@colin4k1024/tsp 2.4.5 → 2.4.7
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +16 -20
- package/bin/lib/install-surface.js +3 -3
- package/bin/lib/source-installer.js +2 -2
- package/commands/team-help.md +2 -2
- package/commands/team-plan.md +1 -1
- package/commands/update-codemaps.md +3 -3
- package/manifests/install-components.json +1 -1
- package/manifests/install-modules.json +17 -3
- package/manifests/install-profiles.json +2 -0
- package/package.json +6 -3
- package/schemas/ecc-install-config.schema.json +6 -1
- package/schemas/install-modules.schema.json +4 -1
- package/scripts/codegraph-preflight.js +179 -0
- package/scripts/gitnexus-preflight.js +8 -0
- package/scripts/install-apply.js +10 -8
- package/scripts/install-codegraph.js +158 -0
- package/scripts/install-plan.js +28 -11
- package/scripts/lib/install/apply.js +256 -5
- package/scripts/lib/install/request.js +3 -2
- package/scripts/lib/install-audit-manifest.js +3 -0
- package/scripts/lib/install-executor.js +14 -5
- package/scripts/lib/install-lifecycle.js +2 -2
- package/scripts/lib/install-manifests.js +23 -4
- package/scripts/lib/install-targets/codex-home.js +187 -1
- package/scripts/lib/install-targets/opencode-home.js +135 -2
- package/scripts/lib/install-targets/registry.js +23 -1
- package/scripts/lib/release-health.js +19 -4
- package/scripts/lib/team-skills-data.json +6 -6
- package/scripts/release-health-summary.js +1 -1
- package/scripts/workflow-help.js +3 -3
- package/skills/codegraph/SKILL.md +57 -0
- package/skills/codegraph/agents/openai.yaml +4 -0
- package/docs/.vitepress/config.mts +0 -199
- package/docs/adr/ADR-001-doc-architecture-integration.md +0 -33
- package/docs/guides/README.md +0 -5
- package/docs/guides/installation.md +0 -33
- package/docs/guides/user-guide.md +0 -36
- package/docs/index.md +0 -65
- package/docs/memory/backlog.md +0 -10
- package/docs/memory/decisions.md +0 -43
- package/docs/memory/lessons-learned.md +0 -87
- package/docs/plans/2026-04-03-python-remnants-audit.md +0 -265
- package/docs/plans/2026-04-03-scripts-python-to-js-migration.md +0 -372
- package/docs/plans/2026-04-03-solo-delivery-execution-checklist.md +0 -413
- package/docs/plans/2026-04-03-solo-delivery-gap-plan.md +0 -377
- package/docs/plans/2026-04-03-team-skills-workflow-gates.md +0 -548
- package/docs/plans/2026-04-21-open-source-readiness-gap-plan.md +0 -217
- package/docs/plans/llm-surface-reduction-audit.md +0 -147
- package/docs/plans/llm-surface-reduction-execution-checklist.md +0 -217
- package/docs/plans/llm-surface-reduction-execution-history.md +0 -124
- package/docs/plans/team-skills-platform-migration.md +0 -54
- package/docs/presentation/README.md +0 -42
- package/docs/presentation/audience-presentation-route-map.md +0 -84
- package/docs/presentation/executive-briefing-talk-track.md +0 -50
- package/docs/presentation/generate_capability_matrix.py +0 -396
- package/docs/presentation/generate_ppt.py +0 -354
- package/docs/presentation/implementation-onboarding-brief.md +0 -38
- package/docs/presentation/presentation-talk-track.md +0 -97
- package/docs/presentation/vertical-scenario-route-map.md +0 -99
- package/docs/presentation/workshop-facilitator-guide.md +0 -47
- package/docs/runbooks/actionlint-workflow-gates.md +0 -80
- package/docs/runbooks/agent-governance.md +0 -131
- package/docs/runbooks/ai-eval-platform-demo-execution-log.md +0 -147
- package/docs/runbooks/ai-eval-platform-demo-script.md +0 -136
- package/docs/runbooks/ai-eval-platform-walkthrough.md +0 -113
- package/docs/runbooks/ai-pr-review-automation.md +0 -56
- package/docs/runbooks/api-breaking-change-gates.md +0 -58
- package/docs/runbooks/api-design-evolution-walkthrough.md +0 -42
- package/docs/runbooks/api-lint-gates.md +0 -57
- package/docs/runbooks/api-mocking-strategy-and-lifecycle-guide.md +0 -47
- package/docs/runbooks/architect-daily-operations.md +0 -63
- package/docs/runbooks/architect-design-conversation-example.md +0 -83
- package/docs/runbooks/artifact-attestation-gates.md +0 -75
- package/docs/runbooks/artifact-persistence.md +0 -257
- package/docs/runbooks/backend-engineer-daily-operations.md +0 -63
- package/docs/runbooks/batch-optimization-completion-checklist.md +0 -104
- package/docs/runbooks/biz-service-designer-end-to-end-conversation-example.md +0 -5
- package/docs/runbooks/biz-service-designer-toolkit.md +0 -5
- package/docs/runbooks/bug-fix-complete-walkthrough.md +0 -60
- package/docs/runbooks/build-failure-recovery-walkthrough.md +0 -40
- package/docs/runbooks/canary-decision-matrix.md +0 -41
- package/docs/runbooks/canary-staging-release-walkthrough.md +0 -46
- package/docs/runbooks/checkov-iac-gates.md +0 -104
- package/docs/runbooks/claude-code-review-workflow.md +0 -72
- package/docs/runbooks/claude-conversation-prompt-recipes.md +0 -132
- package/docs/runbooks/claude-end-to-end-conversation-example.md +0 -198
- package/docs/runbooks/claude-feature-development-guide.md +0 -112
- package/docs/runbooks/claude-quick-start.md +0 -227
- package/docs/runbooks/claude-usage-scenarios.md +0 -176
- package/docs/runbooks/code-review-collaboration-walkthrough.md +0 -65
- package/docs/runbooks/codeql-pr-security-gates.md +0 -64
- package/docs/runbooks/codex-end-to-end-conversation-example.md +0 -166
- package/docs/runbooks/codex-multi-agent-orchestration.md +0 -65
- package/docs/runbooks/codex-parallel-prompt-recipes.md +0 -131
- package/docs/runbooks/codex-quick-start.md +0 -223
- package/docs/runbooks/codex-usage-scenarios.md +0 -168
- package/docs/runbooks/codex-workflow-essentials.md +0 -88
- package/docs/runbooks/command-and-capability-matrix.md +0 -162
- package/docs/runbooks/conftest-policy-gates.md +0 -84
- package/docs/runbooks/consumer-driven-contract-testing-with-mock-alignment.md +0 -45
- package/docs/runbooks/contract-testing-playbook.md +0 -78
- package/docs/runbooks/cosign-signing-gates.md +0 -71
- package/docs/runbooks/cross-role-issue-triage-walkthrough.md +0 -47
- package/docs/runbooks/cursor-quick-start.md +0 -123
- package/docs/runbooks/custom-overlay.md +0 -115
- package/docs/runbooks/data-ml-pipeline-demo-execution-log.md +0 -141
- package/docs/runbooks/data-ml-pipeline-demo-script.md +0 -102
- package/docs/runbooks/data-ml-pipeline-walkthrough.md +0 -119
- package/docs/runbooks/data-observability-quality-demo-execution-log.md +0 -36
- package/docs/runbooks/data-observability-quality-demo-script.md +0 -42
- package/docs/runbooks/data-observability-quality-walkthrough.md +0 -86
- package/docs/runbooks/demo-deliverables-overview.md +0 -278
- package/docs/runbooks/demo-execution-log.md +0 -530
- package/docs/runbooks/demo-scenario.md +0 -129
- package/docs/runbooks/dependency-review-gates.md +0 -63
- package/docs/runbooks/dependency-update-automation.md +0 -83
- package/docs/runbooks/design-md-workflow.md +0 -185
- package/docs/runbooks/devops-engineer-daily-operations.md +0 -60
