@colin4k1024/tsp 2.4.7 → 2.4.9

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (37) hide show
  1. package/README.md +4 -4
  2. package/hooks/hooks.json +11 -0
  3. package/manifests/install-modules.json +5 -2
  4. package/package.json +1 -2
  5. package/schemas/install-modules.schema.json +52 -0
  6. package/scripts/codegraph-preflight.js +68 -75
  7. package/scripts/hooks/codegraph-auto-init.js +324 -0
  8. package/scripts/install-apply.js +2 -1
  9. package/scripts/install-codegraph.js +235 -25
  10. package/scripts/install-plan.js +4 -1
  11. package/scripts/lib/install/apply.js +5 -0
  12. package/scripts/lib/install-executor.js +6 -0
  13. package/skills/codegraph/SKILL.md +6 -5
  14. package/skills/goframe-v2/examples/practices/quick-demo/manifest/config/config.yaml +14 -14
  15. package/skills/repo-scan/SKILL.md +63 -63
  16. package/scripts/__pycache__/__init__.cpython-311.pyc +0 -0
  17. package/scripts/__pycache__/build_platform_artifacts.cpython-311.pyc +0 -0
  18. package/scripts/__pycache__/install_platform.cpython-311.pyc +0 -0
  19. package/scripts/__pycache__/langfuse_trace.cpython-311.pyc +0 -0
  20. package/scripts/__pycache__/query_audit_logs.cpython-311.pyc +0 -0
  21. package/scripts/__pycache__/scan_leaked_keys.cpython-311.pyc +0 -0
  22. package/scripts/__pycache__/team_skills_platform.cpython-311.pyc +0 -0
  23. package/scripts/__pycache__/team_skills_platform.cpython-313.pyc +0 -0
  24. package/scripts/__pycache__/validate_library.cpython-311.pyc +0 -0
  25. package/scripts/__pycache__/validate_workflow_state.cpython-311.pyc +0 -0
  26. package/scripts/evolution/__pycache__/__init__.cpython-311.pyc +0 -0
  27. package/scripts/evolution/__pycache__/store.cpython-311.pyc +0 -0
  28. package/scripts/hooks/__pycache__/__init__.cpython-311.pyc +0 -0
  29. package/scripts/hooks/__pycache__/mcp_health_check.cpython-311.pyc +0 -0
  30. package/scripts/hooks/__pycache__/observe.cpython-311.pyc +0 -0
  31. package/scripts/hooks/__pycache__/session_end.cpython-311.pyc +0 -0
  32. package/scripts/hooks/__pycache__/session_start.cpython-311.pyc +0 -0
  33. package/scripts/lib/__pycache__/audit_logger.cpython-311.pyc +0 -0
  34. package/scripts/lib/__pycache__/audit_query.cpython-311.pyc +0 -0
  35. package/scripts/lib/__pycache__/hook_contract.cpython-311.pyc +0 -0
  36. package/scripts/lib/__pycache__/memory_store.cpython-311.pyc +0 -0
  37. package/scripts/lib/__pycache__/utils.cpython-311.pyc +0 -0
@@ -162,6 +162,10 @@ function resolveExternalInstalls(selectedModules, options = {}) {
162
162
  const args = Array.isArray(externalInstall.args)
163
163
  ? externalInstall.args.map(value => String(value))
164
164
  : [];
165
+ const failureMode = externalInstall.failureMode === 'warn' ? 'warn' : 'error';
166
+ const failureHint = typeof externalInstall.failureHint === 'string' && externalInstall.failureHint.trim()
167
+ ? externalInstall.failureHint.trim()
168
+ : '';
165
169
 
166
170
  if (!script) {
167
171
  throw new Error(`Install module ${module.id} has externalInstall but no script`);
@@ -175,6 +179,8 @@ function resolveExternalInstalls(selectedModules, options = {}) {
175
179
  script,
176
180
  scriptPath: path.join(sourceRoot, script),
177
181
  args,
182
+ failureMode,
183
+ failureHint,
178
184
  cwd: sourceRoot,
179
185
  target,
180
186
  profileId,
@@ -3,7 +3,7 @@ name: codegraph
3
3
  description: >
4
4
  将 CodeGraph 作为默认内置 MCP-backed 代码图谱能力接入,用于 brownfield 符号搜索、
5
5
  调用链、影响面和上下文查询。输出必须回落到 `/team-*` 主链和 artifacts。
6
- origin: colbymchenry/codegraph (default dependency with upstream installer wrapper)
6
+ origin: colbymchenry/codegraph (official standalone installer with target-scoped wrapper)
7
7
  ---
8
8
 
9
9
  # CodeGraph
@@ -22,8 +22,8 @@ origin: colbymchenry/codegraph (default dependency with upstream installer wrapp
22
22
 
