scene-capability-engine 3.6.65 → 3.6.67

package/lib/workspace/takeover-baseline.js

@@ -13,89 +13,131 @@ const {
 const {
   DEFAULT_CONFIG: MULTI_AGENT_CONFIG_DEFAULTS
 } = require('../collab/multi-agent-config');
+const { discoverSemanticSharedSourceDescriptors } = require('../semantic/shared-source-discovery');
 
 const TAKEOVER_BASELINE_SCHEMA_VERSION = '1.0';
-const CLARIFICATION_FIRST_CORE_PRINCIPLE_HEADING = '## 11. 业务场景未知时必须先澄清，禁止直接彻底禁用';
-const CLARIFICATION_FIRST_CORE_PRINCIPLE_SECTION = [
-  CLARIFICATION_FIRST_CORE_PRINCIPLE_HEADING,
-  '',
-  '- 不了解业务场景、模块、页面、实体或业务约束时，默认动作是先补上下文、缩小范围、生成澄清问题。',
-  '- 禁止把“未知业务场景”直接等同于 `deny`、`disable`、answer-only 或其他一刀切兜底禁用。',
-  '- 只有在明确命中安全/权限/合规/破坏性规则后，才允许进入阻断；否则必须先完成业务范围澄清。',
-  '- 这条规则适用于所有接入 SCE 的项目、模式和交互面，不允许按项目例外绕过。'
-].join('\n');
-const NO_BLIND_FIX_CORE_PRINCIPLE_HEADING = '## 12. 禁止盲改问题，必须先建立问题契约和证据';
-const NO_BLIND_FIX_CORE_PRINCIPLE_SECTION = [
-  NO_BLIND_FIX_CORE_PRINCIPLE_HEADING,
-  '',
-  '- 修改问题前，必须先明确现象、复现条件、影响范围、预期行为和验证方式。',
-  '- 缺少日志、数据、接口样本、最小复现或问题契约时，应先补证据，不得靠猜测连续改代码碰运气。',
-  '- 若两轮修改仍未收敛，必须回到调试、定位和根因分析，禁止在未理解问题前盲目扩大改动面。'
-].join('\n');
-const STEERING_CHANGE_EVALUATION_CORE_PRINCIPLE_HEADING = '## 13. Steering 条目变更必须先评估，禁止随意增删';
-const STEERING_CHANGE_EVALUATION_CORE_PRINCIPLE_SECTION = [
-  STEERING_CHANGE_EVALUATION_CORE_PRINCIPLE_HEADING,
-  '',
-  '- 新增、删除或重写 steering 条目前，必须先评估它是否真属于长期原则，是否与现有条目重复，是否应迁移到 `CURRENT_CONTEXT.md`、Spec 或项目文档。',
-  '- steering 变更必须说明触发原因、适用范围以及与现有规则的关系；未经评估，不得把临时偏好、短期任务或偶发结论直接固化进去。',
-  '- 接管、升级和治理脚本只能补齐基线、修复漂移，不能把未经评估的项目习惯直接塞进 steering。'
-].join('\n');
-const BACKEND_API_PRECEDENCE_CORE_PRINCIPLE_HEADING = '## 14. 问题修复时前后端接口不一致默认以后端契约为准';
-const BACKEND_API_PRECEDENCE_CORE_PRINCIPLE_SECTION = [
-  BACKEND_API_PRECEDENCE_CORE_PRINCIPLE_HEADING,
+const FOUR_SENTENCE_TEACHING_CORE_PRINCIPLE_HEADING = '## 1. 四句教：先判断该不该做';
+const FOUR_SENTENCE_TEACHING_REQUIRED_LINES = Object.freeze([
+  '- 世界观：无善无恶心之始。先回到事情本身，识别真实意图、对象和边界，不用情绪、惯性或旧立场替代事实。',
+  '- 人生观：有善有恶意之动。一旦进入行动意图，就要判断该意图是否会伤害人、破坏秩序、规避责任或制造不当利益。',
+  '- 价值观：知善知恶是良知。必须主动辨别请求是否符合基本伦理、法律、合规和长期正当性，而不是只看能不能做。',
+  '- 方法论：为善去恶是格物。只有符合最高道德规范和治理边界的事情，才允许进入执行；不正当、有害或失范目标必须拒绝、收缩或改写为正当目标。',
+  '- 四句教用于判断用户让 SCE 做的事是否符合最高道德规范；只有通过这道门槛的事项，才允许调用“小九条”进入执行。'
+]);
+const FOUR_SENTENCE_TEACHING_CORE_PRINCIPLE_SECTION = [
+  FOUR_SENTENCE_TEACHING_CORE_PRINCIPLE_HEADING,
   '',
-  '- 在修改问题的场景下，若前端调用后端 API 出现路径、方法、字段、状态码或响应结构不匹配，默认以后端现有接口契约为准。',
-  '- 除非明确要求新建接口或修改后端接口，否则禁止为了迁就前端错误调用去随意改后端实现或契约。',
-  '- 默认优先修正前端请求、映射、类型和兼容处理，使其与后端接口保持一致；若怀疑后端契约错误，应先确认再改。'
+  ...FOUR_SENTENCE_TEACHING_REQUIRED_LINES
 ].join('\n');
-const DELIVERY_SYNC_CORE_PRINCIPLE_HEADING = '## 6. 测试、文档、代码必须同步闭环';
-const DELIVERY_SYNC_REQUIRED_LINES = Object.freeze([
-  '- 代码变更必须跑相关验证；发布前不得忽略失败。',
-  '- 重要功能、命令、配置变化必须同步更新 README、用户文档或发布说明。',
-  '- 功能修改、UI 重写、模块替换时，已失效的旧实现、旧样式、死分支、失效适配层和无效引用必须在同一轮变更中清理，不得继续留作“保险”。',
-  '- 若因兼容、灰度或回滚必须暂时保留旧实现，必须明确保留理由、适用边界、退出条件和后续清理计划。'
+const SUPREME_ONLY_CORE_PRINCIPLE_HEADING = '## 2. 最高原则只保留四句教 + 小九条';
+const SUPREME_ONLY_CORE_PRINCIPLE_REQUIRED_LINES = Object.freeze([
+  '- `CORE_PRINCIPLES.md` 只保留能直接决定该不该做、做事方向、判断质量和收敛效率的最高原则，不再堆放执行细则、门禁清单、策略阈值或场景化约束。',
+  '- 长期治理基线写入 `RULES_GUIDE.md`；项目经验、案例、阈值和方法论写入 `docs/steering-governance.md` 或 `.sce/knowledge/lessons/`；当前状态写入 `CURRENT_CONTEXT.md`。',
+  '- 四句教负责先判断“这件事该不该做、是否正当”；小九条负责在目标正当后，判断“这件事如何高质量地做成”。',
+  '- 若某条内容不能直接提升道德判断、目标理解、调查质量、判断质量或闭环效率，就不应继续占用最高原则层。'
 ]);
-const DELIVERY_SYNC_CORE_PRINCIPLE_SECTION = [
-  DELIVERY_SYNC_CORE_PRINCIPLE_HEADING,
+const SUPREME_ONLY_CORE_PRINCIPLE_SECTION = [
+  SUPREME_ONLY_CORE_PRINCIPLE_HEADING,
   '',
-  ...DELIVERY_SYNC_REQUIRED_LINES
+  ...SUPREME_ONLY_CORE_PRINCIPLE_REQUIRED_LINES
 ].join('\n');
-const LARGE_FILE_REFACTOR_CORE_PRINCIPLE_HEADING = '## 15. 单文件规模过大必须触发重构评估，禁止无限堆积';
-const LARGE_FILE_REFACTOR_CORE_PRINCIPLE_SECTION = [
-  LARGE_FILE_REFACTOR_CORE_PRINCIPLE_HEADING,
+const LITTLE_NINE_CORE_PRINCIPLE_HEADING = '## 3. 小九条：把正确的事正确地做成';
+const LITTLE_NINE_REQUIRED_LINES = Object.freeze([
+  '- 勤奋推进，不偷懒，不跳步；在无需用户额外干预时，按第一性原理先做计划并自主持续推进，始终沿关键路径连续推进分析、实现、验证、修复和交付，不靠省略环节伪装完成。',
+  '- 先准确领会你的真实意图，不拿旧判断、旧上下文或上一轮结论硬套现状；先校正目标，再展开动作。',
+  '- 主动调查研究，先看代码、数据、日志、配置和现场事实，再下结论；没有证据时先补证据。',
