zsp/everything-claude-code
1
0
Fork 0
mirror of https://github.com/affaan-m/everything-claude-code.git synced 2026-05-17 22:33:06 +08:00
Code Issues Packages Projects Releases Wiki Activity

docs: mirror agentshield policy promotion gate

Browse Source
This commit is contained in:
Affaan Mustafa
2026-05-17 01:10:12 -04:00
committed by Affaan Mustafa
parent 6d130cfcd5
commit cc5c255529
7 changed files with 57 additions and 30 deletions
Download Patch File Download Diff File Expand all files Collapse all files

18
docs/releases/2.0.0-rc.1/operator-readiness-dashboard-2026-05-15.md
View File

@@ -2,18 +2,18 @@
This dashboard is generated by `npm run operator:dashboard`. It is an operator snapshot, not release approval.
Generated: 2026-05-16T16:48:52.768Z
Commit: 610eb346d0183ef5e832e3ac6f9f6a61725578c1
Generated: 2026-05-17T05:08:31.916Z
Commit: 6d130cfcd5d06b42c7eb30be8e109cfa87fde197
Status: work remaining
## Current Status
| Area | Status | Evidence |
| --- | --- | --- |
| PR queue | Current | 1 open PRs across tracked repos |
| Issue queue | Current | 2 open issues across tracked repos |
| PR queue | Current | 6 open PRs across tracked repos |
| Issue queue | Current | 3 open issues across tracked repos |
| Discussions | Current | 0 need maintainer touch; 0 missing accepted answer |
| Local worktree | Current | 0 blocking dirty files; 1 ignored dirty entries |
| Local worktree | Needs work | 7 blocking dirty files; 1 ignored dirty entries |
| Dashboard generation | Current | platform audit ready: true; GitHub skipped: false |
| Publication | Not complete | release, npm, plugin, billing, and announcement gates are tracked below |
@@ -21,15 +21,15 @@ Status: work remaining
| Objective requirement | Artifact or gate | Status | Evidence | Gap |
| --- | --- | --- | --- | --- |
| Keep public PRs below 20 | scripts/platform-audit.js live GitHub sweep | current | 1 open PRs across 5 tracked repos | repeat before release |
| Keep public issues below 20 | scripts/platform-audit.js live GitHub sweep | current | 2 open issues across 5 tracked repos | repeat before release |
| Keep public PRs below 20 | scripts/platform-audit.js live GitHub sweep | current | 6 open PRs across 5 tracked repos | repeat before release |
| Keep public issues below 20 | scripts/platform-audit.js live GitHub sweep | current | 3 open issues across 5 tracked repos | repeat before release |
| Respond and manage repository discussions | scripts/platform-audit.js discussion summary | current | 0 need maintainer touch; 0 answerable discussions missing accepted answer | repeat before release |
| Build ITO-44 completion dashboard into a repeatable command | npm run operator:dashboard | complete | operator:dashboard package script exists | keep generated dashboard attached to publication evidence |
| ECC 2.0 preview pack ready | docs/releases/2.0.0-rc.1/preview-pack-manifest.md | in_progress | preview pack manifest is in-tree | final clean-checkout release approval and publish evidence still pending |
| Include Hermes specialized skills safely | docs/HERMES-SETUP.md and skills/hermes-imports/SKILL.md | in_progress | Hermes setup and import skill are present | final preview-pack smoke and release review pending |
| Prepare name-change, Claude plugin, and Codex plugin paths | naming-and-publication-matrix plus publication-readiness | in_progress | naming matrix and plugin readiness gates exist | real tag/push, marketplace submission, and final channel choice remain approval-gated |
| Prepare release notes, articles, tweets, and push notifications | docs/releases/2.0.0-rc.1 social and release-copy files | in_progress | release notes, X thread, and LinkedIn draft are present | URL-backed refresh and publish approval still pending |
| Advance AgentShield enterprise iteration | AgentShield PR evidence plus enterprise roadmap | in_progress | AgentShield enterprise PR evidence is mirrored in the GA roadmap | workflow automation plus policy promotion/review UX pending after policy export shipped |
| Advance AgentShield enterprise iteration | AgentShield PR evidence plus enterprise roadmap | in_progress | AgentShield enterprise PR evidence is mirrored in the GA roadmap | workflow automation around protected rollout and richer runtime review UX pending after policy promotion shipped |
| Advance ECC Tools native payments and AI-native harness-agnostic app | ECC Tools PR evidence, billing gate, hosted analysis lanes | in_progress | billing announcement gate, hosted analysis lanes, AgentShield fleet-summary consumption, hosted finding evidence paths, and harness-route policy linking are mirrored in the GA roadmap | live Marketplace test-account readback, hosted promotion telemetry, and richer operator review UX pending |
| Audit, prune, or attach legacy work | docs/stale-pr-salvage-ledger.md and legacy inventory | in_progress | legacy salvage ledger and ITO-55 tracking are present | final translation/manual-review tail remains |
| Keep Linear roadmap detailed and progress tracking synchronized | Linear project mirror plus progress-sync contract | in_progress | repo mirror and progress-sync contract are present | recurring Linear status sync and productized realtime sync remain pending |
@@ -42,7 +42,7 @@ Status: work remaining
- `hermes-specialized-skills`: final preview-pack smoke and release review pending
- `naming-and-plugin-publication`: real tag/push, marketplace submission, and final channel choice remain approval-gated
- `release-notes-and-notifications`: URL-backed refresh and publish approval still pending
- `agentshield-enterprise-iteration`: workflow automation plus policy promotion/review UX pending after policy export shipped
- `agentshield-enterprise-iteration`: workflow automation around protected rollout and richer runtime review UX pending after policy promotion shipped
- `ecc-tools-next-level`: live Marketplace test-account readback, hosted promotion telemetry, and richer operator review UX pending
- `legacy-salvage`: final translation/manual-review tail remains
- `linear-roadmap-and-progress`: recurring Linear status sync and productized realtime sync remain pending

