scene-capability-engine 3.6.46 → 3.6.47

package/CHANGELOG.md

@@ -7,6 +7,17 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 
 ## [Unreleased]
 
+## [3.6.47] - 2026-03-14
+
+### Changed
+- Promoted "clarification before disable" to a global SCE baseline rule: missing business scene/module/page/entity context now defaults to clarification in builtin interactive governance, is written into steering/template core principles, and is documented as mandatory for all SCE-integrated projects with no exceptions.
+- Added `clarification-first-audit` as a release/audit guard so core scripts, policy/docs, starter/template baselines, and legacy fallback phrases are continuously checked for regression.
+- Wired `clarification-first-audit` into `test.yml`, `release.yml`, and `steering-hygiene.yml` so CI, tag releases, and scheduled hygiene runs all enforce the clarification-first baseline.
+- Extended takeover baseline auto-alignment so older adopted projects also repair missing clarification-first `CORE_PRINCIPLES` content during best-effort startup/default alignment.
+- Added CLI integration coverage for `sce adopt`, `sce upgrade`, and startup takeover auto-alignment so clarification-first baseline propagation is verified end-to-end on real project fixtures.
+- Extended takeover baseline to auto-create `.sce/config/errorbook-registry.json` and to inventory project-defined mistake-book/postmortem style artifacts so SCE takeover converges them into the canonical `errorbook` flow instead of letting parallel mechanisms coexist.
+- Added three more global core principles to the steering baseline: forbid blind fixes without problem evidence, require evaluation before any steering entry is added/removed/rewritten, and default frontend/backend mismatch fixes to align the frontend to the existing backend API contract unless an interface change is explicitly requested.
+
 ## [3.6.46] - 2026-03-13
 
 ### Added

package/README.md

@@ -139,6 +139,7 @@ sce auth status --json
 SCE is opinionated by default.
 
 - `studio plan` runs intake and scene/spec governance unless policy explicitly allows bypass.
+- When business scene/module/page/entity context is missing, SCE must route to clarification first; unknown business scope must not be turned into blanket disable.
 - `verify` and `release` enforce problem-closure and related gates when a spec is bound.
 - Autonomous program execution applies gate evaluation, fallback-chain logic, governance replay, and auto-remediation.
 - State persistence prefers SQLite, not ad hoc local caches.

package/README.zh.md

@@ -144,6 +144,7 @@ sce auth status --json
 SCE 默认是强治理的。
 
 - `studio plan` 默认执行 intake 与 scene/spec 治理，除非策略显式允许绕过
+- 缺少业务场景/模块/页面/实体上下文时，SCE 必须先进入澄清，而不是把未知业务范围直接变成一刀切禁用
 - 当 spec 绑定时，`verify` 和 `release` 默认执行 problem-closure 等相关门禁
 - `close-loop-program` 默认带 gate 评估、fallback-chain、governance replay、auto-remediation
 - 状态持久化默认优先走 SQLite，而不是零散本地缓存

package/docs/agent-runtime/symbol-evidence.schema.json

@@ -86,7 +86,7 @@
           "type": "string",
           "enum": [
             "allow_write",
-            "block_high_risk_write"
+            "clarify_business_scope"
           ]
         },
         "advisory": {

package/docs/command-reference.md

@@ -366,6 +366,8 @@ sce workspace takeover-apply --json
 # until manual migration is completed.
 # For adopted projects, startup auto-runs takeover baseline alignment
 # before command execution (best effort, non-blocking).
+# Takeover alignment now also repairs missing clarification-first
+# CORE_PRINCIPLES baseline when older adopted projects drift.
 
 # Legacy commands (still supported)
 sce workspace sync
@@ -1806,8 +1808,14 @@ Interactive dialogue governance helper (script-level communication-rule gate):
   - Default policy: `docs/interactive-customization/dialogue-governance-policy-baseline.json` (fallback builtin policy when missing)
   - Default authorization dialogue policy: `docs/interactive-customization/authorization-dialogue-policy-baseline.json`
   - Default profile: `business-user` (use `system-maintainer` for maintenance/operator conversations)
+  - Missing business scene/module/page/entity context defaults to `clarify`; unknown scope must not be converted into blanket disable fallback.
   - `--fail-on-deny` exits with code `2` to block unsafe requests in CI/automation.
 
+Clarification-first baseline audit helper:
+- `node scripts/clarification-first-audit.js [--project-path <path>] [--out <path>] [--fail-on-violation] [--json]`: verify that SCE global clarification-first baselines are present across core scripts, policy/docs, starter/template assets, and that legacy blanket-disable phrases do not reappear in tracked source/docs.
+  - Default behavior: audit current project root.
+  - `--fail-on-violation` exits with code `2` when required clarification-first baselines drift or prohibited legacy phrases are detected.
+
 Interactive change-plan generator helper (script-level stage-B planning bridge):
 - `node scripts/interactive-plan-build.js --intent <path> [--context <path>] [--execution-mode <suggestion|apply>] [--out-plan <path>] [--out-markdown <path>] [--json]`: generate structured `Change_Plan` from `Change_Intent`, including action candidates, risk level, verification checks, rollback plan, approval status, and gate hint command.
   - Default outputs:

package/docs/interactive-customization/dialogue-governance-policy-baseline.json

@@ -41,11 +41,13 @@
     "Always restate objective, scope, and expected impact before recommendations.",
     "When risk or permission is involved, explicitly list required approvals and authorization.",
     "If requirement is ambiguous, ask at most two focused clarification questions.",
+    "If business scene, module, page, entity, or constraints are missing, clarify and narrow scope before using any fallback restriction; do not replace understanding with blanket disable.",
     "Never propose credential export, approval bypass, or secret leakage."
   ],
   "clarification_templates": [
     "What business metric should improve first (speed, accuracy, cost, compliance)?",
-    "Which module/page should be changed first, and what must remain unchanged?"
+    "Which module/page should be changed first, and what must remain unchanged?",
+    "Which entity or business rule is affected, and what constraint must stay intact?"
   ],
   "profiles": {
     "business-user": {
@@ -75,6 +77,7 @@
       ],
       "response_rules": [
         "For maintenance requests, require change ticket, rollback plan, and approval role before execution.",
+        "When business context is incomplete, ask for the affected module/page/entity before considering deny or write restrictions.",
         "If request targets production, require staged validation evidence first."
       ],
       "clarification_templates": [

package/docs/interactive-customization/embedded-assistant-authorization-dialogue-rules.md

@@ -31,6 +31,7 @@ This guide defines mandatory conversation and authorization behavior for an embe
 3. Confirmation before mutation:
 - For `apply`, assistant must ask a final explicit confirmation.
 - Confirmation text must include impact summary and rollback availability.
+- Missing business scene/context must trigger clarification first; it must not be treated as a reason to blanket-disable the request.
 
