@fitlab-ai/agent-infra 0.3.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/License.txt +21 -0
- package/README.md +170 -0
- package/README.zh-CN.md +170 -0
- package/bin/cli.js +65 -0
- package/lib/defaults.json +45 -0
- package/lib/init.js +203 -0
- package/lib/log.js +27 -0
- package/lib/paths.js +48 -0
- package/lib/prompt.js +70 -0
- package/lib/render.js +99 -0
- package/lib/update.js +161 -0
- package/lib/version.js +7 -0
- package/package.json +48 -0
- package/templates/.agent-workspace/README.md +26 -0
- package/templates/.agent-workspace/README.zh-CN.md +26 -0
- package/templates/.agents/QUICKSTART.md +166 -0
- package/templates/.agents/QUICKSTART.zh-CN.md +166 -0
- package/templates/.agents/README.md +134 -0
- package/templates/.agents/README.zh-CN.md +134 -0
- package/templates/.agents/skills/analyze-task/SKILL.md +169 -0
- package/templates/.agents/skills/analyze-task/SKILL.zh-CN.md +169 -0
- package/templates/.agents/skills/block-task/SKILL.md +164 -0
- package/templates/.agents/skills/block-task/SKILL.zh-CN.md +163 -0
- package/templates/.agents/skills/check-task/SKILL.md +122 -0
- package/templates/.agents/skills/check-task/SKILL.zh-CN.md +122 -0
- package/templates/.agents/skills/close-codescan/SKILL.md +122 -0
- package/templates/.agents/skills/close-codescan/SKILL.zh-CN.md +122 -0
- package/templates/.agents/skills/close-dependabot/SKILL.md +130 -0
- package/templates/.agents/skills/close-dependabot/SKILL.zh-CN.md +130 -0
- package/templates/.agents/skills/commit/SKILL.md +218 -0
- package/templates/.agents/skills/commit/SKILL.zh-CN.md +217 -0
- package/templates/.agents/skills/complete-task/SKILL.md +139 -0
- package/templates/.agents/skills/complete-task/SKILL.zh-CN.md +137 -0
- package/templates/.agents/skills/create-pr/SKILL.md +126 -0
- package/templates/.agents/skills/create-pr/SKILL.zh-CN.md +125 -0
- package/templates/.agents/skills/create-release-note/SKILL.md +167 -0
- package/templates/.agents/skills/create-release-note/SKILL.zh-CN.md +166 -0
- package/templates/.agents/skills/create-task/SKILL.md +143 -0
- package/templates/.agents/skills/create-task/SKILL.zh-CN.md +143 -0
- package/templates/.agents/skills/implement-task/SKILL.md +229 -0
- package/templates/.agents/skills/implement-task/SKILL.zh-CN.md +227 -0
- package/templates/.agents/skills/import-codescan/SKILL.md +103 -0
- package/templates/.agents/skills/import-codescan/SKILL.zh-CN.md +103 -0
- package/templates/.agents/skills/import-dependabot/SKILL.md +107 -0
- package/templates/.agents/skills/import-dependabot/SKILL.zh-CN.md +107 -0
- package/templates/.agents/skills/import-issue/SKILL.md +119 -0
- package/templates/.agents/skills/import-issue/SKILL.zh-CN.md +119 -0
- package/templates/.agents/skills/init-labels/SKILL.md +74 -0
- package/templates/.agents/skills/init-labels/SKILL.zh-CN.md +74 -0
- package/templates/.agents/skills/init-labels/scripts/init-labels.sh +111 -0
- package/templates/.agents/skills/init-milestones/SKILL.md +74 -0
- package/templates/.agents/skills/init-milestones/SKILL.zh-CN.md +74 -0
- package/templates/.agents/skills/init-milestones/scripts/init-milestones.sh +169 -0
- package/templates/.agents/skills/plan-task/SKILL.md +225 -0
- package/templates/.agents/skills/plan-task/SKILL.zh-CN.md +225 -0
- package/templates/.agents/skills/refine-task/SKILL.md +200 -0
- package/templates/.agents/skills/refine-task/SKILL.zh-CN.md +200 -0
- package/templates/.agents/skills/refine-title/SKILL.md +84 -0
- package/templates/.agents/skills/refine-title/SKILL.zh-CN.md +83 -0
- package/templates/.agents/skills/release/SKILL.md +142 -0
- package/templates/.agents/skills/release/SKILL.zh-CN.md +141 -0
- package/templates/.agents/skills/release/scripts/manage-milestones.sh +80 -0
- package/templates/.agents/skills/review-task/SKILL.md +276 -0
- package/templates/.agents/skills/review-task/SKILL.zh-CN.md +276 -0
- package/templates/.agents/skills/sync-issue/SKILL.md +569 -0
- package/templates/.agents/skills/sync-issue/SKILL.zh-CN.md +569 -0
- package/templates/.agents/skills/sync-pr/SKILL.md +142 -0
- package/templates/.agents/skills/sync-pr/SKILL.zh-CN.md +142 -0
- package/templates/.agents/skills/test/SKILL.md +61 -0
- package/templates/.agents/skills/test/SKILL.zh-CN.md +61 -0
- package/templates/.agents/skills/test-integration/SKILL.md +70 -0
- package/templates/.agents/skills/test-integration/SKILL.zh-CN.md +69 -0
- package/templates/.agents/skills/update-agent-infra/SKILL.md +136 -0
- package/templates/.agents/skills/update-agent-infra/SKILL.zh-CN.md +124 -0
