@colin4k1024/tsp 2.4.7 → 2.4.9

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (37) hide show
  1. package/README.md +4 -4
  2. package/hooks/hooks.json +11 -0
  3. package/manifests/install-modules.json +5 -2
  4. package/package.json +1 -2
  5. package/schemas/install-modules.schema.json +52 -0
  6. package/scripts/codegraph-preflight.js +68 -75
  7. package/scripts/hooks/codegraph-auto-init.js +324 -0
  8. package/scripts/install-apply.js +2 -1
  9. package/scripts/install-codegraph.js +235 -25
  10. package/scripts/install-plan.js +4 -1
  11. package/scripts/lib/install/apply.js +5 -0
  12. package/scripts/lib/install-executor.js +6 -0
  13. package/skills/codegraph/SKILL.md +6 -5
  14. package/skills/goframe-v2/examples/practices/quick-demo/manifest/config/config.yaml +14 -14
  15. package/skills/repo-scan/SKILL.md +63 -63
  16. package/scripts/__pycache__/__init__.cpython-311.pyc +0 -0
  17. package/scripts/__pycache__/build_platform_artifacts.cpython-311.pyc +0 -0
  18. package/scripts/__pycache__/install_platform.cpython-311.pyc +0 -0
  19. package/scripts/__pycache__/langfuse_trace.cpython-311.pyc +0 -0
  20. package/scripts/__pycache__/query_audit_logs.cpython-311.pyc +0 -0
  21. package/scripts/__pycache__/scan_leaked_keys.cpython-311.pyc +0 -0
  22. package/scripts/__pycache__/team_skills_platform.cpython-311.pyc +0 -0
  23. package/scripts/__pycache__/team_skills_platform.cpython-313.pyc +0 -0
  24. package/scripts/__pycache__/validate_library.cpython-311.pyc +0 -0
  25. package/scripts/__pycache__/validate_workflow_state.cpython-311.pyc +0 -0
  26. package/scripts/evolution/__pycache__/__init__.cpython-311.pyc +0 -0
  27. package/scripts/evolution/__pycache__/store.cpython-311.pyc +0 -0
  28. package/scripts/hooks/__pycache__/__init__.cpython-311.pyc +0 -0
  29. package/scripts/hooks/__pycache__/mcp_health_check.cpython-311.pyc +0 -0
  30. package/scripts/hooks/__pycache__/observe.cpython-311.pyc +0 -0
  31. package/scripts/hooks/__pycache__/session_end.cpython-311.pyc +0 -0
  32. package/scripts/hooks/__pycache__/session_start.cpython-311.pyc +0 -0
  33. package/scripts/lib/__pycache__/audit_logger.cpython-311.pyc +0 -0
  34. package/scripts/lib/__pycache__/audit_query.cpython-311.pyc +0 -0
  35. package/scripts/lib/__pycache__/hook_contract.cpython-311.pyc +0 -0
  36. package/scripts/lib/__pycache__/memory_store.cpython-311.pyc +0 -0
  37. package/scripts/lib/__pycache__/utils.cpython-311.pyc +0 -0
package/README.md CHANGED
@@ -65,7 +65,7 @@ TSP 整合了多个社区开源框架的精华能力,而非从零构建:
65
65
  |------|------|--------------|
66
66
  | **ECC** (Everything Claude Code) | 社区 | 125+ specialist skills、27 specialist agents、language rules packs、runtime hooks、安装工具链 |
67
67
  | **BMAD** | 方法来源(已吸收) | 单入口主链(`/team-help`)、Requirement Challenge、Design Review、Implementation Readiness、Story Slice、`artifact:persist` 落盘、Release→Closeout 收口 |
68
- | **CodeGraph** | 社区(`colbymchenry/codegraph`) | 默认内置 MCP-backed 代码图谱能力(符号搜索、调用链、impact、focused context),以 npm 依赖 + target-scoped installer wrapper + 本地 skill 接入 |
68
+ | **CodeGraph** | 社区(`colbymchenry/codegraph`) | 默认内置 MCP-backed 代码图谱能力(符号搜索、调用链、impact、focused context),以官方 standalone installer + target-scoped wrapper + Claude 自动初始化 hook 接入 |
69
69
  | **Graphify** | 社区(`safishamsi/graphify`) | 可选知识图谱能力(brownfield 结构扫描、依赖路径分析、架构问答证据),以 runbook + 本地 skill 接入,不替换 workflow-engine |
70
70
  | **GitNexus** | 社区(`abhigyanpatwari/GitNexus`) | 受控可选代码智能能力(MCP 查询、impact、detect_changes、多仓图谱证据),以 runbook + thin skill 接入,不内置依赖 |
71
71
  | **Open Design** | 社区(`nexu-io/open-design`) | 受控可选设计工作台能力(本地优先原型、deck、dashboard、mobile flow、`DESIGN.md`、导出 artifact),以 runbook + thin skill 接入,不内置 daemon |
@@ -80,7 +80,7 @@ TSP 整合了多个社区开源框架的精华能力,而非从零构建:
80
80
 
