@colin4k1024/tsp 2.4.0 → 2.4.2
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +87 -4
- package/bin/lib/post-install-bridge.js +2 -2
- package/bin/tsp-create.js +11 -11
- package/commands/team-help.md +2 -2
- package/commands/team-plan.md +1 -1
- package/commands/update-codemaps.md +3 -2
- package/docs/.vitepress/config.mts +199 -0
- package/docs/adr/ADR-001-doc-architecture-integration.md +33 -0
- package/docs/guides/README.md +5 -0
- package/docs/guides/installation.md +33 -0
- package/docs/guides/user-guide.md +36 -0
- package/docs/index.md +65 -0
- package/docs/memory/backlog.md +10 -0
- package/docs/memory/decisions.md +43 -0
- package/docs/memory/lessons-learned.md +87 -0
- package/docs/plans/2026-04-03-python-remnants-audit.md +265 -0
- package/docs/plans/2026-04-03-scripts-python-to-js-migration.md +372 -0
- package/docs/plans/2026-04-03-solo-delivery-execution-checklist.md +413 -0
- package/docs/plans/2026-04-03-solo-delivery-gap-plan.md +377 -0
- package/docs/plans/2026-04-03-team-skills-workflow-gates.md +548 -0
- package/docs/plans/2026-04-21-open-source-readiness-gap-plan.md +217 -0
- package/docs/plans/llm-surface-reduction-audit.md +147 -0
- package/docs/plans/llm-surface-reduction-execution-checklist.md +217 -0
- package/docs/plans/llm-surface-reduction-execution-history.md +124 -0
- package/docs/plans/team-skills-platform-migration.md +54 -0
- package/docs/presentation/README.md +42 -0
- package/docs/presentation/audience-presentation-route-map.md +84 -0
- package/docs/presentation/executive-briefing-talk-track.md +50 -0
- package/docs/presentation/generate_capability_matrix.py +396 -0
- package/docs/presentation/generate_ppt.py +354 -0
- package/docs/presentation/implementation-onboarding-brief.md +38 -0
- package/docs/presentation/presentation-talk-track.md +97 -0
- package/docs/presentation/vertical-scenario-route-map.md +99 -0
- package/docs/presentation/workshop-facilitator-guide.md +47 -0
- package/docs/runbooks/actionlint-workflow-gates.md +80 -0
- package/docs/runbooks/agent-governance.md +131 -0
- package/docs/runbooks/ai-eval-platform-demo-execution-log.md +147 -0
- package/docs/runbooks/ai-eval-platform-demo-script.md +136 -0
- package/docs/runbooks/ai-eval-platform-walkthrough.md +113 -0
- package/docs/runbooks/ai-pr-review-automation.md +56 -0
- package/docs/runbooks/api-breaking-change-gates.md +58 -0
- package/docs/runbooks/api-design-evolution-walkthrough.md +42 -0
- package/docs/runbooks/api-lint-gates.md +57 -0
- package/docs/runbooks/api-mocking-strategy-and-lifecycle-guide.md +47 -0
- package/docs/runbooks/architect-daily-operations.md +63 -0
- package/docs/runbooks/architect-design-conversation-example.md +83 -0
- package/docs/runbooks/artifact-attestation-gates.md +75 -0
- package/docs/runbooks/artifact-persistence.md +257 -0
- package/docs/runbooks/backend-engineer-daily-operations.md +63 -0
- package/docs/runbooks/batch-optimization-completion-checklist.md +104 -0
- package/docs/runbooks/biz-service-designer-end-to-end-conversation-example.md +5 -0
- package/docs/runbooks/biz-service-designer-toolkit.md +5 -0
- package/docs/runbooks/bug-fix-complete-walkthrough.md +60 -0
- package/docs/runbooks/build-failure-recovery-walkthrough.md +40 -0
- package/docs/runbooks/canary-decision-matrix.md +41 -0
- package/docs/runbooks/canary-staging-release-walkthrough.md +46 -0
- package/docs/runbooks/checkov-iac-gates.md +104 -0
- package/docs/runbooks/claude-code-review-workflow.md +72 -0
- package/docs/runbooks/claude-conversation-prompt-recipes.md +132 -0
- package/docs/runbooks/claude-end-to-end-conversation-example.md +198 -0
- package/docs/runbooks/claude-feature-development-guide.md +112 -0
- package/docs/runbooks/claude-quick-start.md +227 -0
- package/docs/runbooks/claude-usage-scenarios.md +176 -0
- package/docs/runbooks/code-review-collaboration-walkthrough.md +65 -0
- package/docs/runbooks/codeql-pr-security-gates.md +64 -0
- package/docs/runbooks/codex-end-to-end-conversation-example.md +166 -0
- package/docs/runbooks/codex-multi-agent-orchestration.md +65 -0
