@colin4k1024/tsp 2.4.4 → 2.4.6

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (236) hide show
  1. package/README.md +16 -20
  2. package/bin/lib/install-surface.js +3 -3
  3. package/bin/lib/source-installer.js +2 -2
  4. package/commands/team-help.md +2 -2
  5. package/commands/team-plan.md +1 -1
  6. package/commands/update-codemaps.md +3 -3
  7. package/manifests/install-components.json +1 -1
  8. package/manifests/install-modules.json +17 -3
  9. package/manifests/install-profiles.json +2 -0
  10. package/package.json +6 -3
  11. package/schemas/ecc-install-config.schema.json +6 -1
  12. package/schemas/install-modules.schema.json +4 -1
  13. package/scripts/codegraph-preflight.js +179 -0
  14. package/scripts/gitnexus-preflight.js +8 -0
  15. package/scripts/install-apply.js +10 -8
  16. package/scripts/install-codegraph.js +158 -0
  17. package/scripts/install-plan.js +28 -11
  18. package/scripts/lib/install/apply.js +256 -5
  19. package/scripts/lib/install/request.js +3 -2
  20. package/scripts/lib/install-audit-manifest.js +3 -0
  21. package/scripts/lib/install-executor.js +14 -5
  22. package/scripts/lib/install-lifecycle.js +2 -2
  23. package/scripts/lib/install-manifests.js +23 -4
  24. package/scripts/lib/install-targets/codex-home.js +187 -1
  25. package/scripts/lib/install-targets/opencode-home.js +135 -2
  26. package/scripts/lib/install-targets/registry.js +23 -1
  27. package/scripts/lib/release-health.js +19 -4
  28. package/scripts/lib/team-skills-data.json +6 -6
  29. package/scripts/release-health-summary.js +1 -1
  30. package/scripts/workflow-help.js +3 -3
  31. package/skills/codegraph/SKILL.md +57 -0
  32. package/skills/codegraph/agents/openai.yaml +4 -0
  33. package/docs/.vitepress/config.mts +0 -199
  34. package/docs/adr/ADR-001-doc-architecture-integration.md +0 -33
  35. package/docs/guides/README.md +0 -5
  36. package/docs/guides/installation.md +0 -33
  37. package/docs/guides/user-guide.md +0 -36
  38. package/docs/index.md +0 -65
  39. package/docs/memory/backlog.md +0 -10
  40. package/docs/memory/decisions.md +0 -43
  41. package/docs/memory/lessons-learned.md +0 -87
  42. package/docs/plans/2026-04-03-python-remnants-audit.md +0 -265
  43. package/docs/plans/2026-04-03-scripts-python-to-js-migration.md +0 -372
  44. package/docs/plans/2026-04-03-solo-delivery-execution-checklist.md +0 -413
  45. package/docs/plans/2026-04-03-solo-delivery-gap-plan.md +0 -377
  46. package/docs/plans/2026-04-03-team-skills-workflow-gates.md +0 -548
  47. package/docs/plans/2026-04-21-open-source-readiness-gap-plan.md +0 -217
  48. package/docs/plans/llm-surface-reduction-audit.md +0 -147
  49. package/docs/plans/llm-surface-reduction-execution-checklist.md +0 -217
  50. package/docs/plans/llm-surface-reduction-execution-history.md +0 -124
  51. package/docs/plans/team-skills-platform-migration.md +0 -54
  52. package/docs/presentation/README.md +0 -42
  53. package/docs/presentation/audience-presentation-route-map.md +0 -84
  54. package/docs/presentation/executive-briefing-talk-track.md +0 -50
  55. package/docs/presentation/generate_capability_matrix.py +0 -396
  56. package/docs/presentation/generate_ppt.py +0 -354
  57. package/docs/presentation/implementation-onboarding-brief.md +0 -38
  58. package/docs/presentation/presentation-talk-track.md +0 -97
  59. package/docs/presentation/vertical-scenario-route-map.md +0 -99
  60. package/docs/presentation/workshop-facilitator-guide.md +0 -47
  61. package/docs/runbooks/actionlint-workflow-gates.md +0 -80
  62. package/docs/runbooks/agent-governance.md +0 -131
  63. package/docs/runbooks/ai-eval-platform-demo-execution-log.md +0 -147
  64. package/docs/runbooks/ai-eval-platform-demo-script.md +0 -136
  65. package/docs/runbooks/ai-eval-platform-walkthrough.md +0 -113
