@colin4k1024/tsp 2.4.1 → 2.4.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (216) hide show
  1. package/README.md +12 -6
  2. package/docs/.vitepress/config.mts +199 -0
  3. package/docs/adr/ADR-001-doc-architecture-integration.md +33 -0
  4. package/docs/guides/README.md +5 -0
  5. package/docs/guides/installation.md +33 -0
  6. package/docs/guides/user-guide.md +36 -0
  7. package/docs/index.md +65 -0
  8. package/docs/memory/backlog.md +10 -0
  9. package/docs/memory/decisions.md +43 -0
  10. package/docs/memory/lessons-learned.md +87 -0
  11. package/docs/plans/2026-04-03-python-remnants-audit.md +265 -0
  12. package/docs/plans/2026-04-03-scripts-python-to-js-migration.md +372 -0
  13. package/docs/plans/2026-04-03-solo-delivery-execution-checklist.md +413 -0
  14. package/docs/plans/2026-04-03-solo-delivery-gap-plan.md +377 -0
  15. package/docs/plans/2026-04-03-team-skills-workflow-gates.md +548 -0
  16. package/docs/plans/2026-04-21-open-source-readiness-gap-plan.md +217 -0
  17. package/docs/plans/llm-surface-reduction-audit.md +147 -0
  18. package/docs/plans/llm-surface-reduction-execution-checklist.md +217 -0
  19. package/docs/plans/llm-surface-reduction-execution-history.md +124 -0
  20. package/docs/plans/team-skills-platform-migration.md +54 -0
  21. package/docs/presentation/README.md +42 -0
  22. package/docs/presentation/audience-presentation-route-map.md +84 -0
  23. package/docs/presentation/executive-briefing-talk-track.md +50 -0
  24. package/docs/presentation/generate_capability_matrix.py +396 -0
  25. package/docs/presentation/generate_ppt.py +354 -0
  26. package/docs/presentation/implementation-onboarding-brief.md +38 -0
  27. package/docs/presentation/presentation-talk-track.md +97 -0
  28. package/docs/presentation/vertical-scenario-route-map.md +99 -0
  29. package/docs/presentation/workshop-facilitator-guide.md +47 -0
  30. package/docs/runbooks/actionlint-workflow-gates.md +80 -0
  31. package/docs/runbooks/agent-governance.md +131 -0
  32. package/docs/runbooks/ai-eval-platform-demo-execution-log.md +147 -0
  33. package/docs/runbooks/ai-eval-platform-demo-script.md +136 -0
  34. package/docs/runbooks/ai-eval-platform-walkthrough.md +113 -0
  35. package/docs/runbooks/ai-pr-review-automation.md +56 -0
  36. package/docs/runbooks/api-breaking-change-gates.md +58 -0
  37. package/docs/runbooks/api-design-evolution-walkthrough.md +42 -0
  38. package/docs/runbooks/api-lint-gates.md +57 -0
  39. package/docs/runbooks/api-mocking-strategy-and-lifecycle-guide.md +47 -0
  40. package/docs/runbooks/architect-daily-operations.md +63 -0
  41. package/docs/runbooks/architect-design-conversation-example.md +83 -0
  42. package/docs/runbooks/artifact-attestation-gates.md +75 -0
  43. package/docs/runbooks/artifact-persistence.md +257 -0
  44. package/docs/runbooks/backend-engineer-daily-operations.md +63 -0
  45. package/docs/runbooks/batch-optimization-completion-checklist.md +104 -0
  46. package/docs/runbooks/biz-service-designer-end-to-end-conversation-example.md +5 -0
  47. package/docs/runbooks/biz-service-designer-toolkit.md +5 -0
  48. package/docs/runbooks/bug-fix-complete-walkthrough.md +60 -0
  49. package/docs/runbooks/build-failure-recovery-walkthrough.md +40 -0
  50. package/docs/runbooks/canary-decision-matrix.md +41 -0
  51. package/docs/runbooks/canary-staging-release-walkthrough.md +46 -0
  52. package/docs/runbooks/checkov-iac-gates.md +104 -0
  53. package/docs/runbooks/claude-code-review-workflow.md +72 -0
  54. package/docs/runbooks/claude-conversation-prompt-recipes.md +132 -0
  55. package/docs/runbooks/claude-end-to-end-conversation-example.md +198 -0
  56. package/docs/runbooks/claude-feature-development-guide.md +112 -0
  57. package/docs/runbooks/claude-quick-start.md +227 -0
  58. package/docs/runbooks/claude-usage-scenarios.md +176 -0
  59. package/docs/runbooks/code-review-collaboration-walkthrough.md +65 -0
  60. package/docs/runbooks/codeql-pr-security-gates.md +64 -0
  61. package/docs/runbooks/codex-end-to-end-conversation-example.md +166 -0
  62. package/docs/runbooks/codex-multi-agent-orchestration.md +65 -0
  63. package/docs/runbooks/codex-parallel-prompt-recipes.md +131 -0
  64. package/docs/runbooks/codex-quick-start.md +223 -0
  65. package/docs/runbooks/codex-usage-scenarios.md +168 -0
  66. package/docs/runbooks/codex-workflow-essentials.md +88 -0
  67. package/docs/runbooks/command-and-capability-matrix.md +162 -0
  68. package/docs/runbooks/conftest-policy-gates.md +84 -0
  69. package/docs/runbooks/consumer-driven-contract-testing-with-mock-alignment.md +45 -0
  70. package/docs/runbooks/contract-testing-playbook.md +78 -0
  71. package/docs/runbooks/cosign-signing-gates.md +71 -0
  72. package/docs/runbooks/cross-role-issue-triage-walkthrough.md +47 -0
  73. package/docs/runbooks/cursor-quick-start.md +123 -0
  74. package/docs/runbooks/custom-overlay.md +115 -0
  75. package/docs/runbooks/data-ml-pipeline-demo-execution-log.md +141 -0
  76. package/docs/runbooks/data-ml-pipeline-demo-script.md +102 -0
  77. package/docs/runbooks/data-ml-pipeline-walkthrough.md +119 -0
  78. package/docs/runbooks/data-observability-quality-demo-execution-log.md +36 -0
  79. package/docs/runbooks/data-observability-quality-demo-script.md +42 -0
  80. package/docs/runbooks/data-observability-quality-walkthrough.md +86 -0
  81. package/docs/runbooks/demo-deliverables-overview.md +278 -0
  82. package/docs/runbooks/demo-execution-log.md +530 -0
  83. package/docs/runbooks/demo-scenario.md +129 -0
  84. package/docs/runbooks/dependency-review-gates.md +63 -0
  85. package/docs/runbooks/dependency-update-automation.md +83 -0
  86. package/docs/runbooks/design-md-workflow.md +185 -0
  87. package/docs/runbooks/devops-engineer-daily-operations.md +60 -0
  88. package/docs/runbooks/devops-release-conversation-example.md +88 -0
  89. package/docs/runbooks/doc-architecture-integration.md +59 -0
  90. package/docs/runbooks/doc-architecture-quick-start.md +122 -0
  91. package/docs/runbooks/document-execution-audit.md +32 -0
  92. package/docs/runbooks/documentation-update-walkthrough.md +37 -0
  93. package/docs/runbooks/ecc-harness-usage.md +93 -0
  94. package/docs/runbooks/error-experience-usage.md +116 -0
  95. package/docs/runbooks/evolution-usage.md +162 -0
  96. package/docs/runbooks/executive-value-one-page.md +55 -0