81
81
  TSP 当前支持把第三方设计能力作为外部扩展接入使用。设计工具负责高保真 artifact,TSP 负责团队协作、角色分工、handoff、quality gate 与发布收口。
82
82
 
83
- [Open Design](https://github.com/nexu-io/open-design) 是当前已纳入安装面导航的受控可选设计工作台:它提供本地优先 web/daemon、coding-agent CLI 调度、31 个设计 skills、设计系统库、sandbox preview 与 HTML/PDF/PPTX/ZIP/MP4 等导出链路。TSP 侧落点是 [skills/open-design/SKILL.md](skills/open-design/SKILL.md) 与 [docs/runbooks/open-design-integration.md](docs/runbooks/open-design-integration.md),并通过 `design-prototyping` module 进入 `team` / `full` profile。其中 `full` profile 会自动执行 [scripts/install-open-design.js](scripts/install-open-design.js),把 Open Design clone/update 到 `~/.tsp/open-design`,并在 `corepack` / `pnpm` 可用时安装依赖。TSP 不 vendoring Open Design 源码、daemon、skills、design-systems 或 SQLite 数据。
83
+ [Open Design](https://github.com/nexu-io/open-design) 是当前已纳入安装面导航的受控可选设计工作台:它提供本地优先 web/daemon、coding-agent CLI 调度、31 个设计 skills、设计系统库、sandbox preview 与 HTML/PDF/PPTX/ZIP/MP4 等导出链路。TSP 侧落点是 [skills/open-design/SKILL.md](skills/open-design/SKILL.md) 与 [docs/runbooks/open-design-integration.md](docs/runbooks/open-design-integration.md),并通过 `design-prototyping` module 进入 `team` / `full` profile。其中 `full` profile 会自动执行 [scripts/install-open-design.js](scripts/install-open-design.js),把 Open Design clone/update 到 `~/.tsp/open-design`,并在 `corepack` / `pnpm` 可用时安装依赖;如果 GitHub 网络不可达,该步骤只警告并继续完成 TSP 核心安装。TSP 不 vendoring Open Design 源码、daemon、skills、design-systems 或 SQLite 数据。
84
84
 
85
85
  [huashu-design](https://github.com/alchaincyf/huashu-design) 仍作为文档级协同能力保留:它偏向高保真设计产出,覆盖 HTML 原生交互原型、浏览器演讲幻灯片、时间轴动画、信息图与 5 维度设计评审。
86
86
 