  66. package/docs/runbooks/ai-pr-review-automation.md +0 -56
  67. package/docs/runbooks/api-breaking-change-gates.md +0 -58
  68. package/docs/runbooks/api-design-evolution-walkthrough.md +0 -42
  69. package/docs/runbooks/api-lint-gates.md +0 -57
  70. package/docs/runbooks/api-mocking-strategy-and-lifecycle-guide.md +0 -47
  71. package/docs/runbooks/architect-daily-operations.md +0 -63
  72. package/docs/runbooks/architect-design-conversation-example.md +0 -83
  73. package/docs/runbooks/artifact-attestation-gates.md +0 -75
  74. package/docs/runbooks/artifact-persistence.md +0 -257
  75. package/docs/runbooks/backend-engineer-daily-operations.md +0 -63
  76. package/docs/runbooks/batch-optimization-completion-checklist.md +0 -104
  77. package/docs/runbooks/biz-service-designer-end-to-end-conversation-example.md +0 -5
  78. package/docs/runbooks/biz-service-designer-toolkit.md +0 -5
  79. package/docs/runbooks/bug-fix-complete-walkthrough.md +0 -60
  80. package/docs/runbooks/build-failure-recovery-walkthrough.md +0 -40
  81. package/docs/runbooks/canary-decision-matrix.md +0 -41
  82. package/docs/runbooks/canary-staging-release-walkthrough.md +0 -46
  83. package/docs/runbooks/checkov-iac-gates.md +0 -104
  84. package/docs/runbooks/claude-code-review-workflow.md +0 -72
  85. package/docs/runbooks/claude-conversation-prompt-recipes.md +0 -132
  86. package/docs/runbooks/claude-end-to-end-conversation-example.md +0 -198
  87. package/docs/runbooks/claude-feature-development-guide.md +0 -112
  88. package/docs/runbooks/claude-quick-start.md +0 -227
  89. package/docs/runbooks/claude-usage-scenarios.md +0 -176
  90. package/docs/runbooks/code-review-collaboration-walkthrough.md +0 -65
  91. package/docs/runbooks/codeql-pr-security-gates.md +0 -64
  92. package/docs/runbooks/codex-end-to-end-conversation-example.md +0 -166
  93. package/docs/runbooks/codex-multi-agent-orchestration.md +0 -65
  94. package/docs/runbooks/codex-parallel-prompt-recipes.md +0 -131
  95. package/docs/runbooks/codex-quick-start.md +0 -223
  96. package/docs/runbooks/codex-usage-scenarios.md +0 -168
  97. package/docs/runbooks/codex-workflow-essentials.md +0 -88
  98. package/docs/runbooks/command-and-capability-matrix.md +0 -162
  99. package/docs/runbooks/conftest-policy-gates.md +0 -84
  100. package/docs/runbooks/consumer-driven-contract-testing-with-mock-alignment.md +0 -45
  101. package/docs/runbooks/contract-testing-playbook.md +0 -78
  102. package/docs/runbooks/cosign-signing-gates.md +0 -71
  103. package/docs/runbooks/cross-role-issue-triage-walkthrough.md +0 -47
  104. package/docs/runbooks/cursor-quick-start.md +0 -123
  105. package/docs/runbooks/custom-overlay.md +0 -115
  106. package/docs/runbooks/data-ml-pipeline-demo-execution-log.md +0 -141
  107. package/docs/runbooks/data-ml-pipeline-demo-script.md +0 -102
  108. package/docs/runbooks/data-ml-pipeline-walkthrough.md +0 -119
  109. package/docs/runbooks/data-observability-quality-demo-execution-log.md +0 -36
  110. package/docs/runbooks/data-observability-quality-demo-script.md +0 -42
  111. package/docs/runbooks/data-observability-quality-walkthrough.md +0 -86
  112. package/docs/runbooks/demo-deliverables-overview.md +0 -278
  113. package/docs/runbooks/demo-execution-log.md +0 -530
  114. package/docs/runbooks/demo-scenario.md +0 -129
  115. package/docs/runbooks/dependency-review-gates.md +0 -63
  116. package/docs/runbooks/dependency-update-automation.md +0 -83
  117. package/docs/runbooks/design-md-workflow.md +0 -185
  118. package/docs/runbooks/devops-engineer-daily-operations.md +0 -60
  119. package/docs/runbooks/devops-release-conversation-example.md +0 -88
  120. package/docs/runbooks/doc-architecture-integration.md +0 -59
  121. package/docs/runbooks/doc-architecture-quick-start.md +0 -122
