SCIBASE-AI · zhengjynicolas · May 15, 2026
diff --git a/repository-release-embargo-controls/README.md b/repository-release-embargo-controls/README.md
@@ -0,0 +1,24 @@
+# Repository Release Embargo Controls
+
+This module adds a self-contained release readiness gate for access-controlled scientific repositories. It focuses on the part of Project Repository & Version Control where a repository steward needs to decide whether a version can be exported or published.
+
+## What it checks
+
+- Embargo windows before public release
+- Restricted component access-policy coverage
+- Large scientific artifacts that should be routed through LFS or object-store pointers
+- DOI or reserved DOI metadata for citation stability
+- Required reproducibility pipeline evidence
+- Export bundle completeness for metadata, license, citation, manifest, and checksums
+- Rollback snapshot readiness for the parent version
+- Deterministic audit digest for review trails
+
+## Run locally
+
+```bash
+npm run check
+npm test
+npm run demo
+```
+
+The demo uses `sample-data.json`, which intentionally blocks a public release because the release is still embargoed, a large restricted dataset is not routed through LFS, and the export bundle is missing checksums.
diff --git a/repository-release-embargo-controls/demo.js b/repository-release-embargo-controls/demo.js
@@ -0,0 +1,25 @@
+"use strict";
+
+const sampleBundle = require("./sample-data.json");
+const {
+  analyzeRepositoryReleaseControls,
+} = require("./src/repository-release-embargo-controls");
+
+const result = analyzeRepositoryReleaseControls(sampleBundle);
+
+console.log(`Repository: ${result.repositoryName}`);
+console.log(`Release: ${result.releaseVersion}`);
+console.log(`Decision: ${result.releaseDecision}`);
+console.log(`Audit digest: ${result.auditDigest}`);
+console.log("");
+console.log("Checklist:");
+for (const item of result.releaseChecklist) {
+  console.log(`- ${item.name}: ${item.status}`);
+}
+console.log("");
+console.log("Findings:");
+for (const finding of result.findings) {
+  console.log(`- [${finding.severity}] ${finding.id}: ${finding.title}`);
+  console.log(`  detail: ${finding.detail}`);
+  console.log(`  remediation: ${finding.remediation}`);
+}
diff --git a/repository-release-embargo-controls/docs/repository-release-demo.mp4 b/repository-release-embargo-controls/docs/repository-release-demo.mp4
diff --git a/repository-release-embargo-controls/docs/requirement-map.md b/repository-release-embargo-controls/docs/requirement-map.md
@@ -0,0 +1,16 @@
+# Requirement Map
+
+| Project Repository & Version Control requirement | Implementation |
+| --- | --- |
+| Structured scientific project repositories | `sample-data.json` models repository metadata, components, versions, access policies, release candidates, and reproducibility runs. |
+| File, dataset, and notebook versioning | `componentManifest` normalizes typed files, notebooks, metadata, hashes, sizes, restrictions, and license fields. |
+| Scientific commit/release readiness | `analyzeRepositoryReleaseControls` evaluates a release candidate against embargo, access, citation, reproducibility, export, and rollback controls. |
+| Large file handling | `large-file-lfs-routing` blocks artifacts above 100 MB unless they have an LFS or object-store pointer. |
+| Reproducibility checks | Required pipeline IDs must have latest passed runs with `sha256` output hashes. |
+| DOI and citation support | DOI/reserved DOI and citation metadata are validated before export. |
+| Exporting and archival | Required export files include metadata, license, citation, manifest, and checksums. |
+| Rollback and auditability | Parent versions need rollback snapshot hashes, and every evaluation returns a deterministic `sha256` audit digest. |
+
+## Demo Video
+
+The PR includes `docs/repository-release-demo.mp4`, a real terminal walkthrough running the local check, test, and demo scripts.
