@colin4k1024/tsp 2.4.4 → 2.4.6

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (236) hide show
  1. package/README.md +16 -20
  2. package/bin/lib/install-surface.js +3 -3
  3. package/bin/lib/source-installer.js +2 -2
  4. package/commands/team-help.md +2 -2
  5. package/commands/team-plan.md +1 -1
  6. package/commands/update-codemaps.md +3 -3
  7. package/manifests/install-components.json +1 -1
  8. package/manifests/install-modules.json +17 -3
  9. package/manifests/install-profiles.json +2 -0
  10. package/package.json +6 -3
  11. package/schemas/ecc-install-config.schema.json +6 -1
  12. package/schemas/install-modules.schema.json +4 -1
  13. package/scripts/codegraph-preflight.js +179 -0
  14. package/scripts/gitnexus-preflight.js +8 -0
  15. package/scripts/install-apply.js +10 -8
  16. package/scripts/install-codegraph.js +158 -0
  17. package/scripts/install-plan.js +28 -11
  18. package/scripts/lib/install/apply.js +256 -5
  19. package/scripts/lib/install/request.js +3 -2
  20. package/scripts/lib/install-audit-manifest.js +3 -0
  21. package/scripts/lib/install-executor.js +14 -5
  22. package/scripts/lib/install-lifecycle.js +2 -2
  23. package/scripts/lib/install-manifests.js +23 -4
  24. package/scripts/lib/install-targets/codex-home.js +187 -1
  25. package/scripts/lib/install-targets/opencode-home.js +135 -2
  26. package/scripts/lib/install-targets/registry.js +23 -1
  27. package/scripts/lib/release-health.js +19 -4
  28. package/scripts/lib/team-skills-data.json +6 -6
  29. package/scripts/release-health-summary.js +1 -1
  30. package/scripts/workflow-help.js +3 -3
  31. package/skills/codegraph/SKILL.md +57 -0
  32. package/skills/codegraph/agents/openai.yaml +4 -0
  33. package/docs/.vitepress/config.mts +0 -199
  34. package/docs/adr/ADR-001-doc-architecture-integration.md +0 -33
  35. package/docs/guides/README.md +0 -5
  36. package/docs/guides/installation.md +0 -33
  37. package/docs/guides/user-guide.md +0 -36
  38. package/docs/index.md +0 -65
  39. package/docs/memory/backlog.md +0 -10
  40. package/docs/memory/decisions.md +0 -43
  41. package/docs/memory/lessons-learned.md +0 -87
  42. package/docs/plans/2026-04-03-python-remnants-audit.md +0 -265
  43. package/docs/plans/2026-04-03-scripts-python-to-js-migration.md +0 -372
  44. package/docs/plans/2026-04-03-solo-delivery-execution-checklist.md +0 -413
  45. package/docs/plans/2026-04-03-solo-delivery-gap-plan.md +0 -377
  46. package/docs/plans/2026-04-03-team-skills-workflow-gates.md +0 -548
  47. package/docs/plans/2026-04-21-open-source-readiness-gap-plan.md +0 -217
  48. package/docs/plans/llm-surface-reduction-audit.md +0 -147
  49. package/docs/plans/llm-surface-reduction-execution-checklist.md +0 -217
  50. package/docs/plans/llm-surface-reduction-execution-history.md +0 -124
  51. package/docs/plans/team-skills-platform-migration.md +0 -54
  52. package/docs/presentation/README.md +0 -42
  53. package/docs/presentation/audience-presentation-route-map.md +0 -84
  54. package/docs/presentation/executive-briefing-talk-track.md +0 -50
  55. package/docs/presentation/generate_capability_matrix.py +0 -396
  56. package/docs/presentation/generate_ppt.py +0 -354
  57. package/docs/presentation/implementation-onboarding-brief.md +0 -38
  58. package/docs/presentation/presentation-talk-track.md +0 -97
  59. package/docs/presentation/vertical-scenario-route-map.md +0 -99
  60. package/docs/presentation/workshop-facilitator-guide.md +0 -47
  61. package/docs/runbooks/actionlint-workflow-gates.md +0 -80
  62. package/docs/runbooks/agent-governance.md +0 -131
  63. package/docs/runbooks/ai-eval-platform-demo-execution-log.md +0 -147
  64. package/docs/runbooks/ai-eval-platform-demo-script.md +0 -136
  65. package/docs/runbooks/ai-eval-platform-walkthrough.md +0 -113
  66. package/docs/runbooks/ai-pr-review-automation.md +0 -56
  67. package/docs/runbooks/api-breaking-change-gates.md +0 -58