+  '- 保持项目活地图，持续知道当前结构、边界、依赖、关键约束和主要风险点；每次落刀前都要知道改动会影响哪里。',
+  '- 对问题想够想透，优先处理根因、连带影响和系统收敛路径，不做表面修补，也不把复杂问题压扁成局部补丁。',
+  '- 在证据足够时敢于下判断并推进下一步；结论可以修正，但不能在没有新证据时反复摇摆空转。',
+  '- 推进时必须统筹已有 Spec、`errorbook`（错题本）、测试、现状代码和你的关注点，保证目标、实现、验证和经验沉淀同向收敛。',
+  '- 遇到问题先主动拆解、定位和缩小范围；只有真正外部阻塞、权限缺口或目标冲突时才升级，不得轻易把阻塞甩回来。',
+  '- 保持连续作战能力，按断点记录和恢复，持续收敛直到形成可验证闭环；除非触发高风险、权限边界或目标冲突，否则不中途停在“等你指示”，任何中断都不能让上下文重新归零。'
+]);
+const LITTLE_NINE_CORE_PRINCIPLE_SECTION = [
+  LITTLE_NINE_CORE_PRINCIPLE_HEADING,
   '',
-  '- SCE 应为每个项目定期评估代码规模分布，并给出项目级的重构参考节点；禁止假设所有项目都适用同一个固定行数阈值。',
-  '- 若项目尚未建立自己的阈值，默认参考源文件 `2000 / 4000 / 10000` 行三档触发：分别对应“必须评估”“必须发起重构收敛”“进入红线区”。',
-  '- 达到项目级或默认阈值后，后续改动必须优先评估拆分模块、服务、命令面或数据职责；超过重构/红线阈值时，不得继续无计划堆积复杂度。',
-  '- 项目开始较小时，阈值应更早触发；项目进入长期演进后，也必须按周或发布前重新评估，而不是让早期设定永久失效。',
-  '- 行数阈值只是强触发信号，不代表低于阈值就可以忽略耦合、职责混杂、测试失控和理解成本问题；若复杂度已明显失控，应提前启动重构。'
+  ...LITTLE_NINE_REQUIRED_LINES
 ].join('\n');
 const REQUIRED_CORE_PRINCIPLE_SECTIONS = Object.freeze([
   {
-    heading: DELIVERY_SYNC_CORE_PRINCIPLE_HEADING,
-    section: DELIVERY_SYNC_CORE_PRINCIPLE_SECTION
+    heading: FOUR_SENTENCE_TEACHING_CORE_PRINCIPLE_HEADING,
+    section: FOUR_SENTENCE_TEACHING_CORE_PRINCIPLE_SECTION
   },
   {
-    heading: CLARIFICATION_FIRST_CORE_PRINCIPLE_HEADING,
-    section: CLARIFICATION_FIRST_CORE_PRINCIPLE_SECTION
+    heading: SUPREME_ONLY_CORE_PRINCIPLE_HEADING,
+    section: SUPREME_ONLY_CORE_PRINCIPLE_SECTION
   },
   {
-    heading: NO_BLIND_FIX_CORE_PRINCIPLE_HEADING,
-    section: NO_BLIND_FIX_CORE_PRINCIPLE_SECTION
-  },
+    heading: LITTLE_NINE_CORE_PRINCIPLE_HEADING,
+    section: LITTLE_NINE_CORE_PRINCIPLE_SECTION
+  }
+]);
+const REQUIRED_CORE_PRINCIPLE_SECTION_LINES = Object.freeze([
   {
-    heading: STEERING_CHANGE_EVALUATION_CORE_PRINCIPLE_HEADING,
-    section: STEERING_CHANGE_EVALUATION_CORE_PRINCIPLE_SECTION
+    heading: FOUR_SENTENCE_TEACHING_CORE_PRINCIPLE_HEADING,
+    lines: FOUR_SENTENCE_TEACHING_REQUIRED_LINES
   },
   {
-    heading: BACKEND_API_PRECEDENCE_CORE_PRINCIPLE_HEADING,
-    section: BACKEND_API_PRECEDENCE_CORE_PRINCIPLE_SECTION
+    heading: SUPREME_ONLY_CORE_PRINCIPLE_HEADING,
+    lines: SUPREME_ONLY_CORE_PRINCIPLE_REQUIRED_LINES
   },
   {
-    heading: LARGE_FILE_REFACTOR_CORE_PRINCIPLE_HEADING,
-    section: LARGE_FILE_REFACTOR_CORE_PRINCIPLE_SECTION
+    heading: LITTLE_NINE_CORE_PRINCIPLE_HEADING,
+    lines: LITTLE_NINE_REQUIRED_LINES
   }
 ]);
+const RULES_GUIDE_BASELINE_HEADING = '## 治理基线（非最高原则）';
+const SPEC_ARTIFACT_RULE_GUIDE_LINE = '- 所有需求先落 Spec；所有由 Agent 生成的脚本、报告、诊断、调试日志、测试脚本、临时分析和验证产物默认归档到当前 `.sce/specs/<spec>/` 的对应子目录；没有明确 Spec 时先使用通用 Spec 承接。';
+const ERRORBOOK_CONVERGENCE_RULE_GUIDE_LINE = '- 连续两轮以上仍未成功定位或验证问题时，先在 `errorbook` 记录或更新 incident，再用二分法配合 debug 日志/埋点快速收敛范围，不继续盲改。';
+const CLARIFICATION_FIRST_RULE_GUIDE_LINE = '- 业务场景未知时先澄清，不得把未知范围直接变成一刀切禁用；修改问题前先建立问题契约和证据，不得靠猜测碰运气。';
+const DELIVERY_SYNC_RULE_GUIDE_LINE = '- 代码、测试、文档必须同步闭环；重要功能、命令、配置变化必须同步更新说明，发布前不得带着失败验证前进。';
+const MECHANISM_REUSE_RULE_GUIDE_LINE = '- Steering 变更先评估；已有机制优先复用，不得在 steering 中平行造轮子，尤其不得再造一套独立于 `errorbook` 的问题沉淀机制。';
+const KNOWLEDGE_SINK_RULE_GUIDE_LINE = '- 可复用执行经验、阈值、案例和策略，优先写入 `docs/steering-governance.md` 或 `.sce/knowledge/lessons/`，不要回灌到最高原则层。';
+const RULES_GUIDE_REQUIRED_LINES = Object.freeze([
+  SPEC_ARTIFACT_RULE_GUIDE_LINE,
+  ERRORBOOK_CONVERGENCE_RULE_GUIDE_LINE,
+  CLARIFICATION_FIRST_RULE_GUIDE_LINE,
+  DELIVERY_SYNC_RULE_GUIDE_LINE,
+  MECHANISM_REUSE_RULE_GUIDE_LINE,
+  KNOWLEDGE_SINK_RULE_GUIDE_LINE
+]);
+const RULES_GUIDE_BASELINE_SECTION = [
+  RULES_GUIDE_BASELINE_HEADING,
+  '',
+  ...RULES_GUIDE_REQUIRED_LINES
+].join('\n');
+const REQUIRED_RULES_GUIDE_SECTIONS = Object.freeze([
+  {
+    heading: RULES_GUIDE_BASELINE_HEADING,
+    section: RULES_GUIDE_BASELINE_SECTION
+  }
+]);
+const REQUIRED_RULES_GUIDE_SECTION_LINES = Object.freeze([
+  {
+    heading: RULES_GUIDE_BASELINE_HEADING,
+    lines: RULES_GUIDE_REQUIRED_LINES
+  }
+]);
+const LEGACY_CORE_PRINCIPLE_HEADINGS = Object.freeze([
+  '## 1. Steering 分层必须稳定',
+  '## 2. 所有需求先落 Spec',
+  '## 3. 默认自主闭环推进',
+  '## 4. 复用已有 SCE 能力，不得平行造轮子',
+  '## 5. 质量问题必须追根，不允许伪修复',
+  '## 6. 测试、文档、代码必须同步闭环',
+  '## 7. 单一事实源优先',
+  '## 8. Git 托管与发版门禁默认启用',
