@colin4k1024/tsp 2.4.5 → 2.4.6
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +16 -20
- package/bin/lib/install-surface.js +3 -3
- package/bin/lib/source-installer.js +2 -2
- package/commands/team-help.md +2 -2
- package/commands/team-plan.md +1 -1
- package/commands/update-codemaps.md +3 -3
- package/manifests/install-components.json +1 -1
- package/manifests/install-modules.json +17 -3
- package/manifests/install-profiles.json +2 -0
- package/package.json +6 -3
- package/schemas/ecc-install-config.schema.json +6 -1
- package/schemas/install-modules.schema.json +4 -1
- package/scripts/codegraph-preflight.js +179 -0
- package/scripts/gitnexus-preflight.js +8 -0
- package/scripts/install-apply.js +10 -8
- package/scripts/install-codegraph.js +158 -0
- package/scripts/install-plan.js +28 -11
- package/scripts/lib/install/apply.js +256 -5
- package/scripts/lib/install/request.js +3 -2
- package/scripts/lib/install-audit-manifest.js +3 -0
- package/scripts/lib/install-executor.js +14 -5
- package/scripts/lib/install-lifecycle.js +2 -2
- package/scripts/lib/install-manifests.js +23 -4
- package/scripts/lib/install-targets/codex-home.js +187 -1
- package/scripts/lib/install-targets/opencode-home.js +135 -2
- package/scripts/lib/install-targets/registry.js +23 -1
- package/scripts/lib/release-health.js +19 -4
- package/scripts/lib/team-skills-data.json +6 -6
- package/scripts/release-health-summary.js +1 -1
- package/scripts/workflow-help.js +3 -3
- package/skills/codegraph/SKILL.md +57 -0
- package/skills/codegraph/agents/openai.yaml +4 -0
- package/docs/.vitepress/config.mts +0 -199
- package/docs/adr/ADR-001-doc-architecture-integration.md +0 -33
- package/docs/guides/README.md +0 -5
- package/docs/guides/installation.md +0 -33
- package/docs/guides/user-guide.md +0 -36
- package/docs/index.md +0 -65
- package/docs/memory/backlog.md +0 -10
- package/docs/memory/decisions.md +0 -43
- package/docs/memory/lessons-learned.md +0 -87
- package/docs/plans/2026-04-03-python-remnants-audit.md +0 -265
- package/docs/plans/2026-04-03-scripts-python-to-js-migration.md +0 -372
- package/docs/plans/2026-04-03-solo-delivery-execution-checklist.md +0 -413
- package/docs/plans/2026-04-03-solo-delivery-gap-plan.md +0 -377
- package/docs/plans/2026-04-03-team-skills-workflow-gates.md +0 -548
- package/docs/plans/2026-04-21-open-source-readiness-gap-plan.md +0 -217
- package/docs/plans/llm-surface-reduction-audit.md +0 -147
- package/docs/plans/llm-surface-reduction-execution-checklist.md +0 -217
- package/docs/plans/llm-surface-reduction-execution-history.md +0 -124
- package/docs/plans/team-skills-platform-migration.md +0 -54
- package/docs/presentation/README.md +0 -42
- package/docs/presentation/audience-presentation-route-map.md +0 -84
- package/docs/presentation/executive-briefing-talk-track.md +0 -50
- package/docs/presentation/generate_capability_matrix.py +0 -396
- package/docs/presentation/generate_ppt.py +0 -354
- package/docs/presentation/implementation-onboarding-brief.md +0 -38
- package/docs/presentation/presentation-talk-track.md +0 -97
- package/docs/presentation/vertical-scenario-route-map.md +0 -99
- package/docs/presentation/workshop-facilitator-guide.md +0 -47
- package/docs/runbooks/actionlint-workflow-gates.md +0 -80
- package/docs/runbooks/agent-governance.md +0 -131
- package/docs/runbooks/ai-eval-platform-demo-execution-log.md +0 -147
- package/docs/runbooks/ai-eval-platform-demo-script.md +0 -136
- package/docs/runbooks/ai-eval-platform-walkthrough.md +0 -113
- package/docs/runbooks/ai-pr-review-automation.md +0 -56
- package/docs/runbooks/api-breaking-change-gates.md +0 -58
- package/docs/runbooks/api-design-evolution-walkthrough.md +0 -42
- package/docs/runbooks/api-lint-gates.md +0 -57
- package/docs/runbooks/api-mocking-strategy-and-lifecycle-guide.md +0 -47
- package/docs/runbooks/architect-daily-operations.md +0 -63
- package/docs/runbooks/architect-design-conversation-example.md +0 -83
- package/docs/runbooks/artifact-attestation-gates.md +0 -75
- package/docs/runbooks/artifact-persistence.md +0 -257
- package/docs/runbooks/backend-engineer-daily-operations.md +0 -63
- package/docs/runbooks/batch-optimization-completion-checklist.md +0 -104
- package/docs/runbooks/biz-service-designer-end-to-end-conversation-example.md +0 -5
- package/docs/runbooks/biz-service-designer-toolkit.md +0 -5
- package/docs/runbooks/bug-fix-complete-walkthrough.md +0 -60
- package/docs/runbooks/build-failure-recovery-walkthrough.md +0 -40
- package/docs/runbooks/canary-decision-matrix.md +0 -41
- package/docs/runbooks/canary-staging-release-walkthrough.md +0 -46
- package/docs/runbooks/checkov-iac-gates.md +0 -104
- package/docs/runbooks/claude-code-review-workflow.md +0 -72
- package/docs/runbooks/claude-conversation-prompt-recipes.md +0 -132
- package/docs/runbooks/claude-end-to-end-conversation-example.md +0 -198
- package/docs/runbooks/claude-feature-development-guide.md +0 -112
- package/docs/runbooks/claude-quick-start.md +0 -227
- package/docs/runbooks/claude-usage-scenarios.md +0 -176
- package/docs/runbooks/code-review-collaboration-walkthrough.md +0 -65
- package/docs/runbooks/codeql-pr-security-gates.md +0 -64
- package/docs/runbooks/codex-end-to-end-conversation-example.md +0 -166