  97. package/docs/runbooks/external-capability-approval-and-enablement-workflow.md +39 -0
  98. package/docs/runbooks/external-capability-intake.md +160 -0
  99. package/docs/runbooks/first-team-command-60-seconds.md +96 -0
  100. package/docs/runbooks/first-team-workflow-walkthrough.md +245 -0
  101. package/docs/runbooks/frontend-backend-integration-acceptance-checklist.md +46 -0
  102. package/docs/runbooks/frontend-backend-parallel-integration-walkthrough.md +48 -0
  103. package/docs/runbooks/frontend-bugfix-one-page.md +82 -0
  104. package/docs/runbooks/frontend-engineer-daily-operations.md +60 -0
  105. package/docs/runbooks/frontend-enterprise-style-profile.md +5 -0
  106. package/docs/runbooks/frontend-governance.md +47 -0
  107. package/docs/runbooks/frontend-refactor-walkthrough.md +42 -0
  108. package/docs/runbooks/git-pr-workflow.md +63 -0
  109. package/docs/runbooks/github-actions-supply-chain-demo-execution-log.md +158 -0
  110. package/docs/runbooks/github-actions-supply-chain-demo-script.md +150 -0
  111. package/docs/runbooks/github-actions-supply-chain-walkthrough.md +117 -0
  112. package/docs/runbooks/github-token-permissions-baseline.md +92 -0
  113. package/docs/runbooks/gitlab-manual-pipeline-release.md +5 -0
  114. package/docs/runbooks/gitlab-release-integration-playbook.md +5 -0
  115. package/docs/runbooks/gitnexus-code-intelligence-usage.md +133 -0
  116. package/docs/runbooks/graphify-knowledge-graph-usage.md +88 -0
  117. package/docs/runbooks/handoff-filling-guide-with-examples.md +70 -0
  118. package/docs/runbooks/handoff-governance.md +250 -0
  119. package/docs/runbooks/helm-unittest-playbook.md +101 -0
  120. package/docs/runbooks/hotfix-emergency-release-walkthrough.md +60 -0
  121. package/docs/runbooks/iac-kubernetes-platform-demo-execution-log.md +144 -0
  122. package/docs/runbooks/iac-kubernetes-platform-demo-script.md +130 -0
  123. package/docs/runbooks/iac-kubernetes-platform-walkthrough.md +120 -0
  124. package/docs/runbooks/implementation-onboarding-reading-path.md +67 -0
  125. package/docs/runbooks/in-toto-attestation-framework.md +94 -0
  126. package/docs/runbooks/incident-severity-triage-tree.md +43 -0
  127. package/docs/runbooks/incident-triage-one-page.md +65 -0
  128. package/docs/runbooks/internal-developer-platform-demo-execution-log.md +36 -0
  129. package/docs/runbooks/internal-developer-platform-demo-script.md +42 -0
  130. package/docs/runbooks/internal-developer-platform-walkthrough.md +91 -0
  131. package/docs/runbooks/karpathy-guidelines-usage.md +27 -0
  132. package/docs/runbooks/kubeconform-schema-gates.md +100 -0
  133. package/docs/runbooks/kubectl-server-dry-run-gates.md +103 -0
  134. package/docs/runbooks/kyverno-policy-gates.md +90 -0
  135. package/docs/runbooks/langfuse-and-observability-integration-guide.md +43 -0
  136. package/docs/runbooks/langfuse-coding-trace.md +44 -0
  137. package/docs/runbooks/mobile-miniapp-delivery-walkthrough.md +112 -0
  138. package/docs/runbooks/mobile-miniapp-demo-execution-log.md +139 -0
  139. package/docs/runbooks/mobile-miniapp-demo-script.md +129 -0
  140. package/docs/runbooks/multi-service-backend-integration-walkthrough.md +61 -0
  141. package/docs/runbooks/open-design-integration.md +163 -0
  142. package/docs/runbooks/open-source-release-checklist.md +90 -0
  143. package/docs/runbooks/opencode-quick-start.md +128 -0
  144. package/docs/runbooks/parallel-development-coordination-walkthrough.md +47 -0
  145. package/docs/runbooks/parallel-execution-usage.md +179 -0
  146. package/docs/runbooks/platform-capability-demo-execution-log.md +184 -0
  147. package/docs/runbooks/platform-capability-demo-script.md +192 -0
  148. package/docs/runbooks/plugin-extension-platform-demo-execution-log.md +136 -0
  149. package/docs/runbooks/plugin-extension-platform-demo-script.md +102 -0
  150. package/docs/runbooks/plugin-extension-platform-walkthrough.md +111 -0
  151. package/docs/runbooks/policy-controller-gates.md +75 -0
  152. package/docs/runbooks/post-rollback-verification-checklist.md +37 -0
  153. package/docs/runbooks/pre-release-checklist.md +50 -0
  154. package/docs/runbooks/product-manager-clarification-conversation-example.md +90 -0
  155. package/docs/runbooks/product-manager-daily-operations.md +60 -0
  156. package/docs/runbooks/production-incident-response-walkthrough.md +50 -0
  157. package/docs/runbooks/project-claude-design-rationale.md +188 -0
  158. package/docs/runbooks/project-manager-daily-operations.md +61 -0
  159. package/docs/runbooks/project-manager-planning-conversation-example.md +82 -0
  160. package/docs/runbooks/project-onboarding.md +452 -0
  161. package/docs/runbooks/qa-engineer-daily-operations.md +63 -0
  162. package/docs/runbooks/qa-review-conversation-example.md +87 -0
  163. package/docs/runbooks/release-closure-one-page.md +65 -0
  164. package/docs/runbooks/release-governance-reading-path.md +56 -0
  165. package/docs/runbooks/release-notes-automation.md +48 -0
  166. package/docs/runbooks/release-rollback-recovery-walkthrough.md +47 -0
  167. package/docs/runbooks/requirement-clarity-and-scope-walkthrough.md +46 -0
  168. package/docs/runbooks/reviewdog-pr-gates.md +49 -0
  169. package/docs/runbooks/role-prompt-recipes.md +130 -0
  170. package/docs/runbooks/rtk-integration-intake.md +45 -0
  171. package/docs/runbooks/rtk-token-optimization-usage.md +107 -0
  172. package/docs/runbooks/runner-egress-hardening.md +81 -0
  173. package/docs/runbooks/runtime-capabilities-overview.md +113 -0
  174. package/docs/runbooks/sbom-generation-gates.md +71 -0
  175. package/docs/runbooks/scorecard-supply-chain-gates.md +82 -0
  176. package/docs/runbooks/secret-scanning-gates.md +85 -0
  177. package/docs/runbooks/security-compliance-platform-demo-execution-log.md +36 -0
  178. package/docs/runbooks/security-compliance-platform-demo-script.md +49 -0
  179. package/docs/runbooks/security-compliance-platform-walkthrough.md +98 -0
  180. package/docs/runbooks/slsa-generator-patterns.md +73 -0
  181. package/docs/runbooks/slsa-verification-gates.md +75 -0
  182. package/docs/runbooks/solo-delivery-mode.md +142 -0
  183. package/docs/runbooks/solo-delivery-one-page.md +111 -0
  184. package/docs/runbooks/specialist-commands-playbook.md +85 -0
  185. package/docs/runbooks/sub-agent-invocation-map.md +144 -0