- package/docs/runbooks/codex-parallel-prompt-recipes.md +131 -0
- package/docs/runbooks/codex-quick-start.md +223 -0
- package/docs/runbooks/codex-usage-scenarios.md +168 -0
- package/docs/runbooks/codex-workflow-essentials.md +88 -0
- package/docs/runbooks/command-and-capability-matrix.md +162 -0
- package/docs/runbooks/conftest-policy-gates.md +84 -0
- package/docs/runbooks/consumer-driven-contract-testing-with-mock-alignment.md +45 -0
- package/docs/runbooks/contract-testing-playbook.md +78 -0
- package/docs/runbooks/cosign-signing-gates.md +71 -0
- package/docs/runbooks/cross-role-issue-triage-walkthrough.md +47 -0
- package/docs/runbooks/cursor-quick-start.md +123 -0
- package/docs/runbooks/custom-overlay.md +115 -0
- package/docs/runbooks/data-ml-pipeline-demo-execution-log.md +141 -0
- package/docs/runbooks/data-ml-pipeline-demo-script.md +102 -0
- package/docs/runbooks/data-ml-pipeline-walkthrough.md +119 -0
- package/docs/runbooks/data-observability-quality-demo-execution-log.md +36 -0
- package/docs/runbooks/data-observability-quality-demo-script.md +42 -0
- package/docs/runbooks/data-observability-quality-walkthrough.md +86 -0
- package/docs/runbooks/demo-deliverables-overview.md +278 -0
- package/docs/runbooks/demo-execution-log.md +530 -0
- package/docs/runbooks/demo-scenario.md +129 -0
- package/docs/runbooks/dependency-review-gates.md +63 -0
- package/docs/runbooks/dependency-update-automation.md +83 -0
- package/docs/runbooks/design-md-workflow.md +185 -0
- package/docs/runbooks/devops-engineer-daily-operations.md +60 -0
- package/docs/runbooks/devops-release-conversation-example.md +88 -0
- package/docs/runbooks/doc-architecture-integration.md +59 -0
- package/docs/runbooks/doc-architecture-quick-start.md +122 -0
- package/docs/runbooks/document-execution-audit.md +32 -0
- package/docs/runbooks/documentation-update-walkthrough.md +37 -0
- package/docs/runbooks/ecc-harness-usage.md +93 -0
- package/docs/runbooks/error-experience-usage.md +116 -0
- package/docs/runbooks/evolution-usage.md +162 -0
- package/docs/runbooks/executive-value-one-page.md +55 -0
- package/docs/runbooks/external-capability-approval-and-enablement-workflow.md +39 -0
- package/docs/runbooks/external-capability-intake.md +160 -0
- package/docs/runbooks/first-team-command-60-seconds.md +96 -0
- package/docs/runbooks/first-team-workflow-walkthrough.md +245 -0
- package/docs/runbooks/frontend-backend-integration-acceptance-checklist.md +46 -0
- package/docs/runbooks/frontend-backend-parallel-integration-walkthrough.md +48 -0
- package/docs/runbooks/frontend-bugfix-one-page.md +82 -0
- package/docs/runbooks/frontend-engineer-daily-operations.md +60 -0
- package/docs/runbooks/frontend-enterprise-style-profile.md +5 -0
- package/docs/runbooks/frontend-governance.md +47 -0
- package/docs/runbooks/frontend-refactor-walkthrough.md +42 -0
- package/docs/runbooks/git-pr-workflow.md +63 -0
- package/docs/runbooks/github-actions-supply-chain-demo-execution-log.md +158 -0
- package/docs/runbooks/github-actions-supply-chain-demo-script.md +150 -0
- package/docs/runbooks/github-actions-supply-chain-walkthrough.md +117 -0
- package/docs/runbooks/github-token-permissions-baseline.md +92 -0
- package/docs/runbooks/gitlab-manual-pipeline-release.md +5 -0
- package/docs/runbooks/gitlab-release-integration-playbook.md +5 -0
- package/docs/runbooks/gitnexus-code-intelligence-usage.md +133 -0
- package/docs/runbooks/graphify-knowledge-graph-usage.md +88 -0
- package/docs/runbooks/handoff-filling-guide-with-examples.md +70 -0
- package/docs/runbooks/handoff-governance.md +250 -0
- package/docs/runbooks/helm-unittest-playbook.md +101 -0
- package/docs/runbooks/hotfix-emergency-release-walkthrough.md +60 -0
- package/docs/runbooks/iac-kubernetes-platform-demo-execution-log.md +144 -0
- package/docs/runbooks/iac-kubernetes-platform-demo-script.md +130 -0
- package/docs/runbooks/iac-kubernetes-platform-walkthrough.md +120 -0
- package/docs/runbooks/implementation-onboarding-reading-path.md +67 -0
