@caoxupei/ai-agent-cli 1.0.0

package/dist/utils/security.js

@@ -0,0 +1,123 @@
+/**
+ * 安全工具 - 防止路径遍历和危险命令
+ */
+import path from 'node:path';
+/**
+ * 防止路径遍历攻击
+ * 确保用户提供的路径在工作目录内
+ */
+export function safePath(workdir, userPath) {
+    // 解析绝对路径
+    const resolved = path.resolve(workdir, userPath);
+    const normalized = path.normalize(resolved);
+    const normalizedWorkdir = path.normalize(workdir);
+    // 确保路径在工作目录内
+    if (!normalized.startsWith(normalizedWorkdir)) {
+        throw new Error(`路径越界访问被阻止: ${userPath}`);
+    }
+    return normalized;
+}
+/**
+ * 验证 bash 命令，阻止危险操作
+ */
+export function validateBashCommand(cmd) {
+    // 危险命令模式列表
+    const dangerousPatterns = [
+        'rm -rf /',
+        'rm -rf ~',
+        'rm -rf *',
+        'sudo',
+        'shutdown',
+        'reboot',
+        'poweroff',
+        'halt',
+        'mkfs',
+        'dd if=',
+        'dd of=/dev/',
+        '> /dev/',
+        'format',
+        ':(){:|:&};:', // Fork bomb
+        'chmod -R 777 /',
+        'chown -R',
+        '> /etc/',
+        'cat /dev/zero'
+    ];
+    const lowerCmd = cmd.toLowerCase();
+    for (const pattern of dangerousPatterns) {
+        if (lowerCmd.includes(pattern.toLowerCase())) {
+            throw new Error(`危险命令被阻止: ${pattern}`);
+        }
+    }
+    // 检查是否尝试修改关键系统目录
+    const systemDirs = ['/etc', '/bin', '/sbin', '/usr/bin', '/usr/sbin', '/boot', '/sys'];
+    for (const dir of systemDirs) {
+        if (lowerCmd.includes(`rm`) && lowerCmd.includes(dir)) {
+            throw new Error(`禁止删除系统目录: ${dir}`);
+        }
+    }
+}
+/**
+ * 限制输出大小
+ */
+export function truncateOutput(output, maxBytes) {
+    if (output.length <= maxBytes) {
+        return output;
+    }
+    const truncated = output.slice(0, maxBytes);
+    const lines = truncated.split('\n').length;
+    return `${truncated}\n\n[输出被截断: 超过 ${maxBytes} 字节限制，共 ${lines} 行]`;
+}
+/**
+ * 清理路径用于显示（隐藏敏感信息）
+ */
+export function sanitizePathForDisplay(filePath, workdir) {
+    // 将绝对路径转换为相对路径
+    const relative = path.relative(workdir, filePath);
+    // 如果路径在工作目录外，只显示文件名
+    if (relative.startsWith('..')) {
+        return path.basename(filePath);
+    }
+    return relative;
+}
+/**
+ * 验证只读 bash 命令（用于 explore 代理）
+ * 确保命令不会修改文件系统
+ */
+export function validateReadOnlyCommand(cmd) {
+    // 写入操作模式
+    const writePatterns = [
+        '>', // 重定向写入
+        '>>', // 追加写入
+        'echo', // 写入命令
+        'sed -i', // 原地编辑
+        'tee', // 写入文件
+        'cp', // 复制（可能写入）
+        'mv', // 移动（修改）
+        'rm', // 删除
+        'mkdir', // 创建目录
+        'touch', // 创建文件
+        'dd', // 磁盘操作
+        'git commit', // Git 写入操作
+        'git push',
+        'npm install', // 包管理写入
+        'yarn install',
+        'pip install',
+        'curl -O', // 下载文件
+        'wget', // 下载文件
+    ];
+    const lowerCmd = cmd.toLowerCase();
+    for (const pattern of writePatterns) {
+        if (lowerCmd.includes(pattern.toLowerCase())) {
+            throw new Error(`只读代理不允许写入操作: 命令包含 "${pattern}"\n` +
+                `提示: explore 代理只能用于读取和分析，不能修改文件。`);
+        }
+    }
+    // 允许的只读命令示例
+    const readOnlyCommands = ['ls', 'cat', 'head', 'tail', 'grep', 'find', 'wc', 'file', 'stat'];
+    const hasReadOnlyCommand = readOnlyCommands.some(cmd => lowerCmd.startsWith(cmd));
+    if (!hasReadOnlyCommand && !lowerCmd.match(/^(git (status|diff|log)|pwd|tree|du)/)) {
+        // 如果不是明确的只读命令，给出警告但不阻止（允许一些灵活性）
+        console.warn(`⚠️  命令 "${cmd}" 可能不是只读命令，请确保不会修改文件`);
+    }
+}
+//# sourceMappingURL=security.js.map