  186. package/docs/runbooks/system-architecture-design-walkthrough.md +49 -0
  187. package/docs/runbooks/team-closeout-example.md +73 -0
  188. package/docs/runbooks/team-command-output-contracts.md +358 -0
  189. package/docs/runbooks/team-commands-quick-prompts.md +125 -0
  190. package/docs/runbooks/team-execute-example.md +63 -0
  191. package/docs/runbooks/team-handoff-example.md +49 -0
  192. package/docs/runbooks/team-intake-example.md +70 -0
  193. package/docs/runbooks/team-plan-example.md +62 -0
  194. package/docs/runbooks/team-release-example.md +63 -0
  195. package/docs/runbooks/team-review-example.md +61 -0
  196. package/docs/runbooks/team-skills-test-run.md +184 -0
  197. package/docs/runbooks/team-skills-usage.md +336 -0
  198. package/docs/runbooks/team-training-reading-path.md +64 -0
  199. package/docs/runbooks/tech-lead-closure-conversation-example.md +78 -0
  200. package/docs/runbooks/tech-lead-daily-operations.md +67 -0
  201. package/docs/runbooks/trivy-security-gates.md +79 -0
  202. package/docs/runbooks/troubleshooting.md +234 -0
  203. package/docs/runbooks/vertical-scenario-capability-matrix.md +107 -0
  204. package/docs/runbooks/witness-policy-gates.md +78 -0
  205. package/docs/runbooks/zizmor-workflow-audits.md +81 -0
  206. package/manifests/install-components.json +8 -0
  207. package/manifests/install-modules.json +34 -0
  208. package/manifests/install-profiles.json +2 -0
  209. package/package.json +2 -1
  210. package/scripts/install-apply.js +9 -0
  211. package/scripts/install-open-design.js +206 -0
  212. package/scripts/install-plan.js +17 -0
  213. package/scripts/lib/install/apply.js +31 -0
  214. package/scripts/lib/install-executor.js +56 -0
  215. package/skills/open-design/SKILL.md +87 -0
  216. package/skills/open-design/agents/openai.yaml +4 -0
@@ -0,0 +1,168 @@
1
+ ---
2
+ version: "0.1.0"
3
+ status: draft
4
+ created: 2026-03-28
5
+ updated: 2026-03-28
6
+ owner: 工程团队
7
+ ---
8
+
9
+ # Codex 使用场景总览
10
+
11
+ 本文把 Codex 端的使用文档按“安装验证、主链执行、多 agent 编排、specialist 使用、场景演练”组织起来。
12
+
13
+ ## 1. 首次使用
14
+
15
+ - 安装与首个闭环:[codex-quick-start.md](codex-quick-start.md)
16
+ - 新项目接入:[project-onboarding.md](project-onboarding.md)
17
+ - 按项目类型直接复制起手句:[../../examples/project-type-starter-playbook.md](../../examples/project-type-starter-playbook.md)
18
+ - 按更垂直项目类型复制连续脚本:[../../examples/vertical-project-conversation-scripts.md](../../examples/vertical-project-conversation-scripts.md)
19
+ - GitHub Actions / AI Eval / 移动端 / 合规 / 内部平台 / 数据质量 demo script:[github-actions-supply-chain-demo-script.md](github-actions-supply-chain-demo-script.md)、[ai-eval-platform-demo-script.md](ai-eval-platform-demo-script.md)、[mobile-miniapp-demo-script.md](mobile-miniapp-demo-script.md)、[security-compliance-platform-demo-script.md](security-compliance-platform-demo-script.md)、[internal-developer-platform-demo-script.md](internal-developer-platform-demo-script.md)、[data-observability-quality-demo-script.md](data-observability-quality-demo-script.md)
20
+ - 按材料成熟度选择 vertical 场景:[../presentation/vertical-scenario-route-map.md](../presentation/vertical-scenario-route-map.md)
21
+ - 按表格查看 vertical 材料覆盖:[vertical-scenario-capability-matrix.md](vertical-scenario-capability-matrix.md)
22
+ - 完整主链演练:[first-team-workflow-walkthrough.md](first-team-workflow-walkthrough.md)
23
+
24
+ ## 2. Codex 特有工作方式
25
+
26
+ - Codex 工作流要领:[codex-workflow-essentials.md](codex-workflow-essentials.md)
27
+ - 多 Agent 编排指南:[codex-multi-agent-orchestration.md](codex-multi-agent-orchestration.md)
28
+ - 命令与能力矩阵:[command-and-capability-matrix.md](command-and-capability-matrix.md)
29
+ - runtime 能力总览:[runtime-capabilities-overview.md](runtime-capabilities-overview.md)
30
+
31
+ ## 3. 日常协作与 specialist
32
+
33
+ - Specialist 命令工作簿:[specialist-commands-playbook.md](specialist-commands-playbook.md)
34
+ - 如果你想优先体验 `/tdd`、`/harness-audit` 这类新增命令,也从 [specialist-commands-playbook.md](specialist-commands-playbook.md) 进入
35
+ - Codex 场景化示例集:[../../examples/codex-scenario-playbook.md](../../examples/codex-scenario-playbook.md)
36
+ - Handoff 填充指南:[handoff-filling-guide-with-examples.md](handoff-filling-guide-with-examples.md)
37
+ - Team Intake 完整示例:[team-intake-example.md](team-intake-example.md)
38
+ - Team Plan 完整示例:[team-plan-example.md](team-plan-example.md)
39
+ - Team Execute 完整示例:[team-execute-example.md](team-execute-example.md)
40
+ - Team Handoff 完整示例:[team-handoff-example.md](team-handoff-example.md)
41
+ - Team Review 完整示例:[team-review-example.md](team-review-example.md)
42
+ - Team Release 完整示例:[team-release-example.md](team-release-example.md)
43
+ - API Mock 策略与生命周期手册:[api-mocking-strategy-and-lifecycle-guide.md](api-mocking-strategy-and-lifecycle-guide.md)
44
+ - 前后端联调与验收清单:[frontend-backend-integration-acceptance-checklist.md](frontend-backend-integration-acceptance-checklist.md)
45
+ - Consumer-Driven Contract 与 Mock 对齐指南:[consumer-driven-contract-testing-with-mock-alignment.md](consumer-driven-contract-testing-with-mock-alignment.md)
46
+ - Team 命令快速提示:[team-commands-quick-prompts.md](team-commands-quick-prompts.md)
47
+ - Codex 并行编排提示模板:[codex-parallel-prompt-recipes.md](codex-parallel-prompt-recipes.md)
48
+ - 角色高频提示模板:[role-prompt-recipes.md](role-prompt-recipes.md)
49
+ - Codex 完整对话样例:[codex-end-to-end-conversation-example.md](codex-end-to-end-conversation-example.md)
50
+ - QA 放行对话样例:[qa-review-conversation-example.md](qa-review-conversation-example.md)
51
+ - DevOps 发布对话样例:[devops-release-conversation-example.md](devops-release-conversation-example.md)
52
+ - Tech Lead 收口对话样例:[tech-lead-closure-conversation-example.md](tech-lead-closure-conversation-example.md)
53
+ - Product Manager 需求澄清对话样例:[product-manager-clarification-conversation-example.md](product-manager-clarification-conversation-example.md)
54
+ - Project Manager 计划推进对话样例:[project-manager-planning-conversation-example.md](project-manager-planning-conversation-example.md)
55
+ - Architect 方案设计对话样例:[architect-design-conversation-example.md](architect-design-conversation-example.md)
56
+ - 60 秒跑通第一个 Team 命令:[first-team-command-60-seconds.md](first-team-command-60-seconds.md)
57
+ - QA 工程师日常操作:[qa-engineer-daily-operations.md](qa-engineer-daily-operations.md)
58
+ - DevOps 工程师日常操作:[devops-engineer-daily-operations.md](devops-engineer-daily-operations.md)
59
+ - 项目经理日常操作:[project-manager-daily-operations.md](project-manager-daily-operations.md)