+  '## 9. 开发测试环境默认授权',
+  '## 10. Steering 自身必须定期净化',
+  '## 11. 业务场景未知时必须先澄清，禁止直接彻底禁用',
+  '## 12. 禁止盲改问题，必须先建立问题契约和证据',
+  '## 13. Steering 条目变更必须先评估，禁止随意增删',
+  '## 14. 问题修复时前后端接口不一致默认以后端契约为准',
+  '## 15. 单文件规模过大必须触发重构评估，禁止无限堆积',
+  '## 1. 最高原则只保留小九条',
+  '## 2. 小九条：最高原则与默认执行姿态',
+  '## 16. 小九条：默认执行姿态必须成立'
+]);
 
 const ERRORBOOK_REGISTRY_DEFAULTS = Object.freeze({
   enabled: true,
@@ -122,6 +164,12 @@ const ERRORBOOK_REGISTRY_DEFAULTS = Object.freeze({
   ]
 });
 
+const SEMANTIC_SHARED_SOURCE_DEFAULTS = Object.freeze({
+  enabled: true,
+  mirror_root: '.sce/knowledge/semantic-shared',
+  sources: []
+});
+
 const ERRORBOOK_CONVERGENCE_DEFAULTS = Object.freeze({
   enabled: true,
   canonical_mechanism: 'errorbook',
@@ -294,6 +342,11 @@ const STUDIO_INTAKE_POLICY_DEFAULTS = Object.freeze({
     override_file: '.sce/spec-governance/spec-scene-overrides.json',
     rules: [
       { id: 'moqui-core', scene_id: 'scene.moqui-core', keywords: ['moqui'] },
+      {
+        id: 'semantic-kernel',
+        scene_id: 'scene.sce-semantic-kernel',
+        keywords: ['semantic', 'dialogue', 'conversation', 'reply', 'prompt', 'self-eval', 'simulation', 'codex cli', 'claude code', 'kiro', 'standalone sce']
+      },
       { id: 'orchestration', scene_id: 'scene.sce-orchestration', keywords: ['orchestrate', 'runtime', 'controller', 'batch', 'parallel'] },
       { id: 'template-registry', scene_id: 'scene.sce-template-registry', keywords: ['template', 'scene-package', 'registry', 'catalog', 'scene-template'] },
       { id: 'spec-governance', scene_id: 'scene.sce-spec-governance', keywords: ['spec', 'gate', 'ontology', 'governance', 'policy'] },
@@ -304,6 +357,56 @@ const STUDIO_INTAKE_POLICY_DEFAULTS = Object.freeze({
   }
 });
 
+const SUPREME_PRINCIPLES_POLICY_DEFAULTS = Object.freeze({
+  schema_version: '1.0',
+  enabled: true,
+  allow_planning_actions: ['allow', 'clarify', 'rewrite', 'narrow'],
+  allow_execution_actions: ['allow', 'rewrite', 'narrow'],
+  clarify_question: '请先明确你真正要达成的业务目标、作用对象和约束边界。',
+  refuse_message: '该请求不符合 SCE 的最高道德规范，不能直接执行。',
+  rewrite_message: '原始请求存在失范或越界风险，已收敛为可正当执行的目标。',
+  narrow_message: '原始请求风险过高，已收缩为审查、备份、验证优先的安全目标。',
+  refuse_rules: [
+    {
+      id: 'credential-theft',
+      keywords: ['steal password', 'dump token', 'exfiltrate', 'keylogger', 'phish', '窃取密码', '盗取令牌', '导出凭证'],
+      reason: '请求明显指向凭证盗取、数据外流或钓鱼等恶意行为。'
+    },
+    {
+      id: 'malware-abuse',
+      keywords: ['malware', 'ransomware', 'backdoor', 'payload', '木马', '勒索软件', '后门'],
+      reason: '请求明显指向恶意控制、破坏或持久化投毒。'
+    },
+    {
+      id: 'audit-evasion',
+      keywords: ['delete logs to hide', 'evade audit', 'disable audit trail', '清除日志掩盖', '绕过审计', '删除审计日志'],
+      reason: '请求明显指向规避责任、破坏审计或掩盖痕迹。'
+    }
+  ],
+  rewrite_rules: [
+    {
+      id: 'auth-bypass-to-safe-test-fixture',
+      keywords: ['disable auth', 'bypass auth', 'skip login', 'skip approval', '关闭认证', '绕过认证', '跳过登录', '跳过审批'],
+      replacement: 'Design a dev/test-only mechanism with explicit scope guard, audit trail, rollback plan, and no production bypass of authentication or approval controls.',
+      reason: '将越界的“绕过保护”目标改写为受边界约束的测试/诊断机制。'
+    },
+    {
+      id: 'remove-audit-to-safe-observability',
+      keywords: ['remove audit', 'turn off audit', 'delete logs', '关闭审计', '删除日志', '去掉审计'],
+      replacement: 'Design a safe observability adjustment that preserves required auditability, keeps retention boundaries, and reduces noise without deleting accountability evidence.',
+      reason: '将“去掉审计/日志”改写为保留责任边界的可观测性优化目标。'
+    }
+  ],
+  narrow_rules: [
+    {
+      id: 'destructive-production-change',
+      keywords: ['drop database', 'delete production data', 'truncate table', '删除生产数据', '清空数据表', '删库'],
+      replacement: 'Review the destructive change request, produce backup and rollback steps, verify scope, and require explicit confirmation before any irreversible data operation.',
+      reason: '高风险破坏性操作必须先收缩为审查、备份和回滚准备。'
+    }
+  ]
+});
+
 const TAKEOVER_DEFAULTS = Object.freeze({
   autonomous: {
     enabled: true,
@@ -381,7 +484,21 @@ const TAKEOVER_DEFAULTS = Object.freeze({
       enabled: true,
       active_only_default: true,
