@colin4k1024/tsp 2.4.0 → 2.4.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (230) hide show
  1. package/README.md +87 -4
  2. package/bin/lib/post-install-bridge.js +2 -2
  3. package/bin/tsp-create.js +11 -11
  4. package/commands/team-help.md +2 -2
  5. package/commands/team-plan.md +1 -1
  6. package/commands/update-codemaps.md +3 -2
  7. package/docs/.vitepress/config.mts +199 -0
  8. package/docs/adr/ADR-001-doc-architecture-integration.md +33 -0
  9. package/docs/guides/README.md +5 -0
  10. package/docs/guides/installation.md +33 -0
  11. package/docs/guides/user-guide.md +36 -0
  12. package/docs/index.md +65 -0
  13. package/docs/memory/backlog.md +10 -0
  14. package/docs/memory/decisions.md +43 -0
  15. package/docs/memory/lessons-learned.md +87 -0
  16. package/docs/plans/2026-04-03-python-remnants-audit.md +265 -0
  17. package/docs/plans/2026-04-03-scripts-python-to-js-migration.md +372 -0
  18. package/docs/plans/2026-04-03-solo-delivery-execution-checklist.md +413 -0
  19. package/docs/plans/2026-04-03-solo-delivery-gap-plan.md +377 -0
  20. package/docs/plans/2026-04-03-team-skills-workflow-gates.md +548 -0
  21. package/docs/plans/2026-04-21-open-source-readiness-gap-plan.md +217 -0
  22. package/docs/plans/llm-surface-reduction-audit.md +147 -0
  23. package/docs/plans/llm-surface-reduction-execution-checklist.md +217 -0
  24. package/docs/plans/llm-surface-reduction-execution-history.md +124 -0
  25. package/docs/plans/team-skills-platform-migration.md +54 -0
  26. package/docs/presentation/README.md +42 -0
  27. package/docs/presentation/audience-presentation-route-map.md +84 -0
  28. package/docs/presentation/executive-briefing-talk-track.md +50 -0
  29. package/docs/presentation/generate_capability_matrix.py +396 -0
  30. package/docs/presentation/generate_ppt.py +354 -0
  31. package/docs/presentation/implementation-onboarding-brief.md +38 -0
  32. package/docs/presentation/presentation-talk-track.md +97 -0
  33. package/docs/presentation/vertical-scenario-route-map.md +99 -0
  34. package/docs/presentation/workshop-facilitator-guide.md +47 -0
  35. package/docs/runbooks/actionlint-workflow-gates.md +80 -0
  36. package/docs/runbooks/agent-governance.md +131 -0
  37. package/docs/runbooks/ai-eval-platform-demo-execution-log.md +147 -0
  38. package/docs/runbooks/ai-eval-platform-demo-script.md +136 -0
  39. package/docs/runbooks/ai-eval-platform-walkthrough.md +113 -0
  40. package/docs/runbooks/ai-pr-review-automation.md +56 -0
  41. package/docs/runbooks/api-breaking-change-gates.md +58 -0
  42. package/docs/runbooks/api-design-evolution-walkthrough.md +42 -0
  43. package/docs/runbooks/api-lint-gates.md +57 -0
  44. package/docs/runbooks/api-mocking-strategy-and-lifecycle-guide.md +47 -0
  45. package/docs/runbooks/architect-daily-operations.md +63 -0
  46. package/docs/runbooks/architect-design-conversation-example.md +83 -0
  47. package/docs/runbooks/artifact-attestation-gates.md +75 -0
  48. package/docs/runbooks/artifact-persistence.md +257 -0
  49. package/docs/runbooks/backend-engineer-daily-operations.md +63 -0
  50. package/docs/runbooks/batch-optimization-completion-checklist.md +104 -0
  51. package/docs/runbooks/biz-service-designer-end-to-end-conversation-example.md +5 -0
  52. package/docs/runbooks/biz-service-designer-toolkit.md +5 -0
  53. package/docs/runbooks/bug-fix-complete-walkthrough.md +60 -0
  54. package/docs/runbooks/build-failure-recovery-walkthrough.md +40 -0
  55. package/docs/runbooks/canary-decision-matrix.md +41 -0