 ## 4. Step-Up Authorization Rules
 
@@ -49,6 +50,10 @@ This guide defines mandatory conversation and authorization behavior for an embe
   - reject execution,
   - explain the blocked policy reason in plain language,
   - provide at least one safe alternative (`suggestion`, ticket, or scope reduction).
+- If business context or symbol evidence is incomplete, assistant must:
+  - ask for missing `module/page/entity/business constraint` details,
+  - reduce scope to a verifiable change candidate,
+  - avoid using fallback as a blanket disable substitute before context is understood.
 - If environment is rate-limited or unstable (`429`/timeouts), assistant must:
   - avoid aggressive retries,
   - switch to phased queue execution guidance,

package/docs/releases/README.md

@@ -9,6 +9,7 @@ This directory stores release-facing documents:
 ## Archived Versions
 
 - [Release checklist](../release-checklist.md)
+- [v3.6.47 release notes](./v3.6.47.md)
 - [v3.6.46 release notes](./v3.6.46.md)
 - [v3.6.45 release notes](./v3.6.45.md)
 - [v3.6.44 release notes](./v3.6.44.md)

package/docs/releases/v3.6.47.md

@@ -0,0 +1,23 @@
+# v3.6.47 Release Notes
+
+Release date: 2026-03-14
+
+## Highlights
+
+- Promoted clarification-first into an SCE-wide baseline: when business scene, module, page, entity, or constraints are unclear, the assistant must narrow scope first instead of converting uncertainty into blanket disable.
+- Extended takeover baseline alignment so adopted and upgraded projects automatically repair missing core principles, auto-seed `.sce/config/errorbook-registry.json`, and inventory project-defined postmortem or mistake-book style mechanisms for convergence into `.sce/errorbook`.
+- Added three more global steering baselines: no blind fixes without problem evidence, no arbitrary steering entry add/remove without evaluation, and frontend/backend mismatch fixes must default to the existing backend API contract unless an interface change is explicitly requested.
+
+## Validation
+
+- `npx jest tests/unit/workspace/takeover-baseline.test.js --runInBand`
+- `npx jest tests/integration/adopt-upgrade-clarification-first.integration.test.js --runInBand`
+- `npx jest tests/integration/takeover-baseline-cli.integration.test.js --runInBand`
+- `npm run audit:steering`
+- `npm run gate:errorbook-registry-health`
+- `npm run prepublishOnly`
+
+## Release Notes
+
+- This patch release formalizes the steering and takeover rules discussed during recent SCE hardening work, so they are no longer implicit operator expectations but enforced project baselines.
+- Existing SCE-integrated projects now inherit these rules automatically through startup takeover alignment, `sce adopt`, and `sce upgrade`, which prevents drift between newly adopted projects and older onboarded repositories.

package/docs/sce-business-mode-map.md

@@ -34,6 +34,8 @@ After SCE integration is enabled:
 5. `gated execution`: runtime policy + authorization tier + approval gate.
 6. `execution + audit`: execute or block, then emit summary and evidence.
 
+If business scene or symbol evidence is incomplete, route to scope clarification first instead of using a blanket fallback disable.
+
 ## 5. Mode Playbooks
 
 ### 5.1 user-mode (business usage UI)
@@ -100,4 +102,3 @@ See also: `docs/security-governance-default-baseline.md`
 3. Enable required gate artifacts and audit logs.
 4. Run weekly governance and release gates.
 5. Keep capability matrix and ontology mapping updated per release.
-

package/docs/sce-capability-matrix-e2e-example.md

@@ -27,7 +27,8 @@ node scripts/symbol-evidence-locate.js \
 
 Expected:
 - reliable evidence => `fallback_action=allow_write`
-- no reliable evidence => `fallback_action=block_high_risk_write` and exit code `2`
+- no reliable evidence => `fallback_action=clarify_business_scope` and exit code `2`
+- assistant must narrow module/page/entity and business constraints before deciding whether writes should proceed
 
 ## 3) Failure Attribution and Bounded Repair
 

package/docs/security-governance-default-baseline.md

@@ -5,6 +5,8 @@ This baseline is the default operating policy for SCE-driven delivery, including
 ## 1. Context and Data Safety
 
 - Enforce strict context contract validation (`--context-contract`, strict mode on).
+- Missing business scene/module/page/entity context must route to clarification first; unknown scope is never a valid reason for blanket disable.
+- This clarification-first rule applies to every SCE-integrated project and surface with no project-specific exception.
 - Block forbidden keys (for example secrets/private keys) from UI/provider payloads.
 - Keep payload masking enabled for business data and identity fields.
 - Reject context payloads that exceed size budget or schema bounds.

package/docs/starter-kit/README.md

@@ -2,6 +2,8 @@
 
 This starter kit is the default baseline for onboarding an external project (including Moqui-based solutions) into SCE without project-specific flags.
 
+It also inherits SCE's clarification-first rule: if business scene/module/page/entity context is missing, the assistant must narrow scope before any deny/disable fallback. This baseline applies to every onboarded project with no project-specific exception.
+
 ## Included Assets
 
 - `handoff-manifest.starter.json`: minimal manifest contract that works with `sce auto handoff` and `sce scene package-publish-batch`.
@@ -33,6 +35,7 @@ node scripts/release-ops-weekly-summary.js --json
 
 - `scene package publish-batch` gate passes.
 - capability lexicon unknown count is zero.
+- missing business scope is handled through clarification, not blanket disable fallback.
 - release preflight is not blocked for hard-gate profiles.
 - weekly ops summary risk is not `high` unless explicitly approved.
 

package/docs/zh/releases/README.md

@@ -9,6 +9,7 @@
 ## 历史版本归档
 
 - [发布检查清单](../release-checklist.md)
+- [v3.6.47 发布说明](./v3.6.47.md)
 - [v3.6.46 发布说明](./v3.6.46.md)
 - [v3.6.45 发布说明](./v3.6.45.md)
 - [v3.6.44 发布说明](./v3.6.44.md)

package/docs/zh/releases/v3.6.47.md

@@ -0,0 +1,23 @@
+# v3.6.47 发布说明
+
+发布日期：2026-03-14
+
+## 重点变化
+
+- 将 clarification-first 提升为 SCE 全局基线：业务场景、模块、页面、实体或约束不清楚时，必须先澄清范围，禁止把“不理解业务”直接落成一刀切禁用。
+- 扩展 takeover baseline 对齐能力：已接管和升级项目现在会自动补齐缺失的核心原则、自动落 `.sce/config/errorbook-registry.json`，并把项目内自定义复盘册/问题账本类机制盘点后统一收敛到 `.sce/errorbook`。
+- 新增三条全局 steering 基线：禁止盲改问题、禁止未经评估随意增删 steering 条目、以及问题修复时前后端接口不一致默认以后端现有契约为准。
+
+## 验证
+
+- `npx jest tests/unit/workspace/takeover-baseline.test.js --runInBand`
+- `npx jest tests/integration/adopt-upgrade-clarification-first.integration.test.js --runInBand`
+- `npx jest tests/integration/takeover-baseline-cli.integration.test.js --runInBand`
+- `npm run audit:steering`
+- `npm run gate:errorbook-registry-health`
+- `npm run prepublishOnly`
+
+## 发布说明
+
+- 这个补丁版把最近一轮 SCE 治理收敛中的关键规则正式固化为了可执行基线，不再依赖操作者“记得遵守”。
+- 之后无论是 startup auto-takeover、`sce adopt` 还是 `sce upgrade`，都会自动把这些规则补齐到项目里，避免新老接入项目在治理要求上继续分叉。

