@colin4k1024/tsp 2.4.4 → 2.4.6

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (236) hide show
  1. package/README.md +16 -20
  2. package/bin/lib/install-surface.js +3 -3
  3. package/bin/lib/source-installer.js +2 -2
  4. package/commands/team-help.md +2 -2
  5. package/commands/team-plan.md +1 -1
  6. package/commands/update-codemaps.md +3 -3
  7. package/manifests/install-components.json +1 -1
  8. package/manifests/install-modules.json +17 -3
  9. package/manifests/install-profiles.json +2 -0
  10. package/package.json +6 -3
  11. package/schemas/ecc-install-config.schema.json +6 -1
  12. package/schemas/install-modules.schema.json +4 -1
  13. package/scripts/codegraph-preflight.js +179 -0
  14. package/scripts/gitnexus-preflight.js +8 -0
  15. package/scripts/install-apply.js +10 -8
  16. package/scripts/install-codegraph.js +158 -0
  17. package/scripts/install-plan.js +28 -11
  18. package/scripts/lib/install/apply.js +256 -5
  19. package/scripts/lib/install/request.js +3 -2
  20. package/scripts/lib/install-audit-manifest.js +3 -0
  21. package/scripts/lib/install-executor.js +14 -5
  22. package/scripts/lib/install-lifecycle.js +2 -2
  23. package/scripts/lib/install-manifests.js +23 -4
  24. package/scripts/lib/install-targets/codex-home.js +187 -1
  25. package/scripts/lib/install-targets/opencode-home.js +135 -2
  26. package/scripts/lib/install-targets/registry.js +23 -1
  27. package/scripts/lib/release-health.js +19 -4
  28. package/scripts/lib/team-skills-data.json +6 -6
  29. package/scripts/release-health-summary.js +1 -1
  30. package/scripts/workflow-help.js +3 -3
  31. package/skills/codegraph/SKILL.md +57 -0
  32. package/skills/codegraph/agents/openai.yaml +4 -0
  33. package/docs/.vitepress/config.mts +0 -199
  34. package/docs/adr/ADR-001-doc-architecture-integration.md +0 -33
  35. package/docs/guides/README.md +0 -5
  36. package/docs/guides/installation.md +0 -33
  37. package/docs/guides/user-guide.md +0 -36
  38. package/docs/index.md +0 -65
  39. package/docs/memory/backlog.md +0 -10
  40. package/docs/memory/decisions.md +0 -43
  41. package/docs/memory/lessons-learned.md +0 -87
  42. package/docs/plans/2026-04-03-python-remnants-audit.md +0 -265
  43. package/docs/plans/2026-04-03-scripts-python-to-js-migration.md +0 -372
  44. package/docs/plans/2026-04-03-solo-delivery-execution-checklist.md +0 -413
  45. package/docs/plans/2026-04-03-solo-delivery-gap-plan.md +0 -377
  46. package/docs/plans/2026-04-03-team-skills-workflow-gates.md +0 -548
  47. package/docs/plans/2026-04-21-open-source-readiness-gap-plan.md +0 -217
  48. package/docs/plans/llm-surface-reduction-audit.md +0 -147
  49. package/docs/plans/llm-surface-reduction-execution-checklist.md +0 -217
  50. package/docs/plans/llm-surface-reduction-execution-history.md +0 -124
  51. package/docs/plans/team-skills-platform-migration.md +0 -54
  52. package/docs/presentation/README.md +0 -42
  53. package/docs/presentation/audience-presentation-route-map.md +0 -84
  54. package/docs/presentation/executive-briefing-talk-track.md +0 -50
  55. package/docs/presentation/generate_capability_matrix.py +0 -396
  56. package/docs/presentation/generate_ppt.py +0 -354
  57. package/docs/presentation/implementation-onboarding-brief.md +0 -38
  58. package/docs/presentation/presentation-talk-track.md +0 -97
  59. package/docs/presentation/vertical-scenario-route-map.md +0 -99
  60. package/docs/presentation/workshop-facilitator-guide.md +0 -47
  61. package/docs/runbooks/actionlint-workflow-gates.md +0 -80
  62. package/docs/runbooks/agent-governance.md +0 -131
  63. package/docs/runbooks/ai-eval-platform-demo-execution-log.md +0 -147
  64. package/docs/runbooks/ai-eval-platform-demo-script.md +0 -136
  65. package/docs/runbooks/ai-eval-platform-walkthrough.md +0 -113
  66. package/docs/runbooks/ai-pr-review-automation.md +0 -56
  67. package/docs/runbooks/api-breaking-change-gates.md +0 -58
  68. package/docs/runbooks/api-design-evolution-walkthrough.md +0 -42
  69. package/docs/runbooks/api-lint-gates.md +0 -57
  70. package/docs/runbooks/api-mocking-strategy-and-lifecycle-guide.md +0 -47
  71. package/docs/runbooks/architect-daily-operations.md +0 -63
  72. package/docs/runbooks/architect-design-conversation-example.md +0 -83
  73. package/docs/runbooks/artifact-attestation-gates.md +0 -75
  74. package/docs/runbooks/artifact-persistence.md +0 -257
  75. package/docs/runbooks/backend-engineer-daily-operations.md +0 -63