60
+ - Tech Lead 日常操作:[tech-lead-daily-operations.md](tech-lead-daily-operations.md)
61
+ - 产品经理日常操作:[product-manager-daily-operations.md](product-manager-daily-operations.md)
62
+ - 架构师日常操作:[architect-daily-operations.md](architect-daily-operations.md)
63
+
64
+ ## 4. 共享 walkthrough
65
+
66
+ - Bug 修复全流程:[bug-fix-complete-walkthrough.md](bug-fix-complete-walkthrough.md)
67
+ - Code Review 协作演练:[code-review-collaboration-walkthrough.md](code-review-collaboration-walkthrough.md)
68
+ - 多服务后端集成演练:[multi-service-backend-integration-walkthrough.md](multi-service-backend-integration-walkthrough.md)
69
+ - 紧急修复发布演练:[hotfix-emergency-release-walkthrough.md](hotfix-emergency-release-walkthrough.md)
70
+ - 前端重构演练:[frontend-refactor-walkthrough.md](frontend-refactor-walkthrough.md)
71
+ - API 设计与演进演练:[api-design-evolution-walkthrough.md](api-design-evolution-walkthrough.md)
72
+ - 文档更新协作演练:[documentation-update-walkthrough.md](documentation-update-walkthrough.md)
73
+ - 构建失败处理演练:[build-failure-recovery-walkthrough.md](build-failure-recovery-walkthrough.md)
74
+ - 需求澄清与范围管理演练:[requirement-clarity-and-scope-walkthrough.md](requirement-clarity-and-scope-walkthrough.md)
75
+ - 系统架构设计与 ADR 演练:[system-architecture-design-walkthrough.md](system-architecture-design-walkthrough.md)
76
+ - 金丝雀灰度发布演练:[canary-staging-release-walkthrough.md](canary-staging-release-walkthrough.md)
77
+ - 生产事故应急响应演练:[production-incident-response-walkthrough.md](production-incident-response-walkthrough.md)
78
+ - 发布后回滚与恢复演练:[release-rollback-recovery-walkthrough.md](release-rollback-recovery-walkthrough.md)
79
+ - 前后端并行开发与联调演练:[frontend-backend-parallel-integration-walkthrough.md](frontend-backend-parallel-integration-walkthrough.md)
80
+ - 并行研发协调演练:[parallel-development-coordination-walkthrough.md](parallel-development-coordination-walkthrough.md)
81
+ - 跨角色问题分诊演练:[cross-role-issue-triage-walkthrough.md](cross-role-issue-triage-walkthrough.md)
82
+ - GitHub Actions 与供应链治理演练:[github-actions-supply-chain-walkthrough.md](github-actions-supply-chain-walkthrough.md)
83
+ - AI Eval 平台演练:[ai-eval-platform-walkthrough.md](ai-eval-platform-walkthrough.md)
84
+ - 移动端与小程序交付演练:[mobile-miniapp-delivery-walkthrough.md](mobile-miniapp-delivery-walkthrough.md)
85
+ - IaC 与 Kubernetes 平台演练:[iac-kubernetes-platform-walkthrough.md](iac-kubernetes-platform-walkthrough.md)
86
+ - 插件与扩展平台演练:[plugin-extension-platform-walkthrough.md](plugin-extension-platform-walkthrough.md)
87
+ - 数据与 ML Pipeline 演练:[data-ml-pipeline-walkthrough.md](data-ml-pipeline-walkthrough.md)
88
+ - 安全与合规平台演练:[security-compliance-platform-walkthrough.md](security-compliance-platform-walkthrough.md)
89
+ - 内部开发者平台演练:[internal-developer-platform-walkthrough.md](internal-developer-platform-walkthrough.md)
90
+ - 数据可观测性与质量平台演练:[data-observability-quality-walkthrough.md](data-observability-quality-walkthrough.md)
91
+
92
+ ## 5. 一页速查
93
+
94
+ - 前端缺陷修复一页速查:[frontend-bugfix-one-page.md](frontend-bugfix-one-page.md)
95
+ - 发布收口一页速查:[release-closure-one-page.md](release-closure-one-page.md)
96
+ - 事故分诊一页速查:[incident-triage-one-page.md](incident-triage-one-page.md)
97
+ - 管理层价值速查一页:[executive-value-one-page.md](executive-value-one-page.md)
98
+
99
+ ## 6. 受众阅读路径
100
+
101
+ - 实施接入阅读路径:[implementation-onboarding-reading-path.md](implementation-onboarding-reading-path.md)
102
+ - 团队培训阅读路径:[team-training-reading-path.md](team-training-reading-path.md)
103
+
104
+ ## 7. 排障与规范
105
+
106
+ - 安装与使用排障:[troubleshooting.md](troubleshooting.md)
107
+ - 完整使用手册:[team-skills-usage.md](team-skills-usage.md)
108
+ - 命令输出合同:[team-command-output-contracts.md](team-command-output-contracts.md)
109
+ - 发布治理阅读路径:[release-governance-reading-path.md](release-governance-reading-path.md)
110
+ - 示例总索引:[../../examples/INDEX.md](../../examples/INDEX.md)
111
+
112
+ ## 8. 企业扩展与发布收口
113
+
114
+ - 自定义 overlay 扩展:[custom-overlay.md](custom-overlay.md)
115
+ - 自定义 overlay 创建入口:[custom-overlay.md](custom-overlay.md)
116
+ - Langfuse 追踪与可观测性集成指南:[langfuse-and-observability-integration-guide.md](langfuse-and-observability-integration-guide.md)
117
+ - 发布治理阅读路径:[release-governance-reading-path.md](release-governance-reading-path.md)
118
+
119
+ ## 9. 推荐阅读路径
120
+
121
+ ### 8.1 第一次用 Codex
122
+
123
+ 1. [codex-quick-start.md](codex-quick-start.md)
124
+ 2. [codex-workflow-essentials.md](codex-workflow-essentials.md)
125
+ 3. [first-team-workflow-walkthrough.md](first-team-workflow-walkthrough.md)
126
+ 4. [../../examples/codex-scenario-playbook.md](../../examples/codex-scenario-playbook.md)
127
+
128
+ ### 8.2 需要并行加速
129
+
130
+ 1. [codex-multi-agent-orchestration.md](codex-multi-agent-orchestration.md)
131
+ 2. [specialist-commands-playbook.md](specialist-commands-playbook.md)
132
+ 3. [handoff-filling-guide-with-examples.md](handoff-filling-guide-with-examples.md)
133
+
134
+ ### 8.3 需要新增能力路径
135
+
136
+ 1. 想先看命令、skills、runtime 全景:看 [command-and-capability-matrix.md](command-and-capability-matrix.md)
137
+ 2. 想体验 `/tdd`、`/harness-audit`:看 [codex-quick-start.md](codex-quick-start.md) 和 [../../examples/codex-scenario-playbook.md](../../examples/codex-scenario-playbook.md)
138
+ 3. 想理解并行、budget、compact、cost、instinct:看 [runtime-capabilities-overview.md](runtime-capabilities-overview.md)
139
+
140
+ ### 8.4 需要联调和跨角色协作
141
+
142
+ 1. [frontend-backend-parallel-integration-walkthrough.md](frontend-backend-parallel-integration-walkthrough.md)
143
+ 2. [parallel-development-coordination-walkthrough.md](parallel-development-coordination-walkthrough.md)
144
+ 3. [cross-role-issue-triage-walkthrough.md](cross-role-issue-triage-walkthrough.md)
145
+
146
+ ### 8.5 需要质量或发布收口
147
+
148
+ 1. [qa-engineer-daily-operations.md](qa-engineer-daily-operations.md)
149
+ 2. [devops-engineer-daily-operations.md](devops-engineer-daily-operations.md)
150
+ 3. [hotfix-emergency-release-walkthrough.md](hotfix-emergency-release-walkthrough.md)
151
+
152
+ ### 8.6 需要需求、架构或发布治理
153
+
154
+ 1. [product-manager-daily-operations.md](product-manager-daily-operations.md)
155
+ 2. [architect-daily-operations.md](architect-daily-operations.md)
156
+ 3. [canary-staging-release-walkthrough.md](canary-staging-release-walkthrough.md)
157
+ 4. [production-incident-response-walkthrough.md](production-incident-response-walkthrough.md)
158
+
159
+ ### 8.7 需要自定义 overlay 扩展能力
160
+
161
+ 1. 想创建自定义 overlay,看 [custom-overlay.md](custom-overlay.md)
162
+ 2.