  56. package/docs/runbooks/canary-staging-release-walkthrough.md +46 -0
  57. package/docs/runbooks/checkov-iac-gates.md +104 -0
  58. package/docs/runbooks/claude-code-review-workflow.md +72 -0
  59. package/docs/runbooks/claude-conversation-prompt-recipes.md +132 -0
  60. package/docs/runbooks/claude-end-to-end-conversation-example.md +198 -0
  61. package/docs/runbooks/claude-feature-development-guide.md +112 -0
  62. package/docs/runbooks/claude-quick-start.md +227 -0
  63. package/docs/runbooks/claude-usage-scenarios.md +176 -0
  64. package/docs/runbooks/code-review-collaboration-walkthrough.md +65 -0
  65. package/docs/runbooks/codeql-pr-security-gates.md +64 -0
  66. package/docs/runbooks/codex-end-to-end-conversation-example.md +166 -0
  67. package/docs/runbooks/codex-multi-agent-orchestration.md +65 -0
  68. package/docs/runbooks/codex-parallel-prompt-recipes.md +131 -0
  69. package/docs/runbooks/codex-quick-start.md +223 -0
  70. package/docs/runbooks/codex-usage-scenarios.md +168 -0
  71. package/docs/runbooks/codex-workflow-essentials.md +88 -0
  72. package/docs/runbooks/command-and-capability-matrix.md +162 -0
  73. package/docs/runbooks/conftest-policy-gates.md +84 -0
  74. package/docs/runbooks/consumer-driven-contract-testing-with-mock-alignment.md +45 -0
  75. package/docs/runbooks/contract-testing-playbook.md +78 -0
  76. package/docs/runbooks/cosign-signing-gates.md +71 -0
  77. package/docs/runbooks/cross-role-issue-triage-walkthrough.md +47 -0
  78. package/docs/runbooks/cursor-quick-start.md +123 -0
  79. package/docs/runbooks/custom-overlay.md +115 -0
  80. package/docs/runbooks/data-ml-pipeline-demo-execution-log.md +141 -0
  81. package/docs/runbooks/data-ml-pipeline-demo-script.md +102 -0
  82. package/docs/runbooks/data-ml-pipeline-walkthrough.md +119 -0
  83. package/docs/runbooks/data-observability-quality-demo-execution-log.md +36 -0
  84. package/docs/runbooks/data-observability-quality-demo-script.md +42 -0
  85. package/docs/runbooks/data-observability-quality-walkthrough.md +86 -0
  86. package/docs/runbooks/demo-deliverables-overview.md +278 -0
  87. package/docs/runbooks/demo-execution-log.md +530 -0
  88. package/docs/runbooks/demo-scenario.md +129 -0
  89. package/docs/runbooks/dependency-review-gates.md +63 -0
  90. package/docs/runbooks/dependency-update-automation.md +83 -0
  91. package/docs/runbooks/design-md-workflow.md +185 -0
  92. package/docs/runbooks/devops-engineer-daily-operations.md +60 -0
  93. package/docs/runbooks/devops-release-conversation-example.md +88 -0
  94. package/docs/runbooks/doc-architecture-integration.md +59 -0
  95. package/docs/runbooks/doc-architecture-quick-start.md +122 -0
  96. package/docs/runbooks/document-execution-audit.md +32 -0
  97. package/docs/runbooks/documentation-update-walkthrough.md +37 -0
  98. package/docs/runbooks/ecc-harness-usage.md +93 -0
  99. package/docs/runbooks/error-experience-usage.md +116 -0
  100. package/docs/runbooks/evolution-usage.md +162 -0
  101. package/docs/runbooks/executive-value-one-page.md +55 -0
  102. package/docs/runbooks/external-capability-approval-and-enablement-workflow.md +39 -0
  103. package/docs/runbooks/external-capability-intake.md +160 -0
  104. package/docs/runbooks/first-team-command-60-seconds.md +96 -0
  105. package/docs/runbooks/first-team-workflow-walkthrough.md +245 -0
  106. package/docs/runbooks/frontend-backend-integration-acceptance-checklist.md +46 -0
  107. package/docs/runbooks/frontend-backend-parallel-integration-walkthrough.md +48 -0