  76. package/docs/runbooks/batch-optimization-completion-checklist.md +0 -104
  77. package/docs/runbooks/biz-service-designer-end-to-end-conversation-example.md +0 -5
  78. package/docs/runbooks/biz-service-designer-toolkit.md +0 -5
  79. package/docs/runbooks/bug-fix-complete-walkthrough.md +0 -60
  80. package/docs/runbooks/build-failure-recovery-walkthrough.md +0 -40
  81. package/docs/runbooks/canary-decision-matrix.md +0 -41
  82. package/docs/runbooks/canary-staging-release-walkthrough.md +0 -46
  83. package/docs/runbooks/checkov-iac-gates.md +0 -104
  84. package/docs/runbooks/claude-code-review-workflow.md +0 -72
  85. package/docs/runbooks/claude-conversation-prompt-recipes.md +0 -132
  86. package/docs/runbooks/claude-end-to-end-conversation-example.md +0 -198
  87. package/docs/runbooks/claude-feature-development-guide.md +0 -112
  88. package/docs/runbooks/claude-quick-start.md +0 -227
  89. package/docs/runbooks/claude-usage-scenarios.md +0 -176
  90. package/docs/runbooks/code-review-collaboration-walkthrough.md +0 -65
  91. package/docs/runbooks/codeql-pr-security-gates.md +0 -64
  92. package/docs/runbooks/codex-end-to-end-conversation-example.md +0 -166
  93. package/docs/runbooks/codex-multi-agent-orchestration.md +0 -65
  94. package/docs/runbooks/codex-parallel-prompt-recipes.md +0 -131
  95. package/docs/runbooks/codex-quick-start.md +0 -223
  96. package/docs/runbooks/codex-usage-scenarios.md +0 -168
  97. package/docs/runbooks/codex-workflow-essentials.md +0 -88
  98. package/docs/runbooks/command-and-capability-matrix.md +0 -162
  99. package/docs/runbooks/conftest-policy-gates.md +0 -84
  100. package/docs/runbooks/consumer-driven-contract-testing-with-mock-alignment.md +0 -45
  101. package/docs/runbooks/contract-testing-playbook.md +0 -78
  102. package/docs/runbooks/cosign-signing-gates.md +0 -71
  103. package/docs/runbooks/cross-role-issue-triage-walkthrough.md +0 -47
  104. package/docs/runbooks/cursor-quick-start.md +0 -123
  105. package/docs/runbooks/custom-overlay.md +0 -115
  106. package/docs/runbooks/data-ml-pipeline-demo-execution-log.md +0 -141
  107. package/docs/runbooks/data-ml-pipeline-demo-script.md +0 -102
  108. package/docs/runbooks/data-ml-pipeline-walkthrough.md +0 -119
  109. package/docs/runbooks/data-observability-quality-demo-execution-log.md +0 -36
  110. package/docs/runbooks/data-observability-quality-demo-script.md +0 -42
  111. package/docs/runbooks/data-observability-quality-walkthrough.md +0 -86
  112. package/docs/runbooks/demo-deliverables-overview.md +0 -278
  113. package/docs/runbooks/demo-execution-log.md +0 -530
  114. package/docs/runbooks/demo-scenario.md +0 -129
  115. package/docs/runbooks/dependency-review-gates.md +0 -63
  116. package/docs/runbooks/dependency-update-automation.md +0 -83
  117. package/docs/runbooks/design-md-workflow.md +0 -185
  118. package/docs/runbooks/devops-engineer-daily-operations.md +0 -60
  119. package/docs/runbooks/devops-release-conversation-example.md +0 -88
  120. package/docs/runbooks/doc-architecture-integration.md +0 -59
  121. package/docs/runbooks/doc-architecture-quick-start.md +0 -122
  122. package/docs/runbooks/document-execution-audit.md +0 -32
  123. package/docs/runbooks/documentation-update-walkthrough.md +0 -37
  124. package/docs/runbooks/ecc-harness-usage.md +0 -93
  125. package/docs/runbooks/error-experience-usage.md +0 -116
  126. package/docs/runbooks/evolution-usage.md +0 -162
  127. package/docs/runbooks/executive-value-one-page.md +0 -55
  128. package/docs/runbooks/external-capability-approval-and-enablement-workflow.md +0 -39
  129. package/docs/runbooks/external-capability-intake.md +0 -160
  130. package/docs/runbooks/first-team-command-60-seconds.md +0 -96
  131. package/docs/runbooks/first-team-workflow-walkthrough.md +0 -245
  132. package/docs/runbooks/frontend-backend-integration-acceptance-checklist.md +0 -46
  133. package/docs/runbooks/frontend-backend-parallel-integration-walkthrough.md +0 -48
  134. package/docs/runbooks/frontend-bugfix-one-page.md +0 -82
  135. package/docs/runbooks/frontend-engineer-daily-operations.md +0 -60
  136. package/docs/runbooks/frontend-enterprise-style-profile.md +0 -5
  137. package/docs/runbooks/frontend-governance.md +0 -47
  138. package/docs/runbooks/frontend-refactor-walkthrough.md +0 -42
  139. package/docs/runbooks/git-pr-workflow.md +0 -63
  140. package/docs/runbooks/github-actions-supply-chain-demo-execution-log.md +0 -158