2
docs/releases/2.0.0-rc.1/preview-pack-manifest.md
View File

@@ -21,7 +21,7 @@ surfaces, or posting announcements.
| `docs/releases/2.0.0-rc.1/launch-checklist.md` | Operator launch checklist | Must remain approval-gated for release, package, plugin, and announcement actions |
| `docs/releases/2.0.0-rc.1/publication-readiness.md` | Release gate | Requires fresh evidence from the exact release commit |
| `docs/releases/2.0.0-rc.1/publication-evidence-2026-05-15.md` | Current May 15 queue, roadmap, security, supply-chain watch, no-lifecycle CI install hardening, AgentShield #86 evidence-pack provenance, ECC Tools billing-gate, Actions cache purge, and `ecc2` test evidence through PR #1941 | Must be superseded by a final clean-checkout evidence file before real publication |
| `docs/releases/2.0.0-rc.1/publication-evidence-2026-05-16.md` | Current May 16 queue cleanup, recsys skill merge, GateGuard triage, PR #1947 supply-chain protection, AgentShield #87 plugin-cache confidence evidence, AgentShield #88 evidence-pack inspect/readback, AgentShield #89 evidence-pack fleet routing, AgentShield #90 fleet review items, AgentShield #91 policy export, ECC-Tools #76 fleet-summary consumption, ECC-Tools #77 hosted finding evidence paths, ECC-Tools #78 harness policy-route linking, dashboard refresh, and combined Node/Rust/release-surface gate evidence through the May 16 mirror | Must still be repeated from a strict clean checkout before real publication |
| `docs/releases/2.0.0-rc.1/publication-evidence-2026-05-16.md` | Current May 16/17 queue cleanup, recsys skill merge, GateGuard triage, PR #1947 supply-chain protection, AgentShield #87 plugin-cache confidence evidence, AgentShield #88 evidence-pack inspect/readback, AgentShield #89 evidence-pack fleet routing, AgentShield #90 fleet review items, AgentShield #91 policy export, AgentShield #92 policy promotion, ECC-Tools #76 fleet-summary consumption, ECC-Tools #77 hosted finding evidence paths, ECC-Tools #78 harness policy-route linking, dashboard refresh, and combined Node/Rust/release-surface gate evidence through the May 16 mirror | Must still be repeated from a strict clean checkout before real publication |
| `docs/releases/2.0.0-rc.1/naming-and-publication-matrix.md` | Naming, slug, and publication-path decision record | Keeps `Everything Claude Code / ECC`, npm `ecc-universal`, and plugin slug `ecc` for rc.1 |
| `docs/releases/2.0.0-rc.1/x-thread.md` | X launch draft | Must replace placeholders with live URLs after release/package/plugin publication |
| `docs/releases/2.0.0-rc.1/linkedin-post.md` | LinkedIn launch draft | Must replace placeholders with live URLs after release/package/plugin publication |