23
23
  ## 默认工作流
24
24
 
25
- 1. 先跑 `npm run codegraph:doctor`,确认 Node、CodeGraph 包和当前 target wrapper 可用。
26
- 2. 在消费方目标项目根目录手动初始化索引:
25
+ 1. 先跑 `npm run codegraph:doctor`,确认 standalone CodeGraph binary、官方 installer 依赖和当前 target wrapper 可用。
26
+ 2. Claude 新项目会通过 `SessionStart` 自动初始化索引;非 Claude 或关闭自动初始化时,在消费方目标项目根目录手动初始化:
27
27
  ```bash
28
28
  codegraph init -i
29
29
  ```
@@ -46,12 +46,13 @@ origin: colbymchenry/codegraph (default dependency with upstream installer wrapp
46
46
  ## 边界与禁用项
47
47
 
48
48
  - TSP 安装时只运行 `scripts/install-codegraph.js` wrapper,不使用上游 `--target=auto`。
49
- - TSP 安装流程不运行 `codegraph init -i`,避免在平台仓库或消费方仓库隐式写入 `.codegraph/`。
49
+ - Claude `SessionStart` 可在新项目缺少 `.codegraph/codegraph.db` 时静默执行 `codegraph init -i <projectRoot>`;用 `TSP_CODEGRAPH_AUTO_INIT=0` 可关闭。
50
+ - Codex / OpenCode 不做侵入式自动 hook,只依赖全局 MCP 配置、说明和 doctor 诊断。
50
51
  - 不提交 `.codegraph/` 数据库或将其作为 TSP artifact。
51
52
  - CodeGraph 结论不能绕过 `/team-plan`、`/team-review` 或验证门禁。
52
53
 