  141. package/docs/runbooks/github-actions-supply-chain-demo-script.md +0 -150
  142. package/docs/runbooks/github-actions-supply-chain-walkthrough.md +0 -117
  143. package/docs/runbooks/github-token-permissions-baseline.md +0 -92
  144. package/docs/runbooks/gitlab-manual-pipeline-release.md +0 -5
  145. package/docs/runbooks/gitlab-release-integration-playbook.md +0 -5
  146. package/docs/runbooks/gitnexus-code-intelligence-usage.md +0 -133
  147. package/docs/runbooks/graphify-knowledge-graph-usage.md +0 -88
  148. package/docs/runbooks/handoff-filling-guide-with-examples.md +0 -70
  149. package/docs/runbooks/handoff-governance.md +0 -250
  150. package/docs/runbooks/helm-unittest-playbook.md +0 -101
  151. package/docs/runbooks/hotfix-emergency-release-walkthrough.md +0 -60
  152. package/docs/runbooks/iac-kubernetes-platform-demo-execution-log.md +0 -144
  153. package/docs/runbooks/iac-kubernetes-platform-demo-script.md +0 -130
  154. package/docs/runbooks/iac-kubernetes-platform-walkthrough.md +0 -120
  155. package/docs/runbooks/implementation-onboarding-reading-path.md +0 -67
  156. package/docs/runbooks/in-toto-attestation-framework.md +0 -94
  157. package/docs/runbooks/incident-severity-triage-tree.md +0 -43
  158. package/docs/runbooks/incident-triage-one-page.md +0 -65
  159. package/docs/runbooks/internal-developer-platform-demo-execution-log.md +0 -36
  160. package/docs/runbooks/internal-developer-platform-demo-script.md +0 -42
  161. package/docs/runbooks/internal-developer-platform-walkthrough.md +0 -91
  162. package/docs/runbooks/karpathy-guidelines-usage.md +0 -27
  163. package/docs/runbooks/kubeconform-schema-gates.md +0 -100
  164. package/docs/runbooks/kubectl-server-dry-run-gates.md +0 -103
  165. package/docs/runbooks/kyverno-policy-gates.md +0 -90
  166. package/docs/runbooks/langfuse-and-observability-integration-guide.md +0 -43
  167. package/docs/runbooks/langfuse-coding-trace.md +0 -44
  168. package/docs/runbooks/mobile-miniapp-delivery-walkthrough.md +0 -112
  169. package/docs/runbooks/mobile-miniapp-demo-execution-log.md +0 -139
  170. package/docs/runbooks/mobile-miniapp-demo-script.md +0 -129
  171. package/docs/runbooks/multi-service-backend-integration-walkthrough.md +0 -61
  172. package/docs/runbooks/open-design-integration.md +0 -163
  173. package/docs/runbooks/open-source-release-checklist.md +0 -90
  174. package/docs/runbooks/opencode-quick-start.md +0 -128
  175. package/docs/runbooks/parallel-development-coordination-walkthrough.md +0 -47
  176. package/docs/runbooks/parallel-execution-usage.md +0 -179
  177. package/docs/runbooks/platform-capability-demo-execution-log.md +0 -184
  178. package/docs/runbooks/platform-capability-demo-script.md +0 -192
  179. package/docs/runbooks/plugin-extension-platform-demo-execution-log.md +0 -136
  180. package/docs/runbooks/plugin-extension-platform-demo-script.md +0 -102
  181. package/docs/runbooks/plugin-extension-platform-walkthrough.md +0 -111
  182. package/docs/runbooks/policy-controller-gates.md +0 -75
  183. package/docs/runbooks/post-rollback-verification-checklist.md +0 -37
  184. package/docs/runbooks/pre-release-checklist.md +0 -50
  185. package/docs/runbooks/product-manager-clarification-conversation-example.md +0 -90
  186. package/docs/runbooks/product-manager-daily-operations.md +0 -60
  187. package/docs/runbooks/production-incident-response-walkthrough.md +0 -50
  188. package/docs/runbooks/project-claude-design-rationale.md +0 -188
  189. package/docs/runbooks/project-manager-daily-operations.md +0 -61
  190. package/docs/runbooks/project-manager-planning-conversation-example.md +0 -82
  191. package/docs/runbooks/project-onboarding.md +0 -452
  192. package/docs/runbooks/qa-engineer-daily-operations.md +0 -63
  193. package/docs/runbooks/qa-review-conversation-example.md +0 -87
  194. package/docs/runbooks/release-closure-one-page.md +0 -65
  195. package/docs/runbooks/release-governance-reading-path.md +0 -56
  196. package/docs/runbooks/release-notes-automation.md +0 -48
  197. package/docs/runbooks/release-rollback-recovery-walkthrough.md +0 -47
  198. package/docs/runbooks/requirement-clarity-and-scope-walkthrough.md +0 -46
  199. package/docs/runbooks/reviewdog-pr-gates.md +0 -49
  200. package/docs/runbooks/role-prompt-recipes.md +0 -130
  201. package/docs/runbooks/rtk-integration-intake.md +0 -45