  68. package/docs/runbooks/api-design-evolution-walkthrough.md +0 -42
  69. package/docs/runbooks/api-lint-gates.md +0 -57
  70. package/docs/runbooks/api-mocking-strategy-and-lifecycle-guide.md +0 -47
  71. package/docs/runbooks/architect-daily-operations.md +0 -63
  72. package/docs/runbooks/architect-design-conversation-example.md +0 -83
  73. package/docs/runbooks/artifact-attestation-gates.md +0 -75
  74. package/docs/runbooks/artifact-persistence.md +0 -257
  75. package/docs/runbooks/backend-engineer-daily-operations.md +0 -63
  76. package/docs/runbooks/batch-optimization-completion-checklist.md +0 -104
  77. package/docs/runbooks/biz-service-designer-end-to-end-conversation-example.md +0 -5
  78. package/docs/runbooks/biz-service-designer-toolkit.md +0 -5
  79. package/docs/runbooks/bug-fix-complete-walkthrough.md +0 -60
  80. package/docs/runbooks/build-failure-recovery-walkthrough.md +0 -40
  81. package/docs/runbooks/canary-decision-matrix.md +0 -41
  82. package/docs/runbooks/canary-staging-release-walkthrough.md +0 -46
  83. package/docs/runbooks/checkov-iac-gates.md +0 -104
  84. package/docs/runbooks/claude-code-review-workflow.md +0 -72
  85. package/docs/runbooks/claude-conversation-prompt-recipes.md +0 -132
  86. package/docs/runbooks/claude-end-to-end-conversation-example.md +0 -198
  87. package/docs/runbooks/claude-feature-development-guide.md +0 -112
  88. package/docs/runbooks/claude-quick-start.md +0 -227
  89. package/docs/runbooks/claude-usage-scenarios.md +0 -176
  90. package/docs/runbooks/code-review-collaboration-walkthrough.md +0 -65
  91. package/docs/runbooks/codeql-pr-security-gates.md +0 -64
  92. package/docs/runbooks/codex-end-to-end-conversation-example.md +0 -166
  93. package/docs/runbooks/codex-multi-agent-orchestration.md +0 -65
  94. package/docs/runbooks/codex-parallel-prompt-recipes.md +0 -131
  95. package/docs/runbooks/codex-quick-start.md +0 -223
  96. package/docs/runbooks/codex-usage-scenarios.md +0 -168
  97. package/docs/runbooks/codex-workflow-essentials.md +0 -88
  98. package/docs/runbooks/command-and-capability-matrix.md +0 -162
  99. package/docs/runbooks/conftest-policy-gates.md +0 -84
  100. package/docs/runbooks/consumer-driven-contract-testing-with-mock-alignment.md +0 -45
  101. package/docs/runbooks/contract-testing-playbook.md +0 -78
  102. package/docs/runbooks/cosign-signing-gates.md +0 -71
  103. package/docs/runbooks/cross-role-issue-triage-walkthrough.md +0 -47
  104. package/docs/runbooks/cursor-quick-start.md +0 -123
  105. package/docs/runbooks/custom-overlay.md +0 -115
  106. package/docs/runbooks/data-ml-pipeline-demo-execution-log.md +0 -141
  107. package/docs/runbooks/data-ml-pipeline-demo-script.md +0 -102
  108. package/docs/runbooks/data-ml-pipeline-walkthrough.md +0 -119
  109. package/docs/runbooks/data-observability-quality-demo-execution-log.md +0 -36
  110. package/docs/runbooks/data-observability-quality-demo-script.md +0 -42
  111. package/docs/runbooks/data-observability-quality-walkthrough.md +0 -86
  112. package/docs/runbooks/demo-deliverables-overview.md +0 -278
  113. package/docs/runbooks/demo-execution-log.md +0 -530
  114. package/docs/runbooks/demo-scenario.md +0 -129
  115. package/docs/runbooks/dependency-review-gates.md +0 -63
  116. package/docs/runbooks/dependency-update-automation.md +0 -83
  117. package/docs/runbooks/design-md-workflow.md +0 -185
  118. package/docs/runbooks/devops-engineer-daily-operations.md +0 -60
  119. package/docs/runbooks/devops-release-conversation-example.md +0 -88
  120. package/docs/runbooks/doc-architecture-integration.md +0 -59
  121. package/docs/runbooks/doc-architecture-quick-start.md +0 -122
  122. package/docs/runbooks/document-execution-audit.md +0 -32
  123. package/docs/runbooks/documentation-update-walkthrough.md +0 -37
  124. package/docs/runbooks/ecc-harness-usage.md +0 -93
  125. package/docs/runbooks/error-experience-usage.md +0 -116