package/lib/workspace/takeover-baseline.js

@@ -12,6 +12,122 @@ const {
 } = require('../state/state-storage-policy');
 
 const TAKEOVER_BASELINE_SCHEMA_VERSION = '1.0';
+const CLARIFICATION_FIRST_CORE_PRINCIPLE_HEADING = '## 11. 业务场景未知时必须先澄清，禁止直接彻底禁用';
+const CLARIFICATION_FIRST_CORE_PRINCIPLE_SECTION = [
+  CLARIFICATION_FIRST_CORE_PRINCIPLE_HEADING,
+  '',
+  '- 不了解业务场景、模块、页面、实体或业务约束时，默认动作是先补上下文、缩小范围、生成澄清问题。',
+  '- 禁止把“未知业务场景”直接等同于 `deny`、`disable`、answer-only 或其他一刀切兜底禁用。',
+  '- 只有在明确命中安全/权限/合规/破坏性规则后，才允许进入阻断；否则必须先完成业务范围澄清。',
+  '- 这条规则适用于所有接入 SCE 的项目、模式和交互面，不允许按项目例外绕过。'
+].join('\n');
+const NO_BLIND_FIX_CORE_PRINCIPLE_HEADING = '## 12. 禁止盲改问题，必须先建立问题契约和证据';
+const NO_BLIND_FIX_CORE_PRINCIPLE_SECTION = [
+  NO_BLIND_FIX_CORE_PRINCIPLE_HEADING,
+  '',
+  '- 修改问题前，必须先明确现象、复现条件、影响范围、预期行为和验证方式。',
+  '- 缺少日志、数据、接口样本、最小复现或问题契约时，应先补证据，不得靠猜测连续改代码碰运气。',
+  '- 若两轮修改仍未收敛，必须回到调试、定位和根因分析，禁止在未理解问题前盲目扩大改动面。'
+].join('\n');
+const STEERING_CHANGE_EVALUATION_CORE_PRINCIPLE_HEADING = '## 13. Steering 条目变更必须先评估，禁止随意增删';
+const STEERING_CHANGE_EVALUATION_CORE_PRINCIPLE_SECTION = [
+  STEERING_CHANGE_EVALUATION_CORE_PRINCIPLE_HEADING,
+  '',
+  '- 新增、删除或重写 steering 条目前，必须先评估它是否真属于长期原则，是否与现有条目重复，是否应迁移到 `CURRENT_CONTEXT.md`、Spec 或项目文档。',
+  '- steering 变更必须说明触发原因、适用范围以及与现有规则的关系；未经评估，不得把临时偏好、短期任务或偶发结论直接固化进去。',
+  '- 接管、升级和治理脚本只能补齐基线、修复漂移，不能把未经评估的项目习惯直接塞进 steering。'
+].join('\n');
+const BACKEND_API_PRECEDENCE_CORE_PRINCIPLE_HEADING = '## 14. 问题修复时前后端接口不一致默认以后端契约为准';
+const BACKEND_API_PRECEDENCE_CORE_PRINCIPLE_SECTION = [
+  BACKEND_API_PRECEDENCE_CORE_PRINCIPLE_HEADING,
+  '',
+  '- 在修改问题的场景下，若前端调用后端 API 出现路径、方法、字段、状态码或响应结构不匹配，默认以后端现有接口契约为准。',
+  '- 除非明确要求新建接口或修改后端接口，否则禁止为了迁就前端错误调用去随意改后端实现或契约。',
+  '- 默认优先修正前端请求、映射、类型和兼容处理，使其与后端接口保持一致；若怀疑后端契约错误，应先确认再改。'
+].join('\n');
+const REQUIRED_CORE_PRINCIPLE_SECTIONS = Object.freeze([
+  {
+    heading: CLARIFICATION_FIRST_CORE_PRINCIPLE_HEADING,
+    section: CLARIFICATION_FIRST_CORE_PRINCIPLE_SECTION
+  },
+  {
+    heading: NO_BLIND_FIX_CORE_PRINCIPLE_HEADING,
+    section: NO_BLIND_FIX_CORE_PRINCIPLE_SECTION
+  },
+  {
+    heading: STEERING_CHANGE_EVALUATION_CORE_PRINCIPLE_HEADING,
+    section: STEERING_CHANGE_EVALUATION_CORE_PRINCIPLE_SECTION
+  },
+  {
+    heading: BACKEND_API_PRECEDENCE_CORE_PRINCIPLE_HEADING,
+    section: BACKEND_API_PRECEDENCE_CORE_PRINCIPLE_SECTION
+  }
+]);
+
+const ERRORBOOK_REGISTRY_DEFAULTS = Object.freeze({
+  enabled: true,
+  search_mode: 'remote',
+  cache_file: '.sce/errorbook/registry-cache.json',
+  sources: [
+    {
+      name: 'central',
+      enabled: true,
+      url: 'https://raw.githubusercontent.com/heguangyong/sce-errorbook-registry/main/registry/errorbook-registry.json',
+      index_url: 'https://raw.githubusercontent.com/heguangyong/sce-errorbook-registry/main/registry/errorbook-registry.index.json'
+    }
+  ]
+});
+
+const ERRORBOOK_CONVERGENCE_DEFAULTS = Object.freeze({
+  enabled: true,
+  canonical_mechanism: 'errorbook',
+  absorb_project_defined_mechanisms: true,
+  disallow_parallel_mechanisms: true,
+  intake_inventory_path: '.sce/errorbook/project-intake/custom-mechanism-inventory.json',
+  strategy: 'absorb_into_sce_errorbook'
+});
+
+const ERRORBOOK_PARALLEL_MECHANISM_KEYWORDS = Object.freeze([
+  '错题本',
+  '错题',
+  '故障复盘',
+  '事故复盘',
+  '问题复盘',
+  '复盘册',
+  'mistake-book',
+  'mistake_book',
+  'mistakebook',
+  'fault-book',
+  'fault_book',
+  'postmortem',
+  'post-mortem',
+  'lessons-learned',
+  'lessons_learned',
+  'defect-ledger',
+  'defect_ledger',
+  'issue-ledger',
+  'issue_ledger',
+  'incident-review',
+  'incident_review'
+]);
+
+const ERRORBOOK_SCAN_IGNORED_DIRS = new Set([
+  '.git',
+  '.hg',
+  '.svn',
+  '.sce',
+  'node_modules',
+  'dist',
+  'build',
+  'coverage',
+  '.next',
+  '.turbo',
+  '.idea',
+  '.vscode',
+  'tmp',
+  'temp',
+  '.tmp'
+]);
 
 const SESSION_GOVERNANCE_DEFAULTS = Object.freeze({
   schema_version: '1.0',
@@ -217,6 +333,7 @@ const TAKEOVER_DEFAULTS = Object.freeze({
     max_direct_fix_rounds_before_debug: 2,
     forbid_bypass_workarounds: true
   },
+  errorbook_convergence: _clone(ERRORBOOK_CONVERGENCE_DEFAULTS),
   migration_policy: {
     legacy_kiro_supported: false,
     require_manual_legacy_migration_confirmation: true
@@ -335,6 +452,113 @@ function _buildTakeoverBaselineConfig(existing, sceVersion) {
   };
 }
 