  202. package/docs/runbooks/rtk-token-optimization-usage.md +0 -107
  203. package/docs/runbooks/runner-egress-hardening.md +0 -81
  204. package/docs/runbooks/runtime-capabilities-overview.md +0 -113
  205. package/docs/runbooks/sbom-generation-gates.md +0 -71
  206. package/docs/runbooks/scorecard-supply-chain-gates.md +0 -82
  207. package/docs/runbooks/secret-scanning-gates.md +0 -85
  208. package/docs/runbooks/security-compliance-platform-demo-execution-log.md +0 -36
  209. package/docs/runbooks/security-compliance-platform-demo-script.md +0 -49
  210. package/docs/runbooks/security-compliance-platform-walkthrough.md +0 -98
  211. package/docs/runbooks/slsa-generator-patterns.md +0 -73
  212. package/docs/runbooks/slsa-verification-gates.md +0 -75
  213. package/docs/runbooks/solo-delivery-mode.md +0 -142
  214. package/docs/runbooks/solo-delivery-one-page.md +0 -111
  215. package/docs/runbooks/specialist-commands-playbook.md +0 -85
  216. package/docs/runbooks/sub-agent-invocation-map.md +0 -144
  217. package/docs/runbooks/system-architecture-design-walkthrough.md +0 -49
  218. package/docs/runbooks/team-closeout-example.md +0 -73
  219. package/docs/runbooks/team-command-output-contracts.md +0 -358
  220. package/docs/runbooks/team-commands-quick-prompts.md +0 -125
  221. package/docs/runbooks/team-execute-example.md +0 -63
  222. package/docs/runbooks/team-handoff-example.md +0 -49
  223. package/docs/runbooks/team-intake-example.md +0 -70
  224. package/docs/runbooks/team-plan-example.md +0 -62
  225. package/docs/runbooks/team-release-example.md +0 -63
  226. package/docs/runbooks/team-review-example.md +0 -61
  227. package/docs/runbooks/team-skills-test-run.md +0 -184
  228. package/docs/runbooks/team-skills-usage.md +0 -336
  229. package/docs/runbooks/team-training-reading-path.md +0 -64
  230. package/docs/runbooks/tech-lead-closure-conversation-example.md +0 -78
  231. package/docs/runbooks/tech-lead-daily-operations.md +0 -67
  232. package/docs/runbooks/trivy-security-gates.md +0 -79
  233. package/docs/runbooks/troubleshooting.md +0 -234
  234. package/docs/runbooks/vertical-scenario-capability-matrix.md +0 -107
  235. package/docs/runbooks/witness-policy-gates.md +0 -78
  236. package/docs/runbooks/zizmor-workflow-audits.md +0 -81
@@ -1,56 +0,0 @@
1
- ---
2
- version: "0.1.0"
3
- status: draft
4
- created: 2026-03-28
5
- updated: 2026-03-28
6
- owner: 工程团队
7
- ---
8
-
9
- # 发布治理阅读路径
10
-
11
- 本文把发布相关 runbook 串成一条阅读路径,帮助团队按问题类型进入正确文档,而不是在多个发布手册里来回找。
12
-
13
- ## 1. 日常版本发布
14
-
15
- 先看这些:
16
-
17
- - [devops-engineer-daily-operations.md](devops-engineer-daily-operations.md)
18
- - [team-release-example.md](team-release-example.md)
19
- - [canary-staging-release-walkthrough.md](canary-staging-release-walkthrough.md)
20
- - [pre-release-checklist.md](pre-release-checklist.md)
21
- - [canary-decision-matrix.md](canary-decision-matrix.md)
22
-
23
- ## 2. 紧急修复与事故响应
24
-
25
- 先看这些:
26
-
27
- - [hotfix-emergency-release-walkthrough.md](hotfix-emergency-release-walkthrough.md)
28
- - [production-incident-response-walkthrough.md](production-incident-response-walkthrough.md)
29
- - [release-rollback-recovery-walkthrough.md](release-rollback-recovery-walkthrough.md)
30
- - [incident-severity-triage-tree.md](incident-severity-triage-tree.md)
31
- - [post-rollback-verification-checklist.md](post-rollback-verification-checklist.md)
32
-
33
- ## 3. GitLab 或公司扩展参与发布
34
-
35
- 先看这些:
36
-
37
- - [gitlab-manual-pipeline-release.md](gitlab-manual-pipeline-release.md)
38
- - [gitlab-release-integration-playbook.md](gitlab-release-integration-playbook.md)
39
- -
40
- -
41
- - [custom-overlay.md](custom-overlay.md)
42
-
43
- ## 4. 需要附加可观测性
44
-
45
- 先看这些:
46
-
47
- - [langfuse-coding-trace.md](langfuse-coding-trace.md)
48
- - [langfuse-and-observability-integration-guide.md](langfuse-and-observability-integration-guide.md)
49
- -
50
-
51
- ## 5. 不知道先看哪篇时
52
-
53
- - 正常发布:从 [team-release-example.md](team-release-example.md) 开始
54
- - 需要灰度:看 [canary-staging-release-walkthrough.md](canary-staging-release-walkthrough.md)
55
- - 事故或回滚:看 [production-incident-response-walkthrough.md](production-incident-response-walkthrough.md)
56
- - 涉及 GitLab 或 Langfuse:先看对应 runbook,再回到 `/team-release`
@@ -1,48 +0,0 @@
1
- # Release Notes 自动化手册
2
-
3
- 本手册承接 `semantic-release` 与 `release-notes-generator` 的工程实践,用于规范 changelog / release notes 自动生成的接入方式。它是发布说明自动化补充,不替代 `/team-release` 的责任链、放行结论和回滚方案。
4
-
5
- ## 适用场景
6
-
7
- - 团队希望减少手工整理版本说明的成本。