163
+
164
+ ### 8.8 按受众快速进入
165
+
166
+ 1. 管理层先看 [executive-value-one-page.md](executive-value-one-page.md)
167
+ 2. 实施接入先看 [implementation-onboarding-reading-path.md](implementation-onboarding-reading-path.md)
168
+ 3. 团队培训先看 [team-training-reading-path.md](team-training-reading-path.md)
@@ -0,0 +1,88 @@
1
+ ---
2
+ version: "0.1.0"
3
+ status: draft
4
+ created: 2026-03-28
5
+ updated: 2026-03-28
6
+ owner: 工程团队
7
+ ---
8
+
9
+ # Codex 工作流要领
10
+
11
+ 本文说明 Codex 端的工作方式和 Claude 有什么差别,以及为什么 Codex 更适合“主链 + specialist + 并行 agent”的组合。
12
+
13
+ 如果你想先看完整命令面,读 [command-and-capability-matrix.md](command-and-capability-matrix.md)。如果你想理解并行之外的预算、compact、observation、instinct 等后台机制,读 [runtime-capabilities-overview.md](runtime-capabilities-overview.md)。
14
+
15
+ ## 1. Codex 的适用特点
16
+
17
+ - 更适合围绕插件目录连续工作
18
+ - 更适合把多个 agent 结果并行收集再回到主链
19
+ - 更适合较大、依赖较多的任务
20
+
21
+ ## 2. 安装后的第一步
22
+
23
+ 完成 [codex-quick-start.md](codex-quick-start.md) 后,建议再做三件事:
24
+
25
+ 1. 确认插件目录里能看到命令和 agents
26
+ 2. 选一个真实任务跑最小闭环
27
+ 3. 明确哪些 specialist 会成为你的高频工具
28
+ 4. 区分哪些是显式命令,哪些是 runtime 自动生效的后台能力
29
+
30
+ ## 3. 主链在 Codex 中怎么跑
31
+
32
+ 推荐顺序:
33
+
34
+ 1. `/team-intake`
35
+ 2. `/team-plan`
36
+ 3. 按任务形态插入 `/plan`、`/tdd`、`/multi-*`、`/build-fix`、`/verify`
37
+ 4. `/handoff`
38
+ 5. `/team-review` 或 `/team-release`
39
+
40
+ ## 4. Specialist 如何插入
41
+
42
+ 高频用法:
43
+
44
+ - 方案复杂:`/plan`
45
+ - 测试先行:`/tdd`
46
+ - 前端复杂:`/multi-frontend`
47
+ - 后端复杂:`/multi-backend`
48
+ - 构建问题:`/build-fix`
49
+ - 结果验证:`/verify`
50
+ - 平台自检:`/harness-audit`
51
+
52
+ 建议你把 specialist 分成三类理解:
53
+
54
+ - 面向业务交付的命令:`/plan`、`/tdd`、`/build-fix`、`/verify`
55
+ - 面向并行编排的命令:`/multi-frontend`、`/multi-backend`
56
+ - 面向平台治理的命令:`/harness-audit`
57
+
58
+ ## 5. 结果聚合原则
59
+
60
+ Codex 的关键不是“多跑几个 agent”,而是“能不能把结果安全回收到主链”。
61
+
62
+ 建议每次 specialist 之后都补:
63
+
64
+ ```text
65
+ 请把上面的专项结论整理为可直接进入 /handoff 的格式。
66
+ ```
67
+
68
+ 如果刚跑完的是 `/tdd`,再补一句:
69
+
70
+ ```text
71
+ 请把测试约束、实现顺序和验证口径整理成可直接进入 /team-execute 的动作清单。
72
+ ```
73
+
74
+ 如果刚跑完的是 `/harness-audit`,再补一句:
75
+
76
+ ```text
77
+ 请把高优先级缺口拆成文档、命令、skills、hooks 四类收敛动作。
78
+ ```
79
+
80
+ ## 6. 常见错误
81
+
82
+ - 并行跑了很多 agent,却没有统一收口
83
+ - specialist 跳过主链直接变成最终结论
84
+ - 复杂任务没有先做 intake 和 plan
85
+ - 把 `/harness-audit` 当成业务任务评审命令使用
86
+ - 不区分显式命令和 runtime,导致把 observation、compact 误写成“手动执行步骤”
87
+
88
+ 如果你需要更深入的并行编排,继续看 [codex-multi-agent-orchestration.md](codex-multi-agent-orchestration.md);如果你想直接复制高频表达方式,继续看 [codex-parallel-prompt-recipes.md](codex-parallel-prompt-recipes.md);如果你想看平台能力自检怎么做,继续看 [specialist-commands-playbook.md](specialist-commands-playbook.md)。
@@ -0,0 +1,162 @@
1
+ ---
2
+ version: "2.3.0"
3
+ status: draft
4
+ created: 2026-03-29
5
+ updated: 2026-04-18
6
+ owner: 工程团队
7
+ doc_tier: entry
8
+ last_verified: 2026-04-18
9
+ source_of_truth:
10
+ - ../../README.md
11
+ - ../../AGENTS.md
12
+ - ../../commands/
13
+ ---
14
+
15
+ # 命令与能力矩阵
16
+
17
+ 本文只回答一个问题:当前平台到底有哪些公开命令、ECC 增强能力和 runtime 能力,以及它们通常怎么组合。BMAD 在这里继续作为方法来源,不再暴露成第二套 `/bmad-*` 工作流。
18
+
19
+ ## 0. 文档生命周期字段
20
+
21
+ | 字段 | 当前值 | 说明 |
22
+ |------|--------|------|
23
+ | `status` | `draft` | 文档成熟度;未标记 `active` 前默认按草案迭代 |
24
+ | `doc_tier` | `entry` | 入口层文档;与 README / AGENTS 一起维护公开口径 |
25
+ | `last_verified` | `2026-04-17` | 最近一次人工验证日期(命令面与入口一致性) |
26
+ | `source_of_truth` | `README.md`、`AGENTS.md`、`commands/` | 命令定义与公开口径的权威来源 |
27
+
28
+ ## 1. 公开命令总表
29
+
30
+ | 类型 | 命令 | 作用 | 典型输出回落位置 |
31
+ |------|------|------|------------------|
32
+ | 主链入口 | `/team-help` | 根据当前阶段、artifacts、handoff 与阻塞项推荐下一条主链命令 | `/team-intake`、`/team-plan`、`/team-execute`、`/team-closeout` |
33
+ | 主链 | `/team-intake` | 锁目标、范围、约束、角色和候选扩展 | `/team-plan` |
34
+ | 主链 | `/team-plan` | 完成 challenge / design 收口、形成 implementation-readiness | `/team-execute`、`/handoff` |
35
+ | 主链 | `/handoff` | 结构化交接与 readiness proof 收口 | `/team-review`、`/team-release` |
36
+ | 主链 | `/team-execute` | 消费 readiness proof 执行实现、自测与执行记录 | `/handoff` |
37
+ | 主链 | `/team-review` | 质量结论、阻塞、放行建议 | `/team-release` |
38
+ | 主链 | `/team-release` | 发布方案、观察窗口、回滚与责任链 | `/team-closeout` |
39
+ | 主链 | `/team-closeout` | 最终验收、观察窗口收口、backlog 回写 | 任务关闭 / follow-up |
40
+ | specialist | `/plan` | 深度规划、阶段拆解 | `/team-plan`、`/handoff` |
41
+ | specialist | `/tdd` | 测试先行、red-green-refactor 路径 | `/team-execute`、`/handoff` |
42
+ | specialist | `/code-review` | 实现风险、回归与质量审查 | `/handoff`、`/team-review` |
43
+ | specialist | `/build-fix` | 构建与校验失败定位、修复 | `/team-execute`、`/handoff` |