@@ -209,7 +209,7 @@ TSP 的公开能力是在多个社区项目、技能仓库和工程方法论的
209
209
  | 仓库 | 在 TSP 中的关系 | 说明 |
210
210
  |------|------|------|
211
211
  | [affaan-m/everything-claude-code](https://github.com/affaan-m/everything-claude-code) | 上游能力来源 | ECC harness layer、specialist agents、skills、runtime hooks 与安装工具链的重要参考来源 |
212
- | [colbymchenry/codegraph](https://github.com/colbymchenry/codegraph) | 默认内置接入 | 为 brownfield 符号搜索、调用链、impact 和 focused context 提供本地 MCP-backed 代码图谱能力;TSP 通过 target-scoped wrapper 调用上游 installer |
212
+ | [colbymchenry/codegraph](https://github.com/colbymchenry/codegraph) | 默认内置接入 | 为 brownfield 符号搜索、调用链、impact 和 focused context 提供本地 MCP-backed 代码图谱能力;TSP 通过 target-scoped wrapper 调用上游 standalone installer |
213
213
  | [safishamsi/graphify](https://github.com/safishamsi/graphify) | 已吸收并本地化 | 为 brownfield 结构扫描、依赖路径分析与架构问答补充知识图谱能力 |
214
214
  | [abhigyanpatwari/GitNexus](https://github.com/abhigyanpatwari/GitNexus) | 受控可选接入 | 为 brownfield MCP 查询、impact、detect_changes 和多仓代码图谱证据提供外部能力;因许可证与 Node 20 要求,不内置依赖 |
215
215
  | [nexu-io/open-design](https://github.com/nexu-io/open-design) | 受控可选接入 | 为本地优先原型、deck、dashboard、mobile flow、`DESIGN.md` 与可导出视觉 artifact 提供外部设计工作台;不内置 daemon 或上游源码 |
@@ -279,7 +279,7 @@ TSP 的公开能力是在多个社区项目、技能仓库和工程方法论的
279
279
  - 定位:CodeGraph 作为默认内置 MCP-backed 代码图谱能力,Graphify 作为轻量结构证据层,GitNexus 作为受控可选深代码智能层;三者都不替代 workflow-engine 或 `/team-*` 主链。
280
280
  - 入口:CodeGraph 先执行 `npm run codegraph:doctor`,Graphify 先执行 `npm run graphify:doctor`,GitNexus 先执行 `npm run gitnexus:doctor`;详细操作见 [codegraph-code-intelligence-usage.md](docs/runbooks/codegraph-code-intelligence-usage.md)、[graphify-knowledge-graph-usage.md](docs/runbooks/graphify-knowledge-graph-usage.md) 与 [gitnexus-code-intelligence-usage.md](docs/runbooks/gitnexus-code-intelligence-usage.md)。
281
281
  - 分发:通过安装模块 `knowledge-graph` 与组件 `capability:knowledge-graph` 提供;默认纳入 `developer`、`team`、`research` 与 `full` profile,`core` 保持轻量。
282
- - 治理边界:TSP 只通过 `scripts/install-codegraph.js` 以当前 target 调用 CodeGraph installer,不使用 `--target=auto`,也不在安装时运行 `codegraph init -i`;Graphify/GitNexus 的自动 setup 类命令仍不在本仓库执行。
282
+ - 治理边界:TSP 通过 `scripts/install-codegraph.js` 使用 CodeGraph 官方 standalone installer,不使用 `--target=auto`;Claude `SessionStart` 可在新项目静默执行 `codegraph init -i`,Codex/OpenCode 仅写入说明和诊断边界;Graphify/GitNexus 的自动 setup 类命令仍不在本仓库执行。
283
283
 
