scene-capability-engine 3.6.39 → 3.6.45

package/CHANGELOG.md

@@ -7,6 +7,65 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 
 ## [Unreleased]
 
+## [3.6.45] - 2026-03-13
+
+### Added
+- Added collaboration governance auditing via `lib/workspace/collab-governance-audit.js` and the new `sce workspace collab-governance-audit` command to check collaboration Git boundaries, runtime-state tracking drift, multi-agent config presence/validity, legacy `.kiro*` references, and steering boundary hygiene.
+- Added Spec `122-00-sce-collab-governance-audit` with requirements, design, tasks, and a dogfooded delivery manifest to formalize the new co-work governance capability.
+- Added unit/integration coverage for collaboration governance drift scenarios, including missing ignore rules, tracked runtime files, legacy naming references, and strict CLI failure behavior.
+
+### Changed
+- Expanded the repository `.gitignore` collaboration boundary rules to cover coordination logs, machine identity, spec lock directories, `tasks.md.lock`, and steering lock/pending runtime files.
+- Seeded `.sce/config/multi-agent.json` as the canonical project-level multi-agent config baseline for governance auditing and future co-work enablement.
+
+### Fixed
+- Removed `.sce/steering/CURRENT_CONTEXT.md` from Git tracking so the repository now conforms to its own runtime/personal-state governance boundary.
+
+## [3.6.44] - 2026-03-13
+
+### Fixed
+- Fixed spec delivery sync auditing in GitHub tag-release workflows so detached `HEAD` checkouts no longer fail the hard gate for missing upstream tracking, while declared deliverable tracking and worktree integrity checks remain enforced.
+
+## [3.6.43] - 2026-03-13
+
+### Changed
+- Tightened release-gate preflight blocking semantics so advisory drift alerts no longer hard-block release publish unless drift produced blocked runs.
+- Updated the release workflow preflight step to print the captured preflight JSON when `sce auto handoff preflight-check --require-pass` fails, so future release failures expose the actual blocking reasons immediately.
+
+## [3.6.42] - 2026-03-13
+
+### Changed
+- Hardened release-gate preflight loading so `sce auto handoff preflight-check` now falls back to the latest `release-gate-*.json` report when the history index is missing, empty, or temporarily unavailable during release execution.
+- Improved release workflow diagnostics for `Build release gate history index` by capturing and surfacing the command stderr in release evidence artifacts instead of masking the underlying failure behind an empty summary.
+
+### Fixed
+- Fixed release history loading so a single malformed release-gate report or seed entry is skipped with a warning instead of aborting the entire gate-index build.
+
+## [3.6.41] - 2026-03-13
+
+### Added
+- Added targeted regression coverage in `tests/unit/collab/collab-manager.test.js` to lock the collaboration assignment metadata migration on `sceInstance` while preserving legacy read compatibility.
+
+### Changed
+- Completed SCE takeover baseline alignment for the repository and committed the managed `.sce` baseline state used by takeover audit/apply flows.
+- Migrated active runtime naming from legacy `kiro*` internals to `sce*` across backup, adoption, bootstrap, spec-gate, auto, repo-config, and CLI-init paths so the live codebase reflects SCE ownership consistently.
+- Updated developer-facing docs and adoption tests to use `hasSceDir` / `sceInstance` as the canonical naming while preserving compatibility aliases where old project state may still exist.
+
+### Fixed
+- Fixed collaboration assignment persistence so new metadata writes `sceInstance` instead of the stale `kiroInstance` field, while graph/status readers still accept older metadata written by previous versions.
+
+## [3.6.40] - 2026-03-13
+
+### Added
+- Added spec delivery sync auditing via `lib/workspace/spec-delivery-audit.js` and the new `sce workspace delivery-audit` command so specs can declare required deliverables in `.sce/specs/<spec>/deliverables.json`.
+- Added Spec `121-00-spec-delivery-sync-integrity-gate` with requirements, design, tasks, and a dogfooded delivery manifest to formalize this governance capability.
+- Added unit/integration coverage for delivery-sync behavior across workspace CLI, handoff preflight/run orchestration, and studio release gating.
+
+### Changed
+- Wired auto-handoff preflight and run precheck to evaluate declared spec deliverables against git tracking, worktree cleanliness, and upstream sync state.
+- Extended studio release gating so spec delivery sync audit is now a required release-evidence step alongside the existing git/errorbook/handoff gates.
+- Exported reusable git helper functions from `scripts/git-managed-gate.js` so higher-level workspace governance checks can share the same branch/upstream parsing logic.
+
 ## [3.6.39] - 2026-03-13
 