diff --git a/repository-release-embargo-controls/package.json b/repository-release-embargo-controls/package.json
@@ -0,0 +1,12 @@
+{
+  "name": "repository-release-embargo-controls",
+  "version": "1.0.0",
+  "description": "Release readiness controls for access-controlled scientific repositories.",
+  "main": "src/repository-release-embargo-controls.js",
+  "scripts": {
+    "check": "node --check src/repository-release-embargo-controls.js && node --check test.js && node --check demo.js",
+    "test": "node test.js",
+    "demo": "node demo.js"
+  },
+  "license": "MIT"
+}
diff --git a/repository-release-embargo-controls/sample-data.json b/repository-release-embargo-controls/sample-data.json
@@ -0,0 +1,106 @@
+{
+  "now": "2026-05-15T00:00:00.000Z",
+  "repository": {
+    "id": "repo-neuro-042",
+    "name": "Neurotherapy longitudinal response repository",
+    "steward": "dr.mendez@scibase.ai",
+    "embargoUntil": "2026-07-01T00:00:00.000Z",
+    "citation": {
+      "authors": ["A. Mendez", "J. Shah"],
+      "affiliations": ["SCIBASE Translational Neuroscience"],
+      "funding": ["NIH-R01-SCI-2042"]
+    }
+  },
+  "components": [
+    {
+      "path": "data/raw/cohort.csv",
+      "type": "human_subjects_dataset",
+      "bytes": 318767104,
+      "hash": "sha256:3c45b3a9ff7ebdbe8d8324f6fb52b04cda0d0d1d0bf8db346a04e23b63bbbc2f",
+      "restricted": true,
+      "lfsPointer": false,
+      "license": "DUA-2026-17"
+    },
+    {
+      "path": "notebooks/response-model.ipynb",
+      "type": "analysis_notebook",
+      "bytes": 684512,
+      "hash": "sha256:623db1d2202f2a551a770471cfe01af0267758a19c38694d178287ff98c38d99",
+      "restricted": false,
+      "lfsPointer": false,
+      "license": "MIT"
+    },
+    {
+      "path": "metadata/variables.json",
+      "type": "metadata",
+      "bytes": 18234,
+      "hash": "sha256:1483a0d69c817e45db648a55cc1eca6f18f23f99d20ecb72964ffab03b287d25",
+      "restricted": false,
+      "lfsPointer": false,
+      "license": "CC-BY-4.0"
+    }
+  ],
+  "versions": [
+    {
+      "version": "v2.0.0",
+      "tag": "dataset-baseline",
+      "createdAt": "2026-04-01T12:30:00.000Z",
+      "rollbackSnapshotHash": "sha256:dd338f3433b08fda89ab11da7f54f840b5e832be4a47d1833911b1fb4d4c1dd8"
+    }
+  ],
+  "releaseCandidate": {
+    "version": "v2.1.0",
+    "visibility": "public",
+    "parentVersion": "v2.0.0",
+    "semanticTag": "dataset-minor",
+    "reservedDoi": "10.5281/zenodo.2002042",
+    "embargoUntil": "2026-07-01T00:00:00.000Z",
+    "requiredPipelineIds": [
+      "pipeline:reproduce-figures",
+      "pipeline:privacy-regression"
+    ],
+    "manifest": [
+      {
+        "path": "data/raw/cohort.csv",
+        "restricted": true
+      },
+      {
+        "path": "notebooks/response-model.ipynb",
+        "restricted": false
+      },
+      {
+        "path": "metadata/variables.json",
+        "restricted": false
+      }
+    ],
+    "exportFiles": [
+      "metadata.json",
+      "LICENSE",
+      "CITATION.cff",
+      "manifest.json"
+    ]
+  },
+  "reproducibilityRuns": [
+    {
+      "pipelineId": "pipeline:reproduce-figures",
+      "status": "passed",
+      "completedAt": "2026-05-12T18:10:00.000Z",
+      "outputHash": "sha256:a97eaf103155fd400855d94c0ea50adfb245d51a6d0218736b176f817d4a1433"
+    },
+    {
+      "pipelineId": "pipeline:privacy-regression",
+      "status": "passed",
+      "completedAt": "2026-05-12T18:33:00.000Z",
+      "outputHash": "sha256:3d0ff9fb5821faa229263f965ae6195d103439812c5f48f93ff8082af7c4f016"
+    }
+  ],
+  "accessPolicies": [
+    {
+      "id": "dua-neurotherapy-2026",
+      "status": "active",
+      "steward": "dr.mendez@scibase.ai",
+      "allowedRoles": ["repository-steward", "privacy-reviewer"],
+      "expiresAt": "2026-12-31T23:59:59.000Z"
+    }
+  ]
+}