  126. package/docs/runbooks/evolution-usage.md +0 -162
  127. package/docs/runbooks/executive-value-one-page.md +0 -55
  128. package/docs/runbooks/external-capability-approval-and-enablement-workflow.md +0 -39
  129. package/docs/runbooks/external-capability-intake.md +0 -160
  130. package/docs/runbooks/first-team-command-60-seconds.md +0 -96
  131. package/docs/runbooks/first-team-workflow-walkthrough.md +0 -245
  132. package/docs/runbooks/frontend-backend-integration-acceptance-checklist.md +0 -46
  133. package/docs/runbooks/frontend-backend-parallel-integration-walkthrough.md +0 -48
  134. package/docs/runbooks/frontend-bugfix-one-page.md +0 -82
  135. package/docs/runbooks/frontend-engineer-daily-operations.md +0 -60
  136. package/docs/runbooks/frontend-enterprise-style-profile.md +0 -5
  137. package/docs/runbooks/frontend-governance.md +0 -47
  138. package/docs/runbooks/frontend-refactor-walkthrough.md +0 -42
  139. package/docs/runbooks/git-pr-workflow.md +0 -63
  140. package/docs/runbooks/github-actions-supply-chain-demo-execution-log.md +0 -158
  141. package/docs/runbooks/github-actions-supply-chain-demo-script.md +0 -150
  142. package/docs/runbooks/github-actions-supply-chain-walkthrough.md +0 -117
  143. package/docs/runbooks/github-token-permissions-baseline.md +0 -92
  144. package/docs/runbooks/gitlab-manual-pipeline-release.md +0 -5
  145. package/docs/runbooks/gitlab-release-integration-playbook.md +0 -5
  146. package/docs/runbooks/gitnexus-code-intelligence-usage.md +0 -133
  147. package/docs/runbooks/graphify-knowledge-graph-usage.md +0 -88
  148. package/docs/runbooks/handoff-filling-guide-with-examples.md +0 -70
  149. package/docs/runbooks/handoff-governance.md +0 -250
  150. package/docs/runbooks/helm-unittest-playbook.md +0 -101
  151. package/docs/runbooks/hotfix-emergency-release-walkthrough.md +0 -60
  152. package/docs/runbooks/iac-kubernetes-platform-demo-execution-log.md +0 -144
  153. package/docs/runbooks/iac-kubernetes-platform-demo-script.md +0 -130
  154. package/docs/runbooks/iac-kubernetes-platform-walkthrough.md +0 -120
  155. package/docs/runbooks/implementation-onboarding-reading-path.md +0 -67
  156. package/docs/runbooks/in-toto-attestation-framework.md +0 -94
  157. package/docs/runbooks/incident-severity-triage-tree.md +0 -43
  158. package/docs/runbooks/incident-triage-one-page.md +0 -65
  159. package/docs/runbooks/internal-developer-platform-demo-execution-log.md +0 -36
  160. package/docs/runbooks/internal-developer-platform-demo-script.md +0 -42
  161. package/docs/runbooks/internal-developer-platform-walkthrough.md +0 -91
  162. package/docs/runbooks/karpathy-guidelines-usage.md +0 -27
  163. package/docs/runbooks/kubeconform-schema-gates.md +0 -100
  164. package/docs/runbooks/kubectl-server-dry-run-gates.md +0 -103
  165. package/docs/runbooks/kyverno-policy-gates.md +0 -90
  166. package/docs/runbooks/langfuse-and-observability-integration-guide.md +0 -43
  167. package/docs/runbooks/langfuse-coding-trace.md +0 -44
  168. package/docs/runbooks/mobile-miniapp-delivery-walkthrough.md +0 -112
  169. package/docs/runbooks/mobile-miniapp-demo-execution-log.md +0 -139
  170. package/docs/runbooks/mobile-miniapp-demo-script.md +0 -129
  171. package/docs/runbooks/multi-service-backend-integration-walkthrough.md +0 -61
  172. package/docs/runbooks/open-design-integration.md +0 -163
  173. package/docs/runbooks/open-source-release-checklist.md +0 -90
  174. package/docs/runbooks/opencode-quick-start.md +0 -128
  175. package/docs/runbooks/parallel-development-coordination-walkthrough.md +0 -47
  176. package/docs/runbooks/parallel-execution-usage.md +0 -179
  177. package/docs/runbooks/platform-capability-demo-execution-log.md +0 -184
  178. package/docs/runbooks/platform-capability-demo-script.md +0 -192
  179. package/docs/runbooks/plugin-extension-platform-demo-execution-log.md +0 -136