+function _buildErrorbookRegistryConfig(existing) {
+  const base = _isObject(existing) ? _clone(existing) : {};
+  return {
+    ..._clone(ERRORBOOK_REGISTRY_DEFAULTS),
+    ...base,
+    sources: Array.isArray(base.sources) && base.sources.length > 0
+      ? _clone(base.sources)
+      : _clone(ERRORBOOK_REGISTRY_DEFAULTS.sources)
+  };
+}
+
+function _normalizeRelativePath(value) {
+  return `${value || ''}`.replace(/\\/g, '/');
+}
+
+function _findParallelErrorbookKeyword(relativePath) {
+  const normalized = _normalizeRelativePath(relativePath).toLowerCase();
+  return ERRORBOOK_PARALLEL_MECHANISM_KEYWORDS.find((keyword) => normalized.includes(keyword.toLowerCase())) || null;
+}
+
+function _shouldSkipErrorbookScanDir(dirName) {
+  return ERRORBOOK_SCAN_IGNORED_DIRS.has(`${dirName || ''}`.trim());
+}
+
+async function _scanProjectDefinedErrorbookMechanisms(projectPath, fileSystem, currentDir = projectPath, depth = 0, findings = []) {
+  let entries = [];
+  try {
+    entries = await fileSystem.readdir(currentDir, { withFileTypes: true });
+  } catch (_error) {
+    return findings;
+  }
+
+  for (const entry of entries) {
+    const absolutePath = path.join(currentDir, entry.name);
+    const relativePath = _toRelativePosix(projectPath, absolutePath);
+
+    if (entry.isDirectory()) {
+      if (_shouldSkipErrorbookScanDir(entry.name)) {
+        continue;
+      }
+
+      const keyword = _findParallelErrorbookKeyword(relativePath);
+      if (keyword) {
+        findings.push({
+          path: relativePath,
+          kind: 'directory',
+          keyword,
+          action: 'absorb_into_sce_errorbook'
+        });
+      }
+
+      if (depth < 5) {
+        await _scanProjectDefinedErrorbookMechanisms(projectPath, fileSystem, absolutePath, depth + 1, findings);
+      }
+      continue;
+    }
+
+    if (!entry.isFile()) {
+      continue;
+    }
+
+    const keyword = _findParallelErrorbookKeyword(relativePath);
+    if (!keyword) {
+      continue;
+    }
+
+    findings.push({
+      path: relativePath,
+      kind: 'file',
+      keyword,
+      action: 'absorb_into_sce_errorbook'
+    });
+  }
+
+  return findings;
+}
+
+function _dedupeFindings(findings = []) {
+  const seen = new Set();
+  return findings.filter((item) => {
+    const key = `${item.kind}:${item.path}`;
+    if (seen.has(key)) {
+      return false;
+    }
+    seen.add(key);
+    return true;
+  }).sort((left, right) => `${left.path}`.localeCompare(`${right.path}`));
+}
+
+function _buildErrorbookConvergenceInventory(sceVersion, findings = []) {
+  const dedupedFindings = _dedupeFindings(findings);
+  return {
+    schema_version: TAKEOVER_BASELINE_SCHEMA_VERSION,
+    canonical_mechanism: 'errorbook',
+    strategy: 'absorb_into_sce_errorbook',
+    last_aligned_sce_version: sceVersion,
+    summary: {
+      detected_custom_mechanisms: dedupedFindings.length
+    },
+    guidance: [
+      'Absorb reusable failure-remediation knowledge into .sce/errorbook instead of keeping project-defined parallel mistake-book flows.',
+      'Use `sce errorbook record` for curated entries and `sce errorbook incident *` for short trial-and-error loops before curation.'
+    ],
+    findings: dedupedFindings
+  };
+}
+
 async function _reconcileJsonFile(filePath, desired, options = {}) {
   const {
     projectPath,
@@ -403,6 +627,37 @@ async function _reconcileSteeringContract(projectPath, options = {}) {
   };
 }
 
+async function _reconcileCorePrinciplesBaseline(projectPath, options = {}) {
+  const { apply, fileSystem } = options;
+  const corePrinciplesPath = path.join(projectPath, SCE_STEERING_DIR, DEFAULT_LAYER_FILES.core_principles);
+  const exists = await fileSystem.pathExists(corePrinciplesPath);
+  const existingContent = exists ? await fileSystem.readFile(corePrinciplesPath, 'utf8') : '';
+  const missingSections = REQUIRED_CORE_PRINCIPLE_SECTIONS.filter(({ heading }) => !existingContent.includes(heading));
+  const changed = missingSections.length > 0;
+
+  if (apply && changed) {
+    const normalized = `${existingContent || ''}`.trimEnd();
+    const appendedSections = missingSections.map((item) => item.section).join('\n\n');
+    const nextContent = normalized
+      ? `${normalized}\n\n${appendedSections}\n`
+      : `${appendedSections}\n`;
+    await fileSystem.ensureDir(path.dirname(corePrinciplesPath));
+    await fileSystem.writeFile(corePrinciplesPath, nextContent, 'utf8');
+  }
+
+  return {
+    path: _toRelativePosix(projectPath, corePrinciplesPath),
+    existed: exists,
+    changed,
+    status: !exists ? (changed ? 'created' : 'unchanged') : (changed ? 'updated' : 'unchanged'),
+    managed_by: 'takeover-baseline',
+    details: {
+      missing_required_headings_before: missingSections.map((item) => item.heading),
+      required_headings: REQUIRED_CORE_PRINCIPLE_SECTIONS.map((item) => item.heading)
+    }
+  };
+}
+
 function _summarize(items) {
   const summary = {
     created: 0,
@@ -477,33 +732,38 @@ async function applyTakeoverBaseline(projectPath = process.cwd(), options = {})
   const adoptionPath = path.join(sceRoot, 'adoption-config.json');
   const autoConfigPath = path.join(sceRoot, 'auto', 'config.json');
   const takeoverConfigPath = path.join(sceRoot, 'config', 'takeover-baseline.json');
+  const errorbookRegistryPath = path.join(sceRoot, 'config', 'errorbook-registry.json');
   const sessionGovernancePath = path.join(sceRoot, 'config', 'session-governance.json');
   const specDomainPolicyPath = path.join(sceRoot, 'config', 'spec-domain-policy.json');
   const problemEvalPolicyPath = path.join(sceRoot, 'config', 'problem-eval-policy.json');
   const problemClosurePolicyPath = path.join(sceRoot, 'config', 'problem-closure-policy.json');
   const studioIntakePolicyPath = path.join(sceRoot, 'config', 'studio-intake-policy.json');
   const stateStoragePolicyPath = path.join(sceRoot, 'config', 'state-storage-policy.json');
+  const errorbookInventoryPath = path.join(sceRoot, 'errorbook', 'project-intake', 'custom-mechanism-inventory.json');
   const reportPath = path.join(sceRoot, 'reports', 'takeover-baseline-latest.json');
 