44
+ | specialist | `/verify` | 关键路径验证、放行前证据 | `/team-review`、`/team-release` |
45
+ | specialist | `/multi-frontend` | 前端并行分析:实现 / UIUX / QA | `/handoff`、`/team-plan` |
46
+ | specialist | `/multi-backend` | 后端并行分析:接口 / 权限 / 测试 | `/handoff`、`/team-plan` |
47
+ | 快捷执行 | `/quick` | 小范围低风险任务的快速闭环 | `/handoff`、`/team-review` |
48
+ | 快捷执行 | `/pause` | 暂停当前会话并生成恢复快照 | `/resume` |
49
+ | 快捷执行 | `/resume` | 从最近暂停状态恢复会话继续执行 | `/team-*` 主链或 `/quick` |
50
+ | 进阶能力 | `/pua` | 高能动性与高压闭环推进 | `/team-execute`、`/team-release` |
51
+ | 进阶能力 | `/model-route` | 按任务复杂度和预算建议模型档位 | 当前任务上下文 |
52
+ | 进阶能力 | `/evolve` | 管理 instinct/gene 演进生命周期 | `docs/memory/`、演进资产 |
53
+ | 进阶能力 | `/learn` | 从会话提炼复用模式并沉淀 | 本地 skills 资产 |
54
+ | 进阶能力 | `/agent-dev` | 交互式 Agent 开发 Workshop | `skills/`、`agents/`、`commands/` |
55
+ | 平台体检 | `/harness-audit` | 审视平台覆盖度、hook 有效性、文档质量和集成深度 | 平台治理、文档补齐、下一轮收敛 |
56
+
57
+ ## 2. 主链最小闭环
58
+
59
+ 1. 先用 `/team-help` 判断入口,不直接猜下一条命令
60
+ 2. 正式主链输出统一通过 `npm run artifact:persist -- ...` 落到 `docs/artifacts/`
61
+ 3. `/team-plan` 负责收口 challenge、design review 和 implementation-readiness
62
+ 4. `/team-execute` 只消费已具备 readiness proof 的 story-sized execution unit
63
+ 5. 发布后仍需 `/team-closeout` 收完观察窗口
64
+ 6. `/team-help` 到 `/team-release` 默认带上 `karpathy-guidelines` 这层行为护栏;它用于暴露假设、收敛 scope、保持改动外科化,但不是新的阻塞门槛
65
+
66
+ ## 3. ECC 能力分组
67
+
68
+ ### 3.1 调试与验证
69
+
70
+ | 能力 | 作用 | 常搭命令 |
71
+ |------|------|----------|
72
+ | `doc-architecture` | 文档发现、建模、一致性审计并映射到 artifacts | `/team-intake`、`/team-plan`、`/team-review` |
73
+ | `graphify` | 可选知识图谱能力,用于 brownfield 结构扫描、依赖路径分析与架构问答证据 | `/team-help`、`/team-plan`、`/team-execute` |
74
+ | `gitnexus` | 受控可选代码智能能力,用于 MCP 查询、impact、detect_changes、多仓图谱证据 | `/team-help`、`/team-plan`、`/team-execute`、`/team-review` |
75
+ | `karpathy-guidelines` | 主流程默认行为护栏:先暴露假设、优先简单方案、限定改动边界、先锁成功标准 | `/team-help`、`/team-intake`、`/team-plan`、`/team-execute`、`/team-review`、`/team-release` |
76
+ | `browser-smoke-testing` | 浏览器主路径与 smoke 证据 | `/team-execute`、`/verify`、`/team-release` |
77
+ | `pairwise-test-design` | 组合爆炸压缩 | `/team-plan`、`/team-review` |
78
+ | `testcontainers-integration-testing` | 容器化集成验证 | `/team-execute`、`/verify` |
79
+ | `systematic-debugging` | 根因定位而不是表面修错 | `/build-fix`、`/team-execute` |
80
+ | `java-unit-test` | Java 单测与验证 | `/tdd`、`/team-execute` |
81
+ | `maven-qa` | Java/Maven 质量门禁 | `/team-review`、`/verify` |
82
+ | `eval-harness` | eval-driven development、pass@k 与回归基线 | `/tdd`、`/verify` |
83
+
84
+ ### 3.2 编排与效率
85
+
86
+ | 能力 | 作用 | 常搭命令 |
87
+ |------|------|----------|
88
+ | `parallel-execution` | worktree / 并行实例 / 级联任务 | `/multi-frontend`、`/multi-backend` |
89
+ | `strategic-compact` | 长会话压缩与上下文重组 | 长会话中的 specialist 与主链 |
90
+ | `cost-aware-llm-pipeline` | 模型选择、成本控制、上下文预算 | 长会话、复杂任务规划 |
91
+ | `harness-audit` | 平台能力评分与改进优先级 | `/harness-audit` |
92
+
93
+ ### 3.3 学习与记忆
94
+
95
+ | 能力 | 作用 | 常搭命令 |
96
+ |------|------|----------|
97
+ | `error-experience-library` | 错误模式沉淀、历史方案检索 | `/build-fix`、`/team-execute` |
98
+ | `continuous-learning` | 项目级 / 全局级模式演进 | 长期使用、平台演进 |
99
+
100
+ ## 4. runtime 能力总览
101
+
102
+ | 类别 | 当前入口 | 作用 |
103
+ |------|----------|------|
104
+ | session memory | `scripts/hooks/session-start-bootstrap.js`、`scripts/hooks/session-start.js`、`scripts/hooks/session-end.js` | 会话摘要、待办与上下文连续性 |
105
+ | governance capture | `scripts/hooks/governance-capture.js` | secret / approval / policy 信号采集 |
106
+ | cost awareness | `scripts/hooks/cost-tracker.js` | token 与成本记录 |
107
+ | compact readiness | `scripts/hooks/suggest-compact.js`、`scripts/hooks/pre-compact.js` | 长会话整理与 compact 提示 |
108
+ | MCP health | `scripts/hooks/mcp-health-check.js` | MCP 健康检测与失败信号 |
109
+ | edit quality | `scripts/hooks/quality-gate.js` + Stop hooks | 编辑后最小质量闸口 |
110
+
111
+ 完整说明见 [runtime-capabilities-overview.md](runtime-capabilities-overview.md)。
112
+
113
+ ## 5. 安装与落盘关联
114
+
115
+ - Claude legacy install 现在会复制 `scripts/hooks/*.js`,并在 `settings.json` 中清理旧 `.py` hook 引用
116
+ - Codex / Claude 安装都以当前平铺的 `skills/` 为正式能力目录,不再把旧三层目录当成现行结构
117
+ - 用户面任务产出统一通过 `artifact:persist` 落盘,不依赖“只在对话里说过”
118
+
119
+ ## 6. 推荐组合
120
+
121
+ ### 6.1 新功能
122
+
123
+ 1. `/team-help`
124
+ 2. `/team-intake`
125
+ 3. `/team-plan`
126
+ 4. 需要测试先行时补 `/tdd`
127
+ 5. `/team-execute`
128
+ 6. `/handoff`
129
+ 7. `/team-review`
130
+ 8. `/team-release`
131
+ 9. `/team-closeout`
132
+
133
+ ### 6.2 小修复
134
+
135