  180. package/docs/runbooks/plugin-extension-platform-demo-script.md +0 -102
  181. package/docs/runbooks/plugin-extension-platform-walkthrough.md +0 -111
  182. package/docs/runbooks/policy-controller-gates.md +0 -75
  183. package/docs/runbooks/post-rollback-verification-checklist.md +0 -37
  184. package/docs/runbooks/pre-release-checklist.md +0 -50
  185. package/docs/runbooks/product-manager-clarification-conversation-example.md +0 -90
  186. package/docs/runbooks/product-manager-daily-operations.md +0 -60
  187. package/docs/runbooks/production-incident-response-walkthrough.md +0 -50
  188. package/docs/runbooks/project-claude-design-rationale.md +0 -188
  189. package/docs/runbooks/project-manager-daily-operations.md +0 -61
  190. package/docs/runbooks/project-manager-planning-conversation-example.md +0 -82
  191. package/docs/runbooks/project-onboarding.md +0 -452
  192. package/docs/runbooks/qa-engineer-daily-operations.md +0 -63
  193. package/docs/runbooks/qa-review-conversation-example.md +0 -87
  194. package/docs/runbooks/release-closure-one-page.md +0 -65
  195. package/docs/runbooks/release-governance-reading-path.md +0 -56
  196. package/docs/runbooks/release-notes-automation.md +0 -48
  197. package/docs/runbooks/release-rollback-recovery-walkthrough.md +0 -47
  198. package/docs/runbooks/requirement-clarity-and-scope-walkthrough.md +0 -46
  199. package/docs/runbooks/reviewdog-pr-gates.md +0 -49
  200. package/docs/runbooks/role-prompt-recipes.md +0 -130
  201. package/docs/runbooks/rtk-integration-intake.md +0 -45
  202. package/docs/runbooks/rtk-token-optimization-usage.md +0 -107
  203. package/docs/runbooks/runner-egress-hardening.md +0 -81
  204. package/docs/runbooks/runtime-capabilities-overview.md +0 -113
  205. package/docs/runbooks/sbom-generation-gates.md +0 -71
  206. package/docs/runbooks/scorecard-supply-chain-gates.md +0 -82
  207. package/docs/runbooks/secret-scanning-gates.md +0 -85
  208. package/docs/runbooks/security-compliance-platform-demo-execution-log.md +0 -36
  209. package/docs/runbooks/security-compliance-platform-demo-script.md +0 -49
  210. package/docs/runbooks/security-compliance-platform-walkthrough.md +0 -98
  211. package/docs/runbooks/slsa-generator-patterns.md +0 -73
  212. package/docs/runbooks/slsa-verification-gates.md +0 -75
  213. package/docs/runbooks/solo-delivery-mode.md +0 -142
  214. package/docs/runbooks/solo-delivery-one-page.md +0 -111
  215. package/docs/runbooks/specialist-commands-playbook.md +0 -85
  216. package/docs/runbooks/sub-agent-invocation-map.md +0 -144
  217. package/docs/runbooks/system-architecture-design-walkthrough.md +0 -49
  218. package/docs/runbooks/team-closeout-example.md +0 -73
  219. package/docs/runbooks/team-command-output-contracts.md +0 -358
  220. package/docs/runbooks/team-commands-quick-prompts.md +0 -125
  221. package/docs/runbooks/team-execute-example.md +0 -63
  222. package/docs/runbooks/team-handoff-example.md +0 -49
  223. package/docs/runbooks/team-intake-example.md +0 -70
  224. package/docs/runbooks/team-plan-example.md +0 -62
  225. package/docs/runbooks/team-release-example.md +0 -63
  226. package/docs/runbooks/team-review-example.md +0 -61
  227. package/docs/runbooks/team-skills-test-run.md +0 -184
  228. package/docs/runbooks/team-skills-usage.md +0 -336
  229. package/docs/runbooks/team-training-reading-path.md +0 -64
  230. package/docs/runbooks/tech-lead-closure-conversation-example.md +0 -78
  231. package/docs/runbooks/tech-lead-daily-operations.md +0 -67
  232. package/docs/runbooks/trivy-security-gates.md +0 -79
  233. package/docs/runbooks/troubleshooting.md +0 -234
  234. package/docs/runbooks/vertical-scenario-capability-matrix.md +0 -107
  235. package/docs/runbooks/witness-policy-gates.md +0 -78
  236. package/docs/runbooks/zizmor-workflow-audits.md +0 -81
@@ -1,120 +0,0 @@
1
- ---
2
- version: "0.1.0"
3
- status: draft
4
- created: 2026-03-29
5
- updated: 2026-03-29
6
- owner: 工程团队
7