 ### Added

package/bin/scene-capability-engine.js

@@ -33,6 +33,8 @@ const {
   migrateLegacyKiroDirectories,
 } = require('../lib/workspace/legacy-kiro-migrator');
 const { auditSceTracking } = require('../lib/workspace/sce-tracking-audit');
+const { auditSpecDeliverySync } = require('../lib/workspace/spec-delivery-audit');
+const { auditCollabGovernance } = require('../lib/workspace/collab-governance-audit');
 const { applyTakeoverBaseline } = require('../lib/workspace/takeover-baseline');
 
 const i18n = getI18n();
@@ -169,7 +171,9 @@ function isLegacyMigrationAllowlistedCommand(args) {
 
   if (command === 'workspace') {
     const subcommand = args[commandIndex + 1];
-    return subcommand === 'legacy-scan' || subcommand === 'legacy-migrate';
+    return subcommand === 'legacy-scan'
+      || subcommand === 'legacy-migrate'
+      || subcommand === 'collab-governance-audit';
   }
 
   return false;
@@ -197,7 +201,7 @@ function isTakeoverAutoApplySkippedCommand(args) {
   }
 
   const subcommand = args[commandIndex + 1];
-  return subcommand === 'takeover-audit';
+  return subcommand === 'takeover-audit' || subcommand === 'collab-governance-audit';
 }
 
 /**
@@ -259,8 +263,8 @@ program
     }
 
     // 检查是否已存在 .sce 目录
-    const kiroDir = path.join(process.cwd(), '.sce');
-    if (fs.existsSync(kiroDir) && !options.force) {
+    const sceDir = path.join(process.cwd(), '.sce');
+    if (fs.existsSync(sceDir) && !options.force) {
       console.log(chalk.yellow(t('cli.commands.init.alreadyExists')));
       const { overwrite } = await inquirer.prompt([
         {
@@ -783,6 +787,76 @@ workspaceCmd
     console.log(chalk.gray(`Conflict files: ${report.conflict_files}`));
   });
 
+workspaceCmd
+  .command('collab-governance-audit')
+  .description('Audit collaboration governance boundaries, runtime git hygiene, and legacy naming drift')
+  .option('--json', 'Output in JSON format')
+  .option('--strict', 'Exit non-zero when collaboration governance violations are found')
+  .action(async (options) => {
+    const report = await auditCollabGovernance(process.cwd());
+
+    if (options.json) {
+      console.log(JSON.stringify(report, null, 2));
+    } else if (report.passed) {
+      console.log(chalk.green('✓ Collaboration governance audit passed.'));
+      console.log(chalk.gray(`Missing ignore rules: ${report.summary.missing_gitignore_rules}`));
+      console.log(chalk.gray(`Legacy references: ${report.summary.legacy_reference_count}`));
+      if (report.warnings.length > 0) {
+        report.warnings.forEach((item) => console.log(chalk.gray(`  - ${item}`)));
+      }
+    } else {
+      console.log(chalk.red('✖ Collaboration governance audit failed.'));
+      report.violations.forEach((item) => console.log(chalk.gray(`  - ${item}`)));
+      if (report.warnings.length > 0) {
+        console.log(chalk.yellow('Warnings:'));
+        report.warnings.forEach((item) => console.log(chalk.gray(`  - ${item}`)));
+      }
+    }
+
+    if (!report.passed && options.strict) {
+      process.exitCode = 1;
+    }
+  });
+
+workspaceCmd
+  .command('delivery-audit')
+  .description('Audit spec delivery manifests against git tracking and upstream sync state')
+  .option('--spec <name>', 'Audit one spec only')
+  .option('--require-manifest', 'Fail when no deliverables.json manifests are found')
+  .option('--json', 'Output in JSON format')
+  .option('--strict', 'Exit non-zero when delivery sync violations are found')
+  .action(async (options) => {
+    const report = await auditSpecDeliverySync(process.cwd(), {
+      spec: options.spec,
+      requireManifest: options.requireManifest === true
+    });
+
+    if (options.json) {
+      console.log(JSON.stringify(report, null, 2));
+    } else if (report.passed) {
+      if (report.reason === 'no-manifests') {
+        console.log(chalk.yellow('⚠ Spec delivery audit found no manifests.'));
+      } else {
+        console.log(chalk.green('✓ Spec delivery audit passed.'));
+      }
+      console.log(chalk.gray(`Manifest count: ${report.summary.manifest_count}`));
+      if (report.warnings.length > 0) {
+        report.warnings.forEach((item) => console.log(chalk.gray(`  - ${item}`)));
+      }
+    } else {
+      console.log(chalk.red('✖ Spec delivery audit failed.'));
+      report.violations.forEach((item) => console.log(chalk.gray(`  - ${item}`)));
+      if (report.warnings.length > 0) {
+        console.log(chalk.yellow('Warnings:'));
+        report.warnings.forEach((item) => console.log(chalk.gray(`  - ${item}`)));
+      }
+    }
+
+    if (!report.passed && options.strict) {
+      process.exitCode = 1;
+    }
+  });
+
 workspaceCmd
   .command('tracking-audit')
   .description('Audit tracked .sce assets required for deterministic CI/release behavior')