  108. package/docs/runbooks/frontend-bugfix-one-page.md +82 -0
  109. package/docs/runbooks/frontend-engineer-daily-operations.md +60 -0
  110. package/docs/runbooks/frontend-enterprise-style-profile.md +5 -0
  111. package/docs/runbooks/frontend-governance.md +47 -0
  112. package/docs/runbooks/frontend-refactor-walkthrough.md +42 -0
  113. package/docs/runbooks/git-pr-workflow.md +63 -0
  114. package/docs/runbooks/github-actions-supply-chain-demo-execution-log.md +158 -0
  115. package/docs/runbooks/github-actions-supply-chain-demo-script.md +150 -0
  116. package/docs/runbooks/github-actions-supply-chain-walkthrough.md +117 -0
  117. package/docs/runbooks/github-token-permissions-baseline.md +92 -0
  118. package/docs/runbooks/gitlab-manual-pipeline-release.md +5 -0
  119. package/docs/runbooks/gitlab-release-integration-playbook.md +5 -0
  120. package/docs/runbooks/gitnexus-code-intelligence-usage.md +133 -0
  121. package/docs/runbooks/graphify-knowledge-graph-usage.md +88 -0
  122. package/docs/runbooks/handoff-filling-guide-with-examples.md +70 -0
  123. package/docs/runbooks/handoff-governance.md +250 -0
  124. package/docs/runbooks/helm-unittest-playbook.md +101 -0
  125. package/docs/runbooks/hotfix-emergency-release-walkthrough.md +60 -0
  126. package/docs/runbooks/iac-kubernetes-platform-demo-execution-log.md +144 -0
  127. package/docs/runbooks/iac-kubernetes-platform-demo-script.md +130 -0
  128. package/docs/runbooks/iac-kubernetes-platform-walkthrough.md +120 -0
  129. package/docs/runbooks/implementation-onboarding-reading-path.md +67 -0
  130. package/docs/runbooks/in-toto-attestation-framework.md +94 -0
  131. package/docs/runbooks/incident-severity-triage-tree.md +43 -0
  132. package/docs/runbooks/incident-triage-one-page.md +65 -0
  133. package/docs/runbooks/internal-developer-platform-demo-execution-log.md +36 -0
  134. package/docs/runbooks/internal-developer-platform-demo-script.md +42 -0
  135. package/docs/runbooks/internal-developer-platform-walkthrough.md +91 -0
  136. package/docs/runbooks/karpathy-guidelines-usage.md +27 -0
  137. package/docs/runbooks/kubeconform-schema-gates.md +100 -0
  138. package/docs/runbooks/kubectl-server-dry-run-gates.md +103 -0
  139. package/docs/runbooks/kyverno-policy-gates.md +90 -0
  140. package/docs/runbooks/langfuse-and-observability-integration-guide.md +43 -0
  141. package/docs/runbooks/langfuse-coding-trace.md +44 -0
  142. package/docs/runbooks/mobile-miniapp-delivery-walkthrough.md +112 -0
  143. package/docs/runbooks/mobile-miniapp-demo-execution-log.md +139 -0
  144. package/docs/runbooks/mobile-miniapp-demo-script.md +129 -0
  145. package/docs/runbooks/multi-service-backend-integration-walkthrough.md +61 -0
  146. package/docs/runbooks/open-design-integration.md +163 -0
  147. package/docs/runbooks/open-source-release-checklist.md +90 -0
  148. package/docs/runbooks/opencode-quick-start.md +128 -0
  149. package/docs/runbooks/parallel-development-coordination-walkthrough.md +47 -0
  150. package/docs/runbooks/parallel-execution-usage.md +179 -0
  151. package/docs/runbooks/platform-capability-demo-execution-log.md +184 -0
  152. package/docs/runbooks/platform-capability-demo-script.md +192 -0
  153. package/docs/runbooks/plugin-extension-platform-demo-execution-log.md +136 -0
  154. package/docs/runbooks/plugin-extension-platform-demo-script.md +102 -0
  155. package/docs/runbooks/plugin-extension-platform-walkthrough.md +111 -0
  156. package/docs/runbooks/policy-controller-gates.md +75 -0