- ---
8
-
9
- # IaC 与 Kubernetes 平台演练
10
-
11
- 本文演示一个以 Helm Chart、Kubernetes manifest、policy 和发布门禁为核心的仓库,如何从环境边界澄清、验证分层到 review / release 收口完整跑通。
12
-
13
- ## 1. 场景
14
-
15
- - 仓库当前主要维护 Helm Chart、Kubernetes YAML、Policy 和发布配置
16
- - 团队准备补齐 chart 渲染、schema 校验、policy 校验和 server-side dry-run 四层验证
17
- - 目标不是改业务服务代码,而是把 IaC 变更治理成可分层解释、可发布、可回滚的状态
18
-
19
- ## 2. 推荐链路
20
-
21
- 1. `/team-intake`
22
- 2. `/team-plan`
23
- 3. `/tdd`
24
- 4. `/team-execute`
25
- 5. `/verify`
26
- 6. `/team-review`
27
- 7. `/team-release`
28
-
29
- ## 3. 第一步:/team-intake
30
-
31
- ### 输入示例
32
-
33
- ```text
34
- /team-intake
35
- 目标:补齐 Kubernetes 平台仓库的 chart、schema、policy 和发布门禁
36
- 范围:Helm Chart、manifest、policy、验证脚本、release 说明
37
- 不做:业务服务逻辑改造
38
- 约束:必须区分 helm unittest、kubeconform、conftest/kyverno 和 server-side dry-run 的边界
39
- ```
40
-
41
- ### 期望输出重点
42
-
43
- - 识别这是 IaC / 平台治理任务,而不是普通后端需求
44
- - 明确参与角色至少包括 `tech-lead`、`architect`、`qa-engineer`、`devops-engineer`
45
- - 风险应聚焦环境范围不清、验证层次混淆、回滚路径缺失和发布窗口不明确
46
-
47
- ## 4. 第二步:/team-plan
48
-
49
- ### 需要拆清的动作
50
-
51
- - chart 模板改动与 values 影响范围
52
- - schema 校验与 manifest 结构验证
53
- - policy 校验与组织级规则约束
54
- - server-side dry-run 与 release 前预检
55
- - review、release 和回滚记录位置
56
-
57
- ### 合格输出应该回答
58
-
59
- 1. 哪些问题属于 chart 层
60
- 2. 哪些属于 schema 层
61
- 3. 哪些属于 policy 层
62
- 4. 哪些属于 API server 接收层
63
- 5. 最终如何进入 `/team-review` 和 `/team-release`
64
-
65
- ## 5. 第三步:/tdd
66
-
67
- 在这类仓库里,`/tdd` 重点不是业务单测,而是先锁验证分层和完成标准:
68
-
69
- - chart、schema、policy、server-side 四层边界是否说清
70
- - 哪些验证结果必须进入 review
71
- - 哪些结果必须进入 release 与回滚说明
72
- - 失败时如何判断是模板问题、结构问题还是策略问题
73
-
74
- ## 6. 第四步:/team-execute
75
-
76
- 执行阶段通常包含:
77
-
78
- - 调整 Helm Chart 或 manifest
79
- - 补 Helm unittest、schema 校验与 policy 门禁
80
- - 补 server-side dry-run 或等价发布前预检
81
- - 更新 release 说明、回滚说明和 review 摘要
82
-
83
- 本阶段输出至少应包含:
84
-
85
- - 变更摘要
86
- - 影响环境
87
- - 分层校验结果
88
- - 剩余风险和例外项
89
-
90
- ## 7. 第五步:/verify
91
-
92
- Verify 阶段要回答:
93
-
94
- - chart 渲染是否符合预期
95
- - manifest 是否通过 schema 校验
96
- - policy 是否还有阻塞项
97
- - server-side 预检是否通过
98
- - 哪些风险仍需 release 阶段继续观察
99
-
100
- ## 8. 第六步:/team-review 与 /team-release
101
-
102
- ### Review 阶段要回答
103
-
104
- - 当前阻塞项来自哪一层验证
105
- - 哪些例外被暂时接受
106
- - 哪些变更会影响环境或回滚复杂度
107
-
108
- ### Release 阶段要回答
109
-
110
- - 哪些环境将被影响
111
- - 回滚是回 chart、回 values 还是回 policy
112
- - 发布窗口、依赖条件和失败时的退回路径是什么
113
-
114
- ## 9. 常见错误
115
-
116
- - 把 Helm unittest、kubeconform、policy 和 dry-run 混成一个结论
117
- - 只看 CI 通过,不记录环境范围和回滚方式
118
- - 没把验证结果回写到 review / release
119
-
120
- 建议配合阅读:[helm-unittest-playbook.md](helm-unittest-playbook.md)、[kubeconform-schema-gates.md](kubeconform-schema-gates.md)、[conftest-policy-gates.md](conftest-policy-gates.md)、[kubectl-server-dry-run-gates.md](kubectl-server-dry-run-gates.md)
@@ -1,67 +0,0 @@
1
- ---
2
- version: "0.1.0"
3
- status: draft
4
- created: 2026-03-29
5
- updated: 2026-03-29
6
- owner: 工程团队
7
- ---
8
-
9
- # 实施接入阅读路径
10
-
11
- 本文面向准备把 Team Skills Platform 接入新仓库的人,目标不是讲全,而是把阅读顺序压到最短。
12
-
13
- ## 1. 适合谁
14
-
15
- - Tech Lead
16
- - Architect
17
- - Project Manager
18
- - 负责新仓库 onboarding 的实施人
19
-
20
- ## 2. 先回答三个问题
21
-
22
- ### 2.1 我从哪个模板起手
23
-
24
- 先看 [../../examples/INDEX.md](../../examples/INDEX.md) 和 [../../examples/project-type-starter-playbook.md](../../examples/project-type-starter-playbook.md)。
25
-
26
- ### 2.2 我这个项目能不能直接套现成 vertical 材料
27
-
28
- 先看 [vertical-scenario-capability-matrix.md](vertical-scenario-capability-matrix.md),再按需进入对应 walkthrough、demo script 和 execution log。
29
-
30
- ### 2.3 我需要先装平台还是先跑第一条任务
31
-
32
- 先看 [project-onboarding.md](project-onboarding.md),再按最小闭环进入 [first-team-workflow-walkthrough.md](first-team-workflow-walkthrough.md)。
33
-
34
- ## 3. 推荐顺序
35
-
36
- 1. [../presentation/implementation-onboarding-brief.md](../presentation/implementation-onboarding-brief.md)
37
- 2. [project-onboarding.md](project-onboarding.md)
38
- 3. [../../examples/INDEX.md](../../examples/INDEX.md)
39