- package/templates/.agents/skills/update-agent-infra/scripts/package.json +3 -0
- package/templates/.agents/skills/update-agent-infra/scripts/sync-templates.js +469 -0
- package/templates/.agents/skills/upgrade-dependency/SKILL.md +88 -0
- package/templates/.agents/skills/upgrade-dependency/SKILL.zh-CN.md +87 -0
- package/templates/.agents/templates/handoff.md +60 -0
- package/templates/.agents/templates/handoff.zh-CN.md +60 -0
- package/templates/.agents/templates/review-report.md +67 -0
- package/templates/.agents/templates/review-report.zh-CN.md +67 -0
- package/templates/.agents/templates/task.md +65 -0
- package/templates/.agents/templates/task.zh-CN.md +65 -0
- package/templates/.agents/workflows/bug-fix.yaml +149 -0
- package/templates/.agents/workflows/bug-fix.zh-CN.yaml +149 -0
- package/templates/.agents/workflows/code-review.yaml +60 -0
- package/templates/.agents/workflows/code-review.zh-CN.yaml +60 -0
- package/templates/.agents/workflows/feature-development.yaml +150 -0
- package/templates/.agents/workflows/feature-development.zh-CN.yaml +150 -0
- package/templates/.agents/workflows/refactoring.yaml +154 -0
- package/templates/.agents/workflows/refactoring.zh-CN.yaml +154 -0
- package/templates/.claude/CLAUDE.md +163 -0
- package/templates/.claude/CLAUDE.zh-CN.md +163 -0
- package/templates/.claude/commands/analyze-task.md +8 -0
- package/templates/.claude/commands/analyze-task.zh-CN.md +8 -0
- package/templates/.claude/commands/block-task.md +8 -0
- package/templates/.claude/commands/block-task.zh-CN.md +8 -0
- package/templates/.claude/commands/check-task.md +8 -0
- package/templates/.claude/commands/check-task.zh-CN.md +8 -0
- package/templates/.claude/commands/close-codescan.md +8 -0
- package/templates/.claude/commands/close-codescan.zh-CN.md +8 -0
- package/templates/.claude/commands/close-dependabot.md +8 -0
- package/templates/.claude/commands/close-dependabot.zh-CN.md +8 -0
- package/templates/.claude/commands/commit.md +7 -0
- package/templates/.claude/commands/commit.zh-CN.md +7 -0
- package/templates/.claude/commands/complete-task.md +8 -0
- package/templates/.claude/commands/complete-task.zh-CN.md +8 -0
- package/templates/.claude/commands/create-pr.md +8 -0
- package/templates/.claude/commands/create-pr.zh-CN.md +8 -0
- package/templates/.claude/commands/create-release-note.md +8 -0
- package/templates/.claude/commands/create-release-note.zh-CN.md +8 -0
- package/templates/.claude/commands/create-task.md +8 -0
- package/templates/.claude/commands/create-task.zh-CN.md +8 -0
- package/templates/.claude/commands/implement-task.md +8 -0
- package/templates/.claude/commands/implement-task.zh-CN.md +8 -0
- package/templates/.claude/commands/import-codescan.md +8 -0
- package/templates/.claude/commands/import-codescan.zh-CN.md +8 -0
- package/templates/.claude/commands/import-dependabot.md +8 -0
- package/templates/.claude/commands/import-dependabot.zh-CN.md +8 -0
- package/templates/.claude/commands/import-issue.md +8 -0
- package/templates/.claude/commands/import-issue.zh-CN.md +8 -0
- package/templates/.claude/commands/init-labels.md +7 -0
- package/templates/.claude/commands/init-labels.zh-CN.md +7 -0
- package/templates/.claude/commands/init-milestones.md +8 -0
- package/templates/.claude/commands/init-milestones.zh-CN.md +8 -0
- package/templates/.claude/commands/plan-task.md +8 -0
- package/templates/.claude/commands/plan-task.zh-CN.md +8 -0
- package/templates/.claude/commands/refine-task.md +8 -0
- package/templates/.claude/commands/refine-task.zh-CN.md +8 -0
- package/templates/.claude/commands/refine-title.md +8 -0
- package/templates/.claude/commands/refine-title.zh-CN.md +8 -0
- package/templates/.claude/commands/release.md +8 -0
- package/templates/.claude/commands/release.zh-CN.md +8 -0
- package/templates/.claude/commands/review-task.md +8 -0
- package/templates/.claude/commands/review-task.zh-CN.md +8 -0
- package/templates/.claude/commands/sync-issue.md +8 -0
- package/templates/.claude/commands/sync-issue.zh-CN.md +8 -0
- package/templates/.claude/commands/sync-pr.md +8 -0
- package/templates/.claude/commands/sync-pr.zh-CN.md +8 -0
- package/templates/.claude/commands/test-integration.md +7 -0
- package/templates/.claude/commands/test-integration.zh-CN.md +7 -0
- package/templates/.claude/commands/test.md +7 -0
- package/templates/.claude/commands/test.zh-CN.md +7 -0
- package/templates/.claude/commands/update-agent-infra.md +7 -0
- package/templates/.claude/commands/update-agent-infra.zh-CN.md +7 -0