8
- - 仓库已经有较稳定的提交规范、PR 标题规范或版本发布节奏。
9
- - 需要把版本说明、tag、发布记录和变更面更稳定地关联起来。
10
-
11
- ## 先判断采用层级
12
-
13
- 优先顺序建议如下:
14
-
15
- 1. `notes-only`
16
- 只自动生成 release notes / changelog,不自动发版。
17
-
18
- 2. `notes + tag`
19
- 在 notes 稳定后,再接自动打 tag 或创建 release 草稿。
20
-
21
- 3. `full semantic release`
22
- 只有当提交规范、分支策略、发版权限和回滚策略都成熟时,再考虑自动发版。
23
-
24
- ## 推荐落地方式
25
-
26
- 1. 先统一提交或 PR 标题策略,保证版本说明有稳定输入来源。
27
- 2. 第一阶段只生成草稿 release notes,让团队确认分组、噪音和遗漏。
28
- 3. 第二阶段再接 tag / GitHub Release 草稿,仍保留人工放行。
29
- 4. 只有在发布权限、版本规则和回滚链都稳定后,才考虑全自动 semantic release。
30
- 5. 对基础设施变更、手工数据库操作、灰度策略等“代码之外的发布动作”,继续在 [release-plan.md](../../templates/release-plan.md) 和 `/team-release` 中人工补充,不要指望 changelog 自动生成完整发布说明。
31
-
32
- ## 反模式
33
-
34
- - 提交标题混乱,却直接上全自动 semantic release。
35
- - 把版本说明自动化误当成发布流程自动化,忽略人工放行和回滚准备。
36
- - 只记录代码提交,不记录配置、数据迁移、静态资源或手工操作影响。
37
- - 生成的 notes 从未被人使用,却持续增加维护复杂度。
38
-
39
- ## 输出回落
40
-
41
- - 日常发布:将自动生成的 notes 作为 `/team-release` 的补充输入,而不是替代发布方案。
42
- - 对外发布:若创建了 tag / release 草稿,把链接和版本号回写到 handoff 或发布记录。
43
- - 风险沟通:自动生成内容不足以说明风险时,仍由 `devops-engineer` 或 `tech-lead` 手工补充。
44
-
45
- ## 参考来源
46
-
47
- - [semantic-release/semantic-release](https://github.com/semantic-release/semantic-release)
48
- - [semantic-release/release-notes-generator](https://github.com/semantic-release/release-notes-generator)
@@ -1,47 +0,0 @@
1
- ---
2
- version: "0.1.0"
3
- status: draft
4
- created: 2026-03-28
5
- updated: 2026-03-28
6
- owner: 工程团队
7
- ---
8
-
9
- # 发布后回滚与恢复演练
10
-
11
- 本文演示版本发布后发现问题时,如何判断是否回滚、如何验证恢复结果,以及如何把恢复过程记录回主链。
12
-
13
- ## 1. 场景
14
-
15
- - 版本已全量发布
16
- - 监控发现错误率或性能指标异常
17
- - 团队需要在前向修复和回滚之间快速决策
18
-
19
- ## 2. 推荐链路
20
-
21
- 1. `/team-execute`
22
- 2. `/verify`
23
- 3. `/handoff`
24
- 4. `/team-release`
25
-
26
- 如果问题严重,可先走 [production-incident-response-walkthrough.md](production-incident-response-walkthrough.md) 的事故分级。
27
-
28
- ## 3. 关键输出
29
-
30
- - 回滚还是前向修复的判断依据
31
- - 回滚执行步骤
32
- - 恢复后的验证结果
33
- - 后续改进项
34
-
35
- ## 4. 合格结果的检查点
36
-
37
- - 回滚条件事先或当场明确
38
- - 恢复后关键指标恢复正常
39
- - 数据一致性和依赖服务状态被复核
40
-
41
- ## 5. 常见错误
42
-
43
- - 回滚之后不做恢复验证
44
- - 只关注服务状态,不看数据一致性
45
- - 问题消失后不补记录
46
-
47
- 与这些文档配合阅读:[canary-staging-release-walkthrough.md](canary-staging-release-walkthrough.md)、[devops-engineer-daily-operations.md](devops-engineer-daily-operations.md)
@@ -1,46 +0,0 @@
1
- ---
2
- version: "0.1.0"
3
- status: draft
4
- created: 2026-03-28
5
- updated: 2026-03-28
6
- owner: 工程团队
7
- ---
8
-
9
- # 需求澄清与范围管理演练
10
-
11
- 本文演示一个需求从原始诉求到可进入主链的完整澄清过程。目标是避免模糊需求直接进入执行阶段。
12
-
13
- ## 1. 场景
14
-
15
- - 原始诉求:业务方希望“审批列表更好用”
16
- - 问题:目标模糊,范围容易蔓延
17
- - 目标:沉淀成可执行需求和可测验收标准
18
-
19
- ## 2. 推荐链路
20
-
21
- 1. `/team-intake`
22
- 2. `/team-plan`
23
- 3. `/handoff`
24
-
25
- 必要时在 intake 前先由产品经理完成业务澄清,再进入主链。
26
-
27
- ## 3. 关键输出
28
-
29
- - 问题定义
30
- - In Scope / Out of Scope
31
- - 用户故事和验收标准
32
- - 优先级和风险提醒
33
-
34
- ## 4. 合格结果的检查点
35
-
36
- - 研发能看懂目标和边界
37
- - Project Manager 能基于此拆依赖和里程碑
38
- - QA 能据此写出测试点
39
-
40
- ## 5. 常见错误
41
-
42
- - 用模糊形容词代替明确目标
43
- - 只说想要什么,不说不做什么
44
- - 验收标准没有行为或数据依据
45
-
46
- 与这些文档配合阅读:[product-manager-daily-operations.md](product-manager-daily-operations.md)、[project-onboarding.md](project-onboarding.md)
@@ -1,49 +0,0 @@
1
- # Reviewdog PR 门禁手册
2
-
3
- 本手册承接 `reviewdog/reviewdog` 与 `reviewdog/action-eslint` 的工程实践,用于把现有 lint / test / static check 结果安全地暴露到 PR 上。它是 review 自动化的补充手册,不替代本地验证和 `/team-review`。
4
-
5
- ## 适用场景
6
-
7
- - 仓库已经有稳定的 lint、静态检查或测试命令,希望把结果自动贴到 PR。
8
- - 团队希望在 GitHub PR 中直接看到代码级问题,而不是只看 CI 日志。
9
- - 需要逐步建设 PR gate,但不想一上来就把所有检查都做成阻塞项。
10
-
11
- ## 前置条件
12
-
13
- - 已有可重复执行的本地检查命令,例如 `eslint`、`ruff`、`golangci-lint`、`mvn test` 等。
14
- - 团队已经接受这些检查的规则质量,至少不存在大量历史噪音。
15
- - 已明确本次 gate 是 `warning-first` 还是 `blocking`。
16
-
17
- ## 推荐落地方式
18
-
19
- 1. 先把本地检查命令稳定下来,reviewdog 只负责“转译和呈现结果”,不负责定义规则。
20
- 2. 第一阶段只接 1-2 个高信号检查,例如 ESLint、Ruff、格式化或一个稳定的单测集合。
21
- 3. 先用非阻塞模式观察噪音水平,再决定是否升级为阻塞 gate。
22
- 4. 对同一类问题只保留一个权威来源,避免同一错误在 CI summary、PR comment、inline comment 里重复轰炸。
23
- 5. 将 gate 的阻塞策略同步到 `/team-review` 和发布准备说明里,避免“CI 阻塞了但团队不知道这是正式门槛”。
24
-
25
- ## 最小门禁模型
26
-
27
- - `source of truth`:项目原生检查命令
28
- - `annotation layer`:reviewdog 将输出映射到 PR check 或 inline review
29
- - `decision layer`:`/team-review` 与 `tech-lead` 判断问题是否阻塞
30
-
31
- 先把这三层分清,再决定是否扩大自动化范围。
32
-
33
- ## 反模式
34
-
35
- - 还没有稳定规则,就急着把 reviewdog 接成阻塞门禁。
36
- - 把低价值、纯风格或高噪音问题全部推到 PR inline comment。
37
- - 本地与 CI 的命令不一致,导致开发者无法复现 PR 报错。
38
- - 用 reviewdog 替代 code review,本该由 reviewer 判断的设计和行为问题却只看机器结果。
39
-
40
- ## 输出回落
41
