mirror of
https://github.com/affaan-m/everything-claude-code.git
synced 2026-06-10 18:23:12 +08:00
Compare commits
1 Commits
fix/cost-t
...
pr-2011-ga
| Author | SHA1 | Date | |
|---|---|---|---|
|
2cca4be369 |
@@ -17,100 +17,11 @@ The May 19 release/growth execution map lives at
|
||||
It is the operator surface for the final ECC 2.0 repo identity, video suite,
|
||||
partner/sponsor funnel, consulting/talk funnel, and social launch plan.
|
||||
|
||||
## 2026-05-20 Delta
|
||||
|
||||
- The tracked platform audit is still green on May 20 with 0 open PRs,
|
||||
0 open issues, 0 discussion maintainer-touch gaps, 0 answerable Q&A gaps,
|
||||
0 conflicting PRs, and 0 blocking dirty files across `affaan-m/ECC`,
|
||||
`affaan-m/agentshield`, `affaan-m/JARVIS`, `ECC-Tools/ECC-Tools`, and
|
||||
`ECC-Tools/ECC-website`.
|
||||
- The new #2015 setup-location Q&A was answered and marked accepted. The
|
||||
answer keeps install guidance conservative: do not install into `C:\`; use a
|
||||
normal workspace, install the `ecc@ecc` Claude plugin once, copy only needed
|
||||
rule folders when using manual rules, and avoid stacking plugin plus full
|
||||
manual install.
|
||||
- ECC-Tools PRs #80-#88 landed the next hosted-platform batch: runtime
|
||||
receipts now require failure reasons; AgentShield fleet approval IDs survive
|
||||
hosted security review and render into comments/check-runs; Linear follow-up
|
||||
sync reuses deterministic external IDs; hosted AgentShield remediation items
|
||||
sync to Linear; hosted job observability events are emitted for queued,
|
||||
completed, blocked, failed, and budget-blocked states; and both hosted job
|
||||
status comments and hosted depth-plan check-runs read back recent
|
||||
observability/budget events. PR #88 adds the authenticated observability API
|
||||
readback for operator dashboards and production smoke tests.
|
||||
- AgentShield PR #94 landed the next cross-harness adapter slice: Zed and
|
||||
VS Code are first-class adapter detections, `.zed/settings.json` and
|
||||
`.zed/tasks.json` are discoverable scan inputs, and `.zed/setup.mjs` now
|
||||
trips the same AI-tool persistence IOC rule as `.vscode/setup.mjs`.
|
||||
- AgentShield PR #95 cleared the remaining default-branch Dependabot alert by
|
||||
moving transitive `brace-expansion` 5.x lockfile entries to `5.0.6`; the
|
||||
post-merge Dependabot open-alert API now returns `[]`, and local
|
||||
`npm audit --audit-level=moderate` returns 0 vulnerabilities.
|
||||
- ECC PR #2019 merged the Marketplace Pro selected-target release-gate sync
|
||||
into this repo as `30f60710d4e0424fc70d9bbdc105009db141d9d8`. The post-merge
|
||||
main CI run `26135974576` completed green across lint, coverage, security,
|
||||
validation, and the full OS/package-manager matrix.
|
||||
- ECC PR #2020 merged the selected-target announcement-gate mirror as
|
||||
`c2471fe5c535310f8a8008c9ed7ea9f6757b33f2`. The post-merge main CI run
|
||||
`26136949698` completed green across lint, coverage, security, validation,
|
||||
and the full OS/package-manager matrix.
|
||||
- ECC-Tools PR #90 added the selected-target official announcement gate for
|
||||
`billing:announcement-gate -- --select-ready-target`; safe production
|
||||
preflight no longer requires a raw GitHub login and now blocks only on the
|
||||
local/internal `INTERNAL_API_SECRET` input before live execution.
|
||||
- ECC-Tools PR #91 added `--env-file` support to both billing gate scripts so
|
||||
ignored local operator credential files can supply `INTERNAL_API_SECRET`,
|
||||
Cloudflare auth, Wrangler auth mode, or target fallbacks without printing
|
||||
secret contents. Verify, Security Audit, and Workers Builds passed before
|
||||
merge as `72119a1`, and main CI run `26137280847` completed successfully after
|
||||
merge.
|
||||
- ECC-Tools PR #92 added a non-breaking `INTERNAL_OPERATOR_API_SECRET` bearer
|
||||
accepted by privileged internal API routes without rotating the existing
|
||||
`INTERNAL_API_SECRET`; Verify, Security Audit, and Workers Builds passed
|
||||
before merge as `18d80197be779619283e0b37e2952bac53819a07`, and the merged
|
||||
Worker was deployed to `api.ecc.tools`.
|
||||
- The May 20 live native-payments gate now passes: the vault-backed Wrangler
|
||||
readback selected a ready Marketplace Pro target with fingerprint
|
||||
`e953a74209fe`, both key families present, webhook evidence ready, 0 KV
|
||||
blockers, and the official
|
||||
`npm run billing:announcement-gate -- --select-ready-target` returned
|
||||
`announcementGateReady: true`, 0 required actions, 0 blockers, and audit
|
||||
summary 6 pass / 1 warn / 0 fail through the new operator bearer path.
|
||||
- ECC-Tools PR #93 recorded that live billing evidence in the app launch
|
||||
checklist and distribution roadmap as
|
||||
`d3d62df83fa075660fa4530c3e0edc311a4355fe`; public native-payments copy is no
|
||||
longer blocked by billing evidence, but publication timing remains behind the
|
||||
final release, plugin, live URL, and owner-approval gates.
|
||||
- Linear ITO-54 and the ECC Platform Roadmap now have the May 20 ECC-Tools
|
||||
hosted observability update comments
|
||||
`74dcc101-3be5-4173-be13-62b80d54f569` and
|
||||
`348ea8f5-2a2d-46d9-a0fe-ed99653e7fe5`, after earlier PR #84/#85 comments
|
||||
recorded remediation sync and hosted observability events. PR #88 is recorded
|
||||
in Linear comments `291e2a4b-06e3-4672-a057-cdb141478161` and
|
||||
`b2d35de0-ca49-44cb-982a-ddec229e7691`; AgentShield #94 is recorded in
|
||||
ITO-49 comment `faed69dd-35f5-469d-acb5-ddde6a70d6a1` and project comment
|
||||
`70187c1e-d481-4181-b418-09bd65d54b5e`; AgentShield #95 is recorded in
|
||||
ITO-49 comment `371fc3e4-611f-4d20-a23f-67db1260b418`, ITO-57 comment
|
||||
`bd06e252-15c1-4256-b667-caa3f64f5968`, and project comment
|
||||
`22c2c388-2fd1-4dea-a939-6141f40c9a21`.
|
||||
- Linear ITO-61 and the ECC Platform Roadmap now have the May 20 Marketplace
|
||||
Pro release-gate comments `467d148a-712a-4777-aad9-95593e9f1739` and
|
||||
`7642ee9c-3107-400c-a229-53e2895a8914`, recording ECC-Tools #89, ECC #2019,
|
||||
the green post-merge CI run, and the remaining internal bearer-token gate.
|
||||
The repo mirror now also records ECC-Tools #90 and #91 as the selected-target
|
||||
announcement gate and billing gate env-file operator-path follow-up.
|
||||
|
||||
## 2026-05-19 Delta
|
||||
|
||||
- The public repo identity is now `affaan-m/ECC`; release, package, plugin,
|
||||
workflow, and launch-copy surfaces should use that URL for current public
|
||||
links.
|
||||
- The late May 19 queue drain added the deterministic `release:approval-gate`
|
||||
on ECC `main`, merged ECC-Tools billing-announcement redaction hardening, and
|
||||
cleared the JARVIS Dependabot/deploy repair tail. The tracked platform audit
|
||||
is now green with 0 open PRs, 0 open issues, and 0 discussion gaps across all
|
||||
five tracked repos, but release/publication actions remain owner and live-URL
|
||||
gated.
|
||||
- The ECC 2.0 release story should lead with the product shape directly:
|
||||
harness-native operator system, reusable skills/rules/hooks/MCP conventions,
|
||||
`ecc2/` alpha control plane, Hermes as optional operator shell, and ECC Tools
|
||||
@@ -121,15 +32,16 @@ partner/sponsor funnel, consulting/talk funnel, and social launch plan.
|
||||
|
||||
## Current Evidence
|
||||
|
||||
As of 2026-05-20:
|
||||
As of 2026-05-19:
|
||||
|
||||
- GitHub queues are clean across `affaan-m/ECC`,
|
||||
`affaan-m/agentshield`, `affaan-m/JARVIS`, `ECC-Tools/ECC-Tools`, and
|
||||
`ECC-Tools/ECC-website`: the latest `platform-audit` sweep found 0 open PRs,
|
||||
0 open issues, 0 discussion maintainer-touch gaps, 0 answerable Q&A missing
|
||||
accepted answers, and 0 blocking dirty files. The current
|
||||
`scripts/work-items.js list --json` output also reports `totalCount: 0`, so
|
||||
there are no open or blocked local work items in the SQLite bridge.
|
||||
accepted answers, and 0 blocking dirty files when allowing the unrelated
|
||||
local `docs/drafts/` directory. The May 18 sync also refreshed
|
||||
`scripts/work-items.js sync-github` across all five tracked repos, leaving
|
||||
no open or blocked local work items.
|
||||
- Owner-wide queue cleanup is also inside the requested budget:
|
||||
`docs/releases/2.0.0-rc.1/owner-queue-cleanup-2026-05-18.md` records the
|
||||
live `gh search` sweep that closed 24 stale dependency-bot PRs and 72 stale
|
||||
@@ -139,10 +51,9 @@ As of 2026-05-20:
|
||||
now at 0 open PRs and 0 open issues by live `gh search`. Archived repos
|
||||
touched during closure were restored to archived state.
|
||||
- GitHub discussions are current across those tracked repos:
|
||||
`affaan-m/ECC` has 60 total discussions and 0 without
|
||||
`affaan-m/ECC` has 59 total discussions and 0 without
|
||||
maintainer touch after the May 19 #2003 AURA integration proposal was routed
|
||||
as an external-adapter proposal, not core wallet/escrow coupling, and the
|
||||
May 20 #2015 setup-location Q&A was answered and accepted; AgentShield,
|
||||
as an external-adapter proposal, not core wallet/escrow coupling; AgentShield,
|
||||
JARVIS, ECC Tools, and the ECC Tools website have discussions disabled or 0
|
||||
total discussions. `docs/architecture/discussion-response-playbook.md` now
|
||||
supplies the ITO-59 response categories, public templates, security-escalation
|
||||
@@ -173,56 +84,24 @@ As of 2026-05-20:
|
||||
- `docs/releases/2.0.0-rc.1/publication-evidence-2026-05-19.md` records the
|
||||
current May 19 queue-zero state, canonical ECC identity merge, release video
|
||||
suite gate, partner/sponsor/talk outreach pack, owner approval packet
|
||||
(`owner-approval-packet-2026-05-19.md`), current preview-pack smoke digest
|
||||
`eebb8a66c33e`, local 2568-test suite, PR #2001 merge and GitHub Actions run
|
||||
(`owner-approval-packet-2026-05-19.md`), preview-pack smoke digest
|
||||
`790430aef4a8`, local 2550-test suite, PR #2001 merge and GitHub Actions run
|
||||
`26102500291` success, PR #2002's owner-approval dashboard gate refresh and
|
||||
GitHub Actions run `26103853507`, PR #2004's Linear readiness evidence sync
|
||||
and GitHub Actions run `26105012698`, plus PR #2005's post-PR #2004
|
||||
evidence refresh and GitHub Actions run `26106321921`, PR #2008's supply-chain
|
||||
evidence gate fix and GitHub Actions run `26108473648`, post-PR #2006 main CI
|
||||
run `26109953093`, and PR #2009's project-registry hygiene GitHub Actions run
|
||||
`26111313938`, post-PR #2009 main CI run `26111946778`, post-PR #2011
|
||||
GateGuard main CI run `26113695068`, and post-PR #2013 release-approval-gate
|
||||
main CI run `26128749863`. The late May 19 sync target also includes
|
||||
ECC-Tools PR #79 billing-announcement redaction hardening and JARVIS PR #15
|
||||
/ PR #16 queue/deploy repair, with JARVIS main CI, CodeQL, and Deploy green
|
||||
after the workflow repair. The Linear external project status surface now has
|
||||
both the post-PR #2002 sync document and the late-pass document
|
||||
`ecc-may-19-late-queue-zero-and-release-gate-sync-1c26f65e6b3f`, plus project
|
||||
comment `d42bf0e2-7a8e-4934-9f3f-e281498ee805`. The supply-chain gate now
|
||||
also records the `@types/node@25.7.0` pin and `brace-expansion` lock refresh
|
||||
needed for current npm audit/signature verification.
|
||||
- The May 20 ECC-Tools hosted-platform pass extends that evidence with PR #80
|
||||
through PR #88, all merged after green GitHub Verify/Security Audit/Workers
|
||||
Builds checks. Local validation for the final depth-plan observability slice
|
||||
passed the focused hosted depth-plan route test, the full route suite
|
||||
(89/89), typecheck, lint, full ECC-Tools Vitest suite (683/683), and
|
||||
`git diff --check`. PR #88 additionally exposes authenticated hosted
|
||||
observability readback at `/api/analysis/observability` for operator
|
||||
dashboards and production smoke tests; its local verification passed
|
||||
typecheck, lint, the full ECC-Tools Vitest suite (686/686), and
|
||||
`git diff --check`.
|
||||
- AgentShield PR #94 adds Zed and VS Code to the first-class adapter registry
|
||||
after local verification with typecheck, lint, the focused core scanner/rule
|
||||
tests, full `npm test` (1822 tests), `npm run build`, and `git diff --check`.
|
||||
GitHub checks passed across GitGuardian, scan suite, self-scan,
|
||||
self-scan examples, Node 18/20/22 CI, CodeRabbit, and Cubic after rerunning a
|
||||
transient GitHub artifact-upload failure.
|
||||
- AgentShield PR #95 resolves Dependabot #20 / `GHSA-jxxr-4gwj-5jf2` /
|
||||
`CVE-2026-45149` by updating the vulnerable `brace-expansion` 5.x
|
||||
transitive lockfile entries to `5.0.6`. Local validation passed
|
||||
`npm audit --audit-level=moderate`, typecheck, lint, full `npm test`
|
||||
(1822 tests), build, and whitespace checks; GitHub checks passed across
|
||||
Verify Node 18/20/22, self-scan, self-scan examples, Test GitHub Action,
|
||||
GitGuardian, CodeRabbit, and Cubic.
|
||||
- `docs/releases/2.0.0-rc.1/operator-readiness-dashboard-2026-05-20.md`
|
||||
evidence refresh and GitHub Actions run `26106321921`. The May 19 Linear
|
||||
sync document remains the current external project status surface, and the
|
||||
supply-chain gate now also records the `@types/node@25.7.0` pin and
|
||||
`brace-expansion` lock refresh needed for current npm audit/signature
|
||||
verification.
|
||||
- `docs/releases/2.0.0-rc.1/operator-readiness-dashboard-2026-05-19.md`
|
||||
regenerates the ITO-44 prompt-to-artifact dashboard from live platform audit
|
||||
evidence: PR queue, issue queue, discussion queue, local worktree gate,
|
||||
dashboard generation, and supply-chain loop are current; the dashboard now
|
||||
also tracks the `$1,728/mo` to `$10,000/mo` hypergrowth baseline, release
|
||||
video-suite lane, partner/sponsor/talk outbound pack, and owner approval
|
||||
packet; publication, plugin, billing, AgentShield, ECC Tools, Linear release
|
||||
gate sync, and final outbound approval remain the next work.
|
||||
packet; publication, plugin, billing, AgentShield, ECC Tools, and final
|
||||
outbound approval remain the next work.
|
||||
- `docs/releases/2.0.0-rc.1/publication-evidence-2026-05-17.md` records the
|
||||
May 17 queue-zero state, Japanese localization merge, Dependabot TypeScript
|
||||
and Node type merges, post-merge ja-JP lint repair, Mini Shai-Hulud/TanStack
|
||||
@@ -504,47 +383,13 @@ As of 2026-05-20:
|
||||
`brace-expansion@5.0.6` and fixed Dependabot alert 44 for CVE-2026-45149;
|
||||
GitHub API reported `state: fixed` at `2026-05-18T19:10:15Z` and current-head
|
||||
CI `26054671308` passed.
|
||||
- ECC-Tools PR #89 merged as `512bca6b99cdaa67058a6aa9a4e7e7f0b1d9873a`
|
||||
and adds
|
||||
`npm run billing:kv-readback -- --select-ready-target --require-ready` so
|
||||
operators can prove a ready Marketplace Pro account without passing or
|
||||
printing the login. The 2026-05-20 production Wrangler OAuth readback found
|
||||
ready-like Marketplace Pro records with webhook provenance and 0 parse
|
||||
failures. The selected target report printed only a stable fingerprint,
|
||||
confirmed both key families, `marketplace` source, `pro` tier, seat ready,
|
||||
webhook evidence ready, automatic overage disabled, and 0 blockers. The old
|
||||
"no Marketplace-managed Pro target billing-state" blocker is cleared. Linear
|
||||
comment `f14ed2fe-a219-470c-8119-63429e197027` records the redacted readback
|
||||
counts.
|
||||
- ECC-Tools PR #90 merged as
|
||||
`16a5bb33ee5ce7c31d2ad8d041e5afac03308f05` after Verify, Security Audit,
|
||||
and Workers Builds passed. It adds the selected-target official announcement
|
||||
gate through `/api/billing/readiness?selectReadyTarget=1` and
|
||||
`npm run billing:announcement-gate -- --select-ready-target`, so operators no
|
||||
longer need to pass or print a raw GitHub login for the official
|
||||
native-payments gate. The 2026-05-20 safe production preflight requested a
|
||||
selected ready target and narrowed the remaining blocker to the missing
|
||||
local/internal `INTERNAL_API_SECRET` bearer token. Native-payments copy remains
|
||||
blocked until that token path is available and the live
|
||||
`billing:announcement-gate -- --select-ready-target` call passes.
|
||||
- ECC-Tools PR #91 merged as `72119a1acc6f5a0cd3bb5d90afd6e87fd1fefd05`
|
||||
after Verify, Security Audit, and Workers Builds passed. It adds the billing
|
||||
gate env-file operator path with `--env-file` support for the announcement
|
||||
gate and KV readback scripts, plus sentinel tests proving loaded secrets and
|
||||
account logins are not printed.
|
||||
- ECC-Tools PR #92 merged as `18d80197be779619283e0b37e2952bac53819a07` after
|
||||
Verify, Security Audit, and Workers Builds passed. It adds the optional
|
||||
`INTERNAL_OPERATOR_API_SECRET` recovery bearer so operators can run privileged
|
||||
internal readiness gates without replacing the primary `INTERNAL_API_SECRET`;
|
||||
the merged Worker was deployed to `api.ecc.tools` before the live gate run.
|
||||
- ECC-Tools PR #93 merged as `d3d62df83fa075660fa4530c3e0edc311a4355fe` after
|
||||
Verify, Security Audit, and Workers Builds passed. It records the live
|
||||
2026-05-20 billing evidence in the app launch checklist and roadmap:
|
||||
selected ready Marketplace Pro target, fingerprint `e953a74209fe`, 0 KV
|
||||
blockers, preflight ready, `announcementGateReady: true`, 0 required actions,
|
||||
0 blockers, and audit summary 6 pass / 1 warn / 0 fail. Native-payments copy
|
||||
is no longer blocked by billing evidence, but final announcement timing still
|
||||
requires the release, plugin, live URL, and owner-approval gates.
|
||||
- The latest ITO-61 readback retry narrowed the blocker: Wrangler OAuth now
|
||||
works, the safe aggregate readback has 0 parse failures and still reports 0
|
||||
Marketplace Pro records, and `billing:announcement-gate -- --preflight` is
|
||||
missing the target Marketplace account plus `INTERNAL_API_SECRET`.
|
||||
Native-payments copy remains blocked until the target Pro readback and live
|
||||
announcement gate pass. Linear comment
|
||||
`6904e4fb-bec7-4787-90e2-759f077a628c` records the redacted readback counts.
|
||||
- Handoff `ecc-supply-chain-audit-20260513-0645.md` under
|
||||
`~/.cluster-swarm/handoffs/`
|
||||
records the May 13 supply-chain sweep: no active lockfile/manifest hit for
|
||||
@@ -803,44 +648,6 @@ As of 2026-05-20:
|
||||
fleet summaries are collected as harness evidence, target paths are mapped to
|
||||
Claude, Codex, OpenCode, MCP, plugin, and cross-harness owners, and routed
|
||||
findings carry source evidence paths for operator review.
|
||||
- ECC-Tools PR #79 merged as `67ee247ae1b7b50ecc1261ed5d62d65cc8390da8`
|
||||
and redacts billing announcement gate account output: the billing preflight
|
||||
and live readback now print stable account fingerprints and sanitized
|
||||
readiness booleans instead of raw account logins or KV key names.
|
||||
- ECC-Tools PR #80 merged as `4efc8cc858022f84c844690f3298633b081c4398`
|
||||
and requires runtime receipt failure reasons before harness runtime receipts
|
||||
can count as hosted observability evidence.
|
||||
- ECC-Tools PR #81 merged as `1fbf635f492284f75ba7166c029c39eb8cc15794`
|
||||
and preserves AgentShield fleet approval IDs through hosted security review
|
||||
so policy-promotion follow-ups keep owner-review identity stable.
|
||||
- ECC-Tools PR #82 merged as `7a7b4d096a176ae80b3a2076c09d45601e36013a`
|
||||
and renders AgentShield fleet approval IDs in hosted comments and check-runs,
|
||||
giving operators a direct bridge from hosted security review back to
|
||||
AgentShield policy-promotion review items.
|
||||
- ECC-Tools PR #83 merged as `b6b107f33961bef18a85fb619f3a976eb5d752dd`
|
||||
and makes Linear follow-up sync reuse deterministic external IDs before title
|
||||
fallback, preventing duplicate deferred backlog issues during repeated
|
||||
`/ecc-tools followups sync-linear` runs.
|
||||
- ECC-Tools PR #84 merged as `73bac7058071c55cb30c6b8ac6db779b3660c02c`
|
||||
and syncs hosted AgentShield remediation items to Linear when the workspace
|
||||
token/team are configured; hosted result comments now include created/reused
|
||||
Linear remediation links.
|
||||
- ECC-Tools PR #85 merged as `1637e0f2bfa0a889387f2c20675680ccc5528123`
|
||||
and emits hosted job observability events for queued, completed, blocked,
|
||||
failed, and budget-blocked states into `ANALYSIS_CACHE`, including budget
|
||||
snapshots and result counts.
|
||||
- ECC-Tools PR #86 merged as `5a9e94d3ff860307c3e7fd9fd065f0de2bd633dd`
|
||||
and reads recent hosted observability events in
|
||||
`/ecc-tools analyze --job status`, so status comments show budget snapshots,
|
||||
blocked results, and budget-blocked outcomes alongside latest job runs.
|
||||
- ECC-Tools PR #87 merged as `508fbc02b63cf1fcb5af2f3624608fa66e53b5d4`
|
||||
and adds the same hosted observability readback to hosted depth-plan
|
||||
check-runs, keeping the PR check surface aligned with status comments.
|
||||
- ECC-Tools PR #88 merged as `c836ac3fb24ed7e2ae38cd61e41c9651ac9c00f8`
|
||||
and exposes authenticated hosted observability API readback at
|
||||
`/api/analysis/observability`, summarizing recent hosted events by event type
|
||||
and job while skipping malformed stale KV records. The deployment runbook now
|
||||
includes the production smoke command for operator/dashboard readback.
|
||||
- AgentShield PR #90 merged as `6d1c57c92000541d65a3b6bc366f0322d7d0dacc`
|
||||
and adds durable fleet `reviewItems`: `agentshield evidence-pack fleet --json`
|
||||
now returns owner-ready review items with route, severity, repository/target
|
||||
@@ -857,16 +664,6 @@ As of 2026-05-20:
|
||||
policy SHA-256 digest, rejects tampered policy JSON, requires explicit pack
|
||||
selection for multi-pack manifests, and supports dry-run JSON review before
|
||||
writing the active `.agentshield/policy.json`.
|
||||
- AgentShield PR #94 merged as `4caee27acfadb50a4cd024e738b5c3cbd4b0bb03`
|
||||
and adds editor-native adapter coverage for Zed and VS Code. Zed
|
||||
`.zed/settings.json`, `.zed/tasks.json`, and `.zed` hook-code files are now
|
||||
scan inputs, adapter reports expose Zed MCP/tool-permission/task metadata and
|
||||
VS Code workspace/task/extension metadata, and `.zed/setup.mjs` is covered by
|
||||
the AI-tool persistence IOC rule.
|
||||
- AgentShield PR #95 merged as `25d91f0002214c408da4ceaac7def20bad40ca10`
|
||||
and clears the `brace-expansion` Dependabot alert. The lockfile now resolves
|
||||
the vulnerable transitive 5.x copies to `5.0.6`; the remaining 1.x copy is
|
||||
outside the advisory range.
|
||||
- AgentShield main commit `87aec47fb55d04ea28d494852d4f664c268c5601`
|
||||
extends policy promotion with durable `reviewItems` for manifest digest
|
||||
evidence, policy-owner approval, protected rollout PR handoff, and runtime
|
||||
@@ -932,7 +729,7 @@ As of 2026-05-20:
|
||||
|
||||
- Keep public PRs and issues below 20, with zero as the preferred release-lane
|
||||
target.
|
||||
- Maintain 80/80 harness audit and 21/21 observability readiness after every
|
||||
- Maintain 70/70 harness audit and 21/21 observability readiness after every
|
||||
GA-readiness batch.
|
||||
- Do not publish release or social announcements until the GitHub release,
|
||||
npm/package state, billing state, and plugin submission surfaces are verified
|
||||
@@ -940,9 +737,7 @@ As of 2026-05-20:
|
||||
- Do not treat closed stale PRs as discarded. Pair each cleanup batch with a
|
||||
salvage pass: inspect the closed diffs, port useful compatible work on
|
||||
maintainer-owned branches, and credit the source PR.
|
||||
- Use Linear project documents/comments for project-level updates because
|
||||
project status updates are disabled in this workspace; create or update
|
||||
issues when a lane needs a durable execution owner.
|
||||
- Do not create new Linear issues until the active issue limit is cleared.
|
||||
|
||||
## Prompt-To-Artifact Execution Checklist
|
||||
|
||||
@@ -951,23 +746,23 @@ is not complete unless the evidence column exists and has been freshly verified.