- package/templates/.claude/commands/upgrade-dependency.md +8 -0
- package/templates/.claude/commands/upgrade-dependency.zh-CN.md +8 -0
- package/templates/.claude/project-rules.md +65 -0
- package/templates/.claude/project-rules.zh-CN.md +65 -0
- package/templates/.claude/settings.json +20 -0
- package/templates/.codex/README.md +38 -0
- package/templates/.codex/README.zh-CN.md +37 -0
- package/templates/.editorconfig +15 -0
- package/templates/.gemini/commands/_project_/analyze-task.toml +8 -0
- package/templates/.gemini/commands/_project_/analyze-task.zh-CN.toml +8 -0
- package/templates/.gemini/commands/_project_/block-task.toml +8 -0
- package/templates/.gemini/commands/_project_/block-task.zh-CN.toml +8 -0
- package/templates/.gemini/commands/_project_/check-task.toml +8 -0
- package/templates/.gemini/commands/_project_/check-task.zh-CN.toml +8 -0
- package/templates/.gemini/commands/_project_/close-codescan.toml +8 -0
- package/templates/.gemini/commands/_project_/close-codescan.zh-CN.toml +8 -0
- package/templates/.gemini/commands/_project_/close-dependabot.toml +8 -0
- package/templates/.gemini/commands/_project_/close-dependabot.zh-CN.toml +8 -0
- package/templates/.gemini/commands/_project_/commit.toml +6 -0
- package/templates/.gemini/commands/_project_/commit.zh-CN.toml +6 -0
- package/templates/.gemini/commands/_project_/complete-task.toml +8 -0
- package/templates/.gemini/commands/_project_/complete-task.zh-CN.toml +8 -0
- package/templates/.gemini/commands/_project_/create-pr.toml +8 -0
- package/templates/.gemini/commands/_project_/create-pr.zh-CN.toml +8 -0
- package/templates/.gemini/commands/_project_/create-release-note.toml +8 -0
- package/templates/.gemini/commands/_project_/create-release-note.zh-CN.toml +8 -0
- package/templates/.gemini/commands/_project_/create-task.toml +8 -0
- package/templates/.gemini/commands/_project_/create-task.zh-CN.toml +8 -0
- package/templates/.gemini/commands/_project_/implement-task.toml +8 -0
- package/templates/.gemini/commands/_project_/implement-task.zh-CN.toml +8 -0
- package/templates/.gemini/commands/_project_/import-codescan.toml +8 -0
- package/templates/.gemini/commands/_project_/import-codescan.zh-CN.toml +8 -0
- package/templates/.gemini/commands/_project_/import-dependabot.toml +8 -0
- package/templates/.gemini/commands/_project_/import-dependabot.zh-CN.toml +8 -0
- package/templates/.gemini/commands/_project_/import-issue.toml +8 -0
- package/templates/.gemini/commands/_project_/import-issue.zh-CN.toml +8 -0
- package/templates/.gemini/commands/_project_/init-labels.toml +8 -0
- package/templates/.gemini/commands/_project_/init-labels.zh-CN.toml +8 -0
- package/templates/.gemini/commands/_project_/init-milestones.toml +10 -0
- package/templates/.gemini/commands/_project_/init-milestones.zh-CN.toml +10 -0
- package/templates/.gemini/commands/_project_/plan-task.toml +8 -0
- package/templates/.gemini/commands/_project_/plan-task.zh-CN.toml +8 -0
- package/templates/.gemini/commands/_project_/refine-task.toml +8 -0
- package/templates/.gemini/commands/_project_/refine-task.zh-CN.toml +8 -0
- package/templates/.gemini/commands/_project_/refine-title.toml +8 -0
- package/templates/.gemini/commands/_project_/refine-title.zh-CN.toml +8 -0
- package/templates/.gemini/commands/_project_/release.toml +8 -0
- package/templates/.gemini/commands/_project_/release.zh-CN.toml +8 -0
- package/templates/.gemini/commands/_project_/review-task.toml +8 -0
- package/templates/.gemini/commands/_project_/review-task.zh-CN.toml +8 -0
- package/templates/.gemini/commands/_project_/sync-issue.toml +8 -0
- package/templates/.gemini/commands/_project_/sync-issue.zh-CN.toml +8 -0
- package/templates/.gemini/commands/_project_/sync-pr.toml +8 -0
- package/templates/.gemini/commands/_project_/sync-pr.zh-CN.toml +8 -0
- package/templates/.gemini/commands/_project_/test-integration.toml +6 -0
- package/templates/.gemini/commands/_project_/test-integration.zh-CN.toml +6 -0
- package/templates/.gemini/commands/_project_/test.toml +6 -0
- package/templates/.gemini/commands/_project_/test.zh-CN.toml +6 -0
- package/templates/.gemini/commands/_project_/update-agent-infra.toml +6 -0
- package/templates/.gemini/commands/_project_/update-agent-infra.zh-CN.toml +6 -0
- package/templates/.gemini/commands/_project_/upgrade-dependency.toml +8 -0
- package/templates/.gemini/commands/_project_/upgrade-dependency.zh-CN.toml +8 -0
- package/templates/.gemini/settings.json +3 -0