  157. package/docs/runbooks/post-rollback-verification-checklist.md +37 -0
  158. package/docs/runbooks/pre-release-checklist.md +50 -0
  159. package/docs/runbooks/product-manager-clarification-conversation-example.md +90 -0
  160. package/docs/runbooks/product-manager-daily-operations.md +60 -0
  161. package/docs/runbooks/production-incident-response-walkthrough.md +50 -0
  162. package/docs/runbooks/project-claude-design-rationale.md +188 -0
  163. package/docs/runbooks/project-manager-daily-operations.md +61 -0
  164. package/docs/runbooks/project-manager-planning-conversation-example.md +82 -0
  165. package/docs/runbooks/project-onboarding.md +452 -0
  166. package/docs/runbooks/qa-engineer-daily-operations.md +63 -0
  167. package/docs/runbooks/qa-review-conversation-example.md +87 -0
  168. package/docs/runbooks/release-closure-one-page.md +65 -0
  169. package/docs/runbooks/release-governance-reading-path.md +56 -0
  170. package/docs/runbooks/release-notes-automation.md +48 -0
  171. package/docs/runbooks/release-rollback-recovery-walkthrough.md +47 -0
  172. package/docs/runbooks/requirement-clarity-and-scope-walkthrough.md +46 -0
  173. package/docs/runbooks/reviewdog-pr-gates.md +49 -0
  174. package/docs/runbooks/role-prompt-recipes.md +130 -0
  175. package/docs/runbooks/rtk-integration-intake.md +45 -0
  176. package/docs/runbooks/rtk-token-optimization-usage.md +107 -0
  177. package/docs/runbooks/runner-egress-hardening.md +81 -0
  178. package/docs/runbooks/runtime-capabilities-overview.md +113 -0
  179. package/docs/runbooks/sbom-generation-gates.md +71 -0
  180. package/docs/runbooks/scorecard-supply-chain-gates.md +82 -0
  181. package/docs/runbooks/secret-scanning-gates.md +85 -0
  182. package/docs/runbooks/security-compliance-platform-demo-execution-log.md +36 -0
  183. package/docs/runbooks/security-compliance-platform-demo-script.md +49 -0
  184. package/docs/runbooks/security-compliance-platform-walkthrough.md +98 -0
  185. package/docs/runbooks/slsa-generator-patterns.md +73 -0
  186. package/docs/runbooks/slsa-verification-gates.md +75 -0
  187. package/docs/runbooks/solo-delivery-mode.md +142 -0
  188. package/docs/runbooks/solo-delivery-one-page.md +111 -0
  189. package/docs/runbooks/specialist-commands-playbook.md +85 -0
  190. package/docs/runbooks/sub-agent-invocation-map.md +144 -0
  191. package/docs/runbooks/system-architecture-design-walkthrough.md +49 -0
  192. package/docs/runbooks/team-closeout-example.md +73 -0
  193. package/docs/runbooks/team-command-output-contracts.md +358 -0
  194. package/docs/runbooks/team-commands-quick-prompts.md +125 -0
  195. package/docs/runbooks/team-execute-example.md +63 -0
  196. package/docs/runbooks/team-handoff-example.md +49 -0
  197. package/docs/runbooks/team-intake-example.md +70 -0
  198. package/docs/runbooks/team-plan-example.md +62 -0
  199. package/docs/runbooks/team-release-example.md +63 -0
  200. package/docs/runbooks/team-review-example.md +61 -0
  201. package/docs/runbooks/team-skills-test-run.md +184 -0
  202. package/docs/runbooks/team-skills-usage.md +336 -0
  203. package/docs/runbooks/team-training-reading-path.md +64 -0
  204. package/docs/runbooks/tech-lead-closure-conversation-example.md +78 -0
  205. package/docs/runbooks/tech-lead-daily-operations.md +67 -0
  206. package/docs/runbooks/trivy-security-gates.md +79 -0
  207. package/docs/runbooks/troubleshooting.md +234 -0
  208. package/docs/runbooks/vertical-scenario-capability-matrix.md +107 -0
  209. package/docs/runbooks/witness-policy-gates.md +78 -0