package/dist/utils/security.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"security.js","sourceRoot":"","sources":["../../src/utils/security.ts"],"names":[],"mappings":"AAAA;;GAEG;AAEH,OAAO,IAAI,MAAM,WAAW,CAAC;AAE7B;;;GAGG;AACH,MAAM,UAAU,QAAQ,CAAC,OAAe,EAAE,QAAgB;IACxD,SAAS;IACT,MAAM,QAAQ,GAAG,IAAI,CAAC,OAAO,CAAC,OAAO,EAAE,QAAQ,CAAC,CAAC;IACjD,MAAM,UAAU,GAAG,IAAI,CAAC,SAAS,CAAC,QAAQ,CAAC,CAAC;IAC5C,MAAM,iBAAiB,GAAG,IAAI,CAAC,SAAS,CAAC,OAAO,CAAC,CAAC;IAElD,aAAa;IACb,IAAI,CAAC,UAAU,CAAC,UAAU,CAAC,iBAAiB,CAAC,EAAE,CAAC;QAC9C,MAAM,IAAI,KAAK,CAAC,cAAc,QAAQ,EAAE,CAAC,CAAC;IAC5C,CAAC;IAED,OAAO,UAAU,CAAC;AACpB,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,mBAAmB,CAAC,GAAW;IAC7C,WAAW;IACX,MAAM,iBAAiB,GAAG;QACxB,UAAU;QACV,UAAU;QACV,UAAU;QACV,MAAM;QACN,UAAU;QACV,QAAQ;QACR,UAAU;QACV,MAAM;QACN,MAAM;QACN,QAAQ;QACR,aAAa;QACb,SAAS;QACT,QAAQ;QACR,aAAa,EAAG,YAAY;QAC5B,gBAAgB;QAChB,UAAU;QACV,SAAS;QACT,eAAe;KAChB,CAAC;IAEF,MAAM,QAAQ,GAAG,GAAG,CAAC,WAAW,EAAE,CAAC;IAEnC,KAAK,MAAM,OAAO,IAAI,iBAAiB,EAAE,CAAC;QACxC,IAAI,QAAQ,CAAC,QAAQ,CAAC,OAAO,CAAC,WAAW,EAAE,CAAC,EAAE,CAAC;YAC7C,MAAM,IAAI,KAAK,CAAC,YAAY,OAAO,EAAE,CAAC,CAAC;QACzC,CAAC;IACH,CAAC;IAED,iBAAiB;IACjB,MAAM,UAAU,GAAG,CAAC,MAAM,EAAE,MAAM,EAAE,OAAO,EAAE,UAAU,EAAE,WAAW,EAAE,OAAO,EAAE,MAAM,CAAC,CAAC;IACvF,KAAK,MAAM,GAAG,IAAI,UAAU,EAAE,CAAC;QAC7B,IAAI,QAAQ,CAAC,QAAQ,CAAC,IAAI,CAAC,IAAI,QAAQ,CAAC,QAAQ,CAAC,GAAG,CAAC,EAAE,CAAC;YACtD,MAAM,IAAI,KAAK,CAAC,aAAa,GAAG,EAAE,CAAC,CAAC;QACtC,CAAC;IACH,CAAC;AACH,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,cAAc,CAAC,MAAc,EAAE,QAAgB;IAC7D,IAAI,MAAM,CAAC,MAAM,IAAI,QAAQ,EAAE,CAAC;QAC9B,OAAO,MAAM,CAAC;IAChB,CAAC;IAED,MAAM,SAAS,GAAG,MAAM,CAAC,KAAK,CAAC,CAAC,EAAE,QAAQ,CAAC,CAAC;IAC5C,MAAM,KAAK,GAAG,SAAS,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC,MAAM,CAAC;IAC3C,OAAO,GAAG,SAAS,kBAAkB,QAAQ,WAAW,KAAK,KAAK,CAAC;AACrE,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,sBAAsB,CAAC,QAAgB,EAAE,OAAe;IACtE,eAAe;IACf,MAAM,QAAQ,GAAG,IAAI,CAAC,QAAQ,CAAC,OAAO,EAAE,QAAQ,CAAC,CAAC;IAElD,oBAAoB;IACpB,IAAI,QAAQ,CAAC,UAAU,CAAC,IAAI,CAAC,EAAE,CAAC;QAC9B,OAAO,IAAI,CAAC,QAAQ,CAAC,QAAQ,CAAC,CAAC;IACjC,CAAC;IAED,OAAO,QAAQ,CAAC;AAClB,CAAC;AAED;;;GAGG;AACH,MAAM,UAAU,uBAAuB,CAAC,GAAW;IACjD,SAAS;IACT,MAAM,aAAa,GAAG;QACpB,GAAG,EAAO,QAAQ;QAClB,IAAI,EAAM,OAAO;QACjB,MAAM,EAAI,OAAO;QACjB,QAAQ,EAAE,OAAO;QACjB,KAAK,EAAK,OAAO;QACjB,IAAI,EAAM,WAAW;QACrB,IAAI,EAAM,SAAS;QACnB,IAAI,EAAM,KAAK;QACf,OAAO,EAAG,OAAO;QACjB,OAAO,EAAG,OAAO;QACjB,IAAI,EAAM,OAAO;QACjB,YAAY,EAAE,WAAW;QACzB,UAAU;QACV,aAAa,EAAE,QAAQ;QACvB,cAAc;QACd,aAAa;QACb,SAAS,EAAM,OAAO;QACtB,MAAM,EAAS,OAAO;KACvB,CAAC;IAEF,MAAM,QAAQ,GAAG,GAAG,CAAC,WAAW,EAAE,CAAC;IAEnC,KAAK,MAAM,OAAO,IAAI,aAAa,EAAE,CAAC;QACpC,IAAI,QAAQ,CAAC,QAAQ,CAAC,OAAO,CAAC,WAAW,EAAE,CAAC,EAAE,CAAC;YAC7C,MAAM,IAAI,KAAK,CACb,sBAAsB,OAAO,KAAK;gBAClC,iCAAiC,CAClC,CAAC;QACJ,CAAC;IACH,CAAC;IAED,YAAY;IACZ,MAAM,gBAAgB,GAAG,CAAC,IAAI,EAAE,KAAK,EAAE,MAAM,EAAE,MAAM,EAAE,MAAM,EAAE,MAAM,EAAE,IAAI,EAAE,MAAM,EAAE,MAAM,CAAC,CAAC;IAC7F,MAAM,kBAAkB,GAAG,gBAAgB,CAAC,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,QAAQ,CAAC,UAAU,CAAC,GAAG,CAAC,CAAC,CAAC;IAElF,IAAI,CAAC,kBAAkB,IAAI,CAAC,QAAQ,CAAC,KAAK,CAAC,sCAAsC,CAAC,EAAE,CAAC;QACnF,gCAAgC;QAChC,OAAO,CAAC,IAAI,CAAC,WAAW,GAAG,sBAAsB,CAAC,CAAC;IACrD,CAAC;AACH,CAAC"}