- package/templates/.github/ISSUE_TEMPLATE/01_bug_report.yml +149 -0
- package/templates/.github/ISSUE_TEMPLATE/02_question.yml +101 -0
- package/templates/.github/ISSUE_TEMPLATE/03_feature_request.yml +131 -0
- package/templates/.github/ISSUE_TEMPLATE/04_documentation.yml +165 -0
- package/templates/.github/ISSUE_TEMPLATE/05_other.yml +147 -0
- package/templates/.github/ISSUE_TEMPLATE/config.yml +11 -0
- package/templates/.github/PULL_REQUEST_TEMPLATE.md +123 -0
- package/templates/.github/dependabot.yml +17 -0
- package/templates/.github/hooks/check-utf8-encoding.sh +25 -0
- package/templates/.github/release.yml +27 -0
- package/templates/.github/workflows/pr-title-check.yml +42 -0
- package/templates/.mailmap +4 -0
- package/templates/.opencode/COMMAND_STYLE_GUIDE.md +232 -0
- package/templates/.opencode/COMMAND_STYLE_GUIDE.zh-CN.md +232 -0
- package/templates/.opencode/README.md +76 -0
- package/templates/.opencode/README.zh-CN.md +77 -0
- package/templates/.opencode/commands/analyze-task.md +11 -0
- package/templates/.opencode/commands/analyze-task.zh-CN.md +11 -0
- package/templates/.opencode/commands/block-task.md +11 -0
- package/templates/.opencode/commands/block-task.zh-CN.md +11 -0
- package/templates/.opencode/commands/check-task.md +11 -0
- package/templates/.opencode/commands/check-task.zh-CN.md +11 -0
- package/templates/.opencode/commands/close-codescan.md +11 -0
- package/templates/.opencode/commands/close-codescan.zh-CN.md +11 -0
- package/templates/.opencode/commands/close-dependabot.md +11 -0
- package/templates/.opencode/commands/close-dependabot.zh-CN.md +11 -0
- package/templates/.opencode/commands/commit.md +9 -0
- package/templates/.opencode/commands/commit.zh-CN.md +9 -0
- package/templates/.opencode/commands/complete-task.md +11 -0
- package/templates/.opencode/commands/complete-task.zh-CN.md +11 -0
- package/templates/.opencode/commands/create-pr.md +11 -0
- package/templates/.opencode/commands/create-pr.zh-CN.md +11 -0
- package/templates/.opencode/commands/create-release-note.md +11 -0
- package/templates/.opencode/commands/create-release-note.zh-CN.md +11 -0
- package/templates/.opencode/commands/create-task.md +11 -0
- package/templates/.opencode/commands/create-task.zh-CN.md +11 -0
- package/templates/.opencode/commands/implement-task.md +11 -0
- package/templates/.opencode/commands/implement-task.zh-CN.md +11 -0
- package/templates/.opencode/commands/import-codescan.md +11 -0
- package/templates/.opencode/commands/import-codescan.zh-CN.md +11 -0
- package/templates/.opencode/commands/import-dependabot.md +11 -0
- package/templates/.opencode/commands/import-dependabot.zh-CN.md +11 -0
- package/templates/.opencode/commands/import-issue.md +11 -0
- package/templates/.opencode/commands/import-issue.zh-CN.md +11 -0
- package/templates/.opencode/commands/init-labels.md +9 -0
- package/templates/.opencode/commands/init-labels.zh-CN.md +9 -0
- package/templates/.opencode/commands/init-milestones.md +11 -0
- package/templates/.opencode/commands/init-milestones.zh-CN.md +11 -0
- package/templates/.opencode/commands/plan-task.md +11 -0
- package/templates/.opencode/commands/plan-task.zh-CN.md +11 -0
- package/templates/.opencode/commands/refine-task.md +11 -0
- package/templates/.opencode/commands/refine-task.zh-CN.md +11 -0
- package/templates/.opencode/commands/refine-title.md +11 -0
- package/templates/.opencode/commands/refine-title.zh-CN.md +11 -0
- package/templates/.opencode/commands/release.md +11 -0
- package/templates/.opencode/commands/release.zh-CN.md +11 -0
- package/templates/.opencode/commands/review-task.md +11 -0
- package/templates/.opencode/commands/review-task.zh-CN.md +11 -0
- package/templates/.opencode/commands/sync-issue.md +11 -0
- package/templates/.opencode/commands/sync-issue.zh-CN.md +11 -0
- package/templates/.opencode/commands/sync-pr.md +11 -0
- package/templates/.opencode/commands/sync-pr.zh-CN.md +11 -0
- package/templates/.opencode/commands/test-integration.md +9 -0
- package/templates/.opencode/commands/test-integration.zh-CN.md +9 -0
- package/templates/.opencode/commands/test.md +9 -0
- package/templates/.opencode/commands/test.zh-CN.md +9 -0
- package/templates/.opencode/commands/update-agent-infra.md +9 -0
- package/templates/.opencode/commands/update-agent-infra.zh-CN.md +9 -0
- package/templates/.opencode/commands/upgrade-dependency.md +11 -0
- package/templates/.opencode/commands/upgrade-dependency.zh-CN.md +11 -0
- package/templates/AGENTS.md +91 -0
- package/templates/AGENTS.zh-CN.md +91 -0