- package/docs/runbooks/in-toto-attestation-framework.md +94 -0
- package/docs/runbooks/incident-severity-triage-tree.md +43 -0
- package/docs/runbooks/incident-triage-one-page.md +65 -0
- package/docs/runbooks/internal-developer-platform-demo-execution-log.md +36 -0
- package/docs/runbooks/internal-developer-platform-demo-script.md +42 -0
- package/docs/runbooks/internal-developer-platform-walkthrough.md +91 -0
- package/docs/runbooks/karpathy-guidelines-usage.md +27 -0
- package/docs/runbooks/kubeconform-schema-gates.md +100 -0
- package/docs/runbooks/kubectl-server-dry-run-gates.md +103 -0
- package/docs/runbooks/kyverno-policy-gates.md +90 -0
- package/docs/runbooks/langfuse-and-observability-integration-guide.md +43 -0
- package/docs/runbooks/langfuse-coding-trace.md +44 -0
- package/docs/runbooks/mobile-miniapp-delivery-walkthrough.md +112 -0
- package/docs/runbooks/mobile-miniapp-demo-execution-log.md +139 -0
- package/docs/runbooks/mobile-miniapp-demo-script.md +129 -0
- package/docs/runbooks/multi-service-backend-integration-walkthrough.md +61 -0
- package/docs/runbooks/open-design-integration.md +163 -0
- package/docs/runbooks/open-source-release-checklist.md +90 -0
- package/docs/runbooks/opencode-quick-start.md +128 -0
- package/docs/runbooks/parallel-development-coordination-walkthrough.md +47 -0
- package/docs/runbooks/parallel-execution-usage.md +179 -0
- package/docs/runbooks/platform-capability-demo-execution-log.md +184 -0
- package/docs/runbooks/platform-capability-demo-script.md +192 -0
- package/docs/runbooks/plugin-extension-platform-demo-execution-log.md +136 -0
- package/docs/runbooks/plugin-extension-platform-demo-script.md +102 -0
- package/docs/runbooks/plugin-extension-platform-walkthrough.md +111 -0
- package/docs/runbooks/policy-controller-gates.md +75 -0
- package/docs/runbooks/post-rollback-verification-checklist.md +37 -0
- package/docs/runbooks/pre-release-checklist.md +50 -0
- package/docs/runbooks/product-manager-clarification-conversation-example.md +90 -0
- package/docs/runbooks/product-manager-daily-operations.md +60 -0
- package/docs/runbooks/production-incident-response-walkthrough.md +50 -0
- package/docs/runbooks/project-claude-design-rationale.md +188 -0
- package/docs/runbooks/project-manager-daily-operations.md +61 -0
- package/docs/runbooks/project-manager-planning-conversation-example.md +82 -0
- package/docs/runbooks/project-onboarding.md +452 -0
- package/docs/runbooks/qa-engineer-daily-operations.md +63 -0
- package/docs/runbooks/qa-review-conversation-example.md +87 -0
- package/docs/runbooks/release-closure-one-page.md +65 -0
- package/docs/runbooks/release-governance-reading-path.md +56 -0
- package/docs/runbooks/release-notes-automation.md +48 -0
- package/docs/runbooks/release-rollback-recovery-walkthrough.md +47 -0
- package/docs/runbooks/requirement-clarity-and-scope-walkthrough.md +46 -0
- package/docs/runbooks/reviewdog-pr-gates.md +49 -0
- package/docs/runbooks/role-prompt-recipes.md +130 -0
- package/docs/runbooks/rtk-integration-intake.md +45 -0
- package/docs/runbooks/rtk-token-optimization-usage.md +107 -0
- package/docs/runbooks/runner-egress-hardening.md +81 -0
- package/docs/runbooks/runtime-capabilities-overview.md +113 -0
- package/docs/runbooks/sbom-generation-gates.md +71 -0
- package/docs/runbooks/scorecard-supply-chain-gates.md +82 -0
- package/docs/runbooks/secret-scanning-gates.md +85 -0
- package/docs/runbooks/security-compliance-platform-demo-execution-log.md +36 -0
- package/docs/runbooks/security-compliance-platform-demo-script.md +49 -0
- package/docs/runbooks/security-compliance-platform-walkthrough.md +98 -0
- package/docs/runbooks/slsa-generator-patterns.md +73 -0
- package/docs/runbooks/slsa-verification-gates.md +75 -0
- package/docs/runbooks/solo-delivery-mode.md +142 -0
- package/docs/runbooks/solo-delivery-one-page.md +111 -0
- package/docs/runbooks/specialist-commands-playbook.md +85 -0
- package/docs/runbooks/sub-agent-invocation-map.md +144 -0
- package/docs/runbooks/system-architecture-design-walkthrough.md +49 -0