-
42
- - PR 阶段:把启用的 gate、阻塞策略和主要发现写入 PR 描述或 review 结论。
43
- - 团队协作:在 `/team-review` 中说明哪些问题来自自动门禁,哪些仍需人工判断。
44
- - 发布前:若某项 gate 属于正式放行门槛,回写到 `/team-release` 的发布检查结果。
45
-
46
- ## 参考来源
47
-
48
- - [reviewdog/reviewdog](https://github.com/reviewdog/reviewdog)
49
- - [reviewdog/action-eslint](https://github.com/reviewdog/action-eslint)
@@ -1,130 +0,0 @@
1
- ---
2
- version: "0.1.0"
3
- status: draft
4
- created: 2026-03-28
5
- updated: 2026-03-28
6
- owner: 工程团队
7
- ---
8
-
9
- # 角色高频提示模板
10
-
11
- 本文把高频角色的常用说法收成一页,适合在 Claude 或 Codex 里直接复制。它不替代主链命令规范,而是帮你更快拿到接近可执行产物的输出。
12
-
13
- 如果你想先看当前公开命令和能力映射,先读 [command-and-capability-matrix.md](command-and-capability-matrix.md)。如果你关心 memory、observe、budget、compact、instinct 这些后台机制,再读 [runtime-capabilities-overview.md](runtime-capabilities-overview.md)。
14
-
15
- ## 1. Tech Lead 起手模板
16
-
17
- ```text
18
- 请以 tech-lead 视角处理当前任务。
19
- 先执行 /team-intake,输出:目标、范围外事项、参与角色、主要风险、是否命中 overlay 候选项、下一步建议。
20
-
21
- 任务背景:
22
- - 目标:
23
- - 范围:
24
- - 不做:
25
- - 约束:
26
- ```
27
-
28
- 适用场景:任务刚进入平台,还没有统一边界。
29
-
30
- ## 2. Tech Lead 收口模板
31
-
32
- ```text
33
- 基于当前 intake、plan、specialist 和 handoff 结果,请以 tech-lead 视角收口。
34
- 输出必须包含:已确认结论、未决问题、阻塞风险、非阻塞风险、下一步命令建议。
35
- 如果 specialist 已参与,请说明哪些结论已经回收到主链,哪些还没有。
36
- ```
37
-
38
- 适用场景:并行分析很多,但没有统一收口时。
39
-
40
- ## 3. Product Manager 澄清模板
41
-
42
- ```text
43
- 请以 product-manager 视角整理当前需求。
44
- 输出:业务目标、核心用户场景、In Scope、Out of Scope、验收标准、待确认事项。
45
- 最后补一段:这些内容怎样进入 /team-intake。
46
- ```
47
-
48
- 适用场景:需求描述还是业务语言,尚未转成主链输入时。
49
-
50
- ## 4. Project Manager 计划模板
51
-
52
- ```text
53
- 请以 project-manager 视角拆当前任务。
54
- 输出:里程碑、关键依赖、角色协作顺序、风险、升级条件。
55
- 如果存在并行开发,请说明哪些 handoff 必须提前约定。
56
- ```
57
-
58
- 适用场景:任务不只是“能不能做”,而是“怎么稳妥推进”时。
59
-
60
- ## 5. Architect 方案模板
61
-
62
- ```text
63
- 请以 architect 视角处理当前任务。
64
- 输出:系统边界、接口契约、数据约束、主要技术风险、是否需要 custom overlay。
65
- 如果需要 custom overlay,请区分候选项和正式启用项。
66
- ```
67
-
68
- 适用场景:涉及接口、数据边界、流程引擎或权限中心时。
69
-
70
- ## 6. QA 放行模板
71
-
72
- ```text
73
- 请以 qa-engineer 视角给出当前任务的测试结论。
74
- 输出:测试范围、已验证项、阻塞项、非阻塞风险、放行建议、上线后观察建议。
75
- 如果存在 custom overlay 或发布扩展,请说明是否需要额外验证证据。
76
- ```
77
-
78
- 适用场景:研发已交付,需要形成明确的 review 结论时。
79
-
80
- ## 7. DevOps 发布模板
81
-
82
- ```text
83
- 请以 devops-engineer 视角执行 /team-release。
84
- 输出:发布方案、观察窗口、核心指标、回滚条件、回滚步骤、责任链。
85
- 如果 GitLab 手动流水线或 Langfuse 追踪只作为 runbook 补充,而不是正式 custom overlay,也请明确写出。
86
- ```
87
-
88
- 适用场景:发布阶段最容易漏写企业扩展和观察窗口时。
89
-
90
- ## 8. Review 重新收口模板
91
-
92
- ```text
93
- 请基于当前 handoff、自测和专项分析结果,生成一次正式 /team-review 输出。
94
- 要求区分:
95
- - 可以放行的依据
96
- - 必须阻塞的问题
97
- - 上线后继续观察的问题
98
- - overlay、runbook、toolkit 的执行记录是否需要进入结论
99
- ```
100
-
101
- 适用场景:信息很多,但你需要一份正式评审结论时。
102
-
103
- ## 9. Tech Lead 测试先行模板
104
-
105
- ```text
106
- 请以 tech-lead 视角衔接当前计划结果。
107
- 基于已有 /team-plan 输出,先整理进入 /tdd 所需的最小上下文。
108
- 输出必须包含:功能目标、边界行为、测试优先级、实现前置条件、完成后如何回收到 /team-execute 或 /handoff。
109
- ```
110
-
111
- 适用场景:任务已经拆清,但你希望先锁定 red-green-refactor 路径,而不是直接进入实现。
112
-
113
- ## 10. 平台能力体检模板
114
-
115
- ```text
116
- 请以 tech-lead 视角执行一次 /harness-audit。
117
- 重点审视:命令覆盖、skills 完整度、hooks 有效性、文档同步情况、集成深度。
118
- 输出必须包含:高风险缺口、可延后问题、建议优先级、哪些结论需要回写到 README / runbooks / examples。
119
- ```
120
-
121
- 适用场景:刚新增了命令、skills、hooks、规则或安装入口,想快速确认平台文档和能力面是否同步。
122
-
123
- ## 11. 常见错误
124
-
125
- - 只指定角色,不说明希望输出什么结构
126
- - 没有要求把 specialist 结论回收到主链
127
- - 已经适合用 `/tdd` 或 `/harness-audit`,却还只写笼统的“帮我分析一下”
128
- - 在 architect、qa、devops 场景里把 overlay、runbook、toolkit 的角色写混
129
-
130
- 如果你想看更偏 Claude 的完整说法,继续看 [claude-conversation-prompt-recipes.md](claude-conversation-prompt-recipes.md);如果你想看更偏 Codex 的并行说法,继续看 [codex-parallel-prompt-recipes.md](codex-parallel-prompt-recipes.md)。
@@ -1,45 +0,0 @@
1
- # External Capability Intake: rtk (Rust Token Killer)
2
-
3
- ## Intake Card
4
-
5
- | Field | Value |
6
- |-------|-------|
7
- | source_name | rtk (Rust Token Killer) |
8
- | source_url | https://github.com/rtk-ai/rtk |
9
- | license | Apache-2.0 |
10
- | trust_tier | B-proven-community |
11
- | maintenance_signal | Active (frequent releases, Homebrew formula, 10+ AI tool integrations) |
12
- | portability | claude + cursor (hook-based); codex/opencode (instruction-based) |
13
- | import_mode | adapt-into-local-skill |
14
- | target_layer | hooks + skills |
15
- | status | approved |
16
-
17
- ## What It Does
18
-
19
- High-performance Rust CLI proxy that intercepts shell command output and compresses it before it reaches the LLM context. Reduces token consumption by 60-90% across 100+ common dev commands.