- package/templates/CONTRIBUTING.md +126 -0
- package/templates/CONTRIBUTING.zh-CN.md +124 -0
- package/templates/SECURITY.md +131 -0
- package/templates/SECURITY.zh-CN.md +131 -0
|
@@ -0,0 +1,227 @@
|
|
|
1
|
+
---
|
|
2
|
+
name: implement-task
|
|
3
|
+
description: >
|
|
4
|
+
根据技术方案实施任务,编写代码和测试,输出实现报告。当用户在技术方案审查通过后要求实施任务或编码时触发。
|
|
5
|
+
参数:task-id。
|
|
6
|
+
---
|
|
7
|
+
|
|
8
|
+
# 实施任务
|
|
9
|
+
|
|
10
|
+
## 行为边界 / 关键规则
|
|
11
|
+
|
|
12
|
+
- 严格遵循最新技术方案产物(`plan.md` 或 `plan-r{N}.md`)—— 不要偏离,除非记录了偏离原因
|
|
13
|
+
- 不要自动提交。绝不自动执行 `git commit` 或 `git add`
|
|
14
|
+
- 本技能产出实现报告(`implementation.md` 或 `implementation-r{N}.md`)—— 不覆盖已有轮次产物
|
|
15
|
+
- 执行本技能后,你**必须**立即更新 task.md 中的任务状态
|
|
16
|
+
|
|
17
|
+
## 执行步骤
|
|
18
|
+
|
|
19
|
+
### 1. 验证前置条件
|
|
20
|
+
|
|
21
|
+
检查必要文件:
|
|
22
|
+
- `.agent-workspace/active/{task-id}/task.md` - 任务文件
|
|
23
|
+
- 至少一个技术方案产物:`plan.md` 或 `plan-r{N}.md`
|
|
24
|
+
|
|
25
|
+
注意:`{task-id}` 格式为 `TASK-{yyyyMMdd-HHmmss}`,例如 `TASK-20260306-143022`
|
|
26
|
+
|
|
27
|
+
如果任一文件缺失,提示用户先完成前置步骤。
|
|
28
|
+
|
|
29
|
+
### 2. 确定输入方案与实现轮次
|
|
30
|
+
|
|
31
|
+
扫描 `.agent-workspace/active/{task-id}/` 目录中的技术方案文件(`plan.md`、`plan-r{N}.md`):
|
|
32
|
+
- 读取最高轮次的方案文件,记为 `{plan-artifact}`
|
|
33
|
+
|
|
34
|
+
扫描 `.agent-workspace/active/{task-id}/` 目录中的实现报告文件:
|
|
35
|
+
- 如果不存在 `implementation.md` 且不存在 `implementation-r*.md` → 本轮为第 1 轮,产出 `implementation.md`
|
|
36
|
+
- 如果存在 `implementation.md` 且不存在 `implementation-r*.md` → 本轮为第 2 轮,产出 `implementation-r2.md`
|
|
37
|
+
- 如果存在 `implementation-r{N}.md` → 本轮为第 N+1 轮,产出 `implementation-r{N+1}.md`
|
|
38
|
+
|
|
39
|
+
记录:
|
|
40
|
+
- `{plan-artifact}`:本次实现遵循的技术方案文件
|
|
41
|
+
- `{implementation-round}`:本轮实现轮次
|
|
42
|
+
- `{implementation-artifact}`:本轮实现报告文件名
|
|
43
|
+
|
|
44
|
+
注意:仅在审查结论为“拒绝”后重新执行时才会进入多轮。正常首次实现始终产出 `implementation.md`。
|
|
45
|
+
|
|
46
|
+
### 3. 阅读技术方案
|
|
47
|
+
|
|
48
|
+
仔细阅读 `{plan-artifact}` 以理解:
|
|
49
|
+
- 技术方法和解决策略
|
|
50
|
+
- 详细实施步骤
|
|
51
|
+
- 需要创建/修改的文件
|
|
52
|
+
- 测试策略
|
|
53
|
+
- 任何约束或风险
|
|
54
|
+
|
|
55
|
+
### 4. 执行代码实现
|
|
56
|
+
|
|
57
|
+
遵循 `.agents/workflows/feature-development.yaml` 中的 `implementation` 步骤:
|
|
58
|
+
|
|
59
|
+
**必要任务**:
|
|
60
|
+
- [ ] 按照计划实现功能代码
|
|
61
|
+
- [ ] 编写全面的单元测试
|
|
62
|
+
- [ ] 在本地运行测试以验证功能
|
|
63
|
+
- [ ] 更新相关文档和注释
|
|
64
|
+
- [ ] 遵循项目编码规范(参见项目指南)
|
|
65
|
+
|
|
66
|
+
**实现原则**:
|
|
67
|
+
1. **严格遵循计划**:不偏离技术方案
|
|
68
|
+
2. **逐步执行**:按顺序执行计划步骤
|
|
69
|
+
3. **持续测试**:每完成一个步骤后运行测试
|
|
70
|
+
4. **保持简单**:不过度设计,不添加计划外的功能
|
|
71
|
+
|
|
72
|
+
### 5. 运行测试验证
|
|
73
|
+
|
|
74
|
+
执行项目的测试命令。参考 `test` 技能获取项目特定的测试命令:
|
|
75
|
+
|
|
76
|
+
```bash
|
|
77
|
+
# 查看 .agents/skills/test/SKILL.md 获取项目测试命令
|
|
78
|
+
# 常见模式:
|
|
79
|
+
# npm test (Node.js)
|
|
80
|
+
# mvn test (Maven)
|
|
81
|
+
# pytest (Python)
|
|
82
|
+
# go test ./... (Go)
|
|
83
|
+
```
|
|
84
|
+
|
|
85
|
+
确保所有测试通过。如果测试失败,在继续之前修复问题。
|
|
86
|
+
|
|
87
|
+
### 6. 输出实现报告
|
|
88
|
+
|
|
89
|
+
创建 `.agent-workspace/active/{task-id}/{implementation-artifact}`。
|
|
90
|
+
|
|
91
|
+
要求:
|
|
92
|
+
- 不要覆盖已有的实现报告
|
|
93
|
+
- 在报告中明确记录本轮轮次编号和实际产物文件名
|
|
94
|
+
- 如果本轮是重实现,说明其触发原因(例如上一轮审查结论为 Rejected)
|
|
95
|
+
|
|
96
|
+
### 7. 更新任务状态
|
|
97
|
+
|
|
98
|
+
获取当前时间:
|
|
99
|
+
|
|
100
|
+
```bash
|
|
101
|
+
date "+%Y-%m-%d %H:%M:%S"
|
|
102
|
+
```
|
|
103
|
+
|
|
104
|
+
更新 `.agent-workspace/active/{task-id}/task.md`:
|
|
105
|
+
- `current_step`:implementation
|
|
106
|
+
- `assigned_to`:{当前 AI 代理}
|
|
107
|
+
- `updated_at`:{当前时间}
|
|
108
|
+
- 记录本轮实现产物:`{implementation-artifact}`(Round `{implementation-round}`)
|
|
109
|
+
- 在工作流进度中标记 implementation 为已完成,并注明实际轮次(如果任务模板支持)
|
|
110
|
+
- **追加**到 `## Activity Log`(不要覆盖之前的记录):
|
|
111
|
+
```
|
|
112
|
+
- {yyyy-MM-dd HH:mm:ss} — **Implementation (Round {N})** by {agent} — Code implemented, {n} files modified, {n} tests passed → {artifact-filename}
|
|
113
|
+
```
|
|
114
|
+
|
|
115
|
+
### 8. 告知用户
|
|
116
|
+
|
|
117
|
+
> **重要**:以下「下一步」中列出的所有 TUI 命令格式必须完整输出,不要只展示当前 AI 代理对应的格式。
|
|
118
|
+
|
|
119
|
+
输出格式:
|
|
120
|
+
```
|
|
121
|
+
任务 {task-id} 实现完成。
|
|
122
|
+
|
|
123
|
+
摘要:
|
|
124
|
+
- 修改文件:{数量}
|
|
125
|
+
- 新建文件:{数量}
|
|
126
|
+
- 测试通过:{数量}/{总数}
|
|
127
|
+
|
|
128
|
+
产出文件:
|
|
129
|
+
- 实现报告:.agent-workspace/active/{task-id}/{implementation-artifact}(Round {implementation-round})
|
|
130
|
+
|
|
131
|
+
下一步 - 代码审查:
|
|
132
|
+
- Claude Code / OpenCode:/review-task {task-id}
|
|
133
|
+
- Gemini CLI:/{{project}}:review-task {task-id}
|
|
134
|
+
- Codex CLI:$review-task {task-id}