- package/docs/runbooks/codex-multi-agent-orchestration.md +0 -65
- package/docs/runbooks/codex-parallel-prompt-recipes.md +0 -131
- package/docs/runbooks/codex-quick-start.md +0 -223
- package/docs/runbooks/codex-usage-scenarios.md +0 -168
- package/docs/runbooks/codex-workflow-essentials.md +0 -88
- package/docs/runbooks/command-and-capability-matrix.md +0 -162
- package/docs/runbooks/conftest-policy-gates.md +0 -84
- package/docs/runbooks/consumer-driven-contract-testing-with-mock-alignment.md +0 -45
- package/docs/runbooks/contract-testing-playbook.md +0 -78
- package/docs/runbooks/cosign-signing-gates.md +0 -71
- package/docs/runbooks/cross-role-issue-triage-walkthrough.md +0 -47
- package/docs/runbooks/cursor-quick-start.md +0 -123
- package/docs/runbooks/custom-overlay.md +0 -115
- package/docs/runbooks/data-ml-pipeline-demo-execution-log.md +0 -141
- package/docs/runbooks/data-ml-pipeline-demo-script.md +0 -102
- package/docs/runbooks/data-ml-pipeline-walkthrough.md +0 -119
- package/docs/runbooks/data-observability-quality-demo-execution-log.md +0 -36
- package/docs/runbooks/data-observability-quality-demo-script.md +0 -42
- package/docs/runbooks/data-observability-quality-walkthrough.md +0 -86
- package/docs/runbooks/demo-deliverables-overview.md +0 -278
- package/docs/runbooks/demo-execution-log.md +0 -530
- package/docs/runbooks/demo-scenario.md +0 -129
- package/docs/runbooks/dependency-review-gates.md +0 -63
- package/docs/runbooks/dependency-update-automation.md +0 -83
- package/docs/runbooks/design-md-workflow.md +0 -185
- package/docs/runbooks/devops-engineer-daily-operations.md +0 -60
- package/docs/runbooks/devops-release-conversation-example.md +0 -88
- package/docs/runbooks/doc-architecture-integration.md +0 -59
- package/docs/runbooks/doc-architecture-quick-start.md +0 -122
- package/docs/runbooks/document-execution-audit.md +0 -32
- package/docs/runbooks/documentation-update-walkthrough.md +0 -37
- package/docs/runbooks/ecc-harness-usage.md +0 -93
- package/docs/runbooks/error-experience-usage.md +0 -116
- package/docs/runbooks/evolution-usage.md +0 -162
- package/docs/runbooks/executive-value-one-page.md +0 -55
- package/docs/runbooks/external-capability-approval-and-enablement-workflow.md +0 -39
- package/docs/runbooks/external-capability-intake.md +0 -160
- package/docs/runbooks/first-team-command-60-seconds.md +0 -96
- package/docs/runbooks/first-team-workflow-walkthrough.md +0 -245
- package/docs/runbooks/frontend-backend-integration-acceptance-checklist.md +0 -46
- package/docs/runbooks/frontend-backend-parallel-integration-walkthrough.md +0 -48
- package/docs/runbooks/frontend-bugfix-one-page.md +0 -82
- package/docs/runbooks/frontend-engineer-daily-operations.md +0 -60
- package/docs/runbooks/frontend-enterprise-style-profile.md +0 -5
- package/docs/runbooks/frontend-governance.md +0 -47
- package/docs/runbooks/frontend-refactor-walkthrough.md +0 -42
- package/docs/runbooks/git-pr-workflow.md +0 -63
- package/docs/runbooks/github-actions-supply-chain-demo-execution-log.md +0 -158
- package/docs/runbooks/github-actions-supply-chain-demo-script.md +0 -150
- package/docs/runbooks/github-actions-supply-chain-walkthrough.md +0 -117
- package/docs/runbooks/github-token-permissions-baseline.md +0 -92
- package/docs/runbooks/gitlab-manual-pipeline-release.md +0 -5
- package/docs/runbooks/gitlab-release-integration-playbook.md +0 -5
- package/docs/runbooks/gitnexus-code-intelligence-usage.md +0 -133
- package/docs/runbooks/graphify-knowledge-graph-usage.md +0 -88
- package/docs/runbooks/handoff-filling-guide-with-examples.md +0 -70
- package/docs/runbooks/handoff-governance.md +0 -250
- package/docs/runbooks/helm-unittest-playbook.md +0 -101
- package/docs/runbooks/hotfix-emergency-release-walkthrough.md +0 -60
- package/docs/runbooks/iac-kubernetes-platform-demo-execution-log.md +0 -144
- package/docs/runbooks/iac-kubernetes-platform-demo-script.md +0 -130
- package/docs/runbooks/iac-kubernetes-platform-walkthrough.md +0 -120
- package/docs/runbooks/implementation-onboarding-reading-path.md +0 -67
- package/docs/runbooks/in-toto-attestation-framework.md +0 -94
- package/docs/runbooks/incident-severity-triage-tree.md +0 -43
- package/docs/runbooks/incident-triage-one-page.md +0 -65
- package/docs/runbooks/internal-developer-platform-demo-execution-log.md +0 -36
- package/docs/runbooks/internal-developer-platform-demo-script.md +0 -42
- package/docs/runbooks/internal-developer-platform-walkthrough.md +0 -91
- package/docs/runbooks/karpathy-guidelines-usage.md +0 -27
- package/docs/runbooks/kubeconform-schema-gates.md +0 -100
- package/docs/runbooks/kubectl-server-dry-run-gates.md +0 -103
- package/docs/runbooks/kyverno-policy-gates.md +0 -90
- package/docs/runbooks/langfuse-and-observability-integration-guide.md +0 -43
- package/docs/runbooks/langfuse-coding-trace.md +0 -44
- package/docs/runbooks/mobile-miniapp-delivery-walkthrough.md +0 -112
- package/docs/runbooks/mobile-miniapp-demo-execution-log.md +0 -139
- package/docs/runbooks/mobile-miniapp-demo-script.md +0 -129
- package/docs/runbooks/multi-service-backend-integration-walkthrough.md +0 -61
- package/docs/runbooks/open-design-integration.md +0 -163