       default_scene_id: 'scene.sce-core',
-      override_file: '.sce/spec-governance/spec-scene-overrides.json'
+      override_file: '.sce/spec-governance/spec-scene-overrides.json',
+      rules: [
+        { id: 'moqui-core', scene_id: 'scene.moqui-core', keywords: ['moqui'] },
+        {
+          id: 'semantic-kernel',
+          scene_id: 'scene.sce-semantic-kernel',
+          keywords: ['semantic', 'dialogue', 'conversation', 'reply', 'prompt', 'self-eval', 'simulation', 'codex cli', 'claude code', 'kiro', 'standalone sce']
+        },
+        { id: 'orchestration', scene_id: 'scene.sce-orchestration', keywords: ['orchestrate', 'runtime', 'controller', 'batch', 'parallel'] },
+        { id: 'template-registry', scene_id: 'scene.sce-template-registry', keywords: ['template', 'scene-package', 'registry', 'catalog', 'scene-template'] },
+        { id: 'spec-governance', scene_id: 'scene.sce-spec-governance', keywords: ['spec', 'gate', 'ontology', 'governance', 'policy'] },
+        { id: 'quality', scene_id: 'scene.sce-quality', keywords: ['test', 'quality', 'stability', 'jest', 'coverage'] },
+        { id: 'docs', scene_id: 'scene.sce-docs', keywords: ['document', 'documentation', 'onboarding', 'guide'] },
+        { id: 'platform', scene_id: 'scene.sce-platform', keywords: ['adopt', 'upgrade', 'workspace', 'repo', 'environment', 'devops', 'release', 'github', 'npm'] }
+      ]
     }
   },
   debug_policy: {
@@ -389,6 +506,18 @@ const TAKEOVER_DEFAULTS = Object.freeze({
     max_direct_fix_rounds_before_debug: 2,
     forbid_bypass_workarounds: true
   },
+  supreme_principles: {
+    enabled: true,
+    allow_planning_actions: ['allow', 'clarify', 'rewrite', 'narrow'],
+    allow_execution_actions: ['allow', 'rewrite', 'narrow']
+  },
+  semantic_learning: {
+    enabled: true,
+    consent_model: 'adopt-implied',
+    auto_publish_qualified_delta: true,
+    publish_on_promotion: true,
+    shared_library_mirror_root: '.sce/knowledge/semantic-shared'
+  },
   collaboration: {
     multi_user_mode: true,
     multi_agent: _clone(MULTI_AGENT_CONFIG_DEFAULTS)
@@ -555,6 +684,14 @@ function _buildErrorbookRegistryConfig(existing) {
   };
 }
 
+function _buildSemanticSharedSourceConfig(existing) {
+  return _deepMerge(_isObject(existing) ? existing : {}, SEMANTIC_SHARED_SOURCE_DEFAULTS);
+}
+
+function _buildSupremePrinciplesPolicyConfig(existing) {
+  return _deepMerge(_isObject(existing) ? existing : {}, SUPREME_PRINCIPLES_POLICY_DEFAULTS);
+}
+
 function _buildProjectSharedErrorbookRegistry(existing, projectPath, nowIso, config = {}) {
   const projection = _isObject(config.project_shared_projection)
     ? config.project_shared_projection
@@ -822,27 +959,65 @@ function _appendLinesToSection(content, heading, lines) {
   return `${content.slice(0, startIndex)}${updatedSection}${content.slice(sectionEnd)}`;
 }
 
+function _removeSection(content, heading) {
+  if (!content || !heading) {
+    return content;
+  }
+  const startIndex = content.indexOf(heading);
+  if (startIndex === -1) {
+    return content;
+  }
+  const nextHeadingIndex = content.indexOf('\n## ', startIndex + heading.length);
+  const sectionEnd = nextHeadingIndex === -1 ? content.length : nextHeadingIndex + 1;
+  let nextContent = `${content.slice(0, startIndex)}${content.slice(sectionEnd)}`;
+  nextContent = nextContent.replace(/\n{3,}/g, '\n\n').trim();
+  return nextContent ? `${nextContent}\n` : '';
+}
+
+function _stripLegacyCorePrincipleSections(content) {
+  let nextContent = `${content || ''}`;
+  const removedHeadings = [];
+  for (const heading of LEGACY_CORE_PRINCIPLE_HEADINGS) {
+    if (!nextContent.includes(heading)) {
+      continue;
+    }
+    removedHeadings.push(heading);
+    nextContent = _removeSection(nextContent, heading);
+  }
+  return {
+    content: nextContent.trimEnd(),
+    removedHeadings
+  };
+}
+
 async function _reconcileCorePrinciplesBaseline(projectPath, options = {}) {
   const { apply, fileSystem } = options;
   const corePrinciplesPath = path.join(projectPath, SCE_STEERING_DIR, DEFAULT_LAYER_FILES.core_principles);
   const exists = await fileSystem.pathExists(corePrinciplesPath);