package/docs/command-reference.md

@@ -347,6 +347,11 @@ sce workspace legacy-migrate --dry-run --json
 sce workspace tracking-audit
 sce workspace tracking-audit --json
 
+# Audit collaboration governance boundaries and legacy naming drift
+sce workspace collab-governance-audit
+sce workspace collab-governance-audit --json
+sce workspace collab-governance-audit --strict
+
 # Audit takeover baseline drift (non-mutating)
 sce workspace takeover-audit
 sce workspace takeover-audit --json

package/docs/developer-guide.md

@@ -424,7 +424,7 @@ Analyzes project structure and returns analysis result.
 {
   mode: 'fresh' | 'partial' | 'full',
   projectType: 'nodejs' | 'python' | 'mixed',
-  hasKiroDir: boolean,
+  hasSceDir: boolean,
   hasSpecs: boolean,
   hasVersion: boolean,
   conflicts: string[],

package/docs/releases/README.md

@@ -9,6 +9,12 @@ This directory stores release-facing documents:
 ## Archived Versions
 
 - [Release checklist](../release-checklist.md)
+- [v3.6.45 release notes](./v3.6.45.md)
+- [v3.6.44 release notes](./v3.6.44.md)
+- [v3.6.43 release notes](./v3.6.43.md)
+- [v3.6.42 release notes](./v3.6.42.md)
+- [v3.6.41 release notes](./v3.6.41.md)
+- [v3.6.40 release notes](./v3.6.40.md)
 - [v3.6.39 release notes](./v3.6.39.md)
 - [v3.6.38 release notes](./v3.6.38.md)
 - [v3.6.37 release notes](./v3.6.37.md)

package/docs/releases/v3.6.40.md

@@ -0,0 +1,19 @@
+# v3.6.40 Release Notes
+
+Release date: 2026-03-13
+
+## Highlights
+
+- Added spec delivery sync governance so each spec can declare its real deliverables and SCE can verify those files are tracked, committed, and upstream-synced before release or handoff.
+- Added a dedicated `sce workspace delivery-audit` command and wired it into auto-handoff preflight/run plus studio release gates.
+- Dogfooded the capability with a new `121-00-spec-delivery-sync-integrity-gate` spec and matching delivery manifest.
+
+## Verification
+
+- `npx jest tests/unit/workspace/spec-delivery-audit.test.js tests/unit/commands/auto.test.js tests/unit/auto/handoff-run-service.test.js tests/unit/commands/studio.test.js tests/integration/workspace-delivery-audit-cli.integration.test.js --runInBand`
+
+## Release Notes
+
+- Delivery sync is intentionally implemented as `manifest + audit + gate`, not as an automatic file copy/sync mechanism. Git remains the only source of truth.
+- When manifests exist, blocking specs now fail if declared files are missing, untracked, dirty, or only local because the branch is ahead of upstream.
+- When no delivery manifests exist yet, the audit remains advisory by default, so older repos are not hard-blocked until they opt into explicit deliverable governance.