- 4. [../../examples/project-type-starter-playbook.md](../../examples/project-type-starter-playbook.md)
40
- 5. [vertical-scenario-capability-matrix.md](vertical-scenario-capability-matrix.md)
41
- 6. [first-team-workflow-walkthrough.md](first-team-workflow-walkthrough.md)
42
-
43
- ## 4. 接入时的最短判断
44
-
45
- - 已知项目类型:直接从 examples 模板起手
46
- - 已知 vertical:直接从矩阵检查 starter、walkthrough、demo 是否齐全
47
- - 只想先跑通主链:跳过 vertical,先走 onboarding + walkthrough
48
- - 需要 overlay / runbook / toolkit 边界:补看 [custom-overlay.md](custom-overlay.md)
49
-
50
- ## 5. 最小执行顺序
51
-
52
- 1. 运行安装与接入准备:看 [project-onboarding.md](project-onboarding.md)
53
- 2. 准备项目级入口:从 [../../examples/project-CLAUDE.md](../../examples/project-CLAUDE.md) 或对应 vertical 模板复制
54
- 3. 跑第一条主链:按 [first-team-workflow-walkthrough.md](first-team-workflow-walkthrough.md)
55
- 4. 需要专项能力时,再补 [specialist-commands-playbook.md](specialist-commands-playbook.md)
56
-
57
- ## 6. 常见误区
58
-
59
- - 先看完所有文档才开始接入,导致 onboarding 变成重阅读任务
60
- - 已经命中某个 vertical,却仍然只用通用模板起手
61
- - 把历史企业扩展导入区当成正式接入入口
62
-
63
- ## 7. 继续往下看什么
64
-
65
- - 想按 Claude 端进入:看 [claude-usage-scenarios.md](claude-usage-scenarios.md)
66
- - 想按 Codex 端进入:看 [codex-usage-scenarios.md](codex-usage-scenarios.md)
67
- - 想给团队做培训:看 [team-training-reading-path.md](team-training-reading-path.md)
@@ -1,94 +0,0 @@
1
- # In-Toto Attestation 设计参考手册
2
-
3
- 本手册承接 `in-toto/attestation` 的工程实践,用于帮助团队设计 attestation 的 predicate、schema 和 evidence model。它补的是“我们要证明什么、证据长什么样、证据如何串成链”这一层,不替代 `artifact-attestation-gates`、`slsa-verification-gates`、`cosign-signing-gates` 或 `policy-controller-gates`。
4
-
5
- ## 适用场景
6
-
7
- - 团队已经开始做构建证明、签名或 provenance 管理,但还没有统一的 attestation 结构设计。
8
- - 需要把 build、test、scan、sign、approval 这些事件串成可检索、可验证、可归档的证据链。
9
- - 希望为不同产物定义可演进的 predicate,而不是把所有信息都塞进一个不可维护的大 JSON。
10
- - 需要跨团队对齐“哪些事实进入 attestation,哪些事实留在 release note、runbook 或审计记录里”。
11
-
12
- ## 不适用场景
13
-
14
- - 当前还没有任何稳定的发布制品或构建链,却先讨论 attestation schema。
15
- - 团队只是想找一个“能生成 attestation 的工具”,而不是设计自己的证据模型。
16
- - 需要解决漏洞扫描、许可证审查、签名验证或集群强制策略时,把 attestation 当成万能入口。
17
- - 团队没有人愿意维护 predicate 版本、schema 迁移和验证规则。
18
-
19
- ## 推荐落地方式
20
-
21
- 1. 先回答“我们到底要证明什么”,再决定 predicate 的字段,而不是反过来先抄一个 schema。
22
- 2. 第一阶段只设计少量高价值 predicate:
23
- - `build`:源码、workflow、runner、digest、输出产物
24
- - `test`:测试范围、环境、结果摘要、失败边界
25
- - `scan`:扫描对象、规则集、结论、例外项
26
- - `sign`:签名对象、签名主体、时间与版本
27
- - `approval`:谁批准、批准范围、批准前提
28
- 3. 采用分层模型组织 attestation:
29
- - `subject layer`:被证明的 artifact、镜像、release asset 或 bundle
30
- - `predicate layer`:关于 subject 的事实,按事件类型拆分
31
- - `evidence layer`:签名、证书、时间戳、来源 URI、digest
32
- - `policy layer`:哪些 predicate 是必需的,哪些可以选配
33
- 4. 设计 schema 时优先考虑版本化和可演进性:
34
- - 字段名稳定,新增字段向后兼容
35
- - predicate type 有明确命名空间
36
- - schema 版本和验证规则能一起升级
37
- 5. 将 attestation 与现有链路分层:
38
- - `artifact-attestation-gates` 负责构建产物 provenance
39
- - `slsa-verification-gates` 负责独立验证
40
- - `cosign-signing-gates` 负责签名与验签
41
- - `policy-controller-gates` 负责在 admission 层把证据转成强制策略
42
- 6. 结果必须回写到 `/team-release`、审计记录或制品元数据,不让 attestation 只停在某个仓库对象里。
43
-
44
- ## 最小门禁模型
45
-
46
- - `subject layer`:被证明的产物或对象。
47
- - `predicate layer`:build/test/scan/sign/approval 等事实,按事件类型分开。
48
- - `evidence layer`:证据来源、签名、时间戳、digest 与可追溯链接。
49
- - `verification layer`:如何校验 predicate 与 subject 是否匹配。
50
- - `decision layer`:`architect`、`devops-engineer`、`tech-lead` 决定证据是否足以放行。
51
-
52
- 重点不是“有一份 JSON”,而是这份 JSON 是否能稳定回答三个问题:
53
-
54
- - 这是什么对象。
55
- - 这个对象经历了什么。
56
- - 这些事实是谁提供、谁验证、谁批准的。
57
-
58
- ## 重点检查项
59
-
60
- - predicate 是否按事件类型拆分,而不是把所有事实写进一个超大结构。
61
- - schema 是否有明确版本号、兼容策略和字段语义说明。
62
- - evidence 是否记录了 subject digest、来源 URI 和生成时间,避免“证据和对象对不上”。
63
- - 设计是否区分事实、判断和审批,避免把所有人类意见都塞进同一层。
64
- - 证据链是否能和 `artifact-attestation-gates`、`slsa-verification-gates`、`cosign-signing-gates` 互相引用。
65
- - 是否清楚哪些字段属于 attestation,哪些字段应留在 release note、runbook 或审计记录。
66
-
67
- ## 反模式
68
-
69
- - 先选工具,再倒推 schema,最后 attestation 变成工具输出的副作用。
70
- - 把 build、test、scan、approval 的所有细节都堆在一份 predicate 里,后续无法演进。
71