   const existingContent = exists ? await fileSystem.readFile(corePrinciplesPath, 'utf8') : '';
-  const missingSections = REQUIRED_CORE_PRINCIPLE_SECTIONS.filter(({ heading }) => !existingContent.includes(heading));
-  const missingDeliverySyncLines = existingContent.includes(DELIVERY_SYNC_CORE_PRINCIPLE_HEADING)
-    ? DELIVERY_SYNC_REQUIRED_LINES.filter((line) => !existingContent.includes(line))
-    : [];
-  const changed = missingSections.length > 0 || missingDeliverySyncLines.length > 0;
+  const normalized = _stripLegacyCorePrincipleSections(existingContent);
+  const workingContent = normalized.content;
+  const missingSections = REQUIRED_CORE_PRINCIPLE_SECTIONS.filter(({ heading }) => !workingContent.includes(heading));
+  const missingSectionLines = REQUIRED_CORE_PRINCIPLE_SECTION_LINES
+    .map(({ heading, lines }) => ({
+      heading,
+      lines: workingContent.includes(heading)
+        ? lines.filter((line) => !workingContent.includes(line))
+        : []
+    }))
+    .filter((item) => item.lines.length > 0);
+  const changed = normalized.removedHeadings.length > 0 || missingSections.length > 0 || missingSectionLines.length > 0;
 
   if (apply && changed) {
-    let nextContent = `${existingContent || ''}`.trimEnd();
+    let nextContent = `${workingContent || ''}`.trimEnd();
     const appendedSections = missingSections.map((item) => item.section).join('\n\n');
     if (appendedSections) {
       nextContent = nextContent
         ? `${nextContent}\n\n${appendedSections}`
         : appendedSections;
     }
-    if (missingDeliverySyncLines.length > 0) {
-      nextContent = _appendLinesToSection(nextContent, DELIVERY_SYNC_CORE_PRINCIPLE_HEADING, missingDeliverySyncLines);
+    for (const item of missingSectionLines) {
+      nextContent = _appendLinesToSection(nextContent, item.heading, item.lines);
     }
     await fileSystem.ensureDir(path.dirname(corePrinciplesPath));
     await fileSystem.writeFile(corePrinciplesPath, `${nextContent}\n`, 'utf8');
@@ -855,13 +1030,59 @@ async function _reconcileCorePrinciplesBaseline(projectPath, options = {}) {
     status: !exists ? (changed ? 'created' : 'unchanged') : (changed ? 'updated' : 'unchanged'),
     managed_by: 'takeover-baseline',
     details: {
+      removed_legacy_headings_before: normalized.removedHeadings,
       missing_required_headings_before: missingSections.map((item) => item.heading),
-      missing_delivery_sync_lines_before: missingDeliverySyncLines,
+      missing_required_lines_before: missingSectionLines,
       required_headings: REQUIRED_CORE_PRINCIPLE_SECTIONS.map((item) => item.heading)
     }
   };
 }
 
+async function _reconcileRulesGuideBaseline(projectPath, options = {}) {
+  const { apply, fileSystem } = options;
+  const rulesGuidePath = path.join(projectPath, SCE_STEERING_DIR, DEFAULT_LAYER_FILES.rules_guide);
+  const exists = await fileSystem.pathExists(rulesGuidePath);
+  const existingContent = exists ? await fileSystem.readFile(rulesGuidePath, 'utf8') : '';
+  const missingSections = REQUIRED_RULES_GUIDE_SECTIONS.filter(({ heading }) => !existingContent.includes(heading));
+  const missingSectionLines = REQUIRED_RULES_GUIDE_SECTION_LINES
+    .map(({ heading, lines }) => ({
+      heading,
+      lines: existingContent.includes(heading)
+        ? lines.filter((line) => !existingContent.includes(line))
+        : []
+    }))
+    .filter((item) => item.lines.length > 0);
+  const changed = missingSections.length > 0 || missingSectionLines.length > 0;
+
+  if (apply && changed) {
+    let nextContent = `${existingContent || ''}`.trimEnd();
+    const appendedSections = missingSections.map((item) => item.section).join('\n\n');
+    if (appendedSections) {
+      nextContent = nextContent
+        ? `${nextContent}\n\n${appendedSections}`
+        : appendedSections;
+    }
+    for (const item of missingSectionLines) {
+      nextContent = _appendLinesToSection(nextContent, item.heading, item.lines);
+    }
+    await fileSystem.ensureDir(path.dirname(rulesGuidePath));
+    await fileSystem.writeFile(rulesGuidePath, `${nextContent}\n`, 'utf8');
+  }
+
+  return {
+    path: _toRelativePosix(projectPath, rulesGuidePath),
+    existed: exists,