- package/docs/runbooks/team-closeout-example.md +73 -0
- package/docs/runbooks/team-command-output-contracts.md +358 -0
- package/docs/runbooks/team-commands-quick-prompts.md +125 -0
- package/docs/runbooks/team-execute-example.md +63 -0
- package/docs/runbooks/team-handoff-example.md +49 -0
- package/docs/runbooks/team-intake-example.md +70 -0
- package/docs/runbooks/team-plan-example.md +62 -0
- package/docs/runbooks/team-release-example.md +63 -0
- package/docs/runbooks/team-review-example.md +61 -0
- package/docs/runbooks/team-skills-test-run.md +184 -0
- package/docs/runbooks/team-skills-usage.md +336 -0
- package/docs/runbooks/team-training-reading-path.md +64 -0
- package/docs/runbooks/tech-lead-closure-conversation-example.md +78 -0
- package/docs/runbooks/tech-lead-daily-operations.md +67 -0
- package/docs/runbooks/trivy-security-gates.md +79 -0
- package/docs/runbooks/troubleshooting.md +234 -0
- package/docs/runbooks/vertical-scenario-capability-matrix.md +107 -0
- package/docs/runbooks/witness-policy-gates.md +78 -0
- package/docs/runbooks/zizmor-workflow-audits.md +81 -0
- package/manifests/install-components.json +9 -1
- package/manifests/install-modules.json +38 -2
- package/manifests/install-profiles.json +2 -0
- package/package.json +4 -1
- package/scripts/gitnexus-preflight.js +187 -0
- package/scripts/install-apply.js +9 -0
- package/scripts/install-open-design.js +206 -0
- package/scripts/install-plan.js +17 -0
- package/scripts/lib/install/apply.js +31 -0
- package/scripts/lib/install-executor.js +56 -0
- package/scripts/lib/team-skills-data.json +7 -6
- package/scripts/project-progress.js +852 -0
- package/scripts/release-health-summary.js +49 -7
- package/scripts/release.sh +1 -1
- package/scripts/validate-packed-tarball.js +25 -0
- package/scripts/workflow-help.js +3 -3
- package/skills/gitnexus/SKILL.md +60 -0
- package/skills/gitnexus/agents/openai.yaml +4 -0
- package/skills/open-design/SKILL.md +87 -0
- package/skills/open-design/agents/openai.yaml +4 -0
|
@@ -0,0 +1,43 @@
|
|
|
1
|
+
# Decisions Log
|
|
2
|
+
|
|
3
|
+
> 追加策略:每次重大技术决策由主责角色追加,不覆盖历史行。格式:`## YYYY-MM-DD · {标题}`
|
|
4
|
+
|
|
5
|
+
---
|
|
6
|
+
|
|
7
|
+
## 2026-03-31 · Memory Persistence Hook 从被动等待改为主动采集
|
|
8
|
+
|
|
9
|
+
**背景**:原 `session_end.py` 设计依赖 Claude 发送结构化 JSON 结束信号,实际上 Claude 从不发送该信号,导致 hook 永远处于等待状态,经验数据完全不落盘。
|
|
10
|
+
|
|
11
|
+
**决策**:彻底重写 `session_end.py`,改为主动通过 `git log -15` + `docs/memory/` 文件读取的方式采集经验;`session_start.py` 改为双源加载(repo docs/memory/ + ~/.claude/memory/ 经验文件)。
|
|
12
|
+
|
|
13
|
+
**影响**:hook 现在不依赖 Claude 输出行为,在任何 session end 场景下都能落盘。Smoke test 验证:15 commits、61 experience capsules。待确认:session_start payload 中 repo_memory_files_found 是否非空(依赖 docs/memory/ 存在)。
|
|
14
|
+
|
|
15
|
+
---
|
|
16
|
+
|
|
17
|
+
## 2026-03-31 · Observability Trace Skill 归入公共增强层
|
|
18
|
+
|
|
19
|
+
**背景**:通用编码链路追踪能力不绑定特定业务系统,适合作为编码类 skill 的公共增强。
|
|
20
|
+
|
|
21
|
+
**决策**:将这类能力保留在公开增强层,配置给 backend-engineer 和 qa-engineer,而不是作为私有企业扩展的默认依赖。
|
|
22
|
+
|
|
23
|
+
**影响**:公共仓可以保留通用可观测性说明,而不会默认暴露私有企业发布或权限集成。
|
|
24
|
+
|
|
25
|
+
---
|
|
26
|
+
|
|
27
|
+
## 2026-04-01 · 文档架构能力并入 team 主链
|
|
28
|
+
|
|
29
|
+
**背景**:需要将 eags 风格 discovery/modeling/audit 能力与当前 team-skills 体系整合,并避免并行文档目录。
|
|
30
|
+
|
|
31
|
+
**决策**:新增 `skills/doc-architecture`,并将其装配到 tech-lead、architect、backend-engineer、frontend-engineer、qa-engineer、devops-engineer。同步增强 artifact 标准、输出契约与模板字段。
|
|
32
|
+
|
|
33
|
+
**影响**:主链可直接产出并追溯 PRD、Plan、Arch、API、Execute、Test、Release、ADR、Session Summary,不需要新增 team 主命令。
|
|
34
|
+
|
|
35
|
+
---
|
|
36
|
+
|
|
37
|
+
## 2026-04-02 · Internal Workflow and Permission Case Studies Moved Out of Public Memory
|
|
38
|
+
|
|
39
|
+
**背景**:部分记忆条目直接绑定私有流程系统、权限中心和组织专属案例,不适合作为公开仓的默认示例。
|
|
40
|
+
|
|
41
|
+
**决策**:将组织专属案例从公开记忆层移出,只保留公共运行时、文档架构和平台演进相关的决策记录;私有案例转入 `enterprise` overlay 或私有仓。
|
|
42
|
+
|
|
43
|
+
**影响**:公开仓的 `docs/memory/` 更适合外部用户阅读,也不会把私有领域案例误当成公共默认路径。
|
|
@@ -0,0 +1,87 @@
|
|
|
1
|
+
# Lessons Learned
|
|
2
|
+
|
|
3
|
+
> 追加策略:由 qa-engineer 或 devops-engineer 在遇到可复用经验时追加。格式:`## YYYY-MM-DD · {标题}`