- package/docs/runbooks/devops-release-conversation-example.md +0 -88
- package/docs/runbooks/doc-architecture-integration.md +0 -59
- package/docs/runbooks/doc-architecture-quick-start.md +0 -122
- package/docs/runbooks/document-execution-audit.md +0 -32
- package/docs/runbooks/documentation-update-walkthrough.md +0 -37
- package/docs/runbooks/ecc-harness-usage.md +0 -93
- package/docs/runbooks/error-experience-usage.md +0 -116
- package/docs/runbooks/evolution-usage.md +0 -162
- package/docs/runbooks/executive-value-one-page.md +0 -55
- package/docs/runbooks/external-capability-approval-and-enablement-workflow.md +0 -39
- package/docs/runbooks/external-capability-intake.md +0 -160
- package/docs/runbooks/first-team-command-60-seconds.md +0 -96
- package/docs/runbooks/first-team-workflow-walkthrough.md +0 -245
- package/docs/runbooks/frontend-backend-integration-acceptance-checklist.md +0 -46
- package/docs/runbooks/frontend-backend-parallel-integration-walkthrough.md +0 -48
- package/docs/runbooks/frontend-bugfix-one-page.md +0 -82
- package/docs/runbooks/frontend-engineer-daily-operations.md +0 -60
- package/docs/runbooks/frontend-enterprise-style-profile.md +0 -5
- package/docs/runbooks/frontend-governance.md +0 -47
- package/docs/runbooks/frontend-refactor-walkthrough.md +0 -42
- package/docs/runbooks/git-pr-workflow.md +0 -63
- package/docs/runbooks/github-actions-supply-chain-demo-execution-log.md +0 -158
- package/docs/runbooks/github-actions-supply-chain-demo-script.md +0 -150
- package/docs/runbooks/github-actions-supply-chain-walkthrough.md +0 -117
- package/docs/runbooks/github-token-permissions-baseline.md +0 -92
- package/docs/runbooks/gitlab-manual-pipeline-release.md +0 -5
- package/docs/runbooks/gitlab-release-integration-playbook.md +0 -5
- package/docs/runbooks/gitnexus-code-intelligence-usage.md +0 -133
- package/docs/runbooks/graphify-knowledge-graph-usage.md +0 -88
- package/docs/runbooks/handoff-filling-guide-with-examples.md +0 -70
- package/docs/runbooks/handoff-governance.md +0 -250
- package/docs/runbooks/helm-unittest-playbook.md +0 -101
- package/docs/runbooks/hotfix-emergency-release-walkthrough.md +0 -60
- package/docs/runbooks/iac-kubernetes-platform-demo-execution-log.md +0 -144
- package/docs/runbooks/iac-kubernetes-platform-demo-script.md +0 -130
- package/docs/runbooks/iac-kubernetes-platform-walkthrough.md +0 -120
- package/docs/runbooks/implementation-onboarding-reading-path.md +0 -67
- package/docs/runbooks/in-toto-attestation-framework.md +0 -94
- package/docs/runbooks/incident-severity-triage-tree.md +0 -43
- package/docs/runbooks/incident-triage-one-page.md +0 -65
- package/docs/runbooks/internal-developer-platform-demo-execution-log.md +0 -36
- package/docs/runbooks/internal-developer-platform-demo-script.md +0 -42
- package/docs/runbooks/internal-developer-platform-walkthrough.md +0 -91
- package/docs/runbooks/karpathy-guidelines-usage.md +0 -27
- package/docs/runbooks/kubeconform-schema-gates.md +0 -100
- package/docs/runbooks/kubectl-server-dry-run-gates.md +0 -103
- package/docs/runbooks/kyverno-policy-gates.md +0 -90
- package/docs/runbooks/langfuse-and-observability-integration-guide.md +0 -43
- package/docs/runbooks/langfuse-coding-trace.md +0 -44
- package/docs/runbooks/mobile-miniapp-delivery-walkthrough.md +0 -112
- package/docs/runbooks/mobile-miniapp-demo-execution-log.md +0 -139
- package/docs/runbooks/mobile-miniapp-demo-script.md +0 -129
- package/docs/runbooks/multi-service-backend-integration-walkthrough.md +0 -61
- package/docs/runbooks/open-design-integration.md +0 -163
- package/docs/runbooks/open-source-release-checklist.md +0 -90
- package/docs/runbooks/opencode-quick-start.md +0 -128
- package/docs/runbooks/parallel-development-coordination-walkthrough.md +0 -47
- package/docs/runbooks/parallel-execution-usage.md +0 -179
- package/docs/runbooks/platform-capability-demo-execution-log.md +0 -184
- package/docs/runbooks/platform-capability-demo-script.md +0 -192
- package/docs/runbooks/plugin-extension-platform-demo-execution-log.md +0 -136
- package/docs/runbooks/plugin-extension-platform-demo-script.md +0 -102
- package/docs/runbooks/plugin-extension-platform-walkthrough.md +0 -111
- package/docs/runbooks/policy-controller-gates.md +0 -75
- package/docs/runbooks/post-rollback-verification-checklist.md +0 -37
- package/docs/runbooks/pre-release-checklist.md +0 -50
- package/docs/runbooks/product-manager-clarification-conversation-example.md +0 -90
- package/docs/runbooks/product-manager-daily-operations.md +0 -60
- package/docs/runbooks/production-incident-response-walkthrough.md +0 -50
- package/docs/runbooks/project-claude-design-rationale.md +0 -188
- package/docs/runbooks/project-manager-daily-operations.md +0 -61
- package/docs/runbooks/project-manager-planning-conversation-example.md +0 -82
- package/docs/runbooks/project-onboarding.md +0 -452
- package/docs/runbooks/qa-engineer-daily-operations.md +0 -63
- package/docs/runbooks/qa-review-conversation-example.md +0 -87
- package/docs/runbooks/release-closure-one-page.md +0 -65
- package/docs/runbooks/release-governance-reading-path.md +0 -56
- package/docs/runbooks/release-notes-automation.md +0 -48
- package/docs/runbooks/release-rollback-recovery-walkthrough.md +0 -47
- package/docs/runbooks/requirement-clarity-and-scope-walkthrough.md +0 -46
- package/docs/runbooks/reviewdog-pr-gates.md +0 -49
- package/docs/runbooks/role-prompt-recipes.md +0 -130
- package/docs/runbooks/rtk-integration-intake.md +0 -45
- package/docs/runbooks/rtk-token-optimization-usage.md +0 -107
- package/docs/runbooks/runner-egress-hardening.md +0 -81
- package/docs/runbooks/runtime-capabilities-overview.md +0 -113
- package/docs/runbooks/sbom-generation-gates.md +0 -71
- package/docs/runbooks/scorecard-supply-chain-gates.md +0 -82
- package/docs/runbooks/secret-scanning-gates.md +0 -85
- package/docs/runbooks/security-compliance-platform-demo-execution-log.md +0 -36
- package/docs/runbooks/security-compliance-platform-demo-script.md +0 -49
- package/docs/runbooks/security-compliance-platform-walkthrough.md +0 -98
- package/docs/runbooks/slsa-generator-patterns.md +0 -73
- package/docs/runbooks/slsa-verification-gates.md +0 -75
- package/docs/runbooks/solo-delivery-mode.md +0 -142
- package/docs/runbooks/solo-delivery-one-page.md +0 -111
- package/docs/runbooks/specialist-commands-playbook.md +0 -85
- package/docs/runbooks/sub-agent-invocation-map.md +0 -144
- package/docs/runbooks/system-architecture-design-walkthrough.md +0 -49
- package/docs/runbooks/team-closeout-example.md +0 -73
- package/docs/runbooks/team-command-output-contracts.md +0 -358
- package/docs/runbooks/team-commands-quick-prompts.md +0 -125
- package/docs/runbooks/team-execute-example.md +0 -63
- package/docs/runbooks/team-handoff-example.md +0 -49
- package/docs/runbooks/team-intake-example.md +0 -70
