@elvis1513/auto-coding-skill 1.0.0 → 1.0.2

package/README.md

@@ -7,6 +7,8 @@ Engineering workflow skill for:
 
 This skill targets Go backend + frontend monorepo projects that rely on Jenkins for build and deployment. The optimized default flow is lightweight locally, then Jenkins-first and target-environment-first for real verification.
 
+`docs/ENGINEERING.md` is intentionally Git-tracked. The environment fields kept in that file are mandatory, must be filled with real values, and are committed as part of project maintenance. Unused environment items should be removed instead of being kept as placeholders.
+
 ## Install
 
 ```bash
@@ -33,7 +35,7 @@ npm install -g git+https://github.com/elvis1513/auto-coding-skill.git
 - Synced reusable workflow improvements from a production project back into this skill.
 - Moved repo-side helper entrypoint to `docs/tools/autopipeline`.
 - Tightened regression matrix rules: rows start as `TODO`, and `PASS` requires real execution evidence.
-- Added Jenkins API verification flow with credentials sourced from `docs/ENGINEERING.md` or environment variables.
+- Added Jenkins API verification flow with credentials sourced from `docs/ENGINEERING.md`.
 
 ## Optimized Standard Flow
 
@@ -51,12 +53,11 @@ npm install -g git+https://github.com/elvis1513/auto-coding-skill.git
 3. 开发实现
    - 只修改本次任务必要文件，不做无关重构。
 4. 本地轻量校验
-   - build
-   - 单元测试或关键快速测试
-   - lint / typecheck
-   - API 文档检查
-   - Jenkinsfile / 脚本语法检查
+   - 优先执行一个项目自定义快速门禁命令
+   - 若未配置，再执行 quick test / test / build 中最先配置的一项
    - `git diff --check`
+   - API 文档检查
+   - Jenkins 配置检查
 5. 立即提交推送
    - 本地轻量校验通过后，commit + push，触发 Jenkins。
 6. Jenkins 验证
@@ -73,7 +74,7 @@ npm install -g git+https://github.com/elvis1513/auto-coding-skill.git
 默认不做：
 - 本地 Docker Compose 启动
 - 本地 Docker build
-- 本地完整 smoke / regression
+- 本地完整 regression
 - 每个小改动强制 `check-matrix`
 - 每个小改动强制生成 summary
 - 未真实执行就要求 regression matrix 全 `PASS`
@@ -81,7 +82,7 @@ npm install -g git+https://github.com/elvis1513/auto-coding-skill.git
 
 按需保留：
 - `runtime-up` / `runtime-down`
-- 本地 health / smoke / regression
+- 本地 health
 - `check-matrix`
 - `gen-summary`
 - deployment runbook / deployment record
@@ -108,6 +109,7 @@ python3 .claude/skills/auto-coding-skill/scripts/ap.py --repo . install
 - `docs/ENGINEERING.md` frontmatter
 
 This frontmatter is the only manual config source.
+It must be committed to Git. Do not add it to `.gitignore`.
 
 重点字段：
 - `commands.*`
@@ -117,17 +119,28 @@ This frontmatter is the only manual config source.
 
 默认必填：
 - `project.name`
-- `commands.build`
-- `commands.quick_test` 或 `commands.test`
-- `commands.lint` 或 `commands.typecheck`
+- `commands.light_gate` 或 `commands.quick_test` 或 `commands.test` 或 `commands.build`
 - `target_env.name`
+- `target_env.frontend_base_url`
+- `target_env.frontend_username`
+- `target_env.frontend_password`
+- `target_env.backend_base_url`
+- `target_env.backend_username`
+- `target_env.backend_password`
+- `target_env.backend_root_username`
+- `target_env.backend_root_password`
 - `target_env.health_base_url`
 - `target_env.health_path`
+- `jenkins.base_url`
+- `jenkins.ui_username`
+- `jenkins.ui_password`
+- `jenkins.api_user`
+- `jenkins.api_password`
 - `jenkins.trigger_branch`
 - `jenkins.image_repository`
 - `jenkins.image_tag_strategy`
 - `jenkins.deploy_env`
-- `jenkins.job_url` 或 `jenkins.base_url + jenkins.job_name` 或 `jenkins.base_url + jenkins.multibranch_root_job`
+- `jenkins.job_url`
 
 4. Start AI development by constraints:
 
@@ -185,7 +198,10 @@ This frontmatter is the only manual config source.
 - Purpose: single source of project config + workflow rules.
 - How to record:
   - Fill YAML frontmatter once.
-  - Keep target env accounts, Jenkins UI/API accounts, commands, docs paths here only.
+  - Keep target env front/backend usernames and passwords, Jenkins UI/API usernames and passwords, commands, docs paths here only.
+  - Target environment also includes backend server root username/password.
+  - This file is expected to be committed to Git and maintained in plaintext for this workflow.
+  - Remaining environment keys are all mandatory; blank values, TODO-like placeholders, and incorrect URL/path formats are treated as blocking errors by `doctor`.
   - Do not duplicate config elsewhere.
 
 ### 2) docs/tasks/taskbook.md
@@ -275,12 +291,6 @@ python3 docs/tools/autopipeline/ap.py commit-push <TASK_ID> \
 Available on-demand commands:
 
 ```bash
-python3 docs/tools/autopipeline/ap.py run build
-python3 docs/tools/autopipeline/ap.py run test
-python3 docs/tools/autopipeline/ap.py run quick_test
-python3 docs/tools/autopipeline/ap.py run lint
-python3 docs/tools/autopipeline/ap.py run typecheck
-python3 docs/tools/autopipeline/ap.py run script_syntax
 python3 docs/tools/autopipeline/ap.py doctor
 python3 docs/tools/autopipeline/ap.py verify-api-docs
 python3 docs/tools/autopipeline/ap.py verify-jenkins
@@ -290,8 +300,6 @@ python3 docs/tools/autopipeline/ap.py verify-jenkins-build --job-url <job-url> -
 python3 docs/tools/autopipeline/ap.py verify-jenkins-build --multibranch-root-job <root-job> --branch-name <branch> --build-number <number>
 python3 docs/tools/autopipeline/ap.py runtime-up
 python3 docs/tools/autopipeline/ap.py wait-health --scope runtime
-python3 docs/tools/autopipeline/ap.py run smoke
-python3 docs/tools/autopipeline/ap.py run regression
 python3 docs/tools/autopipeline/ap.py runtime-down
 python3 docs/tools/autopipeline/ap.py check-matrix
 python3 docs/tools/autopipeline/ap.py gen-summary <TASK_ID>
@@ -316,7 +324,7 @@ python3 docs/tools/autopipeline/ap.py gen-summary <TASK_ID>
 - `doctor`
   - Checks whether the default lightweight workflow is actually configured instead of silently skipping gates.