+    changed,
+    status: !exists ? (changed ? 'created' : 'unchanged') : (changed ? 'updated' : 'unchanged'),
+    managed_by: 'takeover-baseline',
+    details: {
+      missing_required_headings_before: missingSections.map((item) => item.heading),
+      missing_required_lines_before: missingSectionLines,
+      required_headings: REQUIRED_RULES_GUIDE_SECTIONS.map((item) => item.heading)
+    }
+  };
+}
+
 function _summarize(items) {
   const summary = {
     created: 0,
@@ -937,12 +1158,14 @@ async function applyTakeoverBaseline(projectPath = process.cwd(), options = {})
   const autoConfigPath = path.join(sceRoot, 'auto', 'config.json');
   const takeoverConfigPath = path.join(sceRoot, 'config', 'takeover-baseline.json');
   const errorbookRegistryPath = path.join(sceRoot, 'config', 'errorbook-registry.json');
+  const semanticSharedSourceConfigPath = path.join(sceRoot, 'config', 'semantic-shared-sources.json');
   const multiAgentConfigPath = path.join(sceRoot, 'config', 'multi-agent.json');
   const sessionGovernancePath = path.join(sceRoot, 'config', 'session-governance.json');
   const specDomainPolicyPath = path.join(sceRoot, 'config', 'spec-domain-policy.json');
   const problemEvalPolicyPath = path.join(sceRoot, 'config', 'problem-eval-policy.json');
   const problemClosurePolicyPath = path.join(sceRoot, 'config', 'problem-closure-policy.json');
   const studioIntakePolicyPath = path.join(sceRoot, 'config', 'studio-intake-policy.json');
+  const supremePrinciplesPolicyPath = path.join(sceRoot, 'config', 'supreme-principles-policy.json');
   const stateStoragePolicyPath = path.join(sceRoot, 'config', 'state-storage-policy.json');
   const errorbookInventoryPath = path.join(sceRoot, 'errorbook', 'project-intake', 'custom-mechanism-inventory.json');
   const reportPath = path.join(sceRoot, 'reports', 'takeover-baseline-latest.json');
@@ -951,17 +1174,20 @@ async function applyTakeoverBaseline(projectPath = process.cwd(), options = {})
   const existingAuto = await _readJsonSafe(autoConfigPath, fileSystem);
   const existingTakeover = await _readJsonSafe(takeoverConfigPath, fileSystem);
   const existingErrorbookRegistry = await _readJsonSafe(errorbookRegistryPath, fileSystem);
+  const existingSemanticSharedSourceConfig = await _readJsonSafe(semanticSharedSourceConfigPath, fileSystem);
   const existingMultiAgentConfig = await _readJsonSafe(multiAgentConfigPath, fileSystem);
   const existingSessionGovernance = await _readJsonSafe(sessionGovernancePath, fileSystem);
   const existingSpecDomainPolicy = await _readJsonSafe(specDomainPolicyPath, fileSystem);
   const existingProblemEvalPolicy = await _readJsonSafe(problemEvalPolicyPath, fileSystem);
   const existingProblemClosurePolicy = await _readJsonSafe(problemClosurePolicyPath, fileSystem);
   const existingStudioIntakePolicy = await _readJsonSafe(studioIntakePolicyPath, fileSystem);
+  const existingSupremePrinciplesPolicy = await _readJsonSafe(supremePrinciplesPolicyPath, fileSystem);
   const existingStateStoragePolicy = await _readJsonSafe(stateStoragePolicyPath, fileSystem);
   const desiredAdoption = _buildAdoptionConfig(existingAdoption, nowIso, sceVersion);
   const desiredAutoConfig = _buildAutoConfig(existingAuto);
   const desiredTakeover = _buildTakeoverBaselineConfig(existingTakeover, sceVersion);
   const desiredErrorbookRegistry = _buildErrorbookRegistryConfig(existingErrorbookRegistry);
+  const desiredSemanticSharedSourceConfig = _buildSemanticSharedSourceConfig(existingSemanticSharedSourceConfig);
   const projectSharedRegistryRelativePath = _isObject(desiredErrorbookRegistry.project_shared_projection)
     && typeof desiredErrorbookRegistry.project_shared_projection.file === 'string'
     && desiredErrorbookRegistry.project_shared_projection.file.trim()
@@ -997,9 +1223,13 @@ async function applyTakeoverBaseline(projectPath = process.cwd(), options = {})
     desiredProblemClosurePolicy
   );
   const desiredStudioIntakePolicy = _deepMerge(existingStudioIntakePolicy || {}, STUDIO_INTAKE_POLICY_DEFAULTS);
+  const desiredSupremePrinciplesPolicy = _buildSupremePrinciplesPolicyConfig(existingSupremePrinciplesPolicy);