|
||||
|
||||
| Prompt requirement | Required artifact or gate | Current evidence | Status |
|
||||
| --- | --- | --- | --- |
|
||||
| Keep public PRs below 20 | Repo-family PR recheck | 0 open PRs across `ECC`, AgentShield, JARVIS, `ECC-Tools/ECC-Tools`, and `ECC-Tools/ECC-website` on the late 2026-05-19 platform audit after merging ECC PR #2013, ECC-Tools PR #79, JARVIS PR #15, and JARVIS PR #16 | Complete |
|
||||
| Keep public PRs below 20 | Repo-family PR recheck | 0 open PRs across `ECC`, AgentShield, JARVIS, `ECC-Tools/ECC-Tools`, and `ECC-Tools/ECC-website` on 2026-05-19 after merging PR #2004 and refreshing platform audit evidence | Complete |
|
||||
| Keep public issues below 20 | Repo-family issue recheck | 0 open issues across `ECC`, AgentShield, JARVIS, `ECC-Tools/ECC-Tools`, and `ECC-Tools/ECC-website` on 2026-05-19 after the live platform audit refresh | Complete |
|
||||
| Manage repository discussions | Repo-family discussion recheck plus response playbook | Platform audit reports 0 discussion maintainer-touch gaps and 0 answerable Q&A missing accepted answers; trunk has 59 total discussions after #2003 was routed with a maintainer response; `docs/architecture/discussion-response-playbook.md` distinguishes support, maintainer coordination, stale/concluded, release, informational, and security-sensitive response paths | Complete |
|
||||
| Manage PR discussions | PR review/comment closure plus merge/close state | ECC #1990-#2013 merged through the harness audit, canonical identity, release video suite, growth outreach, evidence refresh, visual QA, suite-count, owner-approval packet, owner-approval dashboard gate, Linear readiness evidence, supply-chain evidence gate, per-project Claude Code adapter, continuous-learning project-registry hygiene, GateGuard quoted git introspection, and deterministic release-approval gate batch; ECC-Tools #79 and JARVIS #15/#16 also merged; no open tracked PRs remain | Complete |
|
||||
| Manage PR discussions | PR review/comment closure plus merge/close state | ECC #1990-#2004 merged through the harness audit, canonical identity, release video suite, growth outreach, evidence refresh, visual QA, suite-count, owner-approval packet, owner-approval dashboard gate, and Linear readiness evidence batch; no open tracked PRs remain | Complete |
|
||||
| Salvage useful stale work | `docs/stale-pr-salvage-ledger.md` plus `docs/legacy-artifact-inventory.md` | Ledger records salvaged, superseded, skipped, and manual-review tails; #1815-#1818 added cost tracking, skill scout, frontend design guidance, code-reviewer false-positive guardrails, and the May 12 gap pass; #1687, #1609, #1563, #1564, and #1565 localization tails are attached to Linear ITO-55 for language-owner review and no automatic import remains release-blocking | Complete; repeat legacy scan before release |
|
||||
| ECC 2.0 preview pack ready | Release docs, quickstart, publication readiness, release notes | `docs/releases/2.0.0-rc.1/` and readiness docs are in-tree; May 19/20 evidence records queue-zero state, canonical ECC identity, release video suite, growth outreach pack, owner approval packet, local 2568-test suite, PR #2001 merge and GitHub Actions run `26102500291`, PR #2002 owner-approval dashboard gate refresh and GitHub Actions run `26103853507`, PR #2004 Linear readiness evidence sync and GitHub Actions run `26105012698`, PR #2008 supply-chain evidence gate CI run `26108473648`, post-PR #2006 main CI run `26109953093`, PR #2009 project-registry hygiene GitHub Actions run `26111313938`, post-PR #2009 main CI run `26111946778`, post-PR #2011 GateGuard main CI run `26113695068`, post-PR #2013 release-approval main CI run `26128749863`, post-PR #2019 main CI run `26135974576`, post-PR #2020 main CI run `26136949698`, ECC-Tools #91 main CI run `26137280847`, May 20 operator dashboard, `owner-approval-packet-2026-05-19.md`, `release-approval-gate.js`, and preview-pack smoke digest `eebb8a66c33e` | Needs final release approval |
|
||||
| ECC 2.0 preview pack ready | Release docs, quickstart, publication readiness, release notes | `docs/releases/2.0.0-rc.1/` and readiness docs are in-tree; May 19 evidence records queue-zero state, canonical ECC identity, release video suite, growth outreach pack, owner approval packet, local 2550-test suite, PR #2001 merge and GitHub Actions run `26102500291`, PR #2002 owner-approval dashboard gate refresh and GitHub Actions run `26103853507`, PR #2004 Linear readiness evidence sync and GitHub Actions run `26105012698`, May 19 operator dashboard, `owner-approval-packet-2026-05-19.md`, and preview-pack smoke digest `790430aef4a8` | Needs final release approval |
|
||||
| Hermes specialized skills included safely | Hermes setup/import docs and sanitized skill surface | Hermes setup and import playbook are public; secrets stay local | Needs final release review |
|
||||
| Naming and rename readiness | Naming matrix across package/plugin/docs/social surfaces | `docs/releases/2.0.0-rc.1/naming-and-publication-matrix.md` records current package, repo, Claude plugin, Codex plugin, OpenCode, and npm availability evidence | Complete for rc.1; post-rc rename remains future work |
|
||||
| Claude and Codex plugin publication | Contact/submission path with required artifacts and status | Publication readiness, naming matrix, and May 12 dry-run evidence document plugin validation, clean-checkout Claude tag/install smoke, and Codex marketplace CLI shape | Needs explicit approval for real tag/push and marketplace submission |
|
||||
| Articles, tweets, and announcements | X thread, LinkedIn copy, GitHub release copy, push checklist, partner/sponsor/talk pack | Draft launch collateral and approval-gated outreach copy exist under rc.1 release docs | Needs URL-backed refresh and human approval before posting or sending |
|
||||
| AgentShield enterprise iteration | Policy gates, SARIF, packs, provenance, corpus, HTML reports, exception lifecycle audit, baseline drift Action/CLI surfaces, evidence-pack redaction, harness adapter registry, editor-native Zed/VS Code adapter coverage, Dependabot alert closure, enterprise research roadmap, supply-chain hardened release path, CI-safe baseline fingerprints, corpus accuracy recommendations, remediation workflow phases, env proxy hijack corpus coverage, Mini Shai-Hulud full-campaign package IOCs, CI-provenance evidence packs, plugin-cache runtime-confidence triage, evidence-pack consumer readback, fleet-level evidence-pack routing, fleet review items, fleet review ticket payloads, checksum-backed policy export, checksum-verified policy promotion, policy promotion review items, package-manager hardening drift detection, npm age-gate guidance correction, workflow action-runtime pin refresh, package-manager hardening Action outputs, policy-promotion Action outputs, ECC-Tools hosted consumption of promotion Action outputs, ECC-Tools operator-visible promotion output values, and ECC-Tools hosted promotion judge audit traces | PRs #53, #55-#64, #67-#69, #78-#92, #94, and #95 landed with test evidence, ECC-Tools #76 consumes the fleet-summary output in hosted security review, #77 surfaces source evidence paths in hosted finding output, and #78 links fleet routes to harness owner review; AgentShield #91 adds `agentshield policy export` bundles for branch-protection review and downstream promotion; AgentShield #92 adds `agentshield policy promote` with digest verification, tamper rejection, explicit pack selection, dry-run review, and JSON output before writing active policy; AgentShield #94 adds Zed/VS Code adapter detection, `.zed/settings.json` and `.zed/tasks.json` scan discovery, and `.zed/setup.mjs` AI-tool persistence IOC coverage; AgentShield #95 clears the `brace-expansion` Dependabot alert with a patched lockfile and 0 open Dependabot alerts after merge; AgentShield commit `87aec47` adds `reviewItems` for digest evidence, owner review, protected rollout PR handoff, and runtime smoke testing with green local and remote CI; AgentShield commit `28d08c7` adds package-manager hardening drift detection for plaintext registry credentials, lifecycle-script enablement, and weak pnpm/Yarn release-age cooldowns with green local and remote CI; AgentShield commit `659f569` refreshes all workflow action runtime pins to SHA-pinned checkout v6.0.2 and setup-node v6.4.0 with green remote CI and no remaining action-runtime deprecation annotation; AgentShield commit `ee585cd` corrects npm release-age guidance by flagging unsupported npm age keys and keeping enforceable cooldown findings on pnpm/Yarn with green local and remote CI; AgentShield commit `1124535` exposes package-manager hardening status/count outputs and a redacted job-summary section for registry credentials, lifecycle scripts, and release-age gates with green local and remote CI; AgentShield commit `1593925` exposes policy-promotion status/count/digest outputs plus job-summary review items for owner approval, protected rollout, and runtime smoke, and marks runtime smoke verified when the same Action job scans with the promoted policy; AgentShield commit `840952a` adds Linear/operator-ready fleet review ticket payloads and expands current Mini Shai-Hulud IOC breadcrumbs with green local and remote CI; ECC-Tools commit `8658951` routes those policy-promotion Action outputs into hosted security review findings and Hosted Promotion Readiness scoring; ECC-Tools commit `16c537f` renders policy-promotion status, pack, review item count, action-required count, and digest in hosted security job comments/check-runs; ECC-Tools commit `05d4e82` renders hosted promotion judge request fingerprints and allowed-citation counts without raw provider output; native PDF export deferred in favor of self-contained HTML plus print-to-PDF until explicit enterprise demand appears; `docs/architecture/agentshield-enterprise-research-roadmap.md` now has baseline drift, evidence-pack bundle, redaction, adapter-registry, supply-chain hardening, hashed baseline fingerprints, corpus accuracy recommendation, remediation workflow, env proxy hijack corpus, Mini Shai-Hulud full-campaign package-table, `ci-context.json` provenance, `plugin-cache` confidence, `evidence-pack inspect` readback, `evidence-pack fleet` routing, fleet `reviewItems`, fleet review ticket payloads, policy export, policy promotion, policy promotion `reviewItems`, package-manager hardening Action outputs, policy-promotion Action outputs, hosted consumption of promotion Action outputs, operator-visible promotion output values, hosted promotion judge audit traces, editor-native adapter coverage, and Dependabot closure landed | Next workflow automation should deepen live operator approval/readback after Marketplace/payment gates |
|
||||
| ECC Tools next-level app | Billing audit, PR checks, deep analyzer, sync backlog, evaluator/RAG corpus, hosted promotion judge audit trace, native-payments readback, ready Marketplace Pro target selection, selected-target announcement gate, billing gate env-file operator path, hosted observability, AgentShield fleet-summary hosted routing, hosted finding evidence paths, harness-route policy linking, policy-promotion Action-output hosted telemetry, and operator-visible promotion output values | PRs #26-#43 plus #53-#93 landed with test evidence across hosted analysis, hosted promotion readiness, model-judge execution, native-payments announcement gating, AgentShield evidence consumption, hosted remediation/Linear sync, hosted observability readback, ready Marketplace Pro target selection, selected-target official announcement gating, and env-file operator loading; ECC-Tools #89 merged as `512bca6` after Verify, Security Audit, and Workers Builds passed, and the 2026-05-20 production Wrangler OAuth readback found ready-like Marketplace Pro records with webhook provenance, selected a target with both key families, and reported 0 blockers without printing the login; ECC-Tools #90 merged as `16a5bb3` after Verify, Security Audit, and Workers Builds passed, and production preflight now requests `/api/billing/readiness?selectReadyTarget=1` without a raw login; ECC-Tools #91 merged as `72119a1` with `--env-file` support for ignored local billing credentials and sentinel no-secret/no-login output tests; ECC-Tools #92 merged as `18d8019`, deployed the non-breaking `INTERNAL_OPERATOR_API_SECRET` path to `api.ecc.tools`, and the 2026-05-20 live selected-target gate returned `announcementGateReady: true` with 0 required actions and 0 blockers; ECC-Tools #93 merged as `d3d62df` to record the live billing evidence in the app launch checklist and roadmap | Repeat KV readback and selected-target announcement gate immediately before launch; keep native-payments copy behind final release, plugin, live URL, and owner-approval gates |
|
||||
| AgentShield enterprise iteration | Policy gates, SARIF, packs, provenance, corpus, HTML reports, exception lifecycle audit, baseline drift Action/CLI surfaces, evidence-pack redaction, harness adapter registry, enterprise research roadmap, supply-chain hardened release path, CI-safe baseline fingerprints, corpus accuracy recommendations, remediation workflow phases, env proxy hijack corpus coverage, Mini Shai-Hulud full-campaign package IOCs, CI-provenance evidence packs, plugin-cache runtime-confidence triage, evidence-pack consumer readback, fleet-level evidence-pack routing, fleet review items, fleet review ticket payloads, checksum-backed policy export, checksum-verified policy promotion, policy promotion review items, package-manager hardening drift detection, npm age-gate guidance correction, workflow action-runtime pin refresh, package-manager hardening Action outputs, policy-promotion Action outputs, ECC-Tools hosted consumption of promotion Action outputs, ECC-Tools operator-visible promotion output values, and ECC-Tools hosted promotion judge audit traces | PRs #53, #55-#64, #67-#69, and #78-#92 landed with test evidence, ECC-Tools #76 consumes the fleet-summary output in hosted security review, #77 surfaces source evidence paths in hosted finding output, and #78 links fleet routes to harness owner review; AgentShield #91 adds `agentshield policy export` bundles for branch-protection review and downstream promotion; AgentShield #92 adds `agentshield policy promote` with digest verification, tamper rejection, explicit pack selection, dry-run review, and JSON output before writing active policy; AgentShield commit `87aec47` adds `reviewItems` for digest evidence, owner review, protected rollout PR handoff, and runtime smoke testing with green local and remote CI; AgentShield commit `28d08c7` adds package-manager hardening drift detection for plaintext registry credentials, lifecycle-script enablement, and weak pnpm/Yarn release-age cooldowns with green local and remote CI; AgentShield commit `659f569` refreshes all workflow action runtime pins to SHA-pinned checkout v6.0.2 and setup-node v6.4.0 with green remote CI and no remaining action-runtime deprecation annotation; AgentShield commit `ee585cd` corrects npm release-age guidance by flagging unsupported npm age keys and keeping enforceable cooldown findings on pnpm/Yarn with green local and remote CI; AgentShield commit `1124535` exposes package-manager hardening status/count outputs and a redacted job-summary section for registry credentials, lifecycle scripts, and release-age gates with green local and remote CI; AgentShield commit `1593925` exposes policy-promotion status/count/digest outputs plus job-summary review items for owner approval, protected rollout, and runtime smoke, and marks runtime smoke verified when the same Action job scans with the promoted policy; AgentShield commit `840952a` adds Linear/operator-ready fleet review ticket payloads and expands current Mini Shai-Hulud IOC breadcrumbs with green local and remote CI; ECC-Tools commit `8658951` routes those policy-promotion Action outputs into hosted security review findings and Hosted Promotion Readiness scoring; ECC-Tools commit `16c537f` renders policy-promotion status, pack, review item count, action-required count, and digest in hosted security job comments/check-runs; ECC-Tools commit `05d4e82` renders hosted promotion judge request fingerprints and allowed-citation counts without raw provider output; native PDF export deferred in favor of self-contained HTML plus print-to-PDF until explicit enterprise demand appears; `docs/architecture/agentshield-enterprise-research-roadmap.md` now has baseline drift, evidence-pack bundle, redaction, adapter-registry, supply-chain hardening, hashed baseline fingerprints, corpus accuracy recommendation, remediation workflow, env proxy hijack corpus, Mini Shai-Hulud full-campaign package-table, `ci-context.json` provenance, `plugin-cache` confidence, `evidence-pack inspect` readback, `evidence-pack fleet` routing, fleet `reviewItems`, fleet review ticket payloads, policy export, policy promotion, policy promotion `reviewItems`, package-manager hardening Action outputs, policy-promotion Action outputs, hosted consumption of promotion Action outputs, operator-visible promotion output values, and hosted promotion judge audit traces landed | Next workflow automation should deepen live operator approval/readback after Marketplace/payment gates |
|
||||
| ECC Tools next-level app | Billing audit, PR checks, deep analyzer, sync backlog, evaluator/RAG corpus, analysis-depth readiness, hosted execution planning, hosted CI diagnostics, hosted security evidence review, hosted harness compatibility audit, hosted reference-set evaluation, hosted AI routing/cost review, hosted team backlog routing, hosted depth-plan check-run, PR-comment hosted job dispatch, hosted job result history/check-runs, hosted result status command, status-aware depth-plan recommendations, hosted promotion readiness, hosted promotion output scoring, hosted promotion retrieval planning, hosted promotion judge contract, gated hosted promotion judge execution, hosted promotion judge audit trace, payment-announcement readiness, billing announcement preflight, aggregate production billing KV readback, Marketplace webhook provenance, target-account billing readback, Marketplace-source provenance counts, AgentShield fleet-summary hosted routing, hosted finding evidence paths, harness-route policy linking, policy-promotion Action-output hosted telemetry, and operator-visible promotion output values | PRs #26-#43 plus #53-#78 landed with test evidence, including AgentShield evidence-pack gap routing, canonical bundle recognition, supply-chain signature gates, PR draft follow-up Linear tracking, evidence-backed/deep-ready repository classification, the `/api/analysis/depth-plan` hosted job plan, `/api/analysis/jobs/ci-diagnostics`, `/api/analysis/jobs/security-evidence-review`, `/api/analysis/jobs/harness-compatibility-audit`, `/api/analysis/jobs/reference-set-evaluation`, `/api/analysis/jobs/ai-routing-cost-review`, `/api/analysis/jobs/team-backlog-routing`, the `ECC Tools / Hosted Depth Plan` check-run, `/ecc-tools analyze --job ...` PR-comment dispatch, non-blocking per-hosted-job result check-runs backed by 30-day result cache records, `/ecc-tools analyze --job status` cache lookup, cache-aware next-job recommendations in the depth-plan check-run, the `ECC Tools / Hosted Promotion Readiness` corpus-backed PR check-run, deterministic hosted-output scoring against cached completed job artifacts/findings, ranked retrieval/model-prompt planning, the fail-closed `hosted-promotion-judge.v1` request contract, opt-in live model-judge execution behind hosted evidence, entitlement, budget, provider, executor, strict JSON, and citation gates, hosted promotion judge request fingerprints plus allowed-citation audit trails, a fail-closed `/api/billing/readiness` `announcementGate` for native GitHub payments claims, `npm run billing:announcement-gate` plus `--preflight` as the non-secret operator verifier, hosted security findings for AgentShield fleet summaries, an `Evidence` column in hosted finding comments/check-runs, hosted harness findings that route AgentShield fleet target paths to harness owners, ECC-Tools commit `8658951` routing AgentShield policy-promotion Action outputs into hosted security review and promotion-readiness scoring, ECC-Tools commit `16c537f` rendering policy-promotion status/pack/count/digest values directly in hosted security job comments/check-runs, ECC-Tools commit `05d4e82` rendering model-judge audit traces without exposing raw provider output, ECC-Tools commit `91a441b` adding the safe billing announcement preflight path, ECC-Tools commit `eb69412` recording the initial production readback state, ECC-Tools commit `95d0bec` adding `npm run billing:kv-readback` with aggregate account-billing and billing-state records but 0 Marketplace Pro billing-state records, ECC-Tools commit `2859678` requiring webhook-derived Marketplace provenance before announcement readiness, ECC-Tools commit `42653f9` adding Wrangler OAuth readback, ECC-Tools commit `632e059` adding sanitized target-account readback that requires both target key families before `--require-ready` can pass, and ECC-Tools commit `d5f60db` adding sanitized Marketplace plan/action provenance counts; the latest 2026-05-18 live Wrangler OAuth recheck found 256 account-billing records, 256 billing-state records, 197 Marketplace-source records, 4 Marketplace webhook-provenance records, all `Open Source`, and 0 Marketplace Pro records, then updated Linear ITO-61 with the data/provisioning blocker | Next work is create or verify Marketplace-managed Pro target billing-state with webhook provenance, configure target account plus `INTERNAL_API_SECRET`, then run `billing:kv-readback -- --wrangler --wrangler-bin ./node_modules/.bin/wrangler --account <github-login> --require-ready`, followed by the live announcement gate |
|
||||
| GitGuardian/Dependabot/CodeRabbit-style checks | Non-blocking taxonomy, deterministic follow-up checks, and local supply-chain gates | ECC-Tools risk taxonomy check plus follow-up signals landed, including Skill Quality, Deep Analyzer Evidence, Analyzer Corpus Evidence, RAG/Evaluator Evidence, PR Review/Salvage Evidence, and AgentShield evidence-pack evidence; #1846 added npm registry signature gates; #1848 added the supply-chain incident-response playbook and `pull_request_target` cache-poisoning validator guard; #1851 added the privileged checkout credential-persistence guard; AgentShield #78, JARVIS #13, and ECC-Tools #53 applied the same hardening outside trunk | Current supply-chain gate complete; deeper hosted review features remain future |
|
||||
| Harness-agnostic learning system | Audit, adapter matrix, observability, traces, promotion loop | Audit/adapters/observability gates plus `docs/architecture/evaluator-rag-prototype.md`, `examples/evaluator-rag-prototype/`, and ECC-Tools PR #40 define read-only stale-salvage, billing-readiness, CI-failure-diagnosis, harness-config-quality, AgentShield policy-exception, skill-quality evidence, deep-analyzer evidence, and RAG/evaluator comparison scenarios with trace, report, playbook, verifier, and predictive-check artifacts; ECC-Tools PRs #68-#72 now turn that corpus into a deterministic PR check-run gate with cached hosted-output scoring, ranked retrieval candidates, a model prompt seed, a fail-closed hosted model-judge request contract, and opt-in live model execution behind strict hosted-evidence gates | Deterministic hosted PR check, cached output scoring, retrieval planning, judge contract, and gated model execution integrated |
|
||||
| Linear roadmap is detailed | Linear project document/comments plus repo mirror | Repo mirror exists and issue creation works again; the May 19 sync adds post-PR #2002 document `ecc-may-19-post-pr-2002-sync-64cef8f668e0`, project comment `a6411e3a-8c8e-4a58-adba-687e77d4c543`, ITO-44/47/48/49/51/54/56 issue comments, and In Progress state for ITO-47, ITO-48, ITO-49, ITO-51, ITO-54, and ITO-56; the late-pass batch adds document `ecc-may-19-late-queue-zero-and-release-gate-sync-1c26f65e6b3f`, project comment `d42bf0e2-7a8e-4934-9f3f-e281498ee805`, and ITO-44/50/54/56/61 comments for PR #2013, ECC-Tools #79, and JARVIS #15/#16 because project status updates are disabled in the workspace | Needs recurring document/comment updates after each significant merge batch |
|
||||
| Linear roadmap is detailed | Linear project status plus repo mirror | Repo mirror exists and issue creation works again; the May 19 sync adds post-PR #2002 document `ecc-may-19-post-pr-2002-sync-64cef8f668e0`, project comment `a6411e3a-8c8e-4a58-adba-687e77d4c543`, ITO-44/47/48/49/51/54/56 issue comments, and In Progress state for ITO-47, ITO-48, ITO-49, ITO-51, ITO-54, and ITO-56; PR #2004 mirrors that sync into the repo evidence set | Needs recurring status updates after each significant merge batch |
|
||||
| Flow separation and progress tracking | Flow lanes with owner artifacts and update cadence | This roadmap defines lanes below and `docs/architecture/progress-sync-contract.md` makes GitHub/Linear/handoff/roadmap sync part of the readiness gate | Active |
|
||||
| Realtime Linear sync | Project documents/comments plus issue comments for lane updates | ECC-Tools #39 implements opt-in Linear API sync for deferred follow-up backlog items, and ECC-Tools #54 adds copy-ready PR drafts to that backlog when draft PR shells are not opened; `docs/architecture/progress-sync-contract.md` defines the local file-backed realtime boundary; May 18 and May 19 live connector comments were posted to the ECC platform project and lane issues after project status updates returned disabled | Needs workspace config/product rollout for hosted issue sync |
|
||||
| Realtime Linear sync | Project comments while issue/status capacity is blocked; issues later | ECC-Tools #39 implements opt-in Linear API sync for deferred follow-up backlog items, and ECC-Tools #54 adds copy-ready PR drafts to that backlog when draft PR shells are not opened; `docs/architecture/progress-sync-contract.md` defines the local file-backed realtime boundary while issue capacity is blocked; May 18 live connector comments were posted to ITO-57 and the ECC platform project after project status updates returned disabled | Needs workspace capacity/config rollout for productized issue sync |
|
||||
| Observability for self-use | Local readiness gate, traces, status snapshots, HUD/status contract, risk ledger, progress-sync contract | `npm run observability:ready` reports 21/21 | Complete for local gate |
|
||||
| Proper release and notifications | Release tag, npm publish state, plugin state, social posts | Publication readiness gate exists with May 12 dry-run and May 13 readiness evidence | Not complete; approval/live URLs required |
|
||||
|
||||
@@ -985,8 +780,8 @@ repo evidence and merge commits.
|
||||
| Release and publication | rc.1 release docs, publication readiness doc | Naming matrix and plugin submission/contact checklist | Before any tag |
|
||||
| Harness OS core | Audit, adapter matrix, observability docs, `ecc2/` | HUD/session-control acceptance spec | Weekly until GA |
|
||||
| Evaluation and RAG | Reference-set validation, harness audit, traces, ECC-Tools corpus | Read-only evaluator/RAG prototype plus stale-salvage, billing-readiness, CI-failure-diagnosis, harness-config-quality, AgentShield policy-exception, skill-quality evidence, deep-analyzer evidence, and RAG/evaluator comparison fixtures; ECC-Tools #68 publishes the corpus as a hosted promotion readiness check-run, #69 scores cached hosted job outputs against the same corpus, #70 emits ranked retrieval candidates plus a model prompt seed, #71 adds a fail-closed hosted model-judge request contract, and #72 executes that judge only when explicitly enabled and backed by hosted retrieval citations; ECC-Tools `16c537f` surfaces policy-promotion Action output values in hosted security comments/checks; ECC-Tools `05d4e82` adds hosted model-judge audit traces with request fingerprints and allowed-citation counts | Marketplace Pro billing-state verification with webhook provenance |
|
||||
| AgentShield enterprise | AgentShield PR evidence and roadmap notes | Fleet routing landed in #89 after evidence-pack inspect/readback shipped in #88; #90 emits fleet `reviewItems`; #91 exports checksum-backed policy bundles; #92 promotes checksum-verified policies from those bundles into active policy files; #94 adds Zed and VS Code adapter detection, Zed project scan discovery, and `.zed/setup.mjs` persistence IOC coverage; #95 closes the `brace-expansion` Dependabot alert with 0 open alerts after merge; AgentShield `87aec47` adds policy promotion `reviewItems`; `28d08c7` adds package-manager hardening drift detection; `659f569` refreshes workflow action runtime pins; `ee585cd` corrects unsupported npm release-age guidance and keeps enforceable cooldown findings on pnpm/Yarn; `1124535` exposes package-manager hardening Action outputs for CI/hosted routing; `1593925` exposes policy-promotion Action outputs and runtime-smoke job-summary evidence; `840952a` adds fleet review ticket payloads and current Mini Shai-Hulud IOC breadcrumbs; ECC-Tools #76 consumes fleet summaries, #77 surfaces source evidence paths in hosted findings, #78 links fleet routes to harness owners, ECC-Tools `8658951` consumes policy-promotion Action outputs, and ECC-Tools `16c537f` renders operator-visible output values | Deepen live operator approval/readback after Marketplace/payment gates |
|
||||
| ECC Tools app | ECC-Tools PR evidence, billing audit, risk taxonomy, evaluator/RAG corpus | ECC-Tools #53 published the supply-chain workflow hardening branch, #54 tracks copy-ready PR drafts in the Linear/project backlog, #55 classifies analysis-depth readiness, #56 exposes the hosted execution plan, #57 executes the first hosted CI diagnostics job, #58 executes the hosted security evidence review job, #59 executes the hosted harness compatibility audit, #60 executes the hosted reference-set evaluation, #61 executes the hosted AI routing/cost review, #62 executes hosted team backlog routing, #63 publishes the hosted depth-plan check-run, #64 dispatches hosted jobs from PR comments, #65 persists hosted result history/check-runs, #66 exposes hosted job status from PR comments, #67 makes depth-plan recommendations cache-aware, #68 publishes hosted promotion readiness from the evaluator/RAG corpus, #69 scores cached hosted job outputs against that corpus, #70 emits ranked retrieval candidates plus a model prompt seed, #71 emits the gated `hosted-promotion-judge.v1` contract without live model calls, #72 adds opt-in live model-judge execution behind hosted-evidence and strict JSON/citation gates, #73 adds a fail-closed native-payments `announcementGate` to billing readiness, #74 adds `npm run billing:announcement-gate` for operator verification, #75 tightens the billing announcement gate for live Marketplace readback, #76 routes AgentShield fleet-summary evidence into hosted security findings, #77 adds source evidence paths to hosted finding output, #78 links AgentShield fleet target paths to hosted harness owner findings, `8658951` routes AgentShield policy-promotion Action outputs into hosted security review and promotion readiness, `16c537f` renders policy-promotion status/pack/count/digest values in hosted security comments/checks, `05d4e82` renders hosted promotion judge request fingerprints plus allowed-citation audit traces, `91a441b` adds billing announcement preflight output for required readback inputs, `eb69412` records the initial production readback state, `95d0bec` adds aggregate `billing:kv-readback` evidence, `2859678` requires Marketplace webhook provenance in billing readiness, `42653f9` adds Wrangler OAuth readback with live aggregate production counts, `632e059` adds sanitized target-account billing readback for the exact Marketplace test account, ECC-Tools #89 adds selected-ready-target KV readback, ECC-Tools #90 adds selected-target official announcement gating without raw login input, and ECC-Tools #91 adds `--env-file` support for ignored local billing credentials without printing secrets or logins | Obtain or rotate the local/internal `INTERNAL_API_SECRET` bearer-token path, via exported env or ignored `--env-file`, then run the live selected-target billing announcement gate |
|
||||
| AgentShield enterprise | AgentShield PR evidence and roadmap notes | Fleet routing landed in #89 after evidence-pack inspect/readback shipped in #88; #90 emits fleet `reviewItems`; #91 exports checksum-backed policy bundles; #92 promotes checksum-verified policies from those bundles into active policy files; AgentShield `87aec47` adds policy promotion `reviewItems`; `28d08c7` adds package-manager hardening drift detection; `659f569` refreshes workflow action runtime pins; `ee585cd` corrects unsupported npm release-age guidance and keeps enforceable cooldown findings on pnpm/Yarn; `1124535` exposes package-manager hardening Action outputs for CI/hosted routing; `1593925` exposes policy-promotion Action outputs and runtime-smoke job-summary evidence; `840952a` adds fleet review ticket payloads and current Mini Shai-Hulud IOC breadcrumbs; ECC-Tools #76 consumes fleet summaries, #77 surfaces source evidence paths in hosted findings, #78 links fleet routes to harness owners, ECC-Tools `8658951` consumes policy-promotion Action outputs, and ECC-Tools `16c537f` renders operator-visible output values | Deepen live operator approval/readback after Marketplace/payment gates |
|
||||
| ECC Tools app | ECC-Tools PR evidence, billing audit, risk taxonomy, evaluator/RAG corpus | ECC-Tools #53 published the supply-chain workflow hardening branch, #54 tracks copy-ready PR drafts in the Linear/project backlog, #55 classifies analysis-depth readiness, #56 exposes the hosted execution plan, #57 executes the first hosted CI diagnostics job, #58 executes the hosted security evidence review job, #59 executes the hosted harness compatibility audit, #60 executes the hosted reference-set evaluation, #61 executes the hosted AI routing/cost review, #62 executes hosted team backlog routing, #63 publishes the hosted depth-plan check-run, #64 dispatches hosted jobs from PR comments, #65 persists hosted result history/check-runs, #66 exposes hosted job status from PR comments, #67 makes depth-plan recommendations cache-aware, #68 publishes hosted promotion readiness from the evaluator/RAG corpus, #69 scores cached hosted job outputs against that corpus, #70 emits ranked retrieval candidates plus a model prompt seed, #71 emits the gated `hosted-promotion-judge.v1` contract without live model calls, #72 adds opt-in live model-judge execution behind hosted-evidence and strict JSON/citation gates, #73 adds a fail-closed native-payments `announcementGate` to billing readiness, #74 adds `npm run billing:announcement-gate` for operator verification, #75 tightens the billing announcement gate for live Marketplace readback, #76 routes AgentShield fleet-summary evidence into hosted security findings, #77 adds source evidence paths to hosted finding output, #78 links AgentShield fleet target paths to hosted harness owner findings, `8658951` routes AgentShield policy-promotion Action outputs into hosted security review and promotion readiness, `16c537f` renders policy-promotion status/pack/count/digest values in hosted security comments/checks, `05d4e82` renders hosted promotion judge request fingerprints plus allowed-citation audit traces, `91a441b` adds billing announcement preflight output for required readback inputs, `eb69412` records the initial production readback state, `95d0bec` adds aggregate `billing:kv-readback` evidence, `2859678` requires Marketplace webhook provenance in billing readiness, `42653f9` adds Wrangler OAuth readback with live aggregate production counts, and `632e059` adds sanitized target-account billing readback for the exact Marketplace test account | Create or verify Marketplace-managed Pro target billing-state with webhook provenance, then live target readback and announcement gate |
|
||||
| Linear progress | Linear project status updates, `docs/architecture/progress-sync-contract.md`, generated `operator:dashboard` output, and this mirror | Status update with queue/evidence/missing gates | Every significant merge batch |
|
||||
|
||||
The project status update should always include:
|
||||
@@ -1046,7 +841,7 @@ Acceptance:
|
||||
Zed-adjacent surfaces, dmux, Orca, Superset, Ghast, and terminal-only use.