 - `light-gate`
-  - Now fails if required commands are missing instead of returning `OK` after skipping everything.
+  - Now prefers one curated fast gate command instead of serially running every expensive check.
 - `verify-target`
   - Performs real target-environment verification beyond health checks when you provide key backend/frontend paths.
 - `commit-push --record-closure`

package/cli/assets/skill/SKILL.md

@@ -7,6 +7,8 @@ description: Use for a lightweight Jenkins-first engineering workflow in Claude/
 
 This skill is for Go backend + frontend monorepo projects that rely on Jenkins to build and deploy after push. It supports both Claude and Codex. The default workflow is lightweight locally, then uses Jenkins and the real target environment as the authoritative verification path.
 
+`docs/ENGINEERING.md` is intentionally Git-tracked in this workflow. The remaining environment fields in that file are mandatory, must be filled with real values, and are committed as part of the project baseline. Unused environment keys should be removed from the template instead of being left as placeholders.
+
 Prefer already available MCP servers, installed skills, plugins, and app connectors over ad-hoc manual work whenever they can complete the task reliably.
 
 Default to multi-agent execution when the client supports it. Break work into independent design, research, implementation, validation, and documentation subtasks so Claude/Codex can run them in parallel whenever that reduces cycle time without weakening control of the main task.
@@ -71,20 +73,32 @@ This contains all manual fields:
 - `docs.*`
 
 Do not duplicate config in other md/yaml files.
+Do not hide `docs/ENGINEERING.md` in `.gitignore`.
 
 Minimum required config for the default flow:
 - `project.name`
-- `commands.build`
-- `commands.quick_test` or `commands.test`
-- `commands.lint` or `commands.typecheck`
+- `commands.light_gate` or `commands.quick_test` or `commands.test` or `commands.build`
 - `target_env.name`
+- `target_env.frontend_base_url`
+- `target_env.frontend_username`
+- `target_env.frontend_password`
+- `target_env.backend_base_url`
+- `target_env.backend_username`
+- `target_env.backend_password`
+- `target_env.backend_root_username`
+- `target_env.backend_root_password`
 - `target_env.health_base_url`
 - `target_env.health_path`
+- `jenkins.base_url`
+- `jenkins.ui_username`
+- `jenkins.ui_password`
+- `jenkins.api_user`
+- `jenkins.api_password`
 - `jenkins.trigger_branch`
 - `jenkins.image_repository`
 - `jenkins.image_tag_strategy`
 - `jenkins.deploy_env`
-- `jenkins.job_url` or `jenkins.base_url + jenkins.job_name` or `jenkins.base_url + jenkins.multibranch_root_job`
+- `jenkins.job_url`
 
 ## Branch policy
 
@@ -124,8 +138,6 @@ On-demand commands:
 ```bash
 python3 docs/tools/autopipeline/ap.py runtime-up
 python3 docs/tools/autopipeline/ap.py wait-health --scope runtime
-python3 docs/tools/autopipeline/ap.py run smoke
-python3 docs/tools/autopipeline/ap.py run regression
 python3 docs/tools/autopipeline/ap.py runtime-down
 python3 docs/tools/autopipeline/ap.py check-matrix
 python3 docs/tools/autopipeline/ap.py gen-summary <TASK_ID>
@@ -133,9 +145,10 @@ python3 docs/tools/autopipeline/ap.py gen-summary <TASK_ID>
 
 ## Quality policy
 
-- Default local gate is lightweight only: build, unit/quick test, lint, typecheck, API docs, Jenkinsfile / script syntax, `git diff --check`.
-- `doctor` should be used early to catch missing config before the first implementation loop.
-- `light-gate` now fails if the required default commands are not configured.
+- Default local gate is lightweight and time-bounded: prefer one curated project command via `commands.light_gate`, then run only diff/API/Jenkins checks.
+- `doctor` should be used early to catch missing or invalid config before the first implementation loop.
+- `light-gate` now fails if no usable fast gate command is configured.
+- `doctor`, `light-gate`, and `commit-push` all fail when required environment fields are missing, placeholder-like, or syntactically invalid.
 - Do not require local Docker Compose or full local regression for every small change.
 - Jenkins and target environment verification are more valuable than repeated local simulation of deploy-only problems.
 - `verify-target` should be used for real target-environment API/page checks when the task touches user-visible or deploy-sensitive behavior.