package/docs/releases/v3.6.41.md

@@ -0,0 +1,20 @@
+# v3.6.41 Release Notes
+
+Release date: 2026-03-13
+
+## Highlights
+
+- Completed a practical SCE takeover cleanup pass so the repo now aligns with the current takeover baseline and active code paths consistently use SCE naming.
+- Fixed collaboration assignment metadata so new writes persist `sceInstance`, while older `kiroInstance` metadata remains readable for backward compatibility.
+- Removed high-value legacy naming drift across active modules such as backup, adoption, bootstrap, spec gate, auto runtime, repo config, and CLI initialization without disturbing the intentional `.kiro` migration layer.
+
+## Verification
+
+- `npx jest tests/unit/collab/collab-manager.test.js tests/unit/adoption/strategy-selector.test.js tests/unit/adoption/adoption-logger.test.js tests/unit/adoption.test.js --runInBand`
+- `node bin/sce.js workspace takeover-audit --json`
+
+## Release Notes
+
+- This release is intentionally a value-focused cleanup, not a blind repository-wide rename. Real legacy migration support for `.kiro` remains in place.
+- Canonical runtime naming is now `hasSceDir` and `sceInstance`; compatibility aliases remain where existing project state or metadata may still depend on older keys.
+- No `.kiro-workspaces` runtime artifact was present in the repository. The shipped work targets only active naming debt and one real collaboration metadata bug.

package/docs/releases/v3.6.42.md

@@ -0,0 +1,19 @@
+# v3.6.42 Release Notes
+
+Release date: 2026-03-13
+
+## Highlights
+
+- Hardened handoff release preflight so release publishing can continue when `release-gate-history.json` is temporarily unavailable but the current `release-gate-*.json` report is present.
+- Made release-gate history loading more fault-tolerant by skipping malformed report or seed entries with warnings instead of aborting the full index build.
+- Improved release workflow diagnostics by persisting `gate-index` stderr into the release evidence bundle when history index generation fails.
+
+## Verification
+
+- `npx jest tests/unit/commands/auto.test.js --runInBand --testNamePattern "preflight-check|falls back to latest release gate report when history index is empty"`
+- `npx jest tests/unit/auto/handoff-release-gate-history-loaders-service.test.js --runInBand`
+
+## Release Notes
+
+- This patch is targeted at the failed `v3.6.41` release workflow path, specifically the chain where history index generation failed and the subsequent hard gate blocked publish.
+- The release policy remains strict. The change only adds a safe fallback to the current gate report and exposes better diagnostics for the real upstream failure.

package/docs/releases/v3.6.43.md

@@ -0,0 +1,17 @@
+# v3.6.43 Release Notes
+
+Release date: 2026-03-13
+
+## Highlights
+
+- Fixed the second-stage release blocker uncovered by `v3.6.42`: advisory drift alerts no longer cause `Enforce handoff preflight hard gate` to fail when there are no drift-blocked runs.
+- Improved release workflow observability again so a failed preflight gate now prints the generated JSON payload directly into the Actions log.
+
+## Verification
+
+- `npx jest tests/unit/commands/auto.test.js --runInBand --testNamePattern "preflight-check|advisory drift alerts without blocked runs|falls back to latest release gate report when history index is empty"`
+
+## Release Notes
+
+- `v3.6.42` fixed the missing-history path, but exposed a separate policy bug where advisory drift alerts were treated as hard blockers.
+- `v3.6.43` narrows the hard gate back to real release blockers: failed latest gate or drift-blocked history.