20
-
21
- ## Why Integrate
22
-
23
- - Direct cost reduction: 60-90% fewer tokens per Bash command
24
- - Zero workflow change: transparent hook rewrite
25
- - Broad coverage: git, gh, cargo, npm, docker, kubectl, aws, test runners, linters
26
- - Already supports Claude Code via PreToolUse hook
27
-
28
- ## Integration Approach
29
-
30
- - **Adapted hook** (`hooks/rtk-rewrite.sh`): modified from upstream to NOT auto-allow, preserving harness safety hook chain
31
- - **Skill** (`skills/rtk-token-optimization/`): documents capabilities, commands, and savings estimates
32
- - **Install module** (`rtk-optimization`): registered in manifests, included in `full` and `team` profiles
33
- - **Post-install check** (`bin/lib/post-install-rtk.js`): detects rtk/jq availability, prints install instructions
34
-
35
- ## Risk Assessment
36
-
37
- - Low risk: hook silently skips if rtk/jq not installed
38
- - No binary bundling: rtk installed separately via Homebrew/curl
39
- - No upstream code copied: only adapted hook script and documentation
40
- - Apache-2.0 license: fully compatible with MIT
41
-
42
- ## Approval
43
-
44
- - Approved for integration into `hooks` + `skills` layers
45
- - Not bundled as binary (unlike oris-claude-bridge) — external dependency
@@ -1,107 +0,0 @@
1
- # RTK Token Optimization — Usage Guide
2
-
3
- ## Overview
4
-
5
- [rtk](https://github.com/rtk-ai/rtk) is a high-performance CLI proxy that reduces LLM token consumption by 60-90% on common dev commands. It's integrated into the harness via a PreToolUse:Bash hook that transparently rewrites shell commands.
6
-
7
- ## Prerequisites
8
-
9
- ```bash
10
- # macOS (recommended)
11
- brew install rtk
12
-
13
- # Linux / macOS alternative
14
- curl -fsSL https://raw.githubusercontent.com/rtk-ai/rtk/refs/heads/master/install.sh | sh
15
-
16
- # Cargo
17
- cargo install --git https://github.com/rtk-ai/rtk
18
- ```
19
-
20
- Also requires `jq` for the hook script:
21
- ```bash
22
- brew install jq # macOS
23
- apt install jq # Debian/Ubuntu
24
- ```
25
-
26
- ## How It Works
27
-
28
- After harness installation (`install-apply.js --profile full`), the `pre:bash:rtk-rewrite` hook is registered in `hooks.json`. When Claude Code executes any Bash command:
29
-
30
- 1. The hook captures the command text
31
- 2. Calls `rtk rewrite "<command>"` to check for an optimized version
32
- 3. If found, rewrites the command (e.g., `git status` → `rtk git status`)
33
- 4. The rewritten command produces compressed output, saving 60-90% tokens
34
- 5. Other safety hooks (block-no-verify, commit-quality) still execute normally
35
-
36
- ## Token Savings Estimate (30-min Session)
37
-
38
- | Operation | Standard Tokens | With rtk | Savings |
39
- |-----------|----------------|----------|---------|
40
- | ls / tree (10x) | 2,000 | 400 | -80% |
41
- | cat / read (20x) | 40,000 | 12,000 | -70% |
42
- | git status/diff/log (20x) | 15,500 | 3,600 | -77% |
43
- | cargo/npm test (5x) | 25,000 | 2,500 | -90% |
44
- | **Total** | **~118,000** | **~23,900** | **-80%** |
45
-
46
- ## Analytics
47
-
48
- ```bash
49
- rtk gain # Summary stats
50
- rtk gain --graph # ASCII graph (last 30 days)
51
- rtk gain --daily # Day-by-day breakdown
52
- rtk discover # Find missed savings opportunities
53
- rtk session # Show adoption across recent sessions
54
- ```
55
-
56
- ## Configuration
57
-
58
- RTK config: `~/.config/rtk/config.toml` (macOS: `~/Library/Application Support/rtk/config.toml`)
59
-
60
- ```toml
61
- [hooks]
62
- exclude_commands = ["curl", "playwright"] # skip rewrite for these
63
-
64
- [tee]
65
- enabled = true # save raw output on failure
66
- mode = "failures" # "failures", "always", or "never"
67
- max_files = 20 # rotation limit
68
- ```
69
-
70
- ## Hook Coexistence
71
-
72
- The harness rtk hook is **adapted** from the upstream version:
73
-
74
- - Does NOT return `permissionDecision: allow` (upstream does)
75
- - This ensures safety hooks (block-no-verify, commit-quality, prompt-guard) still execute
76
- - Placed near the end of the PreToolUse:Bash chain, after all safety checks
77
- - If rtk or jq is not installed, the hook silently exits (zero impact)
78
-
79
- ## Tee: Full Output Recovery
80
-
81
- When a command fails, rtk saves the full unfiltered output:
82
- ```
83
- FAILED: 2/15 tests
84
- [full output: ~/.local/share/rtk/tee/1707753600_cargo_test.log]
85
- ```
86
-
87
- ## Scope Limitations
88
-
89
- The hook only applies to **Bash tool calls**. Claude Code built-in tools (`Read`, `Grep`, `Glob`) bypass the hook. To get RTK filtering for those workflows, use shell commands (`cat`, `rg`, `find`) or call `rtk read`, `rtk grep`, `rtk find` directly.