  210. package/docs/runbooks/zizmor-workflow-audits.md +81 -0
  211. package/manifests/install-components.json +9 -1
  212. package/manifests/install-modules.json +38 -2
  213. package/manifests/install-profiles.json +2 -0
  214. package/package.json +4 -1
  215. package/scripts/gitnexus-preflight.js +187 -0
  216. package/scripts/install-apply.js +9 -0
  217. package/scripts/install-open-design.js +206 -0
  218. package/scripts/install-plan.js +17 -0
  219. package/scripts/lib/install/apply.js +31 -0
  220. package/scripts/lib/install-executor.js +56 -0
  221. package/scripts/lib/team-skills-data.json +7 -6
  222. package/scripts/project-progress.js +852 -0
  223. package/scripts/release-health-summary.js +49 -7
  224. package/scripts/release.sh +1 -1
  225. package/scripts/validate-packed-tarball.js +25 -0
  226. package/scripts/workflow-help.js +3 -3
  227. package/skills/gitnexus/SKILL.md +60 -0
  228. package/skills/gitnexus/agents/openai.yaml +4 -0
  229. package/skills/open-design/SKILL.md +87 -0
  230. package/skills/open-design/agents/openai.yaml +4 -0
@@ -0,0 +1,43 @@
1
+ # Decisions Log
2
+
3
+ > 追加策略:每次重大技术决策由主责角色追加,不覆盖历史行。格式:`## YYYY-MM-DD · {标题}`
4
+
5
+ ---
6
+
7
+ ## 2026-03-31 · Memory Persistence Hook 从被动等待改为主动采集
8
+
9
+ **背景**:原 `session_end.py` 设计依赖 Claude 发送结构化 JSON 结束信号,实际上 Claude 从不发送该信号,导致 hook 永远处于等待状态,经验数据完全不落盘。
10
+
11
+ **决策**:彻底重写 `session_end.py`,改为主动通过 `git log -15` + `docs/memory/` 文件读取的方式采集经验;`session_start.py` 改为双源加载(repo docs/memory/ + ~/.claude/memory/ 经验文件)。
12
+
13
+ **影响**:hook 现在不依赖 Claude 输出行为,在任何 session end 场景下都能落盘。Smoke test 验证:15 commits、61 experience capsules。待确认:session_start payload 中 repo_memory_files_found 是否非空(依赖 docs/memory/ 存在)。
14
+
15
+ ---
16
+
17
+ ## 2026-03-31 · Observability Trace Skill 归入公共增强层
18
+
19
+ **背景**:通用编码链路追踪能力不绑定特定业务系统,适合作为编码类 skill 的公共增强。
20
+
21
+ **决策**:将这类能力保留在公开增强层,配置给 backend-engineer 和 qa-engineer,而不是作为私有企业扩展的默认依赖。
22
+
23
+ **影响**:公共仓可以保留通用可观测性说明,而不会默认暴露私有企业发布或权限集成。
24
+
25
+ ---
26
+
27
+ ## 2026-04-01 · 文档架构能力并入 team 主链
28
+
29
+ **背景**:需要将 eags 风格 discovery/modeling/audit 能力与当前 team-skills 体系整合,并避免并行文档目录。
30
+
31
+ **决策**:新增 `skills/doc-architecture`,并将其装配到 tech-lead、architect、backend-engineer、frontend-engineer、qa-engineer、devops-engineer。同步增强 artifact 标准、输出契约与模板字段。
32
+
33
+ **影响**:主链可直接产出并追溯 PRD、Plan、Arch、API、Execute、Test、Release、ADR、Session Summary,不需要新增 team 主命令。
34
+
35
+ ---
36
+
37
+ ## 2026-04-02 · Internal Workflow and Permission Case Studies Moved Out of Public Memory
38
+
39
+ **背景**:部分记忆条目直接绑定私有流程系统、权限中心和组织专属案例,不适合作为公开仓的默认示例。
40
+
41
+ **决策**:将组织专属案例从公开记忆层移出,只保留公共运行时、文档架构和平台演进相关的决策记录;私有案例转入 `enterprise` overlay 或私有仓。
42
+
43
+ **影响**:公开仓的 `docs/memory/` 更适合外部用户阅读,也不会把私有领域案例误当成公共默认路径。
@@ -0,0 +1,87 @@
1
+ # Lessons Learned
2
+
3
+ > 追加策略:由 qa-engineer 或 devops-engineer 在遇到可复用经验时追加。格式:`## YYYY-MM-DD · {标题}`
4
+
5
+ ---
6
+
7
+ ## 2026-03-31 · session_end hook 不能依赖 LLM 主动发送结构化数据
8
+
9
+ **场景**:设计 memory persistence hook 时,原方案希望 Claude 在会话结束时输出结构化 JSON 摘要,由 hook 捕获存盘。
10
+
11
+ **问题**:Claude 不会主动向 hook stdin 发送任何结束信号。`while True: line = sys.stdin.readline()` 会永久阻塞,数据永远不落盘。
12
+
13
+ **建议**:session_end hook 应主动采集,而非被动等待。可读 git log、docs/memory/、changelog 等文件作为替代数据源;不依赖 LLM 在特定格式下产出数据。
14
+
15
+ ---
16
+
17
+ ## 2026-03-31 · _experience.json 文件格式与 SessionSummary dataclass 不兼容
18
+
19
+ **场景**:session_end.py 在同一目录写入 `{id}.json`(SessionSummary)和 `{id}_experience.json`(experience capsules)两类文件。
20
+
21
+ **问题**:`memory_store.py` 的 `load_latest_session_summary` 按日期排序读取所有 `.json` 文件,`_experience.json` 字段不同会导致 dataclass 反序列化失败。