package/cli/assets/skill/data/templates/ENGINEERING.md

@@ -10,26 +10,17 @@ project:
   jenkinsfile: "Jenkinsfile"
 
 commands:
+  light_gate: ""
   build: ""
   test: ""
   quick_test: ""
   lint: ""
   typecheck: ""
   format: ""
-  script_syntax: ""
-  diff_check: ""
-  docker_build: ""
-  compose_up: ""
-  compose_down: ""
-  smoke: ""
-  regression: ""
 
 runtime:
   docker_compose_file: ""
   docker_service: ""
-  container_name: ""
-  image: ""
-  app_port: ""
   health_base_url: ""
   health_path: ""
   env_file: ""
@@ -43,30 +34,23 @@ target_env:
   backend_base_url: ""
   backend_username: ""
   backend_password: ""
+  backend_root_username: ""
+  backend_root_password: ""
   health_base_url: ""
   health_path: ""
-  verify_notes: ""
 
 jenkins:
   base_url: ""
   ui_username: ""
   ui_password: ""
-  crumb_url: ""
-  job_name: ""
   job_url: ""
-  multibranch_root_job: ""
-  branch_name: ""
   trigger_branch: ""
   image_repository: ""
   image_tag_strategy: ""
   deploy_env: ""
   deploy_timeout_sec: 1800
   api_user: ""
-  api_token: ""
   api_password: ""
-  api_user_env: "JENKINS_USER"
-  api_token_env: "JENKINS_TOKEN"
-  api_password_env: "JENKINS_PASSWORD"
 
 docs:
   taskbook: "docs/tasks/taskbook.md"
@@ -88,7 +72,7 @@ docs:
 默认原则：
 - 默认不要求本地 Docker Compose 启动。
 - 默认不要求本地 Docker build。
-- 默认不要求本地完整 smoke / regression。
+- 默认不要求本地完整 regression。
 - 默认不要求每个小改动生成长 summary。
 - 默认不要求 regression matrix 全 PASS。
 - 默认不要求 deployment record。
@@ -97,40 +81,53 @@ docs:
 补充规则：
 - 每次任务闭环后，必须清理临时文件、临时目录、日志、截图、构建缓存等非必要产物；仅明确需要保留的本地诊断目录允许保留。
 - 所有手工填写信息，只维护在本文件 frontmatter 中，其他文档不得重复配置。
+- `docs/ENGINEERING.md` 必须提交到 Git 管理，不允许写入 `.gitignore`。
+- 本 workflow 明确允许在 `docs/ENGINEERING.md` 中明文维护平台账号、密码，并随 Git 一起版本化。
+- 未参与默认流程的环境项不要保留占位；模板中未保留的字段视为已清理，不再额外配置。
 
 ---
 
 ## 0. 配置填写（必须）
 
 先填写 `docs/ENGINEERING.md` frontmatter 中的所有空值。重点包括：
-- `commands.*`：本地轻量校验命令
-- `target_env.*`：目标环境地址、后台账号、前端验证信息
-- `jenkins.*`：Jenkins UI/API 账号、Job、分支、镜像、部署环境
+- `commands.light_gate`：推荐配置一个项目级快速门禁命令，作为默认本地校验入口
+- `target_env.*`：目标环境前端 / 后端地址、用户名、密码，必须全部填写且真实可用
+- `jenkins.*`：Jenkins UI/API 用户名、密码、Job、分支、镜像、部署环境，必须全部填写且真实可用
 
 字段说明：
 - `target_env.backend_username` / `target_env.backend_password`：目标环境后台账号
-- `target_env.frontend_username` / `target_env.frontend_password`：目标环境前端登录账号（如需要）
+- `target_env.backend_root_username` / `target_env.backend_root_password`：目标环境后台服务器 root 账号
+- `target_env.frontend_username` / `target_env.frontend_password`：目标环境前端登录账号
 - `jenkins.ui_username` / `jenkins.ui_password`：Jenkins 页面登录账号
-- `jenkins.api_user` + `jenkins.api_token` / `jenkins.api_password`：Jenkins API 校验凭据
+- `jenkins.api_user` / `jenkins.api_password`：Jenkins API 用户名 / 密码
 
 默认必填：
 - `project.name`
-- `commands.build`
-- `commands.quick_test` 或 `commands.test`
-- `commands.lint` 或 `commands.typecheck`
+- `commands.light_gate` 或 `commands.quick_test` 或 `commands.test` 或 `commands.build`
 - `target_env.name`
+- `target_env.frontend_base_url`
+- `target_env.frontend_username`
+- `target_env.frontend_password`
+- `target_env.backend_base_url`
+- `target_env.backend_username`
+- `target_env.backend_password`
+- `target_env.backend_root_username`
+- `target_env.backend_root_password`
 - `target_env.health_base_url`
 - `target_env.health_path`
+- `jenkins.ui_username`
+- `jenkins.ui_password`
+- `jenkins.api_user`
+- `jenkins.api_password`
 - `jenkins.trigger_branch`
 - `jenkins.image_repository`
 - `jenkins.image_tag_strategy`
 - `jenkins.deploy_env`
-- `jenkins.job_url` 或 `jenkins.base_url + jenkins.job_name` 或 `jenkins.base_url + jenkins.multibranch_root_job`
+- `jenkins.job_url`
 
 按需填写：
 - `runtime.*`：仅在本地运行诊断时使用
-- `commands.compose_up` / `commands.compose_down` / `commands.smoke` / `commands.regression`
-- `target_env.frontend_*` / `target_env.backend_*`：仅在需要额外页面/API验证或受保护资源校验时使用
+- `commands.build` / `commands.test` / `commands.quick_test` / `commands.lint` / `commands.typecheck` / `commands.format`：按项目实际情况保留
 
 ---
 
@@ -194,13 +191,12 @@ docs:
    只修改本次任务必要文件，不做无关重构。
 
 4. 本地轻量校验  
-   默认只跑：
-   - 编译 / build
-   - 单元测试或关键快速测试
-   - lint / typecheck
-   - API 文档检查
-   - Jenkinsfile / 脚本语法检查
+   默认只跑最少必要检查：
+   - 优先执行 `commands.light_gate`
+   - 若未配置，则执行 `quick_test` / `test` / `build` 中最先配置的一项
    - `git diff --check`
+   - API 文档检查
+   - Jenkins 配置检查
 
 5. 立即提交推送  
    轻量校验通过后，commit + push，触发 Jenkins。
@@ -217,6 +213,9 @@ docs:
 9. 闭环记录  
    每个任务必须留下轻量闭环记录：任务 ID、提交号、Jenkins Build URL、目标环境验证结果、是否通过、遗留问题。
 
+10. 配置入库  
+   `docs/ENGINEERING.md` 中保留下来的环境信息、前端/后端账号、Jenkins 账号与密码必须 100% 填写、正确填写，并提交 Git 作为项目权威配置持续维护。
+
 ---
 
 ## 3. 高风险变更（必须补强验证）
@@ -244,8 +243,6 @@ docs:
 - `runtime-up`
 - `runtime-down`
 - 本地 health check
-- 本地 `smoke`
-- 本地 `regression`
 - `check-matrix`
 - `gen-summary`
 
@@ -265,7 +262,7 @@ docs:
 
 说明：