package/docs/releases/v3.6.44.md

@@ -0,0 +1,17 @@
+# v3.6.44 Release Notes
+
+Release date: 2026-03-13
+
+## Highlights
+
+- Fixed the final release blocker in GitHub Actions tag workflows: spec delivery sync now accepts detached `HEAD` release checkouts when declared deliverables are tracked and the worktree is clean.
+
+## Verification
+
+- `npx jest tests/unit/workspace/spec-delivery-audit.test.js --runInBand`
+- `npx jest tests/unit/commands/auto.test.js --runInBand --testNamePattern "preflight-check|advisory drift alerts without blocked runs|falls back to latest release gate report when history index is empty"`
+
+## Release Notes
+
+- This patch specifically targets GitHub Actions `push` workflows on `v*` tags, where the repository is checked out at detached `HEAD` and therefore has no upstream tracking branch by design.
+- Deliverable tracking, worktree cleanliness, and missing-file detection are still enforced; only the branch-upstream proof is skipped in that release context.

package/docs/releases/v3.6.45.md

@@ -0,0 +1,18 @@
+# v3.6.45 Release Notes
+
+Release date: 2026-03-13
+
+## Highlights
+
+- Added `sce workspace collab-governance-audit` to convert collaboration governance drift into an executable audit, covering `.gitignore` boundaries, runtime-state tracking, `multi-agent.json`, legacy `.kiro*` references, and `.sce/steering/` boundary hygiene.
+- Brought the repository itself into compliance by extending the collaboration ignore rules, seeding `.sce/config/multi-agent.json`, and removing `.sce/steering/CURRENT_CONTEXT.md` from Git tracking while preserving the local file.
+
+## Verification
+
+- `npx jest tests/unit/workspace/collab-governance-audit.test.js tests/integration/workspace-collab-governance-audit-cli.integration.test.js --runInBand`
+- `node bin/sce.js workspace collab-governance-audit --strict`
+
+## Release Notes
+
+- This patch is intentionally audit-first. It adds a reusable governance gate for co-work drift, rather than introducing auto-migration or hidden cross-machine sync behavior.
+- The shipped baseline now reflects the intended runtime boundary: collaboration runtime files stay local, while shared config and specs remain versioned.

package/docs/spec-collaboration-guide.md

@@ -348,7 +348,7 @@ Collaboration metadata is stored in `.sce/specs/{spec-name}/collaboration.json`:
     }
   ],
   "assignment": {
-    "kiroInstance": "SCE-1",
+    "sceInstance": "SCE-1",
     "assignedAt": "2026-02-01T10:00:00Z"
   },
   "status": {

package/docs/zh/releases/README.md

@@ -9,6 +9,12 @@
 ## 历史版本归档
 
 - [发布检查清单](../release-checklist.md)
+- [v3.6.45 发布说明](./v3.6.45.md)
+- [v3.6.44 发布说明](./v3.6.44.md)
+- [v3.6.43 发布说明](./v3.6.43.md)
+- [v3.6.42 发布说明](./v3.6.42.md)
+- [v3.6.41 发布说明](./v3.6.41.md)
+- [v3.6.40 发布说明](./v3.6.40.md)
 - [v3.6.39 发布说明](./v3.6.39.md)
 - [v3.6.38 发布说明](./v3.6.38.md)
 - [v3.6.37 发布说明](./v3.6.37.md)

package/docs/zh/releases/v3.6.40.md

@@ -0,0 +1,19 @@
+# v3.6.40 发布说明
+
+发布日期：2026-03-13
+
+## 重点变化
+
+- 新增 spec 交付同步治理能力。每个 spec 可以声明真实交付文件，SCE 会在 handoff 或 release 前校验这些文件是否已纳入 git、已提交并具备 upstream 同步证明。
+- 新增 `sce workspace delivery-audit` 命令，并将其接入 auto handoff preflight/run 与 studio release gate。
+- 使用新的 `121-00-spec-delivery-sync-integrity-gate` spec 和对应交付清单对这项能力进行了自举治理。
+
+## 验证
+
+- `npx jest tests/unit/workspace/spec-delivery-audit.test.js tests/unit/commands/auto.test.js tests/unit/auto/handoff-run-service.test.js tests/unit/commands/studio.test.js tests/integration/workspace-delivery-audit-cli.integration.test.js --runInBand`
+
+## 发布说明
+
+- 这项能力刻意采用 `manifest + audit + gate`，而不是做自动文件同步工具；git 仍然是唯一可信的交付事实来源。
+- 一旦 spec 提供了 delivery manifest，blocking 模式下若声明文件缺失、未跟踪、工作区有脏改动，或分支相对 upstream 未同步，都会直接失败。
+- 对于尚未建立 delivery manifest 的老仓库，默认仍保持 advisory 模式，不会立刻形成硬阻断。