- - 只有 attestation,没有 subject digest 或来源链接,导致证据无法复查。
72
- - schema 变更时没有版本策略,旧证据无法验证,新证据又和旧链路不兼容。
73
- - 把 attestation 当成“安全结论本身”,忽略了它只是证据承载层。
74
-
75
- ## 输出回落
76
-
77
- - 设计阶段:把 predicate 类型、字段含义、版本号和证据来源写入设计文档或 API contract。
78
- - 构建阶段:把生成的 attestation 与 artifact digest、workflow、build id 或 release asset 关联起来。
79
- - 发布阶段:把 attestation 的定位方式、关键证据和验证结果写入 `/team-release`。
80
- - 审计阶段:若需要追溯某次发布,必须能从 release 记录定位到对应 attestation,并反查到 subject 和 predicate。
81
-
82
- ## 许可证与使用边界
83
-
84
- - `in-toto/attestation` 采用 Apache-2.0。
85
- - 引入前应确认团队是否具备维护 predicate schema、版本迁移和验证规则的能力。
86
- - 如果只是想做“能记录构建来源”,优先走 `artifact-attestation-gates`;如果要做“验证是否可信”,优先走 `slsa-verification-gates`。
87
-
88
- ## 参考来源
89
-
90
- - [in-toto/attestation](https://github.com/in-toto/attestation)
91
- - [artifact-attestation-gates.md](artifact-attestation-gates.md)
92
- - [slsa-verification-gates.md](slsa-verification-gates.md)
93
- - [cosign-signing-gates.md](cosign-signing-gates.md)
94
- - [policy-controller-gates.md](policy-controller-gates.md)
@@ -1,43 +0,0 @@
1
- ---
2
- version: "0.1.0"
3
- status: draft
4
- created: 2026-03-28
5
- updated: 2026-03-28
6
- owner: 工程团队
7
- ---
8
-
9
- # 事故分级与应急决策树
10
-
11
- 本文用于事故发生后的前几分钟内快速分级,决定是止血、回滚还是继续排查。
12
-
13
- ## 1. 快速分级
14
-
15
- - P1:关键流程不可用,影响核心用户路径
16
- - P2:关键流程部分可用,但错误率明显升高
17
- - P3:非核心路径异常或局部功能退化
18
-
19
- ## 2. 决策树
20
-
21
- - 如果核心路径不可用:优先止血或回滚
22
- - 如果核心路径可用但波动明显:先限制影响面,再继续验证
23
- - 如果问题局部可控:记录问题,按 hotfix 或后续版本处理
24
-
25
- ## 3. 最小止血动作
26
-
27
- - 回滚
28
- - 关闭入口或降级
29
- - 限流或隔离问题流量
30
-
31
- ## 4. 什么时候必须升级
32
-
33
- - 多角色连续两轮仍无法统一结论
34
- - 问题已影响发布窗口或灰度计划
35
- - 问题已超出当前值守角色可控范围
36
-
37
- ## 5. 常见错误
38
-
39
- - 先争论根因,后做止血
40
- - 没有单点决策人
41
- - 止血后没有后续动作记录
42
-
43
- 相关长文档见:[production-incident-response-walkthrough.md](production-incident-response-walkthrough.md)、[hotfix-emergency-release-walkthrough.md](hotfix-emergency-release-walkthrough.md)
@@ -1,65 +0,0 @@
1
- ---
2
- version: "0.1.0"
3
- status: draft
4
- created: 2026-03-28
5
- updated: 2026-03-28
6
- owner: 工程团队
7
- ---
8
-
9
- # 事故分诊一页速查
10
-
11
- 本文面向线上异常、灰度问题、回滚判断这类必须快速分诊的场景。
12
-
13
- ## 1. 什么时候用这页
14
-
15
- - 灰度后出现错误率、时延或关键业务异常
16
- - 不确定应该先回滚、先止血还是先继续观察
17
- - 需要让 QA、DevOps、Tech Lead 快速形成统一动作
18
-
19
- ## 2. 最短起手方式
20
-
21
- ```text
22
- /team-review
23
- 当前灰度期间出现异常,请按事故处理视角输出:问题等级、阻塞结论、建议动作、是否进入回滚、下一角色责任链。
24
- ```
25
-
26
- ## 3. 最短判断顺序
27
-
28
- 1. 先判断是否影响核心业务和用户面
29
- 2. 再判断是否需要立即止血或回滚
30
- 3. 再决定是继续观察、进入 incident runbook,还是重新 review
31
-
32
- ## 4. 最短结论模板
33
-
34
- ```text
35
- 评审结论
36
- - 结论:暂缓放量
37
- - 影响:审批回调时延升高,已影响部分用户
38
-
39
- 建议动作
40
- - 立即停止扩量
41
- - DevOps 准备回滚路径
42
- - QA 补关键路径复验
43
- - Tech Lead 判断是否升级为正式事故处理
44
- ```
45
-
46
- ## 5. 谁该先做什么
47
-
48
- - QA:确认影响范围和复现条件
49
- - DevOps:准备止血和回滚动作
50
- - Tech Lead:做优先级和升级判断
51
- - 研发:定位根因并给出修复或回滚建议
52
-
53
- ## 6. 快速参考顺序
54
-
55
- 1. [incident-severity-triage-tree.md](incident-severity-triage-tree.md)
56
- 2. [production-incident-response-walkthrough.md](production-incident-response-walkthrough.md)
57
- 3. [release-rollback-recovery-walkthrough.md](release-rollback-recovery-walkthrough.md)
58
-
59
- ## 7. 常见错误
60
-
61
- - 还没判断影响等级,就开始讨论技术细节
62
- - 已经满足回滚条件,却继续拖着观察
63
- - 问题已经进入事故处理,但主链结论还停留在普通 review
64
-
65
- 如果你要看发布前后的完整上下文,继续看 [release-closure-one-page.md](release-closure-one-page.md) 和 [release-governance-reading-path.md](release-governance-reading-path.md)。
@@ -1,36 +0,0 @@
1
- ---
2
- version: "0.1.0"
3
- status: draft
4
- created: 2026-03-29
5
- updated: 2026-03-29
6
- owner: 工程团队
7
- ---
8
-
9
- # 内部开发者平台演示执行记录
10
-
11
- 本文记录一条内部开发者平台演示路径,重点展示团队如何把入口行为、模板验证、失败兜底和发布依赖整理成结构化交付链路。
12
-
13
- ## 1. 场景定义
14
-
15
- - 背景:仓库维护开发者门户、自助模板和平台集成点
16
- - 目标:把入口交付从“功能可用”升级成“可验证、可交接、可发布”的状态
17
-
18
- ## 2. 关键阶段
19
-
20
- - `/team-intake`:锁入口、模板、权限和发布前提
21
- - `/team-plan`:拆平台 API、模板行为和失败兜底
22
- - `/tdd`:定义成功 / 失败路径和人工介入条件
23
- - `/handoff`:把验证范围和剩余风险交给下游角色
24
- - `/team-review`、`/team-release`:形成正式上线结论
25
-
26
- ## 3. 校验结果
27
-
28
- ```text
29
- Validation passed.