- package/docs/runbooks/open-source-release-checklist.md +0 -90
- package/docs/runbooks/opencode-quick-start.md +0 -128
- package/docs/runbooks/parallel-development-coordination-walkthrough.md +0 -47
- package/docs/runbooks/parallel-execution-usage.md +0 -179
- package/docs/runbooks/platform-capability-demo-execution-log.md +0 -184
- package/docs/runbooks/platform-capability-demo-script.md +0 -192
- package/docs/runbooks/plugin-extension-platform-demo-execution-log.md +0 -136
- package/docs/runbooks/plugin-extension-platform-demo-script.md +0 -102
- package/docs/runbooks/plugin-extension-platform-walkthrough.md +0 -111
- package/docs/runbooks/policy-controller-gates.md +0 -75
- package/docs/runbooks/post-rollback-verification-checklist.md +0 -37
- package/docs/runbooks/pre-release-checklist.md +0 -50
- package/docs/runbooks/product-manager-clarification-conversation-example.md +0 -90
- package/docs/runbooks/product-manager-daily-operations.md +0 -60
- package/docs/runbooks/production-incident-response-walkthrough.md +0 -50
- package/docs/runbooks/project-claude-design-rationale.md +0 -188
- package/docs/runbooks/project-manager-daily-operations.md +0 -61
- package/docs/runbooks/project-manager-planning-conversation-example.md +0 -82
- package/docs/runbooks/project-onboarding.md +0 -452
- package/docs/runbooks/qa-engineer-daily-operations.md +0 -63
- package/docs/runbooks/qa-review-conversation-example.md +0 -87
- package/docs/runbooks/release-closure-one-page.md +0 -65
- package/docs/runbooks/release-governance-reading-path.md +0 -56
- package/docs/runbooks/release-notes-automation.md +0 -48
- package/docs/runbooks/release-rollback-recovery-walkthrough.md +0 -47
- package/docs/runbooks/requirement-clarity-and-scope-walkthrough.md +0 -46
- package/docs/runbooks/reviewdog-pr-gates.md +0 -49
- package/docs/runbooks/role-prompt-recipes.md +0 -130
- package/docs/runbooks/rtk-integration-intake.md +0 -45
- package/docs/runbooks/rtk-token-optimization-usage.md +0 -107
- package/docs/runbooks/runner-egress-hardening.md +0 -81
- package/docs/runbooks/runtime-capabilities-overview.md +0 -113
- package/docs/runbooks/sbom-generation-gates.md +0 -71
- package/docs/runbooks/scorecard-supply-chain-gates.md +0 -82
- package/docs/runbooks/secret-scanning-gates.md +0 -85
- package/docs/runbooks/security-compliance-platform-demo-execution-log.md +0 -36
- package/docs/runbooks/security-compliance-platform-demo-script.md +0 -49
- package/docs/runbooks/security-compliance-platform-walkthrough.md +0 -98
- package/docs/runbooks/slsa-generator-patterns.md +0 -73
- package/docs/runbooks/slsa-verification-gates.md +0 -75
- package/docs/runbooks/solo-delivery-mode.md +0 -142
- package/docs/runbooks/solo-delivery-one-page.md +0 -111
- package/docs/runbooks/specialist-commands-playbook.md +0 -85
- package/docs/runbooks/sub-agent-invocation-map.md +0 -144
- package/docs/runbooks/system-architecture-design-walkthrough.md +0 -49
- package/docs/runbooks/team-closeout-example.md +0 -73
- package/docs/runbooks/team-command-output-contracts.md +0 -358
- package/docs/runbooks/team-commands-quick-prompts.md +0 -125
- package/docs/runbooks/team-execute-example.md +0 -63
- package/docs/runbooks/team-handoff-example.md +0 -49
- package/docs/runbooks/team-intake-example.md +0 -70
- package/docs/runbooks/team-plan-example.md +0 -62
- package/docs/runbooks/team-release-example.md +0 -63
- package/docs/runbooks/team-review-example.md +0 -61
- package/docs/runbooks/team-skills-test-run.md +0 -184
- package/docs/runbooks/team-skills-usage.md +0 -336
- package/docs/runbooks/team-training-reading-path.md +0 -64
- package/docs/runbooks/tech-lead-closure-conversation-example.md +0 -78
- package/docs/runbooks/tech-lead-daily-operations.md +0 -67
- package/docs/runbooks/trivy-security-gates.md +0 -79
- package/docs/runbooks/troubleshooting.md +0 -234
- package/docs/runbooks/vertical-scenario-capability-matrix.md +0 -107
- package/docs/runbooks/witness-policy-gates.md +0 -78
- package/docs/runbooks/zizmor-workflow-audits.md +0 -81
|
@@ -1,227 +0,0 @@
|
|
|
1
|
-
---
|
|
2
|
-
version: "2.3.0"
|
|
3
|
-
status: draft
|
|
4
|
-
created: 2026-03-28
|
|
5
|
-
updated: 2026-04-18
|
|
6
|
-
owner: 工程团队
|
|
7
|
-
doc_tier: entry
|
|
8
|
-
last_verified: 2026-04-18
|
|
9
|
-
source_of_truth:
|
|
10
|
-
- ../../README.md
|
|
11
|
-
- ../../AGENTS.md
|
|
12
|
-
- ./team-skills-usage.md
|
|
13
|
-
---
|
|
14
|
-
|
|
15
|
-
# Claude 快速上手
|
|
16
|
-
|
|
17
|
-
本文面向第一次把 Team Skills Platform 安装到 Claude 的使用者,目标是在 5 到 10 分钟内跑通第一个可工作的主链示例,并知道新增的 specialist 与 runtime 能力该从哪里开始体验。
|
|
18
|
-
|
|
19
|
-
## 1. 安装
|
|
20
|
-
|
|
21
|
-
```bash
|
|
22
|
-
node scripts/build-platform-artifacts.js
|
|
23
|
-
CLAUDE_HOME_DIR="$HOME/.claude" ./scripts/install-claude.sh
|
|
24
|
-
```
|
|
25
|
-
|
|
26
|
-
安装脚本会做两件事:
|
|
27
|
-
|
|
28
|
-
- 把完整插件目录复制到 `~/.claude/plugins/team-skills-platform/`
|
|
29
|
-
- 把 `skills/`、`agents/`、`commands/`、`rules/`、`templates/`、`examples/` 等同步到 `~/.claude/` 下的对应目录
|
|
30
|
-
|
|
31
|
-
## 2. 校验安装是否成功
|
|
32
|
-
|
|
33
|
-
至少确认以下文件存在:
|
|
34
|
-
|
|
35
|
-
- `~/.claude/commands/team-help.md`
|
|
36
|
-
- `~/.claude/agents/roles/tech-lead.md`
|
|
37
|
-
- `~/.claude/examples/project-CLAUDE.md`
|
|