- package/docs/runbooks/team-plan-example.md +0 -62
- package/docs/runbooks/team-release-example.md +0 -63
- package/docs/runbooks/team-review-example.md +0 -61
- package/docs/runbooks/team-skills-test-run.md +0 -184
- package/docs/runbooks/team-skills-usage.md +0 -336
- package/docs/runbooks/team-training-reading-path.md +0 -64
- package/docs/runbooks/tech-lead-closure-conversation-example.md +0 -78
- package/docs/runbooks/tech-lead-daily-operations.md +0 -67
- package/docs/runbooks/trivy-security-gates.md +0 -79
- package/docs/runbooks/troubleshooting.md +0 -234
- package/docs/runbooks/vertical-scenario-capability-matrix.md +0 -107
- package/docs/runbooks/witness-policy-gates.md +0 -78
- package/docs/runbooks/zizmor-workflow-audits.md +0 -81
|
@@ -1,160 +0,0 @@
|
|
|
1
|
-
# External Capability Intake
|
|
2
|
-
|
|
3
|
-
本手册用于搜罗、评估和分层引入开源 skill 与工程实践,避免“看到一个仓库就直接接进 canonical source”。
|
|
4
|
-
|
|
5
|
-
如果你已经完成 intake,想继续推进到 approval 和 enablement,继续看 [external-capability-approval-and-enablement-workflow.md](external-capability-approval-and-enablement-workflow.md)。
|
|
6
|
-
|
|
7
|
-
## 使用原则
|
|
8
|
-
|
|
9
|
-
- 不把外部仓库整包搬进 canonical source。
|
|
10
|
-
- 只允许“本地化改写适配”,不做 wholesale import。
|
|
11
|
-
- `AGPL` / 强 copyleft 来源默认只允许 `reference-only-runbook`,不直接拷文本或代码进正式层。
|
|
12
|
-
- `skills/` 只承接公司专属领域能力;开源通用工程能力默认去 `skills/` 或 `docs/runbooks/`。
|
|
13
|
-
- 目录站、聚合站、awesome list 只能作为 discovery feed,不能直接当 canonical import source。
|
|
14
|
-
|
|
15
|
-
## Intake 卡片
|
|
16
|
-
|
|
17
|
-
后续所有外部 skill / 工程实践都先登记这张卡片,再决定是否进入正式层:
|
|
18
|
-
|
|
19
|
-
```yaml
|
|
20
|
-
source_name:
|
|
21
|
-
source_url:
|
|
22
|
-
license:
|
|
23
|
-
trust_tier:
|
|
24
|
-
maintenance_signal:
|
|
25
|
-
portability:
|
|
26
|
-
overlap_with_existing:
|
|
27
|
-
import_mode:
|
|
28
|
-
target_layer:
|
|
29
|
-
target_name:
|
|
30
|
-
why_now:
|
|
31
|
-
status:
|
|
32
|
-
```
|
|
33
|
-
|
|
34
|
-
### 字段定义
|
|
35
|
-
|
|
36
|
-
- `trust_tier`: `A-official` / `B-proven-community` / `C-discovery-only`
|
|
37
|
-
- `portability`: `codex+claude` / `claude-first` / `practice-only`
|
|
38
|
-
- `import_mode`: `adapt-into-local-skill` / `reference-only-runbook` / `reject`
|
|
39
|
-
- `target_layer`: `shared` / `ecc` / `company` / `runbook` / `toolkit` / `rules`
|
|
40
|
-
- `status`: `candidate` / `approved` / `backlog` / `rejected`
|
|
41
|
-
|
|
42
|
-
## 当前候选台账
|
|
43
|
-
|
|
44
|
-
| source_name | source_url | license | trust_tier | maintenance_signal | portability | overlap_with_existing | import_mode | target_layer | target_name | why_now | status |
|
|
45
|
-
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|
46
|
-
| `anthropics/skills:webapp-testing` | [anthropics/skills](https://github.com/anthropics/skills) | `Apache-2.0 / verify target folder before adaptation` | `A-official` | `65.8k` stars;2025-11 仍有 `webapp-testing` 相关 PR 活跃 | `codex+claude` | 已有 `frontend-engineering`、前端门禁,但没有独立浏览器 smoke / webapp 测试 skill | `adapt-into-local-skill` | `ecc` | `browser-smoke-testing` | 补齐前端与发布链之间的浏览器验证空位 | `approved` |
|
|
47
|
-
| `nexu-io/open-design` | [nexu-io/open-design](https://github.com/nexu-io/open-design) | `Apache-2.0` | `B-proven-community` | `30k+` stars;2026-05 仍活跃更新;包含本地 daemon、web UI、31 个 design skills、设计系统库、preview/export 与多 CLI agent adapters | `codex+claude` | 已有 `frontend-ui-ux-system`、`frontend-slides`、`design-system` 与 `ui-demo`,但缺少“Claude Design 类”本地优先设计工作台的受控接入路径 | `reference-only-runbook + full-profile-sidecar-install` | `runbook + skills` | `open-design-integration` | 为 TSP 补齐原型、deck、dashboard、mobile flow、`DESIGN.md` 和导出 artifact 的外部设计工作台协同能力;`full` profile 自动准备 `~/.tsp/open-design`,但不把上游 daemon 和 Node 24/pnpm 生命周期并入 TSP 默认 npm 依赖 | `approved` |
|
|
48
|
-
| `alchaincyf/huashu-design` | [alchaincyf/huashu-design](https://github.com/alchaincyf/huashu-design) | `Custom / personal use free;企业商用与工具链集成需上游授权` | `B-proven-community` | `4.4k+` stars;2026-04 仍活跃更新;包含独立 `SKILL.md`、演示与导出工具链 | `practice-only` | 已有 `frontend-ui-ux-system`、`ui-ux-promax` 与前端门禁,但没有专门面向高保真 HTML 原型、HTML-first deck、时间轴动画与设计评审的外部设计 skill 接入说明 | `reference-only-runbook` | `runbook` | `huashu-design-integration` | 在不复制上游内容的前提下,为 TSP 补齐外部设计 skill 接入路径、README 说明与致谢归档;待获得授权后再决定是否升级为本地化适配候选 | `approved` |
|
|
49
|
-
| `Colin4k1024/andrej-karpathy-skills` | [Colin4k1024/andrej-karpathy-skills](https://github.com/Colin4k1024/andrej-karpathy-skills/tree/main) | `MIT` | `B-proven-community` | 轻量仓库,当前核心内容稳定;包含 `CLAUDE.md` 与 `karpathy-guidelines` skill 形态 | `codex+claude` | 已有 `coding-standards`、`tdd-workflow`、`verification-loop`,但缺少一层专门约束“先暴露假设、避免过度设计、限定改动边界、先定义成功标准”的行为护栏 | `adapt-into-local-skill` | `ecc` | `karpathy-guidelines` | 补齐实现前的行为约束层,让现有质量与验证技能前面多一道“别猜、别做重、别多改、先定义成功”的轻量护栏 | `approved` |
|
|
50
|
-
| `tanweai/pua` | [tanweai/pua](https://github.com/tanweai/pua) | `MIT` | `B-proven-community` | `16k+` stars;2026-04 仍持续更新;多平台技能分发和 Claude hooks 已成型 | `claude-first` | 已有 `systematic-debugging`、`verification-loop`、`loop-operator`,但没有统一的高能动性、高压闭环与失败升级协议 | `adapt-into-local-skill` | `ecc` | `pua` | 补齐“别放弃、别甩锅、别空口完成”的行为层能力,并与现有验证/调试能力互补 | `approved` |
|
|
51
|
-
| `obra/superpowers:systematic-debugging` | [obra/superpowers](https://github.com/obra/superpowers) | `MIT` | `B-proven-community` | `20.2k` stars;含 Codex 实验支持说明;技能库覆盖调试与验证 | `codex+claude` | 已有 `/verify`,但缺少根因定位流程 | `adapt-into-local-skill` | `ecc` | `systematic-debugging` | 补强“排查根因”而不只是“反复验证” | `approved` |
|
|
52
|
-
| `obra/superpowers:verification-before-completion` | [obra/superpowers](https://github.com/obra/superpowers) | `MIT` | `B-proven-community` | 同上,作为调试/验证配套技能活跃维护 | `codex+claude` | 与现有 `/verify` 高度重叠 | `reference-only-runbook` | `runbook` | `verification-playbook` | 更适合作为 `/verify` 与验证 runbook 的增强项,而不是新入口 | `backlog` |
|
|
53
|
-
| `obra/superpowers:using-git-worktrees + finishing-a-development-branch` | [obra/superpowers](https://github.com/obra/superpowers) | `MIT` | `B-proven-community` | 技能库包含完整开发分支收口与 worktree 流程 | `codex+claude` | 已有 `rules/common/git-workflow.md`,但缺少可直接执行的 PR / branch runbook | `reference-only-runbook` | `runbook` | `git-pr-workflow` | 补齐 GitHub / PR / branch 收口工作流 | `approved` |
|
|
54
|
-
| `omkamal/pypict-claude-skill` | [omkamal/pypict-claude-skill](https://github.com/omkamal/pypict-claude-skill) | `MIT` | `B-proven-community` | 有 `CHANGELOG`、`QUICKSTART`、Releases;聚焦单一问题 | `codex+claude` | 已有 QA 测试口径与回写规则,但没有组合测试 / pairwise 设计 skill | `adapt-into-local-skill` | `ecc` | `pairwise-test-design` | 精准补齐测试设计缺口,且可移植性高 | `approved` |
|
|
55
|
-
| `qodo-ai/pr-agent` | [qodo-ai/pr-agent](https://github.com/qodo-ai/pr-agent) | `AGPL-3.0` | `B-proven-community` | `9.8k` stars;2025-11 仍有 release 与 GitHub Action 更新 | `practice-only` | 已有 `/code-review` 与 review specialist,但没有 PR 自动化 playbook | `reference-only-runbook` | `runbook` | `ai-pr-review-automation` | 可沉淀为 PR 自动 review 方案,但许可证不适合直接本地化成 skill | `approved` |
|
|
56
|
-