11
docs/releases/2.0.0-rc.1/publication-evidence-2026-05-16.md
View File

@@ -9,7 +9,7 @@ npm publication, plugin tag, marketplace submission, or announcement post.
| --- | --- |
| Upstream main | `6bced468d76b269243a6f0bd28472853aa78e0e4` |
| Git remote | `https://github.com/affaan-m/everything-claude-code.git` |
| Evidence scope | Current `main` after PR #1944, PR #1945, issue #1946 triage, PR #1947 supply-chain protection, AgentShield PR #87, AgentShield PR #88, AgentShield PR #89, AgentShield PR #90, AgentShield PR #91, ECC-Tools PR #76, ECC-Tools PR #77, ECC-Tools PR #78, ITO-57 sync, and operator dashboard refresh |
| Evidence scope | Current `main` after PR #1944, PR #1945, issue #1946 triage, PR #1947 supply-chain protection, AgentShield PR #87, AgentShield PR #88, AgentShield PR #89, AgentShield PR #90, AgentShield PR #91, AgentShield PR #92, ECC-Tools PR #76, ECC-Tools PR #77, ECC-Tools PR #78, Japanese localization triage, ITO-57 sync, and operator dashboard refresh |
| Local status caveat | `git status --short --branch` showed `## main...origin/main` plus unrelated untracked `docs/drafts/` |
The actual release operator should repeat all publish-facing checks from the
@@ -19,9 +19,9 @@ final release commit with a strictly clean checkout before publishing.
| Surface | Command | Result |
| --- | --- | --- |
| Trunk PRs | `gh pr list --state open --json number,title,url --limit 20` | `[]` |
| Trunk issues | `gh issue list --state open --json number,title,url --limit 20` | `[]` |
| Platform audit | `node scripts/platform-audit.js --json --allow-untracked docs/drafts/` | Ready; open PRs 0, open issues 0, discussion maintainer-touch gaps 0, discussion missing-answer gaps 0, blocking dirty files 0 |
| Trunk PRs | `gh pr list --state open --json number,title,url --limit 20` | 6 open PRs: Dependabot #1959-#1963 plus PR #1953, which remains open with changes requested for Japanese localization parity |
| Trunk issues | `gh issue list --state open --json number,title,url --limit 20` | 3 open issues: #1951 linked to held localization PR, plus #1957 and #1958 awaiting the next queue batch |
| Platform audit | `node scripts/platform-audit.js --json --allow-untracked docs/drafts/` | Ready; open PRs 6, open issues 3, discussion maintainer-touch gaps 0, discussion missing-answer gaps 0, blocking dirty files 0 on a clean checkout; current branch generation sees the mirror edits as local dirty work |
| Operator dashboard | `npm run operator:dashboard -- --json --allow-untracked docs/drafts/` | `dashboardReady: true`, `platformReady: true`, head `6bced468d76b269243a6f0bd28472853aa78e0e4` |
## Merge And Triage Batch
@@ -37,11 +37,12 @@ final release commit with a strictly clean checkout before publishing.
| AgentShield PR #89 | Merged evidence-pack fleet routing as `521ada9091bb6d818511ab8589ae675b920c106a`; `agentshield evidence-pack fleet <dirs...> [--json]` now aggregates multiple verified bundles into ready, security-blocker, policy-review, baseline-regression, supply-chain-review, and invalid routes with finding, policy, baseline, supply-chain, and remediation totals |
| AgentShield PR #90 | Merged fleet review items as `6d1c57c92000541d65a3b6bc366f0322d7d0dacc`; `agentshield evidence-pack fleet --json` now emits `reviewItems` with route, severity, repository/target context, source evidence paths, reason, and owner-ready recommendation, and the text CLI prints a `Review items` block |
