@colin4k1024/tsp 2.4.7 → 2.4.9
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +4 -4
- package/hooks/hooks.json +11 -0
- package/manifests/install-modules.json +5 -2
- package/package.json +1 -2
- package/schemas/install-modules.schema.json +52 -0
- package/scripts/codegraph-preflight.js +68 -75
- package/scripts/hooks/codegraph-auto-init.js +324 -0
- package/scripts/install-apply.js +2 -1
- package/scripts/install-codegraph.js +235 -25
- package/scripts/install-plan.js +4 -1
- package/scripts/lib/install/apply.js +5 -0
- package/scripts/lib/install-executor.js +6 -0
- package/skills/codegraph/SKILL.md +6 -5
- package/skills/goframe-v2/examples/practices/quick-demo/manifest/config/config.yaml +14 -14
- package/skills/repo-scan/SKILL.md +63 -63
- package/scripts/__pycache__/__init__.cpython-311.pyc +0 -0
- package/scripts/__pycache__/build_platform_artifacts.cpython-311.pyc +0 -0
- package/scripts/__pycache__/install_platform.cpython-311.pyc +0 -0
- package/scripts/__pycache__/langfuse_trace.cpython-311.pyc +0 -0
- package/scripts/__pycache__/query_audit_logs.cpython-311.pyc +0 -0
- package/scripts/__pycache__/scan_leaked_keys.cpython-311.pyc +0 -0
- package/scripts/__pycache__/team_skills_platform.cpython-311.pyc +0 -0
- package/scripts/__pycache__/team_skills_platform.cpython-313.pyc +0 -0
- package/scripts/__pycache__/validate_library.cpython-311.pyc +0 -0
- package/scripts/__pycache__/validate_workflow_state.cpython-311.pyc +0 -0
- package/scripts/evolution/__pycache__/__init__.cpython-311.pyc +0 -0
- package/scripts/evolution/__pycache__/store.cpython-311.pyc +0 -0
- package/scripts/hooks/__pycache__/__init__.cpython-311.pyc +0 -0
- package/scripts/hooks/__pycache__/mcp_health_check.cpython-311.pyc +0 -0
- package/scripts/hooks/__pycache__/observe.cpython-311.pyc +0 -0
- package/scripts/hooks/__pycache__/session_end.cpython-311.pyc +0 -0
- package/scripts/hooks/__pycache__/session_start.cpython-311.pyc +0 -0
- package/scripts/lib/__pycache__/audit_logger.cpython-311.pyc +0 -0
- package/scripts/lib/__pycache__/audit_query.cpython-311.pyc +0 -0
- package/scripts/lib/__pycache__/hook_contract.cpython-311.pyc +0 -0
- package/scripts/lib/__pycache__/memory_store.cpython-311.pyc +0 -0
- package/scripts/lib/__pycache__/utils.cpython-311.pyc +0 -0
|
@@ -162,6 +162,10 @@ function resolveExternalInstalls(selectedModules, options = {}) {
|
|
|
162
162
|
const args = Array.isArray(externalInstall.args)
|
|
163
163
|
? externalInstall.args.map(value => String(value))
|
|
164
164
|
: [];
|
|
165
|
+
const failureMode = externalInstall.failureMode === 'warn' ? 'warn' : 'error';
|
|
166
|
+
const failureHint = typeof externalInstall.failureHint === 'string' && externalInstall.failureHint.trim()
|
|
167
|
+
? externalInstall.failureHint.trim()
|
|
168
|
+
: '';
|
|
165
169
|
|
|
166
170
|
if (!script) {
|
|
167
171
|
throw new Error(`Install module ${module.id} has externalInstall but no script`);
|
|
@@ -175,6 +179,8 @@ function resolveExternalInstalls(selectedModules, options = {}) {
|
|
|
175
179
|
script,
|
|
176
180
|
scriptPath: path.join(sourceRoot, script),
|
|
177
181
|
args,
|
|
182
|
+
failureMode,
|
|
183
|
+
failureHint,
|
|
178
184
|
cwd: sourceRoot,
|
|
179
185
|
target,
|
|
180
186
|
profileId,
|
|
@@ -3,7 +3,7 @@ name: codegraph
|
|
|
3
3
|
description: >
|
|
4
4
|
将 CodeGraph 作为默认内置 MCP-backed 代码图谱能力接入,用于 brownfield 符号搜索、
|
|
5
5
|
调用链、影响面和上下文查询。输出必须回落到 `/team-*` 主链和 artifacts。
|
|
6
|
-
origin: colbymchenry/codegraph (
|
|
6
|
+
origin: colbymchenry/codegraph (official standalone installer with target-scoped wrapper)
|
|
7
7
|
---
|
|
8
8
|
|
|
9
9
|
# CodeGraph
|
|
@@ -22,8 +22,8 @@ origin: colbymchenry/codegraph (default dependency with upstream installer wrapp
|
|
|
22
22
|
|
|
23
23
|
## 默认工作流
|
|
24
24
|
|
|
25
|
-
1. 先跑 `npm run codegraph:doctor`,确认
|
|
26
|
-
2.