package/dist/utils/text/index.d.ts

@@ -0,0 +1,28 @@
+/**
+ * 文本处理工具函数
+ */
+/**
+ * 截断文本到指定长度
+ */
+export declare function truncateText(text: string, maxLength: number, suffix?: string): string;
+/**
+ * 截断文本到指定行数
+ */
+export declare function truncateLines(text: string, maxLines: number): string;
+/**
+ * 计算文本行数
+ */
+export declare function countLines(text: string): number;
+/**
+ * 移除空行
+ */
+export declare function removeEmptyLines(text: string): string;
+/**
+ * 缩进文本
+ */
+export declare function indent(text: string, spaces?: number): string;
+/**
+ * 移除缩进
+ */
+export declare function dedent(text: string): string;
+//# sourceMappingURL=index.d.ts.map

package/dist/utils/text/index.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../../src/utils/text/index.ts"],"names":[],"mappings":"AAAA;;GAEG;AAEH;;GAEG;AACH,wBAAgB,YAAY,CAAC,IAAI,EAAE,MAAM,EAAE,SAAS,EAAE,MAAM,EAAE,MAAM,SAAQ,GAAG,MAAM,CAGpF;AAED;;GAEG;AACH,wBAAgB,aAAa,CAAC,IAAI,EAAE,MAAM,EAAE,QAAQ,EAAE,MAAM,GAAG,MAAM,CAIpE;AAED;;GAEG;AACH,wBAAgB,UAAU,CAAC,IAAI,EAAE,MAAM,GAAG,MAAM,CAE/C;AAED;;GAEG;AACH,wBAAgB,gBAAgB,CAAC,IAAI,EAAE,MAAM,GAAG,MAAM,CAErD;AAED;;GAEG;AACH,wBAAgB,MAAM,CAAC,IAAI,EAAE,MAAM,EAAE,MAAM,SAAI,GAAG,MAAM,CAGvD;AAED;;GAEG;AACH,wBAAgB,MAAM,CAAC,IAAI,EAAE,MAAM,GAAG,MAAM,CAU3C"}

package/dist/utils/text/index.js

@@ -0,0 +1,51 @@
+/**
+ * 文本处理工具函数
+ */
+/**
+ * 截断文本到指定长度
+ */
+export function truncateText(text, maxLength, suffix = '...') {
+    if (text.length <= maxLength)
+        return text;
+    return text.slice(0, maxLength - suffix.length) + suffix;
+}
+/**
+ * 截断文本到指定行数
+ */
+export function truncateLines(text, maxLines) {
+    const lines = text.split('\n');
+    if (lines.length <= maxLines)
+        return text;
+    return lines.slice(0, maxLines).join('\n') + `\n... (还有 ${lines.length - maxLines} 行)`;
+}
+/**
+ * 计算文本行数
+ */
+export function countLines(text) {
+    return text.split('\n').length;
+}
+/**
+ * 移除空行
+ */
+export function removeEmptyLines(text) {
+    return text.split('\n').filter(line => line.trim()).join('\n');
+}
+/**
+ * 缩进文本
+ */
+export function indent(text, spaces = 2) {
+    const prefix = ' '.repeat(spaces);
+    return text.split('\n').map(line => prefix + line).join('\n');
+}
+/**
+ * 移除缩进
+ */
+export function dedent(text) {
+    const lines = text.split('\n');
+    const nonEmptyLines = lines.filter(line => line.trim());
+    if (nonEmptyLines.length === 0)
+        return text;
+    const minIndent = Math.min(...nonEmptyLines.map(line => line.match(/^(\s*)/)?.[1].length ?? 0));
+    return lines.map(line => line.slice(minIndent)).join('\n');
+}
+//# sourceMappingURL=index.js.map