| `reviewdog/reviewdog` | [reviewdog/reviewdog](https://github.com/reviewdog/reviewdog) | `MIT` | `B-proven-community` | `8.9k` stars;2026-01 仍有更新;支持多 CI / 多 reporter | `practice-only` | 已有 lint / review 规则,但没有 PR 注释与检查门禁自动化手册 | `reference-only-runbook` | `runbook` | `reviewdog-pr-gates` | 适合沉淀成 PR gate 与 inline review 实践 | `approved` |
|
|
57
|
-
| `reviewdog/action-eslint` | [reviewdog/action-eslint](https://github.com/reviewdog/action-eslint) | `MIT` | `B-proven-community` | 2026-01 更新;GitHub Marketplace Action;用例清晰 | `practice-only` | 与前端质量门禁互补,但当前没有 GitHub PR review gate 样例 | `reference-only-runbook` | `runbook` | `reviewdog-pr-gates` | 作为 reviewdog 的具体 GitHub Actions 落地示例 | `approved` |
|
|
58
|
-
| `semantic-release/release-notes-generator` | [semantic-release/release-notes-generator](https://github.com/semantic-release/release-notes-generator) | `MIT` | `B-proven-community` | 2026-01 更新;发布说明生成插件稳定 | `practice-only` | 已有发布治理 runbook,但没有发布说明自动化方法 | `reference-only-runbook` | `runbook` | `release-notes-automation` | 用于补齐 changelog / release notes 自动化 | `approved` |
|
|
59
|
-
| `semantic-release/semantic-release` | [semantic-release/semantic-release](https://github.com/semantic-release/semantic-release) | `MIT` | `B-proven-community` | `23k` stars;2026-01 仍持续更新 | `practice-only` | 与发布治理 runbook 互补,但当前缺少正式 release automation baseline | `reference-only-runbook` | `runbook` | `release-notes-automation` | 提供完整 release automation 参考面 | `approved` |
|
|
60
|
-
| `OpenAPITools/openapi-diff` | [OpenAPITools/openapi-diff](https://github.com/OpenAPITools/openapi-diff) | `Apache-2.0` | `B-proven-community` | `1.1k` stars;22 releases;`2.1.7` latest `2026-01-26` | `codex+claude` | 已有 `api-contract` 与接口设计 runbook,但没有 OpenAPI breaking change gate | `reference-only-runbook` | `runbook` | `api-breaking-change-gates` | 补齐 API 向后兼容性校验与发布前 breaking change 检查 | `approved` |
|
|
61
|
-
| `stoplightio/spectral` | [stoplightio/spectral](https://github.com/stoplightio/spectral) | `Apache-2.0` | `B-proven-community` | `3.1k` stars;107 releases;`v6.15.0` latest `2025-04-22` | `codex+claude` | 已有接口设计 runbook 与 `api-contract`,但没有 API lint / ruleset gate | `reference-only-runbook` | `runbook` | `api-lint-gates` | 补齐 OpenAPI / AsyncAPI 风格与规范门禁 | `approved` |
|
|
62
|
-
| `testcontainers/testcontainers-java` | [testcontainers/testcontainers-java](https://github.com/testcontainers/testcontainers-java) | `MIT` | `B-proven-community` | `8.6k` stars;91 releases;`2.0.4` latest `2026-03-19` | `codex+claude` | 已有 `maven-qa`、`java-unit-test`,但没有容器化集成测试工作流 | `adapt-into-local-skill` | `ecc` | `testcontainers-integration-testing` | 补齐 Java 服务对数据库、中间件和浏览器依赖的可重复集成验证 | `approved` |
|
|
63
|
-
| `actions/dependency-review-action` | [actions/dependency-review-action](https://github.com/actions/dependency-review-action) | `MIT` | `A-official` | `799` stars;56 releases;`4.9.0` latest `2026-03-03` | `practice-only` | 已有 security / review 规则,但没有依赖变更与许可证门禁手册 | `reference-only-runbook` | `runbook` | `dependency-review-gates` | 补齐 PR 级依赖漏洞与许可证变化检查 | `approved` |
|
|
64
|
-
| `github/codeql-action` | [github/codeql-action](https://github.com/github/codeql-action) | `MIT / CodeQL CLI 附加使用条件` | `A-official` | `1.5k` stars;`v4.31.10` latest `2026-01-12` | `practice-only` | 已有安全评审与 review 规则,但没有 PR 级静态安全扫描接入手册 | `reference-only-runbook` | `runbook` | `codeql-pr-security-gates` | 可补齐 GitHub 原生代码扫描与安全查询门禁 | `approved` |
|
|
65
|
-
| `aquasecurity/trivy-action` | [aquasecurity/trivy-action](https://github.com/aquasecurity/trivy-action) | `MIT` | `B-proven-community` | `1.4k` stars;`v0.33.1` latest `2025-09-03` | `practice-only` | 已有 dependency review 与 CodeQL,但没有镜像 / 文件系统 / IaC 扫描接入手册 | `reference-only-runbook` | `runbook` | `trivy-security-gates` | 可补齐容器镜像、文件系统和 IaC 的漏洞扫描与门禁实践 | `approved` |
|
|
66
|
-
| `ossf/scorecard-action` | [ossf/scorecard-action](https://github.com/ossf/scorecard-action) | `Apache-2.0` | `B-proven-community` | `348` stars;`v2.4.3` latest `2025-09-30` | `practice-only` | 已有依赖、代码和制品扫描入口,但没有仓库级供应链基线手册 | `reference-only-runbook` | `runbook` | `scorecard-supply-chain-gates` | 可补齐仓库级供应链基线、发布流程与 token 使用面的审计实践 | `approved` |
|
|
67
|
-
| `anchore/sbom-action` | [anchore/sbom-action](https://github.com/anchore/sbom-action) | `Apache-2.0` | `B-proven-community` | `209` stars;`v0.20.9` latest `2025-10-23` | `practice-only` | 已有 dependency review 与镜像扫描,但没有 SBOM 生成与发布实践手册 | `reference-only-runbook` | `runbook` | `sbom-generation-gates` | 可补齐构建产物与镜像的 SBOM 生成、归档与发布链追溯 | `approved` |
|
|
68
|
-
| `actions/attest-build-provenance` | [actions/attest-build-provenance](https://github.com/actions/attest-build-provenance) | `MIT` | `A-official` | `847` stars;`v3.0.0` latest `2025-08-28` | `practice-only` | 已有 SBOM 和供应链基线入口,但没有 provenance attestation 手册 | `reference-only-runbook` | `runbook` | `artifact-attestation-gates` | 可补齐构建产物 provenance 与发布证明链实践 | `approved` |
|
|
69
|
-
| `sigstore/cosign-installer` | [sigstore/cosign-installer](https://github.com/sigstore/cosign-installer) | `Apache-2.0` | `B-proven-community` | `175` stars;`v4.0.0` latest `2025-10-16` | `practice-only` | 已有 SBOM 与 provenance 入口,但没有签名与验证手册 | `reference-only-runbook` | `runbook` | `cosign-signing-gates` | 可补齐 artifact / image signing 与验证链实践 | `approved` |
|
|
70
|
-
| `slsa-framework/slsa-verifier` | [slsa-framework/slsa-verifier](https://github.com/slsa-framework/slsa-verifier) | `Apache-2.0` | `B-proven-community` | `394` stars;`v2.7.1` latest `2025-07-18` | `practice-only` | 已有 attestation 与签名入口,但没有统一的 provenance 验证手册 | `reference-only-runbook` | `runbook` | `slsa-verification-gates` | 可补齐 provenance / attestation 的独立验证实践 | `approved` |
|
|
71
|
-
| `sigstore/policy-controller` | [sigstore/policy-controller](https://github.com/sigstore/policy-controller) | `Apache-2.0` | `B-proven-community` | `1k+` stars;`v0.13.1` latest `2025-09-17` | `practice-only` | 已有签名与验证入口,但没有集群侧策略强制手册 | `reference-only-runbook` | `runbook` | `policy-controller-gates` | 可补齐 Kubernetes / admission 层的签名与验证策略执行实践 | `approved` |
|
|
72
|
-
| `pact-foundation/pact-jvm` | [pact-foundation/pact-jvm](https://github.com/pact-foundation/pact-jvm) | `Apache-2.0` | `B-proven-community` | `1.1k` stars;331 releases;`4.7.0-beta.4` latest `2026-02-18` | `codex+claude` | 已有 `api-contract`,但没有 consumer/provider contract testing 工作流 | `reference-only-runbook` | `runbook` | `contract-testing-playbook` | 可补齐跨服务 consumer/provider 契约验证,但接入成本高于普通 API lint / diff gate | `approved` |
|
|
73
|
-
| `slsa-framework/slsa-github-generator` | [slsa-framework/slsa-github-generator](https://github.com/slsa-framework/slsa-github-generator) | `Apache-2.0` | `B-proven-community` | `169` stars;`v2.1.0` latest `2026-02-24`;2025-10 仍有更新 | `practice-only` | 已有 GitHub 官方 attestation,但没有更广的 SLSA provenance 生成模式手册 | `reference-only-runbook` | `runbook` | `slsa-generator-patterns` | 可补齐 GitHub Actions 侧更通用的 provenance 生成设计模式 | `approved` |
|
|
74
|
-