|
|
25
|
+
1. 先跑 `npm run codegraph:doctor`,确认 standalone CodeGraph binary、官方 installer 依赖和当前 target wrapper 可用。
|
|
26
|
+
2. Claude 新项目会通过 `SessionStart` 自动初始化索引;非 Claude 或关闭自动初始化时,在消费方目标项目根目录手动初始化:
|
|
27
27
|
```bash
|
|
28
28
|
codegraph init -i
|
|
29
29
|
```
|
|
@@ -46,12 +46,13 @@ origin: colbymchenry/codegraph (default dependency with upstream installer wrapp
|
|
|
46
46
|
## 边界与禁用项
|
|
47
47
|
|
|
48
48
|
- TSP 安装时只运行 `scripts/install-codegraph.js` wrapper,不使用上游 `--target=auto`。
|
|
49
|
-
-
|
|
49
|
+
- Claude `SessionStart` 可在新项目缺少 `.codegraph/codegraph.db` 时静默执行 `codegraph init -i <projectRoot>`;用 `TSP_CODEGRAPH_AUTO_INIT=0` 可关闭。
|
|
50
|
+
- Codex / OpenCode 不做侵入式自动 hook,只依赖全局 MCP 配置、说明和 doctor 诊断。
|
|
50
51
|
- 不提交 `.codegraph/` 数据库或将其作为 TSP artifact。
|
|
51
52
|
- CodeGraph 结论不能绕过 `/team-plan`、`/team-review` 或验证门禁。
|
|
52
53
|
|
|
53
54
|
## 推荐组合
|
|
54
55
|
|
|
55
|
-
- 默认 brownfield 结构证据:`/team-help -> /update-codemaps -> npm run codegraph:doctor -> codegraph init -i -> /team-plan`
|
|
56
|
+
- 默认 brownfield 结构证据:`/team-help -> /update-codemaps -> npm run codegraph:doctor -> Claude 自动初始化或 codegraph init -i -> /team-plan`
|
|
56
57
|
- 快速影响面确认:`/team-execute -> CodeGraph impact/callers/callees -> /handoff -> /team-review`
|
|
57
58
|
- 深度多仓或许可证受限场景:按需选择 GitNexus 或 Graphify,并把结论统一回落到主链。
|
|
@@ -1,15 +1,15 @@
|
|
|
1
|
-
# https://goframe.org/docs/web/server-config-file-template
|
|
2
|
-
server:
|
|
3
|
-
address: ":8000"
|
|
4
|
-
openapiPath: "/api.json"
|
|
5
|
-
swaggerPath: "/swagger"
|
|
6
|
-
|
|
7
|
-
# https://goframe.org/docs/core/glog-config
|
|
8
|
-
logger:
|
|
9
|
-
level : "all"
|
|
10
|
-
stdout: true
|
|
11
|
-
|
|
12
|
-
# https://goframe.org/docs/core/gdb-config-file
|
|
13
|
-
database:
|
|
14
|
-
default:
|
|
1
|
+
# https://goframe.org/docs/web/server-config-file-template
|
|
2
|
+
server:
|
|
3
|
+
address: ":8000"
|
|
4
|
+
openapiPath: "/api.json"
|
|
5
|
+
swaggerPath: "/swagger"
|
|
6
|
+
|
|
7
|
+
# https://goframe.org/docs/core/glog-config
|
|
8
|
+
logger:
|
|
9
|
+
level : "all"
|
|
10
|
+
stdout: true
|
|
11
|
+
|
|
12
|
+
# https://goframe.org/docs/core/gdb-config-file
|
|
13
|
+
database:
|
|
14
|
+
default:
|
|
15
15
|
link: "mysql:root:12345678@tcp(127.0.0.1:3306)/test"
|
|
@@ -1,22 +1,22 @@
|
|
|
1
|
-
---
|
|
2
|
-
name: repo-scan
|
|
3
|
-
description: Cross-stack source code asset audit — classifies every file, detects embedded third-party libraries, and delivers actionable four-level verdicts per module with interactive HTML reports.