38
|
-
- `~/.claude/marketplace.json`
|
|
39
|
-
|
|
40
|
-
如果这些文件不存在,优先回查:
|
|
41
|
-
|
|
42
|
-
- 是否先执行了构建脚本
|
|
43
|
-
- `CLAUDE_HOME_DIR` 是否指向了预期目录
|
|
44
|
-
- 是否误把历史导入源当成正式安装入口
|
|
45
|
-
|
|
46
|
-
如果还没有定位到问题,继续看 [troubleshooting.md](troubleshooting.md)。
|
|
47
|
-
|
|
48
|
-
### 2.1 可选能力检查:Graphify / GitNexus
|
|
49
|
-
|
|
50
|
-
如果你准备在 brownfield 项目中启用代码图谱能力,安装后可以先做预检查:
|
|
51
|
-
|
|
52
|
-
```bash
|
|
53
|
-
npm run graphify:doctor
|
|
54
|
-
npm run gitnexus:doctor
|
|
55
|
-
```
|
|
56
|
-
|
|
57
|
-
预检查仅验证环境,不会自动安装依赖。Graphify 适合轻量结构证据,GitNexus 适合 MCP 查询、impact 和 detect_changes;若失败,按 [troubleshooting.md](troubleshooting.md) 的对应章节处理。
|
|
58
|
-
|
|
59
|
-
## 3. 长期使用建议:准备项目级 CLAUDE.md
|
|
60
|
-
|
|
61
|
-
如果你只是先试一条命令,这一步可以放到第一次试跑之后再做;如果你准备把平台长期接入某个项目,这一步应尽快完成。
|
|
62
|
-
|
|
63
|
-
用户级 `CLAUDE.md` 适合放默认偏好,项目级 `CLAUDE.md` 适合放技术栈、命令流和门禁要求。建议从以下样例开始:
|
|
64
|
-
|
|
65
|
-
- 通用项目样例:[../../examples/project-CLAUDE.md](../../examples/project-CLAUDE.md)
|
|
66
|
-
- Next.js SaaS 样例:[../../examples/saas-nextjs-CLAUDE.md](../../examples/saas-nextjs-CLAUDE.md)
|
|
67
|
-
- Spring Boot 服务样例:[../../examples/springboot-service-CLAUDE.md](../../examples/springboot-service-CLAUDE.md)
|
|
68
|
-
- 流程型企业项目样例:[../../examples/workflow-enterprise-CLAUDE.md](../../examples/workflow-enterprise-CLAUDE.md)
|
|
69
|
-
- 平台治理仓库样例:[../../examples/platform-governance-CLAUDE.md](../../examples/platform-governance-CLAUDE.md)
|
|
70
|
-
- 数据看板项目样例:[../../examples/data-analytics-dashboard-CLAUDE.md](../../examples/data-analytics-dashboard-CLAUDE.md)
|
|
71
|
-
- GitHub Actions / 供应链治理仓库样例:[../../examples/github-actions-supply-chain-CLAUDE.md](../../examples/github-actions-supply-chain-CLAUDE.md)
|
|
72
|
-
- AI / Eval 平台样例:[../../examples/ai-eval-platform-CLAUDE.md](../../examples/ai-eval-platform-CLAUDE.md)
|
|
73
|
-
- 移动端 / 小程序项目样例:[../../examples/mobile-miniapp-CLAUDE.md](../../examples/mobile-miniapp-CLAUDE.md)
|
|
74
|
-
- IaC / Kubernetes 平台仓库样例:[../../examples/iac-kubernetes-platform-CLAUDE.md](../../examples/iac-kubernetes-platform-CLAUDE.md)
|
|
75
|
-
- 插件 / 扩展仓库样例:[../../examples/plugin-extension-platform-CLAUDE.md](../../examples/plugin-extension-platform-CLAUDE.md)
|
|
76
|
-
- 数据 / ML pipeline 仓库样例:[../../examples/data-ml-pipeline-CLAUDE.md](../../examples/data-ml-pipeline-CLAUDE.md)
|
|
77
|
-
- 安全 / 合规平台仓库样例:[../../examples/security-compliance-platform-CLAUDE.md](../../examples/security-compliance-platform-CLAUDE.md)
|
|
78
|
-
- 内部开发者平台样例:[../../examples/internal-developer-platform-CLAUDE.md](../../examples/internal-developer-platform-CLAUDE.md)
|
|
79
|
-
- 数据可观测性 / 质量平台样例:[../../examples/data-observability-quality-CLAUDE.md](../../examples/data-observability-quality-CLAUDE.md)
|
|
80
|
-
|
|
81
|
-
如果你想按 vertical 场景成熟度决定先看模板还是先看 demo,先看 [../presentation/vertical-scenario-route-map.md](../presentation/vertical-scenario-route-map.md)。
|
|
82
|
-
如果你想按表格确认每个 vertical 已补齐哪些材料,再看 [vertical-scenario-capability-matrix.md](vertical-scenario-capability-matrix.md)。
|
|
83
|
-
|
|
84
|
-
## 4. 第一个最小闭环
|
|
85
|
-
|
|
86
|
-
第一次不要一口气跑完整条链路,先用一个最小闭环确认平台工作正常。
|
|
87
|
-
|
|
88
|
-
主链入口统一从 `/team-help` 开始。真正进入正式任务后,PRD、delivery-plan、execute-log、handoff 等内容都要按命令说明通过 `npm run artifact:persist -- ...` 回写到项目仓库,而不是只停留在对话里。
|
|
89
|
-
|
|
90
|
-
### 4.1 新功能示例
|
|
91
|
-
|
|
92
|
-
```text
|
|
93
|
-
/team-help
|
|
94
|
-
目标:判断当前任务入口
|
|
95
|
-
现状:是否已有 brownfield 文档、project-context、handoff 证据
|
|
96
|
-
输出:推荐下一条主链命令和缺失前置条件
|
|
97
|
-
```
|
|
98
|
-
|
|
99
|
-
拿到入口建议后继续:
|
|
100
|
-
|
|
101
|
-
```text
|
|
102
|
-
/team-intake
|
|
103
|
-
目标:为订单服务新增审批 API
|
|
104
|
-
范围:接口、权限校验、测试计划
|
|
105
|
-
不做:前端页面、发布脚本重构
|
|
106
|
-
约束:必须评估是否启用 私有流程与权限集成
|
|
107
|
-
输出:参与角色、风险、下一步命令建议
|
|
108
|
-
```
|
|
109
|
-
|
|
110
|
-
拿到 intake 结果后继续:
|
|
111
|
-
|
|
112
|
-
```text
|
|
113
|
-
/team-plan
|
|
114
|
-
基于上一步结果拆解 architect、backend-engineer、qa-engineer 的任务。
|
|
115
|
-
要求给出依赖关系、custom overlay 是否启用、每次 handoff 的最小交付物。
|
|
116
|
-
```
|
|
117
|
-
|
|
118
|
-
### 4.2 前端问题修复示例
|
|
119
|
-
|
|
120
|
-
```text
|
|
121
|
-
/team-help
|
|
122
|
-
目标:判断当前任务入口
|
|
123
|
-
现状:是否已有 brownfield 文档、project-context、handoff 证据
|
|
124
|
-
输出:推荐下一条主链命令和缺失前置条件
|
|
125
|
-
```
|
|
126
|
-
|
|
127
|
-
再进入需求锁边界:
|
|
128
|
-
|
|
129
|
-
```text
|
|
130
|
-
/team-intake
|
|
131
|
-
目标:修复订阅页在 iPad 下的布局溢出
|
|
132
|
-
范围:页面布局、响应式验证、UI 自测证据
|
|
133
|
-
不做:接口改造
|
|
134
|
-
约束:必须附带 ui-review-checklist
|
|
135
|
-
```
|
|
136
|
-
|
|
137
|
-
如果问题足够小,可以走短链路:`/code-review` -> `/handoff` -> `/team-review`,但不要跳过验证证据。
|
|
138
|
-
|
|
139
|
-
## 5. 安装后另外三条最短体验路径
|
|
140
|
-
|
|
141
|
-
### 5.1 想体验测试先行
|
|
142
|
-
|
|
143
|
-
```text
|
|
144
|
-
/team-plan
|
|
145
|
-
基于当前需求结果拆解实现任务,并给出可进入 /tdd 的最小上下文。
|
|
146
|
-
```
|
|
147
|
-
|
|
148
|
-
```text
|
|
149
|
-
/tdd
|
|
150
|
-
目标:新增订单审批记录查询能力
|
|
151
|
-
现有缺口:还没有测试和契约验证路径
|
|
152
|
-
成功标准:先给出 red-green-refactor 步骤,并整理成可直接进入 /team-execute 的动作清单
|
|
153
|
-
```
|
|
154
|
-
|
|
155
|
-
### 5.2 想体验平台能力自检
|
|
156
|
-
|
|
157
|
-
```text
|
|
158
|
-
/harness-audit
|
|
159
|
-
目标:检查当前平台的命令、skills、hooks、rules、文档和集成深度。
|
|
160
|
-
输出:Overall Score、Dimension Scores、Top Actions、Recommendations。
|
|
161
|
-
```
|
|
162
|
-
|
|
163
|
-
适合在你刚补了一批命令、skills 或文档之后,快速看还有哪些入口没同步。
|
|
164
|
-