 - `doctor`：检查默认流程必填项和常见配置错误。
-- `light-gate`：默认轻量门禁。
+- `light-gate`：默认轻量门禁，优先执行项目自定义快速门禁命令。
 - `verify-target`：目标环境健康检查 + 按需关键 API / 页面验证。
 - `record-closure`：默认轻量闭环记录。
 - `check-matrix`、`gen-summary`、`runtime-up/down`：保留为按需工具。

package/cli/assets/skill/data/templates/docs/reviews/_TEMPLATE-REVIEW.md

@@ -3,18 +3,17 @@
 > 仅在任务需要独立 review 记录时使用；不是每个小改动的默认强制文档。
 
 ## 1. 静态分析结果
-- Command：lint / typecheck / script_syntax / diff_check
+- Command：light_gate / diff_check / verify_api_docs / verify_jenkins
 - Summary：
 - Issues：
 
 ## 2. 本地轻量校验
-- build：
-- test or quick_test：
+- light_gate or quick_test/test/build：
 - api docs：
-- jenkinsfile / scripts：
+- jenkins：
 
 ## 3. 按需本地运行验证（如果有）
-- runtime-up / health / smoke / regression：
+- runtime-up / health：
 
 ## 4. Jenkins 与目标环境
 - Jenkins readiness：

package/cli/assets/skill/data/templates/docs/tasks/summaries/_TEMPLATE-TASK-SUMMARY.md

@@ -19,7 +19,7 @@
 - 兼容性影响：
 
 ## 3. 质量证据
-- 本地轻量校验：build / test or quick_test / lint / typecheck / api docs / jenkinsfile / diff-check
+- 本地轻量校验：light_gate or quick_test/test/build / api docs / jenkins / diff-check
 - Jenkins Build：
 - 目标环境验证：
 - 闭环记录：`docs/tasks/closure-log.md`

package/cli/assets/skill/scripts/ap.py

@@ -8,7 +8,6 @@ import argparse
 import base64
 import datetime as _dt
 import json
-import os
 import time
 import urllib.parse
 import urllib.error
@@ -20,6 +19,7 @@ from core import APError, ensure_git_repo, copy_tree, run, load_yaml, find_confi
 
 
 _JENKINS_CRUMB_CACHE: dict[str, dict[str, str]] = {}
+_INVALID_PLACEHOLDERS = {"N/A", "TODO", "TBD", "CHANGEME", "CHANGE_ME", "FILL_ME", "FILL-ME", "PLACEHOLDER", "XXX"}
 
 
 def _skill_root() -> Path:
@@ -60,27 +60,21 @@ def _run_configured_command(repo: Path, cfg: dict, name: str) -> bool:
 
 def _jenkins_basic_auth_headers(cfg: dict) -> dict:
     jenkins_cfg = (cfg.get("jenkins") or {})
-    direct_user = str(jenkins_cfg.get("api_user") or jenkins_cfg.get("ui_username") or "").strip()
-    direct_token = str(jenkins_cfg.get("api_token") or "").strip()
-    direct_password = str(jenkins_cfg.get("api_password") or jenkins_cfg.get("ui_password") or "").strip()
-    user_env = str(jenkins_cfg.get("api_user_env") or "JENKINS_USER").strip() or "JENKINS_USER"
-    token_env = str(jenkins_cfg.get("api_token_env") or "JENKINS_TOKEN").strip() or "JENKINS_TOKEN"
-    password_env = str(jenkins_cfg.get("api_password_env") or "JENKINS_PASSWORD").strip() or "JENKINS_PASSWORD"
-    user = direct_user or os.getenv(user_env) or os.getenv("JENKINS_USER")
-    token = (
-        direct_token
-        or direct_password
-        or os.getenv(token_env)
-        or os.getenv(password_env)
-        or os.getenv("JENKINS_TOKEN")
-        or os.getenv("JENKINS_PASSWORD")
-    )
-    if not user or not token:
+    user_candidates = [
+        jenkins_cfg.get("api_user"),
+        jenkins_cfg.get("ui_username"),
+    ]
+    secret_candidates = [
+        jenkins_cfg.get("api_password"),
+        jenkins_cfg.get("ui_password"),
+    ]
+    user = next((_text(v) for v in user_candidates if _is_explicit_fill(v)), "")
+    secret = next((_text(v) for v in secret_candidates if _is_explicit_fill(v)), "")
+    if not user or not secret:
         raise APError(
-            "Missing Jenkins API credentials. Fill jenkins.api_user / jenkins.api_token / jenkins.api_password "
-            f"in docs/ENGINEERING.md, or set env vars {user_env}, {token_env}, {password_env}."
+            "Missing Jenkins API credentials. Fill jenkins.api_user and jenkins.api_password in docs/ENGINEERING.md."
         )
-    raw = f"{user}:{token}".encode("utf-8")
+    raw = f"{user}:{secret}".encode("utf-8")
     auth = base64.b64encode(raw).decode("ascii")
     return {"Authorization": f"Basic {auth}"}
 
@@ -122,10 +116,6 @@ def _jenkins_root_url(cfg: dict, job_url: str = "") -> str:
 
 
 def _jenkins_crumb_api_url(cfg: dict, job_url: str = "") -> str:
-    jenkins_cfg = (cfg.get("jenkins") or {})
-    explicit = str(jenkins_cfg.get("crumb_url") or "").strip()
-    if explicit:
-        return explicit
     root = _jenkins_root_url(cfg, job_url=job_url)
     if not root:
         return ""
@@ -203,12 +193,12 @@ def _jenkins_api_get_json(url: str, cfg: dict, timeout_s: int = 15, allow_404: b
                 except Exception as retry_exc:
                     raise APError(f"Jenkins API request failed after crumb retry: {url}\n{retry_exc}") from retry_exc
             else:
-                raise APError(
-                    f"Jenkins API request failed: {url}\n"
-                    f"HTTP 403\n{body or '(empty response body)'}\n"
-                    "Jenkins may require crumb/CSRF handling, but no crumb issuer endpoint was available. "
-                    "Fill jenkins.base_url or jenkins.crumb_url in docs/ENGINEERING.md if needed."