|
|
135
|
+
```
|
|
136
|
+
|
|
137
|
+
## 输出模板
|
|
138
|
+
|
|
139
|
+
```markdown
|
|
140
|
+
# 实现报告
|
|
141
|
+
|
|
142
|
+
- **实现轮次**:Round {implementation-round}
|
|
143
|
+
- **产物文件**:`{implementation-artifact}`
|
|
144
|
+
|
|
145
|
+
## 修改文件
|
|
146
|
+
|
|
147
|
+
### 新建文件
|
|
148
|
+
- `{file-path}` - {描述}
|
|
149
|
+
|
|
150
|
+
### 修改文件
|
|
151
|
+
- `{file-path}` - {变更摘要}
|
|
152
|
+
|
|
153
|
+
## 关键代码说明
|
|
154
|
+
|
|
155
|
+
### {模块/功能名称}
|
|
156
|
+
**文件**:`{file-path}:{line-number}`
|
|
157
|
+
|
|
158
|
+
**实现逻辑**:
|
|
159
|
+
{重要逻辑的说明}
|
|
160
|
+
|
|
161
|
+
**关键代码**:
|
|
162
|
+
```{language}
|
|
163
|
+
{关键代码片段}
|
|
164
|
+
```
|
|
165
|
+
|
|
166
|
+
## 测试结果
|
|
167
|
+
|
|
168
|
+
### 单元测试
|
|
169
|
+
- 测试文件:`{test-file-path}`
|
|
170
|
+
- 测试用例数:{数量}
|
|
171
|
+
- 通过率:{百分比}
|
|
172
|
+
|
|
173
|
+
**测试输出**:
|
|
174
|
+
```
|
|
175
|
+
{测试运行结果}
|
|
176
|
+
```
|
|
177
|
+
|
|
178
|
+
## 与计划的差异
|
|
179
|
+
|
|
180
|
+
{如果实现与计划有差异,说明原因}
|
|
181
|
+
|
|
182
|
+
## 审查关注点
|
|
183
|
+
|
|
184
|
+
**需要审查者注意的要点**:
|
|
185
|
+
- {关注点 1}
|
|
186
|
+
- {关注点 2}
|
|
187
|
+
|
|
188
|
+
## 已知问题
|
|
189
|
+
|
|
190
|
+
{实现过程中发现的问题或后续需要优化的事项}
|
|
191
|
+
|
|
192
|
+
## 后续步骤
|
|
193
|
+
|
|
194
|
+
{代码审查或后续工作的建议}
|
|
195
|
+
```
|
|
196
|
+
|
|
197
|
+
## 完成检查清单
|
|
198
|
+
|
|
199
|
+
- [ ] 完成了所有代码实现
|
|
200
|
+
- [ ] 创建了实现报告 `.agent-workspace/active/{task-id}/{implementation-artifact}`
|
|
201
|
+
- [ ] 所有测试通过
|
|
202
|
+
- [ ] 更新了 task.md 中的 `current_step` 为 implementation
|
|
203
|
+
- [ ] 更新了 task.md 中的 `updated_at` 为当前时间
|
|
204
|
+
- [ ] 更新了 task.md 中的 `assigned_to`
|
|
205
|
+
- [ ] 追加了 Activity Log 条目到 task.md
|
|
206
|
+
- [ ] 在工作流进度中标记了 implementation 为已完成
|
|
207
|
+
- [ ] 告知了用户下一步(必须展示所有 TUI 的命令格式,不要筛选)
|
|
208
|
+
|
|
209
|
+
## 停止
|
|
210
|
+
|
|
211
|
+
完成检查清单后,**停止**。不要自动提交。等待代码审查后再提交。
|
|
212
|
+
|
|
213
|
+
## 注意事项
|
|
214
|
+
|
|
215
|
+
1. **前置条件**:必须有已审查的技术方案(`plan.md` 或 `plan-r{N}.md` 存在且已获批准)
|
|
216
|
+
2. **禁止自动提交**:不要自动执行 `git commit` 或 `git add`。提醒用户手动提交
|
|
217
|
+
3. **测试要求**:所有新代码必须有单元测试;测试覆盖率不得下降
|
|
218
|
+
4. **代码质量**:遵循项目编码规范
|
|
219
|
+
5. **计划偏离**:如果需要偏离计划,在实现报告中记录原因
|
|
220
|
+
6. **版本化规则**:首轮实现使用 `implementation.md`;后续重实现使用 `implementation-r{N}.md`
|
|
221
|
+
|
|
222
|
+
## 错误处理
|
|
223
|
+
|
|
224
|
+
- 任务未找到:提示 "Task {task-id} not found"
|
|
225
|
+
- 缺少计划:提示 "Technical plan not found, please run the plan-task skill first"
|
|
226
|
+
- 测试失败:输出测试错误,询问用户是否继续
|
|
227
|
+
- 构建失败:输出构建错误,停止实现
|
|
@@ -0,0 +1,103 @@
|
|
|
1
|
+
---
|
|
2
|
+
name: import-codescan
|
|
3
|
+
description: >
|
|
4
|
+
导入 Code Scanning(CodeQL)告警并创建修复任务。
|
|
5
|
+
当用户要求导入 Code Scanning 告警时触发。参数:告警编号。
|
|
6
|
+
---
|
|
7
|
+
|
|
8
|
+
# 导入 Code Scanning 告警
|
|
9
|
+
|
|
10
|
+
导入指定的 Code Scanning(CodeQL)告警并创建修复任务。
|
|
11
|
+
|
|
12
|
+
## 行为边界 / 关键规则
|
|
13
|
+
|
|
14
|
+
- 本技能仅负责导入告警并创建任务骨架 —— 不直接修改业务代码或关闭告警
|
|
15
|
+
- 不要自动提交。绝不自动执行 `git commit` 或 `git add`
|
|
16
|
+
- 执行本技能后,你**必须**立即更新 task.md 中的任务状态
|
|
17
|
+
|
|
18
|
+
## 执行流程
|
|
19
|
+
|
|
20
|
+
### 1. 获取告警信息
|
|
21
|
+
|
|
22
|
+
```bash
|
|
23
|
+
gh api repos/{owner}/{repo}/code-scanning/alerts/<alert-number>
|
|
24
|
+
```
|
|
25
|
+
|
|
26
|
+
提取关键信息:
|
|
27
|
+
- `number`:告警编号
|
|
28
|
+
- `state`:状态(open/dismissed/fixed)
|
|
29
|
+
- `rule`:规则信息(id、severity、description、security_severity_level)
|
|
30
|
+
- `tool`:扫描工具信息(name、version)
|
|
31
|
+
- `most_recent_instance`:位置(path、start_line、end_line)、消息
|
|
32
|
+
- `html_url`:GitHub 告警链接
|
|
33
|
+
|
|
34
|
+
### 2. 创建任务目录和文件
|
|
35
|
+
|
|
36
|
+
检查是否已存在该告警的任务。如果不存在,创建:
|
|
37
|
+
|
|
38
|
+
目录:`.agent-workspace/active/TASK-{yyyyMMdd-HHmmss}/`
|
|
39
|
+
|
|
40
|
+
任务元数据:
|
|
41
|
+
```yaml
|
|
42
|
+
id: TASK-{yyyyMMdd-HHmmss}
|
|
43
|
+
codescan_alert_number: <alert-number>
|
|
44
|
+
severity: <critical/high/medium/low>
|
|
45
|
+
rule_id: <rule-id>
|
|
46
|
+
tool: <tool-name>
|
|
47
|
+
```
|
|
48
|
+
|
|
49
|
+
### 3. 更新任务状态
|
|
50
|
+
|
|
51
|
+
获取当前时间:
|
|
52
|
+
|
|
53
|
+
```bash
|
|
54
|
+
date "+%Y-%m-%d %H:%M:%S"
|
|
55
|
+
```
|
|
56
|
+
|
|
57
|
+
更新 task.md:`current_step` -> `requirement-analysis`。
|
|
58
|
+
- **追加**到 `## Activity Log`(不要覆盖之前的记录):
|
|
59
|
+
```
|
|
60
|
+
- {yyyy-MM-dd HH:mm:ss} — **Import Code Scanning Alert** by {agent} — Code Scanning alert #{alert-number} imported
|
|
61
|
+
```
|
|
62
|
+
|
|
63
|
+
### 4. 告知用户
|
|
64
|
+
|
|
65
|
+
> **重要**:以下「下一步」中列出的所有 TUI 命令格式必须完整输出,不要只展示当前 AI 代理对应的格式。
|
|
66
|
+
|
|
67
|
+
```
|
|
68
|
+
Code Scanning 告警 #{alert-number} 已导入。