+ 1. `/team-help`
136
+ 2. `/quick` 或 `/team-intake`
137
+ 3. `/code-review` 或 `/build-fix`
138
+ 4. `/handoff`
139
+ 5. `/team-review`
140
+
141
+ ### 6.3 平台治理
142
+
143
+ 1. `/team-help`
144
+ 2. `/team-plan`
145
+ 3. `/harness-audit`
146
+ 4. 对照 README、quick start、usage runbooks 和 install/runtime 测试补齐入口
147
+
148
+ ### 6.4 Brownfield 结构扫描(可选)
149
+
150
+ 1. `/team-help`
151
+ 2. `/update-codemaps` 生成轻量现状快照
152
+ 3. 轻量结构证据执行 `npm run graphify:doctor`;深影响面或 MCP 证据执行 `npm run gitnexus:doctor`
153
+ 4. Graphify 执行 `build/query/path/explain`,或 GitNexus 执行受控索引后查询 `impact/detect_changes/context`
154
+ 5. `/team-plan` 消费图谱证据收口 challenge/design/readiness
155
+ 6. `/team-execute` 与 `/team-review` 持续引用图谱证据,不创建并行责任链
156
+
157
+ ## 7. 下一步看什么
158
+
159
+ - 想看 quick start:看 [claude-quick-start.md](claude-quick-start.md) 和 [codex-quick-start.md](codex-quick-start.md)
160
+ - 想看接入流程:看 [project-onboarding.md](project-onboarding.md)
161
+ - 想看完整使用手册:看 [team-skills-usage.md](team-skills-usage.md)
162
+ - 想看后台机制:看 [runtime-capabilities-overview.md](runtime-capabilities-overview.md)
@@ -0,0 +1,84 @@
1
+ # Conftest Policy 门禁手册
2
+
3
+ 本手册承接 `open-policy-agent/conftest` 的工程实践,用于把 policy-as-code 预检接入 PR、评审和发布准备。它补的是“在合并或发布前,先用 Rego 策略检查 structured config 是否满足团队规则”这一层,不替代 `trivy-security-gates`、`policy-controller-gates`、`dependency-review-gates` 或人工评审。
4
+
5
+ ## 适用场景
6
+
7
+ - 变更涉及 Kubernetes YAML、Helm values、Terraform、JSON、YAML、Docker Compose 或其他结构化配置。
8
+ - 团队希望把“配置是否符合团队规则”从人工 review 中抽出来,变成可重复执行的 policy check。
9
+ - 需要在 PR 或发布前提前拦住高风险配置,例如不安全的资源限制、镜像来源、权限、暴露端口或命名规范问题。
10
+ - 团队希望把配置规则集中成 Rego policy,而不是把同类检查散落在多个脚本、lint 工具或 review checklist 里。
11
+
12
+ ## 不适用场景
13
+
14
+ - 只想扫描漏洞、secret 或镜像内容,却没有明确的配置策略要表达。
15
+ - 团队还没有准备好维护 Rego policy、测试样例和例外流程。
16
+ - 期望 Conftest 替代 `trivy-security-gates` 对镜像、文件系统和 IaC 漏洞 / misconfiguration 的检查。
17
+ - 期望 Conftest 替代 `policy-controller-gates` 在 Kubernetes admission 层的强制执行。
18
+ - 变更只是代码逻辑,而不是结构化配置或策略输入。
19
+
20
+ ## 推荐落地方式
21
+
22
+ 1. 先从单一配置域开始,不要一上来就把所有文件类型和所有规则都放进同一套 policy。
23
+ 2. 第一阶段优先覆盖高价值、低歧义的规则:
24
+ - Kubernetes 资源的安全默认值
25
+ - Helm / values 的环境约束
26
+ - Terraform 的命名、标签、权限或暴露面规则
27
+ - JSON / YAML 配置里的结构性约束
28
+ 3. 将 Conftest 与现有链路分层:
29
+ - `kubeconform-schema-gates` 负责 Kubernetes manifest 的 schema 级结构校验
30
+ - `checkov-iac-gates` 负责 IaC 安全与合规基线、内置规则和图关系检查
31
+ - `trivy-security-gates` 负责漏洞、secret 和 IaC 扫描结果
32
+ - `conftest-policy-gates` 负责配置结构、团队规则和 policy-as-code 预检
33
+ - `kyverno-policy-gates` 负责 Kubernetes 集群内的 admission、background scan 和 policy report 执行
34
+ - `policy-controller-gates` 负责在集群 admission 层把确认过的策略强制执行
35
+ 4. 先在 PR 级或 pre-merge 阶段跑 policy check,再决定是否把某些规则升级成发布门禁。
36
+ 5. 结果必须回写到 `/team-review`、`/team-release` 或对应配置仓库,不要只停在命令输出里。
37
+
38
+ ## 最小门禁模型
39
+
40
+ - `target layer`:Kubernetes、Terraform、Helm、YAML、JSON 或其他结构化配置
41
+ - `policy layer`:Rego policy、规则集和例外条件
42
+ - `evaluation layer`:Conftest 对输入配置执行 policy 计算
43
+ - `decision layer`:`qa-engineer`、`devops-engineer`、`tech-lead` 决定是否阻塞合并或发布
44
+
45
+ 重点不是“跑过一个 policy checker”,而是团队是否能稳定回答“这条配置违反了哪条规则、为什么、是否允许例外”。
46
+
47
+ ## 重点检查项
48
+
49
+ - 是否覆盖了团队真正关心的配置类型,而不是只做样例级别的演示
50
+ - Rego 规则是否足够明确,避免把模糊判断写成难以维护的 policy
51
+ - policy 是否和 Kubernetes / Terraform / Helm 的实际使用方式对齐
52
+ - 是否把规则和例外分开管理,避免 policy 越堆越多后无人维护
53
+ - 是否存在大量误报或重复规则,导致团队把 Conftest 当成噪音源
54
+ - 对于高风险配置,失败结果是否能回写到 review 或 release 结论,而不是只留在本地输出
55
+
56
+ ## 反模式
57
+
58
+ - 只把 Conftest 当成“还能跑的另一个 lint 工具”,没有明确 policy owner。
59
+ - 规则写得过于宽泛,最后任何配置都能解释成通过。
60
+ - policy 只在 CI 里执行,团队却没有样例、基线和 triage 责任。
61
+ - 把它当成漏洞扫描器,忽略它本质上是配置策略测试工具。
62
+ - 既有 `trivy-security-gates` 又有 `policy-controller-gates`,却没有说明 Conftest 在 PR 级和发布前的定位。
63
+
64
+ ## 输出回落
65
+
66
+ - PR 阶段:把 policy 命中、例外判断和修改建议写入 review 摘要。
67
+ - 评审阶段:在 `/team-review` 中说明哪些配置问题来自 Conftest,哪些已经人工确认或需要阻塞。
68
+ - 发布阶段:若配置违反关键策略,必须回写到 `/team-release` 的风险、放行结论或后续观察项。
69
+ - 治理阶段:把长期稳定的 policy、基线和例外沉淀到配置仓库或治理文档中。
70
+
71
+ ## 许可证与使用边界
72
+
73
+ - `open-policy-agent/conftest` 采用 Apache-2.0。
74
+ - 引入前应确认团队是否具备维护 Rego policy、样例输入和例外流程的能力。
75
+ - 若团队已经需要在集群内强制执行策略,应把 `conftest-policy-gates` 视为 PR / 发布前预检,而不是 admission 层的最终门禁。
76
+
77
+ ## 参考来源
78
+
79
+ - [open-policy-agent/conftest](https://github.com/open-policy-agent/conftest)
80
+ - [kubeconform-schema-gates.md](kubeconform-schema-gates.md)
81
+ - [checkov-iac-gates.md](checkov-iac-gates.md)
82
+ - [trivy-security-gates.md](trivy-security-gates.md)
83
+ - [kyverno-policy-gates.md](kyverno-policy-gates.md)