-                ) from exc
+                    raise APError(
+                        f"Jenkins API request failed: {url}\n"
+                        f"HTTP 403\n{body or '(empty response body)'}\n"
+                        "Jenkins may require crumb/CSRF handling, but no crumb issuer endpoint was available. "
+                    "Fill jenkins.base_url in docs/ENGINEERING.md if needed."
+                    ) from exc
         else:
             raise APError(
                 f"Jenkins API request failed: {url}\n"
@@ -296,15 +286,12 @@ def _resolve_jenkins_job_url(cfg: dict, job_name: str = "", job_url: str = "") -
     jenkins_cfg = (cfg.get("jenkins") or {})
     explicit_url = str(job_url or "").strip()
     requested_name = str(job_name or "").strip()
-    configured_name = str(jenkins_cfg.get("job_name") or "").strip()
     configured_url = str(jenkins_cfg.get("job_url") or "").strip()
     base_url = str(jenkins_cfg.get("base_url") or "").strip()
 
     if explicit_url:
         return explicit_url.rstrip("/")
     if requested_name:
-        if configured_name and requested_name == configured_name and configured_url:
-            return configured_url.rstrip("/")
         if base_url:
             return _jenkins_job_url_from_name(base_url, requested_name)
         raise APError(
@@ -313,11 +300,9 @@ def _resolve_jenkins_job_url(cfg: dict, job_name: str = "", job_url: str = "") -
         )
     if configured_url:
         return configured_url.rstrip("/")
-    if configured_name and base_url:
-        return _jenkins_job_url_from_name(base_url, configured_name)
     raise APError(
-        "Missing Jenkins job location. Fill jenkins.job_url, or fill both "
-        "jenkins.base_url and jenkins.job_name in docs/ENGINEERING.md."
+        "Missing Jenkins job location. Fill jenkins.job_url in docs/ENGINEERING.md, "
+        "or pass --job-url / --job-name explicitly."
     )
 
 
@@ -331,17 +316,16 @@ def _resolve_jenkins_job_candidates(
     branch_name: str = "",
 ) -> List[str]:
     jenkins_cfg = (cfg.get("jenkins") or {})
-    effective_branch = str(branch_name or jenkins_cfg.get("branch_name") or "").strip()
+    effective_branch = str(branch_name or "").strip()
     if not effective_branch:
         inferred_branch = _resolve_git_branch_name(repo, git_ref or "HEAD")
         if inferred_branch:
             effective_branch = inferred_branch
 
-    effective_root = str(multibranch_root_job or jenkins_cfg.get("multibranch_root_job") or "").strip()
+    effective_root = str(multibranch_root_job or "").strip()
     explicit_url = str(job_url or "").strip()
     explicit_name = str(job_name or "").strip()
     configured_url = str(jenkins_cfg.get("job_url") or "").strip()
-    configured_name = str(jenkins_cfg.get("job_name") or "").strip()
 
     if effective_branch:
         if explicit_url:
@@ -354,12 +338,9 @@ def _resolve_jenkins_job_candidates(
             return _jenkins_branch_job_urls(_jenkins_job_url_from_name(base_url, explicit_name), effective_branch)
         if configured_url:
             return _jenkins_branch_job_urls(configured_url, effective_branch)
-        if configured_name:
-            base_url = str(jenkins_cfg.get("base_url") or "").strip()
-            return _jenkins_branch_job_urls(_jenkins_job_url_from_name(base_url, configured_name), effective_branch)
         raise APError(
-            "Missing Jenkins multibranch root job location. Fill jenkins.multibranch_root_job + jenkins.base_url, "
-            "or pass --job-url / --job-name together with --branch-name."
+            "Missing Jenkins multibranch root job location. Pass --job-url / --job-name together with "
+            "--branch-name, or pass --multibranch-root-job with jenkins.base_url."
         )
 
     return [_resolve_jenkins_job_url(cfg, job_name=job_name, job_url=job_url)]
@@ -404,17 +385,8 @@ def cmd_install(args: argparse.Namespace) -> None:
     copy_tree(Path(__file__).resolve().parent / "core.py", tools_dir / "core.py")
     copy_tree(Path(__file__).resolve().parent / "http_checks.py", tools_dir / "http_checks.py")
 
-    gi = repo / ".gitignore"
-    secret_line = "docs/ENGINEERING.md"
-    if gi.exists():
-        txt = gi.read_text(encoding="utf-8")
-        if secret_line not in txt:
-            gi.write_text(txt.rstrip() + "\n" + secret_line + "\n", encoding="utf-8")
-    else:
-        gi.write_text(secret_line + "\n", encoding="utf-8")
-
     print(f"[install] OK: scaffold installed into {repo}")
-    print("[install] Next: edit docs/ENGINEERING.md frontmatter and fill project/commands/target_env/jenkins fields")
+    print("[install] Next: edit docs/ENGINEERING.md frontmatter, fill all platform credentials, and commit that file into Git.")