package/dist/utils/text/index.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../../../src/utils/text/index.ts"],"names":[],"mappings":"AAAA;;GAEG;AAEH;;GAEG;AACH,MAAM,UAAU,YAAY,CAAC,IAAY,EAAE,SAAiB,EAAE,MAAM,GAAG,KAAK;IAC1E,IAAI,IAAI,CAAC,MAAM,IAAI,SAAS;QAAE,OAAO,IAAI,CAAC;IAC1C,OAAO,IAAI,CAAC,KAAK,CAAC,CAAC,EAAE,SAAS,GAAG,MAAM,CAAC,MAAM,CAAC,GAAG,MAAM,CAAC;AAC3D,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,aAAa,CAAC,IAAY,EAAE,QAAgB;IAC1D,MAAM,KAAK,GAAG,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;IAC/B,IAAI,KAAK,CAAC,MAAM,IAAI,QAAQ;QAAE,OAAO,IAAI,CAAC;IAC1C,OAAO,KAAK,CAAC,KAAK,CAAC,CAAC,EAAE,QAAQ,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,GAAG,aAAa,KAAK,CAAC,MAAM,GAAG,QAAQ,KAAK,CAAC;AACzF,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,UAAU,CAAC,IAAY;IACrC,OAAO,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC,MAAM,CAAC;AACjC,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,gBAAgB,CAAC,IAAY;IAC3C,OAAO,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC,MAAM,CAAC,IAAI,CAAC,EAAE,CAAC,IAAI,CAAC,IAAI,EAAE,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;AACjE,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,MAAM,CAAC,IAAY,EAAE,MAAM,GAAG,CAAC;IAC7C,MAAM,MAAM,GAAG,GAAG,CAAC,MAAM,CAAC,MAAM,CAAC,CAAC;IAClC,OAAO,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC,GAAG,CAAC,IAAI,CAAC,EAAE,CAAC,MAAM,GAAG,IAAI,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;AAChE,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,MAAM,CAAC,IAAY;IACjC,MAAM,KAAK,GAAG,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;IAC/B,MAAM,aAAa,GAAG,KAAK,CAAC,MAAM,CAAC,IAAI,CAAC,EAAE,CAAC,IAAI,CAAC,IAAI,EAAE,CAAC,CAAC;IACxD,IAAI,aAAa,CAAC,MAAM,KAAK,CAAC;QAAE,OAAO,IAAI,CAAC;IAE5C,MAAM,SAAS,GAAG,IAAI,CAAC,GAAG,CACxB,GAAG,aAAa,CAAC,GAAG,CAAC,IAAI,CAAC,EAAE,CAAC,IAAI,CAAC,KAAK,CAAC,QAAQ,CAAC,EAAE,CAAC,CAAC,CAAC,CAAC,MAAM,IAAI,CAAC,CAAC,CACpE,CAAC;IAEF,OAAO,KAAK,CAAC,GAAG,CAAC,IAAI,CAAC,EAAE,CAAC,IAAI,CAAC,KAAK,CAAC,SAAS,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;AAC7D,CAAC"}

package/package.json

@@ -0,0 +1,84 @@
+{
+  "name": "@caoxupei/ai-agent-cli",
+  "version": "1.0.0",
+  "description": "A powerful AI coding agent with multi-provider support (Anthropic, OpenAI, Gemini)",
+  "type": "module",
+  "main": "./dist/entrypoints/index.js",
+  "types": "./dist/entrypoints/index.d.ts",
+  "bin": {
+    "ai-agent-cli": "./bin/ai-agent-cli.js",
+    "aac": "./bin/ai-agent-cli.js"
+  },
+  "files": [
+    "dist",
+    "bin",
+    "skills",
+    "README.md",
+    "LICENSE"
+  ],
+  "scripts": {
+    "dev": "tsx src/entrypoints/cli.ts",
+    "build": "tsc",
+    "test": "vitest",
+    "test:ui": "vitest --ui",
+    "test:coverage": "vitest --coverage",
+    "lint": "eslint src --ext .ts",
+    "lint:fix": "eslint src --ext .ts --fix",
+    "prepublishOnly": "npm run build"
+  },
+  "keywords": [
+    "ai",
+    "agent",
+    "cli",
+    "coding-assistant",
+    "anthropic",
+    "openai",
+    "gemini",
+    "claude",
+    "gpt",
+    "typescript"
+  ],
+  "engines": {
+    "node": ">=18.0.0"
+  },
+  "repository": {
+    "type": "git",
+    "url": "git+https://github.com/xpnobug/ai-agent-cli.git"
+  },
+  "homepage": "https://github.com/xpnobug/ai-agent-cli#readme",
+  "bugs": {
+    "url": "https://github.com/xpnobug/ai-agent-cli/issues"
+  },
+  "author": "xpnobug",
+  "license": "MIT",
+  "dependencies": {
+    "@anthropic-ai/sdk": "^0.39.0",
+    "@google/generative-ai": "^0.17.0",
+    "@types/turndown": "^5.0.6",
+    "boxen": "^7.1.1",
+    "chalk": "^5.3.0",
+    "cheerio": "^1.0.0-rc.12",
+    "cli-table3": "^0.6.5",
+    "dotenv": "^16.3.1",
+    "enquirer": "^2.4.1",
+    "execa": "^8.0.1",
+    "fast-glob": "^3.3.2",
+    "fs-extra": "^11.2.0",
+    "gray-matter": "^4.0.3",
+    "openai": "^4.51.0",
+    "ora": "^8.0.1",
+    "turndown": "^7.2.2",
+    "zod": "^3.22.4"
+  },
+  "devDependencies": {
+    "@types/fs-extra": "^11.0.4",
+    "@types/node": "^20.10.0",
+    "@typescript-eslint/eslint-plugin": "^6.15.0",
+    "@typescript-eslint/parser": "^6.15.0",
+    "@vitest/ui": "^1.0.4",
+    "eslint": "^8.56.0",
+    "tsx": "^4.7.0",
+    "typescript": "^5.3.3",
+    "vitest": "^1.0.4"
+  }
+}