|
|
165
|
-
### 5.3 想先理解后台运行时增强
|
|
166
|
-
|
|
167
|
-
如果你不想马上跑命令,而是先想知道 memory、observe、cost、budget、compact、instinct 这些新增能力怎么影响会话行为,直接看 [runtime-capabilities-overview.md](runtime-capabilities-overview.md) 和 [ecc-harness-usage.md](ecc-harness-usage.md)。
|
|
168
|
-
|
|
169
|
-
## 6. 什么时候用 specialist
|
|
170
|
-
|
|
171
|
-
Claude 里建议把 specialist 当成“专项分析器”,不是最终裁决者。
|
|
172
|
-
|
|
173
|
-
- 用 `/plan` 做深度规划
|
|
174
|
-
- 用 `/tdd` 做测试先行
|
|
175
|
-
- 用 `/code-review` 做风险审查
|
|
176
|
-
- 用 `/build-fix` 处理构建故障
|
|
177
|
-
- 用 `/verify` 做验证回环
|
|
178
|
-
- 用 `/harness-audit` 做平台能力体检
|
|
179
|
-
|
|
180
|
-
这些输出都要回到 `/handoff` 或 `/team-*`。如果不回收,平台就会退化成多个平行结论,失去 `tech-lead` 编排的价值。
|
|
181
|
-
|
|
182
|
-
## 7. 常用对话模板
|
|
183
|
-
|
|
184
|
-
如果你只想快速复制命令骨架,不想先读完整示例,先看 [team-commands-quick-prompts.md](team-commands-quick-prompts.md);如果你想看更贴近日常对话的整句提示,直接看 [claude-conversation-prompt-recipes.md](claude-conversation-prompt-recipes.md);如果你想看最短的两条上手路径,再看 [first-team-command-60-seconds.md](first-team-command-60-seconds.md)。
|
|
185
|
-
|
|
186
|
-
如果你想直接看一份从 intake 到 review 的成品对话,继续看 [claude-end-to-end-conversation-example.md](claude-end-to-end-conversation-example.md)。
|
|
187
|
-
|
|
188
|
-
### 6.1 进入主链
|
|
189
|
-
|
|
190
|
-
```text
|
|
191
|
-
请按 Team Skills Platform 工作模型处理当前任务。
|
|
192
|
-
先以 tech-lead 视角执行 /team-intake,输出目标、范围外事项、风险和建议参与角色。
|
|
193
|
-
```
|
|
194
|
-
|
|
195
|
-
### 6.2 进入专项分析
|
|
196
|
-
|
|
197
|
-
```text
|
|
198
|
-
基于当前 intake 结果,调用 /code-review 或 /plan 做专项分析。
|
|
199
|
-
请把结论整理成可直接进入 /handoff 的格式。
|
|
200
|
-
```
|
|
201
|
-
|
|
202
|
-
### 6.3 明确是否需要 custom overlay
|
|
203
|
-
|
|
204
|
-
```text
|
|
205
|
-
如果任务依赖私有流程、权限、发布或设计资产,请先判断是否需要启用 enterprise overlay。
|
|
206
|
-
如果不需要,也请明确说明原因。
|
|
207
|
-
```
|
|
208
|
-
|
|
209
|
-
## 8. 常见误区
|
|
210
|
-
|
|
211
|
-
- 不要把 specialist 的结论直接当最终决定
|
|
212
|
-
- 不要默认所有任务都需要 custom overlay
|
|
213
|
-
- 不要在用户级 `CLAUDE.md` 里堆满项目专属约束
|
|
214
|
-
- 不要只给代码 diff,不补 handoff 和验证证据
|
|
215
|
-
|
|
216
|
-
下一步建议:
|
|
217
|
-
|
|
218
|
-
- 想按任务场景继续展开:看 [claude-usage-scenarios.md](claude-usage-scenarios.md)
|
|
219
|
-
- 想先看所有命令和能力怎么映射:看 [command-and-capability-matrix.md](command-and-capability-matrix.md)
|
|
220
|
-
- 想单独看 runtime hooks 与后台机制:看 [runtime-capabilities-overview.md](runtime-capabilities-overview.md)
|
|
221
|
-
- 想直接复制 Claude 的常用说法:看 [claude-conversation-prompt-recipes.md](claude-conversation-prompt-recipes.md)
|
|
222
|
-
- 想直接看 Claude 的完整对话示例:看 [claude-end-to-end-conversation-example.md](claude-end-to-end-conversation-example.md)
|
|
223
|
-
- 想把平台正式接入项目:看 [project-onboarding.md](project-onboarding.md)
|
|
224
|
-
- 想直接走一遍完整主链:看 [first-team-workflow-walkthrough.md](first-team-workflow-walkthrough.md)
|
|
225
|
-
- 想查完整命令和输出规范:看 [team-skills-usage.md](team-skills-usage.md)
|
|
226
|
-
|
|
227
|
-
完整说明见 [team-skills-usage.md](team-skills-usage.md)。
|
|
@@ -1,176 +0,0 @@
|
|
|
1
|
-
---
|
|
2
|
-
version: "0.1.0"
|
|
3
|
-
status: draft
|
|
4
|
-
created: 2026-03-28
|
|
5
|
-
updated: 2026-03-28
|
|
6
|
-
owner: 工程团队
|
|
7
|
-
---
|
|
8
|
-
|
|
9
|
-
# Claude 使用场景总览
|
|
10
|
-
|
|
11
|
-
本文把 Claude 端的使用文档按“上手、接入、日常开发、专项协作、问题排查”五类组织起来,方便团队按场景阅读,而不是靠猜文件名。
|
|
12
|
-
|
|
13
|
-
## 1. 首次使用
|
|
14
|
-
|
|
15
|
-
- 安装与首个闭环:[claude-quick-start.md](claude-quick-start.md)
|
|
16
|
-
- 新项目接入:[project-onboarding.md](project-onboarding.md)
|
|
17
|
-
- 项目级 CLAUDE 设计说明:[project-claude-design-rationale.md](project-claude-design-rationale.md)
|
|
18
|
-
- 按项目类型直接复制起手句:[../../examples/project-type-starter-playbook.md](../../examples/project-type-starter-playbook.md)
|
|
19
|
-
- 按更垂直项目类型复制连续脚本:[../../examples/vertical-project-conversation-scripts.md](../../examples/vertical-project-conversation-scripts.md)
|
|
20
|
-
- GitHub Actions / AI Eval / 移动端 / 合规 / 内部平台 / 数据质量 demo script:[github-actions-supply-chain-demo-script.md](github-actions-supply-chain-demo-script.md)、[ai-eval-platform-demo-script.md](ai-eval-platform-demo-script.md)、[mobile-miniapp-demo-script.md](mobile-miniapp-demo-script.md)、[security-compliance-platform-demo-script.md](security-compliance-platform-demo-script.md)、[internal-developer-platform-demo-script.md](internal-developer-platform-demo-script.md)、[data-observability-quality-demo-script.md](data-observability-quality-demo-script.md)
|
|
21
|
-
- 按材料成熟度选择 vertical 场景:[../presentation/vertical-scenario-route-map.md](../presentation/vertical-scenario-route-map.md)
|
|
22
|
-
- 按表格查看 vertical 材料覆盖:[vertical-scenario-capability-matrix.md](vertical-scenario-capability-matrix.md)
|
|
23
|
-
- 完整主链演练:[first-team-workflow-walkthrough.md](first-team-workflow-walkthrough.md)
|
|
24
|
-
|
|
25
|
-
## 2. 日常开发
|
|
26
|
-
|
|
27
|
-
- 新功能全流程:[claude-feature-development-guide.md](claude-feature-development-guide.md)
|
|
28
|
-
- 测试先行与 red-green-refactor:先看 [specialist-commands-playbook.md](specialist-commands-playbook.md)
|
|
29
|
-
- 代码评审工作流:[claude-code-review-workflow.md](claude-code-review-workflow.md)
|
|
30
|
-
- 前端工程师日常操作:[frontend-engineer-daily-operations.md](frontend-engineer-daily-operations.md)
|
|
31
|
-
- 后端工程师日常操作:[backend-engineer-daily-operations.md](backend-engineer-daily-operations.md)
|
|
32
|
-
- QA 工程师日常操作:[qa-engineer-daily-operations.md](qa-engineer-daily-operations.md)
|
|
33
|
-