   const existingAdoption = await _readJsonSafe(adoptionPath, fileSystem);
   const existingAuto = await _readJsonSafe(autoConfigPath, fileSystem);
   const existingTakeover = await _readJsonSafe(takeoverConfigPath, fileSystem);
+  const existingErrorbookRegistry = await _readJsonSafe(errorbookRegistryPath, fileSystem);
   const existingSessionGovernance = await _readJsonSafe(sessionGovernancePath, fileSystem);
   const existingSpecDomainPolicy = await _readJsonSafe(specDomainPolicyPath, fileSystem);
   const existingProblemEvalPolicy = await _readJsonSafe(problemEvalPolicyPath, fileSystem);
   const existingProblemClosurePolicy = await _readJsonSafe(problemClosurePolicyPath, fileSystem);
   const existingStudioIntakePolicy = await _readJsonSafe(studioIntakePolicyPath, fileSystem);
   const existingStateStoragePolicy = await _readJsonSafe(stateStoragePolicyPath, fileSystem);
-
   const desiredAdoption = _buildAdoptionConfig(existingAdoption, nowIso, sceVersion);
   const desiredAutoConfig = _buildAutoConfig(existingAuto);
   const desiredTakeover = _buildTakeoverBaselineConfig(existingTakeover, sceVersion);
+  const desiredErrorbookRegistry = _buildErrorbookRegistryConfig(existingErrorbookRegistry);
   const desiredSessionGovernance = _deepMerge(existingSessionGovernance || {}, SESSION_GOVERNANCE_DEFAULTS);
   const desiredSpecDomainPolicy = _deepMerge(existingSpecDomainPolicy || {}, SPEC_DOMAIN_POLICY_DEFAULTS);
   const desiredProblemEvalPolicy = _deepMerge(existingProblemEvalPolicy || {}, PROBLEM_EVAL_POLICY_DEFAULTS);
   const desiredProblemClosurePolicy = _deepMerge(existingProblemClosurePolicy || {}, PROBLEM_CLOSURE_POLICY_DEFAULTS);
   const desiredStudioIntakePolicy = _deepMerge(existingStudioIntakePolicy || {}, STUDIO_INTAKE_POLICY_DEFAULTS);
   const desiredStateStoragePolicy = _deepMerge(existingStateStoragePolicy || {}, cloneStateStoragePolicyDefaults());
+  const customErrorbookFindings = await _scanProjectDefinedErrorbookMechanisms(projectPath, fileSystem);
+  const desiredErrorbookInventory = _buildErrorbookConvergenceInventory(sceVersion, customErrorbookFindings);
 
   const fileResults = [];
   fileResults.push(await _reconcileJsonFile(adoptionPath, desiredAdoption, {
@@ -521,6 +781,11 @@ async function applyTakeoverBaseline(projectPath = process.cwd(), options = {})
     apply,
     fileSystem
   }));
+  fileResults.push(await _reconcileJsonFile(errorbookRegistryPath, desiredErrorbookRegistry, {
+    projectPath,
+    apply,
+    fileSystem
+  }));
   fileResults.push(await _reconcileJsonFile(sessionGovernancePath, desiredSessionGovernance, {
     projectPath,
     apply,
@@ -551,10 +816,20 @@ async function applyTakeoverBaseline(projectPath = process.cwd(), options = {})
     apply,
     fileSystem
   }));
+  fileResults.push(await _reconcileJsonFile(errorbookInventoryPath, desiredErrorbookInventory, {
+    projectPath,
+    apply,
+    fileSystem,
+    managedBy: 'errorbook-convergence'
+  }));
   fileResults.push(await _reconcileSteeringContract(projectPath, {
     apply,
     fileSystem
   }));
+  fileResults.push(await _reconcileCorePrinciplesBaseline(projectPath, {
+    apply,
+    fileSystem
+  }));
 
   const auditFiles = _toAuditStatus(fileResults, apply);
   const summary = _summarize(auditFiles);
@@ -571,6 +846,12 @@ async function applyTakeoverBaseline(projectPath = process.cwd(), options = {})
     sce_version: sceVersion,
     drift_count: driftCount,
     enforced_defaults: _clone(TAKEOVER_DEFAULTS),
+    errorbook_convergence: {
+      canonical_mechanism: 'errorbook',
+      strategy: 'absorb_into_sce_errorbook',
+      detected_custom_mechanism_count: desiredErrorbookInventory.summary.detected_custom_mechanisms,
+      inventory_file: _toRelativePosix(projectPath, errorbookInventoryPath)
+    },
     files: auditFiles,
     summary
   };
@@ -595,6 +876,17 @@ async function applyTakeoverBaseline(projectPath = process.cwd(), options = {})
 }
 
 module.exports = {
+  CLARIFICATION_FIRST_CORE_PRINCIPLE_HEADING,
+  CLARIFICATION_FIRST_CORE_PRINCIPLE_SECTION,
+  NO_BLIND_FIX_CORE_PRINCIPLE_HEADING,
+  NO_BLIND_FIX_CORE_PRINCIPLE_SECTION,
+  STEERING_CHANGE_EVALUATION_CORE_PRINCIPLE_HEADING,
+  STEERING_CHANGE_EVALUATION_CORE_PRINCIPLE_SECTION,
+  BACKEND_API_PRECEDENCE_CORE_PRINCIPLE_HEADING,
+  BACKEND_API_PRECEDENCE_CORE_PRINCIPLE_SECTION,
+  REQUIRED_CORE_PRINCIPLE_SECTIONS,
+  ERRORBOOK_REGISTRY_DEFAULTS,
+  ERRORBOOK_CONVERGENCE_DEFAULTS,
   TAKEOVER_BASELINE_SCHEMA_VERSION,
   TAKEOVER_DEFAULTS,
   SESSION_GOVERNANCE_DEFAULTS,

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "scene-capability-engine",
-  "version": "3.6.46",
+  "version": "3.6.47",
   "description": "SCE (Scene Capability Engine) - A CLI tool and npm package for spec-driven development with AI coding assistants.",
   "main": "index.js",
   "bin": {
@@ -41,8 +41,10 @@
     "gate:npm-runtime-assets": "node scripts/npm-package-runtime-asset-check.js --fail-on-violation",
     "test:brand-consistency": "node scripts/check-branding-consistency.js",
     "audit:steering": "node scripts/steering-content-audit.js --fail-on-error",
+    "audit:clarification-first": "node scripts/clarification-first-audit.js --fail-on-violation",
     "audit:state-storage": "node scripts/state-storage-tiering-audit.js",
     "report:steering-audit": "node scripts/steering-content-audit.js --json",
+    "report:clarification-first-audit": "node scripts/clarification-first-audit.js --json",
     "report:state-storage": "node scripts/state-storage-tiering-audit.js --json",
     "report:interactive-approval-projection": "node scripts/interactive-approval-event-projection.js --action doctor --json",
     "audit:interactive-approval-projection": "node scripts/interactive-approval-event-projection.js --action doctor --fail-on-drift --fail-on-parse-error",
@@ -84,7 +86,7 @@
     "gate:release-asset-integrity": "node scripts/release-asset-integrity-check.js",
     "report:release-risk-remediation": "node scripts/release-risk-remediation-bundle.js --json",
     "report:moqui-core-regression": "node scripts/moqui-core-regression-suite.js --json",
-    "prepublishOnly": "npm run test:release && npm run test:skip-audit && npm run test:sce-tracking && npm run gate:npm-runtime-assets && npm run test:brand-consistency && npm run audit:steering && npm run gate:git-managed && npm run gate:errorbook-registry-health && npm run gate:errorbook-release && npm run report:interactive-governance -- --fail-on-alert",
+    "prepublishOnly": "npm run test:release && npm run test:skip-audit && npm run test:sce-tracking && npm run gate:npm-runtime-assets && npm run test:brand-consistency && npm run audit:steering && npm run audit:clarification-first && npm run gate:git-managed && npm run gate:errorbook-registry-health && npm run gate:errorbook-release && npm run report:interactive-governance -- --fail-on-alert",
     "publish:manual": "npm publish --access public",
     "install-global": "npm install -g .",
     "uninstall-global": "npm uninstall -g scene-capability-engine"