|
||||
- Each adapter has supported assets, unsupported surfaces, install path,
|
||||
verification command, and risk notes.
|
||||
- Harness audit remains 80/80 and gains a public onramp that explains how teams
|
||||
- Harness audit remains 70/70 and gains a public onramp that explains how teams
|
||||
use the scorecard.
|
||||
- Reference findings are converted into concrete adapter, observability, or
|
||||
operator-surface deltas.
|
||||
@@ -1248,23 +1043,13 @@ Acceptance:
|
||||
ECC-Tools commit `42653f9` adds Wrangler OAuth KV readback and confirms the
|
||||
current blocker is not Cloudflare read access; it is the absence of a
|
||||
ready-like Marketplace Pro billing-state record with webhook provenance.
|
||||
ECC-Tools commit `632e059` adds sanitized target-account readback, and PRs
|
||||
#89/#90/#91 move the final operator path to selected-target readback,
|
||||
selected-target announcement gating, and ignored env-file credential loading
|
||||
without printing account logins or raw KV key names.
|
||||
ECC-Tools PR #79 redacts the billing announcement gate account output;
|
||||
PR #80 requires failure reasons in runtime receipts; PRs #81/#82 preserve
|
||||
and render AgentShield fleet approval IDs; PR #83 makes Linear follow-up
|
||||
sync idempotent by external ID; PR #84 syncs hosted AgentShield
|
||||
remediation items into Linear; PR #85 emits hosted job observability events
|
||||
including budget-blocked outcomes; PRs #86/#87 read those events back into
|
||||
hosted status comments and hosted depth-plan check-runs; and PR #88 exposes
|
||||
authenticated hosted observability API readback for operator dashboards.
|
||||
2. Run `npm run billing:announcement-gate -- --preflight
|
||||
--select-ready-target`, adding `--env-file /path/to/ecc-tools.env` when the
|
||||
local bearer token is stored in an ignored operator file, then run the same
|
||||
command without `--preflight` and require `announcementGate.ready === true`
|
||||
before any native GitHub payments announcement.
|
||||
ECC-Tools commit `632e059` adds sanitized target-account readback, so the
|
||||
final operator gate should verify the exact Marketplace test account without
|
||||
printing its login or raw KV key names.
|
||||
2. Run `npm run billing:announcement-gate -- --preflight --account
|
||||
<github-login>`, then run the same command without `--preflight` against a
|
||||
Marketplace-managed test account and require `announcementGate.ready ===
|
||||
true` before any native GitHub payments announcement.
|
||||
3. Enable/configure the merged Linear backlog sync path after workspace issue
|
||||
capacity clears or the Linear workspace is upgraded, then verify PR-draft
|
||||
salvage items land in the expected project.
|
||||
|
||||
@@ -9,7 +9,7 @@ status update can claim a lane is current.
|
||||
| Surface | Role | Current rule |
|
||||
| --- | --- | --- |
|
||||
| GitHub PRs/issues/discussions | Public queue and review state | Recheck live counts before every significant merge batch and before release approval. |
|
||||
| Linear project | Executive roadmap and stakeholder status update | Use project documents and project/issue comments because project status updates are disabled in this workspace; create/reuse issues for durable execution lanes. |
|
||||
| Linear project | Executive roadmap and stakeholder status update | Post project status updates while issue capacity blocks issue creation. Create/reuse issues only when workspace capacity is available. |
|
||||
| Local handoff | Durable operator continuity | Update the active handoff after every merge batch, queue drain, skipped release gate, or blocked external action. |
|
||||
| Repo roadmap | Auditable planning mirror | Keep `docs/ECC-2.0-GA-ROADMAP.md` aligned to merged PR evidence and unresolved gates. |
|
||||
| `scripts/work-items.js` | Local tracker bridge | Sync GitHub PRs/issues into the SQLite work-items store for status snapshots and blocked follow-up. |
|
||||
@@ -41,12 +41,9 @@ After a significant merge batch, update Linear and the handoff with:
|
||||
4. Deferred or skipped work and the explicit reason.
|
||||
5. The next one or two implementation slices.
|
||||
|
||||
When Linear project status updates are unavailable, use a project document plus
|
||||
project/issue comments instead of creating placeholder issues. Issue capacity is
|
||||
available for durable execution lanes, but do not use that issue capacity as a
|
||||
substitute for evidence-backed project status. Create or reuse exact-title
|
||||
issues only when the lane needs a durable execution owner, and link those issues
|
||||
to repo evidence.
|
||||
When Linear issue capacity is unavailable, use a project status update instead
|
||||
of creating placeholder issues. When issue capacity is available, create or
|
||||
reuse exact-title issues and link them to the repo evidence.
|
||||
|
||||
## Realtime Boundary
|
||||
|
||||
|
||||
@@ -21,9 +21,6 @@
|
||||
- verify package, plugin, marketplace, OpenCode, and agent metadata stays at `2.0.0-rc.1`
|
||||
- verify `ecc2/Cargo.toml` stays at `0.1.0` for rc.1; `ecc2/` remains an alpha control-plane scaffold
|
||||
- complete `publication-readiness.md` with fresh evidence before any GitHub release, npm publish, plugin submission, or announcement post
|
||||
- run `npm run release:approval-gate -- --format json` after owner approvals
|
||||
and live URL readbacks are recorded; it must return ready true before any
|
||||
publish, upload, social, or outbound action
|
||||
- rerun the release name/plugin publication checklist before creating a
|
||||
GitHub prerelease, publishing npm, pushing Claude plugin tags, recording the
|
||||
Codex marketplace path, or posting public copy
|
||||
|
||||
@@ -56,7 +56,7 @@ Reason:
|
||||
| Claude marketplace | `.claude-plugin/marketplace.json` points at `ecc` and the public repo | Verify marketplace update/install path after tag exists | External marketplace propagation not verified |
|
||||
| Codex plugin | `codex plugin marketplace` supports local and Git marketplace sources; `.codex-plugin/plugin.json` is present; `.agents/plugins/marketplace.json` exposes `ecc` from the repo root; temp-home local and GitHub-ref marketplace adds passed | Publish rc.1 docs with the repo-marketplace command, then monitor OpenAI's official Plugin Directory path | Do not claim official Plugin Directory listing before OpenAI submission evidence |
|
||||
| OpenCode package | `.opencode/package.json` builds from source and ships inside npm package | Re-run `npm run build:opencode` and package dry-run from release commit | OpenCode CLI 1.2.21 does not expose a separate plugin publication command in this pass |
|
||||
| ECC Tools billing claim | README and launch copy mention ECC Tools / marketplace context | ECC-Tools #89/#90/#91 add selected-target billing readback, selected-target announcement gating, and ignored `--env-file` support; #92 adds the non-breaking operator bearer path; #93 records the live selected-target gate pass | Billing evidence ready; repeat the live selected-target gate before any payment announcement |
|
||||
| ECC Tools billing claim | README and launch copy mention ECC Tools / marketplace context | ECC-Tools #73 adds `/api/billing/readiness` `announcementGate`; run it against a Marketplace-managed test account before any payment announcement | Billing announcement code gate exists; live Marketplace account readback still pending |
|
||||
| Social and longform copy | X thread, LinkedIn copy, article outline, GitHub release copy exist | Replace any stale URLs, then publish only after release/npm/plugin URLs work | Public URLs not final until release actions complete |
|
||||
|
||||
## ITO-46 Blocker Register
|
||||
@@ -71,7 +71,7 @@ Reason:
|
||||
| Codex repo marketplace | Local and GitHub-ref temp-home marketplace add smokes passed on Codex CLI `0.131.0` | `.codex-plugin/plugin.json`, `.agents/plugins/marketplace.json`, repo/personal marketplace evidence | Plugin owner | Official Plugin Directory listing requires OpenAI submission/listing evidence |
|
||||
| Codex official Plugin Directory | OpenAI docs describe the curated official directory; ECC has not submitted or received listing evidence | Directory submission link or OpenAI approval path once available | Plugin owner | Track as an ITO-56/ITO-46 follow-up; do not claim an official listing |
|
||||
| OpenCode package | `npm run build:opencode` passed | Built `.opencode` package metadata inside npm tarball | Package owner | No separate public plugin channel identified; follows npm |
|
||||
| Billing/native payments | Marketplace Pro target readback, selected-target announcement preflight, env-file operator path, non-breaking operator bearer, and live selected-target gate have passed | 2026-05-20 selected-target readback, webhook provenance, selected-target announcement gate, ECC-Tools #91 `--env-file` support, ECC-Tools #92 operator bearer, ECC-Tools #93 live gate evidence | ECC Tools owner | Repeat the live gate immediately before rc.1 announcement; final copy still waits on release/plugin/live URL approvals |
|
||||
| Billing/native payments | Announcement remains blocked by ITO-61 | Marketplace Pro target readback, webhook provenance, `INTERNAL_API_SECRET`, announcement gate | ECC Tools owner | Do not include native-payments claim in rc.1 announcement |
|
||||
| Social/longform copy | Drafts exist | Final live GitHub, npm, Claude, Codex, billing URLs | Release owner | Publish only after release/package/plugin URLs exist |
|
||||
|
||||
## Package Rename After rc.1
|
||||
|
||||
@@ -2,8 +2,8 @@
|
||||
|
||||
This dashboard is generated by `npm run operator:dashboard`. It is an operator snapshot, not release approval.
|
||||
|
||||
Generated: 2026-05-20T01:28:52.541Z
|
||||
Commit: a2bbc45504ff55f09e9e06be0e253d72f3c54f90
|
||||
Generated: 2026-05-19T15:08:49.870Z
|
||||
Commit: ac7434ea8f39166b11e9d06ce64b38c4fb8d9202
|
||||
Status: work remaining
|
||||
|
||||
## Current Status
|
||||
@@ -42,7 +42,7 @@ Growth lanes: GitHub Sponsors and OSS partner sponsors; ECC Tools Pro subscripti
|
||||
| Produce the ECC 2.0 release video suite | docs/releases/2.0.0-rc.1/video-suite-production.md and npm run release:video-suite | current | video-suite gate is ready with 15/15 source assets, 13/13 suite artifacts, 12/12 publish candidates, primary self-eval, and zero detected black-frame segments recorded in May 19 evidence | final owner approval, upload, and public video URLs remain approval-gated |
|
||||
| Prepare sponsor, partner, consulting, podcast, talk, and Discussion copy | docs/releases/2.0.0-rc.1/partner-sponsor-talks-pack.md | in_progress | sponsor outbound, platform partner DM, consulting intro, talk/podcast pitch, GitHub Discussion announcement, CTA hooks, and do-not-send gate are drafted | replace final URLs after publication gates, then get explicit approval before outbound or personal-account posts |
|
||||
| Advance AgentShield enterprise iteration | AgentShield PR evidence plus enterprise roadmap | in_progress | AgentShield policy promotion `reviewItems` landed in `87aec47`; package-manager hardening drift detection landed in `28d08c7`; workflow action runtime pins were refreshed in `659f569`; npm age-gate guidance was corrected in `ee585cd`; package-manager hardening Action outputs landed in `1124535`; policy-promotion Action outputs and runtime-smoke job-summary evidence landed in `1593925`; fleet review ticket payloads and current Mini Shai-Hulud IOC breadcrumbs landed in `840952a`; ECC-Tools consumes those outputs in `8658951`, surfaces operator-readable status/pack/count/digest telemetry in `16c537f`, and renders hosted promotion judge audit traces in `05d4e82`; all are mirrored in the GA roadmap | deepen live operator approval/readback after Marketplace/payment gates |
|
||||
| Advance ECC Tools native payments and AI-native harness-agnostic app | ECC Tools PR evidence, billing gate, hosted analysis lanes | in_progress | billing announcement gate, hosted analysis lanes, AgentShield fleet-summary consumption, hosted finding evidence paths, harness-route policy linking, policy-promotion Action-output telemetry, operator-visible promotion output details, hosted promotion judge audit traces, billing announcement preflight, aggregate production billing KV readback, Wrangler OAuth readback, target-account billing readback, provenance-aware Marketplace billing-state gates, sanitized Marketplace plan/action provenance counts, ready Marketplace Pro target selection, hosted team-learning feedback controls, and ECC-Tools Dependabot alert remediation are mirrored in the GA roadmap | obtain or rotate the local/internal INTERNAL_API_SECRET bearer-token path, then run the live billing announcement gate for the selected Marketplace Pro target before publishing native-payments copy |
|
||||
| Advance ECC Tools native payments and AI-native harness-agnostic app | ECC Tools PR evidence, billing gate, hosted analysis lanes | in_progress | billing announcement gate, hosted analysis lanes, AgentShield fleet-summary consumption, hosted finding evidence paths, harness-route policy linking, policy-promotion Action-output telemetry, operator-visible promotion output details, hosted promotion judge audit traces, billing announcement preflight, aggregate production billing KV readback, Wrangler OAuth readback, target-account billing readback, provenance-aware Marketplace billing-state gates, sanitized Marketplace plan/action provenance counts, hosted team-learning feedback controls, and ECC-Tools Dependabot alert remediation are mirrored in the GA roadmap | create or verify Marketplace-managed Pro target billing-state with webhook provenance, configure the target account and INTERNAL_API_SECRET, then rerun target readback and the live announcement gate |
|
||||
| Audit, prune, or attach legacy work | docs/stale-pr-salvage-ledger.md and legacy inventory | current | legacy salvage ledger and inventory are current; all localization tails are attached to Linear ITO-55 for manual language-owner review | repeat legacy scan before release |
|
||||
| Keep Linear roadmap detailed and progress tracking synchronized | Linear project mirror plus progress-sync contract | current | Linear live sync is current with the May 19 post-PR #2002 sync document, project comment, and active issue-lane updates; progress-sync contract defines the file-backed work-items/status path | repeat Linear/project status update and local work-items sync after each significant merge batch |
|
||||
| Provide ECC 2.0 observability for self-use | observability readiness gate | complete | observability:ready command and readiness doc exist | runtime/dashboard implementation can continue after release gates |
|
||||
@@ -54,7 +54,7 @@ Growth lanes: GitHub Sponsors and OSS partner sponsors; ECC Tools Pro subscripti
|
||||
- `release-notes-and-notifications`: final live release/npm/plugin/billing URLs and publish approval still pending
|
||||
- `partner-sponsor-talks-pack`: replace final URLs after publication gates, then get explicit approval before outbound or personal-account posts
|
||||
- `agentshield-enterprise-iteration`: deepen live operator approval/readback after Marketplace/payment gates
|
||||
- `ecc-tools-next-level`: obtain or rotate the local/internal INTERNAL_API_SECRET bearer-token path, then run the live billing announcement gate for the selected Marketplace Pro target before publishing native-payments copy
|
||||
- `ecc-tools-next-level`: create or verify Marketplace-managed Pro target billing-state with webhook provenance, configure the target account and INTERNAL_API_SECRET, then rerun target readback and the live announcement gate
|
||||
|
||||
## Next Work Order
|
||||
|
||||
@@ -63,4 +63,4 @@ Growth lanes: GitHub Sponsors and OSS partner sponsors; ECC Tools Pro subscripti
|
||||
3. Review the owner-approved primary launch video candidates, choose the final cuts, upload after approval, and attach public video URLs to the release pack.
|
||||
4. Replace final release, npm, plugin, billing, and video URLs in the partner/sponsor/talk pack, then get explicit approval before outbound.
|
||||
5. Repeat ITO-57 Linear/project status sync after the next significant merge batch or advisory-source refresh.
|
||||
6. Obtain or rotate the local/internal INTERNAL_API_SECRET bearer-token path, then run the live billing announcement gate for the selected Marketplace Pro target before publishing native-payments copy.
|
||||
6. Create or verify Marketplace-managed Pro target billing-state with webhook provenance, configure the target account and INTERNAL_API_SECRET, then rerun target readback and the live announcement gate before publishing native-payments copy.
|
||||
|
||||
@@ -1,66 +0,0 @@
|
||||
# ECC Operator Readiness Dashboard
|
||||
|
||||
This dashboard is generated by `npm run operator:dashboard`. It is an operator snapshot, not release approval.
|
||||
|
||||
Generated: 2026-05-20T03:14:39.338Z
|
||||
Commit: 66733b511b70cf1cb501e8a3298b1cbd9968a9a0
|
||||
Status: work remaining
|
||||
|
||||
## Current Status
|
||||
|
||||
| Area | Status | Evidence |
|
||||
| --- | --- | --- |
|
||||
| PR queue | Current | 0 open PRs across tracked repos |
|
||||
| Issue queue | Current | 0 open issues across tracked repos |
|
||||
| Discussions | Current | 0 need maintainer touch; 0 missing accepted answer |
|
||||
| Local worktree | Current | 0 blocking dirty files; 0 ignored dirty entries |
|
||||
| Dashboard generation | Current | platform audit ready: true; GitHub skipped: false |
|
||||
| Publication | Not complete | release, npm, plugin, billing, and announcement gates are tracked below |
|
||||
|
||||
## Growth Baseline
|
||||
|
||||
| Metric | Current | Target | Gap |
|
||||
| --- | ---: | ---: | ---: |
|
||||
| MRR | $1,728/mo | $10,000/mo | $8,272/mo |
|
||||
|
||||
Growth lanes: GitHub Sponsors and OSS partner sponsors; ECC Tools Pro subscriptions; consulting and implementation contracts; talks, podcasts, conference demos, and partner webinars.
|
||||
|
||||
## Prompt-To-Artifact Checklist
|
||||
|
||||
| Objective requirement | Artifact or gate | Status | Evidence | Gap |
|
||||
| --- | --- | --- | --- | --- |
|
||||
| Keep public PRs below 20 | scripts/platform-audit.js live GitHub sweep plus owner-wide queue cleanup ledger | current | 0 open PRs across 5 tracked repos; 0 owner-wide open PRs after cleanup | repeat platform:audit and owner-wide gh search before release |
|
||||
| Keep public issues below 20 | scripts/platform-audit.js live GitHub sweep plus owner-wide queue cleanup ledger | current | 0 open issues across 5 tracked repos; 0 owner-wide open issues after cleanup | repeat platform:audit and owner-wide gh search before release |
|
||||
| Respond and manage repository discussions | scripts/platform-audit.js discussion summary | current | 0 need maintainer touch; 0 answerable discussions missing accepted answer | repeat before release |
|
||||
| Build ITO-44 completion dashboard into a repeatable command | npm run operator:dashboard | complete | operator:dashboard package script exists | keep generated dashboard attached to publication evidence |
|
||||
| ECC 2.0 preview pack ready | docs/releases/2.0.0-rc.1/preview-pack-manifest.md | current | preview pack manifest and deterministic smoke gate are in-tree | repeat clean-checkout preview-pack smoke before publication |
|
||||
| Include Hermes specialized skills safely | docs/HERMES-SETUP.md and skills/hermes-imports/SKILL.md | current | Hermes setup/import artifacts are covered by preview-pack smoke | repeat preview-pack smoke before release review |
|
||||
| Prepare name-change, Claude plugin, and Codex plugin paths | naming-and-publication-matrix plus release-name-plugin-publication checklist plus publication-readiness | in_progress | naming matrix, release publication checklist, and plugin readiness gates exist | real tag/push, marketplace submission, and final channel choice remain approval-gated |
|
||||
| Prepare release notes, articles, tweets, and push notifications | docs/releases/2.0.0-rc.1 social and release-copy files | in_progress | release notes, X thread, LinkedIn draft, and URL ledger are present | final live release/npm/plugin/billing URLs and publish approval still pending |
|
||||
| Prepare final owner approval packet | docs/releases/2.0.0-rc.1/owner-approval-packet-2026-05-19.md | current | owner approval packet covers release, package, plugin, video, billing, social, and outbound decisions | review owner approvals from the final release commit before any publication or outbound action |
|
||||
| Create a second-phase hypergrowth release command center | docs/releases/2.0.0/ecc-2-hypergrowth-release-command-center.md plus May 19 evidence | current | current MRR, target MRR, gap, release claim, video lane, distribution plan, and approval boundaries are in-tree | refresh after every MRR, channel, or approval-state change before public launch |
|
||||
| Produce the ECC 2.0 release video suite | docs/releases/2.0.0-rc.1/video-suite-production.md and npm run release:video-suite | current | video-suite gate is ready with 15/15 source assets, 13/13 suite artifacts, 12/12 publish candidates, primary self-eval, and zero detected black-frame segments recorded in May 19 evidence | final owner approval, upload, and public video URLs remain approval-gated |
|
||||
| Prepare sponsor, partner, consulting, podcast, talk, and Discussion copy | docs/releases/2.0.0-rc.1/partner-sponsor-talks-pack.md | in_progress | sponsor outbound, platform partner DM, consulting intro, talk/podcast pitch, GitHub Discussion announcement, CTA hooks, and do-not-send gate are drafted | replace final URLs after publication gates, then get explicit approval before outbound or personal-account posts |
|
||||
| Advance AgentShield enterprise iteration | AgentShield PR evidence plus enterprise roadmap | in_progress | AgentShield policy promotion `reviewItems` landed in `87aec47`; package-manager hardening drift detection landed in `28d08c7`; workflow action runtime pins were refreshed in `659f569`; npm age-gate guidance was corrected in `ee585cd`; package-manager hardening Action outputs landed in `1124535`; policy-promotion Action outputs and runtime-smoke job-summary evidence landed in `1593925`; fleet review ticket payloads and current Mini Shai-Hulud IOC breadcrumbs landed in `840952a`; ECC-Tools consumes those outputs in `8658951`, surfaces operator-readable status/pack/count/digest telemetry in `16c537f`, and renders hosted promotion judge audit traces in `05d4e82`; all are mirrored in the GA roadmap | deepen live operator approval/readback after Marketplace/payment gates |
|
||||
| Advance ECC Tools native payments and AI-native harness-agnostic app | ECC Tools PR evidence, billing gate, hosted analysis lanes | in_progress | billing announcement gate, selected-target announcement gate, billing gate env-file operator path, non-breaking operator bearer path, hosted analysis lanes, AgentShield fleet-summary consumption, hosted finding evidence paths, harness-route policy linking, policy-promotion Action-output telemetry, operator-visible promotion output details, hosted promotion judge audit traces, billing announcement preflight, aggregate production billing KV readback, Wrangler selected-target readback, target-account billing readback, provenance-aware Marketplace billing-state gates, sanitized Marketplace plan/action provenance counts, ready Marketplace Pro target selection, hosted team-learning feedback controls, and ECC-Tools Dependabot alert remediation are mirrored in the GA roadmap | repeat KV readback and selected-target announcement gate immediately before launch; keep native-payments copy behind the final release, plugin, URL, and owner-approval gates |
|
||||
| Audit, prune, or attach legacy work | docs/stale-pr-salvage-ledger.md and legacy inventory | current | legacy salvage ledger and inventory are current; all localization tails are attached to Linear ITO-55 for manual language-owner review | repeat legacy scan before release |
|
||||
| Keep Linear roadmap detailed and progress tracking synchronized | Linear project mirror plus progress-sync contract | current | Linear live sync is current with the May 20 Marketplace Pro release-gate comments on ITO-61 and the ECC platform roadmap; progress-sync contract defines the file-backed work-items/status path | repeat Linear/project status update and local work-items sync after each significant merge batch |
|
||||
| Provide ECC 2.0 observability for self-use | observability readiness gate | complete | observability:ready command and readiness doc exist | runtime/dashboard implementation can continue after release gates |
|
||||
| Keep Mini Shai-Hulud/TanStack protection loop current | supply-chain watch plus runbook plus AgentShield package-manager hardening | current | scheduled supply-chain watch emits IOC/advisory-source refresh artifacts; ECC scanner covers gh-token-monitor token-store persistence; AgentShield now detects known AI-tool persistence IOCs, npm lifecycle/token drift, unsupported npm age-key drift, and pnpm/Yarn cooldown drift; current-head watch evidence and ITO-57 May 18 Linear evidence updates are current | repeat advisory/source refresh and Linear sync after each significant supply-chain batch |
|
||||
|
||||
## Top Actions
|
||||
|
||||
- `naming-and-plugin-publication`: real tag/push, marketplace submission, and final channel choice remain approval-gated
|
||||
- `release-notes-and-notifications`: final live release/npm/plugin/billing URLs and publish approval still pending
|
||||
- `partner-sponsor-talks-pack`: replace final URLs after publication gates, then get explicit approval before outbound or personal-account posts
|
||||
- `agentshield-enterprise-iteration`: deepen live operator approval/readback after Marketplace/payment gates
|
||||
- `ecc-tools-next-level`: repeat KV readback and selected-target announcement gate immediately before launch; keep native-payments copy behind the final release, plugin, URL, and owner-approval gates
|
||||
|
||||
## Next Work Order
|
||||
|
||||
1. Regenerate this dashboard from the final release commit before publication evidence is recorded.
|
||||
2. Review the owner approval packet from the final release commit and approve, defer, or block each publication and outbound lane.
|
||||
3. Review the owner-approved primary launch video candidates, choose the final cuts, upload after approval, and attach public video URLs to the release pack.
|
||||
4. Replace final release, npm, plugin, billing, and video URLs in the partner/sponsor/talk pack, then get explicit approval before outbound.
|
||||
5. Repeat ITO-57 Linear/project status sync after the next significant merge batch or advisory-source refresh.
|
||||
6. Repeat KV readback and the selected-target billing announcement gate immediately before launch; keep native-payments copy behind the final release, plugin, URL, and owner-approval gates.
|
||||
@@ -8,19 +8,18 @@ release action after the final evidence commands are rerun from the intended
|
||||
release commit.