284
284
  ## 近期新增功能(v2.0.0 → v2.3.0)
285
285
 
package/hooks/hooks.json CHANGED
@@ -232,6 +232,17 @@
232
232
  ],
233
233
  "description": "Load previous context and detect package manager on new session",
234
234
  "id": "session:start"
235
+ },
236
+ {
237
+ "matcher": "*",
238
+ "hooks": [
239
+ {
240
+ "type": "command",
241
+ "command": "node \"${CLAUDE_PLUGIN_ROOT}/scripts/hooks/run-with-flags.js\" \"session:codegraph:auto-init\" \"scripts/hooks/codegraph-auto-init.js\" \"minimal,standard,strict\""
242
+ }
243
+ ],
244
+ "description": "Silently initialize CodeGraph for new Claude projects when the index is missing",
245
+ "id": "session:codegraph:auto-init"
235
246
  }
236
247
  ],
237
248
  "PostToolUse": [
@@ -305,11 +305,12 @@
305
305
  "docs/runbooks/graphify-knowledge-graph-usage.md",
306
306
  "docs/runbooks/gitnexus-code-intelligence-usage.md",
307
307
  "scripts/codegraph-preflight.js",
308
- "scripts/install-codegraph.js"
308
+ "scripts/install-codegraph.js",
309
+ "scripts/hooks/codegraph-auto-init.js"
309
310
  ],
310
311
  "externalInstall": {
311
312
  "id": "codegraph",
312
- "description": "Run the upstream CodeGraph installer through a TSP target-scoped wrapper; never uses --target=auto and never initializes project indexes.",
313
+ "description": "Install the upstream CodeGraph standalone CLI when needed, then run the target-scoped CodeGraph installer; never uses --target=auto.",
313
314
  "command": "node",
314
315
  "script": "scripts/install-codegraph.js",
315
316
  "args": []
@@ -344,6 +345,8 @@
344
345
  "profiles": [
345
346
  "full"
346
347
  ],
348
+ "failureMode": "warn",
349
+ "failureHint": "Open Design is an optional sidecar. TSP core files are still installed; rerun full install when GitHub access is available to refresh ~/.tsp/open-design.",
347
350
  "command": "node",
348
351
  "script": "scripts/install-open-design.js",
349
352
  "args": []
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "@colin4k1024/tsp",
3
- "version": "2.4.7",
3
+ "version": "2.4.9",
4
4
  "description": "Open-source Team Skills Platform for role-based AI delivery workflows, shared skills, hooks, commands, and multi-platform installs.",
5
5
  "repository": {
6
6
  "type": "git",
@@ -103,7 +103,6 @@
103
103
  "LICENSE"
104
104
  ],
105
105
  "dependencies": {
106
- "@colbymchenry/codegraph": "0.7.10",
107
106
  "@iarna/toml": "^2.2.5",
108
107
  "@inquirer/prompts": "^7.5.0",
109
108
  "ajv": "^8.18.0",
@@ -85,6 +85,58 @@
85
85
  "beta",
86
86
  "stable"
87
87
  ]
88
+ },
89
+ "externalInstall": {
90
+ "type": "object",
91
+ "properties": {
92
+ "id": {
93
+ "type": "string",
94
+ "pattern": "^[a-z0-9-]+$"
95
+ },
96
+ "description": {
97
+ "type": "string",
98
+ "minLength": 1
99
+ },
100
+ "profiles": {
101
+ "type": "array",
102
+ "items": {
103
+ "type": "string",
104
+ "minLength": 1
105
+ }
106
+ },
107
+ "failureMode": {
108
+ "type": "string",
109
+ "enum": [
110
+ "error",
111
+ "warn"
112
+ ]
113
+ },
114
+ "failureHint": {
115
+ "type": "string"
116
+ },
117
+ "command": {
118
+ "type": "string",
119
+ "minLength": 1
120
+ },
121
+ "script": {
122
+ "type": "string",
123
+ "minLength": 1
124
+ },
125
+ "args": {
126
+ "type": "array",
127
+ "items": {
128
+ "type": "string"
129
+ }
130
+ }
131
+ },
132
+ "required": [
133
+ "id",
134
+ "description",
135
+ "command",
136
+ "script",
137
+ "args"
138
+ ],
139
+ "additionalProperties": false
88
140
  }
89
141
  },
90
142
  "required": [
@@ -1,62 +1,66 @@
1
1
  #!/usr/bin/env node
2
2
  'use strict'
3
3
 
4
- const fs = require('fs')
5
- const path = require('path')
6
4
  const { spawnSync } = require('child_process')
7
- const { buildInstallCommand, mapTarget } = require('./install-codegraph')
8
-
9
- const MIN_NODE_MAJOR = 18
10
- const MAX_NODE_MAJOR_EXCLUSIVE = 25
11
- const PACKAGE_NAME = '@colbymchenry/codegraph'
12
-
13
- function parseNodeVersion(text) {
14
- const match = String(text || '').trim().match(/^v?(\d+)\.(\d+)\.(\d+)/)
15
- if (!match) {
16
- return null
5
+ const {
6
+ buildStandaloneInstallerInfo,
7
+ findOnPath,
8
+ mapTarget,
9
+ resolveCodeGraphBin,
10
+ } = require('./install-codegraph')
11
+
12
+ function detectPlatform(platform = process.platform) {
13
+ if (platform === 'darwin' || platform === 'linux' || platform === 'win32') {
14
+ return {
15
+ ok: true,
16
+ output: platform,
17
+ }
17
18
  }
19
+
18
20
  return {
19
- major: Number(match[1]),
20
- minor: Number(match[2]),
21
- patch: Number(match[3]),
22
- raw: `${match[1]}.${match[2]}.${match[3]}`,
21
+ ok: false,
22
+ output: `unsupported platform: ${platform}`,
23
23
  }
24
24
  }
25
25
 