| `in-toto/attestation` | [in-toto/attestation](https://github.com/in-toto/attestation) | `Apache-2.0` | `B-proven-community` | `317` stars;`v1.1.2` latest `2025-06-14`;2025-11 仍有更新 | `practice-only` | 已有 attestation 生成与验证手册,但缺少 attestation predicate / schema 设计参考 | `reference-only-runbook` | `runbook` | `in-toto-attestation-framework` | 可补齐 attestation schema、predicate 和证据模型的设计参考 | `approved` |
|
|
75
|
-
| `in-toto/witness` | [in-toto/witness](https://github.com/in-toto/witness) | `Apache-2.0` | `B-proven-community` | `503` stars;`v0.10.1` latest `2025-10-15`;2025-11 仍有更新 | `practice-only` | 已有 attestation / signing / verification,但没有 policy-engine 视角的高级治理手册 | `reference-only-runbook` | `runbook` | `witness-policy-gates` | 可补齐基于证据和策略引擎的更高级供应链治理实践 | `approved` |
|
|
76
|
-
| `renovatebot/renovate` | [renovatebot/renovate](https://github.com/renovatebot/renovate) | `AGPL-3.0` | `B-proven-community` | `20.5k` stars;`42.76.4` latest `2026-01-10`;持续高频发布 | `practice-only` | 已有依赖门禁,但缺少持续升级发现、批量 triage 和自动化分组手册 | `reference-only-runbook` | `runbook` | `dependency-update-automation` | 可补齐依赖升级自动化与分批治理实践,但许可证不适合直接本地化成 skill | `approved` |
|
|
77
|
-
| `gitleaks/gitleaks` | [gitleaks/gitleaks](https://github.com/gitleaks/gitleaks) | `MIT` | `B-proven-community` | `24k` stars;`v8.30.0` latest `2025-11-26`;规则持续更新 | `practice-only` | 已有依赖、代码、镜像与供应链门禁,但没有 secret scanning 手册 | `reference-only-runbook` | `runbook` | `secret-scanning-gates` | 可补齐 PR / 仓库级硬编码凭据发现、baseline 管理与泄漏处置实践 | `approved` |
|
|
78
|
-
| `step-security/harden-runner` | [step-security/harden-runner](https://github.com/step-security/harden-runner) | `Apache-2.0` | `B-proven-community` | `v2.14.0` latest `2025-12-09`;持续维护 GitHub Actions runtime hardening | `practice-only` | 已有仓库级供应链基线,但没有 runner 运行时 egress hardening 手册 | `reference-only-runbook` | `runbook` | `runner-egress-hardening` | 可补齐 GitHub Actions runner 的出站访问控制、实时监测与异常 triage 实践 | `approved` |
|
|
79
|
-
| `rhysd/actionlint` | [rhysd/actionlint](https://github.com/rhysd/actionlint) | `MIT` | `B-proven-community` | `v1.7.8` latest `2025-10-11`;持续跟进 GitHub Actions 语法、runner label 与 popular actions 数据 | `practice-only` | 已有仓库级供应链基线,但没有 workflow 语法、结构与 shell 误用门禁手册 | `reference-only-runbook` | `runbook` | `actionlint-workflow-gates` | 可补齐 GitHub Actions workflow 文件级静态 lint 与结构化 triage 实践 | `approved` |
|
|
80
|
-
| `zizmorcore/zizmor` | [zizmorcore/zizmor](https://github.com/zizmorcore/zizmor) | `MIT` | `B-proven-community` | `3.3k` stars;2025-11 仍保持活跃更新;配套 `zizmor-action` 持续维护 | `practice-only` | 已有 Scorecard 和 runner hardening,但没有 workflow 安全审计手册 | `reference-only-runbook` | `runbook` | `zizmor-workflow-audits` | 可补齐 GitHub Actions workflow 的安全审计、triage 和 review 回写实践 | `approved` |
|
|
81
|
-
| `open-policy-agent/conftest` | [open-policy-agent/conftest](https://github.com/open-policy-agent/conftest) | `Apache-2.0` | `B-proven-community` | `3.1k` stars;92 releases;`v0.66.0` latest `2025-12-22` | `practice-only` | 已有 Trivy 和 policy-controller,但没有 PR / 发布前的 policy-as-code 预检手册 | `reference-only-runbook` | `runbook` | `conftest-policy-gates` | 可补齐 Helm / Kubernetes / Terraform / YAML / JSON 的配置策略预检实践 | `approved` |
|
|
82
|
-
| `bridgecrewio/checkov` | [bridgecrewio/checkov](https://github.com/bridgecrewio/checkov) | `Apache-2.0` | `B-proven-community` | `2026-03` 仍持续发布;框架覆盖 Terraform、Kubernetes、Helm、CloudFormation、Dockerfile 等 IaC 目标 | `practice-only` | 已有 Trivy 和 Conftest,但没有 IaC 安全与合规基线门禁手册 | `reference-only-runbook` | `runbook` | `checkov-iac-gates` | 可补齐 Terraform / Kubernetes / Helm / CloudFormation 等 IaC 的误配置与合规预检实践 | `approved` |
|
|
83
|
-
| `yannh/kubeconform` | [yannh/kubeconform](https://github.com/yannh/kubeconform) | `Apache-2.0` | `B-proven-community` | `2026-02` 仍持续发布;配套 `kubernetes-json-schema` 仓库持续维护 | `practice-only` | 已有 Conftest 和 policy-controller,但没有 Kubernetes manifest schema 校验手册 | `reference-only-runbook` | `runbook` | `kubeconform-schema-gates` | 可补齐 Kubernetes / Helm / kustomize 输出的 schema 级校验与 CRD 覆盖实践 | `approved` |
|
|
84
|
-
| `GitHubSecurityLab/actions-permissions` | [GitHubSecurityLab/actions-permissions](https://github.com/GitHubSecurityLab/actions-permissions) | `MIT` | `B-proven-community` | `PUBLIC BETA`;围绕 `Monitor` / `Advisor` 持续维护 GitHub token permissions 收敛实践 | `practice-only` | 已有 Scorecard、Zizmor 和 runner hardening,但没有基于真实运行的 token 最小权限手册 | `reference-only-runbook` | `runbook` | `github-token-permissions-baseline` | 可补齐 GitHub Actions `GITHUB_TOKEN` 最小权限建议、收敛与 triage 实践 | `approved` |
|
|
85
|
-
| `kyverno/kyverno` | [kyverno/kyverno](https://github.com/kyverno/kyverno) | `Apache-2.0` | `B-proven-community` | `2026-03` 官方文档与 releases 持续更新;覆盖 admission、background scan、policy reports、image verification | `practice-only` | 已有 Conftest、policy-controller,但没有 Kubernetes 原生 policy engine 手册 | `reference-only-runbook` | `runbook` | `kyverno-policy-gates` | 可补齐 Kubernetes 原生策略治理、background scan 与 policy report 实践 | `approved` |
|
|
86
|
-
| `helm-unittest/helm-unittest` | [helm-unittest/helm-unittest](https://github.com/helm-unittest/helm-unittest) | `MIT` | `B-proven-community` | `2026-03` 仓库和插件文档持续维护;聚焦 Helm chart 单元测试与 snapshot 回归 | `practice-only` | 已有 Kubeconform 和 Conftest,但没有 Helm chart 模板单测手册 | `reference-only-runbook` | `runbook` | `helm-unittest-playbook` | 可补齐 Helm chart 模板渲染断言、snapshot 回归与 values 组合测试实践 | `approved` |
|
|
87
|
-
| `Kubernetes Docs: kubectl server-side dry-run` | [kubectl apply](https://kubernetes.io/docs/reference/kubectl/generated/kubectl_apply/) | `CC BY 4.0 docs / Kubernetes project materials` | `A-official` | `2026-03` 官方文档持续维护;server-side apply / dry-run=server 是长期稳定能力 | `practice-only` | 已有 Kubeconform、Conftest,但没有 API server 接受性预检手册 | `reference-only-runbook` | `runbook` | `kubectl-server-dry-run-gates` | 可补齐 manifest 渲染后、正式 apply 前的 API server 接受性与字段冲突预检实践 | `approved` |
|
|
88
|
-
| `safishamsi/graphify` | [safishamsi/graphify](https://github.com/safishamsi/graphify) | `MIT` | `B-proven-community` | `2026-04` 社区活跃;`v4` 文档包含架构、CLI 与 Python 依赖说明 | `codex+claude` | 已有 `/team-*` 主链与 workflow-engine,但缺少可复用的知识图谱结构分析能力 | `adapt-into-local-skill` | `runbook + skills` | `graphify-knowledge-graph` | 为 brownfield 认知、架构问答、依赖路径分析补结构化证据层 | `approved` |
|
|
89
|
-
| `abhigyanpatwari/GitNexus` | [abhigyanpatwari/GitNexus](https://github.com/abhigyanpatwari/GitNexus) | `PolyForm-Noncommercial-1.0.0` | `B-proven-community` | `2026-04` 仍有 release;npm 包 `1.6.3`;README/ARCHITECTURE 覆盖 CLI、MCP、impact、detect_changes 与多仓模式 | `codex+claude` | 与 Graphify 同属代码图谱能力,但 GitNexus 更偏 MCP 查询、symbol impact、git diff impact 和多仓证据 | `reference-only-runbook` | `runbook + skills` | `gitnexus-code-intelligence` | 为复杂 brownfield 改造补齐 MCP-backed impact/detect_changes 证据;因非商业许可证和 Node 20 要求,不内置依赖 | `approved` |
|
|
90
|
-