  122. package/docs/runbooks/document-execution-audit.md +0 -32
  123. package/docs/runbooks/documentation-update-walkthrough.md +0 -37
  124. package/docs/runbooks/ecc-harness-usage.md +0 -93
  125. package/docs/runbooks/error-experience-usage.md +0 -116
  126. package/docs/runbooks/evolution-usage.md +0 -162
  127. package/docs/runbooks/executive-value-one-page.md +0 -55
  128. package/docs/runbooks/external-capability-approval-and-enablement-workflow.md +0 -39
  129. package/docs/runbooks/external-capability-intake.md +0 -160
  130. package/docs/runbooks/first-team-command-60-seconds.md +0 -96
  131. package/docs/runbooks/first-team-workflow-walkthrough.md +0 -245
  132. package/docs/runbooks/frontend-backend-integration-acceptance-checklist.md +0 -46
  133. package/docs/runbooks/frontend-backend-parallel-integration-walkthrough.md +0 -48
  134. package/docs/runbooks/frontend-bugfix-one-page.md +0 -82
  135. package/docs/runbooks/frontend-engineer-daily-operations.md +0 -60
  136. package/docs/runbooks/frontend-enterprise-style-profile.md +0 -5
  137. package/docs/runbooks/frontend-governance.md +0 -47
  138. package/docs/runbooks/frontend-refactor-walkthrough.md +0 -42
  139. package/docs/runbooks/git-pr-workflow.md +0 -63
  140. package/docs/runbooks/github-actions-supply-chain-demo-execution-log.md +0 -158
  141. package/docs/runbooks/github-actions-supply-chain-demo-script.md +0 -150
  142. package/docs/runbooks/github-actions-supply-chain-walkthrough.md +0 -117
  143. package/docs/runbooks/github-token-permissions-baseline.md +0 -92
  144. package/docs/runbooks/gitlab-manual-pipeline-release.md +0 -5
  145. package/docs/runbooks/gitlab-release-integration-playbook.md +0 -5
  146. package/docs/runbooks/gitnexus-code-intelligence-usage.md +0 -133
  147. package/docs/runbooks/graphify-knowledge-graph-usage.md +0 -88
  148. package/docs/runbooks/handoff-filling-guide-with-examples.md +0 -70
  149. package/docs/runbooks/handoff-governance.md +0 -250
  150. package/docs/runbooks/helm-unittest-playbook.md +0 -101
  151. package/docs/runbooks/hotfix-emergency-release-walkthrough.md +0 -60
  152. package/docs/runbooks/iac-kubernetes-platform-demo-execution-log.md +0 -144
  153. package/docs/runbooks/iac-kubernetes-platform-demo-script.md +0 -130
  154. package/docs/runbooks/iac-kubernetes-platform-walkthrough.md +0 -120
  155. package/docs/runbooks/implementation-onboarding-reading-path.md +0 -67
  156. package/docs/runbooks/in-toto-attestation-framework.md +0 -94
  157. package/docs/runbooks/incident-severity-triage-tree.md +0 -43
  158. package/docs/runbooks/incident-triage-one-page.md +0 -65
  159. package/docs/runbooks/internal-developer-platform-demo-execution-log.md +0 -36
  160. package/docs/runbooks/internal-developer-platform-demo-script.md +0 -42
  161. package/docs/runbooks/internal-developer-platform-walkthrough.md +0 -91
  162. package/docs/runbooks/karpathy-guidelines-usage.md +0 -27
  163. package/docs/runbooks/kubeconform-schema-gates.md +0 -100
  164. package/docs/runbooks/kubectl-server-dry-run-gates.md +0 -103
  165. package/docs/runbooks/kyverno-policy-gates.md +0 -90
  166. package/docs/runbooks/langfuse-and-observability-integration-guide.md +0 -43
  167. package/docs/runbooks/langfuse-coding-trace.md +0 -44
  168. package/docs/runbooks/mobile-miniapp-delivery-walkthrough.md +0 -112
  169. package/docs/runbooks/mobile-miniapp-demo-execution-log.md +0 -139
  170. package/docs/runbooks/mobile-miniapp-demo-script.md +0 -129
  171. package/docs/runbooks/multi-service-backend-integration-walkthrough.md +0 -61
  172. package/docs/runbooks/open-design-integration.md +0 -163
  173. package/docs/runbooks/open-source-release-checklist.md +0 -90
  174. package/docs/runbooks/opencode-quick-start.md +0 -128
  175. package/docs/runbooks/parallel-development-coordination-walkthrough.md +0 -47