package/skills/web-dev/SKILL.md

@@ -0,0 +1,91 @@
+---
+name: web-dev
+description: Web 开发最佳实践和现代前端技术栈指导
+---
+
+# Web 开发技能
+
+## 技术栈
+
+### 前端框架
+- **React** - 组件化 UI 库
+- **Vue.js** - 渐进式框架
+- **Next.js** - React 全栈框架
+- **Vite** - 现代构建工具
+
+### 样式
+- **Tailwind CSS** - 实用优先的 CSS 框架
+- **CSS Modules** - 模块化 CSS
+- **styled-components** - CSS-in-JS
+
+### 状态管理
+- **Zustand** - 轻量级状态管理
+- **Redux Toolkit** - Redux 官方工具集
+- **React Query** - 服务端状态管理
+
+## 最佳实践
+
+### 组件设计
+1. **单一职责** - 每个组件只做一件事
+2. **可复用性** - 提取通用组件
+3. **Props 接口** - 明确定义 TypeScript 接口
+4. **错误边界** - 处理组件错误
+
+### 性能优化
+- 使用 `React.memo` 避免不必要的重渲染
+- 懒加载路由和组件
+- 图片优化（WebP、懒加载）
+- 代码分割
+
+### 代码规范
+- ESLint + Prettier
+- 统一的命名约定
+- 组件文件结构一致
+- 注释关键逻辑
+
+## 项目结构
+
+```
+src/
+├── components/      # 组件
+│   ├── common/     # 通用组件
+│   └── features/   # 功能组件
+├── hooks/          # 自定义 Hooks
+├── utils/          # 工具函数
+├── services/       # API 服务
+├── store/          # 状态管理
+└── types/          # TypeScript 类型
+```
+
+## 常用命令
+
+```bash
+# 创建 React 项目
+npm create vite@latest my-app -- --template react-ts
+
+# 创建 Next.js 项目
+npx create-next-app@latest
+
+# 安装常用依赖
+npm install zustand react-query axios
+
+# 开发服务器
+npm run dev
+
+# 构建生产版本
+npm run build
+```
+
+## 调试技巧
+
+1. **React DevTools** - 检查组件树和 Props
+2. **Chrome DevTools** - 性能分析
+3. **console.log** - 基础调试
+4. **debugger** - 断点调试
+
+## 安全注意事项
+
+- XSS 防护：永远不要使用 `dangerouslySetInnerHTML` 处理用户输入
+- CSRF 防护：使用 CSRF token
+- 敏感数据：不要在前端存储敏感信息
+- 依赖审计：定期运行 `npm audit`