   const desiredStateStoragePolicy = _deepMerge(existingStateStoragePolicy || {}, cloneStateStoragePolicyDefaults());
   const customErrorbookFindings = await _scanProjectDefinedErrorbookMechanisms(projectPath, fileSystem);
   const desiredErrorbookInventory = _buildErrorbookConvergenceInventory(sceVersion, customErrorbookFindings);
+  const semanticSharedSourceDiscovery = await discoverSemanticSharedSourceDescriptors(projectPath, {
+    fileSystem
+  });
 
   const fileResults = [];
   fileResults.push(await _reconcileJsonFile(adoptionPath, desiredAdoption, {
@@ -1022,6 +1252,11 @@ async function applyTakeoverBaseline(projectPath = process.cwd(), options = {})
     apply,
     fileSystem
   }));
+  fileResults.push(await _reconcileJsonFile(semanticSharedSourceConfigPath, desiredSemanticSharedSourceConfig, {
+    projectPath,
+    apply,
+    fileSystem
+  }));
   fileResults.push(await _reconcileJsonFile(projectSharedErrorbookRegistryPath, desiredProjectSharedErrorbookRegistry, {
     projectPath,
     apply,
@@ -1062,6 +1297,11 @@ async function applyTakeoverBaseline(projectPath = process.cwd(), options = {})
     apply,
     fileSystem
   }));
+  fileResults.push(await _reconcileJsonFile(supremePrinciplesPolicyPath, desiredSupremePrinciplesPolicy, {
+    projectPath,
+    apply,
+    fileSystem
+  }));
   fileResults.push(await _reconcileJsonFile(stateStoragePolicyPath, desiredStateStoragePolicy, {
     projectPath,
     apply,
@@ -1081,6 +1321,10 @@ async function applyTakeoverBaseline(projectPath = process.cwd(), options = {})
     apply,
     fileSystem
   }));
+  fileResults.push(await _reconcileRulesGuideBaseline(projectPath, {
+    apply,
+    fileSystem
+  }));
 
   const auditFiles = _toAuditStatus(fileResults, apply);
   const summary = _summarize(auditFiles);
@@ -1103,6 +1347,13 @@ async function applyTakeoverBaseline(projectPath = process.cwd(), options = {})
       detected_custom_mechanism_count: desiredErrorbookInventory.summary.detected_custom_mechanisms,
       inventory_file: _toRelativePosix(projectPath, errorbookInventoryPath)
     },
+    semantic_shared_source_discovery: {
+      total_descriptors: semanticSharedSourceDiscovery.summary.total,
+      approved_descriptors: semanticSharedSourceDiscovery.summary.approved,
+      blocked_descriptors: semanticSharedSourceDiscovery.summary.blocked,
+      items: semanticSharedSourceDiscovery.items,
+      blocked: semanticSharedSourceDiscovery.blocked
+    },
     files: auditFiles,
     summary
   };
@@ -1127,20 +1378,28 @@ async function applyTakeoverBaseline(projectPath = process.cwd(), options = {})
 }
 
 module.exports = {
-  CLARIFICATION_FIRST_CORE_PRINCIPLE_HEADING,
-  CLARIFICATION_FIRST_CORE_PRINCIPLE_SECTION,
-  NO_BLIND_FIX_CORE_PRINCIPLE_HEADING,
-  NO_BLIND_FIX_CORE_PRINCIPLE_SECTION,
-  STEERING_CHANGE_EVALUATION_CORE_PRINCIPLE_HEADING,
-  STEERING_CHANGE_EVALUATION_CORE_PRINCIPLE_SECTION,
-  BACKEND_API_PRECEDENCE_CORE_PRINCIPLE_HEADING,
-  BACKEND_API_PRECEDENCE_CORE_PRINCIPLE_SECTION,
-  DELIVERY_SYNC_CORE_PRINCIPLE_HEADING,
-  DELIVERY_SYNC_REQUIRED_LINES,
-  LARGE_FILE_REFACTOR_CORE_PRINCIPLE_HEADING,
-  LARGE_FILE_REFACTOR_CORE_PRINCIPLE_SECTION,
+  FOUR_SENTENCE_TEACHING_CORE_PRINCIPLE_HEADING,
+  FOUR_SENTENCE_TEACHING_CORE_PRINCIPLE_SECTION,
+  SUPREME_ONLY_CORE_PRINCIPLE_HEADING,
+  SUPREME_ONLY_CORE_PRINCIPLE_SECTION,
+  LITTLE_NINE_CORE_PRINCIPLE_HEADING,
+  LITTLE_NINE_CORE_PRINCIPLE_SECTION,
   REQUIRED_CORE_PRINCIPLE_SECTIONS,
+  REQUIRED_CORE_PRINCIPLE_SECTION_LINES,
+  RULES_GUIDE_BASELINE_HEADING,
+  RULES_GUIDE_BASELINE_SECTION,
+  RULES_GUIDE_REQUIRED_LINES,
+  REQUIRED_RULES_GUIDE_SECTIONS,
+  REQUIRED_RULES_GUIDE_SECTION_LINES,
+  SPEC_ARTIFACT_RULE_GUIDE_LINE,
+  ERRORBOOK_CONVERGENCE_RULE_GUIDE_LINE,
+  CLARIFICATION_FIRST_RULE_GUIDE_LINE,
+  DELIVERY_SYNC_RULE_GUIDE_LINE,
+  MECHANISM_REUSE_RULE_GUIDE_LINE,
+  KNOWLEDGE_SINK_RULE_GUIDE_LINE,
   ERRORBOOK_REGISTRY_DEFAULTS,
+  SEMANTIC_SHARED_SOURCE_DEFAULTS,
+  SUPREME_PRINCIPLES_POLICY_DEFAULTS,
   ERRORBOOK_CONVERGENCE_DEFAULTS,
   TAKEOVER_BASELINE_SCHEMA_VERSION,
   TAKEOVER_DEFAULTS,

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "scene-capability-engine",
-  "version": "3.6.65",