|
||||
|
||||
Source commit for the clean evidence baseline this packet extends:
|
||||
`9819626459a662773be7d0b1c18d82c1316b8c36`.
|
||||
`ac7434ea8f39166b11e9d06ce64b38c4fb8d9202`.
|
||||
|
||||
## Current Evidence
|
||||
|
||||
| Evidence | Current recorded state | Repeat before approval |
|
||||
| --- | --- | --- |
|
||||
| Platform audit | ready true, 0 open PRs, 0 open issues, 0 discussion gaps, 0 dirty files | yes |
|
||||
| Preview pack smoke | ready true, digest `531328aaaa53`, 5/5 checks | yes |
|
||||
| Release approval gate | ready false, digest `ef8f49f727b7`, 4/6 checks pass; owner decisions and live URL readbacks pending | yes |
|
||||
| Preview pack smoke | ready true, digest `790430aef4a8`, 5/5 checks | yes |
|
||||
| Video suite | ready true, 15/15 source assets, 13/13 suite artifacts, 12/12 publish candidates | yes |
|
||||
| Release surface tests | 27/27 passed after this packet was added | yes |
|
||||
| Full local suite | 2568/2568 passed before PR #2013 merged; focused GateGuard regression passed 91/91 again before PR #2011 merged | yes |
|
||||
| GitHub CI | PR #1998, PR #1999, PR #2000, PR #2001, PR #2002, PR #2004, PR #2008, post-PR #2006 `main`, PR #2009, post-PR #2009 `main`, post-PR #2011 `main`, and post-PR #2013 `main` all merged or advanced after green required checks | verify current head |
|
||||
| Full local suite | 2550/2550 passed after this packet was added | yes |
|
||||
| GitHub CI | PR #1998, PR #1999, PR #2000, PR #2001, PR #2002, and PR #2004 merged after green required checks | verify current head |
|
||||
|
||||
## Decision Register
|
||||
|
||||
@@ -57,7 +56,6 @@ Run these from the exact release commit before approving publication:
|
||||
git status --short --branch
|
||||
node scripts/platform-audit.js --json
|
||||
npm run preview-pack:smoke -- --format json
|
||||
npm run release:approval-gate -- --format json
|
||||
npm run release:video-suite -- --format json
|
||||
npm run harness:adapters -- --check
|
||||
npm run harness:audit -- --format json
|
||||
@@ -66,7 +64,6 @@ npm run security:ioc-scan
|
||||
npm audit --audit-level=moderate
|
||||
npm audit signatures
|
||||
node tests/docs/ecc2-release-surface.test.js
|
||||
node tests/hooks/gateguard-fact-force.test.js
|
||||
node tests/run-all.js
|
||||
cd ecc2 && cargo test
|
||||
```
|
||||
|
||||
@@ -17,7 +17,6 @@ surfaces, or posting announcements.
|
||||
| `docs/architecture/observability-readiness.md` | Local operator-readiness gate | Verified by `npm run observability:ready` |
|
||||
| `docs/architecture/progress-sync-contract.md` | GitHub, Linear, handoff, roadmap, and work-item sync boundary | Checked by `node scripts/platform-audit.js --json` |
|
||||
| `scripts/preview-pack-smoke.js` | Deterministic preview-pack smoke gate | Verified by `npm run preview-pack:smoke` |
|
||||
| `scripts/release-approval-gate.js` | Final owner-decision, live-URL, and launch-copy gate | Must return ready true before any release publish, package publish, plugin tag, video upload, announcement, or outbound batch |
|
||||
| `docs/releases/2.0.0-rc.1/release-notes.md` | GitHub release copy source | Must be refreshed with final live release/package/plugin URLs before publication |
|
||||
| `docs/releases/2.0.0-rc.1/quickstart.md` | Clone-to-first-workflow path | Covers clone, install, verify, first skill, and harness switch |
|
||||
| `docs/releases/2.0.0-rc.1/launch-checklist.md` | Operator launch checklist | Must remain approval-gated for release, package, plugin, and announcement actions |
|
||||
@@ -26,11 +25,10 @@ surfaces, or posting announcements.
|
||||
| `docs/releases/2.0.0-rc.1/publication-evidence-2026-05-16.md` | Current May 16/17 queue cleanup, recsys skill merge, GateGuard triage, PR #1947 supply-chain protection, AgentShield #87 plugin-cache confidence evidence, AgentShield #88 evidence-pack inspect/readback, AgentShield #89 evidence-pack fleet routing, AgentShield #90 fleet review items, AgentShield #91 policy export, AgentShield #92 policy promotion, ECC-Tools #76 fleet-summary consumption, ECC-Tools #77 hosted finding evidence paths, ECC-Tools #78 harness policy-route linking, dashboard refresh, and combined Node/Rust/release-surface gate evidence through the May 16 mirror | Must still be repeated from a strict clean checkout before real publication |
|
||||
| `docs/releases/2.0.0-rc.1/publication-evidence-2026-05-17.md` | May 17 queue-zero state, Japanese localization merge, Dependabot TypeScript and Node type merges, post-merge ja-JP lint repair, Mini Shai-Hulud/TanStack protection recheck, npm audit/signature checks, legacy and Linear progress routing, deterministic preview-pack smoke, operator dashboard refresh, Linear sync, and GitHub CI evidence for `27dc2918` | Superseded by the May 18 evidence snapshot; repeat from a strict clean checkout before real publication |
|
||||
| `docs/releases/2.0.0-rc.1/publication-evidence-2026-05-18.md` | May 18 queue-zero state, #1970/#1971/#1972 merge batch, #1978 review/closure, supply-chain recheck, AgentShield evidence mirror, Linear sync, current-head CI/security scan success for `4470e2e6`, and ITO-46 naming/plugin publication closure | Superseded by the May 19 ECC identity, video, and growth evidence snapshot |
|
||||
| `docs/releases/2.0.0-rc.1/publication-evidence-2026-05-19.md` | Current May 19/20 evidence for canonical ECC identity, release video suite, partner/sponsor/talk outreach pack, owner approval packet, release approval gate, May 20 operator dashboard, preview-pack smoke digest `eebb8a66c33e`, 2568-test local suite, PR #1998 visual QA CI success, PR #1999 dashboard evidence CI success, PR #2000 suite-count evidence success, PR #2001 owner approval packet CI success, PR #2002 owner-approval dashboard gate CI success, PR #2004 Linear readiness evidence sync CI success, PR #2008 supply-chain evidence gate CI success, post-PR #2006 main CI success, PR #2009 project-registry hygiene CI success, post-PR #2009 main CI success, post-PR #2011 GateGuard CI success, post-PR #2013 release-approval-gate CI success, PR #2017/#2018 AgentShield evidence sync, ECC-Tools #79 billing-announcement redaction hardening, ECC-Tools #80-#93 runtime-receipt, AgentShield approval-ID, Linear sync, remediation sync, hosted observability event/status/depth-plan/API readback, Marketplace Pro selected-target readback, selected-target announcement gate, env-file billing operator path, non-breaking operator bearer path, live `announcementGateReady: true`, AgentShield #94 Zed/VS Code adapter coverage, AgentShield #95 Dependabot alert closure, JARVIS #15/#16 queue/deploy repair, ECC #2019/#2020 Marketplace Pro gate sync, and the May 19/20 Linear sync comments | Current strongest readiness snapshot; must still be repeated from a strict clean checkout before real publication |
|
||||
| `docs/releases/2.0.0-rc.1/publication-evidence-2026-05-19.md` | Current May 19 evidence for canonical ECC identity, release video suite, partner/sponsor/talk outreach pack, owner approval packet, May 19 operator dashboard, preview-pack smoke digest `790430aef4a8`, 2550-test local suite, PR #1998 visual QA CI success, PR #1999 dashboard evidence CI success, PR #2000 suite-count evidence success, PR #2001 owner approval packet CI success, PR #2002 owner-approval dashboard gate CI success, PR #2004 Linear readiness evidence sync CI success, and the May 19 Linear sync document | Current strongest readiness snapshot; must still be repeated from a strict clean checkout before real publication |
|
||||
| `docs/releases/2.0.0-rc.1/operator-readiness-dashboard-2026-05-17.md` | Previous prompt-to-artifact operator dashboard | Superseded by the May 18 generated dashboard |
|
||||
| `docs/releases/2.0.0-rc.1/operator-readiness-dashboard-2026-05-18.md` | Previous prompt-to-artifact operator dashboard | Superseded by the May 19 generated dashboard |
|
||||
| `docs/releases/2.0.0-rc.1/operator-readiness-dashboard-2026-05-19.md` | Previous prompt-to-artifact operator dashboard | Superseded by the May 20 generated dashboard |
|
||||
| `docs/releases/2.0.0-rc.1/operator-readiness-dashboard-2026-05-20.md` | Current prompt-to-artifact operator dashboard | Shows PR/issue/discussion/platform/supply-chain gates current and adds the current `$1,728/mo` to `$10,000/mo` hypergrowth, video owner-approval, Linear release-gate sync, selected-target billing gate, operator bearer path, live billing gate pass, and outbound-pack operating lanes |
|
||||
| `docs/releases/2.0.0-rc.1/operator-readiness-dashboard-2026-05-19.md` | Current prompt-to-artifact operator dashboard | Shows PR/issue/discussion/platform/supply-chain gates current and adds the current `$1,728/mo` to `$10,000/mo` hypergrowth, video owner-approval, and outbound-pack operating lanes |
|
||||
| `docs/releases/2.0.0-rc.1/owner-approval-packet-2026-05-19.md` | Final human decision sheet for release, package, plugin, video, billing, social, and outbound approvals | Must be reviewed by the owner before any publication or outbound action |
|
||||
| `docs/releases/2.0.0-rc.1/release-url-ledger-2026-05-19.md` | Live URL and approval-gated URL ledger for release copy | Must be regenerated from the final release commit before public announcements |
|
||||
| `docs/releases/2.0.0-rc.1/video-suite-production.md` | Release video production manifest | Gates local media inventory, rough primary render, captions, timeline, self-eval, and no-private-path publication rules |
|
||||
@@ -82,7 +80,6 @@ Run these from the exact release commit before publication:
|
||||
git status --short --branch
|
||||
node scripts/platform-audit.js --json
|
||||
npm run preview-pack:smoke
|
||||
npm run release:approval-gate -- --format json
|
||||
npm run release:video-suite -- --format json
|
||||
npm run harness:adapters -- --check
|
||||
npm run harness:audit -- --format json
|
||||
@@ -101,8 +98,6 @@ The preview pack is assembled, but publication is still blocked until these live
|
||||
surfaces exist and are recorded in a final evidence file:
|
||||
|
||||
- final release URL ledger regenerated from the intended release commit;
|
||||
- `npm run release:approval-gate -- --format json` returning ready true after
|
||||
owner approvals and live URL readbacks are recorded;
|
||||
- final release name/plugin publication checklist rerun from the intended
|
||||
release commit;
|
||||
- GitHub prerelease `v2.0.0-rc.1`;
|
||||
@@ -111,10 +106,8 @@ surfaces exist and are recorded in a final evidence file:
|
||||
- Codex repo-marketplace distribution evidence plus official Plugin Directory
|
||||
availability status;
|
||||
- final announcement URLs in X, LinkedIn, GitHub release, and longform copy;
|
||||
- ECC Tools billing/product readiness evidence remains fresh: the May 20
|
||||
selected-target KV readback and live announcement gate passed through the
|
||||
operator bearer path. Repeat the billing readback and gate immediately before
|
||||
any native-payments announcement copy is published.
|
||||
- ECC Tools billing/product readiness evidence before any native-payments
|
||||
announcement copy is published.
|
||||
|
||||
## Result
|
||||
|
||||
|
||||
@@ -8,9 +8,9 @@ social announcement.
|
||||
|
||||
| Field | Evidence |
|
||||
| --- | --- |
|
||||
| Upstream main | `c2471fe5c535310f8a8008c9ed7ea9f6757b33f2` |
|
||||
| Upstream main | `d6022d6b8dc5ef1393cf18ae40ee58f646f3754e` |
|
||||
| Git remote | `https://github.com/affaan-m/ECC.git` |
|
||||
| Evidence scope | Current `main` after PR #1990 harness-audit GitHub integration scoring, PR #1991 canonical ECC identity gate, PR #1992 release video-suite gate, PR #1993 growth outreach pack, PR #1994 May 19 publication evidence refresh, PR #1995 operator dashboard refresh, PR #1996 primary render self-eval gate, PR #1997 publish-candidate gate, PR #1998 visual QA gate, PR #1999 video dashboard evidence refresh, PR #2000 suite-count evidence refresh, PR #2001 owner approval packet addition, PR #2002 owner approval dashboard gate refresh, PR #2004 Linear readiness evidence sync, PR #2005 post-PR #2004 evidence refresh, PR #2008 release supply-chain evidence gate fix, PR #2006 per-project Claude Code adapter, PR #2009 continuous-learning project registry hygiene fix, PR #2011 GateGuard quoted git introspection fix, PR #2013 deterministic release approval gate, PR #2017 AgentShield adapter evidence sync, PR #2018 AgentShield Dependabot evidence sync, ECC-Tools #80-#91 hosted observability/readback, Marketplace Pro selected-target, selected-target announcement gate, and env-file operator-path batch, AgentShield #94 Zed/VS Code adapter coverage, AgentShield #95 Dependabot alert closure, PR #2019 Marketplace Pro release-gate sync, and PR #2020 selected-target announcement gate sync |
|
||||
| Evidence scope | Current `main` after PR #1990 harness-audit GitHub integration scoring, PR #1991 canonical ECC identity gate, PR #1992 release video-suite gate, PR #1993 growth outreach pack, PR #1994 May 19 publication evidence refresh, PR #1995 operator dashboard refresh, PR #1996 primary render self-eval gate, PR #1997 publish-candidate gate, PR #1998 visual QA gate, PR #1999 video dashboard evidence refresh, PR #2000 suite-count evidence refresh, PR #2001 owner approval packet addition, PR #2002 owner approval dashboard gate refresh, PR #2004 Linear readiness evidence sync, and PR #2005 post-PR #2004 evidence refresh |
|
||||
| Local status caveat | `git status --short --branch` was clean after pulling `origin/main`; generated evidence files are committed after the source snapshot they describe |
|
||||
|
||||
The release operator must repeat all publish-facing checks from the exact final
|
||||
@@ -23,7 +23,7 @@ release commit with a strictly clean checkout before publishing.
|
||||
| Platform audit | `node scripts/platform-audit.js --json` | Ready true; tracked repos report 0 open PRs, 0 open issues, 0 discussion maintainer-touch gaps, 0 answerable Q&A gaps, 0 conflicting PRs, and 0 blocking dirty files |
|
||||
| Trunk PRs | `gh pr list --repo affaan-m/ECC --state open --json number,title,url,author --limit 100` | `[]` |
|
||||
| Trunk issues | `gh issue list --repo affaan-m/ECC --state open --json number,title,url,author --limit 100` | `[]` |
|
||||
| Discussion audit through platform audit | `node scripts/platform-audit.js --json` | `affaan-m/ECC` discussions enabled; 60 sampled after #2015 setup-location Q&A was answered and accepted; 0 needing maintainer touch; 0 answerable without accepted answer |
|
||||
| Discussion audit through platform audit | `node scripts/platform-audit.js --json` | `affaan-m/ECC` discussions enabled; 59 sampled after #2003 AURA integration proposal; 0 needing maintainer touch; 0 answerable without accepted answer |
|
||||
| Worktree | `git status --short --branch` | `## main...origin/main` |
|
||||
|
||||
Tracked repositories in the platform audit were:
|
||||
@@ -53,92 +53,24 @@ Tracked repositories in the platform audit were:
|
||||
| PR #2002 | Merged the owner-approval dashboard refresh so the operator dashboard fails closed when the final decision sheet is missing or incomplete; CI passed before merge |
|
||||
| PR #2004 | Merged the May 19 Linear readiness evidence sync after PR #2002, including roadmap, dashboard, preview-pack manifest, publication evidence, operator dashboard generator, and release-surface test updates |
|
||||
| PR #2005 | Merged the post-PR #2004 evidence refresh, keeping the May 19 readiness ledger, dashboard, roadmap, and release-surface references current on `main` |
|
||||
| PR #2008 | Merged the release supply-chain evidence gate fix so platform-audit readiness keeps matching current publication evidence |
|
||||
| PR #2006 | Merged the `claude-project` install target for per-project Claude Code adapter support, then fixed the manifest schema enum on top of the feature branch before merge |
|
||||
| PR #2009 | Merged the continuous-learning project registry hygiene fix: non-git hook payloads stay global, no-remote linked worktrees migrate to the main worktree project ID, and `instinct-cli.py projects delete`, `merge`, and `gc` provide operator maintenance commands |
|
||||
| PR #2011 | Merged the GateGuard read-only git introspection tokenizer fix so quoted `git show` pathspecs with spaces are preserved while quoted shell separators stay outside the bypass |
|
||||
| PR #2013 | Merged the deterministic `release:approval-gate` so final publication, package, plugin, video, billing, social, and outbound actions remain blocked until owner decisions and live URL readbacks are complete |
|
||||
| PR #2017 | Merged the AgentShield #94 evidence mirror as `906e06406e95742944ccb05065f95a7e4dd4a036`, syncing roadmap, publication evidence, preview-pack manifest, and supply-chain incident-response surfaces after full GitHub CI passed |
|
||||
| PR #2018 | Merged the AgentShield #95 Dependabot evidence mirror as `68b4e45145968acd52e68d900f8422061ed7f4a2`, syncing the roadmap, publication evidence, and preview-pack manifest after full PR CI passed |
|
||||
| PR #2019 | Merged the Marketplace Pro selected-target release-gate sync as `30f60710d4e0424fc70d9bbdc105009db141d9d8`, updating the roadmap, publication evidence, naming matrix, preview manifest, and operator dashboard after full PR CI passed |
|
||||
| PR #2020 | Merged the selected-target announcement gate sync as `c2471fe5c535310f8a8008c9ed7ea9f6757b33f2`, updating the roadmap, publication evidence, naming matrix, preview manifest, release URL ledger, platform audit surfaces, and operator dashboard after full PR CI passed |
|
||||
|
||||
## Post-Queue-Zero Sync - 2026-05-19 Late Pass
|
||||
|
||||
| Surface | Evidence |
|
||||
| --- | --- |
|
||||
| ECC approval gate | PR #2013 merged as `9819626459a662773be7d0b1c18d82c1316b8c36`; GitHub Actions run `26128749863` completed successfully; `npm run release:approval-gate -- --format json` remains intentionally blocked with digest `ef8f49f727b7`, 4/6 passing, and failures only on owner decisions plus live URL readbacks |
|
||||
| ECC platform audit | `node scripts/platform-audit.js --json` at `2026-05-19T22:45:15Z` returned ready true, 0 open PRs, 0 open issues, 0 discussion maintainer-touch gaps, 0 answerable Q&A gaps, and 0 dirty blockers across `affaan-m/ECC`, `affaan-m/agentshield`, `affaan-m/JARVIS`, `ECC-Tools/ECC-Tools`, and `ECC-Tools/ECC-website` |
|
||||
| ECC-Tools billing hardening | ECC-Tools PR #79 merged as `67ee247ae1b7b50ecc1261ed5d62d65cc8390da8`; preflight and live billing-announcement output now redact account login values to a stable fingerprint while preserving readiness blockers/actions; local validation passed targeted tests, full test suite 678/678, lint, typecheck, manual preflight, and `git diff --check`; post-merge main CI run `26129253509` completed successfully |
|
||||
| JARVIS queue drain | JARVIS PR #15 merged the Dependabot `idna` 3.11 to 3.15 security bump as `4b3685d6ee23b4da1f1a7d22281c6b5d6c0a42c7`; PR checks and post-merge CI/CodeQL passed |
|
||||
| JARVIS deploy repair | JARVIS PR #16 merged as `4369c34babd21d539c420866da51c7a8365f1c9e`; the deploy workflow no longer uses an invalid job-level `secrets.*` condition, Vercel deploy skips cleanly when secrets are absent, backend image build/push succeeds, and main CI, CodeQL, and Deploy runs `26129539376`, `26129539427`, and `26129539425` completed successfully |
|
||||
| Linear roadmap sync | Linear document `ecc-may-19-late-queue-zero-and-release-gate-sync-1c26f65e6b3f`, project comment `d42bf0e2-7a8e-4934-9f3f-e281498ee805`, and issue comments on ITO-44, ITO-50, ITO-54, ITO-56, and ITO-61 record the late-pass queue-zero, release-gate, billing-safety, and progress-sync state. |
|
||||
|
||||
## May 20 Hosted Observability And AgentShield Adapter Sync
|
||||
|
||||
| Surface | Evidence |
|
||||
| --- | --- |
|
||||
| ECC discussion queue | Discussion #2015 was answered and marked accepted with conservative setup guidance: do not install in `C:\`; use a normal workspace; install `ecc@ecc` once through the Claude plugin marketplace; copy only needed rule folders when using manual rules; do not stack plugin plus full manual install. |
|
||||
| ECC platform audit | `node scripts/platform-audit.js --json` at `2026-05-20T00:25:38Z` returned ready true with 0 open PRs, 0 open issues, 0 discussion maintainer-touch gaps, 0 answerable Q&A gaps, 0 conflicting PRs, and 0 dirty blockers across `affaan-m/ECC`, `affaan-m/agentshield`, `affaan-m/JARVIS`, `ECC-Tools/ECC-Tools`, and `ECC-Tools/ECC-website`. |
|
||||
| ECC platform audit recheck | `npm run platform:audit -- --json` at `2026-05-20T00:42:11Z` returned ready true with 0 open PRs, 0 open issues, 0 discussion maintainer-touch gaps, 0 answerable Q&A gaps, 0 conflicting PRs, 0 GitHub errors, and 0 dirty blockers across the same tracked repo set after AgentShield #94 merged. |
|
||||
| ECC-Tools #80/#81/#82 | PR #80 merged runtime-receipt failure-reason enforcement as `4efc8cc858022f84c844690f3298633b081c4398`; PR #81 preserved AgentShield fleet approval IDs as `1fbf635f492284f75ba7166c029c39eb8cc15794`; PR #82 rendered those approval IDs in hosted security review comments/check-runs as `7a7b4d096a176ae80b3a2076c09d45601e36013a`. |
|
||||
| ECC-Tools #83/#84 | PR #83 merged deterministic Linear external-ID reuse for deferred follow-ups as `b6b107f33961bef18a85fb619f3a976eb5d752dd`; PR #84 merged hosted AgentShield remediation sync to Linear as `73bac7058071c55cb30c6b8ac6db779b3660c02c`. Local validation covered focused route/client tests, typecheck, lint, full ECC-Tools test suite, and whitespace checks before merge; GitHub Verify, Security Audit, and Workers Builds passed. |
|
||||
| ECC-Tools #85/#86/#87 | PR #85 merged hosted job observability events as `1637e0f2bfa0a889387f2c20675680ccc5528123`; PR #86 merged hosted status observability readback as `5a9e94d3ff860307c3e7fd9fd065f0de2bd633dd`; PR #87 merged hosted depth-plan observability readback as `508fbc02b63cf1fcb5af2f3624608fa66e53b5d4`. Local validation for the final depth-plan readback slice passed the focused hosted depth-plan route test, full route suite (89/89), typecheck, lint, full ECC-Tools Vitest suite (683/683), and `git diff --check`; GitHub Verify, Security Audit, and Workers Builds passed before merge. |
|
||||
| ECC-Tools #88 | PR #88 merged authenticated hosted observability API readback as `c836ac3fb24ed7e2ae38cd61e41c9651ac9c00f8`. `GET /api/analysis/observability` now summarizes hosted events by event type and job for operator/dashboard readback, skips malformed stale KV records, and the deployment runbook includes the production smoke command. Local verification passed typecheck, lint, full ECC-Tools Vitest suite (686/686), and `git diff --check`; GitHub Verify, Security Audit, and Workers Builds passed before merge. |
|
||||
| AgentShield #94 | PR #94 merged Zed/VS Code adapter coverage as `4caee27acfadb50a4cd024e738b5c3cbd4b0bb03`. AgentShield now reports Zed and VS Code as first-class harness adapters, discovers `.zed/settings.json`, `.zed/tasks.json`, and `.zed` hook-code files, and flags `.zed/setup.mjs` in the AI-tool persistence IOC rule alongside `.vscode/setup.mjs`. Local verification passed typecheck, lint, focused scanner/rule tests, full `npm test` (1822 tests), `npm run build`, and `git diff --check`; GitHub checks passed across GitGuardian, scan suite, self-scan, self-scan examples, Node 18/20/22 CI, CodeRabbit, and Cubic after rerunning a transient artifact-upload failure. |
|
||||
| AgentShield #95 | PR #95 merged the `brace-expansion` Dependabot fix as `25d91f0002214c408da4ceaac7def20bad40ca10`. The lockfile now resolves vulnerable transitive `brace-expansion` 5.x entries to `5.0.6`, local `npm audit --audit-level=moderate` returns 0 vulnerabilities, and `gh api repos/affaan-m/agentshield/dependabot/alerts?state=open` returns `[]`. Local validation passed typecheck, lint, full `npm test` (1822 tests), build, audit, and whitespace checks; GitHub checks passed across Verify Node 18/20/22, self-scan, self-scan examples, Test GitHub Action, GitGuardian, CodeRabbit, and Cubic. |
|
||||
| Linear roadmap sync | Linear ITO-54 comment `74dcc101-3be5-4173-be13-62b80d54f569` and ECC Platform Roadmap project comment `348ea8f5-2a2d-46d9-a0fe-ed99653e7fe5` record the May 20 hosted observability status/depth-plan readback batch; Linear comments `291e2a4b-06e3-4672-a057-cdb141478161` and `b2d35de0-ca49-44cb-982a-ddec229e7691` add the #88 observability API readback; Linear ITO-49 comment `faed69dd-35f5-469d-acb5-ddde6a70d6a1` and project comment `70187c1e-d481-4181-b418-09bd65d54b5e` add the #94 AgentShield Zed/VS Code adapter evidence; Linear ITO-49 comment `371fc3e4-611f-4d20-a23f-67db1260b418`, ITO-57 comment `bd06e252-15c1-4256-b667-caa3f64f5968`, and project comment `22c2c388-2fd1-4dea-a939-6141f40c9a21` add the #95 AgentShield Dependabot alert closure; earlier comments on ITO-54, ITO-48, and the project record the #84 hosted remediation sync and #85 hosted observability event emission batches. |
|
||||
|
||||
## May 20 Marketplace Pro Release-Gate Sync
|
||||
|
||||
| Surface | Evidence |
|
||||
| --- | --- |
|
||||
| ECC-Tools #89 | PR #89 merged as `512bca6b99cdaa67058a6aa9a4e7e7f0b1d9873a` after Verify, Security Audit, and Workers Builds passed. It added `billing:kv-readback -- --select-ready-target --require-ready`, allowing operators to select a ready Marketplace Pro target internally without passing or printing the login. |
|
||||
| Live production readback | The 2026-05-20 Wrangler OAuth readback found ready-like Marketplace Pro records with webhook provenance, selected a target with both key families, seat and webhook readiness, no overage, and 0 blockers, with account details redacted. The old missing Marketplace Pro target-state blocker is cleared. |
|
||||
| ECC #2019 | PR #2019 merged as `30f60710d4e0424fc70d9bbdc105009db141d9d8`, syncing the selected-target readback evidence into the GA roadmap, rc.1 publication evidence, naming matrix, preview manifest, and operator dashboard. |
|
||||
| ECC-Tools #90 | PR #90 merged as `16a5bb33ee5ce7c31d2ad8d041e5afac03308f05` after Verify, Security Audit, and Workers Builds passed. It added the selected-target official announcement gate through `/api/billing/readiness?selectReadyTarget=1` and `npm run billing:announcement-gate -- --select-ready-target`, keeping the raw account login out of command logs. |
|
||||
| ECC #2020 | PR #2020 merged as `c2471fe5c535310f8a8008c9ed7ea9f6757b33f2`, syncing ECC-Tools #90 into the roadmap, publication evidence, naming matrix, preview manifest, publication readiness, release URL ledger, platform audit surfaces, and operator dashboard. |
|
||||
| ECC-Tools #91 | PR #91 merged as `72119a1acc6f5a0cd3bb5d90afd6e87fd1fefd05` after Verify, Security Audit, and Workers Builds passed. It added `--env-file` to the billing announcement and KV readback scripts for ignored local operator credential files, with tests proving sentinel secrets and account logins are not printed. |
|
||||
| ECC-Tools #92 | PR #92 merged as `18d80197be779619283e0b37e2952bac53819a07` after Verify, Security Audit, and Workers Builds passed. It added the non-breaking `INTERNAL_OPERATOR_API_SECRET` bearer accepted by privileged internal API routes without rotating the primary `INTERNAL_API_SECRET`, and the merged Worker was deployed to `api.ecc.tools`. |
|
||||
| May 20 live selected-target gate | Vault-backed Wrangler readback passed with Marketplace Pro state, target fingerprint `e953a74209fe`, both key families, webhook evidence, seat readiness, no overage, and 0 blockers. After rotating the operator bearer, `npm run billing:announcement-gate -- --preflight --select-ready-target` returned ready and `npm run billing:announcement-gate -- --select-ready-target` returned `announcementGateReady: true`, 0 required actions, 0 blockers, and audit summary 6 pass / 1 warn / 0 fail. |
|
||||
| ECC-Tools #93 | PR #93 merged as `d3d62df83fa075660fa4530c3e0edc311a4355fe`, recording the live billing announcement gate pass in the launch checklist and distribution roadmap while preserving final release/plugin/URL approval gates. |
|
||||
| Post-merge main CI | ECC GitHub Actions runs `26135974576`, `26136949698`, and `26138015245` completed successfully on `main` for `30f60710d4e0424fc70d9bbdc105009db141d9d8`, `c2471fe5c535310f8a8008c9ed7ea9f6757b33f2`, and `6e25458dbc15cd07cfb7a4e1f0b06f3eda41a043` across lint, coverage, security, validation, and the full OS/package-manager matrix. ECC-Tools main CI runs `26137280847`, `26138403065`, and `26138669148` completed successfully for `72119a1acc6f5a0cd3bb5d90afd6e87fd1fefd05`, `18d80197be779619283e0b37e2952bac53819a07`, and `d3d62df83fa075660fa4530c3e0edc311a4355fe`. |
|
||||
| Post-merge local gates | `npm run platform:audit -- --json` returned ready true with 0 PRs, 0 issues, 0 discussion gaps, and 0 dirty blockers; `npm run preview-pack:smoke -- --format json` returned ready true with digest `531328aaaa53` before the May 20 dashboard rollover and `eebb8a66c33e` after adding the May 20 dashboard artifact; `git diff --check HEAD~1..HEAD` was clean. |
|
||||
| Linear roadmap sync | Linear ITO-61 comment `467d148a-712a-4777-aad9-95593e9f1739` and ECC Platform Roadmap project comment `7642ee9c-3107-400c-a229-53e2895a8914` record ECC-Tools #89, ECC #2019, the green post-merge CI run, and the earlier internal bearer-token gate; Linear ITO-44 comment `a9297467-208a-41e4-8dbb-35f0dad5fe2b`, ITO-56 comment `5008b70b-cf98-43cd-a8d4-f098ba9b9780`, ITO-61 comment `5ebf0aaf-e2d3-4537-878f-484f49dcf87a`, and project reply `1c74a3d0-f8ca-4306-997e-a37c53d49f97` record the ECC #2020 selected-target announcement-gate sync; a new Linear sync should record ECC-Tools #92/#93 and the live gate pass. |
