run test:handles`
+
+## 发布说明
+
+- 状态持久化现在有了明确分层：证据、审计和操作员可读文件继续保持 canonical，SQLite 仅用于可重建索引或投影。
+- `scene` 命令面已经更接近稳定发布状态，publish/install/info/diff/validate/owner/tag/stats/lock/contribute/version 等流都有专门测试和 closeout 证据。
+- 质量门禁建议串行执行；`test:full` 与 `test:handles` 在串行场景下均已验证通过。

package/docs/zh/releases/v3.6.40.md

@@ -0,0 +1,19 @@
+# v3.6.40 发布说明
+
+发布日期：2026-03-13
+
+## 重点变化
+
+- 新增 spec 交付同步治理能力。每个 spec 可以声明真实交付文件，SCE 会在 handoff 或 release 前校验这些文件是否已纳入 git、已提交并具备 upstream 同步证明。
+- 新增 `sce workspace delivery-audit` 命令，并将其接入 auto handoff preflight/run 与 studio release gate。
+- 使用新的 `121-00-spec-delivery-sync-integrity-gate` spec 和对应交付清单对这项能力进行了自举治理。
+
+## 验证
+
+- `npx jest tests/unit/workspace/spec-delivery-audit.test.js tests/unit/commands/auto.test.js tests/unit/auto/handoff-run-service.test.js tests/unit/commands/studio.test.js tests/integration/workspace-delivery-audit-cli.integration.test.js --runInBand`
+
+## 发布说明
+
+- 这项能力刻意采用 `manifest + audit + gate`，而不是做自动文件同步工具；git 仍然是唯一可信的交付事实来源。
+- 一旦 spec 提供了 delivery manifest，blocking 模式下若声明文件缺失、未跟踪、工作区有脏改动，或分支相对 upstream 未同步，都会直接失败。
+- 对于尚未建立 delivery manifest 的老仓库，默认仍保持 advisory 模式，不会立刻形成硬阻断。