|
|
4
|
+
|
|
5
|
+
---
|
|
6
|
+
|
|
7
|
+
## 2026-03-31 · session_end hook 不能依赖 LLM 主动发送结构化数据
|
|
8
|
+
|
|
9
|
+
**场景**:设计 memory persistence hook 时,原方案希望 Claude 在会话结束时输出结构化 JSON 摘要,由 hook 捕获存盘。
|
|
10
|
+
|
|
11
|
+
**问题**:Claude 不会主动向 hook stdin 发送任何结束信号。`while True: line = sys.stdin.readline()` 会永久阻塞,数据永远不落盘。
|
|
12
|
+
|
|
13
|
+
**建议**:session_end hook 应主动采集,而非被动等待。可读 git log、docs/memory/、changelog 等文件作为替代数据源;不依赖 LLM 在特定格式下产出数据。
|
|
14
|
+
|
|
15
|
+
---
|
|
16
|
+
|
|
17
|
+
## 2026-03-31 · _experience.json 文件格式与 SessionSummary dataclass 不兼容
|
|
18
|
+
|
|
19
|
+
**场景**:session_end.py 在同一目录写入 `{id}.json`(SessionSummary)和 `{id}_experience.json`(experience capsules)两类文件。
|
|
20
|
+
|
|
21
|
+
**问题**:`memory_store.py` 的 `load_latest_session_summary` 按日期排序读取所有 `.json` 文件,`_experience.json` 字段不同会导致 dataclass 反序列化失败。
|
|
22
|
+
|
|
23
|
+
**建议**:在 `load_latest_session_summary` 中添加 `if "_experience" in session_file.name: continue` 跳过逻辑;或将两类文件放入不同子目录隔离。
|
|
24
|
+
|
|
25
|
+
---
|
|
26
|
+
|
|
27
|
+
## 2026-03-31 · docs/memory/ 目录必须提前初始化
|
|
28
|
+
|
|
29
|
+
**场景**:session_start.py 重写后从 `docs/memory/project-context.md` 等文件读取上下文,但该目录在项目初始未被创建。
|
|
30
|
+
|
|
31
|
+
**问题**:`repo_memory_files_found: []` — session_start 运行无报错但上下文为空,导致新会话缺少项目感知。
|
|
32
|
+
|
|
33
|
+
**建议**:每个接入项目在首次配置 hooks 后,应立即创建 `docs/memory/project-context.md`、`decisions.md`、`lessons-learned.md` 三个基础文件,哪怕内容只是占位符。可在 `docs/runbooks/project-onboarding.md` 中补充这一步骤。
|
|
34
|
+
|
|
35
|
+
---
|
|
36
|
+
|
|
37
|
+
## 2026-03-31 · validate_library.py(当前等价 `node scripts/validate-library.js`)的 REQUIRED_ECC_SKILLS 必须与目录同步更新
|
|
38
|
+
|
|
39
|
+
**场景**:新增 ecc skill(langfuse-coding-trace、harness-audit)后,历史脚本 `validate_library.py`(当前等价 `node scripts/validate-library.js`)仍只检查旧的 9 个 required skills。
|
|
40
|
+
|
|
41
|
+
**问题**:新 skill 存在但不被验证,脚本 PASS 不代表实际完整性正确。
|
|
42
|
+
|
|
43
|
+
**建议**:每次在 `skills/` 新增 skill 时,同步更新 `scripts/validate-library.js` 中的 `REQUIRED_ECC_SKILLS` 列表;可考虑改为动态读取 `skills/` 自动发现。
|
|
44
|
+
|
|
45
|
+
---
|
|
46
|
+
|
|
47
|
+
## 2026-04-01 · 文档能力整合优先走 artifacts 映射而非新目录
|
|
48
|
+
|
|
49
|
+
**场景**:将外部文档能力并入 team-skills 主链。
|
|
50
|
+
|
|
51
|
+
**问题**:若沿用外部目录习惯(architecture/domains/specs/plans/runbooks),会与现有 artifact 持久化规则冲突,导致事实源分裂。
|
|
52
|
+
|
|
53
|
+
**建议**:统一把 discovery/modeling/audit 内容映射到现有 artifact 文件;新增能力优先通过 shared skill + 输出契约字段扩展落地,不新增并行主命令或并行主目录。
|
|
54
|
+
|
|
55
|
+
---
|
|
56
|
+
|
|
57
|
+
## 2026-04-09 · skills 子目录嵌套会阻止 Claude 自动发现
|
|
58
|
+
|
|
59
|
+
**场景**:skills 按 shared/ecc/company 三层子目录组织(`skills/shared/api-contract`、`skills/ecc/eval-harness`),认为逻辑清晰。
|
|
60
|
+
|
|
61
|
+
**问题**:Claude Code 只自动扫描 `skills/` 根目录下的 SKILL.md,嵌套一层子目录后 skill 不会出现在可用列表中,用户无法直接使用。
|
|
62
|
+
|
|
63
|
+
**建议**:所有 skill 统一平铺到 `skills/` 根目录。分类信息通过 manifest module 和 role.yaml 的 recommended_*_skills 字段表达,不依赖目录层级。
|
|
64
|
+
|
|
65
|
+
---
|
|
66
|
+
|
|
67
|
+
## 2026-04-09 · JSON 文件中的 Unicode 弯引号导致解析歧义
|
|
68
|
+
|
|
69
|
+
**场景**:`roles/architect/role.yaml` 中 outputs 字段包含中文弯引号 `"前端页面"`,Node.js `JSON.parse` 报错 position 422。
|
|
70
|
+
|
|
71
|
+
**问题**:中文弯引号 U+201C/U+201D 在 JSON 字符串内部时,解析器会在遇到 ASCII `"` 时错误地判断字符串终止位置。
|
|
72
|
+
|
|
73
|
+
**建议**:JSON 文件内的中文引号统一使用 `「」` 或反斜杠转义。CI 可加一条 pre-commit 检查,检测 .yaml/.json 中的 U+201C/U+201D。
|
|
74
|
+
|
|
75
|
+
---
|
|
76
|
+
|
|
77
|
+
## 2026-04-09 · 批量路径替换后验证脚本需单独修复
|
|
78
|
+
|
|
79
|
+
**场景**:sed 全局替换了 `skills/shared/` → `skills/`,文档和配置文件正确,但验证脚本内部 `path.join(root, "skills", "shared", skill)` 硬编码路径未被替换。
|
|
80
|
+
|
|
81
|
+
**问题**:验证脚本通过 string concat 拼路径,sed 替换 markdown/JSON 中的字符串引用时不会命中 JS/Python 代码中的路径拼接。
|
|
82
|
+
|
|
83
|
+
**建议**:路径替换后,必须单独 grep 验证脚本中的硬编码子目录名(如 `"shared"`、`"ecc"`、`"company"`),并运行验证脚本确认。
|
|
84
|
+
|
|
85
|
+
## 2026-04-17 - BMAD Source Adoption v2.2 closeout
|
|
86
|
+
|
|
87
|
+
Closeout readiness for /team-closeout depends on complete artifacts (prd, delivery-plan, handoff, execute/review/release docs). When continuing from mid-stream work, run a gate completeness check early to avoid end-stage backfill.