  176. package/docs/runbooks/parallel-execution-usage.md +0 -179
  177. package/docs/runbooks/platform-capability-demo-execution-log.md +0 -184
  178. package/docs/runbooks/platform-capability-demo-script.md +0 -192
  179. package/docs/runbooks/plugin-extension-platform-demo-execution-log.md +0 -136
  180. package/docs/runbooks/plugin-extension-platform-demo-script.md +0 -102
  181. package/docs/runbooks/plugin-extension-platform-walkthrough.md +0 -111
  182. package/docs/runbooks/policy-controller-gates.md +0 -75
  183. package/docs/runbooks/post-rollback-verification-checklist.md +0 -37
  184. package/docs/runbooks/pre-release-checklist.md +0 -50
  185. package/docs/runbooks/product-manager-clarification-conversation-example.md +0 -90
  186. package/docs/runbooks/product-manager-daily-operations.md +0 -60
  187. package/docs/runbooks/production-incident-response-walkthrough.md +0 -50
  188. package/docs/runbooks/project-claude-design-rationale.md +0 -188
  189. package/docs/runbooks/project-manager-daily-operations.md +0 -61
  190. package/docs/runbooks/project-manager-planning-conversation-example.md +0 -82
  191. package/docs/runbooks/project-onboarding.md +0 -452
  192. package/docs/runbooks/qa-engineer-daily-operations.md +0 -63
  193. package/docs/runbooks/qa-review-conversation-example.md +0 -87
  194. package/docs/runbooks/release-closure-one-page.md +0 -65
  195. package/docs/runbooks/release-governance-reading-path.md +0 -56
  196. package/docs/runbooks/release-notes-automation.md +0 -48
  197. package/docs/runbooks/release-rollback-recovery-walkthrough.md +0 -47
  198. package/docs/runbooks/requirement-clarity-and-scope-walkthrough.md +0 -46
  199. package/docs/runbooks/reviewdog-pr-gates.md +0 -49
  200. package/docs/runbooks/role-prompt-recipes.md +0 -130
  201. package/docs/runbooks/rtk-integration-intake.md +0 -45
  202. package/docs/runbooks/rtk-token-optimization-usage.md +0 -107
  203. package/docs/runbooks/runner-egress-hardening.md +0 -81
  204. package/docs/runbooks/runtime-capabilities-overview.md +0 -113
  205. package/docs/runbooks/sbom-generation-gates.md +0 -71
  206. package/docs/runbooks/scorecard-supply-chain-gates.md +0 -82
  207. package/docs/runbooks/secret-scanning-gates.md +0 -85
  208. package/docs/runbooks/security-compliance-platform-demo-execution-log.md +0 -36
  209. package/docs/runbooks/security-compliance-platform-demo-script.md +0 -49
  210. package/docs/runbooks/security-compliance-platform-walkthrough.md +0 -98
  211. package/docs/runbooks/slsa-generator-patterns.md +0 -73
  212. package/docs/runbooks/slsa-verification-gates.md +0 -75
  213. package/docs/runbooks/solo-delivery-mode.md +0 -142
  214. package/docs/runbooks/solo-delivery-one-page.md +0 -111
  215. package/docs/runbooks/specialist-commands-playbook.md +0 -85
  216. package/docs/runbooks/sub-agent-invocation-map.md +0 -144
  217. package/docs/runbooks/system-architecture-design-walkthrough.md +0 -49
  218. package/docs/runbooks/team-closeout-example.md +0 -73
  219. package/docs/runbooks/team-command-output-contracts.md +0 -358
  220. package/docs/runbooks/team-commands-quick-prompts.md +0 -125
  221. package/docs/runbooks/team-execute-example.md +0 -63
  222. package/docs/runbooks/team-handoff-example.md +0 -49
  223. package/docs/runbooks/team-intake-example.md +0 -70
  224. package/docs/runbooks/team-plan-example.md +0 -62
  225. package/docs/runbooks/team-release-example.md +0 -63
  226. package/docs/runbooks/team-review-example.md +0 -61
  227. package/docs/runbooks/team-skills-test-run.md +0 -184
  228. package/docs/runbooks/team-skills-usage.md +0 -336
  229. package/docs/runbooks/team-training-reading-path.md +0 -64
  230. package/docs/runbooks/tech-lead-closure-conversation-example.md +0 -78
  231. package/docs/runbooks/tech-lead-daily-operations.md +0 -67