| `skillcreatorai/Ai-Agent-Skills` | [skillcreatorai/Ai-Agent-Skills](https://github.com/skillcreatorai/Ai-Agent-Skills) | `MIT` | `C-discovery-only` | `443` stars;支持 Claude / Codex / Copilot / Gemini 等多代理安装 | `codex+claude` | 与本仓库的安装面相关,但更适合作为发现与对标来源 | `reject` | `runbook` | `discovery-feed-only` | 可继续发现候选 skill,不作为直接导入源 | `rejected` |
|
|
91
|
-
| `VoltAgent/awesome-claude-skills` | [VoltAgent/awesome-claude-skills](https://github.com/VoltAgent/awesome-claude-skills) | `MIT` | `C-discovery-only` | 聚合官方与社区技能,适合持续检索候选 | `practice-only` | 不提供稳定单项事实源 | `reject` | `runbook` | `discovery-feed-only` | 只保留为 awesome list 型发现源 | `rejected` |
|
|
92
|
-
| `letta-ai/skills` | [letta-ai/skills](https://github.com/letta-ai/skills) | `MIT` | `C-discovery-only` | 社区知识库型仓库;体量小但结构清晰;包含 `webapp-testing` 等条目 | `codex+claude` | 与本仓库的 skill 形态兼容,但当前信号更适合作为次级发现源 | `reject` | `runbook` | `discovery-feed-only` | 用来发现可评估主题,不直接当 canonical import source | `rejected` |
|
|
93
|
-
|
|
94
|
-
## 首批批准实施的 3 项
|
|
95
|
-
|
|
96
|
-
先锁定这 3 项做本地化试点,避免一次引入过多:
|
|
97
|
-
|
|
98
|
-
| target_name | target_layer | upstream | 为什么现在做 |
|
|
99
|
-
|---|---|---|---|
|
|
100
|
-
| `systematic-debugging` | `ecc` | `obra/superpowers` | 当前平台能验证,但缺少系统化根因定位流程 |
|
|
101
|
-
| `browser-smoke-testing` | `ecc` | `anthropics/skills:webapp-testing` | 当前平台有前端治理,没有独立浏览器 smoke skill |
|
|
102
|
-
| `pairwise-test-design` | `ecc` | `omkamal/pypict-claude-skill` | 当前平台有测试策略,没有组合测试设计入口 |
|
|
103
|
-
|
|
104
|
-
当前进展:
|
|
105
|
-
|
|
106
|
-
- `systematic-debugging` 已本地化落在 [skills/systematic-debugging/SKILL.md](../../skills/systematic-debugging/SKILL.md)。
|
|
107
|
-
- `browser-smoke-testing` 已本地化落在 [skills/browser-smoke-testing/SKILL.md](../../skills/browser-smoke-testing/SKILL.md)。
|
|
108
|
-
- `pairwise-test-design` 已本地化落在 [skills/pairwise-test-design/SKILL.md](../../skills/pairwise-test-design/SKILL.md)。
|
|
109
|
-
- `karpathy-guidelines` 已本地化落在 [skills/karpathy-guidelines/SKILL.md](../../skills/karpathy-guidelines/SKILL.md),并作为 `workflow-quality` 的一部分进入安装基线;配套使用说明见 [karpathy-guidelines-usage.md](karpathy-guidelines-usage.md)。
|
|
110
|
-
- `git-pr-workflow` 已本地化落在 [docs/runbooks/git-pr-workflow.md](git-pr-workflow.md)。
|
|
111
|
-
- `ai-pr-review-automation` 已本地化落在 [docs/runbooks/ai-pr-review-automation.md](ai-pr-review-automation.md)。
|
|
112
|
-
- `reviewdog-pr-gates` 已本地化落在 [docs/runbooks/reviewdog-pr-gates.md](reviewdog-pr-gates.md)。
|
|
113
|
-
- `release-notes-automation` 已本地化落在 [docs/runbooks/release-notes-automation.md](release-notes-automation.md)。
|
|
114
|
-
- `api-breaking-change-gates` 已本地化落在 [docs/runbooks/api-breaking-change-gates.md](api-breaking-change-gates.md)。
|
|
115
|
-
- `api-lint-gates` 已本地化落在 [docs/runbooks/api-lint-gates.md](api-lint-gates.md)。
|
|
116
|
-
- `testcontainers-integration-testing` 已本地化落在 [skills/testcontainers-integration-testing/SKILL.md](../../skills/testcontainers-integration-testing/SKILL.md)。
|
|
117
|
-
- `dependency-review-gates` 已本地化落在 [docs/runbooks/dependency-review-gates.md](dependency-review-gates.md)。
|
|
118
|
-
- `codeql-pr-security-gates` 已本地化落在 [docs/runbooks/codeql-pr-security-gates.md](codeql-pr-security-gates.md)。
|
|
119
|
-
- `trivy-security-gates` 已本地化落在 [docs/runbooks/trivy-security-gates.md](trivy-security-gates.md)。
|
|
120
|
-
- `scorecard-supply-chain-gates` 已本地化落在 [docs/runbooks/scorecard-supply-chain-gates.md](scorecard-supply-chain-gates.md)。
|
|
121
|
-
- `sbom-generation-gates` 已本地化落在 [docs/runbooks/sbom-generation-gates.md](sbom-generation-gates.md)。
|
|
122
|
-
- `artifact-attestation-gates` 已本地化落在 [docs/runbooks/artifact-attestation-gates.md](artifact-attestation-gates.md)。
|
|
123
|
-
- `cosign-signing-gates` 已本地化落在 [docs/runbooks/cosign-signing-gates.md](cosign-signing-gates.md)。
|
|
124
|
-
- `slsa-verification-gates` 已本地化落在 [docs/runbooks/slsa-verification-gates.md](slsa-verification-gates.md)。
|
|
125
|
-
- `policy-controller-gates` 已本地化落在 [docs/runbooks/policy-controller-gates.md](policy-controller-gates.md)。
|
|
126
|
-
- `contract-testing-playbook` 已本地化落在 [docs/runbooks/contract-testing-playbook.md](contract-testing-playbook.md)。
|
|
127
|
-
- `verification-before-completion` 的主要做法已吸收到 `/verify`、`loop-operator` 与相关验证 runbook。
|
|
128
|
-
- `pua` 已本地化为 [skills/pua/SKILL.md](../../skills/pua/SKILL.md) 及其 7 个模式 skill,并补上 `/pua` 命令入口、`~/.claude/pua/` 状态持久化(`config.json` / `state.json` / `builder-journal.md`)以及 `pre:compact:pua`、`post:pua:success-reset`、`post:pua:failure-escalation`、`stop:pua:journal` 的运行时 hooks 映射;显式降级项为不支持 `UserPromptSubmit` 即时拦截。
|
|
129
|
-
- `slsa-generator-patterns` 已本地化落在 [docs/runbooks/slsa-generator-patterns.md](slsa-generator-patterns.md)。
|
|
130
|
-
- `in-toto-attestation-framework` 已本地化落在 [docs/runbooks/in-toto-attestation-framework.md](in-toto-attestation-framework.md)。
|
|
131
|
-
- `witness-policy-gates` 已本地化落在 [docs/runbooks/witness-policy-gates.md](witness-policy-gates.md)。
|
|
132
|
-
- `dependency-update-automation` 已本地化落在 [docs/runbooks/dependency-update-automation.md](dependency-update-automation.md)。
|
|
133
|
-
- `secret-scanning-gates` 已本地化落在 [docs/runbooks/secret-scanning-gates.md](secret-scanning-gates.md)。
|
|
134
|
-
- `runner-egress-hardening` 已本地化落在 [docs/runbooks/runner-egress-hardening.md](runner-egress-hardening.md)。
|
|
135
|
-
- `actionlint-workflow-gates` 已本地化落在 [docs/runbooks/actionlint-workflow-gates.md](actionlint-workflow-gates.md)。
|
|
136
|
-
- `zizmor-workflow-audits` 已本地化落在 [docs/runbooks/zizmor-workflow-audits.md](zizmor-workflow-audits.md)。
|
|
137
|
-
- `conftest-policy-gates` 已本地化落在 [docs/runbooks/conftest-policy-gates.md](conftest-policy-gates.md)。
|
|
138
|
-
- `checkov-iac-gates` 已本地化落在 [docs/runbooks/checkov-iac-gates.md](checkov-iac-gates.md)。
|
|
139
|
-
- `kubeconform-schema-gates` 已本地化落在 [docs/runbooks/kubeconform-schema-gates.md](kubeconform-schema-gates.md)。
|
|
140
|
-
- `github-token-permissions-baseline` 已本地化落在 [docs/runbooks/github-token-permissions-baseline.md](github-token-permissions-baseline.md)。
|
|
141
|
-
- `kyverno-policy-gates` 已本地化落在 [docs/runbooks/kyverno-policy-gates.md](kyverno-policy-gates.md)。
|
|
142
|
-
- `helm-unittest-playbook` 已本地化落在 [docs/runbooks/helm-unittest-playbook.md](helm-unittest-playbook.md)。
|
|
143
|
-
- `kubectl-server-dry-run-gates` 已本地化落在 [docs/runbooks/kubectl-server-dry-run-gates.md](kubectl-server-dry-run-gates.md)。
|
|
144
|
-
- `graphify-knowledge-graph` 已本地化落在 [skills/graphify/SKILL.md](../../skills/graphify/SKILL.md) 与 [docs/runbooks/graphify-knowledge-graph-usage.md](graphify-knowledge-graph-usage.md)。
|
|
145
|
-
- `gitnexus-code-intelligence` 已以受控可选方式落在 [skills/gitnexus/SKILL.md](../../skills/gitnexus/SKILL.md) 与 [docs/runbooks/gitnexus-code-intelligence-usage.md](gitnexus-code-intelligence-usage.md),不复制上游实现、不进入默认依赖。
|
|
146
|
-
- `open-design-integration` 已以受控可选方式落在 [skills/open-design/SKILL.md](../../skills/open-design/SKILL.md) 与 [docs/runbooks/open-design-integration.md](open-design-integration.md),并通过 `design-prototyping` module 进入 `team` / `full` 安装面;`full` profile 自动执行 [scripts/install-open-design.js](../../scripts/install-open-design.js) 准备 `~/.tsp/open-design`,但不复制上游 daemon、skills、design-systems 或生成数据到 TSP canonical source。