30
- - Roles: 8
31
- - Shared skills: 3
32
- - ECC skills: 9
33
- - Private overlay skills: not shipped in public repo
34
- - Specialist agents: 27
35
- - Generated artifacts: 70
36
- ```
@@ -1,42 +0,0 @@
1
- ---
2
- version: "0.1.0"
3
- status: draft
4
- created: 2026-03-29
5
- updated: 2026-03-29
6
- owner: 工程团队
7
- ---
8
-
9
- # 内部开发者平台演示剧本
10
-
11
- 本文是一份可直接照着讲的演示脚本,面向开发者入口、自助模板、平台 API 和失败兜底路径场景。
12
-
13
- ## 1. 演示目标
14
-
15
- - 说明平台入口为什么必须同时讲成功和失败路径
16
- - 说明 `/tdd` 如何前置锁定模板行为和人工介入条件
17
- - 说明 `/handoff` 如何把开发者体验和发布前提交给下游角色
18
-
19
- ## 2. 演示脚本
20
-
21
- ### Step 1. 先讲开发者入口不是只有 happy path
22
-
23
- ```text
24
- 内部开发者平台最容易被低估的,不是入口本身,而是失败兜底、人工介入和发布前提。
25
- ```
26
-
27
- ### Step 2. 用 `/team-intake` 锁边界
28
-
29
- ```text
30
- /team-intake
31
- 目标:为内部开发者平台新增自助交付入口并补齐模板、验证和发布说明
32
- 范围:门户入口、平台 API、模板行为、测试计划、release 说明
33
- 不做:无关业务系统改造
34
- 约束:必须说明失败兜底、人工介入路径、权限边界和发布前提
35
- ```
36
-
37
- ### Step 3. 用 `/handoff` 收口
38
-
39
- ```text
40
- /handoff
41
- 请把当前平台实现与验证结果整理成可直接交给 QA、DevOps 或下一角色的结构化内容,明确入口行为、失败兜底、已验证范围和剩余风险。
42
- ```
@@ -1,91 +0,0 @@
1
- ---
2
- version: "0.1.0"
3
- status: draft
4
- created: 2026-03-29
5
- updated: 2026-03-29
6
- owner: 工程团队
7
- ---
8
-
9
- # 内部开发者平台演练
10
-
11
- 本文演示一个以开发者入口、自助模板、平台 API 和交付体验为核心的内部开发者平台仓库,如何从需求澄清到 handoff / release 收口完整跑通。
12
-
13
- ## 1. 场景
14
-
15
- - 仓库当前主要维护开发者门户、服务模板和平台集成能力
16
- - 团队准备新增一个自助交付入口,并同步补齐模板行为与发布说明
17
- - 目标不是做单点业务功能,而是把入口体验和交付链治理成可验证、可交接、可发布的状态
18
-
19
- ## 2. 推荐链路
20
-
21
- 1. `/team-intake`
22
- 2. `/team-plan`
23
- 3. `/tdd`
24
- 4. `/team-execute`
25
- 5. `/handoff`
26
- 6. `/team-review`
27
- 7. `/team-release`
28
-
29
- ## 3. 第一步:/team-intake
30
-
31
- ### 输入示例
32
-
33
- ```text
34
- /team-intake
35
- 目标:为内部开发者平台新增自助交付入口并补齐模板、验证和发布说明
36
- 范围:门户入口、平台 API、模板行为、测试计划、release 说明
37
- 不做:无关业务系统改造
38
- 约束:必须说明失败兜底、人工介入路径、权限边界和发布前提
39
- ```
40
-
41
- ## 4. 第二步:/team-plan
42
-
43
- ### 需要拆清的动作
44
-
45
- - 门户入口与模板行为
46
- - 平台 API 与权限边界
47
- - 失败兜底与人工介入路径
48
- - handoff、review、release 收口方式
49
-
50
- ## 5. 第三步:/tdd
51
-
52
- 重点是先锁:
53
-
54
- - 开发者入口成功 / 失败路径
55
- - 模板与 API 的边界
56
- - 人工介入条件
57
- - QA 和 DevOps 需要接到哪些信息
58
-
59
- ## 6. 第四步:/team-execute
60
-
61
- 执行阶段通常包含:
62
-
63
- - 调整门户或模板入口
64
- - 调整平台 API 或编排逻辑
65
- - 更新交付说明和发布前提
66
-
67
- ## 7. 第五步:/handoff
68
-
69
- handoff 需要明确:
70
-
71
- - 入口行为与验证范围
72
- - 失败兜底和人工介入方式
73
- - 剩余风险和发布依赖
74
-
75
- ## 8. 第六步:/team-review 与 /team-release
76
-
77
- ### Review 阶段要回答
78
-
79
- - 当前开发者自助体验是否已经稳定
80
- - 是否仍有阻塞交付的集成风险
81
-
82
- ### Release 阶段要回答
83
-
84
- - 发布前提是什么
85
- - 出现故障时如何退回人工路径或旧入口
86
-
87
- ## 9. 常见错误
88
-
89
- - 只写 happy path,不写失败兜底
90
- - handoff 不写清验证范围,导致 QA 重新摸索
91
- - release 不说明入口切换与回退方式
@@ -1,27 +0,0 @@
1
- # Karpathy Guidelines Usage
2
-
3
- `karpathy-guidelines` 是一层行为护栏,不是新的主链命令,也不是 `coding-standards`、`tdd-workflow`、`verification-loop` 的替代品。
4
-
5
- ## 什么时候用
6
-
7
- - 任务描述有歧义,但又很容易让代理“猜一个就开始写”
8
- - 变更本来应该很小,却有过度设计风险
9
- - 需要明确哪些地方能改、哪些地方只能记录不能顺手清理
10
- - 想先把“成功长什么样”说清楚,再进入 TDD 或实现
11
-
12
- ## 推荐搭配
13
-
14
- 1. 先用 `karpathy-guidelines` 收敛假设、简化方案、锁定改动边界和成功标准
15
- 2. 进入实现后,用 `coding-standards` 或相应语言/框架 skill 保持代码质量
16
- 3. 涉及新行为或 bugfix 时,接 `tdd-workflow`
17
- 4. 收尾前,用 `verification-loop` 给出 fresh verification evidence
18
-
19
- ## 不做什么
20
-
21
- - 不替你生成完整实现计划
22
- - 不替代语言/框架专项 skill
23
- - 不强制修改 `/team-*` 主链或 role agent 默认行为
24
-
25
- ## 一个简短判断
26
-
27
- 如果你担心代理会“误解需求、做复杂、顺手多改、没定义成功标准”,就先用 `$karpathy-guidelines`。