  232. package/docs/runbooks/trivy-security-gates.md +0 -79
  233. package/docs/runbooks/troubleshooting.md +0 -234
  234. package/docs/runbooks/vertical-scenario-capability-matrix.md +0 -107
  235. package/docs/runbooks/witness-policy-gates.md +0 -78
  236. package/docs/runbooks/zizmor-workflow-audits.md +0 -81
@@ -1,82 +0,0 @@
1
- ---
2
- version: "0.1.0"
3
- status: draft
4
- created: 2026-03-28
5
- updated: 2026-03-28
6
- owner: 工程团队
7
- ---
8
-
9
- # 前端缺陷修复一页速查
10
-
11
- 本文把前端缺陷修复压缩成一页,适合已经知道平台基本工作方式,但不想每次都翻完整 walkthrough 的场景。
12
-
13
- ## 1. 什么时候用这页
14
-
15
- - 页面布局错乱、交互异常、状态显示错误
16
- - 需要补响应式、A11y 或 UI 验证证据
17
- - 任务边界清晰,优先考虑短链路
18
-
19
- ## 2. 最短起手方式
20
-
21
- ```text
22
- /team-intake
23
- 目标:修复订阅页在 iPad 横屏下的布局溢出
24
- 范围:页面布局、响应式回归、UI 自测证据
25
- 不做:接口改造
26
- 约束:必须附带 ui-review-checklist
27
- ```
28
-
29
- ## 3. 优先判断短链路还是长链路
30
-
31
- - 只改单页面样式或交互:优先短链路
32
- - 涉及多个页面、组件结构或状态流:补 `/team-plan`
33
- - 涉及接口联动、权限或发布风险:直接进入完整主链
34
-
35
- ## 4. 推荐命令顺序
36
-
37
- 短链路:
38
-
39
- 1. `/team-intake`
40
- 2. `/code-review`
41
- 3. `/handoff`
42
- 4. `/team-review`
43
-
44
- 完整主链:
45
-
46
- 1. `/team-intake`
47
- 2. `/team-plan`
48
- 3. `/team-execute`
49
- 4. `/handoff`
50
- 5. `/team-review`
51
-
52
- ## 5. 必须出现的验证点
53
-
54
- - 主路径是否恢复正常
55
- - 响应式断点是否覆盖
56
- - 关键交互状态是否正常
57
- - 是否附带 UI 自测或 checklist 证据
58
-
59
- ## 6. handoff 至少写什么
60
-
61
- ```text
62
- 已完成
63
- - 修复 iPad 横屏下的栅格溢出
64
-
65
- 验证结果
66
- - 桌面、iPad 横屏、iPhone 视图已验证
67
- - ui-review-checklist 已补齐
68
-
69
- 风险
70
- - 暂未覆盖低版本 Safari
71
-
72
- 下一角色关注点
73
- - QA 重点看横屏切换和按钮折行
74
- ```
75
-
76
- ## 7. 常见错误
77
-
78
- - 只说“样式已修复”,没有响应式证据
79
- - 明明是前端问题,却完全不提 `ui-review-checklist`
80
- - 任务已经跨页面或跨状态流,还强行走短链路
81
-
82
- 如果你要看完整长演练,继续看 [bug-fix-complete-walkthrough.md](bug-fix-complete-walkthrough.md) 和 [frontend-refactor-walkthrough.md](frontend-refactor-walkthrough.md)。
@@ -1,60 +0,0 @@
1
- ---
2
- version: "0.1.0"
3
- status: draft
4
- created: 2026-03-28
5
- updated: 2026-03-28
6
- owner: 工程团队
7
- ---
8
-
9
- # Frontend Engineer 日常操作手册
10
-
11
- 本文面向前端工程师,说明在 Team Skills Platform 下,页面、交互和联调工作应该怎样在主链里落地。
12
-
13
- 如果你想先看公开命令、UI 相关 specialist 和 runtime 的全景关系,先读 [command-and-capability-matrix.md](command-and-capability-matrix.md)。
14
-
15
- ## 1. 你的默认职责
16
-
17
- - 实现页面、表单、交互与状态流
18
- - 产出前端自测结果
19
- - 补齐响应式、A11y、性能和 UI 证据
20
- - 把前端视角的风险交接给 QA 和 tech-lead
21
-
22
- ## 2. 开始实现前必须确认什么
23
-
24
- - 页面范围和范围外事项
25
- - 接口契约是否已清楚
26
- - 设计约束和交互状态是否明确
27
- - 是否需要 `ui-review-checklist`
28
-
29
- ## 3. 页面实现的固定检查
30
-
31
- - 断点策略
32
- - 空态与错误态
33
- - 键盘可达性
34
- - 异步 loading 状态
35
- - 视觉回归风险
36
-
37
- ## 4. 进入 QA 前应交付什么
38
-
39
- - 代码变更摘要
40
- - 自测范围
41
- - 响应式和 UI 证据
42
- - 已知限制与剩余风险
43
-
44
- ## 5. 常用命令组合
45
-
46
- - `/team-intake`:确认目标与范围
47
- - `/team-plan`:拆页面和联调任务
48
- - `/tdd`:先锁交互边界、回归点和成功标准
49
- - `/multi-frontend`:做专项拆解
50
- - `/team-execute`:汇总实现和自测
51
- - `/handoff`:交给 QA 或 tech-lead
52
-
53
- ## 6. 常见错误
54
-
55
- - 只改 happy path,不补空态和错误态
56
- - 进入 QA 前没有任何自测证据
57
- - 明明适合先用 `/tdd` 锁交互和回归口径,却直接开始实现
58
- - 页面联调后才发现接口字段理解不一致
59
-
60
- 前端专项场景可继续看 [../../examples/saas-nextjs-CLAUDE.md](../../examples/saas-nextjs-CLAUDE.md)。
@@ -1,5 +0,0 @@
1
- # Frontend Enterprise Style Profile
2
-
3
- 该企业前端样式 profile 已迁移到私有 `enterprise` overlay 仓库。公开仓不再分发这套企业内部设计资料。
4
-
5
- 公开安装与 overlay 约定见 [custom-overlay.md](custom-overlay.md)。
@@ -1,47 +0,0 @@
1
- ---
2
- version: "0.1.0"
3
- status: draft
4
- created: 2026-03-27
5
- updated: 2026-03-27
6
- owner: 工程团队
7
- ---
8
-
9
- # Frontend Governance Runbook
10
-
11
- 本文说明当前 Team Skills 平台如何承接 React/Next 优先的前端工程规范与 UI/UX 治理能力。
12
-
13
- ## 1. 何时启用前端能力包
14
-
15
- - 需求包含页面、组件、交互、导航、样式、图表、表单或前端静态资源变更。
16
- - `tech-lead` 在 `/team-intake` 或 `/team-plan` 已确认存在前端交付物。
17
-
18
- ## 2. 两层共享 Skill
19
-
20
- | Skill | 作用 | 主用角色 |
21
- |-------|------|----------|
22