 
 
 def _infer_title(taskbook: Path, task_id: str) -> str:
@@ -482,7 +454,7 @@ def cmd_gen_summary(args: argparse.Namespace) -> None:
 - 变更记录位置：`{api_change_log}`
 
 ## 4. 质量证据
-- 本地轻量校验：build / test or quick_test / lint / typecheck / api docs / jenkinsfile / diff-check — TODO
+- 本地轻量校验：light_gate or quick_test/test/build / api docs / jenkins / diff-check — TODO
 - Jenkins Build：TODO
 - 目标环境验证：TODO
 - 闭环记录：TODO
@@ -568,23 +540,40 @@ def _load_cfg(repo: Path) -> dict:
     return load_yaml(cfg_path)
 
 
-def _pair_state(left: str, right: str) -> str:
-    if left and right:
-        return "complete"
-    if not left and not right:
-        return "empty"
-    return "partial"
+def _text(value: object) -> str:
+    return str(value or "").strip()
+
+
+def _is_placeholder(value: object) -> bool:
+    return _text(value).upper() in _INVALID_PLACEHOLDERS
+
+
+def _is_explicit_fill(value: object) -> bool:
+    return bool(_text(value)) and not _is_placeholder(value)
+
+
+def _validate_url_field(errors: List[str], field: str, value: object) -> None:
+    raw = _text(value)
+    parsed = urllib.parse.urlparse(raw)
+    if parsed.scheme not in {"http", "https"} or not parsed.netloc:
+        errors.append(f"{field} must be a valid http/https URL")
+
+
+def _validate_path_field(errors: List[str], field: str, value: object) -> None:
+    raw = _text(value)
+    if not raw.startswith("/"):
+        errors.append(f"{field} must start with '/'")
+
+
+def _require_explicit_field(missing: List[str], field: str, value: object) -> None:
+    raw = _text(value)
+    if not _is_explicit_fill(raw):
+        missing.append(f"{field} (must be explicitly filled, not blank/TODO)")
 
 
 def _run_git_diff_check(repo: Path, cfg: dict) -> None:
-    commands = (cfg.get("commands") or {})
-    configured = str(commands.get("diff_check") or "").strip()
-    if configured:
-        print(f"[diff-check] {configured}")
-        run_shell(configured, cwd=repo)
-    else:
-        print("[diff-check] git diff --check")
-        run(["git", "diff", "--check"], cwd=repo)
+    print("[diff-check] git diff --check")
+    run(["git", "diff", "--check"], cwd=repo)
     print("[diff-check] OK")
 
 
@@ -611,44 +600,27 @@ def cmd_run(args: argparse.Namespace) -> None:
 
 def cmd_light_gate(args: argparse.Namespace) -> None:
     repo = Path(args.repo).resolve()
+    cmd_doctor(argparse.Namespace(repo=str(repo)))
     cfg = _load_cfg(repo)
     commands = (cfg.get("commands") or {})
 
     executed: List[str] = []
     missing: List[str] = []
 
-    if not str(commands.get("build") or "").strip():
-        missing.append("commands.build")
-    else:
-        _run_configured_command(repo, cfg, "build")
-        executed.append("build")
-
-    if str(commands.get("quick_test") or "").strip():
+    if str(commands.get("light_gate") or "").strip():
+        _run_configured_command(repo, cfg, "light_gate")
+        executed.append("light_gate")
+    elif str(commands.get("quick_test") or "").strip():
         _run_configured_command(repo, cfg, "quick_test")
         executed.append("quick_test")
     elif str(commands.get("test") or "").strip():
         _run_configured_command(repo, cfg, "test")
         executed.append("test")
+    elif str(commands.get("build") or "").strip():
+        _run_configured_command(repo, cfg, "build")
+        executed.append("build")
     else:
-        missing.append("commands.quick_test or commands.test")
-
-    static_executed = False
-    if str(commands.get("lint") or "").strip():
-        _run_configured_command(repo, cfg, "lint")
-        executed.append("lint")
-        static_executed = True
-
-    if str(commands.get("typecheck") or "").strip():
-        _run_configured_command(repo, cfg, "typecheck")
-        executed.append("typecheck")
-        static_executed = True
-
-    if not static_executed:
-        missing.append("commands.lint or commands.typecheck")
-
-    if str(commands.get("script_syntax") or "").strip():
-        _run_configured_command(repo, cfg, "script_syntax")
-        executed.append("script_syntax")
+        missing.append("commands.light_gate or commands.quick_test or commands.test or commands.build")
 
     if missing:
         raise APError(
@@ -668,8 +640,6 @@ def cmd_runtime_up(args: argparse.Namespace) -> None:
     repo = Path(args.repo).resolve()
     cfg = _load_cfg(repo)
     runtime_cfg = (cfg.get("runtime") or {})
-    if _run_configured_command(repo, cfg, "compose_up"):
-        return
     compose_args = _compose_base_args(runtime_cfg) + ["up", "-d"]
     docker_service = str(runtime_cfg.get("docker_service") or "").strip()
     if docker_service:
@@ -683,8 +653,6 @@ def cmd_runtime_down(args: argparse.Namespace) -> None:
     repo = Path(args.repo).resolve()
     cfg = _load_cfg(repo)
     runtime_cfg = (cfg.get("runtime") or {})
-    if _run_configured_command(repo, cfg, "compose_down"):
-        return
     compose_args = _compose_base_args(runtime_cfg) + ["down", "--remove-orphans"]
     print(f"[runtime-down] {' '.join(compose_args)}")
     run(compose_args, cwd=repo)
@@ -770,10 +738,7 @@ def cmd_verify_target(args: argparse.Namespace) -> None:
             raise APError(f"Frontend target verification failed: {url} -> {status}\n{body[:400]}")
         checks.append(f"frontend:{url}->{status}")
 
-    note = str(target_cfg.get("verify_notes") or "").strip()
     summary = ", ".join(checks) if checks else "health-only"
-    if note:
-        summary = summary + f" | notes={note}"
     print(f"[verify-target] OK: {summary}")
 
 
@@ -788,6 +753,8 @@ def cmd_verify_jenkins(args: argparse.Namespace) -> None:
         raise APError(f"Jenkinsfile not found: {jenkinsfile}")
 
     required = [
+        ("jenkins.base_url", jenkins_cfg.get("base_url")),
+        ("jenkins.job_url", jenkins_cfg.get("job_url")),