90
-
91
- ## Troubleshooting
92
-
93
- | Issue | Fix |
94
- |-------|-----|
95
- | `rtk` not found | Run `brew install rtk` or check PATH |
96
- | `jq` not found | Run `brew install jq` |
97
- | Hook not firing | Check `rtk init --show` and verify hooks.json has `pre:bash:rtk-rewrite` |
98
- | Wrong rtk package | `rtk gain` should work; if not, uninstall and use `cargo install --git https://github.com/rtk-ai/rtk` |
99
- | Conflicts with safety hooks | The adapted hook does not auto-allow; if issues persist, disable with hook flags |
100
-
101
- ## References
102
-
103
- - [rtk GitHub](https://github.com/rtk-ai/rtk)
104
- - [rtk Troubleshooting](https://github.com/rtk-ai/rtk/blob/master/docs/TROUBLESHOOTING.md)
105
- - [rtk Architecture](https://github.com/rtk-ai/rtk/blob/master/docs/contributing/ARCHITECTURE.md)
106
- - Skill definition: `skills/rtk-token-optimization/SKILL.md`
107
- - Hook: `hooks/rtk-rewrite.sh`
@@ -1,81 +0,0 @@
1
- # Runner Egress Hardening 手册
2
-
3
- 本手册承接 `step-security/harden-runner` 的工程实践,用于把 GitHub Actions runner 的出站网络控制、实时监测和告警纳入供应链治理链。它补的是“runner 在执行 workflow 时能访问什么、实际访问了什么、异常访问如何被发现”这一层,不替代 `scorecard-supply-chain-gates`、`artifact-attestation-gates`、`slsa-verification-gates`、`trivy-security-gates` 或人工发布判断。
4
-
5
- ## 适用场景
6
-
7
- - 仓库大量依赖 GitHub Actions 执行构建、测试、打包或发布。
8
- - 团队希望限制 runner 的出站访问面,减少被恶意 workflow、依赖投毒或意外脚本带出凭据的风险。
9
- - 需要把 runner 的 runtime egress 行为纳入审计,并在异常访问、未知域名或可疑连接出现时及时发现。
10
- - 仓库已经有仓库级供应链基线检查,但还缺“runner 运行时层”的硬化与监测。
11
-
12
- ## 不适用场景
13
-
14
- - 仓库没有 GitHub Actions,或 runner 不在团队控制范围内。
15
- - 团队还没有整理清楚 workflow 需要访问的外部域名、包仓库、镜像仓库和发布端点。
16
- - 期望 runner egress hardening 替代 Scorecard、依赖门禁、代码扫描或制品证明链。
17
- - 团队没有人负责维护 allowlist、例外流程和告警 triage。
18
-
19
- ## 推荐落地方式
20
-
21
- 1. 先把 runner egress hardening 看成“执行时防线”,不要一开始就把它设成全集仓库硬门禁。
22
- 2. 第一阶段先收窄到少量关键 workflow:
23
- - 构建与发布 workflow
24
- - 访问私有包仓库或制品仓库的 workflow
25
- - 处理敏感凭据、签名或 provenance 的 workflow
26
- 3. 先建立 egress 基线:
27
- - runner 必须访问哪些固定域名
28
- - 哪些第三方服务必须显式放行
29
- - 哪些连接应当被默认拒绝
30
- 4. 将 runner egress hardening 与现有链路分层:
31
- - `scorecard-supply-chain-gates` 负责仓库、workflow、token 权限和 action pinning 的静态基线
32
- - `dependency-review-gates` 负责依赖漏洞与许可证变化
33
- - `codeql-pr-security-gates` 负责代码级语义问题
34
- - `runner-egress-hardening` 负责 workflow 运行时的出站访问控制与监测
35
- 5. 先从“观察模式”或“少量 workflow 强化”开始,再逐步收紧 allowlist。
36
- 6. 结果必须回写到 `/team-review`、`/team-release` 或仓库治理记录,不让 runner 告警只停在 action 日志里。
37
-
38
- ## 最小门禁模型
39
-
40
- - `workflow layer`:被硬化的 GitHub Actions workflow 与 job
41
- - `egress layer`:允许或拒绝的出站域名、IP、协议和端点
42
- - `monitoring layer`:runner 运行时捕获到的访问事件、命中规则和告警
43
- - `decision layer`:安全评审角色、`devops-engineer`、`tech-lead` 决定异常 egress 是否阻塞发布或需要治理
44
-
45
- 重点不是“装了一个 runner wrapper”,而是 runner 的实际访问行为能够被解释、审计和回放。
46
-
47
- ## 重点检查项
48
-
49
- - workflow 是否明确列出必须访问的外部服务,而不是默认放开全网
50
- - allowlist 是否覆盖包仓库、镜像仓库、签名/证明服务和必要的 API 端点
51
- - 是否能区分“预期访问”和“异常访问”,避免大量误报淹没告警
52
- - secret、token 或构建凭据是否会在 runner 运行时被意外外带
53
- - 当新 workflow 或新依赖加入时,allowlist 是否同步更新,而不是长期漂移
54
-
55
- ## 反模式
56
-
57
- - 只把 hardening 当成一个装饰性 action,实际上没有真正限制 egress。
58
- - allowlist 写得过宽,最后等于没有硬化。
59
- - 发现异常连接后只看一次性告警,没有 triage、回退和例外处理。
60
- - 把 runner egress hardening 当成 Scorecard 的替代品,而忽略它只是运行时防线。
61
- - 只在生产发布 workflow 上启用,开发和测试 workflow 完全不管,导致基线不一致。
62
-
63
- ## 输出回落
64
-
65
- - PR 阶段:把新增的外部访问面、allowlist 变化和异常 egress 结论写入 review 摘要。
66
- - 团队协作:在 `/team-review` 中说明哪些访问是预期的,哪些是需要治理或阻塞的异常。
67
- - 发布阶段:若 runner egress 出现高风险异常或 allowlist 未收敛,必须回写到 `/team-release` 的风险、放行结论或后续观察项。
68
- - 治理阶段:把长期保留的例外、第三方端点和网络依赖沉淀到 runbook 或治理待办中。
69
-
70
- ## 许可证与使用边界
71
-
72
- - `step-security/harden-runner` 采用 Apache-2.0。
73
- - 启用前应确认 GitHub Actions 使用方式、runner 类型、网络出口控制能力和告警 triage 人力。
74
- - 若团队尚未有 `scorecard-supply-chain-gates`、`dependency-review-gates` 等基础门禁,runner egress hardening 应先作为补充防线,而不是唯一安全控制。
75
-
76
- ## 参考来源
77
-
78
- - [step-security/harden-runner](https://github.com/step-security/harden-runner)
79
- - [scorecard-supply-chain-gates.md](scorecard-supply-chain-gates.md)
80
- - [dependency-review-gates.md](dependency-review-gates.md)
81
- - [codeql-pr-security-gates.md](codeql-pr-security-gates.md)