|
||||
| Remaining blocker | Native-payments billing evidence is ready as of the May 20 selected-target gate pass. Repeat KV readback and `billing:announcement-gate -- --select-ready-target` immediately before launch, and keep native-payments copy behind the final release, plugin, live URL, and owner-approval gates. |
|
||||
|
||||
## Release And Growth Evidence
|
||||
|
||||
| Gate | Command | Result |
|
||||
| --- | --- | --- |
|
||||
| Release-surface tests | `node tests/docs/ecc2-release-surface.test.js` | 28 passed, 0 failed |
|
||||
| Preview-pack smoke | `npm run preview-pack:smoke -- --format json` | Ready true; digest `eebb8a66c33e`; 33 required artifacts; 5 passed, 0 failed |
|
||||
| Release approval gate | `npm run release:approval-gate -- --format json` | Expected blocked; digest `ef8f49f727b7`; 4 passed, 2 failed; owner decisions and live URL readbacks remain approval-gated |
|
||||
| Operator dashboard | `npm run operator:dashboard -- --write docs/releases/2.0.0-rc.1/operator-readiness-dashboard-2026-05-20.md` | Regenerated from the May 20 `main` baseline with platform audit ready true, 0 tracked PRs, 0 tracked issues, 0 discussion gaps, `$1,728/mo` current MRR, `$10,000/mo` target MRR, the release video suite marked current, Linear release-gate sync current, and top actions for plugin publication, notifications, outbound approval, AgentShield, and ECC Tools billing |
|
||||
| Release-surface tests | `node tests/docs/ecc2-release-surface.test.js` | 27 passed, 0 failed |
|
||||
| Preview-pack smoke | `npm run preview-pack:smoke -- --format json` | Ready true; digest `790430aef4a8`; 31 required artifacts; 5 passed, 0 failed |
|
||||
| Operator dashboard | `npm run operator:dashboard -- --write docs/releases/2.0.0-rc.1/operator-readiness-dashboard-2026-05-19.md` | Regenerated from the May 19 `main` baseline with platform audit ready true, 0 tracked PRs, 0 tracked issues, 0 discussion gaps, `$1,728/mo` current MRR, `$10,000/mo` target MRR, the release video suite marked current, and top actions for plugin publication, notifications, outbound approval, AgentShield, and ECC Tools billing |
|
||||
| Supply-chain verification | `npm audit --audit-level=moderate`; `npm audit signatures`; `yarn install --immutable --mode=skip-build` | Current supply-chain refresh found 0 npm vulnerabilities, verified 254 registry signatures and 30 attestations, and accepted the Yarn lock after pinning `@types/node@25.7.0` plus refreshing `brace-expansion` to `5.0.6` / `1.1.14` |
|
||||
| Release video suite | `npm run release:video-suite -- --format json --summary` with `ECC_VIDEO_SOURCE_ROOT` and `ECC_VIDEO_RELEASE_SUITE_ROOT` | Ready true; 15/15 source assets present; 13/13 render, timeline, caption, EDL, and segment artifacts present; 12/12 publish-candidate outputs present with zero detected black-frame segments; primary rough render self-eval passed at 144.759 seconds, 1920x1080, 1 audio stream, and 106.78 MB |
|
||||
| Focused post-merge regression set | `node tests/hooks/detect-project-worktree.test.js`; `node tests/hooks/observe-subdirectory-detection.test.js`; `node tests/scripts/instinct-cli-projects.test.js`; `node tests/hooks/hooks.test.js` | 10/10, 6/6, 5/5, and 237/237 passed after PR #2009 merged |
|
||||
| GateGuard PR #2011 regression | `node tests/hooks/gateguard-fact-force.test.js`; `npm test`; `git diff --check main...HEAD` | 91/91 passed on the PR branch; full local suite passed 2560/2560 before merge; whitespace check passed; focused GateGuard suite passed again on current `main` |
|
||||
| Release approval gate PR #2013 validation | `npm test`; `npm run lint`; `git diff --check`; `npm run preview-pack:smoke -- --format json`; `npm run release:approval-gate -- --format json` | 2568/2568 tests passed before merge; lint and whitespace passed; preview pack stayed ready with digest `531328aaaa53`; release approval gate returned the expected blocked exit with digest `ef8f49f727b7` |
|
||||
| Full local suite | `node tests/run-all.js` | 2568 passed, 0 failed before PR #2013 merge |
|
||||
| Full local suite | `node tests/run-all.js` | 2550 passed, 0 failed |
|
||||
| PR #1998 CI | GitHub Actions run `26099020341` | Completed successfully for `d500de1e9f11c0446b6a1349bd98b522d31f9125`; all reported checks passed, including lint, validation, security scan, coverage, GitGuardian, CodeRabbit, Cubic, and the macOS/Ubuntu/Windows test matrix |
|
||||
| PR #1999 CI | GitHub Actions run `26100148726` | Completed successfully for `90584b6d5e5814bc2ad9a4cd651bebd043de989d`; lint, validation, security scan, coverage, GitGuardian, CodeRabbit, and the macOS/Ubuntu/Windows test matrix passed; Cubic completed neutral and did not block merge |
|
||||
| PR #2001 CI | GitHub Actions run `26102500291` | Completed successfully for `8148340ad14eb32c971346f0cb4cb9431ec0f5de`; required checks passed before merge |
|
||||
| PR #2002 CI | GitHub Actions run `26103853507` | Completed successfully before merge; required checks passed, Cubic remained non-blocking, and PR #2002 merged into `main` as `c7d662c3c68719e5ef0b5305ca3f6782b3214224` |
|
||||
| PR #2004 CI | GitHub Actions run `26105012698` | Completed successfully after rerunning the single failed Windows Node 18 yarn job; required checks passed, Cubic remained non-blocking, and PR #2004 merged into `main` as `ac7434ea8f39166b11e9d06ce64b38c4fb8d9202` |
|
||||
| PR #2005 CI | GitHub Actions run `26106321921` | Completed successfully with 37 completed jobs, 0 failed jobs, and PR #2005 merged into `main` as `d6022d6b8dc5ef1393cf18ae40ee58f646f3754e` |
|
||||
| PR #2008 CI | GitHub Actions run `26108473648` | Completed successfully across the required matrix before merge; non-blocking Cubic skipped after review |
|
||||
| Post-PR #2006 main CI | GitHub Actions run `26109953093` | Completed successfully with 37 completed jobs, 0 failed jobs, and `main` advanced to `98bd517451f38fa0150a53aab4234c2239a47b7e` |
|
||||
| PR #2009 CI | GitHub Actions run `26111313938` | Completed successfully with 37 completed jobs, 0 failed jobs after replacing the brittle fake-worktree regression fixture with a real `git worktree add` setup |
|
||||
| Post-PR #2009 main CI | GitHub Actions run `26111946778` | Completed successfully with 37 completed jobs, 0 failed jobs, and `main` advanced to `bc519e5b8ed42f26c0a5a611756e04351c323f21` |
|
||||
| Post-PR #2011 main CI | GitHub Actions run `26113695068` | Completed successfully with 37 completed jobs, 0 failed jobs, and `main` advanced to `14d88e517b0c56a80c1a6392b1cde2474948d29f` |
|
||||
| Post-PR #2013 main CI | GitHub Actions run `26128749863` | Completed successfully with `main` advanced to `9819626459a662773be7d0b1c18d82c1316b8c36` |
|
||||
| Post-PR #2019 main CI | GitHub Actions run `26135974576` | Completed successfully with `main` advanced to `30f60710d4e0424fc70d9bbdc105009db141d9d8` |
|
||||
| Post-PR #2020 main CI | GitHub Actions run `26136949698` | Completed successfully with `main` advanced to `c2471fe5c535310f8a8008c9ed7ea9f6757b33f2` |
|
||||
| ECC-Tools #91 main CI | GitHub Actions run `26137280847` | Completed successfully on ECC-Tools `main` with `72119a1acc6f5a0cd3bb5d90afd6e87fd1fefd05` after the env-file billing gate support merged |
|
||||
| ECC-Tools #92 main CI | GitHub Actions run `26138403065` | Completed successfully on ECC-Tools `main` with `18d80197be779619283e0b37e2952bac53819a07` after the operator bearer path merged |
|
||||
| ECC-Tools #93 main CI | GitHub Actions run `26138669148` | Completed successfully on ECC-Tools `main` with `d3d62df83fa075660fa4530c3e0edc311a4355fe` after the live billing announcement evidence merged |
|
||||
| Linear sync | Linear document `ecc-may-19-post-pr-2002-sync-64cef8f668e0` plus project comment `a6411e3a-8c8e-4a58-adba-687e77d4c543`; late-pass document `ecc-may-19-late-queue-zero-and-release-gate-sync-1c26f65e6b3f` plus project comment `d42bf0e2-7a8e-4934-9f3f-e281498ee805`; May 20 ITO-61 comment `467d148a-712a-4777-aad9-95593e9f1739` plus project comment `7642ee9c-3107-400c-a229-53e2895a8914`; May 20 ITO-44 comment `a9297467-208a-41e4-8dbb-35f0dad5fe2b`, ITO-56 comment `5008b70b-cf98-43cd-a8d4-f098ba9b9780`, ITO-61 comment `5ebf0aaf-e2d3-4537-878f-484f49dcf87a`, and project reply `1c74a3d0-f8ca-4306-997e-a37c53d49f97` | Project and issue lanes record PR #2002 evidence, discussion #2003 routing, owner-approval dashboard gate, and In Progress status for ITO-47, ITO-48, ITO-49, ITO-51, ITO-54, and ITO-56; the late-pass sync attaches PR #2013, ECC-Tools #79, and JARVIS #15/#16 evidence to ITO-44, ITO-50, ITO-54, ITO-56, and ITO-61; the May 20 sync attaches ECC-Tools #89/#90, ECC #2019/#2020 Marketplace Pro selected-target and selected-target announcement-gate evidence, and the remaining env-file/bearer-token gate to ITO-44, ITO-56, ITO-61, and the project |
|
||||
| Linear sync | Linear document `ecc-may-19-post-pr-2002-sync-64cef8f668e0` plus project comment `a6411e3a-8c8e-4a58-adba-687e77d4c543` | Project and issue lanes now record PR #2002 evidence, discussion #2003 routing, owner-approval dashboard gate, and In Progress status for ITO-47, ITO-48, ITO-49, ITO-51, ITO-54, and ITO-56 |
|
||||
| Public-path sanitization | `node scripts/ci/validate-no-personal-paths.js` through local suite and CI | Passed |
|
||||
| Markdown and whitespace | `markdownlint` focused release docs plus `git diff --check` before PR #1999 | Passed |
|
||||
|
||||
@@ -152,8 +84,8 @@ Tracked repositories in the platform audit were:
|
||||
| Growth proof | `partner-sponsor-talks-pack.md` provides approval-gated copy for sponsors, partners, consulting, talks, podcasts, GitHub Discussion, and video CTAs |
|
||||
| Owner approval proof | `owner-approval-packet-2026-05-19.md` centralizes release, package, plugin, video, billing, social, and outbound decision gates |
|
||||
| Business baseline | Hypergrowth command center and partner pack use `$1,728/mo` current MRR, `$10,000/mo` target MRR, and `$8,272/mo` gap |
|
||||
| Operator dashboard | `operator-readiness-dashboard-2026-05-20.md` pulls the growth baseline into the same queue, publication, video, outbound, AgentShield, ECC Tools billing/env-file gate, Linear, and supply-chain control surface |
|
||||
| Linear progress proof | Linear project document `ecc-may-19-post-pr-2002-sync-64cef8f668e0` mirrors the post-PR #2002 state and records active lanes for launch materials, AgentShield, ECC Tools deep analysis, observability, and final release publication; Linear document `ecc-may-19-late-queue-zero-and-release-gate-sync-1c26f65e6b3f` adds the PR #2013 approval gate, ECC-Tools #79 redaction hardening, and JARVIS #15/#16 queue/deploy repair evidence; May 20 Linear comments `74dcc101-3be5-4173-be13-62b80d54f569`, `348ea8f5-2a2d-46d9-a0fe-ed99653e7fe5`, `291e2a4b-06e3-4672-a057-cdb141478161`, `b2d35de0-ca49-44cb-982a-ddec229e7691`, `faed69dd-35f5-469d-acb5-ddde6a70d6a1`, `70187c1e-d481-4181-b418-09bd65d54b5e`, `371fc3e4-611f-4d20-a23f-67db1260b418`, `bd06e252-15c1-4256-b667-caa3f64f5968`, `22c2c388-2fd1-4dea-a939-6141f40c9a21`, `a9297467-208a-41e4-8dbb-35f0dad5fe2b`, `5008b70b-cf98-43cd-a8d4-f098ba9b9780`, `5ebf0aaf-e2d3-4537-878f-484f49dcf87a`, and `1c74a3d0-f8ca-4306-997e-a37c53d49f97` add ECC-Tools hosted observability readback evidence, AgentShield adapter evidence, AgentShield Dependabot alert closure, and Marketplace selected-target announcement-gate evidence to ITO-44, ITO-49, ITO-54, ITO-56, ITO-57, ITO-61, and the project |
|
||||
| Operator dashboard | `operator-readiness-dashboard-2026-05-19.md` pulls the growth baseline into the same queue, publication, video, outbound, AgentShield, ECC Tools, Linear, and supply-chain control surface |
|
||||
| Linear progress proof | Linear project document `ecc-may-19-post-pr-2002-sync-64cef8f668e0` mirrors the post-PR #2002 state and records active lanes for launch materials, AgentShield, ECC Tools deep analysis, observability, and final release publication |
|
||||
|
||||
## Current Publication Blockers
|
||||
|
||||
@@ -164,21 +96,9 @@ Tracked repositories in the platform audit were:
|
||||
- Codex repo-marketplace distribution is verified by prior evidence, but
|
||||
official Plugin Directory publishing remains blocked on OpenAI submission or
|
||||
listing evidence.
|
||||
- ECC Tools billing/native-payments evidence is no longer blocked by the
|
||||
internal bearer-token path or selected-target announcement gate. Repeat
|
||||
`billing:kv-readback -- --select-ready-target --require-ready` and
|
||||
`billing:announcement-gate -- --select-ready-target` immediately before
|
||||
launch, and keep the copy behind the final release, plugin, live URL, and
|
||||
owner-approval gates.
|
||||
ECC-Tools PR #89 (`512bca6`) added `billing:kv-readback --
|
||||
--select-ready-target --require-ready`; its 2026-05-20 production run cleared
|
||||
the old missing-target-state blocker without printing the account login.
|
||||
ECC-Tools PR #90 (`16a5bb3`) added the selected-target official announcement
|
||||
gate, so production preflight no longer needs a raw GitHub login.
|
||||
ECC-Tools PR #91 (`72119a1`) added `--env-file` support for ignored local
|
||||
billing credentials without printing loaded secrets or account logins.
|
||||
ECC-Tools PR #92 (`18d8019`) added the non-breaking operator bearer path, and
|
||||
ECC-Tools PR #93 (`d3d62df`) recorded the live gate pass.
|
||||
- ECC Tools billing/native-payments copy remains blocked until a Marketplace
|
||||
Pro purchase/webhook path writes ready production billing state for a target
|
||||
Marketplace test account and the billing announcement gate passes.
|
||||
- Release notes, X, LinkedIn, GitHub release, GitHub Discussion, longform copy,
|
||||
sponsor outreach, partner outreach, consulting copy, conference pitches, and
|
||||
podcast pitches still need final live URLs plus human approval before posting
|
||||
@@ -189,18 +109,10 @@ Tracked repositories in the platform audit were:
|
||||
## Result
|
||||
|
||||
The tracked public PR queue, issue queue, discussion queue, canonical ECC
|
||||
identity, release video suite, preview pack, growth outreach packet, per-project
|
||||
Claude Code adapter surface, continuous-learning project registry hygiene,
|
||||
GateGuard quoted git introspection fix, deterministic release approval gate,
|
||||
ECC-Tools billing-announcement redaction hardening, selected-target billing
|
||||
readback, selected-target announcement gate, billing gate env-file operator path,
|
||||
ECC-Tools hosted observability readback, AgentShield Zed/VS Code adapter coverage,
|
||||
AgentShield Dependabot alert closure, and JARVIS security/deploy queue repairs
|
||||
are current on May 20, 2026 for ECC `main` through
|
||||
`c2471fe5c535310f8a8008c9ed7ea9f6757b33f2`, ECC-Tools `main` through
|
||||
`72119a1acc6f5a0cd3bb5d90afd6e87fd1fefd05`, and AgentShield `main` through
|
||||
`25d91f0002214c408da4ceaac7def20bad40ca10`. The remaining video work is owner
|
||||
approval, upload, and public URL attachment, not render or QA production.
|
||||
identity, release video suite, preview pack, and growth outreach packet are
|
||||
current on May 19, 2026 for `main` through
|
||||
`d6022d6b8dc5ef1393cf18ae40ee58f646f3754e`. The remaining video work is
|
||||
owner approval, upload, and public URL attachment, not render or QA production.
|
||||
|
||||
This improves publication readiness but does not replace the approval-gated
|
||||
release, package, plugin, billing, Discord, and announcement steps in
|
||||
|
||||
@@ -56,10 +56,8 @@ For the May 17 operator dashboard refresh, see
|
||||
For the May 18 operator dashboard refresh, see
|
||||
[`operator-readiness-dashboard-2026-05-18.md`](operator-readiness-dashboard-2026-05-18.md).
|
||||
|
||||
For the May 19 hypergrowth/operator dashboard, see
|
||||
The current May 19 hypergrowth/operator dashboard is
|
||||
[`operator-readiness-dashboard-2026-05-19.md`](operator-readiness-dashboard-2026-05-19.md).
|
||||
The current May 20 Marketplace Pro release-gate operator dashboard is
|
||||
[`operator-readiness-dashboard-2026-05-20.md`](operator-readiness-dashboard-2026-05-20.md).
|
||||
For the final owner decision sheet across release, npm, plugin, video, billing,
|
||||
social, and outbound approvals, see
|
||||
[`owner-approval-packet-2026-05-19.md`](owner-approval-packet-2026-05-19.md).
|
||||
@@ -93,7 +91,7 @@ For the May 19 live/pending release URL ledger after the public repo rename, see
|
||||
| Claude plugin | Manifest validates, marketplace JSON points to public repo, install docs match slug | `claude plugin validate .claude-plugin/plugin.json`; `claude plugin tag .claude-plugin --dry-run`; isolated temp-home install smoke | `Blocker: real tag creation/push requires approval` | Plugin owner | Clean-checkout dry-run and install smoke recorded |
|
||||
| Codex plugin | Manifest version matches package and docs, repo marketplace points at the plugin root, and OpenAI's current official Plugin Directory status is recorded | `node tests/docs/ecc2-release-surface.test.js`; `node tests/plugin-manifest.test.js`; `codex plugin marketplace add --help`; temp-home `codex plugin marketplace add <local-checkout>` | `Blocker: official Plugin Directory listing requires OpenAI submission/listing evidence` | Plugin owner | Repo-marketplace distribution verified; official directory pending |
|
||||
| OpenCode package | Build output is regenerated from source and package metadata is current | `npm run build:opencode` | `Blocker: none for local build; public distribution still follows npm/plugin release` | Package owner | Evidence recorded |
|
||||
| ECC Tools billing reference | Any billing claim links to verified Marketplace/App state | `env -u GITHUB_TOKEN gh repo view ECC-Tools/ECC-Tools --json nameWithOwner,isPrivate,viewerPermission` plus internal `/api/billing/readiness?selectReadyTarget=1` readback using the operator bearer path | `Ready: ECC-Tools #92 main CI and ECC-Tools #93 main CI passed; live selected-target readback returned announcementGate.ready === true on 2026-05-20; repeat before payment announcement` | ECC Tools owner | Billing evidence ready; final copy still waits on release/plugin/live URL approvals |
|
||||
| ECC Tools billing reference | Any billing claim links to verified Marketplace/App state | `env -u GITHUB_TOKEN gh repo view ECC-Tools/ECC-Tools --json nameWithOwner,isPrivate,viewerPermission` plus internal `/api/billing/readiness?accountLogin=<marketplace-test-account>` readback | `Blocker: ECC-Tools #73 added announcementGate; live Marketplace test-account readback must return announcementGate.ready === true before payment announcement` | ECC Tools owner | Code gate recorded; live billing readback pending |
|
||||
| Announcement copy | X, LinkedIn, GitHub release, and longform copy point to live URLs | placeholder-marker scan and `release-url-ledger-2026-05-19.md` | `Blocker: final live release/npm/plugin/billing URLs do not exist yet; live and pending URLs are separated in the May 19 ledger` | Release owner | URL ledger recorded; final URLs pending |
|
||||
| Privileged workflow hardening | Release and maintenance workflows avoid persisted checkout tokens | `node scripts/ci/validate-workflow-security.js` | `Blocker:` | Release owner | Evidence recorded in post-hardening refresh |
|
||||
|
||||
@@ -103,23 +101,22 @@ Record the exact commit SHA and command output before any publication action:
|
||||
|
||||
| Evidence | Command | Required result | Recorded output |
|
||||
| --- | --- | --- | --- |
|
||||
| Clean release branch | `git status --short --branch` | On intended release commit; no unrelated files | Current May 20 baseline `c2471fe5c535310f8a8008c9ed7ea9f6757b33f2`: `## main...origin/main`; repeat from the exact final publication commit before release |
|
||||
| Preview-pack smoke | `npm run preview-pack:smoke` | Preview pack artifacts, Hermes boundary, final verification command list, and publication blockers pass | `publication-evidence-2026-05-19.md`: ready yes, digest `eebb8a66c33e`, 33 artifacts, 5 passed, 0 failed; repeat in the final strict clean-checkout release pass |
|
||||
| Release approval gate | `npm run release:approval-gate -- --format json` | Ready true only after owner decision rows are approved, live release/package/plugin/video/billing URLs are recorded, and launch/outbound copy has no placeholders or private paths | Current May 19 state is intentionally blocked because owner decisions and live URL readbacks remain approval-gated |
|
||||
| Clean release branch | `git status --short --branch` | On intended release commit; no unrelated files | Post-PR #2005 baseline `d6022d6b8dc5ef1393cf18ae40ee58f646f3754e`: `## main...origin/main`; repeat from the exact final publication commit before release |
|
||||
| Preview-pack smoke | `npm run preview-pack:smoke` | Preview pack artifacts, Hermes boundary, final verification command list, and publication blockers pass | `publication-evidence-2026-05-19.md`: ready yes, digest `790430aef4a8`, 31 artifacts, 5 passed, 0 failed; repeat in the final strict clean-checkout release pass |
|
||||
| Harness audit | `npm run harness:audit -- --format json` | 80/80 passing | Current release gate: 80/80 across 8 applicable categories, 0 top actions |
|
||||
| Adapter scorecard | `npm run harness:adapters -- --check` | PASS | Current release gate: PASS, 11 adapters |
|
||||
| Observability readiness | `npm run observability:ready` | 21/21 passing | Current release gate: 21/21, ready true |
|
||||
| Release safety gate | `npm run observability:ready -- --format json` | Release Safety category passing with publication readiness, supply-chain, workflow security, package surface, and release-surface evidence | Current release gate keeps Release Safety passing at 3/3; repeat the JSON gate from the exact final release commit |
|
||||
| Supply-chain verification | `npm audit --audit-level=moderate`; `npm audit signatures`; `yarn install --immutable --mode=skip-build`; `cd ecc2 && cargo audit -q`; Dependabot alerts; GitGuardian Security Checks | 0 vulnerabilities/alerts, registry signatures verified, package-manager locks accepted, GitGuardian clean | Current supply-chain branch: `npm audit` found 0 vulnerabilities; `npm audit signatures` verified 254 registry signatures and 30 attestations; Yarn immutable install accepted the lock after pinning `@types/node@25.7.0` and moving `brace-expansion` to `5.0.6` / `1.1.14`; PR #2008 CI `26108473648`, post-PR #2006 main CI `26109953093`, PR #2009 CI `26111313938`, and post-PR #2009 main CI `26111946778` completed with 0 failures |
|
||||
| Root suite | `node tests/run-all.js` | 0 failures | Current May 19 local suite: 2568 passed, 0 failed before PR #2013 merged; post-PR #2009 focused regressions also passed for worktree detection, observe subdirectory/global fallback, project maintenance CLI, and the hooks suite |
|
||||
| Supply-chain verification | `npm audit --audit-level=moderate`; `npm audit signatures`; `yarn install --immutable --mode=skip-build`; `cd ecc2 && cargo audit -q`; Dependabot alerts; GitGuardian Security Checks | 0 vulnerabilities/alerts, registry signatures verified, package-manager locks accepted, GitGuardian clean | Current supply-chain branch: `npm audit` found 0 vulnerabilities; `npm audit signatures` verified 254 registry signatures and 30 attestations; Yarn immutable install accepted the lock after pinning `@types/node@25.7.0` and moving `brace-expansion` to `5.0.6` / `1.1.14`; PR #2005 CI `26106321921` completed 37/37 jobs with 0 failures |
|
||||
| Root suite | `node tests/run-all.js` | 0 failures | PR #2005 CI `26106321921` completed successfully with 37/37 jobs and 0 failures; current branch reruns focused release/package/docs gates before merge |
|
||||
| Markdown lint | `npx markdownlint-cli '**/*.md' --ignore node_modules` | 0 failures | Current release gate: focused lint passed for `publication-readiness.md`, `publication-evidence-2026-05-19.md`, and `docs/ECC-2.0-GA-ROADMAP.md` |
|
||||
| Package surface | `node tests/scripts/npm-publish-surface.test.js` | 0 failures; no Python bytecode in npm tarball | Current release gate: 2/2 passed |
|
||||
| Release surface | `node tests/docs/ecc2-release-surface.test.js` | 0 failures | Current release gate: 27/27 passed after refreshing the discussion-count assertion to the post-PR #2005 baseline |
|
||||
| Optional Rust surface | `cd ecc2 && cargo test` | 0 failures or explicit deferral | `publication-evidence-2026-05-16.md`: 462/462 passed, existing warnings only |
|
||||
| Queue baseline | `node scripts/platform-audit.js --json` across trunk, AgentShield, JARVIS, ECC Tools, and ECC website | Under 20 open PRs and under 20 open issues | Current May 20 baseline after PR #2020: platform audit ready true, 0 open PRs, 0 open issues, 0 discussion gaps, 0 conflicting PRs, and 0 blocking dirty files across tracked repos |
|
||||
| Queue baseline | `node scripts/platform-audit.js --json` across trunk, AgentShield, JARVIS, ECC Tools, and ECC website | Under 20 open PRs and under 20 open issues | Post-PR #2005 baseline: platform audit ready true, 0 open PRs, 0 open issues, 0 conflicting PRs, and 0 blocking dirty files across tracked repos |
|
||||
| Discussion baseline | `node scripts/platform-audit.js --json` and `node scripts/discussion-audit.js --json` | No unmanaged active discussion queue and no answerable Q&A missing an accepted answer | Post-PR #2005 baseline: platform audit sampled 59 trunk discussions, 0 needing maintainer touch, 0 answerable discussions missing accepted answer; `docs/architecture/discussion-response-playbook.md` records response templates and security escalation rules |
|
||||
| Linear roadmap | Linear project and issue readback | Detailed roadmap exists with release, security, AgentShield, ECC Tools, legacy, and observability lanes | May 18 Linear comments include ITO-57 `3fe5b2b7-c4fe-401c-a317-b40d72119cb3` and ITO-44 `fb4a4f33-6c2d-421a-bbdb-63cfad3e3ee4`; earlier evidence records the project and 16 issue lanes |
|
||||
| Operator readiness dashboard | `npm run operator:dashboard -- --json` | Current queue state mapped to macro-goal deliverables and incomplete gaps | Current May 20 dashboard is refreshed from the post-PR #2020 baseline; platform audit ready true, 0 open PRs, 0 open issues, 0 discussion gaps, 0 dirty files, release video suite current, selected-target billing/env-file path mirrored, and publication gates still approval-gated |
|
||||
| Operator readiness dashboard | `npm run operator:dashboard -- --json` | Current queue state mapped to macro-goal deliverables and incomplete gaps | Post-PR #2005 baseline: May 19 dashboard is current; platform audit ready true, 0 open PRs, 0 open issues, 0 discussion gaps, 0 dirty files, release video suite current, and publication gates still approval-gated |
|
||||
| Release URL ledger | `docs/releases/2.0.0-rc.1/release-url-ledger-2026-05-19.md` plus placeholder-marker scan | Live links and approval-gated links are separated before announcement copy is posted | Ledger records public repo/docs/npm/OpenAI Codex documentation URLs and blocks GitHub release/npm/plugin/billing/social URLs until approval-gated checks pass |
|
||||
| Release name and plugin publication checklist | `docs/releases/2.0.0-rc.1/release-name-plugin-publication-checklist-2026-05-18.md` | Name/package/plugin values are frozen, final-release commands are listed, and Claude/Codex publication paths cite current official docs | Checklist keeps `ECC`, `ecc-universal`, and plugin slug `ecc` for rc.1; no npm rename, npm publish, plugin tag, official listing, billing claim, or announcement before final evidence |
|
||||
|
||||
|
||||
@@ -41,7 +41,7 @@ Reasons:
|
||||
| Claude marketplace | `.claude-plugin/marketplace.json` | `claude plugin marketplace add --help`; Anthropic plugin marketplace docs | GitHub repo, git URL, remote marketplace JSON, and local path marketplace sources are supported | Verify post-tag marketplace install/update path after final evidence |
|
||||
| Codex plugin | `ecc@2.0.0-rc.1` | `node tests/plugin-manifest.test.js`; `codex plugin marketplace add --help`; OpenAI Codex plugin docs | Plugin manifest passed 54/54; local and GitHub-ref repo marketplace smokes passed on Codex CLI `0.131.0` | Use repo marketplace for rc.1; do not claim official directory listing until OpenAI publishing path is available |
|
||||
| OpenCode package | `ecc-universal@2.0.0-rc.1` | `node -p "require('./.opencode/package.json').name + '@' + require('./.opencode/package.json').version"` | Matches rc.1 package identity | Follow npm package publication |
|
||||
| Billing claim | ECC Tools selected-target billing evidence ready | ECC Tools billing gate and Marketplace account readback | May 20 selected-target readback and live selected-target announcement gate passed with `announcementGateReady: true`; repeat immediately before announcement | Do not announce native payments until final release/plugin/live URL approvals are green |
|
||||
| Billing claim | Pending ECC Tools readiness | ECC Tools billing gate and Marketplace account readback | Code-side gate exists; live Marketplace account readback still pending | Do not announce native payments |
|
||||
|
||||
## Required Gate
|
||||
|
||||
@@ -66,7 +66,6 @@ npm pack --dry-run --json
|
||||
npm publish --tag next --dry-run
|
||||
npm run build:opencode
|
||||
npm run preview-pack:smoke
|
||||
npm run release:approval-gate -- --format json
|
||||
```
|
||||
|
||||
If a command is unavailable on the release machine, record the exact error and
|
||||
|
||||
@@ -20,8 +20,7 @@ with output from the exact release commit.