- DevOps 工程师日常操作:[devops-engineer-daily-operations.md](devops-engineer-daily-operations.md)
|
|
34
|
-
- 项目经理日常操作:[project-manager-daily-operations.md](project-manager-daily-operations.md)
|
|
35
|
-
- Tech Lead 日常操作:[tech-lead-daily-operations.md](tech-lead-daily-operations.md)
|
|
36
|
-
- 产品经理日常操作:[product-manager-daily-operations.md](product-manager-daily-operations.md)
|
|
37
|
-
- 架构师日常操作:[architect-daily-operations.md](architect-daily-operations.md)
|
|
38
|
-
|
|
39
|
-
## 3. Specialist 与交接
|
|
40
|
-
|
|
41
|
-
- Specialist 命令工作簿:[specialist-commands-playbook.md](specialist-commands-playbook.md)
|
|
42
|
-
- Claude 场景化示例集:[../../examples/claude-scenario-playbook.md](../../examples/claude-scenario-playbook.md)
|
|
43
|
-
- Handoff 填充指南:[handoff-filling-guide-with-examples.md](handoff-filling-guide-with-examples.md)
|
|
44
|
-
- Team Intake 完整示例:[team-intake-example.md](team-intake-example.md)
|
|
45
|
-
- Team Plan 完整示例:[team-plan-example.md](team-plan-example.md)
|
|
46
|
-
- Team Execute 完整示例:[team-execute-example.md](team-execute-example.md)
|
|
47
|
-
- Team Handoff 完整示例:[team-handoff-example.md](team-handoff-example.md)
|
|
48
|
-
- Team Review 完整示例:[team-review-example.md](team-review-example.md)
|
|
49
|
-
- Team Release 完整示例:[team-release-example.md](team-release-example.md)
|
|
50
|
-
- API Mock 策略与生命周期手册:[api-mocking-strategy-and-lifecycle-guide.md](api-mocking-strategy-and-lifecycle-guide.md)
|
|
51
|
-
- 前后端联调与验收清单:[frontend-backend-integration-acceptance-checklist.md](frontend-backend-integration-acceptance-checklist.md)
|
|
52
|
-
- Consumer-Driven Contract 与 Mock 对齐指南:[consumer-driven-contract-testing-with-mock-alignment.md](consumer-driven-contract-testing-with-mock-alignment.md)
|
|
53
|
-
- Team 命令快速提示:[team-commands-quick-prompts.md](team-commands-quick-prompts.md)
|
|
54
|
-
- Claude 对话提示模板:[claude-conversation-prompt-recipes.md](claude-conversation-prompt-recipes.md)
|
|
55
|
-
- 角色高频提示模板:[role-prompt-recipes.md](role-prompt-recipes.md)
|
|
56
|
-
- Claude 完整对话样例:[claude-end-to-end-conversation-example.md](claude-end-to-end-conversation-example.md)
|
|
57
|
-
- QA 放行对话样例:[qa-review-conversation-example.md](qa-review-conversation-example.md)
|
|
58
|
-
- DevOps 发布对话样例:[devops-release-conversation-example.md](devops-release-conversation-example.md)
|
|
59
|
-
- Tech Lead 收口对话样例:[tech-lead-closure-conversation-example.md](tech-lead-closure-conversation-example.md)
|
|
60
|
-
- Product Manager 需求澄清对话样例:[product-manager-clarification-conversation-example.md](product-manager-clarification-conversation-example.md)
|
|
61
|
-
- Project Manager 计划推进对话样例:[project-manager-planning-conversation-example.md](project-manager-planning-conversation-example.md)
|
|
62
|
-
- Architect 方案设计对话样例:[architect-design-conversation-example.md](architect-design-conversation-example.md)
|
|
63
|
-
- 60 秒跑通第一个 Team 命令:[first-team-command-60-seconds.md](first-team-command-60-seconds.md)
|
|
64
|
-
|
|
65
|
-
## 4. 共享 walkthrough
|
|
66
|
-
|
|
67
|
-
- Bug 修复全流程:[bug-fix-complete-walkthrough.md](bug-fix-complete-walkthrough.md)
|
|
68
|
-
- Code Review 协作演练:[code-review-collaboration-walkthrough.md](code-review-collaboration-walkthrough.md)
|
|
69
|
-
- 多服务后端集成演练:[multi-service-backend-integration-walkthrough.md](multi-service-backend-integration-walkthrough.md)
|
|
70
|
-
- 紧急修复发布演练:[hotfix-emergency-release-walkthrough.md](hotfix-emergency-release-walkthrough.md)
|
|
71
|
-
- 前端重构演练:[frontend-refactor-walkthrough.md](frontend-refactor-walkthrough.md)
|
|
72
|
-
- API 设计与演进演练:[api-design-evolution-walkthrough.md](api-design-evolution-walkthrough.md)
|
|
73
|
-
- 文档更新协作演练:[documentation-update-walkthrough.md](documentation-update-walkthrough.md)
|
|
74
|
-
- 构建失败处理演练:[build-failure-recovery-walkthrough.md](build-failure-recovery-walkthrough.md)
|
|
75
|
-
- 需求澄清与范围管理演练:[requirement-clarity-and-scope-walkthrough.md](requirement-clarity-and-scope-walkthrough.md)
|
|
76
|
-
- 系统架构设计与 ADR 演练:[system-architecture-design-walkthrough.md](system-architecture-design-walkthrough.md)
|
|
77
|
-
- 金丝雀灰度发布演练:[canary-staging-release-walkthrough.md](canary-staging-release-walkthrough.md)
|
|
78
|
-
- 生产事故应急响应演练:[production-incident-response-walkthrough.md](production-incident-response-walkthrough.md)
|
|
79
|
-
- 发布后回滚与恢复演练:[release-rollback-recovery-walkthrough.md](release-rollback-recovery-walkthrough.md)
|
|
80
|
-
- 前后端并行开发与联调演练:[frontend-backend-parallel-integration-walkthrough.md](frontend-backend-parallel-integration-walkthrough.md)
|
|
81
|
-
- 并行研发协调演练:[parallel-development-coordination-walkthrough.md](parallel-development-coordination-walkthrough.md)
|
|
82
|
-
- 跨角色问题分诊演练:[cross-role-issue-triage-walkthrough.md](cross-role-issue-triage-walkthrough.md)
|
|
83
|
-
- GitHub Actions 与供应链治理演练:[github-actions-supply-chain-walkthrough.md](github-actions-supply-chain-walkthrough.md)
|
|
84
|
-
- AI Eval 平台演练:[ai-eval-platform-walkthrough.md](ai-eval-platform-walkthrough.md)
|
|
85
|
-
- 移动端与小程序交付演练:[mobile-miniapp-delivery-walkthrough.md](mobile-miniapp-delivery-walkthrough.md)
|
|
86
|
-
- IaC 与 Kubernetes 平台演练:[iac-kubernetes-platform-walkthrough.md](iac-kubernetes-platform-walkthrough.md)
|
|
87
|
-
- 插件与扩展平台演练:[plugin-extension-platform-walkthrough.md](plugin-extension-platform-walkthrough.md)