package/docs/zh/releases/v3.6.41.md

@@ -0,0 +1,20 @@
+# v3.6.41 发布说明
+
+发布日期：2026-03-13
+
+## 重点变化
+
+- 完成了一轮务实的 SCE 接管清理，仓库当前已经与 takeover baseline 对齐，活跃代码路径的命名也统一回到了 SCE。
+- 修复协作分配元数据写入逻辑，新写入统一持久化 `sceInstance`，同时继续兼容读取旧的 `kiroInstance` 元数据。
+- 清理了备份、adoption、bootstrap、spec gate、auto runtime、repo config、CLI 初始化等活跃模块中的高价值 legacy 命名漂移，但没有破坏刻意保留的 `.kiro` 迁移兼容层。
+
+## 验证
+
+- `npx jest tests/unit/collab/collab-manager.test.js tests/unit/adoption/strategy-selector.test.js tests/unit/adoption/adoption-logger.test.js tests/unit/adoption.test.js --runInBand`
+- `node bin/sce.js workspace takeover-audit --json`
+
+## 发布说明
+
+- 这次发布刻意只做“有价值清理”，不是全仓盲目重命名。真正的 `.kiro` legacy migration 支持仍然保留。
+- 运行时规范命名现在以 `hasSceDir` 和 `sceInstance` 为准；对历史项目状态和旧元数据所需的兼容别名仍然继续支持。
+- 仓库内并不存在实际的 `.kiro-workspaces` 运行时目录遗留；本次交付主要消化的是活跃命名债和一个真实的协作元数据写入缺陷。

package/docs/zh/releases/v3.6.42.md

@@ -0,0 +1,19 @@
+# v3.6.42 发布说明
+
+发布日期：2026-03-13
+
+## 重点变化
+
+- 加固了 handoff release preflight：当发布过程里 `release-gate-history.json` 临时不可用，但当前 `release-gate-*.json` 已生成时，发布仍可继续判定。
+- 提升了 release-gate history 加载的容错性，单个异常 report 或 seed entry 现在会被告警跳过，而不是直接打断整个 gate-index 构建。
+- 补强了发布工作流诊断信息：当 history index 生成失败时，会把 `gate-index` 的 stderr 一并落到 release evidence 中。
+
+## 验证
+
+- `npx jest tests/unit/commands/auto.test.js --runInBand --testNamePattern "preflight-check|falls back to latest release gate report when history index is empty"`
+- `npx jest tests/unit/auto/handoff-release-gate-history-loaders-service.test.js --runInBand`
+
+## 发布说明
+
+- 这个补丁版直接针对 `v3.6.41` 发布工作流失败链路，重点修复的是 history index 构建失败后又把 publish 阻断的路径。
+- 发布门槛本身没有放松，只是在当前 gate report 已经存在时提供了安全回退，并补上真实上游错误的诊断暴露。

package/docs/zh/releases/v3.6.43.md

@@ -0,0 +1,17 @@
+# v3.6.43 发布说明
+
+发布日期：2026-03-13
+
+## 重点变化
+
+- 修复了 `v3.6.42` 暴露出的第二层发布阻断问题：当 drift 只有 advisory alert、没有 `drift-blocked runs` 时，不再让 `Enforce handoff preflight hard gate` 失败。
+- 再次补强了发布工作流可观测性：如果 preflight gate 失败，现在会把生成出来的 JSON 直接打印到 Actions 日志里。
+
+## 验证
+
+- `npx jest tests/unit/commands/auto.test.js --runInBand --testNamePattern "preflight-check|advisory drift alerts without blocked runs|falls back to latest release gate report when history index is empty"`
+
+## 发布说明
+
+- `v3.6.42` 修的是 history 缺失链路，但同时暴露出另一个策略缺陷：advisory drift alert 被误当成了 hard blocker。
+- `v3.6.43` 把 hard gate 收敛回真正应该阻断发布的条件：最新 release gate 失败，或 history 中存在 drift-blocked runs。