package/scripts/clarification-first-audit.js

@@ -0,0 +1,322 @@
+#!/usr/bin/env node
+'use strict';
+
+const fs = require('fs');
+const path = require('path');
+
+const REQUIRED_CHECKS = [
+  {
+    path: 'scripts/interactive-dialogue-governance.js',
+    requiredSnippets: [
+      'contextHasBusinessScope',
+      'goalMentionsBusinessScope',
+      'business scene/module/page/entity context is missing; clarify scope before fallback or execution',
+      'Which module/page/entity is affected first?'
+    ]
+  },
+  {
+    path: 'scripts/symbol-evidence-locate.js',
+    requiredSnippets: [
+      'clarify_business_scope',
+      'Clarify target module/page/entity and business constraints before deciding whether scoped writes are safe.'
+    ]
+  },
+  {
+    path: 'lib/workspace/takeover-baseline.js',
+    requiredSnippets: [
+      'CLARIFICATION_FIRST_CORE_PRINCIPLE_HEADING',
+      '_reconcileCorePrinciplesBaseline',
+      '这条规则适用于所有接入 SCE 的项目、模式和交互面，不允许按项目例外绕过。'
+    ]
+  },
+  {
+    path: 'docs/interactive-customization/dialogue-governance-policy-baseline.json',
+    requiredSnippets: [
+      'clarify and narrow scope before using any fallback restriction; do not replace understanding with blanket disable',
+      'Which entity or business rule is affected, and what constraint must stay intact?'
+    ]
+  },
+  {
+    path: '.sce/steering/CORE_PRINCIPLES.md',
+    requiredSnippets: [
+      '业务场景未知时必须先澄清，禁止直接彻底禁用',
+      '这条规则适用于所有接入 SCE 的项目、模式和交互面，不允许按项目例外绕过。'
+    ]
+  },
+  {
+    path: 'template/.sce/steering/CORE_PRINCIPLES.md',
+    requiredSnippets: [
+      '业务场景未知时先澄清，不得直接彻底禁用',
+      '这条规则适用于所有使用 SCE 的项目，不设项目级例外。'
+    ]
+  },
+  {
+    path: 'README.md',
+    requiredSnippets: [
+      'When business scene/module/page/entity context is missing, SCE must route to clarification first; unknown business scope must not be turned into blanket disable.'
+    ]
+  },
+  {
+    path: 'README.zh.md',
+    requiredSnippets: [
+      '缺少业务场景/模块/页面/实体上下文时，SCE 必须先进入澄清，而不是把未知业务范围直接变成一刀切禁用'
+    ]
+  },
+  {
+    path: 'docs/security-governance-default-baseline.md',
+    requiredSnippets: [
+      'Missing business scene/module/page/entity context must route to clarification first; unknown scope is never a valid reason for blanket disable.',
+      'This clarification-first rule applies to every SCE-integrated project and surface with no project-specific exception.'
+    ]
+  },
+  {
+    path: 'docs/starter-kit/README.md',
+    requiredSnippets: [
+      'This baseline applies to every onboarded project with no project-specific exception.',
+      'missing business scope is handled through clarification, not blanket disable fallback.'
+    ]
+  },
+  {
+    path: 'docs/command-reference.md',
+    requiredSnippets: [
+      'Missing business scene/module/page/entity context defaults to `clarify`; unknown scope must not be converted into blanket disable fallback.'
+    ]
+  }
+];
+
+const PROHIBITED_SNIPPETS = [
+  {
+    value: 'block_high_risk_write',
+    allowedPaths: [
+      'scripts/clarification-first-audit.js',
+      'tests/unit/scripts/clarification-first-audit.test.js'
+    ]
+  },
+  {
+    value: 'Fallback to answer-only mode and block high-risk writes.',
+    allowedPaths: [
+      'scripts/clarification-first-audit.js',
+      'tests/unit/scripts/clarification-first-audit.test.js'
+    ]
+  }
+];
+
+const SEARCH_DIRECTORIES = ['lib', 'scripts', 'docs', '.sce', 'template', 'tests'];
+const SEARCH_EXTENSIONS = new Set(['.js', '.md', '.json', '.txt', '.yaml', '.yml']);
+
+function parseArgs(argv = process.argv.slice(2)) {
+  const options = {
+    projectPath: process.cwd(),
+    json: false,
+    failOnViolation: false,
+    out: null
+  };
+
+  for (let index = 0; index < argv.length; index += 1) {
+    const token = argv[index];
+    const next = argv[index + 1];
+    if (token === '--project-path' && next) {
+      options.projectPath = path.resolve(next);
+      index += 1;
+      continue;
+    }
+    if (token === '--json') {
+      options.json = true;
+      continue;
+    }
+    if (token === '--fail-on-violation') {
+      options.failOnViolation = true;
+      continue;
+    }
+    if (token === '--out' && next) {
+      options.out = path.resolve(next);
+      index += 1;
+      continue;
+    }
+    if (token === '--help' || token === '-h') {
+      printHelpAndExit(0);
+    }
+  }
+
+  return options;
+}
+
+function printHelpAndExit(code) {
+  const lines = [
+    'Usage: node scripts/clarification-first-audit.js [options]',
+    '',
+    'Options:',
+    '  --project-path <path>   Project root to audit (default: current directory)',
+    '  --json                  Print JSON payload',
+    '  --fail-on-violation     Exit code 2 when any violation is found',
+    '  --out <path>            Write JSON payload to file',
+    '  -h, --help              Show this help'
+  ];
+  console.log(lines.join('\n'));
+  process.exit(code);
+}
+
+function normalizeSlashes(value) {
+  return `${value || ''}`.replace(/\\/g, '/');
+}
+
+function pushViolation(violations, severity, rule, file, message) {
+  violations.push({
+    severity,
+    rule,
+    file,
+    message
+  });
+}
+
+function readText(filePath) {
+  return fs.readFileSync(filePath, 'utf8');
+}
+
+function collectFilesRecursive(rootDir, relativeRoot = '') {
+  if (!fs.existsSync(rootDir)) {
+    return [];
+  }
+  const results = [];
+  const entries = fs.readdirSync(rootDir, { withFileTypes: true });
+  for (const entry of entries) {
+    const absolutePath = path.join(rootDir, entry.name);
+    const relativePath = normalizeSlashes(path.join(relativeRoot, entry.name));
+    if (entry.isDirectory()) {
+      if (entry.name === 'node_modules' || entry.name === '.git') {
+        continue;
+      }
+      results.push(...collectFilesRecursive(absolutePath, relativePath));
+      continue;
+    }
+    if (!entry.isFile()) {
+      continue;
+    }
+    if (!SEARCH_EXTENSIONS.has(path.extname(entry.name).toLowerCase())) {
+      continue;
+    }
+    results.push({
+      absolutePath,
+      relativePath
+    });
+  }
+  return results;
+}
+
+function auditClarificationFirst(options = {}) {
+  const projectPath = path.resolve(options.projectPath || process.cwd());
+  const violations = [];
+  const checkedFiles = [];
+
+  for (const check of REQUIRED_CHECKS) {
+    const relativePath = normalizeSlashes(check.path);
+    const absolutePath = path.join(projectPath, relativePath);
+    checkedFiles.push(relativePath);
+    if (!fs.existsSync(absolutePath)) {
+      pushViolation(
+        violations,
+        'error',
+        'missing_required_file',
+        relativePath,
+        `Required clarification-first baseline file is missing: ${relativePath}`
+      );
+      continue;
+    }
+
+    const content = readText(absolutePath);
+    for (const snippet of check.requiredSnippets) {
+      if (!content.includes(snippet)) {
+        pushViolation(
+          violations,
+          'error',
+          'missing_required_snippet',
+          relativePath,
+          `Missing required clarification-first snippet: ${snippet}`
+        );
+      }
+    }
+  }
+
+  const searchableFiles = SEARCH_DIRECTORIES.flatMap((dirName) => {
+    const absoluteDir = path.join(projectPath, dirName);
+    return collectFilesRecursive(absoluteDir, dirName);
+  });
+
+  for (const file of searchableFiles) {
+    const content = readText(file.absolutePath);
+    for (const rule of PROHIBITED_SNIPPETS) {
+      if (!content.includes(rule.value)) {
+        continue;
+      }
+      const allowedPaths = Array.isArray(rule.allowedPaths) ? rule.allowedPaths.map(normalizeSlashes) : [];
+      if (allowedPaths.includes(file.relativePath)) {
+        continue;
+      }
+      pushViolation(
+        violations,
+        'error',
+        'prohibited_legacy_disable_phrase',
+        file.relativePath,
+        `Prohibited legacy fallback phrase found: ${rule.value}`
+      );
+    }
+  }
+
+  const errorCount = violations.filter((item) => item.severity === 'error').length;
+  return {
+    mode: 'clarification-first-audit',
+    project_path: projectPath,
+    checked_files: checkedFiles,
+    searched_file_count: searchableFiles.length,
+    violation_count: violations.length,
+    error_count: errorCount,
+    passed: violations.length === 0,
+    violations
+  };
+}
+
+function writeReportIfNeeded(report, outPath) {
+  if (!outPath) {
+    return;
+  }
+  const resolved = path.resolve(outPath);
+  fs.mkdirSync(path.dirname(resolved), { recursive: true });
+  fs.writeFileSync(resolved, `${JSON.stringify(report, null, 2)}\n`, 'utf8');
+}
+
+function main() {
+  const options = parseArgs(process.argv.slice(2));
+  const report = auditClarificationFirst(options);
+  writeReportIfNeeded(report, options.out);
+
+  if (options.json) {
+    process.stdout.write(`${JSON.stringify(report, null, 2)}\n`);
+  } else if (report.passed) {
+    console.log('[clarification-first-audit] passed');
+  } else {
+    console.error(`[clarification-first-audit] failed with ${report.violation_count} violation(s)`);
+    for (const violation of report.violations) {
+      console.error(`[clarification-first-audit] ${violation.rule} ${violation.file}: ${violation.message}`);
+    }
+  }
+
+  if (options.failOnViolation && !report.passed) {
+    process.exitCode = 2;
+  }
+}
+
+if (require.main === module) {
+  try {
+    main();
+  } catch (error) {
+    console.error(`[clarification-first-audit] ${error.message}`);
+    process.exit(1);
+  }
+}
+
+module.exports = {
+  REQUIRED_CHECKS,
+  PROHIBITED_SNIPPETS,
+  parseArgs,
+  auditClarificationFirst
+};