22
+
23
+ **建议**:在 `load_latest_session_summary` 中添加 `if "_experience" in session_file.name: continue` 跳过逻辑;或将两类文件放入不同子目录隔离。
24
+
25
+ ---
26
+
27
+ ## 2026-03-31 · docs/memory/ 目录必须提前初始化
28
+
29
+ **场景**:session_start.py 重写后从 `docs/memory/project-context.md` 等文件读取上下文,但该目录在项目初始未被创建。
30
+
31
+ **问题**:`repo_memory_files_found: []` — session_start 运行无报错但上下文为空,导致新会话缺少项目感知。
32
+
33
+ **建议**:每个接入项目在首次配置 hooks 后,应立即创建 `docs/memory/project-context.md`、`decisions.md`、`lessons-learned.md` 三个基础文件,哪怕内容只是占位符。可在 `docs/runbooks/project-onboarding.md` 中补充这一步骤。
34
+
35
+ ---
36
+
37
+ ## 2026-03-31 · validate_library.py(当前等价 `node scripts/validate-library.js`)的 REQUIRED_ECC_SKILLS 必须与目录同步更新
38
+
39
+ **场景**:新增 ecc skill(langfuse-coding-trace、harness-audit)后,历史脚本 `validate_library.py`(当前等价 `node scripts/validate-library.js`)仍只检查旧的 9 个 required skills。
40
+
41
+ **问题**:新 skill 存在但不被验证,脚本 PASS 不代表实际完整性正确。
42
+
43
+ **建议**:每次在 `skills/` 新增 skill 时,同步更新 `scripts/validate-library.js` 中的 `REQUIRED_ECC_SKILLS` 列表;可考虑改为动态读取 `skills/` 自动发现。
44
+
45
+ ---
46
+
47
+ ## 2026-04-01 · 文档能力整合优先走 artifacts 映射而非新目录
48
+
49
+ **场景**:将外部文档能力并入 team-skills 主链。
50
+
51
+ **问题**:若沿用外部目录习惯(architecture/domains/specs/plans/runbooks),会与现有 artifact 持久化规则冲突,导致事实源分裂。
52
+
53
+ **建议**:统一把 discovery/modeling/audit 内容映射到现有 artifact 文件;新增能力优先通过 shared skill + 输出契约字段扩展落地,不新增并行主命令或并行主目录。
54
+
55
+ ---
56
+
57
+ ## 2026-04-09 · skills 子目录嵌套会阻止 Claude 自动发现
58
+
59
+ **场景**:skills 按 shared/ecc/company 三层子目录组织(`skills/shared/api-contract`、`skills/ecc/eval-harness`),认为逻辑清晰。
60
+
61
+ **问题**:Claude Code 只自动扫描 `skills/` 根目录下的 SKILL.md,嵌套一层子目录后 skill 不会出现在可用列表中,用户无法直接使用。
62
+
63
+ **建议**:所有 skill 统一平铺到 `skills/` 根目录。分类信息通过 manifest module 和 role.yaml 的 recommended_*_skills 字段表达,不依赖目录层级。
64
+
65
+ ---
66
+
67
+ ## 2026-04-09 · JSON 文件中的 Unicode 弯引号导致解析歧义
68
+
69
+ **场景**:`roles/architect/role.yaml` 中 outputs 字段包含中文弯引号 `"前端页面"`,Node.js `JSON.parse` 报错 position 422。
70
+
71
+ **问题**:中文弯引号 U+201C/U+201D 在 JSON 字符串内部时,解析器会在遇到 ASCII `"` 时错误地判断字符串终止位置。
72
+
73
+ **建议**:JSON 文件内的中文引号统一使用 `「」` 或反斜杠转义。CI 可加一条 pre-commit 检查,检测 .yaml/.json 中的 U+201C/U+201D。
74
+
75
+ ---
76
+
77
+ ## 2026-04-09 · 批量路径替换后验证脚本需单独修复
78
+
79
+ **场景**:sed 全局替换了 `skills/shared/` → `skills/`,文档和配置文件正确,但验证脚本内部 `path.join(root, "skills", "shared", skill)` 硬编码路径未被替换。
80
+
81
+ **问题**:验证脚本通过 string concat 拼路径,sed 替换 markdown/JSON 中的字符串引用时不会命中 JS/Python 代码中的路径拼接。
82
+
83
+ **建议**:路径替换后,必须单独 grep 验证脚本中的硬编码子目录名(如 `"shared"`、`"ecc"`、`"company"`),并运行验证脚本确认。
84
+
85
+ ## 2026-04-17 - BMAD Source Adoption v2.2 closeout
86
+
87
+ Closeout readiness for /team-closeout depends on complete artifacts (prd, delivery-plan, handoff, execute/review/release docs). When continuing from mid-stream work, run a gate completeness check early to avoid end-stage backfill.
@@ -0,0 +1,265 @@
1
+ # Python Remnants Audit
2
+
3
+ **Date:** 2026-04-03
4
+ **Scope:** `/scripts` remaining `.py` files after the JS-first migration waves
5
+ **Goal:** classify every remaining Python file into one of three buckets:
6
+
7
+ - keep as compatibility shim
8
+ - migrate next to JS
9
+ - retire/delete
10
+
11
+ > Historical snapshot: this audit captures Python remnants at that date.
12
+ > Current command equivalents for referenced core scripts:
13
+ > `scripts/build_platform_artifacts.py` -> `scripts/build-platform-artifacts.js`
14
+ > `scripts/validate_library.py` -> `scripts/validate-library.js`
15
+
16
+ ## Executive Summary
17
+
18
+ The repository is **not yet Python-free**.