- | `frontend-engineering` | 统一组件结构、状态分层、语义化、可访问性与性能做法 | `frontend-engineer`、`architect` |
23
- | `frontend-ui-ux-system` | 统一产品类型、视觉方向、设计 token、交互与体验门禁 | `tech-lead`、`frontend-engineer`、`qa-engineer` |
24
-
25
- ## 3. 推荐工作流
26
-
27
- 1. `tech-lead` 在 `/team-intake` 锁定目标端、产品类型、设计约束、响应式和 A11y/性能红线。
28
- 2. 需要新界面或较大 UI 变化时,先补 [design-system-brief.md](../../templates/design-system-brief.md)。
29
- 3. `frontend-engineer` 编写 [ui-implementation-plan.md](../../templates/ui-implementation-plan.md),明确组件结构、状态流和交付风险。
30
- 4. 进入 QA 前,`frontend-engineer` 必须填写 [ui-review-checklist.md](../../templates/ui-review-checklist.md)。
31
- 5. 需要用真实浏览器做关键页面 / 发布前回归时,补用 [browser-smoke-testing](../../skills/browser-smoke-testing/SKILL.md) 明确 smoke 范围与证据。
32
- 6. `qa-engineer` 在 `/team-review` 依据 [frontend-quality-gates.md](../../rules/frontend-quality-gates.md) 给出结论。
33
-
34
- ## 4. 知识库结构
35
-
36
- - 规则入口:[frontend-engineering-standards.md](../../rules/frontend-engineering-standards.md)、[frontend-ui-ux-standards.md](../../rules/frontend-ui-ux-standards.md)
37
- - 门禁入口:[frontend-quality-gates.md](../../rules/frontend-quality-gates.md)
38
- - 知识索引:[frontend-design-knowledge-base.md](../../rules/frontend-design-knowledge-base.md)
39
- - 工程参考:[frontend-engineering](../../skills/frontend-engineering/SKILL.md)
40
- - 浏览器验证:[browser-smoke-testing](../../skills/browser-smoke-testing/SKILL.md)
41
- - 设计参考:[frontend-ui-ux-system](../../skills/frontend-ui-ux-system/SKILL.md)
42
-
43
- ## 5. 默认交付要求
44
-
45
- - 任何前端变更都要说明主路径、边界态、异常态和已知风险。
46
- - 任何设计 token 的新增或调整都要说明原因和适用范围。
47
- - 任何前端上线都要有 smoke 范围、观察指标和回滚触发条件。
@@ -1,42 +0,0 @@
1
- ---
2
- version: "0.1.0"
3
- status: draft
4
- created: 2026-03-28
5
- updated: 2026-03-28
6
- owner: 工程团队
7
- ---
8
-
9
- # 前端重构演练
10
-
11
- 本文演示页面或组件重构任务如何拆解、验证和交接。重点不是新增功能,而是在不破坏现有体验的前提下改善结构。
12
-
13
- ## 1. 场景
14
-
15
- - 重构控制台列表页的筛选区和表格结构
16
- - 目标是提升可维护性和响应式一致性
17
- - 不改变接口契约
18
-
19
- ## 2. 推荐链路
20
-
21
- 1. `/team-intake`
22
- 2. `/team-plan`
23
- 3. `/multi-frontend`
24
- 4. `/team-execute`
25
- 5. `/code-review`
26
- 6. `/handoff`
27
- 7. `/team-review`
28
-
29
- ## 3. 关键输出
30
-
31
- - 为什么要重构,而不是继续堆补丁
32
- - 哪些行为保持不变
33
- - UI、响应式和空态是否回归
34
- - 哪些技术债仍然保留
35
-
36
- ## 4. 常见错误
37
-
38
- - 把重构写成纯代码整理,不说明用户影响
39
- - 缺少回归范围
40
- - 引入样式变化却没有证据
41
-
42
- 与前端角色说明配合阅读:[frontend-engineer-daily-operations.md](frontend-engineer-daily-operations.md)
@@ -1,63 +0,0 @@
1
- # Git / PR 收口工作流
2
-
3
- 本手册承接 `obra/superpowers` 中与 `using-git-worktrees`、`finishing-a-development-branch` 相关的工程实践。它用于规范分支隔离、PR 收口、验证证据和分支清理,不替代 [git-workflow.md](../../rules/common/git-workflow.md) 的基础规则。
4
-
5
- ## 适用场景
6
-
7
- - 任务需要开独立分支提交、发起 PR、处理 review 再完成合并收口。
8
- - 当前改动风险较高、并行任务较多,或需要用 worktree 把上下文隔离开。
9
- - 团队希望把“写完代码”延伸到“PR 可审、可验、可清理”的完整闭环。
10
-
11
- ## 何时使用 worktree
12
-
13
- 优先考虑 `git worktree` 的场景:
14
-
15
- - 同一仓库要并行推进两个以上任务。
16
- - 当前主工作区已经有脏改动,不适合混进新任务。
17
- - 需要在不打断现有上下文的前提下,开一个干净环境做修复或 review follow-up。
18
-
19
- 不必额外开 worktree 的场景:
20
-
21
- - 单一任务、改动很小、当前工作区本来就是干净的。
22
- - 只是补一两个 review comment,没有上下文污染风险。
23
-
24
- ## 默认做法
25
-
26
- 1. 先确认 base branch、任务边界、是否需要独立 worktree,再开始编码。
27
- 2. 若使用 worktree,保持“一任务一 worktree / 一分支”,不要让多个任务共享同一临时目录。
28
- 3. 提交按单一意图组织,保证每次提交都能说明“做了什么、为什么、怎么验证”。
29
- 4. 发 PR 前先补齐验证命令、风险、文档影响和回滚说明,不把这些信息留给 reviewer 反向追问。
30
- 5. 处理 review 时优先做增量修复和定向验证,避免把 unrelated cleanup 混进 follow-up。
31
- 6. 合并前确认 checks、review 状态和最终验证结果;合并后清理分支、临时 worktree 和过期上下文。
32
-
33
- ## PR 最小清单
34
-
35
- - 目标:这次变更解决什么问题
36
- - 范围:做了什么,明确没做什么
37
- - 风险:可能影响哪些路径、模块或发布动作
38
- - 验证:本地或 CI 跑了什么命令、覆盖了哪些关键路径
39
- - 文档:是否同步了模板、规则、runbook、README 或交接说明
40
-
41
- ## 分支收口清单
42
-
43
- 1. 所有必要 review comment 已处理或显式记录暂不处理原因。
44
- 2. 最终验证结果与 PR 描述一致,没有“代码已变、描述没跟”。
45
- 3. 若使用 worktree,合并后清理对应目录,避免保留无主上下文。
46
- 4. 若变更影响发布、规则或知识入口,回写 `/handoff`、`/team-review` 或相关文档。
47
-
48
- ## 反模式
49
-
50
- - 用一个分支混多个不相关任务。
51