| AgentShield PR #91 | Merged checksum-backed policy export as `73e1e3586dc4513a462e39c9799f75eea104e110`; `agentshield policy export` writes one JSON policy file per selected pack plus `manifest.json` with SHA-256 digests, and supports pack selection, repeated owners, name prefixes, and JSON output |
| AgentShield PR #92 | Merged checksum-verified policy promotion as `e7e259dc6212b63a8e03a253ca6b8c1e3c2abff7`; `agentshield policy promote` verifies the export manifest and selected policy digest, rejects tampered JSON, requires explicit pack selection for multi-pack manifests, supports dry-run JSON review, and writes the active policy only after verification |
| ECC-Tools PR #76 | Merged AgentShield fleet-summary consumption as `5bde2328d15f584481fb6334e6960716dbf3e16f`; hosted `security-evidence-review` now recognizes `agentshield-evidence/fleet-summary.json`, classifies it as `evidence-pack-fleet`, routes invalid/security-blocker/policy/baseline/supply-chain fleet outcomes into hosted findings, and fails closed on malformed fleet JSON |
| ECC-Tools PR #77 | Merged hosted finding source-evidence output as `31fd883b3f0cee135aee4839b01d34855b7867f6`; hosted job PR comments and check-run details now include an `Evidence` column with up to three source evidence paths per finding, including AgentShield fleet-derived findings |
| ECC-Tools PR #78 | Merged AgentShield fleet-route harness review as `0d4eb949aa56f56da88e6654273a22ffb95983a1`; hosted `harness-compatibility-audit` now collects fleet summaries, maps route target paths to Claude/Codex/OpenCode/MCP/plugin harness owners, and emits owner-review findings with source evidence paths |
| ITO-57 | Updated with PR #1947 advisory-source evidence, post-merge source refresh, IOC scan, npm audit/signature checks, and OpenAI app update caveat |
| ITO-49 | Updated with AgentShield PR #87, #88, #89, #90, and #91 merge evidence, local test evidence, CI status, live `~/.claude` scan classification counts, and local Mini Shai-Hulud protection scan results |
| ITO-49 | Updated with AgentShield PR #87, #88, #89, #90, #91, and #92 merge evidence, local test evidence, CI status, live `~/.claude` scan classification counts, local Mini Shai-Hulud protection scan results, and policy promotion validation |
| ITO-50 | Updated with ECC-Tools PR #76, PR #77, and PR #78 merge evidence, hosted security review behavior, hosted finding evidence-path behavior, harness fleet-route owner-review behavior, local test evidence, and remote Verify/Security Audit/Workers build checks |
| ITO-44 | Updated with queue cleanup, dashboard refresh, and remaining macro gaps |

7
docs/releases/2.0.0-rc.1/publication-readiness.md
View File

@@ -24,9 +24,10 @@ For the May 16 queue cleanup, recsys skill merge, GateGuard issue triage,
AgentShield #87 plugin-cache runtime-confidence evidence, AgentShield #88
evidence-pack inspect/readback, AgentShield #89 evidence-pack fleet routing,
AgentShield #90 fleet review items, AgentShield #91 checksum-backed policy
export, ECC-Tools #76 fleet-summary consumption, ECC-Tools #77 hosted finding
evidence paths, ECC-Tools #78 harness policy-route linking, operator dashboard
refresh, and combined final-gate rerun on current `main`, see
export, AgentShield #92 checksum-verified policy promotion, ECC-Tools #76
fleet-summary consumption, ECC-Tools #77 hosted finding evidence paths,
ECC-Tools #78 harness policy-route linking, operator dashboard refresh, and
combined final-gate rerun on current `main`, see
[`publication-evidence-2026-05-16.md`](publication-evidence-2026-05-16.md).
For the operator-facing prompt-to-artifact readiness dashboard from the same
May 16 pass, see