19
+
20
+ The current state is:
21
+
22
+ - the main operational path is already JS-first
23
+ - several Python files remain intentionally as compatibility shims for tests and legacy entrypoints
24
+ - a smaller set of Python files are still real implementations and should be considered the next migration targets
25
+ - a final set are one-off maintenance/debug utilities and should be retired rather than migrated unless there is a live owner for them
26
+
27
+ ## Classification Rules
28
+
29
+ ### A. Keep as Compatibility Shim
30
+
31
+ Use this bucket only when all of the following are true:
32
+
33
+ 1. there is already a JS primary implementation
34
+ 2. Python is still imported by tests, hooks, or legacy operators
35
+ 3. removing the Python file now would create unnecessary churn
36
+
37
+ ### B. Migrate Next to JS
38
+
39
+ Use this bucket when:
40
+
41
+ 1. the Python file is still a real implementation
42
+ 2. it belongs to an actively used path
43
+ 3. the repository would be simpler if it moved into the Node toolchain
44
+
45
+ ### C. Retire/Delete
46
+
47
+ Use this bucket when:
48
+
49
+ 1. the file is a one-off migration/debug utility
50
+ 2. it is not on the supported operational path
51
+ 3. it has no active owner or runbook dependency
52
+
53
+ ## Current Inventory
54
+
55
+ Remaining Python files under `/scripts`:
56
+
57
+ - `scripts/__init__.py`
58
+ - `scripts/_inspect_project_session.py`
59
+ - `scripts/_migrate_agent_governance.py`
60
+ - `scripts/_register_audit_hooks.py`
61
+ - `scripts/_ruoyi_audit_live.py`
62
+ - `scripts/_ruoyi_detail.py`
63
+ - `scripts/build_platform_artifacts.py`
64
+ - `scripts/hooks/__init__.py`
65
+ - `scripts/hooks/insaits-security-monitor.py`
66
+ - `scripts/hooks/mcp_health_check.py`
67
+ - `scripts/hooks/observe.py`
68
+ - `scripts/hooks/session_end.py`
69
+ - `scripts/hooks/session_start.py`
70
+ - `scripts/install_platform.py`
71
+ - `scripts/langfuse_trace.py`
72
+ - `scripts/lib/audit_logger.py`
73
+ - `scripts/lib/audit_query.py`
74
+ - `scripts/lib/hook_contract.py`
75
+ - `scripts/lib/memory_store.py`
76
+ - `scripts/lib/utils.py`
77
+ - `scripts/query_audit_logs.py`
78
+ - `scripts/run_e2e_test.py`
79
+ - `scripts/scan_leaked_keys.py`
80
+ - `scripts/team_skills_platform.py`
81
+ - `scripts/trigger_gitlab_pipeline.py`
82
+ - `scripts/validate_library.py`
83
+ - `scripts/validate_workflow_state.py`
84
+
85
+ ## Bucket 1: Keep as Compatibility Shim
86
+
87
+ These files already have a JS-first runtime path and should remain temporarily as thin Python compatibility surfaces:
88
+
89
+ - `scripts/build_platform_artifacts.py`
90
+ - `scripts/install_platform.py`
91
+ - `scripts/langfuse_trace.py`
92
+ - `scripts/query_audit_logs.py`
93
+ - `scripts/scan_leaked_keys.py`
94
+ - `scripts/validate_library.py`
95
+ - `scripts/validate_workflow_state.py`
96
+
97
+ ### Why
98
+
99
+ - they preserve old commands such as `python3 scripts/<name>.py`
100
+ - they protect existing imports in tests and legacy operator habits
101
+ - the real implementation now lives in JS
102
+
103
+ ### Exit Criteria For Deletion
104
+
105
+ These shims can be removed only after:
106
+
107
+ 1. docs no longer point to the Python entrypoints
108
+ 2. tests no longer import these Python modules directly
109
+ 3. shell and PowerShell wrappers are fully JS-native
110
+ 4. at least one cleanup cycle confirms no active operators still rely on Python invocation
111
+
112
+ ## Bucket 2: Keep as Python Compatibility Support For Now
113
+
114
+ These files are not the canonical runtime anymore, but they still provide compatibility for current tests and hook behavior:
115
+
116
+ - `scripts/hooks/mcp_health_check.py`
117
+ - `scripts/hooks/observe.py`
118
+ - `scripts/hooks/session_end.py`
119
+ - `scripts/hooks/session_start.py`
120
+ - `scripts/lib/audit_logger.py`
121
+ - `scripts/lib/audit_query.py`
122
+ - `scripts/lib/hook_contract.py`
123
+ - `scripts/lib/memory_store.py`
124
+ - `scripts/lib/utils.py`
125
+
126
+ ### Why
127
+
128
+ - the current test suite imports these Python modules directly
129
+ - they provide a stable bridge while the repository transitions from Python hook semantics to JS hook semantics
130
+ - deleting them now would force a wider hook/test refactor than the main migration required
131
+
132
+ ### Recommendation
133
+
134
+ Do **not** migrate these in the next wave by default.
135
+
136
+ Instead choose one of two intentional end states:
137
+
138
+ 1. keep them as a supported Python compatibility layer for legacy hook/tests
139
+ 2. run a dedicated “hook/test runtime unification” project, then delete them together
140
+
141
+ ### Warning
142
+
143
+ Migrating these one-by-one is the wrong shape of work. They are tightly coupled and should be handled as a single compatibility-surface decision.
144
+
145
+ ## Bucket 3: Migrate Next to JS
146
+
147
+ These are the remaining Python files that still represent real implementation value and should be the next migration candidates.