         ("jenkins.trigger_branch", jenkins_cfg.get("trigger_branch")),
         ("jenkins.image_repository", jenkins_cfg.get("image_repository")),
         ("jenkins.image_tag_strategy", jenkins_cfg.get("image_tag_strategy")),
@@ -796,15 +763,6 @@ def cmd_verify_jenkins(args: argparse.Namespace) -> None:
         ("target_env.health_path", target_cfg.get("health_path")),
     ]
     missing = [name for name, value in required if not str(value or "").strip()]
-    if not str(jenkins_cfg.get("job_url") or "").strip():
-        base_url = str(jenkins_cfg.get("base_url") or "").strip()
-        job_name = str(jenkins_cfg.get("job_name") or "").strip()
-        multibranch_root = str(jenkins_cfg.get("multibranch_root_job") or "").strip()
-        if not (base_url and job_name) and not (base_url and multibranch_root):
-            missing.append(
-                "jenkins.job_url (or jenkins.base_url + jenkins.job_name, "
-                "or jenkins.base_url + jenkins.multibranch_root_job)"
-            )
     if missing:
         raise APError("Missing Jenkins config: " + ", ".join(missing))
     print(f"[verify-jenkins] OK: {jenkinsfile}")
@@ -825,33 +783,35 @@ def cmd_doctor(args: argparse.Namespace) -> None:
 
     if not str(project_cfg.get("name") or "").strip():
         missing.append("project.name")
-    if not str(commands.get("build") or "").strip():
-        missing.append("commands.build")
-    if not (str(commands.get("quick_test") or "").strip() or str(commands.get("test") or "").strip()):
-        missing.append("commands.quick_test or commands.test")
-    if not (str(commands.get("lint") or "").strip() or str(commands.get("typecheck") or "").strip()):
-        missing.append("commands.lint or commands.typecheck")
-    if not str(target_cfg.get("name") or "").strip():
-        missing.append("target_env.name")
-    if not str(target_cfg.get("health_base_url") or "").strip():
-        missing.append("target_env.health_base_url")
-    if not str(target_cfg.get("health_path") or "").strip():
-        missing.append("target_env.health_path")
-    if not str(jenkins_cfg.get("trigger_branch") or "").strip():
-        missing.append("jenkins.trigger_branch")
-    if not str(jenkins_cfg.get("image_repository") or "").strip():
-        missing.append("jenkins.image_repository")
-    if not str(jenkins_cfg.get("image_tag_strategy") or "").strip():
-        missing.append("jenkins.image_tag_strategy")
-    if not str(jenkins_cfg.get("deploy_env") or "").strip():
-        missing.append("jenkins.deploy_env")
-
-    base_url = str(jenkins_cfg.get("base_url") or "").strip()
-    job_name = str(jenkins_cfg.get("job_name") or "").strip()
-    job_url = str(jenkins_cfg.get("job_url") or "").strip()
-    multibranch_root = str(jenkins_cfg.get("multibranch_root_job") or "").strip()
-    if not job_url and not (base_url and job_name) and not (base_url and multibranch_root):
-        missing.append("jenkins.job_url or (jenkins.base_url + jenkins.job_name) or (jenkins.base_url + jenkins.multibranch_root_job)")
+    if not (
+        str(commands.get("light_gate") or "").strip()
+        or str(commands.get("quick_test") or "").strip()
+        or str(commands.get("test") or "").strip()
+        or str(commands.get("build") or "").strip()
+    ):
+        missing.append("commands.light_gate or commands.quick_test or commands.test or commands.build")
+    _require_explicit_field(missing, "target_env.name", target_cfg.get("name"))
+    _require_explicit_field(missing, "target_env.frontend_base_url", target_cfg.get("frontend_base_url"))
+    _require_explicit_field(missing, "target_env.frontend_username", target_cfg.get("frontend_username"))
+    _require_explicit_field(missing, "target_env.frontend_password", target_cfg.get("frontend_password"))
+    _require_explicit_field(missing, "target_env.backend_base_url", target_cfg.get("backend_base_url"))
+    _require_explicit_field(missing, "target_env.backend_username", target_cfg.get("backend_username"))
+    _require_explicit_field(missing, "target_env.backend_password", target_cfg.get("backend_password"))
+    _require_explicit_field(missing, "target_env.backend_root_username", target_cfg.get("backend_root_username"))
+    _require_explicit_field(missing, "target_env.backend_root_password", target_cfg.get("backend_root_password"))
+    _require_explicit_field(missing, "target_env.health_base_url", target_cfg.get("health_base_url"))
+    _require_explicit_field(missing, "target_env.health_path", target_cfg.get("health_path"))
+
+    _require_explicit_field(missing, "jenkins.base_url", jenkins_cfg.get("base_url"))
+    _require_explicit_field(missing, "jenkins.ui_username", jenkins_cfg.get("ui_username"))
+    _require_explicit_field(missing, "jenkins.ui_password", jenkins_cfg.get("ui_password"))
+    _require_explicit_field(missing, "jenkins.job_url", jenkins_cfg.get("job_url"))
+    _require_explicit_field(missing, "jenkins.trigger_branch", jenkins_cfg.get("trigger_branch"))
+    _require_explicit_field(missing, "jenkins.image_repository", jenkins_cfg.get("image_repository"))
+    _require_explicit_field(missing, "jenkins.image_tag_strategy", jenkins_cfg.get("image_tag_strategy"))
+    _require_explicit_field(missing, "jenkins.deploy_env", jenkins_cfg.get("deploy_env"))
+    _require_explicit_field(missing, "jenkins.api_user", jenkins_cfg.get("api_user"))
+    _require_explicit_field(missing, "jenkins.api_password", jenkins_cfg.get("api_password"))
 
     repo_docs = {
         "docs.taskbook": Path(repo, str(docs_cfg.get("taskbook", "docs/tasks/taskbook.md"))),
@@ -863,30 +823,31 @@ def cmd_doctor(args: argparse.Namespace) -> None:
         if not path.exists():
             warnings.append(f"{key} missing on disk: {path}")
 
-    if _pair_state(str(target_cfg.get("backend_username") or "").strip(), str(target_cfg.get("backend_password") or "").strip()) == "partial":