|
|
4
|
-
origin: community
|
|
5
|
-
---
|
|
6
|
-
|
|
7
|
-
# repo-scan
|
|
8
|
-
|
|
9
|
-
> Every ecosystem has its own dependency manager, but no tool looks across C++, Android, iOS, and Web to tell you: how much code is actually yours, what's third-party, and what's dead weight.
|
|
10
|
-
|
|
11
|
-
## When to Use
|
|
12
|
-
|
|
13
|
-
- Taking over a large legacy codebase and need a structural overview
|
|
14
|
-
- Before major refactoring — identify what's core, what's duplicate, what's dead
|
|
15
|
-
- Auditing third-party dependencies embedded directly in source (not declared in package managers)
|
|
16
|
-
- Preparing architecture decision records for monorepo reorganization
|
|
17
|
-
|
|
18
|
-
## Installation
|
|
19
|
-
|
|
1
|
+
---
|
|
2
|
+
name: repo-scan
|
|
3
|
+
description: Cross-stack source code asset audit — classifies every file, detects embedded third-party libraries, and delivers actionable four-level verdicts per module with interactive HTML reports.
|
|
4
|
+
origin: community
|
|
5
|
+
---
|
|
6
|
+
|
|
7
|
+
# repo-scan
|
|
8
|
+
|
|
9
|
+
> Every ecosystem has its own dependency manager, but no tool looks across C++, Android, iOS, and Web to tell you: how much code is actually yours, what's third-party, and what's dead weight.
|
|
10
|
+
|
|
11
|
+
## When to Use
|
|
12
|
+
|
|
13
|
+
- Taking over a large legacy codebase and need a structural overview
|
|
14
|
+
- Before major refactoring — identify what's core, what's duplicate, what's dead
|
|
15
|
+
- Auditing third-party dependencies embedded directly in source (not declared in package managers)
|
|
16
|
+
- Preparing architecture decision records for monorepo reorganization
|
|
17
|
+
|
|
18
|
+
## Installation
|
|
19
|
+
|
|
20
20
|
```bash
|
|
21
21
|
# Fetch only the pinned commit for reproducibility
|
|
22
22
|
mkdir -p ~/.claude/skills/repo-scan
|
|
@@ -27,52 +27,52 @@ git fetch --depth 1 origin 2742664
|
|
|
27
27
|
git checkout --detach FETCH_HEAD
|
|
28
28
|
cp -r . ~/.claude/skills/repo-scan
|
|
29
29
|
```
|
|
30
|
-
|
|
31
|
-
> Review the source before installing any agent skill.
|
|
32
|
-
|
|
33
|
-
## Core Capabilities
|
|
34
|
-
|
|
35
|
-
| Capability | Description |
|
|
36
|
-
|---|---|
|
|
37
|
-
| **Cross-stack scanning** | C/C++, Java/Android, iOS (OC/Swift), Web (TS/JS/Vue) in one pass |
|
|
38
|
-
| **File classification** | Every file tagged as project code, third-party, or build artifact |
|
|
39
|
-
| **Library detection** | 50+ known libraries (FFmpeg, Boost, OpenSSL…) with version extraction |
|
|
40
|
-
| **Four-level verdicts** | Core Asset / Extract & Merge / Rebuild / Deprecate |
|
|
41
|
-
| **HTML reports** | Interactive dark-theme pages with drill-down navigation |
|
|
42
|
-
| **Monorepo support** | Hierarchical scanning with summary + sub-project reports |
|
|
43
|
-
|
|
44
|
-
## Analysis Depth Levels
|
|
45
|
-
|
|
46
|
-
| Level | Files Read | Use Case |
|
|
47
|
-
|---|---|---|
|
|
48
|
-
| `fast` | 1-2 per module | Quick inventory of huge directories |
|
|
49
|
-
| `standard` | 2-5 per module | Default audit with full dependency + architecture checks |
|
|
50
|
-
| `deep` | 5-10 per module | Adds thread safety, memory management, API consistency |
|
|
51
|
-
| `full` | All files | Pre-merge comprehensive review |
|
|
52
|
-
|
|
53
|
-
## How It Works
|
|
54
|
-
|
|
30
|
+
|
|
31
|
+
> Review the source before installing any agent skill.