package/docs/zh/releases/v3.6.44.md

@@ -0,0 +1,17 @@
+# v3.6.44 发布说明
+
+发布日期：2026-03-13
+
+## 重点变化
+
+- 修复了 GitHub Actions tag 发布工作流中的最后一个阻断点：当声明交付文件都已被跟踪且工作区干净时，spec delivery sync 现在允许 detached `HEAD` 的 release checkout 通过。
+
+## 验证
+
+- `npx jest tests/unit/workspace/spec-delivery-audit.test.js --runInBand`
+- `npx jest tests/unit/commands/auto.test.js --runInBand --testNamePattern "preflight-check|advisory drift alerts without blocked runs|falls back to latest release gate report when history index is empty"`
+
+## 发布说明
+
+- 这个补丁版专门针对 GitHub Actions 的 `v*` tag push 发布场景；该场景天然是 detached `HEAD`，本来就不具备 branch upstream tracking。
+- 声明文件是否已跟踪、工作区是否干净、是否缺文件这些真正的交付完整性校验仍然继续强制执行；放开的只是该发布环境下无意义的 upstream 证明。

package/docs/zh/releases/v3.6.45.md

@@ -0,0 +1,18 @@
+# v3.6.45 发布说明
+
+发布日期：2026-03-13
+
+## 重点变化
+
+- 新增 `sce workspace collab-governance-audit`，把协作治理漂移变成可执行审计，覆盖 `.gitignore` 边界、运行态文件误入 Git、`multi-agent.json`、遗留 `.kiro*` 引用，以及 `.sce/steering/` 核心区治理。
+- 同步把仓库自身基线校正到合规状态：补齐协作 ignore 规则、落地 `.sce/config/multi-agent.json`，并将 `.sce/steering/CURRENT_CONTEXT.md` 从 Git 跟踪中移除但保留本地文件。
+
+## 验证
+
+- `npx jest tests/unit/workspace/collab-governance-audit.test.js tests/integration/workspace-collab-governance-audit-cli.integration.test.js --runInBand`
+- `node bin/sce.js workspace collab-governance-audit --strict`
+
+## 发布说明
+
+- 这个补丁版刻意采用 audit-first 策略：先把 co-work 治理漂移显式化并形成可复用门禁，而不是直接引入自动迁移或隐式同步。
+- 本次发版后的仓库基线与能力目标一致：协作运行态文件留在本地，共享配置和 spec 继续纳入版本化治理。

package/lib/adoption/adoption-logger.js

@@ -307,7 +307,7 @@ class AdoptionLogger {
    */
   detectionResult(state) {
     this.info('Project state detected', {
-      hasKiroDir: state.hasKiroDir,
+      hasSceDir: state.hasSceDir !== undefined ? state.hasSceDir : state.hasKiroDir,
       hasVersionFile: state.hasVersionFile,
       currentVersion: state.currentVersion,
       targetVersion: state.targetVersion,

package/lib/adoption/adoption-strategy.js

@@ -34,7 +34,7 @@ class AdoptionStrategy {
    * @param {string} projectPath - Absolute path to project root
    * @returns {string}
    */
-  getKiroPath(projectPath) {
+  getScePath(projectPath) {
     return path.join(projectPath, this.sceDir);
   }
 
@@ -65,17 +65,17 @@ class AdoptionStrategy {
   /**
    * Creates initial directory structure
    * 
-   * @param {string} kiroPath - Path to .sce/ directory
+   * @param {string} scePath - Path to .sce/ directory
    * @returns {Promise<void>}
    */
-  async createDirectoryStructure(kiroPath) {
-    await ensureDirectory(kiroPath);
-    await ensureDirectory(path.join(kiroPath, 'specs'));
-    await ensureDirectory(path.join(kiroPath, 'steering'));
-    await ensureDirectory(path.join(kiroPath, 'tools'));
-    await ensureDirectory(path.join(kiroPath, 'config'));
-    await ensureDirectory(path.join(kiroPath, 'backups'));
-    await ensureDirectory(path.join(kiroPath, 'hooks'));
+  async createDirectoryStructure(scePath) {
+    await ensureDirectory(scePath);
+    await ensureDirectory(path.join(scePath, 'specs'));
+    await ensureDirectory(path.join(scePath, 'steering'));
+    await ensureDirectory(path.join(scePath, 'tools'));
+    await ensureDirectory(path.join(scePath, 'config'));
+    await ensureDirectory(path.join(scePath, 'backups'));
+    await ensureDirectory(path.join(scePath, 'hooks'));
   }
 