84
+ - [policy-controller-gates.md](policy-controller-gates.md)
@@ -0,0 +1,45 @@
1
+ ---
2
+ version: "0.1.0"
3
+ status: draft
4
+ created: 2026-03-28
5
+ updated: 2026-03-28
6
+ owner: 工程团队
7
+ ---
8
+
9
+ # Consumer-Driven Contract 与 Mock 对齐指南
10
+
11
+ 本文聚焦 consumer-driven contract testing 和 Mock 的协同关系,解决“Mock 能跑、Pact 也能过,但真实接口仍然错位”的问题。
12
+
13
+ ## 1. 核心原则
14
+
15
+ - Mock 负责提早开发与局部验证
16
+ - Contract 负责 consumer/provider 的行为约定
17
+ - 真实联调负责确认运行时细节没有偏离
18
+
19
+ ## 2. 对齐节奏
20
+
21
+ - consumer 先声明真正依赖的行为
22
+ - Mock 只表达当前 consumer 需要的最小集合
23
+ - provider verification 结果要回写 contract 和 handoff
24
+ - 真实接口联调后,清理不再成立的 Mock 假设
25
+
26
+ ## 3. 需要同步的内容
27
+
28
+ - 字段是否必填
29
+ - 错误码和错误语义
30
+ - 分页、排序、权限、幂等行为
31
+ - 版本策略和兼容边界
32
+
33
+ ## 4. 常见错误
34
+
35
+ - 用 Mock 固化 provider 的实现细节
36
+ - Contract 变了,但 consumer Mock 没变
37
+ - provider verification 失败后没有明确归因
38
+
39
+ ## 5. 建议落点
40
+
41
+ - 契约更新回写到 [../../templates/api-contract.md](../../templates/api-contract.md)
42
+ - 联调结果回写到 handoff 与 `/team-review`
43
+ - 发布前把高风险契约差异写入 `/team-release`
44
+
45
+ 与这些文档配合阅读:[contract-testing-playbook.md](contract-testing-playbook.md)、[api-design-evolution-walkthrough.md](api-design-evolution-walkthrough.md)
@@ -0,0 +1,78 @@
1
+ # Contract Testing 手册
2
+
3
+ 本手册承接 `pact-foundation/pact-jvm` 的工程实践,用于把 consumer/provider contract testing 接入 API 设计、实现验证和发布准备。它补的是“调用方与提供方对同一接口的真实约定是否一致”这一层,不替代 `api-contract`、`api-breaking-change-gates`、`api-lint-gates` 或人工架构评审。
4
+
5
+ 配套实践可继续看 [api-mocking-strategy-and-lifecycle-guide.md](api-mocking-strategy-and-lifecycle-guide.md)、[frontend-backend-integration-acceptance-checklist.md](frontend-backend-integration-acceptance-checklist.md) 与 [consumer-driven-contract-testing-with-mock-alignment.md](consumer-driven-contract-testing-with-mock-alignment.md)。
6
+
7
+ ## 适用场景
8
+
9
+ - 多服务协作时,consumer 和 provider 不同团队开发,接口语义容易口头对齐、代码上失配。
10
+ - 想在联调前就提前暴露请求字段、响应字段、状态码、鉴权或行为约定的偏差。
11
+ - 需要把“这个接口对调用方到底意味着什么”沉淀成可执行、可回放、可验证的契约。
12
+ - 接口实现变化频繁,但调用方又依赖稳定行为,适合用契约测试兜住协作边界。
13
+
14
+ ## 不适用场景
15
+
16
+ - 当前接口契约还没稳定,连基本请求响应形状都在频繁漂移。
17
+ - 只有单体内局部方法调用,没有明确的 consumer/provider 边界。
18
+ - 团队没有人愿意维护 pact 文件、provider verification 或失败 triage。
19
+ - 期望 contract testing 替代 API 设计、breaking change 检查或系统级集成测试。
20
+
21
+ ## 推荐落地方式
22
+
23
+ 1. 先明确要覆盖的边界,不要一上来把所有接口都做成契约测试。
24
+ 2. 第一阶段先挑最有价值的调用链:
25
+ - 高价值 consumer
26
+ - 经常联调失败的 provider
27
+ - 容易回归的鉴权、分页、错误处理和字段映射
28
+ 3. 先让 consumer 产出稳定 pact,再让 provider 做 verification,不要反过来用 provider 的实现细节去“猜” consumer 约定。
29
+ 4. 将 contract testing 与现有 API 链路分层:
30
+ - `api-contract` 负责接口语义与文档约定
31
+ - `api-lint-gates` 负责 spec 结构和风格约束
32
+ - `api-breaking-change-gates` 负责向后兼容性检查
33
+ - `contract-testing-playbook` 负责 consumer/provider 的运行时契约验证
34
+ 5. 如果团队有发布节奏,先把契约验证放进 PR 或 pre-merge 阶段,再决定是否把 provider verification 也纳入 release gate。
35
+ 6. 结果必须回写到 `/team-review`、`/team-release` 或 `api-contract`,不要只停在某个模块测试日志里。
36
+
37
+ ## 最小门禁模型
38
+
39
+ - `contract layer`:consumer 产出的 pact 文件或契约描述
40
+ - `mock layer`:consumer 测试时使用的 mock service 或 stub
41
+ - `verification layer`:provider 对 pact 的验证结果
42
+ - `decision layer`:`architect`、`backend-engineer`、`qa-engineer`、`tech-lead` 判断是否阻塞
43
+
44
+ 工具负责把交互录下来,团队负责判断这些交互是不是产品真正需要的约定。
45
+
46
+ ## 重点检查项
47
+
48
+ - consumer 是否只表达真正依赖的行为,而不是把内部实现细节也固化进 pact
49
+ - provider verification 是否覆盖了关键路径、错误响应和边界条件
50
+ - pact 文件是否稳定、可回放、可版本化,而不是每次跑出来都不一样
51
+ - 当接口变化时,是否能清楚区分“consumer 需要改”还是“provider 需要兼容”
52
+ - 失败结果是否能定位到具体交互,而不是只看到“verification failed”
53
+
54
+ ## 反模式
55
+
56
+ - 把 provider 的实现细节硬塞进 consumer pact,导致契约变成伪测试。
57
+ - 只给 happy path 写 pact,错误响应和边界态完全没覆盖。
58
+ - pact 文件一变就全量重写,没有版本意识,也没有变更解释。
59
+ - 只有 consumer 端跑了 mock,provider 端从未做 verification。
60
+ - 契约测试失败后没人 triage,最后团队默认忽略这条门禁。
61
+
62
+ ## 输出回落
63
+
64
+ - 设计阶段:把需要稳定的请求响应、错误码和行为约定回写到 [api-contract.md](../../templates/api-contract.md) 或接口说明中。
65
+ - 评审阶段:在 `/team-review` 中说明哪些 pact 变更是预期内的,哪些需要 provider 兼容或 consumer 回滚。
66
+ - 发布阶段:若契约验证仍存在未关闭的高风险问题,必须同步到 `/team-release` 的放行结论或观察项。
67
+
68
+ ## 许可证与使用边界
69
+
70
+ - `pact-foundation/pact-jvm` 采用 Apache-2.0。
71
+ - 引入前应确认 JVM 版本、构建工具、provider verification 运行环境,以及团队是否有维护 pact 资产的责任人。
72
+
73
+ ## 参考来源
74
+
75
+ - [pact-foundation/pact-jvm](https://github.com/pact-foundation/pact-jvm)
76
+ - [api-contract.md](../../templates/api-contract.md)
77
+ - [api-breaking-change-gates.md](api-breaking-change-gates.md)
78
+ - [api-lint-gates.md](api-lint-gates.md)