-        warnings.append("target_env.backend_username / target_env.backend_password is partial")
-    if _pair_state(str(target_cfg.get("frontend_username") or "").strip(), str(target_cfg.get("frontend_password") or "").strip()) == "partial":
-        warnings.append("target_env.frontend_username / target_env.frontend_password is partial")
-    if _pair_state(str(jenkins_cfg.get("ui_username") or "").strip(), str(jenkins_cfg.get("ui_password") or "").strip()) == "partial":
-        warnings.append("jenkins.ui_username / jenkins.ui_password is partial")
-
-    api_user = str(jenkins_cfg.get("api_user") or "").strip()
-    api_secret = str(jenkins_cfg.get("api_token") or jenkins_cfg.get("api_password") or "").strip()
-    if _pair_state(api_user, api_secret) == "partial":
-        warnings.append("jenkins.api_user with jenkins.api_token/api_password is partial")
+    _validate_url_field(warnings, "target_env.frontend_base_url", target_cfg.get("frontend_base_url"))
+    _validate_url_field(warnings, "target_env.backend_base_url", target_cfg.get("backend_base_url"))
+    _validate_url_field(warnings, "target_env.health_base_url", target_cfg.get("health_base_url"))
+    _validate_path_field(warnings, "target_env.health_path", target_cfg.get("health_path"))
+    _validate_url_field(warnings, "jenkins.base_url", jenkins_cfg.get("base_url"))
+    _validate_url_field(warnings, "jenkins.job_url", jenkins_cfg.get("job_url"))
 
     runtime_enabled = any(str(runtime_cfg.get(key) or "").strip() for key in ["docker_compose_file", "docker_service", "health_base_url", "health_path"])
-    if runtime_enabled and not (str(commands.get("compose_up") or "").strip() or str(runtime_cfg.get("docker_compose_file") or "").strip()):
-        warnings.append("runtime config is partially enabled but compose_up or docker_compose_file is missing")
+    if runtime_enabled and not str(runtime_cfg.get("docker_compose_file") or "").strip():
+        warnings.append("runtime config is partially enabled but runtime.docker_compose_file is missing")
+
+    try:
+        timeout_s = int(jenkins_cfg.get("deploy_timeout_sec") or 0)
+        if timeout_s <= 0:
+            warnings.append("jenkins.deploy_timeout_sec must be a positive integer")
+    except Exception:
+        warnings.append("jenkins.deploy_timeout_sec must be a positive integer")
+
+    if warnings:
+        missing.extend([f"invalid {item}" for item in warnings])
 
     if missing:
-        raise APError("Doctor found blocking config issues:\n- " + "\n- ".join(missing) + (("\nWarnings:\n- " + "\n- ".join(warnings)) if warnings else ""))
+        raise APError("Doctor found blocking config issues:\n- " + "\n- ".join(missing))
 
     print("[doctor] OK")
-    if warnings:
-        print("[doctor] Warnings:")
-        for item in warnings:
-            print(f"- {item}")
 
 
 def cmd_verify_jenkins_build(args: argparse.Namespace) -> None:
@@ -908,12 +869,10 @@ def cmd_verify_jenkins_build(args: argparse.Namespace) -> None:
     timeout_s = int(args.timeout_sec or 300)
     poll_s = int(args.poll_sec or 5)
     inferred_branch = _resolve_git_branch_name(repo, git_ref)
-    branch_hint = str(args.branch_name or jenkins_cfg.get("branch_name") or inferred_branch or "").strip()
+    branch_hint = str(args.branch_name or inferred_branch or "").strip()
     root_hint = str(
         args.multibranch_root_job
-        or jenkins_cfg.get("multibranch_root_job")
         or args.job_name
-        or jenkins_cfg.get("job_name")
         or args.job_url
         or jenkins_cfg.get("job_url")
         or ""
@@ -1064,6 +1023,7 @@ def cmd_record_closure(args: argparse.Namespace) -> None:
 def cmd_commit_push(args: argparse.Namespace) -> None:
     repo = Path(args.repo).resolve()
     ensure_git_repo(repo)
+    cmd_doctor(argparse.Namespace(repo=str(repo)))
 
     msg = args.msg
 

package/cli/src/index.js

@@ -62,19 +62,6 @@ function resolveTargetDir(ai, mode, destOverride){
   die(`unknown ai: ${ai}`);
 }
 
-function ensureGitignore(projectDir){
-  const gi = path.join(projectDir, ".gitignore");
-  const line = "docs/ENGINEERING.md";
-  if (!exists(gi)) {
-    fs.writeFileSync(gi, `${line}\n`, "utf-8");
-    return;
-  }
-  const txt = fs.readFileSync(gi, "utf-8");
-  if (!txt.includes(line)) {
-    fs.appendFileSync(gi, (txt.endsWith("\n") ? "" : "\n") + line + "\n");
-  }
-}
-
 function main(){
   const args = parseArgs(process.argv);
 
@@ -104,8 +91,6 @@ Examples:
   const assetSkill = path.resolve(here, "..", "assets", "skill");
   if (!exists(assetSkill)) die(`missing assets at ${assetSkill}`);
 
-  const proj = projectRoot();
-
   for (const t of targets) {
     const dstOverride = args.dest
       ? (targets.length > 1 ? path.join(args.dest, t) : args.dest)
@@ -119,8 +104,6 @@ Examples:
     console.log(`[autocoding] installed skill to: ${dst}`);
   }
 
-  if (args.mode === "project") ensureGitignore(proj);
-
   console.log("[autocoding] done.");
 }
 

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@elvis1513/auto-coding-skill",
-  "version": "1.0.0",
+  "version": "1.0.2",
   "description": "CLI installer for auto-coding-skill (Claude Code + Codex CLI) with Go fullstack + Jenkins workflow support.",
   "type": "module",
   "bin": {
@@ -13,7 +13,7 @@
     "LICENSE"
   ],
   "scripts": {
-    "test": "node -c cli/src/index.js",
+    "test": "node -c cli/src/index.js && python3 -m py_compile src/auto-coding-skill/scripts/ap.py src/auto-coding-skill/scripts/core.py src/auto-coding-skill/scripts/http_checks.py cli/assets/skill/scripts/ap.py cli/assets/skill/scripts/core.py cli/assets/skill/scripts/http_checks.py && find src cli -type d -name '__pycache__' -prune -exec rm -rf {} +",
     "sync-assets": "node cli/src/sync-assets.js",
     "release:check": "npm run sync-assets && npm run test && npm pack --dry-run"
   },