|
|
88
|
-
- 数据与 ML Pipeline 演练:[data-ml-pipeline-walkthrough.md](data-ml-pipeline-walkthrough.md)
|
|
89
|
-
- 安全与合规平台演练:[security-compliance-platform-walkthrough.md](security-compliance-platform-walkthrough.md)
|
|
90
|
-
- 内部开发者平台演练:[internal-developer-platform-walkthrough.md](internal-developer-platform-walkthrough.md)
|
|
91
|
-
- 数据可观测性与质量平台演练:[data-observability-quality-walkthrough.md](data-observability-quality-walkthrough.md)
|
|
92
|
-
|
|
93
|
-
## 5. 一页速查
|
|
94
|
-
|
|
95
|
-
- 前端缺陷修复一页速查:[frontend-bugfix-one-page.md](frontend-bugfix-one-page.md)
|
|
96
|
-
- 发布收口一页速查:[release-closure-one-page.md](release-closure-one-page.md)
|
|
97
|
-
- 事故分诊一页速查:[incident-triage-one-page.md](incident-triage-one-page.md)
|
|
98
|
-
- 管理层价值速查一页:[executive-value-one-page.md](executive-value-one-page.md)
|
|
99
|
-
|
|
100
|
-
## 6. 受众阅读路径
|
|
101
|
-
|
|
102
|
-
- 实施接入阅读路径:[implementation-onboarding-reading-path.md](implementation-onboarding-reading-path.md)
|
|
103
|
-
- 团队培训阅读路径:[team-training-reading-path.md](team-training-reading-path.md)
|
|
104
|
-
|
|
105
|
-
## 7. 排障与完整规范
|
|
106
|
-
|
|
107
|
-
- 安装与使用排障:[troubleshooting.md](troubleshooting.md)
|
|
108
|
-
- 命令与能力矩阵:[command-and-capability-matrix.md](command-and-capability-matrix.md)
|
|
109
|
-
- runtime 能力总览:[runtime-capabilities-overview.md](runtime-capabilities-overview.md)
|
|
110
|
-
- 完整使用手册:[team-skills-usage.md](team-skills-usage.md)
|
|
111
|
-
- 命令输出合同:[team-command-output-contracts.md](team-command-output-contracts.md)
|
|
112
|
-
- 发布治理阅读路径:[release-governance-reading-path.md](release-governance-reading-path.md)
|
|
113
|
-
- 示例总索引:[../../examples/INDEX.md](../../examples/INDEX.md)
|
|
114
|
-
|
|
115
|
-
## 8. 企业扩展与发布收口
|
|
116
|
-
|
|
117
|
-
- 自定义 overlay 扩展:[custom-overlay.md](custom-overlay.md)
|
|
118
|
-
- 自定义 overlay 创建入口:[custom-overlay.md](custom-overlay.md)
|
|
119
|
-
- Langfuse 追踪与可观测性集成指南:[langfuse-and-observability-integration-guide.md](langfuse-and-observability-integration-guide.md)
|
|
120
|
-
- 发布治理阅读路径:[release-governance-reading-path.md](release-governance-reading-path.md)
|
|
121
|
-
|
|
122
|
-
## 9. 推荐阅读路径
|
|
123
|
-
|
|
124
|
-
### 8.1 第一次用 Claude
|
|
125
|
-
|
|
126
|
-
1. [claude-quick-start.md](claude-quick-start.md)
|
|
127
|
-
2. [project-onboarding.md](project-onboarding.md)
|
|
128
|
-
3. [first-team-workflow-walkthrough.md](first-team-workflow-walkthrough.md)
|
|
129
|
-
4. [../../examples/claude-scenario-playbook.md](../../examples/claude-scenario-playbook.md)
|
|
130
|
-
|
|
131
|
-
### 8.2 已经接入,准备日常使用
|
|
132
|
-
|
|
133
|
-
1. [claude-feature-development-guide.md](claude-feature-development-guide.md)
|
|
134
|
-
2. [claude-code-review-workflow.md](claude-code-review-workflow.md)
|
|
135
|
-
3. [specialist-commands-playbook.md](specialist-commands-playbook.md)
|
|
136
|
-
|
|
137
|
-
### 8.3 想体验新增能力
|
|
138
|
-
|
|
139
|
-
1. 想先看命令、skills、runtime 全景:看 [command-and-capability-matrix.md](command-and-capability-matrix.md)
|
|
140
|
-
2. 想体验 `/tdd` 或 `/harness-audit`:看 [claude-quick-start.md](claude-quick-start.md) 和 [../../examples/claude-scenario-playbook.md](../../examples/claude-scenario-playbook.md)
|
|
141
|
-
3. 想理解 observation、cost、budget、compact、instinct:看 [runtime-capabilities-overview.md](runtime-capabilities-overview.md)
|
|
142
|
-
|
|
143
|
-
### 8.4 前端或后端专项
|
|
144
|
-
|
|
145
|
-
1. 前端看 [frontend-engineer-daily-operations.md](frontend-engineer-daily-operations.md)
|
|
146
|
-
2. 后端看 [backend-engineer-daily-operations.md](backend-engineer-daily-operations.md)
|
|
147
|
-
3. 遇到跨角色交接时补看 [handoff-filling-guide-with-examples.md](handoff-filling-guide-with-examples.md)
|
|
148
|
-
|
|
149
|
-
### 8.5 联调与跨角色协作
|
|
150
|
-
|
|
151
|
-
1. 并行联调看 [frontend-backend-parallel-integration-walkthrough.md](frontend-backend-parallel-integration-walkthrough.md)
|
|
152
|
-
2. 多角色推进看 [parallel-development-coordination-walkthrough.md](parallel-development-coordination-walkthrough.md)
|
|
153
|
-
3. 问题归因不清时看 [cross-role-issue-triage-walkthrough.md](cross-role-issue-triage-walkthrough.md)
|
|
154
|
-
|
|
155
|
-
### 8.6 质量、发布或编排专项
|
|
156
|
-
|
|
157
|
-
1. QA 看 [qa-engineer-daily-operations.md](qa-engineer-daily-operations.md)
|
|
158
|
-
2. 发布看 [devops-engineer-daily-operations.md](devops-engineer-daily-operations.md)
|
|
159
|
-
3. 编排和收口看 [tech-lead-daily-operations.md](tech-lead-daily-operations.md)
|
|
160
|
-
|
|
161
|
-
### 8.7 需求、架构与发布专项
|
|
162
|
-
|
|
163
|
-
1. 需求澄清看 [product-manager-daily-operations.md](product-manager-daily-operations.md) 和 [requirement-clarity-and-scope-walkthrough.md](requirement-clarity-and-scope-walkthrough.md)
|
|
164
|
-
2. 架构设计看 [architect-daily-operations.md](architect-daily-operations.md) 和 [system-architecture-design-walkthrough.md](system-architecture-design-walkthrough.md)
|
|
165
|
-
3. 发布治理看 [canary-staging-release-walkthrough.md](canary-staging-release-walkthrough.md)、[production-incident-response-walkthrough.md](production-incident-response-walkthrough.md)、[release-rollback-recovery-walkthrough.md](release-rollback-recovery-walkthrough.md)
|
|
166
|
-
|
|
167
|
-
### 8.8 自定义 overlay 扩展场景
|
|
168
|
-
|
|
169
|
-
1. 想创建自定义 overlay,看 [custom-overlay.md](custom-overlay.md)
|
|
170
|
-
2.