|
|
32
|
+
|
|
33
|
+
## Core Capabilities
|
|
34
|
+
|
|
35
|
+
| Capability | Description |
|
|
36
|
+
|---|---|
|
|
37
|
+
| **Cross-stack scanning** | C/C++, Java/Android, iOS (OC/Swift), Web (TS/JS/Vue) in one pass |
|
|
38
|
+
| **File classification** | Every file tagged as project code, third-party, or build artifact |
|
|
39
|
+
| **Library detection** | 50+ known libraries (FFmpeg, Boost, OpenSSL…) with version extraction |
|
|
40
|
+
| **Four-level verdicts** | Core Asset / Extract & Merge / Rebuild / Deprecate |
|
|
41
|
+
| **HTML reports** | Interactive dark-theme pages with drill-down navigation |
|
|
42
|
+
| **Monorepo support** | Hierarchical scanning with summary + sub-project reports |
|
|
43
|
+
|
|
44
|
+
## Analysis Depth Levels
|
|
45
|
+
|
|
46
|
+
| Level | Files Read | Use Case |
|
|
47
|
+
|---|---|---|
|
|
48
|
+
| `fast` | 1-2 per module | Quick inventory of huge directories |
|
|
49
|
+
| `standard` | 2-5 per module | Default audit with full dependency + architecture checks |
|
|
50
|
+
| `deep` | 5-10 per module | Adds thread safety, memory management, API consistency |
|
|
51
|
+
| `full` | All files | Pre-merge comprehensive review |
|
|
52
|
+
|
|
53
|
+
## How It Works
|
|
54
|
+
|
|
55
55
|
1. **Classify the repo surface**: enumerate files, then tag each as project code, embedded third-party code, or build artifact.
|
|
56
56
|
2. **Detect embedded libraries**: inspect directory names, headers, license files, and version markers to identify bundled dependencies and likely versions.
|
|
57
57
|
3. **Score each module**: group files by module or subsystem, then assign one of the four verdicts based on ownership, duplication, and maintenance cost.
|
|
58
58
|
4. **Highlight structural risks**: call out dead-weight artifacts, duplicated wrappers, outdated vendored code, and modules that should be extracted, rebuilt, or deprecated.
|
|
59
59
|
5. **Produce the report**: return a concise summary plus the interactive HTML output with per-module drill-down so the audit can be reviewed asynchronously.
|
|
60
|
-
|
|
61
|
-
## Examples
|
|
62
|
-
|
|
63
|
-
On a 50,000-file C++ monorepo:
|
|
64
|
-
- Found FFmpeg 2.x (2015 vintage) still in production
|
|
65
|
-
- Discovered the same SDK wrapper duplicated 3 times
|
|
66
|
-
- Identified 636 MB of committed Debug/ipch/obj build artifacts
|
|
67
|
-
- Classified: 3 MB project code vs 596 MB third-party
|
|
68
|
-
|
|
69
|
-
## Best Practices
|
|
70
|
-
|
|
71
|
-
- Start with `standard` depth for first-time audits
|
|
72
|
-
- Use `fast` for monorepos with 100+ modules to get a quick inventory
|
|
73
|
-
- Run `deep` incrementally on modules flagged for refactoring
|
|
74
|
-
- Review the cross-module analysis for duplicate detection across sub-projects
|
|
75
|
-
|
|
76
|
-
## Links
|
|
77
|
-
|
|
78
|
-
- [GitHub Repository](https://github.com/haibindev/repo-scan)
|
|
60
|
+
|
|
61
|
+
## Examples
|
|
62
|
+
|
|
63
|
+
On a 50,000-file C++ monorepo:
|
|
64
|
+
- Found FFmpeg 2.x (2015 vintage) still in production
|
|
65
|
+
- Discovered the same SDK wrapper duplicated 3 times
|
|
66
|
+
- Identified 636 MB of committed Debug/ipch/obj build artifacts
|
|
67
|
+
- Classified: 3 MB project code vs 596 MB third-party
|
|
68
|
+
|
|
69
|
+
## Best Practices
|
|
70
|
+
|
|
71
|
+
- Start with `standard` depth for first-time audits
|
|
72
|
+
- Use `fast` for monorepos with 100+ modules to get a quick inventory
|
|
73
|
+
- Run `deep` incrementally on modules flagged for refactoring
|
|
74
|
+
- Review the cross-module analysis for duplicate detection across sub-projects
|
|
75
|
+
|
|
76
|
+
## Links
|
|
77
|
+
|
|
78
|
+
- [GitHub Repository](https://github.com/haibindev/repo-scan)
|
|
Binary file
|
|
Binary file
|
|
Binary file
|
|
Binary file
|
|
Binary file
|
|
Binary file
|
|
Binary file
|
|
Binary file
|
|
Binary file
|
|
Binary file
|
|
Binary file
|
|
Binary file
|
|
Binary file
|
|
Binary file
|
|
Binary file
|
|
Binary file
|
|
Binary file
|
|
Binary file
|
|
Binary file
|
|
Binary file
|
|
Binary file
|
|
Binary file
|