- - 为了“快一点”跳过本地验证,把失败风险留到 PR checks 或 reviewer 身上。
52
- - review follow-up 顺手重构一大片,导致 reviewer 无法判断真正改了什么。
53
- - worktree 创建了但不清理,后续没人知道哪个目录仍有效。
54
-
55
- ## 输出回落
56
-
57
- - 开发与 review 阶段:回落到 PR 描述、`/handoff` 和 `/team-review` 的验证证据。
58
- - 发布前:若 PR 收口影响上线判断,把最终分支状态、tag、验证结果回写到 `/team-release`。
59
-
60
- ## 参考来源
61
-
62
- - [obra/superpowers](https://github.com/obra/superpowers)
63
- - [rules/common/git-workflow.md](../../rules/common/git-workflow.md)
@@ -1,158 +0,0 @@
1
- ---
2
- version: "0.1.0"
3
- status: draft
4
- created: 2026-03-29
5
- updated: 2026-03-29
6
- owner: 工程团队
7
- ---
8
-
9
- # GitHub Actions 与供应链治理演示执行记录
10
-
11
- 本文记录一条以 GitHub Actions、权限治理与供应链证据链为核心的演示路径,重点展示团队如何把 workflow 门禁、发布证据和 release 收口串成一条可审计链路。
12
-
13
- ## 1. 场景定义
14
-
15
- ### 背景
16
-
17
- - 仓库已经通过 GitHub Actions 承担构建与发布
18
- - 但 workflow 权限、scorecard、SBOM、attestation、签名和 SLSA 还没有形成统一治理口径
19
- - 团队希望把“安全门禁”从零散脚本升级为主链可解释、可复盘的治理任务
20
-
21
- ### 演示目标
22
-
23
- - 让观众理解 workflow lint、权限收敛和供应链证据不是一回事
24
- - 让观众看到 `/tdd` 如何前置定义治理完成标准
25
- - 让观众看到 `/harness-audit` 如何检查文档、runbook 和 release 出口是否同步
26
-
27
- ## 2. 阶段 1:/team-intake
28
-
29
- ### 输入
30
-
31
- ```text
32
- /team-intake
33
- 目标:补齐 GitHub Actions 发布链路的供应链门禁与证据记录
34
- 范围:workflow、permissions、scorecard、SBOM、attestation、签名、release 检查项
35
- 不做:业务服务逻辑改造
36
- 约束:必须说明 workflow lint、token 权限、provenance、artifact attestation 的边界
37
- ```
38
-
39
- ### 产出
40
-
41
- | 字段 | 内容 |
42
- |------|------|
43
- | 任务类型 | 平台治理 / 供应链治理 |
44
- | 主体对象 | workflow、permissions、artifact 证据链、release 手册 |
45
- | 主要风险 | 权限过宽、证据链缺失、workflow 改动不可追溯 |
46
- | 收口要求 | review 与 release 必须能承接供应链证据 |
47
-
48
- ## 3. 阶段 2:/team-plan
49
-
50
- ### 拆解结果
51
-
52
- | 模块 | 动作 | 收口位置 |
53
- |------|------|----------|
54
- | Workflow 结构 | 调整 job、step、触发条件和复用关系 | workflow 文件 |
55
- | 权限治理 | 收敛 `permissions`、减少默认写权限 | workflow 文件 + review |
56
- | 供应链门禁 | 接入 actionlint、scorecard、SBOM、attestation、签名 | CI / release |
57
- | 文档与 runbook | 更新治理入口和证据说明 | runbook / release 文档 |
58
- | 最终验证 | 逐项检查门禁、证据与发布收口 | `/team-review`、`/team-release` |
59
-
60
- ### 关键判断
61
-
62
- - `actionlint` 解决的是 workflow 结构与语法质量
63
- - `scorecard` 和 token 权限基线解决的是仓库治理与权限风险
64
- - `SBOM`、`attestation`、签名与 `SLSA` 解决的是发布证据链问题
65
-
66
- ## 4. 阶段 3:/tdd
67
-
68
- ### 定义的完成标准
69
-
70
- ```text
71
- 1. workflow lint 与权限基线通过
72
- 2. release 阶段能产出 SBOM、attestation 或等价证明
73
- 3. review 结论能明确记录 workflow 风险与例外
74
- 4. release 记录能落地 artifact、digest、签名或 provenance 信息
75
- 5. 仓库校验通过
76
- ```
77
-
78
- ### 价值说明
79
-
80
- - 把治理任务的“完成”从主观感觉变成显式标准
81
- - 避免只改 workflow 文件,不改 release 与 review 记录
82
-
83
- ## 5. 阶段 4:/team-execute
84
-
85
- ### 执行批次
86
-
87
- #### 批次 A:workflow 基线
88
-
89
- - 清理 workflow 结构问题
90
- - 拆分过宽的 job 权限
91
- - 接入 lint 与基础门禁
92
-
93
- #### 批次 B:供应链证据
94
-
95
- - 生成 SBOM
96
- - 接入 attestation / provenance
97
- - 补签名或 digest 记录
98
-
99
- #### 批次 C:治理出口
100
-
101
- - 更新 release 检查项
102
- - 更新 review 结论模板
103
- - 补 runbook 导航和落地说明
104
-
105
- ## 6. 阶段 5:/harness-audit
106
-
107
- ### 体检前缺口
108
-
109
- - workflow 已改,但治理文档没有同步
110
- - release 手册还没显式承接 attestation 和签名信息
111
- - 观众容易把所有供应链门禁混成同一个概念
112
-
113
- ### 体检后收敛结果
114
-
115
- | 维度 | 收敛动作 | 状态 |
116
- |------|----------|------|
117
- | Workflow 质量 | lint 与结构治理已明确 | 已补齐 |
118
- | 权限治理 | token 权限边界有记录 | 已补齐 |
119
- | 证据链 | SBOM、attestation、签名进入 release 说明 | 已补齐 |
120
- | 导航入口 | 相关 runbook 与 walkthrough 已串起来 | 已补齐 |
121
-
122
- ## 7. 阶段 6:/team-review 与 /team-release
123
-
124
- ### Review 结论
125
-
126
- - 风险分层已明确:workflow、权限、证据链分别检查
127
- - 例外项必须进入 review,而不是留在口头说明
128
-
129
- ### Release 结论
130
-
131
- - 发布记录必须包含 artifact、digest、SBOM、attestation 或签名信息
132
- - 一旦 workflow 异常,回退步骤应绑定上一版本的 workflow / release 配置
133
-
134
- ## 8. 校验结果
135
-
136
- ### 文档静态检查
137
-
138
- - 本轮新增 walkthrough 与 execution log 无错误
139
-
140
- ### 仓库校验
141
-
142
- ```text
143
- Validation passed.