26
- function isNodeSupported(version) {
27
- return Boolean(
28
- version
29
- && version.major >= MIN_NODE_MAJOR
30
- && version.major < MAX_NODE_MAJOR_EXCLUSIVE
31
- )
32
- }
33
-
34
- function loadPackageMetadata() {
35
- if (process.env.CODEGRAPH_PREFLIGHT_PACKAGE_JSON) {
26
+ function detectDownloader(platform = process.platform) {
27
+ const installer = buildStandaloneInstallerInfo(platform)
28
+ if (!installer.supported) {
36
29
  return {
37
- ok: true,
38
- source: 'env',
39
- metadata: JSON.parse(process.env.CODEGRAPH_PREFLIGHT_PACKAGE_JSON),
30
+ ok: false,
31
+ output: installer.reason,
40
32
  }
41
33
  }
42
34
 
43
- try {
44
- const packageJsonPath = require.resolve(`${PACKAGE_NAME}/package.json`)
35
+ if (platform === 'win32') {
36
+ const command = findOnPath('powershell.exe') || findOnPath('powershell') || findOnPath('pwsh')
37
+ if (!command) {
38
+ return {
39
+ ok: false,
40
+ output: 'PowerShell not found; install PowerShell or provide CODEGRAPH_INSTALL_BIN',
41
+ }
42
+ }
45
43
  return {
46
44
  ok: true,
47
- source: packageJsonPath,
48
- metadata: JSON.parse(fs.readFileSync(packageJsonPath, 'utf8')),
45
+ output: command,
49
46
  }
50
- } catch (error) {
47
+ }
48
+
49
+ const curl = findOnPath('curl')
50
+ if (!curl) {
51
51
  return {
52
52
  ok: false,
53
- source: 'node-resolution',
54
- warning: error.message || String(error),
53
+ output: 'curl not found; install curl or provide CODEGRAPH_INSTALL_BIN',
55
54
  }
56
55
  }
56
+
57
+ return {
58
+ ok: true,
59
+ output: curl,
60
+ }
57
61
  }
58
62
 
59
- function detectCli(target) {
63
+ function detectCli() {
60
64
  if (process.env.CODEGRAPH_PREFLIGHT_SKIP_CLI === '1') {
61
65
  return {
62
66
  ok: true,
@@ -65,27 +69,16 @@ function detectCli(target) {
65
69
  }
66
70
  }
67
71
 
68
- let install
69
- try {
70
- install = buildInstallCommand(target || 'codex')
71
- } catch (error) {
72
+ const resolved = resolveCodeGraphBin()
73
+ if (!resolved) {
72
74
  return {
73
75
  ok: false,
74
76
  command: 'codegraph',
75
- output: error.message || String(error),
77
+ output: 'CodeGraph standalone binary not found',
76
78
  }
77
79
  }
78
80
 
79
- if (!install.supported) {
80
- return {
81
- ok: true,
82
- command: '(unsupported target skipped)',
83
- output: install.reason,
84
- }
85
- }
86
-
87
- const args = install.args.slice(0, install.args.length - 4).concat(['--help'])
88
- const result = spawnSync(install.command, args, {
81
+ const result = spawnSync(resolved.command, [...resolved.argsPrefix, '--help'], {
89
82
  encoding: 'utf8',
90
83
  timeout: 8000,
91
84
  })
@@ -93,15 +86,15 @@ function detectCli(target) {
93
86
  if (result.error || result.status !== 0) {
94
87
  return {
95
88
  ok: false,
96
- command: install.command,
89
+ command: resolved.command,
97
90
  output: result.error ? result.error.message : `${result.stdout || ''}${result.stderr || ''}`.trim(),
98
91
  }
99
92
  }
100
93
 
101
94
  return {
102
95
  ok: true,
103
- command: install.command,
104
- output: 'codegraph --help',
96
+ command: resolved.command,
97
+ output: `${resolved.displayCommand} (${resolved.source})`,
105
98
  }
106
99
  }
107
100
 