148
+
149
+ ### High Priority
150
+
151
+ - `scripts/team_skills_platform.py`
152
+ - `scripts/trigger_gitlab_pipeline.py`
153
+
154
+ ### Medium Priority
155
+
156
+ - `scripts/run_e2e_test.py` only if we decide to keep a standalone script surface
157
+
158
+ ### Why
159
+
160
+ #### `scripts/team_skills_platform.py`
161
+
162
+ - still contains the legacy Python source of truth for platform constants and generation logic
163
+ - even though JS generation now exists, leaving this as a large Python implementation keeps conceptual duplication alive
164
+ - this is the biggest remaining architectural inconsistency
165
+
166
+ #### `scripts/trigger_gitlab_pipeline.py`
167
+
168
+ - still performs real external automation work
169
+ - belongs on the same Node operational surface as the rest of the script toolchain
170
+
171
+ #### `scripts/run_e2e_test.py`
172
+
173
+ - duplicates what the repository now handles through standard test entrypoints
174
+ - is not part of the normal build / validate / install path
175
+ - should be retired unless a real operator still depends on it
176
+
177
+ ## Bucket 4: Retire/Delete Instead of Migrating
178
+
179
+ These look like one-off maintenance, audit, or local debugging tools and should not be migrated unless a current owner explicitly claims them.
180
+
181
+ - `scripts/_inspect_project_session.py`
182
+ - `scripts/_migrate_agent_governance.py`
183
+ - `scripts/_register_audit_hooks.py`
184
+ - `scripts/_ruoyi_audit_live.py`
185
+ - `scripts/_ruoyi_detail.py`
186
+ - `scripts/run_e2e_test.py`
187
+
188
+ ### Why
189
+
190
+ - they are prefixed like internal maintenance tools
191
+ - they are not part of the supported installation/build/validate path
192
+ - migrating them to JS would create more surface area, not less
193
+
194
+ ### Default Action
195
+
196
+ 1. confirm no runbook depends on them
197
+ 2. move them to an archive or delete them
198
+ 3. if retained, label them clearly as internal legacy utilities
199
+
200
+ ## Bucket 5: Structural Python Files That Are Fine To Keep
201
+
202
+ These are packaging markers, not meaningful migration targets:
203
+
204
+ - `scripts/__init__.py`
205
+ - `scripts/hooks/__init__.py`
206
+
207
+ ## Explicit Python Exception
208
+
209
+ `scripts/hooks/insaits-security-monitor.py` is now treated as an **explicit supported Python exception**.
210
+
211
+ ### Why
212
+
213
+ - it is a third-party SDK-facing hook, not core platform generation logic
214
+ - the active integration surface is already JS-first through `scripts/hooks/insaits-security-wrapper.js`
215
+ - forcing an immediate port would couple this migration to the external InsAIts Python SDK behavior
216
+
217
+ ### Required Guardrails
218
+
219
+ 1. keep the JS wrapper as the canonical entrypoint
220
+ 2. document clearly that the monitor is a Python implementation behind a JS wrapper
221
+ 3. do not expand Python usage from this hook into the rest of the platform
222
+
223
+ ### Recommendation
224
+
225
+ Ignore them until the Python compatibility layer is fully retired. At that point they can disappear with the rest of the Python package surface.
226
+
227
+ ## Recommended Next Wave
228
+
229
+ If the goal is to reduce Python without destabilizing the repository, the next wave should be:
230
+
231
+ 1. migrate `scripts/team_skills_platform.py`
232
+ 2. migrate `scripts/trigger_gitlab_pipeline.py`
233
+ 3. retire `scripts/run_e2e_test.py` unless an owner claims it
234
+ 4. keep `scripts/hooks/insaits-security-monitor.py` as a documented Python exception behind the JS wrapper
235
+ 5. explicitly defer the Python hook/lib compatibility layer until a dedicated cleanup pass
236
+
237
+ ## Non-Goals For The Next Wave
238
+
239
+ The next wave should **not** try to:
240
+
241
+ - delete all Python immediately
242
+ - rewrite test imports and hook compatibility at the same time as generator migration
243
+ - migrate one-off `_*.py` utilities without confirming they are still needed
244
+
245
+ ## Decision Table
246
+
247
+ | File Group | Status | Recommended Action |
248
+ |---|---|---|
249
+ | JS-backed entrypoint shims | acceptable temporary state | keep until callers are cleaned up |
250
+ | Python hook/lib compatibility layer | intentional technical debt | defer to dedicated hook/test cleanup |
251
+ | `team_skills_platform.py` | unresolved core duplication | migrate next |
252
+ | `trigger_gitlab_pipeline.py` | unresolved operational Python | migrate next |
253
+ | `run_e2e_test.py` | no longer justified on main path | retire unless reclaimed |
254
+ | `hooks/insaits-security-monitor.py` | explicit third-party exception | keep behind JS wrapper |
255
+ | `_*.py` maintenance scripts | likely dead weight | retire/delete unless owned |
256
+
257
+ ## Suggested Acceptance Criteria For “Python Mostly Cleared”
258
+
259
+ We should only claim the repository is effectively JS-first when:
260
+
261
+ 1. all active operational scripts use JS as the primary implementation
262
+ 2. the only remaining Python files are either:
263
+ - compatibility shims, or
264
+ - explicitly documented exceptions
265
+ 3. every remaining Python file has an owner and a stated reason to exist