|
|
69
|
+
|
|
70
|
+
告警信息:
|
|
71
|
+
- 严重程度:{severity}
|
|
72
|
+
- 规则:{rule-id}
|
|
73
|
+
- 位置:{file-path}:{line-number}
|
|
74
|
+
|
|
75
|
+
任务信息:
|
|
76
|
+
- 任务 ID:{task-id}
|
|
77
|
+
|
|
78
|
+
下一步:
|
|
79
|
+
- Claude Code / OpenCode:/analyze-task {task-id}
|
|
80
|
+
- Gemini CLI:/agent-infra:analyze-task {task-id}
|
|
81
|
+
- Codex CLI:$analyze-task {task-id}
|
|
82
|
+
```
|
|
83
|
+
|
|
84
|
+
## 注意事项
|
|
85
|
+
|
|
86
|
+
1. **严重程度优先级**:Critical/High -> 立即处理。Medium -> 计划处理。Low -> 可延后。
|
|
87
|
+
2. **范围**:本技能仅负责导入告警并创建任务;风险评估由 `analyze-task` 负责。
|
|
88
|
+
3. **后续动作**:导入后先执行 `analyze-task`,分析完成后再决定修复或关闭。
|
|
89
|
+
|
|
90
|
+
## 完成检查清单
|
|
91
|
+
|
|
92
|
+
- [ ] 获取并记录了告警关键信息
|
|
93
|
+
- [ ] 创建或确认了对应的任务目录与任务文件
|
|
94
|
+
- [ ] 更新了 task.md 中的 `current_step` 为 requirement-analysis
|
|
95
|
+
- [ ] 更新了 task.md 中的 `updated_at` 为当前时间
|
|
96
|
+
- [ ] 追加了 Activity Log 条目到 task.md
|
|
97
|
+
- [ ] 告知了用户下一步(必须展示所有 TUI 的命令格式,不要筛选)
|
|
98
|
+
|
|
99
|
+
## 错误处理
|
|
100
|
+
|
|
101
|
+
- 告警未找到:提示 "Code Scanning alert #{number} not found"
|
|
102
|
+
- 告警已关闭:询问用户是否继续分析
|
|
103
|
+
- 网络/权限错误:提示相应信息
|
|
@@ -0,0 +1,103 @@
|
|
|
1
|
+
---
|
|
2
|
+
name: import-codescan
|
|
3
|
+
description: >
|
|
4
|
+
导入 Code Scanning(CodeQL)告警并创建修复任务。
|
|
5
|
+
当用户要求导入 Code Scanning 告警时触发。参数:告警编号。
|
|
6
|
+
---
|
|
7
|
+
|
|
8
|
+
# 导入 Code Scanning 告警
|
|
9
|
+
|
|
10
|
+
导入指定的 Code Scanning(CodeQL)告警并创建修复任务。
|
|
11
|
+
|
|
12
|
+
## 行为边界 / 关键规则
|
|
13
|
+
|
|
14
|
+
- 本技能仅负责导入告警并创建任务骨架 —— 不直接修改业务代码或关闭告警
|
|
15
|
+
- 不要自动提交。绝不自动执行 `git commit` 或 `git add`
|
|
16
|
+
- 执行本技能后,你**必须**立即更新 task.md 中的任务状态
|
|
17
|
+
|
|
18
|
+
## 执行流程
|
|
19
|
+
|
|
20
|
+
### 1. 获取告警信息
|
|
21
|
+
|
|
22
|
+
```bash
|
|
23
|
+
gh api repos/{owner}/{repo}/code-scanning/alerts/<alert-number>
|
|
24
|
+
```
|
|
25
|
+
|
|
26
|
+
提取关键信息:
|
|
27
|
+
- `number`:告警编号
|
|
28
|
+
- `state`:状态(open/dismissed/fixed)
|
|
29
|
+
- `rule`:规则信息(id、severity、description、security_severity_level)
|
|
30
|
+
- `tool`:扫描工具信息(name、version)
|
|
31
|
+
- `most_recent_instance`:位置(path、start_line、end_line)、消息
|
|
32
|
+
- `html_url`:GitHub 告警链接
|
|
33
|
+
|
|
34
|
+
### 2. 创建任务目录和文件
|
|
35
|
+
|
|
36
|
+
检查是否已存在该告警的任务。如果不存在,创建:
|
|
37
|
+
|
|
38
|
+
目录:`.agent-workspace/active/TASK-{yyyyMMdd-HHmmss}/`
|
|
39
|
+
|
|
40
|
+
任务元数据:
|
|
41
|
+
```yaml
|
|
42
|
+
id: TASK-{yyyyMMdd-HHmmss}
|
|
43
|
+
codescan_alert_number: <alert-number>
|
|
44
|
+
severity: <critical/high/medium/low>
|
|
45
|
+
rule_id: <rule-id>
|
|
46
|
+
tool: <tool-name>
|
|
47
|
+
```
|
|
48
|
+
|
|
49
|
+
### 3. 更新任务状态
|
|
50
|
+
|
|
51
|
+
获取当前时间:
|
|
52
|
+
|
|
53
|
+
```bash
|
|
54
|
+
date "+%Y-%m-%d %H:%M:%S"
|
|
55
|
+
```
|
|
56
|
+
|
|
57
|
+
更新 task.md:`current_step` -> `requirement-analysis`。
|
|
58
|
+
- **追加**到 `## Activity Log`(不要覆盖之前的记录):
|
|
59
|
+
```
|
|
60
|
+
- {yyyy-MM-dd HH:mm:ss} — **Import Code Scanning Alert** by {agent} — Code Scanning alert #{alert-number} imported
|
|
61
|
+
```
|
|
62
|
+
|
|
63
|
+
### 4. 告知用户
|
|
64
|
+
|
|
65
|
+
> **重要**:以下「下一步」中列出的所有 TUI 命令格式必须完整输出,不要只展示当前 AI 代理对应的格式。
|
|
66
|
+
|
|
67
|
+
```
|
|
68
|
+
Code Scanning 告警 #{alert-number} 已导入。
|
|
69
|
+
|
|
70
|
+
告警信息:
|
|
71
|
+
- 严重程度:{severity}
|
|
72
|
+
- 规则:{rule-id}
|
|
73
|
+
- 位置:{file-path}:{line-number}
|
|
74
|
+
|
|
75
|
+
任务信息:
|
|
76
|
+
- 任务 ID:{task-id}
|
|
77
|
+
|
|
78
|
+
下一步:
|
|
79
|
+
- Claude Code / OpenCode:/analyze-task {task-id}
|
|
80
|
+
- Gemini CLI:/agent-infra:analyze-task {task-id}
|
|
81
|
+
- Codex CLI:$analyze-task {task-id}
|
|
82
|
+
```
|
|
83
|
+
|
|
84
|
+
## 注意事项
|
|
85
|
+
|
|
86
|
+
1. **严重程度优先级**:Critical/High -> 立即处理。Medium -> 计划处理。Low -> 可延后。
|
|
87
|
+
2. **范围**:本技能仅负责导入告警并创建任务;风险评估由 `analyze-task` 负责。
|
|
88
|
+
3. **后续动作**:导入后先执行 `analyze-task`,分析完成后再决定修复或关闭。
|
|
89
|
+
|
|
90
|
+
## 完成检查清单
|
|
91
|
+
|
|
92
|
+
- [ ] 获取并记录了告警关键信息
|
|
93
|
+
- [ ] 创建或确认了对应的任务目录与任务文件
|
|
94
|
+
- [ ] 更新了 task.md 中的 `current_step` 为 requirement-analysis
|
|
95
|
+
- [ ] 更新了 task.md 中的 `updated_at` 为当前时间
|
|
96
|
+
- [ ] 追加了 Activity Log 条目到 task.md
|
|
97
|
+
- [ ] 告知了用户下一步(必须展示所有 TUI 的命令格式,不要筛选)
|
|
98
|
+
|
|
99
|
+
## 错误处理
|
|
100
|
+
|
|
101
|
+
- 告警未找到:提示 "Code Scanning alert #{number} not found"
|
|
102
|
+
- 告警已关闭:询问用户是否继续分析
|
|
103
|
+
- 网络/权限错误:提示相应信息
|
|
@@ -0,0 +1,107 @@
|
|
|
1
|
+
---
|
|
2
|
+
name: import-dependabot
|
|
3
|
+
description: >
|
|
4
|
+
导入 Dependabot 安全告警并创建修复任务。
|
|
5
|
+
当用户要求导入 Dependabot 告警时触发。参数:告警编号。
|
|
6
|
+
---
|
|
7
|
+
|
|
8
|
+
# 导入 Dependabot 安全告警
|