|
|
@@ -0,0 +1,265 @@
|
|
|
1
|
+
# Python Remnants Audit
|
|
2
|
+
|
|
3
|
+
**Date:** 2026-04-03
|
|
4
|
+
**Scope:** `/scripts` remaining `.py` files after the JS-first migration waves
|
|
5
|
+
**Goal:** classify every remaining Python file into one of three buckets:
|
|
6
|
+
|
|
7
|
+
- keep as compatibility shim
|
|
8
|
+
- migrate next to JS
|
|
9
|
+
- retire/delete
|
|
10
|
+
|
|
11
|
+
> Historical snapshot: this audit captures Python remnants at that date.
|
|
12
|
+
> Current command equivalents for referenced core scripts:
|
|
13
|
+
> `scripts/build_platform_artifacts.py` -> `scripts/build-platform-artifacts.js`
|
|
14
|
+
> `scripts/validate_library.py` -> `scripts/validate-library.js`
|
|
15
|
+
|
|
16
|
+
## Executive Summary
|
|
17
|
+
|
|
18
|
+
The repository is **not yet Python-free**.
|
|
19
|
+
|
|
20
|
+
The current state is:
|
|
21
|
+
|
|
22
|
+
- the main operational path is already JS-first
|
|
23
|
+
- several Python files remain intentionally as compatibility shims for tests and legacy entrypoints
|
|
24
|
+
- a smaller set of Python files are still real implementations and should be considered the next migration targets
|
|
25
|
+
- a final set are one-off maintenance/debug utilities and should be retired rather than migrated unless there is a live owner for them
|
|
26
|
+
|
|
27
|
+
## Classification Rules
|
|
28
|
+
|
|
29
|
+
### A. Keep as Compatibility Shim
|
|
30
|
+
|
|
31
|
+
Use this bucket only when all of the following are true:
|
|
32
|
+
|
|
33
|
+
1. there is already a JS primary implementation
|
|
34
|
+
2. Python is still imported by tests, hooks, or legacy operators
|
|
35
|
+
3. removing the Python file now would create unnecessary churn
|
|
36
|
+
|
|
37
|
+
### B. Migrate Next to JS
|
|
38
|
+
|
|
39
|
+
Use this bucket when:
|
|
40
|
+
|
|
41
|
+
1. the Python file is still a real implementation
|
|
42
|
+
2. it belongs to an actively used path
|
|
43
|
+
3. the repository would be simpler if it moved into the Node toolchain
|
|
44
|
+
|
|
45
|
+
### C. Retire/Delete
|
|
46
|
+
|
|
47
|
+
Use this bucket when:
|
|
48
|
+
|
|
49
|
+
1. the file is a one-off migration/debug utility
|
|
50
|
+
2. it is not on the supported operational path
|
|
51
|
+
3. it has no active owner or runbook dependency
|
|
52
|
+
|
|
53
|
+
## Current Inventory
|
|
54
|
+
|
|
55
|
+
Remaining Python files under `/scripts`:
|
|
56
|
+
|
|
57
|
+
- `scripts/__init__.py`
|
|
58
|
+
- `scripts/_inspect_project_session.py`
|
|
59
|
+
- `scripts/_migrate_agent_governance.py`
|
|
60
|
+
- `scripts/_register_audit_hooks.py`
|
|
61
|
+
- `scripts/_ruoyi_audit_live.py`
|
|
62
|
+
- `scripts/_ruoyi_detail.py`
|
|
63
|
+
- `scripts/build_platform_artifacts.py`
|
|
64
|
+
- `scripts/hooks/__init__.py`
|
|
65
|
+
- `scripts/hooks/insaits-security-monitor.py`
|
|
66
|
+
- `scripts/hooks/mcp_health_check.py`
|
|
67
|
+
- `scripts/hooks/observe.py`
|
|
68
|
+
- `scripts/hooks/session_end.py`
|
|
69
|
+
- `scripts/hooks/session_start.py`
|
|
70
|
+
- `scripts/install_platform.py`
|
|
71
|
+
- `scripts/langfuse_trace.py`
|
|
72
|
+
- `scripts/lib/audit_logger.py`
|
|
73
|
+
- `scripts/lib/audit_query.py`
|
|
74
|
+
- `scripts/lib/hook_contract.py`
|
|
75
|
+
- `scripts/lib/memory_store.py`
|
|
76
|
+
- `scripts/lib/utils.py`
|
|
77
|
+
- `scripts/query_audit_logs.py`
|
|
78
|
+
- `scripts/run_e2e_test.py`
|
|
79
|
+
- `scripts/scan_leaked_keys.py`
|
|
80
|
+
- `scripts/team_skills_platform.py`
|
|
81
|
+
- `scripts/trigger_gitlab_pipeline.py`
|
|
82
|
+
- `scripts/validate_library.py`
|
|
83
|
+
- `scripts/validate_workflow_state.py`
|
|
84
|
+
|
|
85
|
+
## Bucket 1: Keep as Compatibility Shim
|
|
86
|
+
|
|
87
|
+
These files already have a JS-first runtime path and should remain temporarily as thin Python compatibility surfaces:
|
|
88
|
+
|
|
89
|
+
- `scripts/build_platform_artifacts.py`
|
|
90
|
+
- `scripts/install_platform.py`
|
|
91
|
+
- `scripts/langfuse_trace.py`
|
|
92
|
+
- `scripts/query_audit_logs.py`
|
|
93
|
+
- `scripts/scan_leaked_keys.py`
|
|
94
|
+