|
||||
| May 19 evidence snapshot | <https://github.com/affaan-m/ECC/blob/main/docs/releases/2.0.0-rc.1/publication-evidence-2026-05-19.md> | Current strongest identity, video, growth, and CI readiness evidence |
|
||||
| May 18 evidence snapshot | <https://github.com/affaan-m/ECC/blob/main/docs/releases/2.0.0-rc.1/publication-evidence-2026-05-18.md> | Previous supply-chain and publication-path readiness evidence |
|
||||
| May 18 operator dashboard | <https://github.com/affaan-m/ECC/blob/main/docs/releases/2.0.0-rc.1/operator-readiness-dashboard-2026-05-18.md> | Previous prompt-to-artifact dashboard |
|
||||
| May 19 operator dashboard | <https://github.com/affaan-m/ECC/blob/main/docs/releases/2.0.0-rc.1/operator-readiness-dashboard-2026-05-19.md> | Previous prompt-to-artifact dashboard with hypergrowth, video, and outbound lanes |
|
||||
| May 20 operator dashboard | <https://github.com/affaan-m/ECC/blob/main/docs/releases/2.0.0-rc.1/operator-readiness-dashboard-2026-05-20.md> | Current prompt-to-artifact dashboard with Marketplace Pro release-gate sync |
|
||||
| May 19 operator dashboard | <https://github.com/affaan-m/ECC/blob/main/docs/releases/2.0.0-rc.1/operator-readiness-dashboard-2026-05-19.md> | Current prompt-to-artifact dashboard with hypergrowth, video, and outbound lanes |
|
||||
| npm package page | <https://www.npmjs.com/package/ecc-universal> | `npm view ecc-universal name version dist-tags --json` returned `latest: 1.10.0`; rc.1 is not published yet |
|
||||
| Codex marketplace CLI docs | <https://developers.openai.com/codex/cli/reference#codex-plugin-marketplace> | Official docs list `codex plugin marketplace add` for GitHub shorthand, Git URLs, SSH URLs, and local marketplace roots |
|
||||
| Codex official Plugin Directory status | <https://developers.openai.com/codex/plugins/build#publish-official-public-plugins> | Official docs say public Plugin Directory publishing and self-serve management are coming soon |
|
||||
@@ -34,7 +33,7 @@ with output from the exact release commit.
|
||||
| npm rc package | <https://www.npmjs.com/package/ecc-universal/v/2.0.0-rc.1> | `npm publish --tag next` approval and post-publish `npm view ecc-universal dist-tags --json` |
|
||||
| Claude plugin tag | `claude plugin tag .claude-plugin --dry-run`, then real tag only after approval | Clean release commit and plugin tag/push approval |
|
||||
| Codex repo marketplace install | `codex plugin marketplace add affaan-m/ECC --ref v2.0.0-rc.1` | GitHub tag must exist; official Plugin Directory submission remains separate |
|
||||
| ECC Tools native-payments announcement | ECC Tools Marketplace/App URL plus selected-target billing readiness readback through the operator bearer path | Marketplace-managed selected target returned `announcementGate.ready === true` on 2026-05-20; repeat immediately before publication |
|
||||
| ECC Tools native-payments announcement | ECC Tools Marketplace/App URL plus billing readiness readback | Marketplace-managed test account must return `announcementGate.ready === true` |
|
||||
| Public announcements | X, LinkedIn, GitHub release, and longform URLs | GitHub release, npm, plugin, and billing URLs must resolve first |
|
||||
|
||||
## Pre-Post Check
|
||||
@@ -48,7 +47,6 @@ npm view ecc-universal name version dist-tags --json
|
||||
codex plugin marketplace add --help
|
||||
rg -n "TODO|TBD|PLACEHOLDER" docs/releases/2.0.0-rc.1
|
||||
npm run preview-pack:smoke
|
||||
npm run release:approval-gate -- --format json
|
||||
```
|
||||
|
||||
Do not post the social or notification copy until the approval-gated URLs above
|
||||
|
||||
@@ -133,15 +133,13 @@ Use the same production shape as Video Use while keeping the ECC-specific media
|
||||
stack intact:
|
||||
|
||||
1. Treat transcript and timeline data as the editing surface.
|
||||
2. Keep visual inspection on demand: filmstrips, waveform/timeline composites,
|
||||
or frame samples only at ambiguous cut points.
|
||||
3. Propose the edit strategy and EDL before rendering.
|
||||
2. Inspect filmstrip or frame samples only at ambiguous cut points.
|
||||
3. Keep an edit decision list before rendering.
|
||||
4. Cut deterministically with FFmpeg.
|
||||
5. Add proof overlays with Remotion or Manim where product claims need visual
|
||||
evidence.
|
||||
6. Export the MP4 plus editable timeline and caption state.
|
||||
7. Run cut-boundary, audio, caption, black-frame, and product-claim self-eval
|
||||
before any upload or social post.
|
||||
7. Run self-eval before any upload or social post.
|
||||
|
||||
Do not dump frames into the repo. Frame samples used for self-eval belong in the
|
||||
local release suite workspace.
|
||||
|
||||
@@ -42,30 +42,6 @@ MRR growth should come from four lanes at once:
|
||||
- consulting and implementation contracts;
|
||||
- talks, podcasts, conference demos, and partner webinars that create inbound.
|
||||
|
||||
## Second Hypergrowth Phase
|
||||
|
||||
The release should behave like a proof engine, not a name-change announcement.
|
||||
Every public surface should make the product obvious in the first screen,
|
||||
clip, paragraph, or demo:
|
||||
|
||||
| Workstream | Public proof | Revenue path |
|
||||
| --- | --- | --- |
|
||||
| Product category | ECC as the harness-native operator system, not a Claude-only config pack | Converts confused OSS traffic into install, Pro, and sponsor intent |
|
||||
| Harness coverage | Claude Code, Codex, OpenCode, Cursor, Gemini, Zed, GitHub Copilot, and terminal workflows shown as execution surfaces | Partner conversations with tools, IDEs, model providers, and platform teams |
|
||||
| Control plane | `ecc2/` alpha dashboard/status/session surface and Hermes operator shell clearly framed as directionally live | Consulting and team implementation sprints |
|
||||
| Enterprise trust | AgentShield, supply-chain, release, observability, and CI gates shown as repeatable evidence | Security vendors, code-review vendors, platform sponsors, and enterprise pilots |
|
||||
| Media engine | Primary launch video, five proof clips, browser captures, transcripts, EDLs, captions, and editable timelines | Social reach, podcast/talk booking, sponsor proof, partner demos |
|
||||
| Community funnel | GitHub Discussions, Discord once approved, sponsor tiers, Pro, and consulting CTAs routed without clutter | Repeatable inbound, not one-off launch spikes |
|
||||
|
||||
The operating rhythm after launch should be weekly:
|
||||
|
||||
1. one product proof clip;
|
||||
2. one security or release-discipline proof clip;
|
||||
3. one partner/sponsor/talk outreach batch after owner approval;
|
||||
4. one public discussion or community prompt;
|
||||
5. one measurable funnel readback covering repo traffic, sponsor clicks, Pro
|
||||
conversions, MRR movement, and inbound replies.
|
||||
|
||||
## Release Gates
|
||||
|
||||
| Lane | Done when | Current action |
|
||||
|
||||
@@ -26,9 +26,8 @@ credentials:
|
||||
with historical malicious `node-ipc` versions also blocked by ECC because
|
||||
they carried destructive or unauthorized file-writing behavior.
|
||||
- The live IOC set includes persistence through Claude Code
|
||||
`.claude/settings.json`, VS Code `.vscode/tasks.json`, Zed
|
||||
`.zed/tasks.json`, and OS-level `gh-token-monitor` LaunchAgent/systemd
|
||||
services. Some variants add
|
||||
`.claude/settings.json`, VS Code `.vscode/tasks.json`, and OS-level
|
||||
`gh-token-monitor` LaunchAgent/systemd services. Some variants add
|
||||
`~/.config/gh-token-monitor/token` plus a dead-man-switch token description
|
||||
`IfYouRevokeThisTokenItWillWipeTheComputerOfTheOwner`, malicious workflow
|
||||
files such as `.github/workflows/codeql_analysis.yml`, and Python runtime
|
||||
@@ -180,7 +179,7 @@ Escalate to a maintainer security review before any release or merge if:
|
||||
|
||||
- a dependency lockfile references a package named in an active advisory;
|
||||
- `node scripts/ci/scan-supply-chain-iocs.js --home` finds Claude Code,
|
||||
VS Code, Zed, or OS-level persistence indicators;
|
||||
VS Code, or OS-level persistence indicators;
|
||||
- a workflow combines `pull_request_target` with dependency installation,
|
||||
cache restore/save, PR-head checkout, or write permissions;
|
||||
- a release workflow combines `id-token: write` with shared cache usage;
|
||||
|
||||
@@ -89,7 +89,6 @@
|
||||
"scripts/operator-readiness-dashboard.js",
|
||||
"scripts/platform-audit.js",
|
||||
"scripts/preview-pack-smoke.js",
|
||||
"scripts/release-approval-gate.js",
|
||||
"scripts/release-video-suite.js",
|
||||
"scripts/hooks/",
|
||||
"scripts/install-apply.js",
|
||||
@@ -313,7 +312,6 @@
|
||||
"observability:ready": "node scripts/observability-readiness.js",
|
||||
"operator:dashboard": "node scripts/operator-readiness-dashboard.js",
|
||||
"preview-pack:smoke": "node scripts/preview-pack-smoke.js",
|
||||
"release:approval-gate": "node scripts/release-approval-gate.js",
|
||||
"release:video-suite": "node scripts/release-video-suite.js",
|
||||
"platform:audit": "node scripts/platform-audit.js",
|
||||
"discussion:audit": "node scripts/discussion-audit.js",
|
||||
|
||||
@@ -20,54 +20,15 @@
|
||||
* Each row therefore represents the cumulative session total up to that point.
|
||||
* To get per-session cost, take the last row per session_id. To get per-day
|
||||
* spend, aggregate.
|
||||
*
|
||||
* Harness-cost contract (optional, opt-in by the statusline):
|
||||
* If the user's statusline (which receives `cost.total_cost_usd` directly
|
||||
* from Claude Code) writes `{ts, cost_usd}` to
|
||||
* `<os.tmpdir()>/harness-cost-<session_id>.json` on each render, this hook
|
||||
* prefers that authoritative value over the transcript-sum estimate when
|
||||
* the cache is fresh (≤ 300s). The transcript-sum is kept as a safe
|
||||
* fallback because:
|
||||
* - the hard-coded rate table cannot represent Opus 4.7's >200K-token
|
||||
* 2x tier or the 1h-cache 2x tier (under-counts on long sessions);
|
||||
* - summing the full transcript double-counts work done across
|
||||
* `--resume` boundaries while `cost.total_cost_usd` is per-process.
|
||||
* Absent a writer, behavior is unchanged.
|
||||
*/
|
||||
|
||||
'use strict';
|
||||
|
||||
const fs = require('fs');
|
||||
const os = require('os');
|
||||
const path = require('path');
|
||||
const { ensureDir, appendFile, getClaudeDir } = require('../lib/utils');
|
||||
const { sanitizeSessionId } = require('../lib/session-bridge');
|
||||
|
||||
const HARNESS_COST_MAX_AGE_SECONDS = 300;
|
||||
|
||||
/**
|
||||
* Read authoritative harness cost from the per-session cache file.
|
||||
* @param {string} sessionId
|
||||
* @param {number} maxAgeSeconds
|
||||
* @returns {number|null} cost in USD, or null on miss / stale / parse error
|
||||
*/
|
||||
function readHarnessCost(sessionId, maxAgeSeconds) {
|
||||
if (!sessionId) return null;
|
||||
try {
|
||||
const fp = path.join(os.tmpdir(), `harness-cost-${sessionId}.json`);
|
||||
if (!fs.existsSync(fp)) return null;
|
||||
const obj = JSON.parse(fs.readFileSync(fp, 'utf8'));
|
||||
const ts = Number(obj && obj.ts);
|
||||
const cost = Number(obj && obj.cost_usd);
|
||||
if (!Number.isFinite(ts) || !Number.isFinite(cost) || cost < 0) return null;
|
||||
const age = Math.floor(Date.now() / 1000) - ts;
|
||||
if (age < 0 || age > maxAgeSeconds) return null;
|
||||
return cost;
|
||||
} catch {
|
||||
return null;
|
||||
}
|
||||
}
|
||||
|
||||
// Approximate per-1M-token billing rates (USD).
|
||||
// Cache creation: 1.25x input rate. Cache read: 0.1x input rate.
|
||||
const RATE_TABLE = {
|
||||
@@ -164,23 +125,13 @@ process.stdin.on('end', () => {
|
||||
} = usageTotals || {};
|
||||
|
||||
const rates = getRates(model);
|
||||
const transcriptCostUsd = Math.round((
|
||||
const estimatedCostUsd = Math.round((
|
||||
(inputTokens / 1e6) * rates.in +
|
||||
(outputTokens / 1e6) * rates.out +
|
||||
(cacheWriteTokens / 1e6) * rates.cacheWrite +
|
||||
(cacheReadTokens / 1e6) * rates.cacheRead
|
||||
) * 1e6) / 1e6;
|
||||
|
||||
// Prefer the harness's authoritative `cost.total_cost_usd` when the
|
||||
// statusline has written it to the per-session cache (see contract in
|
||||
// the file header). The harness number reflects API-billed truth
|
||||
// (correct rates, 1h-cache 2x, >200K tier 2x) and is per-process so it
|
||||
// does not drift across `--resume`. Cache miss → transcript-sum.
|
||||
const harnessCost = readHarnessCost(sessionId, HARNESS_COST_MAX_AGE_SECONDS);
|
||||
const estimatedCostUsd = harnessCost !== null
|
||||
? Math.round(harnessCost * 1e6) / 1e6
|
||||
: transcriptCostUsd;
|
||||
|
||||
const metricsDir = path.join(getClaudeDir(), 'metrics');
|
||||
ensureDir(metricsDir);
|
||||
|
||||
|
||||
@@ -342,21 +342,6 @@ function agentShieldEnterpriseEvidence(roadmap) {
|
||||
}
|
||||
|
||||
function eccToolsNextLevelEvidence(roadmap) {
|
||||
if (roadmap.includes('announcementGateReady` is `true')
|
||||
|| roadmap.includes('Native GitHub payments announcement gate is ready')
|
||||
|| roadmap.includes('d3d62df83fa075660fa4530c3e0edc311a4355fe')) {
|
||||
return 'billing announcement gate, selected-target announcement gate, billing gate env-file operator path, non-breaking operator bearer path, hosted analysis lanes, AgentShield fleet-summary consumption, hosted finding evidence paths, harness-route policy linking, policy-promotion Action-output telemetry, operator-visible promotion output details, hosted promotion judge audit traces, billing announcement preflight, aggregate production billing KV readback, Wrangler selected-target readback, target-account billing readback, provenance-aware Marketplace billing-state gates, sanitized Marketplace plan/action provenance counts, ready Marketplace Pro target selection, hosted team-learning feedback controls, and ECC-Tools Dependabot alert remediation are mirrored in the GA roadmap';
|
||||
}
|
||||
|
||||
if (roadmap.includes('selected-target official announcement gate')
|
||||
|| roadmap.includes('billing gate env-file operator path')
|
||||
|| roadmap.includes('72119a1')
|
||||
|| roadmap.includes('16a5bb3')
|
||||
|| roadmap.includes('select-ready-target')
|
||||
|| roadmap.includes('f14ed2fe-a219-470c-8119-63429e197027')) {
|
||||
return 'billing announcement gate, selected-target announcement gate, billing gate env-file operator path, hosted analysis lanes, AgentShield fleet-summary consumption, hosted finding evidence paths, harness-route policy linking, policy-promotion Action-output telemetry, operator-visible promotion output details, hosted promotion judge audit traces, billing announcement preflight, aggregate production billing KV readback, Wrangler OAuth readback, target-account billing readback, provenance-aware Marketplace billing-state gates, sanitized Marketplace plan/action provenance counts, ready Marketplace Pro target selection, hosted team-learning feedback controls, and ECC-Tools Dependabot alert remediation are mirrored in the GA roadmap';
|
||||
}
|
||||
|
||||
if (roadmap.includes('69ca535')
|
||||
|| roadmap.includes('team feedback controls')
|
||||
|| roadmap.includes('e56fc1a')) {
|
||||
@@ -402,22 +387,6 @@ function eccToolsNextLevelEvidence(roadmap) {
|
||||
}
|
||||
|
||||
function eccToolsNextLevelGap(roadmap) {
|
||||
if (roadmap.includes('announcementGateReady` is `true')
|
||||
|| roadmap.includes('Native GitHub payments announcement gate is ready')
|
||||
|| roadmap.includes('d3d62df83fa075660fa4530c3e0edc311a4355fe')) {
|
||||
return 'repeat KV readback and selected-target announcement gate immediately before launch; keep native-payments copy behind the final release, plugin, URL, and owner-approval gates';
|
||||
}
|
||||
|
||||
if (roadmap.includes('selected-target official announcement gate')
|
||||
|| roadmap.includes('billing gate env-file operator path')
|
||||
|| roadmap.includes('72119a1')
|
||||
|| roadmap.includes('16a5bb3')
|
||||
|| roadmap.includes('select-ready-target')
|
||||
|| roadmap.includes('f14ed2fe-a219-470c-8119-63429e197027')
|
||||
|| roadmap.includes('old "no Marketplace-managed Pro target billing-state" blocker is cleared')) {
|
||||
return 'obtain or rotate the local/internal INTERNAL_API_SECRET bearer-token path, via exported env or ignored --env-file, then run the live selected-target billing announcement gate before publishing native-payments copy';
|
||||
}
|
||||
|
||||
if (roadmap.includes('1Password CLI authorization timed out')
|
||||
|| roadmap.includes('Cloudflare API auth returned `Authentication error [code: 10000]`')) {
|
||||
return 'authorize Cloudflare API or 1Password CLI access, configure the target Marketplace Pro account and INTERNAL_API_SECRET, create or replay Marketplace Pro webhook state, then rerun target readback and the live announcement gate';
|
||||
@@ -492,13 +461,9 @@ function hasCurrentLinearProgressSync({ roadmap, progressSync }) {
|
||||
const hasMay19ProgressSurface = roadmap.includes('ecc-may-19-post-pr-2002-sync-64cef8f668e0')
|
||||
&& roadmap.includes('a6411e3a-8c8e-4a58-adba-687e77d4c543')
|
||||
&& roadmap.includes('ITO-56');
|
||||
const hasMay20ReleaseGateSurface = roadmap.includes('467d148a-712a-4777-aad9-95593e9f1739')
|
||||
&& roadmap.includes('7642ee9c-3107-400c-a229-53e2895a8914')
|
||||
&& roadmap.includes('30f60710')
|
||||
&& roadmap.includes('26135974576');
|
||||
|
||||
return roadmap.includes('Linear live sync is current')
|
||||
&& (hasOperatorProgressSurface || hasMay19ProgressSurface || hasMay20ReleaseGateSurface)
|
||||
&& (hasOperatorProgressSurface || hasMay19ProgressSurface)
|
||||
&& includesAll(progressSync, [
|
||||
'node scripts/work-items.js sync-github --repo <owner/repo>',
|
||||
'node scripts/status.js --json',
|
||||
@@ -521,11 +486,6 @@ function linearProgressStatus(context) {
|
||||
|
||||
function linearProgressEvidence(context) {
|
||||
if (hasCurrentLinearProgressSync(context)) {
|
||||
if (context.roadmap.includes('467d148a-712a-4777-aad9-95593e9f1739')
|
||||
&& context.roadmap.includes('7642ee9c-3107-400c-a229-53e2895a8914')) {
|
||||
return 'Linear live sync is current with the May 20 Marketplace Pro release-gate comments on ITO-61 and the ECC platform roadmap; progress-sync contract defines the file-backed work-items/status path';
|
||||
}
|
||||
|
||||
if (context.roadmap.includes('ecc-may-19-post-pr-2002-sync-64cef8f668e0')) {
|
||||
return 'Linear live sync is current with the May 19 post-PR #2002 sync document, project comment, and active issue-lane updates; progress-sync contract defines the file-backed work-items/status path';
|
||||
}
|
||||
@@ -1029,7 +989,7 @@ function buildReport(options) {
|
||||
releaseVideoWorkOrder,
|
||||
'Replace final release, npm, plugin, billing, and video URLs in the partner/sponsor/talk pack, then get explicit approval before outbound.',
|
||||
'Repeat ITO-57 Linear/project status sync after the next significant merge batch or advisory-source refresh.',
|
||||
'Repeat KV readback and the selected-target billing announcement gate immediately before launch; keep native-payments copy behind the final release, plugin, URL, and owner-approval gates.',