package/scripts/interactive-dialogue-governance.js

@@ -46,11 +46,13 @@ const BUILTIN_POLICY = {
     'Always restate objective, scope, and expected impact before any action recommendation.',
     'When risk or permission is involved, explicitly tell user what approval is required.',
     'If requirement is ambiguous, ask at most two focused clarification questions.',
+    'If business scene, module, page, entity, or constraints are missing, clarify scope first; never replace missing understanding with blanket disable.',
     'Never propose credential export, approval bypass, or secret leakage.'
   ],
   clarification_templates: [
     'What business outcome should improve first (speed, accuracy, cost, compliance)?',
-    'Which page or module should be changed first, and what should stay unchanged?'
+    'Which page or module should be changed first, and what should stay unchanged?',
+    'Which entity or business rule is affected, and what constraint must remain unchanged?'
   ],
   profiles: {
     'business-user': {
@@ -80,6 +82,7 @@ const BUILTIN_POLICY = {
       ],
       response_rules: [
         'For maintenance requests, require change ticket, rollback plan, and approval role before execution.',
+        'When business context is incomplete, ask for the affected module/page/entity before deny or write restriction decisions.',
         'If request targets production, require staged validation evidence first.'
       ],
       clarification_templates: [
@@ -686,11 +689,18 @@ function evaluatePatternRules(goal, rules) {
 function pickClarificationQuestions(policy, context = {}) {
   const questions = [];
   const templates = Array.isArray(policy.clarification_templates) ? policy.clarification_templates : [];
-  if (!context.module) {
-    questions.push('Which module should be changed first?');
-  }
-  if (!context.page) {
-    questions.push('Which page or screen is currently problematic?');
+  if (!context.module && !context.page && !context.entity) {
+    questions.push('Which module/page/entity is affected first?');
+  } else {
+    if (!context.module) {
+      questions.push('Which module should be changed first?');
+    }
+    if (!context.page) {
+      questions.push('Which page or screen is currently problematic?');
+    }
+    if (!context.entity) {
+      questions.push('Which entity or business rule is affected?');
+    }
   }
   for (const template of templates) {
     if (questions.length >= 2) {
@@ -703,11 +713,26 @@ function pickClarificationQuestions(policy, context = {}) {
   return questions.slice(0, 2);
 }
 