+  "version": "3.6.67",
   "description": "SCE (Scene Capability Engine) - A CLI tool and npm package for spec-driven development with AI coding assistants.",
   "main": "index.js",
   "bin": {
@@ -39,21 +39,26 @@
     "test:skip-audit": "node scripts/check-skip-allowlist.js",
     "test:sce-tracking": "node scripts/check-sce-tracking.js",
     "gate:npm-runtime-assets": "node scripts/npm-package-runtime-asset-check.js --fail-on-violation",
+    "gate:release-posture": "node scripts/release-posture-report.js --require-stable --fail-on-blocking --json",
     "test:brand-consistency": "node scripts/check-branding-consistency.js",
     "audit:release-docs": "node scripts/release-doc-version-audit.js --fail-on-error",
     "audit:refactor-trigger": "node scripts/refactor-trigger-audit.js",
     "audit:steering": "node scripts/steering-content-audit.js --fail-on-error",
     "audit:clarification-first": "node scripts/clarification-first-audit.js --fail-on-violation",
+    "audit:agent-governance": "node scripts/agent-governance-baseline-audit.js --fail-on-violation",
     "audit:magicball-engineering-contract": "node scripts/magicball-engineering-contract-audit.js --fail-on-violation",
     "audit:magicball-project-contract": "node scripts/magicball-project-contract-audit.js --fail-on-violation",
+    "audit:deprecated-entry": "node scripts/deprecated-entry-audit.js --fail-on-violation",
     "gate:collab-governance": "node scripts/collab-governance-gate.js --fail-on-violation",
     "audit:state-storage": "node scripts/state-storage-tiering-audit.js",
     "report:release-docs": "node scripts/release-doc-version-audit.js --json",
     "report:refactor-trigger": "node scripts/refactor-trigger-audit.js --json",
     "report:steering-audit": "node scripts/steering-content-audit.js --json",
     "report:clarification-first-audit": "node scripts/clarification-first-audit.js --json",
+    "report:agent-governance-audit": "node scripts/agent-governance-baseline-audit.js --json",
     "report:magicball-engineering-contract": "node scripts/magicball-engineering-contract-audit.js --json",
     "report:magicball-project-contract": "node scripts/magicball-project-contract-audit.js --json",
+    "report:release-posture": "node scripts/release-posture-report.js --json",
     "report:collab-governance": "node scripts/collab-governance-gate.js --json",
     "report:state-storage": "node scripts/state-storage-tiering-audit.js --json",
     "report:interactive-approval-projection": "node scripts/interactive-approval-event-projection.js --action doctor --json",
@@ -96,7 +101,7 @@
     "gate:release-asset-integrity": "node scripts/release-asset-integrity-check.js",
     "report:release-risk-remediation": "node scripts/release-risk-remediation-bundle.js --json",
     "report:moqui-core-regression": "node scripts/moqui-core-regression-suite.js --json",
-    "prepublishOnly": "npm run test:release && npm run test:skip-audit && npm run test:sce-tracking && npm run gate:npm-runtime-assets && npm run test:brand-consistency && npm run audit:release-docs && npm run audit:steering && npm run audit:clarification-first && npm run audit:magicball-engineering-contract && npm run audit:magicball-project-contract && npm run gate:collab-governance && npm run gate:git-managed && npm run gate:errorbook-registry-health && npm run gate:errorbook-release && npm run report:interactive-governance -- --fail-on-alert",
+    "prepublishOnly": "npm run test:release && npm run test:skip-audit && npm run test:sce-tracking && npm run gate:npm-runtime-assets && npm run test:brand-consistency && npm run audit:release-docs && npm run audit:steering && npm run audit:clarification-first && npm run audit:agent-governance && npm run audit:magicball-engineering-contract && npm run audit:magicball-project-contract && npm run audit:deprecated-entry && npm run gate:collab-governance && npm run gate:git-managed && npm run gate:errorbook-registry-health && npm run gate:errorbook-release && npm run gate:release-posture",
     "publish:manual": "npm publish --access public",
     "install-global": "npm install -g .",
     "uninstall-global": "npm uninstall -g scene-capability-engine"