|
||||
'Create or verify Marketplace-managed Pro target billing-state with webhook provenance, configure the target account and INTERNAL_API_SECRET, then rerun target readback and the live announcement gate before publishing native-payments copy.',
|
||||
],
|
||||
};
|
||||
}
|
||||
|
||||
@@ -427,7 +427,7 @@ function buildLocalEvidenceChecks(rootDir) {
|
||||
const progressSync = readText(rootDir, 'docs/architecture/progress-sync-contract.md');
|
||||
const supplyChain = readText(rootDir, 'docs/security/supply-chain-incident-response.md');
|
||||
const evidence = readText(rootDir, 'docs/releases/2.0.0-rc.1/publication-evidence-2026-05-19.md');
|
||||
const operatorDashboard = readText(rootDir, 'docs/releases/2.0.0-rc.1/operator-readiness-dashboard-2026-05-20.md');
|
||||
const operatorDashboard = readText(rootDir, 'docs/releases/2.0.0-rc.1/operator-readiness-dashboard-2026-05-19.md');
|
||||
|
||||
return [
|
||||
buildCheck(
|
||||
@@ -472,7 +472,7 @@ function buildLocalEvidenceChecks(rootDir) {
|
||||
),
|
||||
buildCheck(
|
||||
'release-evidence-current',
|
||||
includesAll(evidence, ['Release video suite', 'growth outreach', 'Operator dashboard', 'GitGuardian', 'macOS/Ubuntu/Windows test matrix', '2568 passed']) ? 'pass' : 'fail',
|
||||
includesAll(evidence, ['Release video suite', 'growth outreach', 'Operator dashboard', 'GitGuardian', 'macOS/Ubuntu/Windows test matrix', '2550 passed']) ? 'pass' : 'fail',
|
||||
'rc.1 evidence includes current release, video, growth, and CI artifacts',
|
||||
{ path: 'docs/releases/2.0.0-rc.1/publication-evidence-2026-05-19.md' }
|
||||
),
|
||||
@@ -488,7 +488,7 @@ function buildLocalEvidenceChecks(rootDir) {
|
||||
'Next Work Order',
|
||||
]) ? 'pass' : 'fail',
|
||||
'operator dashboard maps macro-goal requirements to current evidence and open gaps',
|
||||
{ path: 'docs/releases/2.0.0-rc.1/operator-readiness-dashboard-2026-05-20.md' }
|
||||
{ path: 'docs/releases/2.0.0-rc.1/operator-readiness-dashboard-2026-05-19.md' }
|
||||
),
|
||||
];
|
||||
}
|
||||
|
||||
@@ -18,7 +18,6 @@ const REQUIRED_ARTIFACTS = [
|
||||
'docs/architecture/observability-readiness.md',
|
||||
'docs/architecture/progress-sync-contract.md',
|
||||
'scripts/preview-pack-smoke.js',
|
||||
'scripts/release-approval-gate.js',
|
||||
`${RELEASE_DIR}/release-notes.md`,
|
||||
`${RELEASE_DIR}/quickstart.md`,
|
||||
`${RELEASE_DIR}/launch-checklist.md`,
|
||||
@@ -31,7 +30,6 @@ const REQUIRED_ARTIFACTS = [
|
||||
`${RELEASE_DIR}/operator-readiness-dashboard-2026-05-17.md`,
|
||||
`${RELEASE_DIR}/operator-readiness-dashboard-2026-05-18.md`,
|
||||
`${RELEASE_DIR}/operator-readiness-dashboard-2026-05-19.md`,
|
||||
`${RELEASE_DIR}/operator-readiness-dashboard-2026-05-20.md`,
|
||||
`${RELEASE_DIR}/owner-approval-packet-2026-05-19.md`,
|
||||
`${RELEASE_DIR}/release-url-ledger-2026-05-19.md`,
|
||||
`${RELEASE_DIR}/video-suite-production.md`,
|
||||
@@ -49,7 +47,6 @@ const REQUIRED_VERIFICATION_COMMANDS = [
|
||||
'git status --short --branch',
|
||||
'node scripts/platform-audit.js --json',
|
||||
'npm run preview-pack:smoke',
|
||||
'npm run release:approval-gate -- --format json',
|
||||
'npm run release:video-suite -- --format json',
|
||||
'npm run harness:adapters -- --check',
|
||||
'npm run harness:audit -- --format json',
|
||||
|
||||
@@ -1,553 +0,0 @@
|
||||
#!/usr/bin/env node
|
||||
'use strict';
|
||||
|
||||
const crypto = require('crypto');
|
||||
const fs = require('fs');
|
||||
const path = require('path');
|
||||
|
||||
const RELEASE = '2.0.0-rc.1';
|
||||
const RELEASE_DIR = `docs/releases/${RELEASE}`;
|
||||
const SCHEMA_VERSION = 'ecc.release-approval-gate.v1';
|
||||
const SCRIPT_PATH = 'scripts/release-approval-gate.js';
|
||||
const OWNER_PACKET_PATH = `${RELEASE_DIR}/owner-approval-packet-2026-05-19.md`;
|
||||
const URL_LEDGER_PATH = `${RELEASE_DIR}/release-url-ledger-2026-05-19.md`;
|
||||
const PREVIEW_MANIFEST_PATH = `${RELEASE_DIR}/preview-pack-manifest.md`;
|
||||
const REQUIRED_COMMAND = 'npm run release:approval-gate -- --format json';
|
||||
|
||||
const REQUIRED_DECISIONS = [
|
||||
{
|
||||
id: 'github-prerelease',
|
||||
label: 'GitHub prerelease',
|
||||
},
|
||||
{
|
||||
id: 'npm-next-publish',
|
||||
label: 'npm `next` publish',
|
||||
},
|
||||
{
|
||||
id: 'claude-plugin-tag',
|
||||
label: 'Claude plugin tag',
|
||||
},
|
||||
{
|
||||
id: 'codex-repo-marketplace',
|
||||
label: 'Codex repo marketplace',
|
||||
},
|
||||
{
|
||||
id: 'ecc-tools-billing-language',
|
||||
label: 'ECC Tools billing language',
|
||||
},
|
||||
{
|
||||
id: 'video-upload',
|
||||
label: 'Video upload',
|
||||
},
|
||||
{
|
||||
id: 'social-and-longform',
|
||||
label: 'X, LinkedIn, GitHub Discussion, longform',
|
||||
},
|
||||
{
|
||||
id: 'outbound-growth',
|
||||
label: 'Sponsor, partner, consulting, conference, podcast outreach',
|
||||
},
|
||||
];
|
||||
|
||||
const REQUIRED_URL_SURFACES = [
|
||||
{
|
||||
id: 'github-prerelease-url',
|
||||
label: 'GitHub prerelease URL',
|
||||
exampleUrl: 'https://github.com/affaan-m/ECC/releases/tag/v2.0.0-rc.1',
|
||||
},
|
||||
{
|
||||
id: 'npm-rc-package-url',
|
||||
label: 'npm rc package URL',
|
||||
exampleUrl: 'https://www.npmjs.com/package/ecc-universal/v/2.0.0-rc.1',
|
||||
},
|
||||
{
|
||||
id: 'claude-plugin-tag-url',
|
||||
label: 'Claude plugin tag URL',
|
||||
exampleUrl: 'https://github.com/affaan-m/ECC/releases/tag/ecc--v2.0.0-rc.1',
|
||||
},
|
||||
{
|
||||
id: 'codex-repo-marketplace-evidence',
|
||||
label: 'Codex repo-marketplace evidence',
|
||||
exampleUrl: 'https://github.com/affaan-m/ECC/tree/v2.0.0-rc.1/.codex-plugin',
|
||||
},
|
||||
{
|
||||
id: 'primary-launch-video-url',
|
||||
label: 'Primary launch video URL',
|
||||
exampleUrl: 'https://x.com/affaanmustafa/status/0000000000000000000',
|
||||
},
|
||||
{
|
||||
id: 'short-clip-urls',
|
||||
label: 'Short clip URLs',
|
||||
exampleUrl: 'https://x.com/affaanmustafa/status/0000000000000000001',
|
||||
},
|
||||
{
|
||||
id: 'ecc-tools-billing-readiness-url',
|
||||
label: 'ECC Tools billing/readiness URL',
|
||||
exampleUrl: 'https://github.com/ECC-Tools',
|
||||
},
|
||||
];
|
||||
|
||||
const ANNOUNCEMENT_FILES = [
|
||||
`${RELEASE_DIR}/release-notes.md`,
|
||||
`${RELEASE_DIR}/x-thread.md`,
|
||||
`${RELEASE_DIR}/linkedin-post.md`,
|
||||
`${RELEASE_DIR}/article-outline.md`,
|
||||
`${RELEASE_DIR}/partner-sponsor-talks-pack.md`,
|
||||
'docs/business/social-launch-copy.md',
|
||||
];
|
||||
|
||||
function usage() {
|
||||
console.log([
|
||||
'Usage: node scripts/release-approval-gate.js [--format <text|json>] [--root <dir>]',
|
||||
'',
|
||||
'Final approval gate for ECC 2.0 rc.1 publication and outbound actions.',
|
||||
'',
|
||||
'Options:',
|
||||
' --format <text|json> Output format (default: text)',
|
||||
' --json Alias for --format json',
|
||||
' --root <dir> Repository root to inspect (default: cwd)',
|
||||
' --help, -h Show this help',
|
||||
].join('\n'));
|
||||
}
|
||||
|
||||
function readArgValue(args, index, flagName) {
|
||||
const value = args[index + 1];
|
||||
if (!value || value.startsWith('--')) {
|
||||
throw new Error(`${flagName} requires a value`);
|
||||
}
|
||||
return value;
|
||||
}
|
||||
|
||||
function parseArgs(argv) {
|
||||
const args = argv.slice(2);
|
||||
const parsed = {
|
||||
format: 'text',
|
||||
help: false,
|
||||
root: path.resolve(process.cwd()),
|
||||
};
|
||||
|
||||
for (let index = 0; index < args.length; index += 1) {
|
||||
const arg = args[index];
|
||||
|
||||
if (arg === '--help' || arg === '-h') {
|
||||
parsed.help = true;
|
||||
continue;
|
||||
}
|
||||
|
||||
if (arg === '--json') {
|
||||
parsed.format = 'json';
|
||||
continue;
|
||||
}
|
||||
|
||||
if (arg === '--format') {
|
||||
parsed.format = readArgValue(args, index, arg).toLowerCase();
|
||||
index += 1;
|
||||
continue;
|
||||
}
|
||||
|
||||
if (arg.startsWith('--format=')) {
|
||||
parsed.format = arg.slice('--format='.length).toLowerCase();
|
||||
continue;
|
||||
}
|
||||
|
||||
if (arg === '--root') {
|
||||
parsed.root = path.resolve(readArgValue(args, index, arg));
|
||||
index += 1;
|
||||
continue;
|
||||
}
|
||||
|
||||
if (arg.startsWith('--root=')) {
|
||||
parsed.root = path.resolve(arg.slice('--root='.length));
|
||||
continue;
|
||||
}
|
||||
|
||||
throw new Error(`Unknown argument: ${arg}`);
|
||||
}
|
||||
|
||||
if (!['text', 'json'].includes(parsed.format)) {
|
||||
throw new Error(`Invalid format: ${parsed.format}. Use text or json.`);
|
||||
}
|
||||
|
||||
return parsed;
|
||||
}
|
||||
|
||||
function readText(rootDir, relativePath) {
|
||||
try {
|
||||
return fs.readFileSync(path.join(rootDir, relativePath), 'utf8');
|
||||
} catch (_error) {
|
||||
return '';
|
||||
}
|
||||
}
|
||||
|
||||
function fileExists(rootDir, relativePath) {
|
||||
return fs.existsSync(path.join(rootDir, relativePath));
|
||||
}
|
||||
|
||||
function safeParseJson(text) {
|
||||
if (!text.trim()) {
|
||||
return null;
|
||||
}
|
||||
|
||||
try {
|
||||
return JSON.parse(text);
|
||||
} catch (_error) {
|
||||
return null;
|
||||
}
|
||||
}
|
||||
|
||||
function normalizeLabel(value) {
|
||||
return String(value)
|
||||
.replace(/[`*_]/g, '')
|
||||
.replace(/\s+/g, ' ')
|
||||
.trim()
|
||||
.toLowerCase();
|
||||
}
|
||||
|
||||
function normalizeState(value) {
|
||||
return String(value)
|
||||
.replace(/[`*_]/g, '')
|
||||
.replace(/\s+/g, ' ')
|
||||
.trim()
|
||||
.toLowerCase();
|
||||
}
|
||||
|
||||
function splitMarkdownRow(row) {
|
||||
const trimmed = row.trim();
|
||||
if (!trimmed.startsWith('|') || !trimmed.endsWith('|')) {
|
||||
return [];
|
||||
}
|
||||
|
||||
return trimmed
|
||||
.slice(1, -1)
|
||||
.split('|')
|
||||
.map(cell => cell.trim());
|
||||
}
|
||||
|
||||
function parseDecisionRegister(packet) {
|
||||
const decisions = new Map();
|
||||
|
||||
for (const line of packet.split('\n')) {
|
||||
const cells = splitMarkdownRow(line);
|
||||
if (cells.length < 4) {
|
||||
continue;
|
||||
}
|
||||
|
||||
const [decision, state] = cells;
|
||||
const normalizedDecision = normalizeLabel(decision);
|
||||
if (
|
||||
!normalizedDecision
|
||||
|| normalizedDecision === 'decision'
|
||||
|| /^-+$/.test(normalizedDecision)
|
||||
) {
|
||||
continue;
|
||||
}
|
||||
|
||||
decisions.set(normalizedDecision, normalizeState(state));
|
||||
}
|
||||
|
||||
return decisions;
|
||||
}
|
||||
|
||||
function isApproved(state) {
|
||||
return state === 'approve' || state === 'approved';
|
||||
}
|
||||
|
||||
function lineNumberForIndex(text, index) {
|
||||
return text.slice(0, index).split('\n').length;
|
||||
}
|
||||
|
||||
function findAnnouncementOffenders(rootDir, relativePaths) {
|
||||
const offenders = [];
|
||||
const privatePathPattern = /\/Users\/(?!\.\.\.)[A-Za-z0-9._-]+|\/home\/(?!user|runner)[A-Za-z0-9._-]+/g;
|
||||
const anglePlaceholderPattern = /<(?!(?:https?:\/\/|mailto:|#))[^>\n]*(?:url|link|todo|tbd|placeholder)[^>\n]*>/gi;
|
||||
const barePlaceholderPattern = /\bTODO\b|\bTBD\b|\bPLACEHOLDER\b/g;
|
||||
|
||||
for (const relativePath of relativePaths) {
|
||||
const text = readText(rootDir, relativePath);
|
||||
if (!text) {
|
||||
offenders.push({
|
||||
path: relativePath,
|
||||
line: 1,
|
||||
marker: 'missing file',
|
||||
});
|
||||
continue;
|
||||
}
|
||||
|
||||
for (const match of text.matchAll(privatePathPattern)) {
|
||||
offenders.push({
|
||||
path: relativePath,
|
||||
line: lineNumberForIndex(text, match.index),
|
||||
marker: match[0],
|
||||
});
|
||||
}
|
||||
|
||||
for (const match of text.matchAll(anglePlaceholderPattern)) {
|
||||
offenders.push({
|
||||
path: relativePath,
|
||||
line: lineNumberForIndex(text, match.index),
|
||||
marker: match[0],
|
||||
});
|
||||
}
|
||||
|
||||
for (const match of text.matchAll(barePlaceholderPattern)) {
|
||||
offenders.push({
|
||||
path: relativePath,
|
||||
line: lineNumberForIndex(text, match.index),
|
||||
marker: match[0],
|
||||
});
|
||||
}
|
||||
}
|
||||
|
||||
return offenders;
|
||||
}
|
||||
|
||||
function ledgerBlockers(ledger) {
|
||||
const blockers = [];
|
||||
|
||||
if (/^##\s+Approval-Gated URLs\s*$/im.test(ledger)) {
|
||||
blockers.push('approval-gated URL section still present');
|
||||
}
|
||||
|
||||
for (const [pattern, label] of [
|
||||
[/not published yet/i, 'not-published marker still present'],
|
||||
[/must return/i, 'must-return readback marker still present'],
|
||||
[/Gate before use/i, 'gate-before-use column still present'],
|
||||
[/\bpending\b/i, 'pending marker still present'],
|
||||
[/\bblocked\b/i, 'blocked marker still present'],
|
||||
]) {
|
||||
if (pattern.test(ledger)) {
|
||||
blockers.push(label);
|
||||
}
|
||||
}
|
||||
|
||||
return blockers;
|
||||
}
|
||||
|
||||
function makeCheck(id, status, evidence, fix) {
|
||||
return {
|
||||
id,
|
||||
status,
|
||||
evidence,
|
||||
fix: status === 'pass' ? '' : fix,
|
||||
};
|
||||
}
|
||||
|
||||
function topActionsForChecks(checks) {
|
||||
const actions = [];
|
||||
const failedIds = new Set(checks.filter(check => check.status !== 'pass').map(check => check.id));
|
||||
|
||||
if (failedIds.has('release-approval-script-registered')) {
|
||||
actions.push('Wire release:approval-gate into package.json, package files, and the preview-pack manifest.');
|
||||
}
|
||||
|
||||
if (failedIds.has('owner-decisions-approved')) {
|
||||
actions.push('Approve, defer, or block each owner decision row explicitly after final evidence is rerun from the release commit.');
|
||||
}
|
||||
|
||||
if (failedIds.has('release-url-ledger-finalized')) {
|
||||
actions.push('Replace approval-gated URL ledger rows with live readback URLs from the approved release, package, plugin, video, and billing surfaces.');
|
||||
}
|
||||
|
||||
if (failedIds.has('final-evidence-command-listed')) {
|
||||
actions.push('Add release:approval-gate to the final evidence command lists before asking for publication approval.');
|
||||
}
|
||||
|
||||
if (failedIds.has('announcement-copy-finalized')) {
|
||||
actions.push('Remove unresolved placeholders and private local paths from launch, social, and outbound copy.');
|
||||
}
|
||||
|
||||
if (failedIds.has('public-action-guard-present')) {
|
||||
actions.push('Restore the explicit no-outbound/no-publish authorization boundary in the owner packet.');
|
||||
}
|
||||
|
||||
return actions;
|
||||
}
|
||||
|
||||
function buildReport(options = {}) {
|
||||
const rootDir = path.resolve(options.root || process.cwd());
|
||||
const packageJson = safeParseJson(readText(rootDir, 'package.json')) || {};
|
||||
const packageScripts = packageJson.scripts || {};
|
||||
const packageFiles = Array.isArray(packageJson.files) ? packageJson.files : [];
|
||||
const ownerPacket = readText(rootDir, OWNER_PACKET_PATH);
|
||||
const ledger = readText(rootDir, URL_LEDGER_PATH);
|
||||
const manifest = readText(rootDir, PREVIEW_MANIFEST_PATH);
|
||||
const decisions = parseDecisionRegister(ownerPacket);
|
||||
|
||||
const missingDecisions = [];
|
||||
const unapprovedDecisions = [];
|
||||
for (const decision of REQUIRED_DECISIONS) {
|
||||
const state = decisions.get(normalizeLabel(decision.label));
|
||||
if (!state) {
|
||||
missingDecisions.push(decision.label);
|
||||
} else if (!isApproved(state)) {
|
||||
unapprovedDecisions.push(`${decision.label}=${state}`);
|
||||
}
|
||||
}
|
||||
|
||||
const missingUrlSurfaces = REQUIRED_URL_SURFACES
|
||||
.filter(surface => !ledger.includes(surface.label))
|
||||
.map(surface => surface.label);
|
||||
const urlBlockers = ledgerBlockers(ledger);
|
||||
const announcementOffenders = findAnnouncementOffenders(rootDir, ANNOUNCEMENT_FILES);
|
||||
const commandListedIn = [
|
||||
ownerPacket.includes(REQUIRED_COMMAND) ? OWNER_PACKET_PATH : '',
|
||||
ledger.includes(REQUIRED_COMMAND) ? URL_LEDGER_PATH : '',
|
||||
manifest.includes(REQUIRED_COMMAND) ? PREVIEW_MANIFEST_PATH : '',
|
||||
].filter(Boolean);
|
||||
|
||||
const checks = [
|
||||
makeCheck(
|
||||
'release-approval-script-registered',
|
||||
packageScripts['release:approval-gate'] === `node ${SCRIPT_PATH}`
|
||||
&& packageFiles.includes(SCRIPT_PATH)
|
||||
&& fileExists(rootDir, SCRIPT_PATH)
|
||||
&& manifest.includes(`\`${SCRIPT_PATH}\``)
|
||||
&& manifest.includes(REQUIRED_COMMAND)
|
||||
? 'pass'
|
||||
: 'fail',
|
||||
'package script, npm package file entry, local script, and preview-pack manifest reference',
|
||||
'Add release:approval-gate to package scripts, package files, and preview-pack-manifest.md.'
|
||||
),
|
||||
makeCheck(
|
||||
'owner-decisions-approved',
|
||||
missingDecisions.length === 0 && unapprovedDecisions.length === 0 ? 'pass' : 'fail',
|
||||
missingDecisions.length === 0 && unapprovedDecisions.length === 0
|
||||
? `${REQUIRED_DECISIONS.length} owner decision rows are approved`
|
||||
: `missing decisions: ${missingDecisions.join(', ') || 'none'}; pending decisions: ${unapprovedDecisions.join(', ') || 'none'}`,
|
||||
'Set every required owner decision row to approve only after the final release evidence has been rerun.'
|
||||
),
|
||||
makeCheck(
|
||||
'release-url-ledger-finalized',
|
||||
ledger
|
||||
&& missingUrlSurfaces.length === 0
|
||||
&& urlBlockers.length === 0
|
||||
? 'pass'
|
||||
: 'fail',
|
||||
ledger && missingUrlSurfaces.length === 0 && urlBlockers.length === 0
|
||||
? `${REQUIRED_URL_SURFACES.length} final URL surfaces are recorded without approval-gated blockers`
|
||||
: `missing URL surfaces: ${missingUrlSurfaces.join(', ') || 'none'}; blockers: ${urlBlockers.join(', ') || 'none'}`,
|
||||
'Regenerate the release URL ledger after the approved publication actions and record live readback URLs.'
|
||||
),
|
||||
makeCheck(
|
||||
'final-evidence-command-listed',
|
||||
commandListedIn.length === 3 ? 'pass' : 'fail',
|
||||
commandListedIn.length === 3
|
||||
? `${REQUIRED_COMMAND} is listed in owner packet, URL ledger, and preview manifest`
|
||||
: `${REQUIRED_COMMAND} listed in: ${commandListedIn.join(', ') || 'none'}`,
|
||||
'List release:approval-gate in every final evidence command block.'
|
||||
),
|
||||
makeCheck(
|
||||
'announcement-copy-finalized',
|
||||
announcementOffenders.length === 0 ? 'pass' : 'fail',
|
||||
announcementOffenders.length === 0
|
||||
? `${ANNOUNCEMENT_FILES.length} launch/outbound copy files have no placeholders or private paths`
|
||||
: `offenders: ${announcementOffenders.map(item => `${item.path}:${item.line}`).join(', ')}`,
|
||||
'Replace placeholders with live URLs and remove private local paths from launch/outbound copy.'
|
||||
),
|
||||
makeCheck(
|
||||
'public-action-guard-present',
|
||||
ownerPacket.includes(
|
||||
'No outbound email, personal-account post, package publish, plugin tag, or billing announcement is authorized by this packet alone.'
|
||||
)
|
||||
? 'pass'
|
||||
: 'fail',
|
||||
'owner packet preserves the explicit no-public-action authorization boundary',
|
||||
'Restore the owner-packet sentence that blocks outbound, posts, package publish, plugin tags, and billing announcements.'