   /**
@@ -90,7 +90,7 @@ class AdoptionStrategy {
    */
   async copyTemplateFiles(projectPath, options = {}) {
     const { overwrite = false, skip = [], resolutionMap = {} } = options;
-    const kiroPath = this.getKiroPath(projectPath);
+    const scePath = this.getScePath(projectPath);
     const templatePath = this.getTemplatePath();
     
     const created = [];
@@ -144,7 +144,7 @@ class AdoptionStrategy {
       }
       
       const sourcePath = path.join(templatePath, file);
-      const destPath = path.join(kiroPath, file);
+      const destPath = path.join(scePath, file);
       
       // Check if source exists
       const sourceExists = await pathExists(sourcePath);
@@ -208,11 +208,11 @@ class FreshAdoption extends AdoptionStrategy {
     const warnings = [];
     
     try {
-      const kiroPath = this.getKiroPath(projectPath);
+      const scePath = this.getScePath(projectPath);
       
       // Check if .sce/ already exists
-      const kiroExists = await pathExists(kiroPath);
-      if (kiroExists) {
+      const sceExists = await pathExists(scePath);
+      if (sceExists) {
         throw new Error('.sce/ directory already exists - use partial or full adoption');
       }
       
@@ -230,7 +230,7 @@ class FreshAdoption extends AdoptionStrategy {
       }
       
       // Create directory structure
-      await this.createDirectoryStructure(kiroPath);
+      await this.createDirectoryStructure(scePath);
       filesCreated.push('.sce/');
       filesCreated.push('.sce/specs/');
       filesCreated.push('.sce/steering/');
@@ -299,16 +299,16 @@ class PartialAdoption extends AdoptionStrategy {
     const warnings = [];
     
     try {
-      const kiroPath = this.getKiroPath(projectPath);
+      const scePath = this.getScePath(projectPath);
       
       // Check if .sce/ exists
-      const kiroExists = await pathExists(kiroPath);
-      if (!kiroExists) {
+      const sceExists = await pathExists(scePath);
+      if (!sceExists) {
         throw new Error('.sce/ directory does not exist - use fresh adoption');
       }
       
       // Check if version.json exists
-      const versionPath = path.join(kiroPath, 'version.json');
+      const versionPath = path.join(scePath, 'version.json');
       const versionExists = await pathExists(versionPath);
       if (versionExists) {
         warnings.push('version.json already exists - use full adoption for upgrades');
@@ -328,12 +328,12 @@ class PartialAdoption extends AdoptionStrategy {
       }
       
       // Ensure all required directories exist
-      const specsPath = path.join(kiroPath, 'specs');
-      const steeringPath = path.join(kiroPath, 'steering');
-      const toolsPath = path.join(kiroPath, 'tools');
-      const configPath = path.join(kiroPath, 'config');
-      const backupsPath = path.join(kiroPath, 'backups');
-      const hooksPath = path.join(kiroPath, 'hooks');
+      const specsPath = path.join(scePath, 'specs');
+      const steeringPath = path.join(scePath, 'steering');
+      const toolsPath = path.join(scePath, 'tools');
+      const configPath = path.join(scePath, 'config');
+      const backupsPath = path.join(scePath, 'backups');
+      const hooksPath = path.join(scePath, 'hooks');
       
       if (!await pathExists(specsPath)) {
         await ensureDirectory(specsPath);
@@ -437,11 +437,11 @@ class FullAdoption extends AdoptionStrategy {
     const warnings = [];
     
     try {
-      const kiroPath = this.getKiroPath(projectPath);
+      const scePath = this.getScePath(projectPath);
       
       // Check if .sce/ exists
-      const kiroExists = await pathExists(kiroPath);
-      if (!kiroExists) {
+      const sceExists = await pathExists(scePath);
+      if (!sceExists) {
         throw new Error('.sce/ directory does not exist - use fresh adoption');
       }