- `scripts/validate_library.py`
|
|
95
|
+
- `scripts/validate_workflow_state.py`
|
|
96
|
+
|
|
97
|
+
### Why
|
|
98
|
+
|
|
99
|
+
- they preserve old commands such as `python3 scripts/<name>.py`
|
|
100
|
+
- they protect existing imports in tests and legacy operator habits
|
|
101
|
+
- the real implementation now lives in JS
|
|
102
|
+
|
|
103
|
+
### Exit Criteria For Deletion
|
|
104
|
+
|
|
105
|
+
These shims can be removed only after:
|
|
106
|
+
|
|
107
|
+
1. docs no longer point to the Python entrypoints
|
|
108
|
+
2. tests no longer import these Python modules directly
|
|
109
|
+
3. shell and PowerShell wrappers are fully JS-native
|
|
110
|
+
4. at least one cleanup cycle confirms no active operators still rely on Python invocation
|
|
111
|
+
|
|
112
|
+
## Bucket 2: Keep as Python Compatibility Support For Now
|
|
113
|
+
|
|
114
|
+
These files are not the canonical runtime anymore, but they still provide compatibility for current tests and hook behavior:
|
|
115
|
+
|
|
116
|
+
- `scripts/hooks/mcp_health_check.py`
|
|
117
|
+
- `scripts/hooks/observe.py`
|
|
118
|
+
- `scripts/hooks/session_end.py`
|
|
119
|
+
- `scripts/hooks/session_start.py`
|
|
120
|
+
- `scripts/lib/audit_logger.py`
|
|
121
|
+
- `scripts/lib/audit_query.py`
|
|
122
|
+
- `scripts/lib/hook_contract.py`
|
|
123
|
+
- `scripts/lib/memory_store.py`
|
|
124
|
+
- `scripts/lib/utils.py`
|
|
125
|
+
|
|
126
|
+
### Why
|
|
127
|
+
|
|
128
|
+
- the current test suite imports these Python modules directly
|
|
129
|
+
- they provide a stable bridge while the repository transitions from Python hook semantics to JS hook semantics
|
|
130
|
+
- deleting them now would force a wider hook/test refactor than the main migration required
|
|
131
|
+
|
|
132
|
+
### Recommendation
|
|
133
|
+
|
|
134
|
+
Do **not** migrate these in the next wave by default.
|
|
135
|
+
|
|
136
|
+
Instead choose one of two intentional end states:
|
|
137
|
+
|
|
138
|
+
1. keep them as a supported Python compatibility layer for legacy hook/tests
|
|
139
|
+
2. run a dedicated “hook/test runtime unification” project, then delete them together
|
|
140
|
+
|
|
141
|
+
### Warning
|
|
142
|
+
|
|
143
|
+
Migrating these one-by-one is the wrong shape of work. They are tightly coupled and should be handled as a single compatibility-surface decision.
|
|
144
|
+
|
|
145
|
+
## Bucket 3: Migrate Next to JS
|
|
146
|
+
|
|
147
|
+
These are the remaining Python files that still represent real implementation value and should be the next migration candidates.
|
|
148
|
+
|
|
149
|
+
### High Priority
|
|
150
|
+
|
|
151
|
+
- `scripts/team_skills_platform.py`
|
|
152
|
+
- `scripts/trigger_gitlab_pipeline.py`
|
|
153
|
+
|
|
154
|
+
### Medium Priority
|
|
155
|
+
|
|
156
|
+
- `scripts/run_e2e_test.py` only if we decide to keep a standalone script surface
|
|
157
|
+
|
|
158
|
+
### Why
|
|
159
|
+
|
|
160
|
+
#### `scripts/team_skills_platform.py`
|
|
161
|
+
|
|
162
|
+
- still contains the legacy Python source of truth for platform constants and generation logic
|
|
163
|
+
- even though JS generation now exists, leaving this as a large Python implementation keeps conceptual duplication alive
|
|
164
|
+
- this is the biggest remaining architectural inconsistency
|
|
165
|
+
|
|
166
|
+
#### `scripts/trigger_gitlab_pipeline.py`
|
|
167
|
+
|
|
168
|
+
- still performs real external automation work
|
|
169
|
+
- belongs on the same Node operational surface as the rest of the script toolchain
|
|
170
|
+
|
|
171
|
+
#### `scripts/run_e2e_test.py`
|
|
172
|
+
|
|
173
|
+
- duplicates what the repository now handles through standard test entrypoints
|
|
174
|
+
- is not part of the normal build / validate / install path
|
|
175
|
+
- should be retired unless a real operator still depends on it
|
|
176
|
+
|
|
177
|
+
## Bucket 4: Retire/Delete Instead of Migrating
|
|
178
|
+
|
|
179
|
+
These look like one-off maintenance, audit, or local debugging tools and should not be migrated unless a current owner explicitly claims them.