|
|
171
|
-
|
|
172
|
-
### 8.9 按受众快速进入
|
|
173
|
-
|
|
174
|
-
1. 管理层先看 [executive-value-one-page.md](executive-value-one-page.md)
|
|
175
|
-
2. 实施接入先看 [implementation-onboarding-reading-path.md](implementation-onboarding-reading-path.md)
|
|
176
|
-
3. 团队培训先看 [team-training-reading-path.md](team-training-reading-path.md)
|
|
@@ -1,65 +0,0 @@
|
|
|
1
|
-
---
|
|
2
|
-
version: "0.1.0"
|
|
3
|
-
status: draft
|
|
4
|
-
created: 2026-03-28
|
|
5
|
-
updated: 2026-03-28
|
|
6
|
-
owner: 工程团队
|
|
7
|
-
---
|
|
8
|
-
|
|
9
|
-
# Code Review 协作演练
|
|
10
|
-
|
|
11
|
-
本文演示一轮完整的 code review 协作:发起评审、处理问题、回收结论、再次确认。
|
|
12
|
-
|
|
13
|
-
## 1. 场景
|
|
14
|
-
|
|
15
|
-
- 功能已基本完成
|
|
16
|
-
- 希望在 QA 前先暴露工程质量问题
|
|
17
|
-
- 需要把 review 结论结构化回收到主链
|
|
18
|
-
|
|
19
|
-
## 2. 推荐链路
|
|
20
|
-
|
|
21
|
-
1. `/code-review`
|
|
22
|
-
2. `/team-execute` 或直接修复
|
|
23
|
-
3. `/code-review` 二次确认
|
|
24
|
-
4. `/handoff`
|
|
25
|
-
5. `/team-review`
|
|
26
|
-
|
|
27
|
-
## 3. 第一轮 review 输入示例
|
|
28
|
-
|
|
29
|
-
```text
|
|
30
|
-
/code-review
|
|
31
|
-
目标:评审审批记录查询接口与前端列表页改动
|
|
32
|
-
重点关注:权限校验、错误处理、空态与响应式
|
|
33
|
-
```
|
|
34
|
-
|
|
35
|
-
## 4. 第一轮输出如何处理
|
|
36
|
-
|
|
37
|
-
- Critical:立即修
|
|
38
|
-
- High:通常不应带入 QA
|
|
39
|
-
- Medium:能修则修,至少记录
|
|
40
|
-
- Low:作为后续优化
|
|
41
|
-
|
|
42
|
-
## 5. 二次确认示例
|
|
43
|
-
|
|
44
|
-
```text
|
|
45
|
-
/code-review
|
|
46
|
-
基于上一轮评审意见,已修复权限校验和空态问题。
|
|
47
|
-
请确认当前是否还存在阻塞 QA 的问题。
|
|
48
|
-
```
|
|
49
|
-
|
|
50
|
-
## 6. 最终回落到 handoff
|
|
51
|
-
|
|
52
|
-
handoff 中至少要写:
|
|
53
|
-
|
|
54
|
-
- review 发现了什么
|
|
55
|
-
- 已修复什么
|
|
56
|
-
- 还剩什么已知问题
|
|
57
|
-
- QA 需要重点验证什么
|
|
58
|
-
|
|
59
|
-
## 7. 常见错误
|
|
60
|
-
|
|
61
|
-
- review 结果没有进入 handoff
|
|
62
|
-
- 第二轮 review 只是重复跑,没有说明修了什么
|
|
63
|
-
- 把 review 当成 QA 的替代
|
|
64
|
-
|
|
65
|
-
与通用说明配合阅读:[claude-code-review-workflow.md](claude-code-review-workflow.md)
|
|
@@ -1,64 +0,0 @@
|
|
|
1
|
-
# CodeQL PR 安全门禁手册
|
|
2
|
-
|
|
3
|
-
本手册承接 `github/codeql-action` 的工程实践,用于把语义安全扫描接入 PR 与 code scanning 流程。它是安全 review 的补充证据来源,不替代人工威胁建模、依赖门禁或运行时验证。
|
|
4
|
-
|
|
5
|
-
## 适用场景
|
|
6
|
-
|
|
7
|
-
- 仓库托管在 GitHub,且具备使用 CodeQL 的前置条件。
|
|
8
|
-
- 团队希望在 PR 或默认分支上提前发现代码级安全问题,而不是只靠人工 review。
|
|
9
|
-
- 需要把安全扫描结果沉淀成可追踪、可分级、可回写的门禁输入。
|
|
10
|
-
|
|
11
|
-
## 不适用场景
|
|
12
|
-
|
|
13
|
-
- 仓库不在 GitHub,或当前环境不满足 CodeQL 使用条件。
|
|
14
|
-
- 团队尚未建立基本的安全 review 责任链,却指望扫描器代替人工判断。
|
|
15
|
-
- 期望把 CodeQL 结果当成唯一安全结论,而忽略鉴权设计、依赖风险和运行时暴露面。
|
|
16
|
-
|
|
17
|
-
## 推荐落地方式
|
|
18
|
-
|
|
19
|
-
1. 先确认使用边界:仓库托管方式、GitHub Advanced Security 条件、支持语言和扫描触发时机。
|
|
20
|
-
2. 第一阶段先启用默认查询集,观察噪音、误报和 triage 成本,不要一开始就堆大量自定义查询。
|
|
21
|
-
3. 将 CodeQL 与现有安全链分层:
|
|
22
|
-
- `dependency-review-gates` 负责依赖和许可证风险
|
|
23
|
-
- CodeQL 负责代码级语义问题
|
|
24
|
-
- 安全评审角色 / reviewer 负责最终风险判断与阻塞决策
|
|
25
|
-
4. 若要把扫描结果用于 PR 门禁,先定义哪些严重级别或问题类型会阻塞,哪些只做观察。
|
|
26
|
-
5. 结果必须回写到 `/code-review`、`/team-review` 或发布前检查,不让 code scanning 结果只停留在 GitHub 安全面板里。
|
|
27
|
-
|
|
28
|
-
## 最小门禁模型
|
|
29
|
-
|
|
30
|
-
- `scan layer`:CodeQL 在 PR 或默认分支上执行语义分析
|
|
31
|
-
- `triage layer`:确认哪些结果是真问题、哪些是误报或暂不处理
|
|
32
|
-
- `decision layer`:安全评审角色、`code-reviewer`、`tech-lead` 决定是否阻塞
|
|
33
|
-
|
|
34
|
-
工具负责发现候选问题,团队负责做业务语义判断。
|
|
35
|
-
|
|
36
|
-
## 重点检查项
|
|
37
|
-
|
|
38
|
-
- 用户输入到 SQL、模板、文件、命令或反序列化边界的危险流向
|
|
39
|
-
- 鉴权、授权、敏感数据处理和错误暴露相关问题
|
|
40
|
-
- 语言与框架特定的常见安全陷阱
|
|
41
|
-
- 代码结构层面人工 review 不易稳定发现的语义漏洞
|
|
42
|
-
|
|
43
|
-
## 反模式
|
|
44
|
-
|
|
45
|
-
- 还没定义 triage 规则,就把所有 CodeQL 告警直接当阻塞项。
|
|
46
|
-
- 只看告警数量,不分析哪些会真正影响当前仓库的风险面。
|
|
47
|
-
- 让 CodeQL 替代人工安全 review,以为“没报警就绝对安全”。
|
|
48
|
-
- 扫描结果长期无人处理,最后大家默认忽略整套安全门禁。
|
|
49
|
-
|
|
50
|
-
## 输出回落
|
|
51
|
-
|
|
52
|
-
- PR 阶段:把高优先级扫描结果和 triage 结论写入 review 结论或风险摘要。
|
|
53
|
-
- 团队协作:在 `/team-review` 中明确哪些问题来自 CodeQL、哪些已经人工确认或降级处理。
|
|
54
|
-
- 发布阶段:若仍有未关闭的高风险扫描结果,必须回写到 `/team-release` 的放行结论或观察项。
|
|
55
|
-
|
|
56
|
-
## 许可证与使用边界
|
|
57
|
-
|
|
58
|
-
- `github/codeql-action` 本身是 MIT,但底层 CodeQL CLI 另有 GitHub 使用条件。
|
|
59
|
-
- 深度接入前必须确认仓库托管方式、组织能力和 GitHub 安全产品边界,不要默认所有仓库都能直接启用。
|
|
60
|
-
|
|
61
|
-
## 参考来源
|
|
62
|
-
|
|
63
|
-
- [github/codeql-action](https://github.com/github/codeql-action)
|
|
64
|
-
- [dependency-review-gates.md](dependency-review-gates.md)
|