|
|
147
|
-
- `huashu-design-integration` 当前仅以 docs-only 方式落地:主入口说明与致谢位于 [README.md](../../README.md),不进入 `skills/`、install profile 或 npm 内置分发面;若后续获得上游授权,再重新走 intake / approval 决定是否升级为本地化适配。
|
|
148
|
-
|
|
149
|
-
## 下一批待补充候选
|
|
150
|
-
|
|
151
|
-
这一批 3 项已经完成,本轮先不预设新的默认候选;后续若继续搜罗,再按本台账 intake 合同补录。
|
|
152
|
-
|
|
153
|
-
## 下一轮实施默认边界
|
|
154
|
-
|
|
155
|
-
下一轮若实施以上 `approved` 项,默认遵循这些边界:
|
|
156
|
-
|
|
157
|
-
- 只吸收方法论、流程和结构,不直接复制外部仓库整体目录。
|
|
158
|
-
- 先落 `skills/` 本地化版本,再决定是否补 `rules/`、`runbooks/` 或 specialist 文案。
|
|
159
|
-
- 不改 `roles/*/role.yaml` 和 `/team-*` 命令,除非本地化 skill 已成型并通过校验。
|
|
160
|
-
- 若上游后续许可证、维护状态或内容方向变化,重新走本台账更新状态。
|
|
@@ -1,96 +0,0 @@
|
|
|
1
|
-
---
|
|
2
|
-
version: "0.1.0"
|
|
3
|
-
status: draft
|
|
4
|
-
created: 2026-03-28
|
|
5
|
-
updated: 2026-03-28
|
|
6
|
-
owner: 工程团队
|
|
7
|
-
---
|
|
8
|
-
|
|
9
|
-
# 60 秒跑通第一个 Team 命令
|
|
10
|
-
|
|
11
|
-
本文只做一件事:让第一次接触平台的人在 60 秒内知道“该怎么说”和“下一步是什么”。
|
|
12
|
-
|
|
13
|
-
如果你想先看完整命令面和新增能力,不要只停在本文,继续看 [command-and-capability-matrix.md](command-and-capability-matrix.md) 和 [runtime-capabilities-overview.md](runtime-capabilities-overview.md)。
|
|
14
|
-
|
|
15
|
-
## 场景 A:小 Bug 修复
|
|
16
|
-
|
|
17
|
-
你可以直接输入:
|
|
18
|
-
|
|
19
|
-
```text
|
|
20
|
-
/team-intake
|
|
21
|
-
目标:修复订阅页在 iPad 下的布局溢出
|
|
22
|
-
范围:页面布局、响应式验证、UI 自测证据
|
|
23
|
-
不做:接口改造
|
|
24
|
-
约束:必须附带 ui-review-checklist
|
|
25
|
-
```
|
|
26
|
-
|
|
27
|
-
你期望拿到:
|
|
28
|
-
|
|
29
|
-
- 参与角色建议
|
|
30
|
-
- 风险与待确认项
|
|
31
|
-
- 下一步是继续 `/team-execute` 还是先 `/team-plan`
|
|
32
|
-
|
|
33
|
-
## 场景 B:简单新接口
|
|
34
|
-
|
|
35
|
-
你可以直接输入:
|
|
36
|
-
|
|
37
|
-
```text
|
|
38
|
-
/team-intake
|
|
39
|
-
目标:新增订单审批状态查询接口
|
|
40
|
-
范围:接口、权限校验、测试计划
|
|
41
|
-
不做:前端页面
|
|
42
|
-
约束:判断是否启用 私有流程或权限集成
|
|
43
|
-
```
|
|
44
|
-
|
|
45
|
-
然后继续:
|
|
46
|
-
|
|
47
|
-
```text
|
|
48
|
-
/team-plan
|
|
49
|
-
基于 intake 结果拆角色职责、依赖和 handoff 节点。
|
|
50
|
-
```
|
|
51
|
-
|
|
52
|
-
你期望拿到:
|
|
53
|
-
|
|
54
|
-
- 哪些角色参与
|
|
55
|
-
- 是否需要 custom overlay
|
|
56
|
-
- 下一步该进入实现、专项分析还是交接
|
|
57
|
-
|
|
58
|
-
## 场景 C:先锁测试,再开始做
|
|
59
|
-
|
|
60
|
-
如果 `/team-plan` 已经拆清楚任务,你可以继续输入:
|
|
61
|
-
|
|
62
|
-
```text
|
|
63
|
-
/tdd
|
|
64
|
-
基于当前 /team-plan 结果,先锁定测试、边界行为、成功标准和实现顺序。
|
|
65
|
-
输出 red-green-refactor 路径,并整理成可直接进入 /team-execute 的动作清单。
|
|
66
|
-
```
|
|
67
|
-
|
|
68
|
-
你期望拿到:
|
|
69
|
-
|
|
70
|
-
- 优先测试点
|
|
71
|
-
- 实现顺序
|
|
72
|
-
- 哪些验证要在 handoff 前完成
|
|
73
|
-
|
|
74
|
-
## 场景 D:平台刚加了很多能力,先做体检
|
|
75
|
-
|
|
76
|
-
你可以直接输入:
|
|
77
|
-
|
|
78
|
-
```text
|
|
79
|
-
/harness-audit
|
|
80
|
-
请审视当前平台的命令覆盖、skills 完整度、hooks 有效性、文档同步和集成深度。
|
|
81
|
-
输出高优先级缺口、建议修补顺序,以及哪些 README / runbook / example 需要补齐。
|
|
82
|
-
```
|
|
83
|
-
|
|
84
|
-
你期望拿到:
|
|
85
|
-
|
|
86
|
-
- 哪些入口没有同步
|
|
87
|
-
- 哪些问题必须本轮修补
|
|
88
|
-
- 哪些问题可以放到下一轮
|
|
89
|
-
|
|
90
|
-
## 最短建议
|
|
91
|
-
|
|
92
|
-
- 第一步永远先把目标、范围、不做和约束说清楚
|
|
93
|
-
- 第二步看结论决定是短链路还是完整主链
|
|
94
|
-
- 如果已经拆完计划但还没开始实现,优先考虑 `/tdd`
|
|
95
|
-
- 如果刚扩了命令、skills 或 hooks,优先考虑 `/harness-audit`
|
|
96
|
-
- 如果想直接复制模板,看 [team-commands-quick-prompts.md](team-commands-quick-prompts.md)
|
|
@@ -1,245 +0,0 @@
|
|
|
1
|
-
---
|
|
2
|
-
version: "0.1.0"
|
|
3
|
-
status: draft
|
|
4
|
-
created: 2026-03-28
|
|
5
|
-
updated: 2026-03-28
|
|
6
|
-
owner: 工程团队
|
|
7
|
-
---
|
|
8
|
-
|
|
9
|
-
# 首次完整主链演练
|
|
10
|
-
|
|
11
|
-
本文是一份可以直接照着走的首次完整主链 walkthrough,适合新项目接入后做第一次实战演练。目标不是覆盖所有分支场景,而是让团队跑通一次从 `/team-intake` 到 `/team-review` 的完整链路,并理解每一步应该产出什么。
|
|
12
|
-
|
|
13
|
-
本文只覆盖 `/team-*` 主链和 `/handoff` 命令,不展开 specialist 的使用。specialist 的定位和使用边界见 [team-skills-usage.md](team-skills-usage.md)。
|
|
14
|
-
|
|
15
|
-
如果当前项目是 brownfield 且结构边界不清晰,建议在正式进入 `/team-plan` 前先做一次 Graphify 预检查与结构扫描(见 [graphify-knowledge-graph-usage.md](graphify-knowledge-graph-usage.md))。
|
|
16
|
-
|
|
17
|
-
## 1. 演练目标
|
|
18
|
-
|
|
19
|
-
本次演练使用一个中等复杂度、边界清晰的任务:
|
|
20
|
-
|
|
21
|
-
- 任务:为订单运营控制台新增审批记录查询页与配套查询接口
|
|
22
|
-
- 前端范围:列表页、筛选表单、空态和错误态
|
|
23
|
-
- 后端范围:查询接口、权限校验、分页与筛选参数
|
|
24
|
-
- 不包含:审批流定义改造、历史数据回填、发布脚本重构
|
|
25
|
-
|
|
26
|
-
这个任务适合第一次演练,因为它同时覆盖:
|
|
27
|
-
|
|
28
|
-
- 前后端协作
|
|
29
|
-
- handoff 交接
|
|
30
|
-
- review 收口
|
|
31
|
-
- 是否启用 custom overlay 的判断
|
|
32
|
-
|
|
33
|
-
## 2. 演练前准备
|
|
34
|
-
|
|
35
|
-
在开始前确认三件事:
|
|
36
|
-
|
|
37
|
-
1. 已完成安装,可参考 [claude-quick-start.md](claude-quick-start.md) 或 [codex-quick-start.md](codex-quick-start.md)
|
|
38
|
-
2. 项目级约束已经存在,可参考 [project-onboarding.md](project-onboarding.md)
|
|
39
|
-
3. 团队知道 `/team-*` 输出要遵守 [team-command-output-contracts.md](team-command-output-contracts.md)
|
|
40
|
-
|
|
41
|
-
可选第 4 项(brownfield 推荐):
|
|
42
|
-
|
|
43
|
-
4. 已执行 `npm run graphify:doctor`,并确认是否需要在 plan 阶段引入图谱证据
|
|
44
|
-
|
|
45
|
-
术语说明:
|
|
46
|
-
|
|
47
|
-
- `/handoff` 命令`:用于生成或汇总结构化交接结果
|
|
48
|
-
- `handoff 交接文档`:指 `/handoff` 命令产出的结构化交接内容
|
|
49
|
-
- `custom overlay 候选项`:在 intake 阶段被识别,但尚未正式启用的公司领域能力
|
|
50
|
-
|
|
51
|
-
## 3. 第一步:/team-intake
|
|
52
|
-
|
|
53
|
-
### 3.1 输入示例
|
|
54
|
-
|
|
55
|
-
```text
|
|
56
|
-
/team-intake
|
|
57
|
-
目标:为订单运营控制台新增审批记录查询页与配套接口
|
|
58
|
-
范围:前端列表页、筛选表单、后端查询接口、测试计划
|
|
59
|
-
不做:审批流程定义改造、历史数据回填、发布脚本重构
|
|
60
|
-
约束:前端必须附带 ui-review-checklist;后端必须说明接口兼容性;需要判断是否启用 私有流程或权限集成
|
|
61
|
-
输出:参与角色、主要风险、是否建议启用 custom overlay、下一步建议
|
|
62
|
-
```
|
|
63
|
-
|
|
64
|
-
### 3.2 期望输出重点
|
|
65
|
-
|
|
66
|
-
`/team-intake` 不应该直接开始实现,而应该先锁定:
|
|
67
|
-
|
|
68
|
-
- 参与角色:至少包含 `tech-lead`、`architect`、`frontend-engineer`、`backend-engineer`、`qa-engineer`
|
|
69
|
-
- 企业治理待确认项:是否企业内部应用、数据或合规风险、是否命中集团组件约束
|
|
70
|
-
- 领域技能包启用建议:私有流程、权限集成 是候选还是未启用
|
|
71
|
-
- 主要风险:前后端筛选参数一致性、权限口径、空态和错误态是否一致
|
|
72
|
-
- 下一步命令:进入 `/team-plan`
|
|
73
|
-
|
|
74
|
-
这一阶段只需要识别 `custom overlay 候选项`,不要在 intake 阶段仓促下最终启用决定。
|
|
75
|
-
|
|
76
|
-
一个简化判断可以这样写:
|
|
77
|
-
|
|
78
|
-
```text
|
|
79
|
-
overlay 候选项:
|
|
80
|
-
- 私有流程引擎:候选,原因是任务涉及审批记录
|
|
81
|
-
- 私有权限中心:候选,原因是接口涉及权限过滤
|
|
82
|
-
下一步:由 tech-lead 和 architect 在 /team-plan 中确认是否正式启用
|
|
83
|
-
```
|
|
84
|
-
|
|
85
|
-
### 3.3 合格结果长什么样
|
|
86
|
-
|
|
87
|
-
合格的 intake 至少要回答这三个问题:
|
|
88
|
-
|
|
89
|
-
1. 这次任务到底做什么,不做什么
|
|
90
|
-
2. 谁会参与,谁负责收口
|
|
91
|
-
3. 有哪些领域扩展需要在 plan 阶段继续确认
|
|
92
|
-
|
|
93
|
-
如果 intake 结果直接开始拆接口字段或写代码,说明这一步跑偏了。
|
|
94
|
-
|
|
95
|
-
## 4. 第二步:/team-plan
|
|
96
|
-
|
|
97
|
-
### 4.1 输入示例
|
|
98
|
-
|
|
99
|
-
```text
|
|
100
|
-
/team-plan
|
|
101
|
-
基于当前 intake 结果,拆解 architect、frontend-engineer、backend-engineer、qa-engineer 的任务。
|
|
102
|
-
要求给出依赖关系、技能装配清单、每次 handoff 的最小交付物,并明确 custom overlay 是否启用。
|
|
103
|
-
```
|
|
104
|
-
|
|
105
|
-
### 4.2 期望输出重点
|
|
106
|
-
|
|
107
|
-
`/team-plan` 的结果至少应包含:
|
|
108
|
-
|
|
109
|
-
- 任务拆解:前端页面、后端接口、测试计划、评审与放行
|
|
110
|
-
- 依赖关系:接口契约先于页面联调,筛选字段定义先于 QA 编写用例
|
|
111
|
-
- 技能装配清单:`shared`、`ecc`、`company` 三层是否启用
|
|
112
|
-
- handoff 交付物:架构说明、实现结果、自测证据、QA 关注点