|
|
180
|
+
|
|
181
|
+
- `scripts/_inspect_project_session.py`
|
|
182
|
+
- `scripts/_migrate_agent_governance.py`
|
|
183
|
+
- `scripts/_register_audit_hooks.py`
|
|
184
|
+
- `scripts/_ruoyi_audit_live.py`
|
|
185
|
+
- `scripts/_ruoyi_detail.py`
|
|
186
|
+
- `scripts/run_e2e_test.py`
|
|
187
|
+
|
|
188
|
+
### Why
|
|
189
|
+
|
|
190
|
+
- they are prefixed like internal maintenance tools
|
|
191
|
+
- they are not part of the supported installation/build/validate path
|
|
192
|
+
- migrating them to JS would create more surface area, not less
|
|
193
|
+
|
|
194
|
+
### Default Action
|
|
195
|
+
|
|
196
|
+
1. confirm no runbook depends on them
|
|
197
|
+
2. move them to an archive or delete them
|
|
198
|
+
3. if retained, label them clearly as internal legacy utilities
|
|
199
|
+
|
|
200
|
+
## Bucket 5: Structural Python Files That Are Fine To Keep
|
|
201
|
+
|
|
202
|
+
These are packaging markers, not meaningful migration targets:
|
|
203
|
+
|
|
204
|
+
- `scripts/__init__.py`
|
|
205
|
+
- `scripts/hooks/__init__.py`
|
|
206
|
+
|
|
207
|
+
## Explicit Python Exception
|
|
208
|
+
|
|
209
|
+
`scripts/hooks/insaits-security-monitor.py` is now treated as an **explicit supported Python exception**.
|
|
210
|
+
|
|
211
|
+
### Why
|
|
212
|
+
|
|
213
|
+
- it is a third-party SDK-facing hook, not core platform generation logic
|
|
214
|
+
- the active integration surface is already JS-first through `scripts/hooks/insaits-security-wrapper.js`
|
|
215
|
+
- forcing an immediate port would couple this migration to the external InsAIts Python SDK behavior
|
|
216
|
+
|
|
217
|
+
### Required Guardrails
|
|
218
|
+
|
|
219
|
+
1. keep the JS wrapper as the canonical entrypoint
|
|
220
|
+
2. document clearly that the monitor is a Python implementation behind a JS wrapper
|
|
221
|
+
3. do not expand Python usage from this hook into the rest of the platform
|
|
222
|
+
|
|
223
|
+
### Recommendation
|
|
224
|
+
|
|
225
|
+
Ignore them until the Python compatibility layer is fully retired. At that point they can disappear with the rest of the Python package surface.
|
|
226
|
+
|
|
227
|
+
## Recommended Next Wave
|
|
228
|
+
|
|
229
|
+
If the goal is to reduce Python without destabilizing the repository, the next wave should be:
|
|
230
|
+
|
|
231
|
+
1. migrate `scripts/team_skills_platform.py`
|
|
232
|
+
2. migrate `scripts/trigger_gitlab_pipeline.py`
|
|
233
|
+
3. retire `scripts/run_e2e_test.py` unless an owner claims it
|
|
234
|
+
4. keep `scripts/hooks/insaits-security-monitor.py` as a documented Python exception behind the JS wrapper
|
|
235
|
+
5. explicitly defer the Python hook/lib compatibility layer until a dedicated cleanup pass
|
|
236
|
+
|
|
237
|
+
## Non-Goals For The Next Wave
|
|
238
|
+
|
|
239
|
+
The next wave should **not** try to:
|
|
240
|
+
|
|
241
|
+
- delete all Python immediately
|
|
242
|
+
- rewrite test imports and hook compatibility at the same time as generator migration
|
|
243
|
+
- migrate one-off `_*.py` utilities without confirming they are still needed
|
|
244
|
+
|
|
245
|
+
## Decision Table
|
|
246
|
+
|
|
247
|
+
| File Group | Status | Recommended Action |
|
|
248
|
+
|---|---|---|
|
|
249
|
+
| JS-backed entrypoint shims | acceptable temporary state | keep until callers are cleaned up |
|
|
250
|
+
| Python hook/lib compatibility layer | intentional technical debt | defer to dedicated hook/test cleanup |
|
|
251
|
+
| `team_skills_platform.py` | unresolved core duplication | migrate next |
|
|
252
|
+
| `trigger_gitlab_pipeline.py` | unresolved operational Python | migrate next |
|
|
253
|
+
| `run_e2e_test.py` | no longer justified on main path | retire unless reclaimed |
|
|
254
|
+
| `hooks/insaits-security-monitor.py` | explicit third-party exception | keep behind JS wrapper |
|
|
255
|
+
| `_*.py` maintenance scripts | likely dead weight | retire/delete unless owned |
|
|
256
|
+
|
|
257
|
+
## Suggested Acceptance Criteria For “Python Mostly Cleared”
|
|
258
|
+
|
|
259
|
+
We should only claim the repository is effectively JS-first when:
|
|
260
|
+
|
|
261
|
+
1. all active operational scripts use JS as the primary implementation
|
|
262
|
+
2. the only remaining Python files are either:
|
|
263
|
+
- compatibility shims, or
|
|
264
|
+
- explicitly documented exceptions
|
|
265
|
+
3. every remaining Python file has an owner and a stated reason to exist
|