+function contextHasBusinessScope(context = {}) {
+  const payload = context && typeof context === 'object' ? context : {};
+  return ['module', 'page', 'entity', 'scene_id', 'workflow_node']
+    .some((key) => normalizeText(payload[key]));
+}
+
+function goalMentionsBusinessScope(goal = '') {
+  const normalizedGoal = normalizeText(goal).toLowerCase();
+  if (!normalizedGoal) {
+    return false;
+  }
+  return /\b(page|screen|module|entity|workflow|scene)\b/.test(normalizedGoal);
+}
+
 function evaluateDialogue(goal, context = {}, policy) {
   const normalizedGoal = normalizeText(goal);
   const tokens = normalizedGoal.split(/\s+/).filter(Boolean);
   const denyHits = evaluatePatternRules(normalizedGoal, policy.deny_patterns);
   const clarifyHits = evaluatePatternRules(normalizedGoal, policy.clarify_patterns);
+  const missingBusinessScope = !contextHasBusinessScope(context) && !goalMentionsBusinessScope(normalizedGoal);
 
   const reasons = [];
   if (normalizedGoal.length < policy.length_policy.min_chars) {
@@ -719,6 +744,9 @@ function evaluateDialogue(goal, context = {}, policy) {
   if (tokens.length < policy.length_policy.min_significant_tokens) {
     reasons.push(`goal has too few significant tokens (< ${policy.length_policy.min_significant_tokens})`);
   }
+  if (missingBusinessScope) {
+    reasons.push('business scene/module/page/entity context is missing; clarify scope before fallback or execution');
+  }
   reasons.push(...denyHits.map(item => item.reason));
   reasons.push(...clarifyHits.map(item => item.reason));
 
@@ -726,6 +754,7 @@ function evaluateDialogue(goal, context = {}, policy) {
   if (denyHits.length > 0) {
     decision = 'deny';
   } else if (
+    missingBusinessScope ||
     clarifyHits.length > 0 ||
     normalizedGoal.length < policy.length_policy.min_chars ||
     tokens.length < policy.length_policy.min_significant_tokens
@@ -736,6 +765,7 @@ function evaluateDialogue(goal, context = {}, policy) {
   return {
     decision,
     reasons: Array.from(new Set(reasons)),
+    business_scope_clarification_required: missingBusinessScope,
     deny_hits: denyHits,
     clarify_hits: clarifyHits,
     response_rules: Array.isArray(policy.response_rules) ? policy.response_rules : [],
@@ -749,6 +779,7 @@ function toContextRef(context) {
     product: normalizeText(payload.product || payload.app || ''),
     module: normalizeText(payload.module || ''),
     page: normalizeText(payload.page || ''),
+    entity: normalizeText(payload.entity || ''),
     scene_id: normalizeText(payload.scene_id || '')
   };
 }

package/scripts/symbol-evidence-locate.js

@@ -7,6 +7,8 @@ const path = require('path');
 const DEFAULT_MAX_HITS = 10;
 const DEFAULT_MIN_SCORE = 0.35;
 const DEFAULT_MIN_RELIABLE_SCORE = 0.6;
+const FALLBACK_ACTION_ALLOW_WRITE = 'allow_write';
+const FALLBACK_ACTION_CLARIFY_BUSINESS_SCOPE = 'clarify_business_scope';
 const DEFAULT_EXTENSIONS = [
   '.js', '.cjs', '.mjs', '.ts', '.tsx', '.jsx',
   '.py', '.java', '.go', '.rb', '.php', '.cs',
@@ -121,7 +123,7 @@ function printHelpAndExit(code) {
     `  --min-score <0-1>             Minimum hit score (default: ${DEFAULT_MIN_SCORE})`,
     `  --min-reliable-score <0-1>    Reliability threshold (default: ${DEFAULT_MIN_RELIABLE_SCORE})`,
     `  --extensions <csv>            File extensions (default: ${DEFAULT_EXTENSIONS.join(',')})`,
-    '  --strict                      Exit code 2 when no reliable evidence is found',
+    '  --strict                      Exit code 2 when no reliable evidence is found and scope clarification is required',
     '  --json                        Print JSON payload',
     '  -h, --help                    Show this help'
   ];
@@ -306,10 +308,12 @@ function locateSymbolEvidence({
     evidence: {
       confidence,
       reliable,
-      fallback_action: reliable ? 'allow_write' : 'block_high_risk_write',
+      fallback_action: reliable
+        ? FALLBACK_ACTION_ALLOW_WRITE
+        : FALLBACK_ACTION_CLARIFY_BUSINESS_SCOPE,
       advisory: reliable
         ? 'Symbol evidence is reliable; scoped code change can proceed.'
-        : 'No reliable symbol evidence found. Fallback to answer-only mode and block high-risk writes.'
+        : 'No reliable symbol evidence found yet. Clarify target module/page/entity and business constraints before deciding whether scoped writes are safe.'
     },
     summary: {
       searched_files: candidateFiles.length,

package/template/.sce/README.md

@@ -15,6 +15,7 @@ This project uses **Spec-driven development** - a structured approach where:
 - When user requests a feature → Check if Spec exists, if not, help create one
 - When implementing → Follow the Spec's requirements and design
 - When stuck → Read the Spec documents for context
+- When business scene/module/page/entity is unclear → Clarify scope first; do not replace missing understanding with blanket disable
 - Track progress by updating task status
 
 ---

package/template/.sce/steering/CORE_PRINCIPLES.md

@@ -22,6 +22,7 @@
 ## 4. 复用已有机制，不要平行造轮子
 
 - 已有能力优先复用，例如缺陷经验与发布阻断统一走 `errorbook`。
+- 若接管项目中已存在自定义缺陷复盘册、故障账本或问题经验库，必须统一盘点并吸收到 `.sce/errorbook`，不要长期并存混用。
 - 不要在 steering 中额外定义另一套错题、发布、会话或治理模式。
 
 ## 5. 质量问题必须追根
@@ -33,3 +34,27 @@
 
 - 每周、发布前、重大 Spec 收尾后运行 `npm run audit:steering`。
 - 发现问题时优先合并重复、迁移错层、归档历史、删除失效条目。
+
+## 7. 业务场景未知时先澄清，不得直接彻底禁用
+
+- 不了解业务场景、模块、页面、实体或业务约束时，先补上下文并缩小范围。
+- 禁止把“暂时没理解场景”直接变成 blanket disable、answer-only 或一刀切阻断。
+- 只有明确命中安全、权限、合规或破坏性规则时，才允许阻断；否则先澄清业务范围。
+- 这条规则适用于所有使用 SCE 的项目，不设项目级例外。
+
+## 8. 禁止盲改问题
+
+- 修问题前先明确现象、复现条件、影响范围和验证方式。
+- 缺少证据时先补日志、数据、接口样本或最小复现，不要靠猜测连续改代码。
+- 两轮修改仍未收敛时，先回到调试和根因分析，不要盲目扩大改动面。
+
+## 9. Steering 变更先评估，不得随意增删
+
+- 新增、删除或重写 steering 条目前，先判断它是否真属于长期原则，是否应迁到 `CURRENT_CONTEXT.md`、Spec 或项目文档。
+- 未经评估，不要把临时偏好、短期任务或偶发结论直接固化进 steering。
+
+## 10. 问题修复时前后端接口不一致默认以后端契约为准
+
+- 前端调用后端 API 不匹配时，默认以后端现有接口契约为准。
+- 除非明确要求新建或修改后端接口，否则不要为了迁就前端错误调用去改后端。
+- 优先调整前端请求、映射、类型和兼容处理，使其与后端接口一致。