53
54
  ## 推荐组合
54
55
 
55
- - 默认 brownfield 结构证据:`/team-help -> /update-codemaps -> npm run codegraph:doctor -> codegraph init -i -> /team-plan`
56
+ - 默认 brownfield 结构证据:`/team-help -> /update-codemaps -> npm run codegraph:doctor -> Claude 自动初始化或 codegraph init -i -> /team-plan`
56
57
  - 快速影响面确认:`/team-execute -> CodeGraph impact/callers/callees -> /handoff -> /team-review`
57
58
  - 深度多仓或许可证受限场景:按需选择 GitNexus 或 Graphify,并把结论统一回落到主链。
@@ -1,15 +1,15 @@
1
- # https://goframe.org/docs/web/server-config-file-template
2
- server:
3
- address: ":8000"
4
- openapiPath: "/api.json"
5
- swaggerPath: "/swagger"
6
-
7
- # https://goframe.org/docs/core/glog-config
8
- logger:
9
- level : "all"
10
- stdout: true
11
-
12
- # https://goframe.org/docs/core/gdb-config-file
13
- database:
14
- default:
1
+ # https://goframe.org/docs/web/server-config-file-template
2
+ server:
3
+ address: ":8000"
4
+ openapiPath: "/api.json"
5
+ swaggerPath: "/swagger"
6
+
7
+ # https://goframe.org/docs/core/glog-config
8
+ logger:
9
+ level : "all"
10
+ stdout: true
11
+
12
+ # https://goframe.org/docs/core/gdb-config-file
13
+ database:
14
+ default:
15
15
  link: "mysql:root:12345678@tcp(127.0.0.1:3306)/test"
@@ -1,22 +1,22 @@
1
- ---
2
- name: repo-scan
3
- description: Cross-stack source code asset audit — classifies every file, detects embedded third-party libraries, and delivers actionable four-level verdicts per module with interactive HTML reports.
4
- origin: community
5
- ---
6
-
7
- # repo-scan
8
-
9
- > Every ecosystem has its own dependency manager, but no tool looks across C++, Android, iOS, and Web to tell you: how much code is actually yours, what's third-party, and what's dead weight.
10
-
11
- ## When to Use
12
-
13
- - Taking over a large legacy codebase and need a structural overview
14
- - Before major refactoring — identify what's core, what's duplicate, what's dead
15
- - Auditing third-party dependencies embedded directly in source (not declared in package managers)
16
- - Preparing architecture decision records for monorepo reorganization
17
-
18
- ## Installation
19
-
1
+ ---
2
+ name: repo-scan
3
+ description: Cross-stack source code asset audit — classifies every file, detects embedded third-party libraries, and delivers actionable four-level verdicts per module with interactive HTML reports.
4
+ origin: community
5
+ ---
6
+
7
+ # repo-scan
8
+
9
+ > Every ecosystem has its own dependency manager, but no tool looks across C++, Android, iOS, and Web to tell you: how much code is actually yours, what's third-party, and what's dead weight.
10
+
11
+ ## When to Use
12
+
13
+ - Taking over a large legacy codebase and need a structural overview
14
+ - Before major refactoring — identify what's core, what's duplicate, what's dead
15
+ - Auditing third-party dependencies embedded directly in source (not declared in package managers)
16
+ - Preparing architecture decision records for monorepo reorganization
17
+
18
+ ## Installation
19
+
20
20
  ```bash
21
21
  # Fetch only the pinned commit for reproducibility
22
22
  mkdir -p ~/.claude/skills/repo-scan
@@ -27,52 +27,52 @@ git fetch --depth 1 origin 2742664
27
27
  git checkout --detach FETCH_HEAD
28
28
  cp -r . ~/.claude/skills/repo-scan
29
29
  ```
30
-
31
- > Review the source before installing any agent skill.
32
-
33
- ## Core Capabilities
34
-
35
- | Capability | Description |
36
- |---|---|
37
- | **Cross-stack scanning** | C/C++, Java/Android, iOS (OC/Swift), Web (TS/JS/Vue) in one pass |
38
- | **File classification** | Every file tagged as project code, third-party, or build artifact |
39
- | **Library detection** | 50+ known libraries (FFmpeg, Boost, OpenSSL…) with version extraction |
40
- | **Four-level verdicts** | Core Asset / Extract & Merge / Rebuild / Deprecate |
41
- | **HTML reports** | Interactive dark-theme pages with drill-down navigation |
42
- | **Monorepo support** | Hierarchical scanning with summary + sub-project reports |
43
-
44
- ## Analysis Depth Levels
45
-
46
- | Level | Files Read | Use Case |
47
- |---|---|---|
48
- | `fast` | 1-2 per module | Quick inventory of huge directories |
49
- | `standard` | 2-5 per module | Default audit with full dependency + architecture checks |
50
- | `deep` | 5-10 per module | Adds thread safety, memory management, API consistency |
51
- | `full` | All files | Pre-merge comprehensive review |
52
-
53
- ## How It Works
54
-
30
+
31
+ > Review the source before installing any agent skill.
32
+
33
+ ## Core Capabilities
34
+
35
+ | Capability | Description |
36
+ |---|---|
37
+ | **Cross-stack scanning** | C/C++, Java/Android, iOS (OC/Swift), Web (TS/JS/Vue) in one pass |
38
+ | **File classification** | Every file tagged as project code, third-party, or build artifact |
39
+ | **Library detection** | 50+ known libraries (FFmpeg, Boost, OpenSSL…) with version extraction |
40
+ | **Four-level verdicts** | Core Asset / Extract & Merge / Rebuild / Deprecate |
41
+ | **HTML reports** | Interactive dark-theme pages with drill-down navigation |
42
+ | **Monorepo support** | Hierarchical scanning with summary + sub-project reports |
43
+
44
+ ## Analysis Depth Levels
45
+
46
+ | Level | Files Read | Use Case |
47
+ |---|---|---|
48
+ | `fast` | 1-2 per module | Quick inventory of huge directories |
49
+ | `standard` | 2-5 per module | Default audit with full dependency + architecture checks |
50
+ | `deep` | 5-10 per module | Adds thread safety, memory management, API consistency |
51
+ | `full` | All files | Pre-merge comprehensive review |
52
+
53
+ ## How It Works
54
+
55
55
  1. **Classify the repo surface**: enumerate files, then tag each as project code, embedded third-party code, or build artifact.
56
56
  2. **Detect embedded libraries**: inspect directory names, headers, license files, and version markers to identify bundled dependencies and likely versions.
57
57
  3. **Score each module**: group files by module or subsystem, then assign one of the four verdicts based on ownership, duplication, and maintenance cost.
58
58
  4. **Highlight structural risks**: call out dead-weight artifacts, duplicated wrappers, outdated vendored code, and modules that should be extracted, rebuilt, or deprecated.
59
59
  5. **Produce the report**: return a concise summary plus the interactive HTML output with per-module drill-down so the audit can be reviewed asynchronously.
60
-
61
- ## Examples
62
-
63
- On a 50,000-file C++ monorepo:
64
- - Found FFmpeg 2.x (2015 vintage) still in production
65
- - Discovered the same SDK wrapper duplicated 3 times
66
- - Identified 636 MB of committed Debug/ipch/obj build artifacts
67
- - Classified: 3 MB project code vs 596 MB third-party
68
-
69
- ## Best Practices
70
-
71
- - Start with `standard` depth for first-time audits
72
- - Use `fast` for monorepos with 100+ modules to get a quick inventory
73
- - Run `deep` incrementally on modules flagged for refactoring
74
- - Review the cross-module analysis for duplicate detection across sub-projects
75
-
76
- ## Links
77
-
78
- - [GitHub Repository](https://github.com/haibindev/repo-scan)
60
+
61
+ ## Examples
62
+
63
+ On a 50,000-file C++ monorepo:
64
+ - Found FFmpeg 2.x (2015 vintage) still in production
65
+ - Discovered the same SDK wrapper duplicated 3 times
66
+ - Identified 636 MB of committed Debug/ipch/obj build artifacts
67
+ - Classified: 3 MB project code vs 596 MB third-party
68
+
69
+ ## Best Practices
70
+
71
+ - Start with `standard` depth for first-time audits
72
+ - Use `fast` for monorepos with 100+ modules to get a quick inventory
73
+ - Run `deep` incrementally on modules flagged for refactoring
74
+ - Review the cross-module analysis for duplicate detection across sub-projects
75
+
76
+ ## Links
77
+
78
+ - [GitHub Repository](https://github.com/haibindev/repo-scan)