@@ -110,30 +103,24 @@ function main() {
110
103
  console.log('=========================')
111
104
 
112
105
  const target = process.env.TSP_INSTALL_TARGET || process.env.CODEGRAPH_PREFLIGHT_TARGET || ''
113
- const nodeVersion = parseNodeVersion(process.env.CODEGRAPH_PREFLIGHT_NODE_VERSION || process.version)
114
- const packageInfo = loadPackageMetadata()
115
- const cli = detectCli(target)
106
+ const platform = detectPlatform()
107
+ const downloader = detectDownloader()
108
+ const cli = detectCli()
116
109
  const mappedTarget = target ? mapTarget(target) : null
117
110
  let hasFailure = false
118
111
 
119
- if (!nodeVersion) {
120
- hasFailure = true
121
- console.log(`- Node: unable to detect version (requires >= ${MIN_NODE_MAJOR} and < ${MAX_NODE_MAJOR_EXCLUSIVE})`)
122
- } else if (!isNodeSupported(nodeVersion)) {
112
+ if (!platform.ok) {
123
113
  hasFailure = true
124
- console.log(`- Node: ${nodeVersion.raw} (requires >= ${MIN_NODE_MAJOR} and < ${MAX_NODE_MAJOR_EXCLUSIVE})`)
114
+ console.log(`- Platform: ${platform.output}`)
125
115
  } else {
126
- console.log(`- Node: ${nodeVersion.raw} (ok)`)
116
+ console.log(`- Platform: ${platform.output} (ok)`)
127
117
  }
128
118
 
129
- if (packageInfo.ok && packageInfo.metadata) {
130
- const engine = packageInfo.metadata.engines && packageInfo.metadata.engines.node
131
- ? packageInfo.metadata.engines.node
132
- : '(not declared)'
133
- console.log(`- CodeGraph package: ${packageInfo.metadata.version || '(unknown)'} (license ${packageInfo.metadata.license || '(unknown)'}, node ${engine})`)
134
- } else {
119
+ if (!downloader.ok) {
135
120
  hasFailure = true
136
- console.log(`- CodeGraph package: unavailable (${packageInfo.warning || 'not installed'})`)
121
+ console.log(`- Standalone installer dependency: ${downloader.output}`)
122
+ } else {
123
+ console.log(`- Standalone installer dependency: ${downloader.output} (ok)`)
137
124
  }
138
125
 
139
126
  if (!cli.ok) {
@@ -154,18 +141,23 @@ function main() {
154
141
  }
155
142
 
156
143
  console.log('\nControlled integration boundaries:')
144
+ console.log('- TSP installs CodeGraph through the official standalone curl/PowerShell installer when no binary is available.')
157
145
  console.log('- TSP calls CodeGraph installer with the current target only; it never uses --target=auto.')
158
- console.log('- TSP install does not run `codegraph init -i`; initialize indexes inside target projects only.')
146
+ console.log('- Claude SessionStart may initialize project indexes automatically; Codex/OpenCode rely on instructions and diagnostics.')
159
147
  console.log('- Do not commit `.codegraph/` databases as TSP artifacts.')
160
148
 
161
149
  if (hasFailure) {
150
+ const installer = buildStandaloneInstallerInfo()
162
151
  console.log('\nFix failed checks before applying the CodeGraph integration.')
152
+ if (installer.supported) {
153
+ console.log(`Recommended standalone install: ${installer.display}`)
154
+ }
155
+ console.log('Offline fallback: set CODEGRAPH_INSTALL_BIN=/path/to/codegraph')
163
156
  process.exit(1)
164
157
  }
165
158
 
166
159
  console.log('\nRecommended next commands:')
167
160
  console.log('- npm run codegraph:doctor')
168
- console.log('- codegraph init -i')
169
161
  console.log('- codegraph status')
170
162
  }
171
163
 
@@ -174,6 +166,7 @@ if (require.main === module) {
174
166
  }
175
167
 
176
168
  module.exports = {
177
- isNodeSupported,
178
- parseNodeVersion,
169
+ detectCli,
170
+ detectDownloader,
171
+ detectPlatform,
179
172
  }