144
- - Roles: 8
145
- - Shared skills: 3
146
- - ECC skills: 9
147
- - Private overlay skills: not shipped in public repo
148
- - Specialist agents: 27
149
- - Generated artifacts: 70
150
- ```
151
-
152
- ## 9. 推荐搭配材料
153
-
154
- - [github-actions-supply-chain-walkthrough.md](github-actions-supply-chain-walkthrough.md)
155
- - [../../examples/github-actions-supply-chain-CLAUDE.md](../../examples/github-actions-supply-chain-CLAUDE.md)
156
- - [../../examples/vertical-project-conversation-scripts.md](../../examples/vertical-project-conversation-scripts.md)
157
- - [actionlint-workflow-gates.md](actionlint-workflow-gates.md)
158
- - [scorecard-supply-chain-gates.md](scorecard-supply-chain-gates.md)
@@ -1,150 +0,0 @@
1
- ---
2
- version: "0.1.0"
3
- status: draft
4
- created: 2026-03-29
5
- updated: 2026-03-29
6
- owner: 工程团队
7
- ---
8
-
9
- # GitHub Actions 与供应链治理演示剧本
10
-
11
- 本文是一份可直接照着讲的演示脚本,面向 GitHub Actions、权限治理、SBOM、attestation、签名和 release 证据链场景。
12
-
13
- ## 1. 演示目标
14
-
15
- - 说明 workflow lint、权限治理、供应链证据链是三层不同问题
16
- - 说明 `/tdd` 如何前置定义治理完成标准
17
- - 说明 `/harness-audit` 如何检查 runbook、review 和 release 出口是否同步
18
-
19
- ## 2. 适用对象
20
-
21
- - 需要介绍 CI/CD 治理能力的 Tech Lead
22
- - 需要做 workflow 安全与供应链汇报的 DevOps / QA
23
- - 需要向团队解释 release 证据链的讲解人
24
-
25
- ## 3. 演示时长建议
26
-
27
- - 5 分钟:讲 workflow、permissions、证据链三层边界
28
- - 10 分钟:再讲 `/tdd` 与 `/harness-audit` 的作用
29
- - 15 分钟:完整走一遍 intake -> plan -> tdd -> execute -> audit -> review/release
30
-
31
- ## 4. 演示脚本
32
-
33
- ### Step 1. 先用 1 分钟讲清这类任务到底在治理什么
34
-
35
- 建议讲法:
36
-
37
- ```text
38
- 这类仓库要治理的不是一件事,而是三件事:
39
- 第一是 workflow 结构和 lint 质量;
40
- 第二是 token 权限和仓库治理边界;
41
- 第三是 SBOM、attestation、签名和 provenance 组成的发布证据链。
42
- ```
43
-
44
- 配套材料:
45
-
46
- - [actionlint-workflow-gates.md](actionlint-workflow-gates.md)
47
- - [github-token-permissions-baseline.md](github-token-permissions-baseline.md)
48
- - [artifact-attestation-gates.md](artifact-attestation-gates.md)
49
-
50
- ### Step 2. 用 `/team-intake` 讲清治理目标和边界
51
-
52
- 建议输入:
53
-
54
- ```text
55
- /team-intake
56
- 目标:补齐 GitHub Actions 发布链路的供应链门禁与证据记录
57
- 范围:workflow、permissions、scorecard、SBOM、attestation、签名、release 检查项
58
- 不做:业务服务逻辑改造
59
- 约束:必须说明 workflow lint、token 权限、provenance、artifact attestation 的边界
60
- ```
61
-
62
- 讲解重点:
63
-
64
- - 这是平台治理任务,不是业务需求开发
65
- - 一开始就要分清结构问题、权限问题和证据链问题
66
-
67
- ### Step 3. 用 `/team-plan` 说明如何拆治理任务
68
-
69
- 建议输入:
70
-
71
- ```text
72
- /team-plan
73
- 基于当前 intake 结果,拆 workflow 调整、权限收敛、供应链证据生成、review 收口和 release 记录动作。
74
- 输出必须指出哪些完成标准应先进入 /tdd,哪些文档缺口最终应通过 /harness-audit 检查。
75
- ```
76
-
77
- 讲解重点:
78
-
79
- - 不能只改 workflow 文件
80
- - release 和 review 文档必须同步承接新的治理结果
81
-
82
- ### Step 4. 用 `/tdd` 讲“先定义治理完成标准”
83
-
84
- 建议输入:
85
-
86
- ```text
87
- /tdd
88
- 基于当前 /team-plan 结果,先定义本轮供应链治理的完成标准。
89
- 至少覆盖:
90
- 1. workflow lint 与权限基线通过
91
- 2. release 阶段有 SBOM、attestation 或等价证明
92
- 3. review 结论记录风险、例外与阻塞项
93
- 4. release 记录包含 artifact、digest、签名或 provenance 信息
94
- ```
95
-
96
- 讲解重点:
97
-
98
- - `/tdd` 在这里锁的是治理标准,不是业务测试代码
99
- - 这样可以避免“改完了但说不清到底完成了什么”
100
-
101
- ### Step 5. 用 `/team-execute` 讲实际收敛动作
102
-
103
- 建议讲法:
104
-
105
- ```text
106
- 执行阶段通常会先调 workflow 和 permissions,再接入 SBOM、attestation、签名,最后补 review / release 的治理出口。
107
- ```
108
-
109
- 可展示材料:
110
-
111
- - [scorecard-supply-chain-gates.md](scorecard-supply-chain-gates.md)
112
- - [sbom-generation-gates.md](sbom-generation-gates.md)
113
- - [slsa-generator-patterns.md](slsa-generator-patterns.md)
114
-
115
- ### Step 6. 用 `/harness-audit` 讲平台体检的价值
116
-
117
- 建议输入:
118
-
119
- ```text
120
- /harness-audit
121
- 请从 workflow 治理覆盖、权限边界、release 证据链、runbook 同步和最终校验五个方向审视当前仓库。
122
- 输出立即修补项、下一轮收敛项和建议回写位置。
123
- ```
124
-
125
- 讲解重点:
126
-
127
- - audit 不是重复 review,而是检查治理出口是否形成闭环
128
- - 特别适合 workflow 和 runbook 同时变动的场景
129
-
130
- ### Step 7. 用 review 与 release 收尾
131
-
132
- 建议讲法:
133
-
134
- ```text
135
- 最终交付不是“workflow 能跑了”,而是 review 能解释风险,release 能解释证据链。
136
- ```
137
-
138
- ## 5. 建议演示顺序
139
-
140
- 1. 先展示 workflow / permissions / evidence 三层边界
141
- 2. 再展示 `/team-intake` 与 `/team-plan`
142
- 3. 然后讲 `/tdd`
143
- 4. 再讲 `/team-execute`
144
- 5. 最后讲 `/harness-audit`、`/team-review` 和 `/team-release`
145
-
146
- ## 6. 演示后建议发给观众的材料
147
-
148
- - [github-actions-supply-chain-demo-execution-log.md](github-actions-supply-chain-demo-execution-log.md)
149
- - [github-actions-supply-chain-walkthrough.md](github-actions-supply-chain-walkthrough.md)
150
- - [../../examples/github-actions-supply-chain-CLAUDE.md](../../examples/github-actions-supply-chain-CLAUDE.md)