|
||||
),
|
||||
];
|
||||
|
||||
const failed = checks.filter(check => check.status !== 'pass');
|
||||
const digest = crypto
|
||||
.createHash('sha256')
|
||||
.update(JSON.stringify(checks.map(check => [check.id, check.status, check.evidence])))
|
||||
.digest('hex')
|
||||
.slice(0, 12);
|
||||
|
||||
return {
|
||||
schema_version: SCHEMA_VERSION,
|
||||
release: RELEASE,
|
||||
ready: failed.length === 0,
|
||||
digest,
|
||||
summary: {
|
||||
passed: checks.length - failed.length,
|
||||
failed: failed.length,
|
||||
total: checks.length,
|
||||
},
|
||||
top_actions: topActionsForChecks(checks),
|
||||
checks,
|
||||
};
|
||||
}
|
||||
|
||||
function renderText(report) {
|
||||
const lines = [
|
||||
'ECC release approval gate',
|
||||
`Release: ${report.release}`,
|
||||
`Ready: ${report.ready ? 'yes' : 'no'}`,
|
||||
`Digest: ${report.digest}`,
|
||||
'',
|
||||
'Checks:',
|
||||
];
|
||||
|
||||
for (const check of report.checks) {
|
||||
lines.push(`- ${check.status} ${check.id}: ${check.evidence}`);
|
||||
if (check.fix) {
|
||||
lines.push(` fix: ${check.fix}`);
|
||||
}
|
||||
}
|
||||
|
||||
if (report.top_actions.length > 0) {
|
||||
lines.push('');
|
||||
lines.push('Top actions:');
|
||||
for (const action of report.top_actions) {
|
||||
lines.push(`- ${action}`);
|
||||
}
|
||||
}
|
||||
|
||||
lines.push('');
|
||||
lines.push(`Passed: ${report.summary.passed}`);
|
||||
lines.push(`Failed: ${report.summary.failed}`);
|
||||
|
||||
return `${lines.join('\n')}\n`;
|
||||
}
|
||||
|
||||
function main() {
|
||||
let parsed;
|
||||
|
||||
try {
|
||||
parsed = parseArgs(process.argv);
|
||||
} catch (error) {
|
||||
console.error(`Error: ${error.message}`);
|
||||
process.exit(1);
|
||||
}
|
||||
|
||||
if (parsed.help) {
|
||||
usage();
|
||||
return;
|
||||
}
|
||||
|
||||
const report = buildReport({ root: parsed.root });
|
||||
|
||||
if (parsed.format === 'json') {
|
||||
console.log(JSON.stringify(report, null, 2));
|
||||
} else {
|
||||
process.stdout.write(renderText(report));
|
||||
}
|
||||
|
||||
if (!report.ready) {
|
||||
process.exit(2);
|
||||
}
|
||||
}
|
||||
|
||||
if (require.main === module) {
|
||||
main();
|
||||
}
|
||||
|
||||
module.exports = {
|
||||
ANNOUNCEMENT_FILES,
|
||||
REQUIRED_COMMAND,
|
||||
REQUIRED_DECISIONS,
|
||||
REQUIRED_URL_SURFACES,
|
||||
buildReport,
|
||||
parseArgs,
|
||||
renderText,
|
||||
};
|
||||
@@ -177,7 +177,6 @@ test('preview pack manifest assembles release, Hermes, and publication gates', (
|
||||
'skills/hermes-imports/SKILL.md',
|
||||
'docs/architecture/harness-adapter-compliance.md',
|
||||
'scripts/preview-pack-smoke.js',
|
||||
'scripts/release-approval-gate.js',
|
||||
'docs/releases/2.0.0-rc.1/publication-readiness.md',
|
||||
'docs/releases/2.0.0-rc.1/naming-and-publication-matrix.md',
|
||||
'docs/releases/2.0.0-rc.1/release-url-ledger-2026-05-19.md',
|
||||
@@ -202,7 +201,6 @@ test('preview pack manifest assembles release, Hermes, and publication gates', (
|
||||
assert.ok(manifest.includes('no raw workspace exports'));
|
||||
assert.ok(manifest.includes('Final Verification Commands'));
|
||||
assert.ok(manifest.includes('npm run preview-pack:smoke'));
|
||||
assert.ok(manifest.includes('npm run release:approval-gate -- --format json'));
|
||||
assert.ok(manifest.includes('npm run release:video-suite -- --format json'));
|
||||
assert.ok(manifest.includes('Reference-Inspired Adapter Direction'));
|
||||
});
|
||||
@@ -231,7 +229,6 @@ test('owner approval packet consolidates the final gated decisions', () => {
|
||||
for (const command of [
|
||||
'node scripts/platform-audit.js --json',
|
||||
'npm run preview-pack:smoke -- --format json',
|
||||
'npm run release:approval-gate -- --format json',
|
||||
'npm run release:video-suite -- --format json',
|
||||
'node tests/run-all.js',
|
||||
]) {
|
||||
@@ -258,19 +255,12 @@ test('GA roadmap mirrors the current May 19 release evidence', () => {
|
||||
|
||||
for (const marker of [
|
||||
'owner-approval-packet-2026-05-19.md',
|
||||
'preview-pack smoke digest `eebb8a66c33e`',
|
||||
'local 2568-test suite',
|
||||
'preview-pack smoke digest `790430aef4a8`',
|
||||
'local 2550-test suite',
|
||||
'PR #2001',
|
||||
'GitHub Actions run `26102500291`',
|
||||
'PR #2002',
|
||||
'GitHub Actions run `26103853507`',
|
||||
'PR #2009',
|
||||
'GitHub Actions run `26111313938`',
|
||||
'PR #2019',
|
||||
'30f60710',
|
||||
'26135974576',
|
||||
'467d148a-712a-4777-aad9-95593e9f1739',
|
||||
'7642ee9c-3107-400c-a229-53e2895a8914',
|
||||
'ecc-may-19-post-pr-2002-sync-64cef8f668e0',
|
||||
'owner approval packet',
|
||||
]) {
|
||||
@@ -278,7 +268,6 @@ test('GA roadmap mirrors the current May 19 release evidence', () => {
|
||||
}
|
||||
|
||||
assert.ok(!roadmap.includes('preview-pack smoke digest `bc2bf157616e`'));
|
||||
assert.ok(!roadmap.includes('preview-pack smoke digest `531328aaaa53`'));
|
||||
assert.ok(!roadmap.includes('local 2544-test suite'));
|
||||
});
|
||||
|
||||
@@ -353,31 +342,6 @@ test('release video suite manifest gates the content launch lane', () => {
|
||||
assert.ok(packageJson.files.includes('scripts/release-video-suite.js'));
|
||||
});
|
||||
|
||||
test('release approval gate blocks publication until owner decisions and URLs are final', () => {
|
||||
const manifest = read('docs/releases/2.0.0-rc.1/preview-pack-manifest.md');
|
||||
const packet = read('docs/releases/2.0.0-rc.1/owner-approval-packet-2026-05-19.md');
|
||||
const ledger = read('docs/releases/2.0.0-rc.1/release-url-ledger-2026-05-19.md');
|
||||
const script = read('scripts/release-approval-gate.js');
|
||||
const packageJson = JSON.parse(read('package.json'));
|
||||
|
||||
for (const marker of [
|
||||
'ecc.release-approval-gate.v1',
|
||||
'owner-decisions-approved',
|
||||
'release-url-ledger-finalized',
|
||||
'announcement-copy-finalized',
|
||||
'No outbound email, personal-account post, package publish, plugin tag, or billing announcement',
|
||||
]) {
|
||||
assert.ok(script.includes(marker), `release approval gate missing ${marker}`);
|
||||
}
|
||||
|
||||
assert.ok(manifest.includes('scripts/release-approval-gate.js'));
|
||||
assert.ok(manifest.includes('npm run release:approval-gate -- --format json'));
|
||||
assert.ok(packet.includes('npm run release:approval-gate -- --format json'));
|
||||
assert.ok(ledger.includes('npm run release:approval-gate -- --format json'));
|
||||
assert.strictEqual(packageJson.scripts['release:approval-gate'], 'node scripts/release-approval-gate.js');
|
||||
assert.ok(packageJson.files.includes('scripts/release-approval-gate.js'));
|
||||
});
|
||||
|
||||
test('partner sponsor talks pack gates the hypergrowth outbound lane', () => {
|
||||
const partnerPack = read('docs/releases/2.0.0-rc.1/partner-sponsor-talks-pack.md');
|
||||
const manifest = read('docs/releases/2.0.0-rc.1/preview-pack-manifest.md');
|
||||
@@ -493,8 +457,7 @@ test('publication readiness checklist gates public release actions on evidence',
|
||||
assert.ok(may15Evidence.includes('codex plugin marketplace add <local-checkout>'));
|
||||
assert.ok(may15Evidence.includes('Plugin Directory publishing is still blocked'));
|
||||
assert.ok(may15Evidence.includes('announcementGate.ready === true'));
|
||||
assert.ok(source.includes('ECC-Tools #92 main CI'));
|
||||
assert.ok(source.includes('ECC-Tools #93 main CI'));
|
||||
assert.ok(source.includes('ECC-Tools #73 added announcementGate'));
|
||||
assert.ok(source.includes('do not claim official Plugin Directory listing before OpenAI submission evidence'));
|
||||
assert.ok(source.includes('release-name-plugin-publication-checklist-2026-05-18.md'));
|
||||
assert.ok(source.includes('Release name and plugin publication checklist'));
|
||||
@@ -545,7 +508,6 @@ test('release name and plugin publication checklist freezes rc.1 surfaces', () =
|
||||
'codex plugin marketplace add --help',
|
||||
'npm publish --tag next --dry-run',
|
||||
'npm run preview-pack:smoke',
|
||||
'npm run release:approval-gate -- --format json',
|
||||
]) {
|
||||
assert.ok(checklist.includes(command), `release name/plugin checklist missing command ${command}`);
|
||||
}
|
||||
|
||||
@@ -215,93 +215,6 @@ function runTests() {
|
||||
fs.rmSync(tmpHome, { recursive: true, force: true });
|
||||
}) ? passed++ : failed++);
|
||||
|
||||
// 8. Prefers harness-cost cache value over transcript-sum when fresh
|
||||
(test('prefers fresh harness-cost cache over transcript estimate', () => {
|
||||
const tmpHome = makeTempDir();
|
||||
const sessionId = 'harness-fresh-' + Date.now();
|
||||
const transcriptPath = path.join(tmpHome, 'session.jsonl');
|
||||
writeTranscript(transcriptPath, [
|
||||
{
|
||||
type: 'assistant',
|
||||
message: {
|
||||
model: 'claude-opus-4-20250514',
|
||||
usage: {
|
||||
input_tokens: 10000,
|
||||
output_tokens: 5000,
|
||||
cache_creation_input_tokens: 200000,
|
||||
cache_read_input_tokens: 1000000,
|
||||
},
|
||||
},
|
||||
},
|
||||
]);
|
||||
const harnessCachePath = path.join(os.tmpdir(), `harness-cost-${sessionId}.json`);
|
||||
const nowEpoch = Math.floor(Date.now() / 1000);
|
||||
fs.writeFileSync(
|
||||
harnessCachePath,
|
||||
JSON.stringify({ ts: nowEpoch, cost_usd: 1.23 }),
|
||||
'utf8'
|
||||
);
|
||||
|
||||
try {
|
||||
const result = runScript(
|
||||
{ session_id: sessionId, transcript_path: transcriptPath },
|
||||
withTempHome(tmpHome)
|
||||
);
|
||||
assert.strictEqual(result.code, 0, `Expected exit code 0, got ${result.code}`);
|
||||
|
||||
const metricsFile = path.join(tmpHome, '.claude', 'metrics', 'costs.jsonl');
|
||||
const row = JSON.parse(fs.readFileSync(metricsFile, 'utf8').trim());
|
||||
assert.strictEqual(row.estimated_cost_usd, 1.23, 'Expected harness cost to win');
|
||||
// Token totals still reflect the transcript scan
|
||||
assert.strictEqual(row.input_tokens, 10000, 'Token totals should still come from transcript');
|
||||
assert.strictEqual(row.output_tokens, 5000, 'Token totals should still come from transcript');
|
||||
} finally {
|
||||
try { fs.unlinkSync(harnessCachePath); } catch { /* best-effort */ }
|
||||
fs.rmSync(tmpHome, { recursive: true, force: true });
|
||||
}
|
||||
}) ? passed++ : failed++);
|
||||
|
||||
// 9. Ignores stale harness-cost cache and falls back to transcript estimate
|
||||
(test('ignores stale harness-cost cache (>300s) and uses transcript estimate', () => {
|
||||
const tmpHome = makeTempDir();
|
||||
const sessionId = 'harness-stale-' + Date.now();
|
||||
const transcriptPath = path.join(tmpHome, 'session.jsonl');
|
||||
writeTranscript(transcriptPath, [
|
||||
{
|
||||
type: 'assistant',
|
||||
message: {
|
||||
model: 'claude-sonnet-4-20250514',
|
||||
usage: { input_tokens: 1000, output_tokens: 500 },
|
||||
},
|
||||
},
|
||||
]);
|
||||
const harnessCachePath = path.join(os.tmpdir(), `harness-cost-${sessionId}.json`);
|
||||
const staleEpoch = Math.floor(Date.now() / 1000) - 3600;
|
||||
fs.writeFileSync(
|
||||
harnessCachePath,
|
||||
JSON.stringify({ ts: staleEpoch, cost_usd: 999.99 }),
|
||||
'utf8'
|
||||
);
|
||||
|
||||
try {
|
||||
const result = runScript(
|
||||
{ session_id: sessionId, transcript_path: transcriptPath },
|
||||
withTempHome(tmpHome)
|
||||
);
|
||||
assert.strictEqual(result.code, 0, `Expected exit code 0, got ${result.code}`);
|
||||
|
||||
const metricsFile = path.join(tmpHome, '.claude', 'metrics', 'costs.jsonl');
|
||||
const row = JSON.parse(fs.readFileSync(metricsFile, 'utf8').trim());
|
||||
assert.notStrictEqual(row.estimated_cost_usd, 999.99, 'Stale cache must not win');
|
||||
assert.ok(row.estimated_cost_usd > 0, 'Expected fallback transcript estimate to be positive');
|
||||
// Sonnet rates: 1000/1e6*3 + 500/1e6*15 ≈ $0.011 — well below the 999.99 stale value
|
||||
assert.ok(row.estimated_cost_usd < 1, 'Expected small transcript estimate, not the stale 999.99');
|
||||
} finally {
|
||||
try { fs.unlinkSync(harnessCachePath); } catch { /* best-effort */ }
|
||||
fs.rmSync(tmpHome, { recursive: true, force: true });
|
||||
}
|
||||
}) ? passed++ : failed++);
|
||||
|
||||
console.log(`\nResults: Passed: ${passed}, Failed: ${failed}`);
|
||||
process.exit(failed > 0 ? 1 : 0);
|
||||
}
|
||||
|
||||
@@ -60,7 +60,6 @@ function buildExpectedPublishPaths(repoRoot) {
|
||||
"scripts/operator-readiness-dashboard.js",
|
||||
"scripts/platform-audit.js",
|
||||
"scripts/preview-pack-smoke.js",
|
||||
"scripts/release-approval-gate.js",
|
||||
"scripts/release-video-suite.js",
|
||||
"scripts/skill-create-output.js",
|
||||
"scripts/repair.js",
|
||||
@@ -133,7 +132,6 @@ function main() {
|
||||
"scripts/discussion-audit.js",
|
||||
"scripts/operator-readiness-dashboard.js",
|
||||
"scripts/preview-pack-smoke.js",
|
||||
"scripts/release-approval-gate.js",
|
||||
"scripts/release-video-suite.js",
|
||||
"scripts/work-items.js",
|
||||
"scripts/platform-audit.js",
|
||||
|
||||
@@ -77,20 +77,6 @@ function seedRepo(rootDir, overrides = {}) {
|
||||
'42653f9',
|
||||
'target account billing readback',
|
||||
'632e059',
|
||||
'select-ready-target',
|
||||
'selected-target official announcement gate',
|
||||
'billing gate env-file operator path',
|
||||
'non-breaking operator bearer path',
|
||||
'announcementGateReady` is `true',
|
||||
'd3d62df83fa075660fa4530c3e0edc311a4355fe',
|
||||
'72119a1',
|
||||
'16a5bb3',
|
||||
'f14ed2fe-a219-470c-8119-63429e197027',
|
||||
'old "no Marketplace-managed Pro target billing-state" blocker is cleared',
|
||||
'30f60710',
|
||||
'26135974576',
|
||||
'467d148a-712a-4777-aad9-95593e9f1739',
|
||||
'7642ee9c-3107-400c-a229-53e2895a8914',
|
||||
'69ca535',
|
||||
'team feedback controls',
|
||||
'e56fc1a',
|
||||
@@ -154,18 +140,6 @@ function seedRepo(rootDir, overrides = {}) {
|
||||
'PR queue',
|
||||
'Not complete'
|
||||
].join('\n'),
|
||||
'docs/releases/2.0.0-rc.1/operator-readiness-dashboard-2026-05-20.md': [
|
||||
'This dashboard is generated by `npm run operator:dashboard`',
|
||||
'operator:dashboard',
|
||||
'Growth Baseline',
|
||||
'hypergrowth release command center',
|
||||
'Prompt-To-Artifact Checklist',
|
||||
'Next Work Order',
|
||||
'ITO-44',
|
||||
'ITO-59',
|
||||
'PR queue',
|
||||
'Not complete'
|
||||
].join('\n'),
|
||||
'docs/releases/2.0.0-rc.1/owner-queue-cleanup-2026-05-18.md': [
|
||||
'Owner-wide open PRs after cleanup: 0.',
|
||||
'Owner-wide open issues after cleanup: 0.',
|
||||
@@ -216,7 +190,7 @@ function seedRepo(rootDir, overrides = {}) {
|
||||
'Operator dashboard',
|
||||
'GitGuardian',
|
||||
'macOS/Ubuntu/Windows test matrix',
|
||||
'2568 passed',
|
||||
'2550 passed',
|
||||
'Business baseline',
|
||||
'$1,728/mo',
|
||||
'$8,272/mo'
|
||||
@@ -373,18 +347,14 @@ function runTests() {
|
||||
)));
|
||||
assert.ok(report.requirements.some(item => (
|
||||
item.id === 'ecc-tools-next-level'
|
||||
&& item.gap === 'repeat KV readback and selected-target announcement gate immediately before launch; keep native-payments copy behind the final release, plugin, URL, and owner-approval gates'
|
||||
&& item.gap === 'authorize Cloudflare API or 1Password CLI access, configure the target Marketplace Pro account and INTERNAL_API_SECRET, create or replay Marketplace Pro webhook state, then rerun target readback and the live announcement gate'
|
||||
&& item.evidence.includes('operator-visible promotion output details')
|
||||
&& item.evidence.includes('hosted promotion judge audit traces')
|
||||
&& item.evidence.includes('selected-target announcement gate')
|
||||
&& item.evidence.includes('billing gate env-file operator path')
|
||||
&& item.evidence.includes('non-breaking operator bearer path')
|
||||
&& item.evidence.includes('billing announcement preflight')
|
||||
&& item.evidence.includes('aggregate production billing KV readback')
|
||||
&& item.evidence.includes('Wrangler selected-target readback')
|
||||
&& item.evidence.includes('Wrangler OAuth readback')
|
||||
&& item.evidence.includes('target-account billing readback')
|
||||
&& item.evidence.includes('provenance-aware Marketplace billing-state gates')
|
||||
&& item.evidence.includes('ready Marketplace Pro target selection')
|
||||
&& item.evidence.includes('hosted team-learning feedback controls')
|
||||
&& item.evidence.includes('ECC-Tools Dependabot alert remediation')
|
||||
)));
|
||||
@@ -445,7 +415,7 @@ function runTests() {
|
||||
assert.ok(report.requirements.some(item => (
|
||||
item.id === 'linear-roadmap-and-progress'
|
||||
&& item.status === 'current'
|
||||
&& item.evidence.includes('May 20 Marketplace Pro release-gate comments')
|
||||
&& item.evidence.includes('Linear live sync')
|
||||
&& item.gap === 'repeat Linear/project status update and local work-items sync after each significant merge batch'
|
||||
)));
|
||||
assert.ok(report.top_actions.some(item => item.id === 'naming-and-plugin-publication'));
|
||||
@@ -473,7 +443,7 @@ function runTests() {
|
||||
'Operator dashboard',
|
||||
'GitGuardian',
|
||||
'macOS/Ubuntu/Windows test matrix',
|
||||
'2568 passed',
|
||||
'2550 passed',
|
||||
'Business baseline',
|
||||
'$1,728/mo',
|
||||
'$8,272/mo',
|
||||
|
||||
@@ -68,9 +68,9 @@ function seedRepo(rootDir, overrides = {}) {
|
||||
'Operator dashboard',
|
||||
'GitGuardian',
|
||||
'macOS/Ubuntu/Windows test matrix',
|
||||
'2568 passed'
|
||||
'2550 passed'
|
||||
].join('\n'),
|
||||
'docs/releases/2.0.0-rc.1/operator-readiness-dashboard-2026-05-20.md': [
|
||||
'docs/releases/2.0.0-rc.1/operator-readiness-dashboard-2026-05-19.md': [
|
||||
'This dashboard is generated by `npm run operator:dashboard`',
|
||||
'Growth Baseline',
|
||||
'hypergrowth release command center',
|
||||
@@ -238,7 +238,7 @@ function runTests() {
|
||||
'Operator dashboard',
|
||||
'GitGuardian',
|
||||
'macOS/Ubuntu/Windows test matrix',
|
||||
'2560 passed'
|
||||
'2546 passed'
|
||||
].join('\n')
|
||||
});
|
||||
|
||||
|
||||
@@ -1,320 +0,0 @@
|
||||
'use strict';
|
||||
|
||||
const assert = require('assert');
|
||||
const fs = require('fs');
|
||||
const os = require('os');
|
||||
const path = require('path');
|
||||
const { execFileSync, spawnSync } = require('child_process');
|
||||
|
||||
const SCRIPT = path.join(__dirname, '..', '..', 'scripts', 'release-approval-gate.js');
|
||||
const {
|
||||
REQUIRED_DECISIONS,
|
||||
REQUIRED_URL_SURFACES,
|
||||
buildReport,
|
||||
parseArgs,
|
||||
renderText,
|
||||
} = require(SCRIPT);
|
||||
|
||||
const RELEASE_DIR = 'docs/releases/2.0.0-rc.1';
|
||||
|
||||
function createTempDir(prefix) {
|
||||
return fs.mkdtempSync(path.join(os.tmpdir(), prefix));
|
||||
}
|
||||
|
||||
function cleanup(dirPath) {
|
||||
fs.rmSync(dirPath, { recursive: true, force: true });
|
||||
}
|
||||
|
||||
function writeFile(rootDir, relativePath, content) {
|
||||
const targetPath = path.join(rootDir, relativePath);
|
||||
fs.mkdirSync(path.dirname(targetPath), { recursive: true });
|
||||
fs.writeFileSync(targetPath, content);
|
||||
}
|
||||
|
||||
function approvedPacketContent(overrides = {}) {
|
||||
const decisions = new Map(REQUIRED_DECISIONS.map(decision => [decision.label, 'approve']));
|
||||
for (const [label, value] of Object.entries(overrides)) {
|
||||
decisions.set(label, value);
|
||||
}
|
||||
|
||||
return [
|
||||
'# ECC v2.0.0-rc.1 Owner Approval Packet',
|
||||
'',
|
||||
'## Decision Register',
|
||||
'',
|
||||
'| Decision | Approve / defer / block | Evidence required first | Notes |',
|
||||
'| --- | --- | --- | --- |',
|
||||
...REQUIRED_DECISIONS.map(decision => (
|
||||
`| ${decision.label} | ${decisions.get(decision.label)} | final evidence | approved fixture |`
|
||||
)),
|
||||
'',
|
||||
'## Final Evidence Commands',
|
||||
'',
|
||||
'```bash',
|
||||
'npm run release:approval-gate -- --format json',
|
||||
'```',
|
||||
'',
|
||||
'No outbound email, personal-account post, package publish, plugin tag, or billing announcement is authorized by this packet alone.',
|
||||
].join('\n');
|
||||
}
|
||||
|
||||
function finalLedgerContent(extra = '') {
|
||||
return [
|
||||
'# ECC v2.0.0-rc.1 Release URL Ledger',
|
||||
'',
|
||||
'## Final Published URLs',
|
||||
'',
|
||||
'| Surface | URL | Verification |',
|
||||
'| --- | --- | --- |',
|
||||
...REQUIRED_URL_SURFACES.map(surface => (
|
||||
`| ${surface.label} | ${surface.exampleUrl} | readback from final release commit |`
|
||||
)),
|
||||
'',
|
||||
'## Final Verification Commands',
|
||||
'',
|
||||
'```bash',
|
||||
'npm run release:approval-gate -- --format json',
|
||||
'```',
|
||||
'',
|
||||
extra,
|
||||
].join('\n');
|
||||
}
|
||||
|
||||
function manifestContent() {
|
||||
return [
|
||||
'# ECC v2.0.0-rc.1 Preview Pack Manifest',
|
||||
'',
|
||||
'| Artifact | Role | Gate |',
|
||||
'| --- | --- | --- |',
|
||||
'| `scripts/release-approval-gate.js` | Final owner approval and live URL gate | Verified by `npm run release:approval-gate -- --format json` |',
|
||||
'',
|
||||
'## Final Verification Commands',
|
||||
'',
|
||||
'```bash',
|
||||
'npm run release:approval-gate -- --format json',
|
||||
'```',
|
||||
].join('\n');
|
||||
}
|
||||
|
||||
function seedRepo(rootDir, overrides = {}) {
|
||||
const files = {
|
||||
'package.json': JSON.stringify({
|
||||
files: ['scripts/release-approval-gate.js'],
|
||||
scripts: {
|
||||
'release:approval-gate': 'node scripts/release-approval-gate.js',
|
||||
},
|
||||
}, null, 2),
|
||||
'scripts/release-approval-gate.js': 'release approval gate script',
|
||||
[`${RELEASE_DIR}/owner-approval-packet-2026-05-19.md`]: approvedPacketContent(),
|
||||
[`${RELEASE_DIR}/release-url-ledger-2026-05-19.md`]: finalLedgerContent(),
|
||||
[`${RELEASE_DIR}/preview-pack-manifest.md`]: manifestContent(),
|
||||
[`${RELEASE_DIR}/release-notes.md`]: 'Release notes with final URLs.',
|
||||
[`${RELEASE_DIR}/x-thread.md`]: 'X post with final URLs.',
|
||||
[`${RELEASE_DIR}/linkedin-post.md`]: 'LinkedIn post with final URLs.',
|
||||
[`${RELEASE_DIR}/article-outline.md`]: 'Article outline with final URLs.',
|
||||
[`${RELEASE_DIR}/partner-sponsor-talks-pack.md`]: 'Outbound copy with final URLs.',
|
||||
'docs/business/social-launch-copy.md': 'Business launch copy with final URLs.',
|
||||
};
|
||||
|
||||
for (const [relativePath, content] of Object.entries({ ...files, ...overrides })) {
|
||||
if (content === null) {
|
||||
continue;
|
||||
}
|
||||
writeFile(rootDir, relativePath, content);
|
||||
}
|
||||
}
|
||||
|
||||
function run(args = [], options = {}) {
|
||||
return execFileSync('node', [SCRIPT, ...args], {
|
||||
cwd: options.cwd || path.join(__dirname, '..', '..'),
|
||||
encoding: 'utf8',
|
||||
stdio: ['pipe', 'pipe', 'pipe'],
|
||||
timeout: 10000,
|
||||
});
|
||||
}
|
||||
|
||||
function runProcess(args = [], options = {}) {
|
||||
return spawnSync('node', [SCRIPT, ...args], {
|
||||
cwd: options.cwd || path.join(__dirname, '..', '..'),
|
||||
encoding: 'utf8',
|
||||
stdio: ['pipe', 'pipe', 'pipe'],
|
||||
timeout: 10000,
|
||||
});
|
||||
}
|
||||
|
||||
function test(name, fn) {
|
||||
try {
|
||||
fn();
|
||||
console.log(` PASS ${name}`);
|
||||
return true;
|
||||
} catch (error) {
|
||||
console.log(` FAIL ${name}`);
|
||||
console.log(` Error: ${error.message}`);
|
||||
return false;
|
||||
}
|
||||
}
|
||||
|
||||
function runTests() {
|
||||
console.log('\n=== Testing release-approval-gate.js ===\n');
|
||||
|
||||
let passed = 0;
|
||||
let failed = 0;
|
||||
|
||||
if (test('parseArgs accepts approval gate flags and rejects invalid values', () => {
|
||||
const rootDir = createTempDir('release-approval-args-');
|
||||
|
||||
try {
|
||||
const parsed = parseArgs([
|
||||
'node',
|
||||
'script',
|
||||
'--format=json',
|
||||
`--root=${rootDir}`,
|
||||
]);
|
||||
|
||||
assert.strictEqual(parsed.format, 'json');
|
||||
assert.strictEqual(parsed.root, path.resolve(rootDir));
|
||||
assert.throws(() => parseArgs(['node', 'script', '--format', 'xml']), /Invalid format/);
|
||||
assert.throws(() => parseArgs(['node', 'script', '--root']), /--root requires a value/);
|
||||
assert.throws(() => parseArgs(['node', 'script', '--unknown']), /Unknown argument/);
|
||||
} finally {
|
||||
cleanup(rootDir);
|
||||
}
|
||||
})) passed++; else failed++;
|
||||
|
||||
if (test('seeded approved release passes every publication approval check', () => {
|
||||
const rootDir = createTempDir('release-approval-pass-');
|
||||
|
||||
try {
|
||||
seedRepo(rootDir);
|
||||
const report = buildReport({ root: rootDir });
|
||||
|
||||
assert.strictEqual(report.schema_version, 'ecc.release-approval-gate.v1');
|
||||
assert.strictEqual(report.ready, true);
|
||||
assert.strictEqual(report.summary.failed, 0);
|
||||
assert.deepStrictEqual(report.top_actions, []);
|
||||
assert.ok(report.checks.every(check => check.status === 'pass'));
|
||||
|
||||
const text = renderText(report);
|
||||
assert.ok(text.includes('Ready: yes'));
|
||||
assert.ok(text.includes('Failed: 0'));
|
||||
} finally {
|
||||
cleanup(rootDir);
|
||||
}
|
||||
})) passed++; else failed++;
|
||||
|
||||
if (test('deferred owner decisions keep the publication gate blocked', () => {
|
||||
const rootDir = createTempDir('release-approval-deferred-');
|
||||
|
||||
try {
|
||||
seedRepo(rootDir, {
|
||||
[`${RELEASE_DIR}/owner-approval-packet-2026-05-19.md`]: approvedPacketContent({
|
||||
'GitHub prerelease': 'defer',
|
||||
'Sponsor, partner, consulting, conference, podcast outreach': 'block',
|
||||
}),
|
||||
});
|
||||
|
||||
const report = buildReport({ root: rootDir });
|
||||
const decisions = report.checks.find(check => check.id === 'owner-decisions-approved');
|
||||
|
||||
assert.strictEqual(report.ready, false);
|
||||
assert.strictEqual(decisions.status, 'fail');
|
||||
assert.ok(decisions.evidence.includes('GitHub prerelease=defer'));
|
||||
assert.ok(decisions.evidence.includes('Sponsor, partner, consulting, conference, podcast outreach=block'));
|
||||
assert.ok(report.top_actions.some(action => action.includes('Approve, defer, or block')));
|
||||
} finally {
|
||||
cleanup(rootDir);
|
||||
}
|
||||
})) passed++; else failed++;
|
||||
|
||||
if (test('approval-gated URL ledger rows keep the publication gate blocked', () => {
|
||||
const rootDir = createTempDir('release-approval-ledger-');
|
||||
|
||||
try {
|
||||
seedRepo(rootDir, {
|
||||
[`${RELEASE_DIR}/release-url-ledger-2026-05-19.md`]: [
|
||||
'# ECC v2.0.0-rc.1 Release URL Ledger',
|
||||
'',
|
||||
'## Approval-Gated URLs',
|
||||
'',
|
||||
'| Surface | Intended URL or command | Gate before use |',
|
||||
'| --- | --- | --- |',
|
||||
'| GitHub prerelease | https://github.com/affaan-m/ECC/releases/tag/v2.0.0-rc.1 | must return the prerelease |',
|
||||
].join('\n'),
|
||||
});
|
||||
|
||||
const report = buildReport({ root: rootDir });
|
||||
const ledger = report.checks.find(check => check.id === 'release-url-ledger-finalized');
|
||||
|
||||
assert.strictEqual(report.ready, false);
|
||||
assert.strictEqual(ledger.status, 'fail');
|
||||
assert.ok(ledger.evidence.includes('approval-gated URL section still present'));
|
||||
} finally {
|
||||
cleanup(rootDir);
|
||||
}
|
||||
})) passed++; else failed++;
|
||||
|
||||
if (test('announcement drafts fail on unresolved placeholders and private paths', () => {
|
||||
const rootDir = createTempDir('release-approval-copy-');
|
||||
|
||||
try {
|
||||
seedRepo(rootDir, {
|
||||
[`${RELEASE_DIR}/x-thread.md`]: 'Ship copy with <video-url> and /Users/affaan/raw-footage.',
|
||||
});
|
||||
|
||||
const report = buildReport({ root: rootDir });
|
||||
const copy = report.checks.find(check => check.id === 'announcement-copy-finalized');
|
||||
|
||||
assert.strictEqual(report.ready, false);
|
||||
assert.strictEqual(copy.status, 'fail');
|
||||
assert.ok(copy.evidence.includes(`${RELEASE_DIR}/x-thread.md:1`));
|
||||
} finally {
|
||||
cleanup(rootDir);
|
||||
}
|
||||
})) passed++; else failed++;
|
||||
|
||||
if (test('CLI emits json and uses status 2 for blocked approval reports', () => {
|
||||
const rootDir = createTempDir('release-approval-cli-');
|
||||
|
||||
try {
|
||||
seedRepo(rootDir);
|
||||
const stdout = run(['--format=json', `--root=${rootDir}`], { cwd: rootDir });
|
||||
const parsed = JSON.parse(stdout);
|
||||
assert.strictEqual(parsed.ready, true);
|
||||
|
||||
writeFile(
|
||||
rootDir,
|
||||
`${RELEASE_DIR}/owner-approval-packet-2026-05-19.md`,
|
||||
approvedPacketContent({ 'Video upload': 'defer' })
|
||||
);
|
||||
const failedRun = runProcess(['--format=json', `--root=${rootDir}`], { cwd: rootDir });
|
||||
assert.strictEqual(failedRun.status, 2);
|
||||
assert.strictEqual(failedRun.stderr, '');
|
||||
assert.ok(failedRun.stdout.includes('"ready": false'));
|
||||
} finally {
|
||||
cleanup(rootDir);
|
||||
}
|
||||
})) passed++; else failed++;
|
||||
|
||||
if (test('CLI help exits successfully and invalid flags fail before reporting', () => {
|
||||
const help = runProcess(['--help']);
|
||||
assert.strictEqual(help.status, 0);
|
||||
assert.strictEqual(help.stderr, '');
|
||||
assert.ok(help.stdout.includes('Usage: node scripts/release-approval-gate.js'));
|
||||
|
||||
const invalid = runProcess(['--format=xml']);
|
||||
assert.strictEqual(invalid.status, 1);
|
||||
assert.strictEqual(invalid.stdout, '');
|
||||
assert.match(invalid.stderr, /Error: Invalid format/);
|
||||
})) passed++; else failed++;
|
||||
|
||||
console.log(`\nPassed: ${passed}`);
|
||||
console.log(`Failed: ${failed}`);
|
||||
|
||||
if (failed > 0) {
|
||||
process.exit(1);
|
||||
}
|
||||
}
|
||||
|
||||
if (require.main === module) {
|
||||
runTests();
|
||||
}
|
||||
Reference in New Issue
Block a user