|
|
113
|
-
- 是否启用 custom overlay:如果只是审批记录查询,一般应结论为 `enterprise: 未启用` 或 `候选已识别但本次不启用`
|
|
114
|
-
|
|
115
|
-
本步骤标准输出建议对照 [team-command-output-contracts.md](team-command-output-contracts.md) 中 `/team-plan` 的 `技能装配清单`。
|
|
116
|
-
|
|
117
|
-
### 4.3 一个合理的拆解示意
|
|
118
|
-
|
|
119
|
-
```text
|
|
120
|
-
- architect:确认查询接口契约、分页参数、权限边界
|
|
121
|
-
- frontend-engineer:实现列表页、筛选表单、空态/错误态并完成 ui-review-checklist
|
|
122
|
-
- backend-engineer:实现查询接口、权限校验、分页与筛选参数映射,补单测和集成测试
|
|
123
|
-
- qa-engineer:准备功能、权限、边界和回归测试用例
|
|
124
|
-
```
|
|
125
|
-
|
|
126
|
-
如果 plan 没有明确 handoff 交付物,后面几步通常会开始丢信息。
|
|
127
|
-
|
|
128
|
-
## 5. 第三步:/team-execute
|
|
129
|
-
|
|
130
|
-
### 5.1 输入示例
|
|
131
|
-
|
|
132
|
-
```text
|
|
133
|
-
/team-execute
|
|
134
|
-
按当前 plan 执行 frontend-engineer 与 backend-engineer 的实现和自测。
|
|
135
|
-
输出每个角色的代码变更摘要、自测结果、待确认事项,以及需要进入 handoff 的信息。
|
|
136
|
-
```
|
|
137
|
-
|
|
138
|
-
### 5.2 期望输出重点
|
|
139
|
-
|
|
140
|
-
这里的目标不是一口气给出最终放行结论,而是沉淀可交接的执行结果:
|
|
141
|
-
|
|
142
|
-
- frontend-engineer:页面和交互实现完成,附带响应式、自测截图或 checklist 结论
|
|
143
|
-
- backend-engineer:接口、权限和测试完成,附带兼容性说明和测试结果
|
|
144
|
-
- 领域扩展执行记录:若实际启用了 custom overlay,必须按 [team-command-output-contracts.md](team-command-output-contracts.md) 回落记录
|
|
145
|
-
- 待确认事项:例如筛选项默认值、空态文案、权限口径边界
|
|
146
|
-
|
|
147
|
-
本步骤标准输出建议对照 [team-command-output-contracts.md](team-command-output-contracts.md) 中 `/team-execute` 的 `领域扩展执行记录`。
|
|
148
|
-
|
|
149
|
-
### 5.3 常见错误
|
|
150
|
-
|
|
151
|
-
- 把 execute 写成一句“已完成开发”
|
|
152
|
-
- 只给代码 diff,不给自测证据
|
|
153
|
-
- 已经使用了 custom overlay,却没有记录 `能力名`、`输入来源`、`执行结果`
|
|
154
|
-
|
|
155
|
-
## 6. 第四步:/handoff
|
|
156
|
-
|
|
157
|
-
### 6.1 输入示例
|
|
158
|
-
|
|
159
|
-
```text
|
|
160
|
-
/handoff
|
|
161
|
-
把 frontend-engineer 和 backend-engineer 的执行结果汇总成交接文档。
|
|
162
|
-
必须包含代码变更摘要、自测范围、剩余风险、QA 关注点,以及需要继续确认的事项。
|
|
163
|
-
```
|
|
164
|
-
|
|
165
|
-
### 6.2 期望输出重点
|
|
166
|
-
|
|
167
|
-
handoff 的作用是把 execute 结果从“各自完成了什么”整理成“下一角色能直接接住什么”。建议至少包含:
|
|
168
|
-
|
|
169
|
-
- 代码变更摘要
|
|
170
|
-
- 自测范围与证据
|
|
171
|
-
- 剩余风险
|
|
172
|
-
- QA 关注点
|
|
173
|
-
- 若命中 custom overlay,则附带技能装配清单或领域扩展执行记录
|
|
174
|
-
|
|
175
|
-
这里说的 `handoff 交接文档`,指的是 `/handoff` 命令整理出的结构化结果。它通常承载在本次对话输出、任务记录或评审上下文中,不要求额外创建独立文件,但必须保留结构化字段。
|
|
176
|
-
|
|
177
|
-
### 6.3 一个简化的 handoff 示例
|
|
178
|
-
|
|
179
|
-
```text
|
|
180
|
-
代码变更摘要:
|
|
181
|
-
- 前端新增审批记录查询页,支持订单号、审批状态、创建时间筛选
|
|
182
|
-
- 后端新增审批记录查询接口,支持分页、状态过滤和权限校验
|
|
183
|
-
|
|
184
|
-
自测范围:
|
|
185
|
-
- 前端已验证桌面端、iPad 和移动端布局
|
|
186
|
-
- 后端已完成单测和集成测试
|
|
187
|
-
|
|
188
|
-
剩余风险:
|
|
189
|
-
- 审批状态枚举与历史数据兼容性待 QA 联调确认
|
|
190
|
-
|
|
191
|
-
QA 关注点:
|
|
192
|
-
- 无结果空态
|
|
193
|
-
- 无权限访问
|
|
194
|
-
- 极端分页参数
|
|
195
|
-
```
|
|
196
|
-
|
|
197
|
-
## 7. 第五步:/team-review
|
|
198
|
-
|
|
199
|
-
### 7.1 输入示例
|
|
200
|
-
|
|
201
|
-
```text
|
|
202
|
-
/team-review
|
|
203
|
-
基于当前 handoff 结果,输出测试结论、阻塞项、是否建议放行,以及残余风险。
|
|
204
|
-
```
|
|
205
|
-
|
|
206
|
-
### 7.2 期望输出重点
|
|
207
|
-
|
|
208
|
-
`/team-review` 至少应收口这些内容:
|
|
209
|
-
|
|
210
|
-
- 测试范围:功能、权限、边界、回归
|
|
211
|
-
- 结果:通过、有条件通过或不通过
|
|
212
|
-
- 阻塞项:是否存在必须返工的问题
|
|
213
|
-
- 放行建议:是否可以进入 `/team-release`
|
|
214
|
-
- 若启用了领域扩展:附带领域扩展约束核对结果
|
|
215
|
-
|
|
216
|
-
本步骤标准输出建议对照 [team-command-output-contracts.md](team-command-output-contracts.md) 中 `/team-review` 的 `领域扩展约束核对结果`。
|
|
217
|
-
|
|
218
|
-
### 7.3 合格结束态
|
|
219
|
-
|
|
220
|
-
一次成功的首次演练,结束时应该能回答:
|
|
221
|
-
|
|
222
|
-
1. 团队是否真的跑通了主链
|
|
223
|
-
2. handoff 是否足够支撑 QA 接手
|
|
224
|
-
3. custom overlay 是否被正确判断并回落记录
|
|
225
|
-
4. 哪一步最容易丢失结构化输出
|
|
226
|
-
|
|
227
|
-
## 8. 演练完成后的复盘
|
|
228
|
-
|
|
229
|
-
第一次完整演练结束后,建议团队马上补一个短复盘:
|
|
230
|
-
|
|
231
|
-
- 哪一步最顺
|
|
232
|
-
- 哪一步最容易跑偏
|
|
233
|
-
- 哪些字段最容易漏
|
|
234
|
-
- 哪些内容应该写进项目级 `CLAUDE.md`
|
|
235
|
-
|
|
236
|
-
如果复盘发现每次都漏同一类内容,比如前端证据、数据库回滚说明或 custom overlay 判断,可以把这类要求提升到项目级工作约定中。
|
|
237
|
-
|
|
238
|
-
## 9. 下一步怎么做
|
|
239
|
-
|
|
240
|
-
完成这份 walkthrough 后,通常有两种自然延伸:
|
|
241
|
-
|
|
242
|
-
1. 把当前项目的真实任务替换进本文里的示例输入
|
|
243
|
-
2. 再补一个专项 walkthrough,例如前端缺陷修复或后端接口改造
|
|
244
|
-
|
|
245
|
-
如果你还没有项目级工作约定,回到 [project-onboarding.md](project-onboarding.md) 和 [../../examples/project-CLAUDE.md](../../examples/project-CLAUDE.md) 继续完善项目入口。
|
|
@@ -1,46 +0,0 @@
|
|
|
1
|
-
---
|
|
2
|
-
version: "0.1.0"
|
|
3
|
-
status: draft
|
|
4
|
-
created: 2026-03-28
|
|
5
|
-
updated: 2026-03-28
|
|
6
|
-
owner: 工程团队
|
|
7
|
-
---
|
|
8
|
-
|
|
9
|
-
# 前后端联调与验收清单
|
|
10
|
-
|
|
11
|
-
本文面向前端、后端和 QA,提供一份进入 QA 前后的联调验收清单,重点解决字段理解差异、错误码不一致和真实接口切换后的回归遗漏。
|
|
12
|
-
|
|
13
|
-
## 1. 联调前检查
|
|
14
|
-
|
|
15
|
-
- 接口契约已可读且版本明确
|
|
16
|
-
- Mock 覆盖范围和缺口已说明
|
|
17
|
-
- 权限、分页、空态和错误态规则已对齐
|
|
18
|
-
- 调试环境与日志入口可用
|
|
19
|
-
|
|
20
|
-
## 2. 联调中检查
|
|
21
|
-
|
|
22
|
-
- 字段名、空值语义、枚举值是否一致
|
|
23
|
-
- 错误码与错误提示是否匹配
|
|
24
|
-
- 慢请求、超时、重试与重复点击行为是否一致
|
|
25
|
-
- 前端展示逻辑与后端权限逻辑是否一致
|
|
26
|
-
|
|
27
|
-
## 3. 三色记录法
|
|
28
|
-
|
|
29
|
-
- 绿:完全匹配,可进入回归
|
|
30
|
-
- 黄:存在已知差异,但本次可接受
|
|
31
|
-
- 红:存在阻塞,必须回到 execute 或 plan
|
|
32
|
-
|
|
33
|
-
## 4. 进入 QA 前应产出什么
|
|
34
|
-
|
|
35
|
-
- 联调结果摘要
|
|
36
|
-
- 已知差异列表
|
|
37
|
-
- 重点回归路径
|
|
38
|
-
- 需要更新的契约或文档
|
|
39
|
-
|
|
40
|
-
## 5. 常见错误
|
|
41
|
-
|
|
42
|
-
- 联调只测 happy path
|
|
43
|
-
- 差异停留在聊天记录里,没有进入 handoff
|
|
44
|
-
- QA 接手时不知道哪些差异是已知的
|
|
45
|
-
|
|
46
|
-
与这些文档配合阅读:[frontend-backend-parallel-integration-walkthrough.md](frontend-backend-parallel-integration-walkthrough.md)、[team-review-example.md](team-review-example.md)
|
|
@@ -1,48 +0,0 @@
|
|
|
1
|
-
---
|
|
2
|
-
version: "0.1.0"
|
|
3
|
-
status: draft
|
|
4
|
-
created: 2026-03-28
|
|
5
|
-
updated: 2026-03-28
|
|
6
|
-
owner: 工程团队
|
|
7
|
-
---
|
|
8
|
-
|
|
9
|
-
# 前后端并行开发与联调演练
|
|
10
|
-
|
|
11
|
-
本文演示前后端在同一需求上并行推进时,如何通过契约、Mock、同步点和 handoff 避免互相阻塞。
|
|
12
|
-
|
|
13
|
-
## 1. 场景
|
|
14
|
-
|
|
15
|
-
- 任务:订单详情页新增审批轨迹区域
|
|
16
|
-
- 前端和后端需同时开工
|
|
17
|
-
- 接口契约已初步确定,但实现节奏不同
|
|
18
|
-
|
|
19
|
-
## 2. 推荐链路
|
|
20
|
-
|
|
21
|
-
1. `/team-intake`
|
|
22
|
-
2. `/team-plan`
|
|
23
|
-
3. `/team-execute`
|
|
24
|
-
4. `/handoff`
|
|
25
|
-
5. `/verify`
|
|
26
|
-
6. `/team-review`
|
|
27
|
-
|
|
28
|
-
## 3. 并行阶段的关键动作
|
|
29
|
-
|
|
30
|
-
- 先锁定接口契约和字段语义
|
|
31
|
-
- 前端基于 Mock 或固定响应先开发
|
|
32
|
-
- 后端明确真实接口的交付时间点
|
|
33
|
-
- 中途变更字段时,必须立即回收到 handoff
|
|
34
|
-
|
|
35
|
-
## 4. 联调阶段的关键输出
|
|
36
|
-
|
|
37
|
-
- 前后端字段映射结果
|
|
38
|
-
- 异常路径与空态验证结果
|
|
39
|
-
- 已知差异与剩余阻塞项
|
|
40
|
-
- QA 应重点回归的链路
|
|
41
|
-
|
|
42
|
-
## 5. 常见错误
|
|
43
|
-
|
|
44
|
-
- 接口契约还没稳定就并行开工
|
|
45
|
-
- 字段含义变化后只在口头同步
|
|
46
|
-
- 联调完成后没有回写 handoff
|
|
47
|
-
|
|
48
|
-
与这些文档配合阅读:[api-design-evolution-walkthrough.md](api-design-evolution-walkthrough.md)、[api-mocking-strategy-and-lifecycle-guide.md](api-mocking-strategy-and-lifecycle-guide.md)、[frontend-backend-integration-acceptance-checklist.md](frontend-backend-integration-acceptance-checklist.md)、[handoff-filling-guide-with-examples.md](handoff-filling-guide-with-examples.md)
|