|
9
|
+
|
|
10
|
+
导入指定的 Dependabot 安全告警并创建修复任务。
|
|
11
|
+
|
|
12
|
+
## 行为边界 / 关键规则
|
|
13
|
+
|
|
14
|
+
- 本技能仅负责导入告警并创建任务骨架 —— 不直接修改业务代码或关闭告警
|
|
15
|
+
- 不要自动提交。绝不自动执行 `git commit` 或 `git add`
|
|
16
|
+
- 执行本技能后,你**必须**立即更新 task.md 中的任务状态
|
|
17
|
+
|
|
18
|
+
## 执行流程
|
|
19
|
+
|
|
20
|
+
### 1. 获取告警信息
|
|
21
|
+
|
|
22
|
+
```bash
|
|
23
|
+
gh api repos/{owner}/{repo}/dependabot/alerts/<alert-number>
|
|
24
|
+
```
|
|
25
|
+
|
|
26
|
+
提取关键信息:
|
|
27
|
+
- `number`:告警编号
|
|
28
|
+
- `state`:状态(open/dismissed/fixed)
|
|
29
|
+
- `security_advisory`:安全公告详情(ghsa_id、cve_id、severity、summary、description)
|
|
30
|
+
- `dependency`:受影响的依赖(包名、生态系统、清单路径)
|
|
31
|
+
- `security_vulnerability`:受影响版本范围、首个修复版本
|
|
32
|
+
|
|
33
|
+
### 2. 创建任务目录和文件
|
|
34
|
+
|
|
35
|
+
检查 `.agent-workspace/active/` 中是否已存在该告警的任务。
|
|
36
|
+
- 如果找到,询问用户是否重新导入
|
|
37
|
+
- 如果未找到,创建新任务
|
|
38
|
+
|
|
39
|
+
创建目录:`.agent-workspace/active/TASK-{yyyyMMdd-HHmmss}/`
|
|
40
|
+
|
|
41
|
+
任务元数据需包含:
|
|
42
|
+
```yaml
|
|
43
|
+
id: TASK-{yyyyMMdd-HHmmss}
|
|
44
|
+
security_alert_number: <alert-number>
|
|
45
|
+
severity: <critical/high/medium/low>
|
|
46
|
+
cve_id: <CVE-ID>
|
|
47
|
+
ghsa_id: <GHSA-ID>
|
|
48
|
+
```
|
|
49
|
+
|
|
50
|
+
### 3. 更新任务状态
|
|
51
|
+
|
|
52
|
+
获取当前时间:
|
|
53
|
+
|
|
54
|
+
```bash
|
|
55
|
+
date "+%Y-%m-%d %H:%M:%S"
|
|
56
|
+
```
|
|
57
|
+
|
|
58
|
+
更新 task.md:`current_step` -> `requirement-analysis`。
|
|
59
|
+
- **追加**到 `## Activity Log`(不要覆盖之前的记录):
|
|
60
|
+
```
|
|
61
|
+
- {yyyy-MM-dd HH:mm:ss} — **Import Dependabot Alert** by {agent} — Dependabot alert #{alert-number} imported
|
|
62
|
+
```
|
|
63
|
+
|
|
64
|
+
### 4. 告知用户
|
|
65
|
+
|
|
66
|
+
> **重要**:以下「下一步」中列出的所有 TUI 命令格式必须完整输出,不要只展示当前 AI 代理对应的格式。
|
|
67
|
+
|
|
68
|
+
```
|
|
69
|
+
安全告警 #{alert-number} 已导入。
|
|
70
|
+
|
|
71
|
+
漏洞信息:
|
|
72
|
+
- 严重程度:{severity}
|
|
73
|
+
- CVE/GHSA:{cve-id} / {ghsa-id}
|
|
74
|
+
- 受影响包:{package-name}
|
|
75
|
+
|
|
76
|
+
任务信息:
|
|
77
|
+
- 任务 ID:{task-id}
|
|
78
|
+
|
|
79
|
+
产出文件:
|
|
80
|
+
- 任务文件:.agent-workspace/active/{task-id}/task.md
|
|
81
|
+
|
|
82
|
+
下一步:
|
|
83
|
+
- Claude Code / OpenCode:/analyze-task {task-id}
|
|
84
|
+
- Gemini CLI:/agent-infra:analyze-task {task-id}
|
|
85
|
+
- Codex CLI:$analyze-task {task-id}
|
|
86
|
+
```
|
|
87
|
+
|
|
88
|
+
## 注意事项
|
|
89
|
+
|
|
90
|
+
1. **严重程度优先级**:Critical/High -> 立即处理。Medium -> 计划处理。Low -> 可延后。
|
|
91
|
+
2. **范围**:本技能仅负责导入告警并创建任务;风险评估由 `analyze-task` 负责。
|
|
92
|
+
3. **后续动作**:导入后先执行 `analyze-task`,分析完成后再决定修复或关闭。
|
|
93
|
+
|
|
94
|
+
## 完成检查清单
|
|
95
|
+
|
|
96
|
+
- [ ] 获取并记录了告警关键信息
|
|
97
|
+
- [ ] 创建或确认了对应的任务目录与任务文件
|
|
98
|
+
- [ ] 更新了 task.md 中的 `current_step` 为 requirement-analysis
|
|
99
|
+
- [ ] 更新了 task.md 中的 `updated_at` 为当前时间
|
|
100
|
+
- [ ] 追加了 Activity Log 条目到 task.md
|
|
101
|
+
- [ ] 告知了用户下一步(必须展示所有 TUI 的命令格式,不要筛选)
|
|
102
|
+
|
|
103
|
+
## 错误处理
|
|
104
|
+
|
|
105
|
+
- 告警未找到:提示 "Security alert #{number} not found"
|
|
106
|
+
- 告警已关闭:询问用户是否继续分析
|
|
107
|
+
- 网络/权限错误:提示相应信息
|
|
@@ -0,0 +1,107 @@
|
|
|
1
|
+
---
|
|
2
|
+
name: import-dependabot
|
|
3
|
+
description: >
|
|
4
|
+
导入 Dependabot 安全告警并创建修复任务。
|
|
5
|
+
当用户要求导入 Dependabot 告警时触发。参数:告警编号。
|
|
6
|
+
---
|
|
7
|
+
|
|
8
|
+
# 导入 Dependabot 安全告警
|
|
9
|
+
|
|
10
|
+
导入指定的 Dependabot 安全告警并创建修复任务。
|
|
11
|
+
|
|
12
|
+
## 行为边界 / 关键规则
|
|
13
|
+
|
|
14
|
+
- 本技能仅负责导入告警并创建任务骨架 —— 不直接修改业务代码或关闭告警
|
|
15
|
+
- 不要自动提交。绝不自动执行 `git commit` 或 `git add`
|
|
16
|
+
- 执行本技能后,你**必须**立即更新 task.md 中的任务状态
|
|
17
|
+
|
|
18
|
+
## 执行流程
|
|
19
|
+
|
|
20
|
+
### 1. 获取告警信息
|
|
21
|
+
|
|
22
|
+
```bash
|
|
23
|
+
gh api repos/{owner}/{repo}/dependabot/alerts/<alert-number>
|
|
24
|
+
```
|
|
25
|
+
|
|
26
|
+
提取关键信息:
|
|
27
|
+
- `number`:告警编号
|
|
28
|
+
- `state`:状态(open/dismissed/fixed)
|
|
29
|
+
- `security_advisory`:安全公告详情(ghsa_id、cve_id、severity、summary、description)
|
|
30
|
+
- `dependency`:受影响的依赖(包名、生态系统、清单路径)
|
|
31
|
+
- `security_vulnerability`:受影响版本范围、首个修复版本
|
|
32
|
+
|
|
33
|
+
### 2. 创建任务目录和文件
|
|
34
|
+
|
|
35
|
+
检查 `.agent-workspace/active/` 中是否已存在该告警的任务。
|
|
36
|
+
- 如果找到,询问用户是否重新导入
|
|
37
|
+
- 如果未找到,创建新任务
|
|
38
|
+
|
|
39
|
+
创建目录:`.agent-workspace/active/TASK-{yyyyMMdd-HHmmss}/`
|
|
40
|
+
|
|
41
|
+
任务元数据需包含:
|
|
42
|
+
```yaml
|
|
43
|
+
id: TASK-{yyyyMMdd-HHmmss}
|
|
44
|
+
security_alert_number: <alert-number>
|
|
45
|
+
severity: <critical/high/medium/low>
|
|
46
|
+
cve_id: <CVE-ID>
|
|
47
|
+
ghsa_id: <GHSA-ID>
|
|
48
|
+
```
|
|
49
|
+
|
|
50
|
+
### 3. 更新任务状态
|
|
51
|
+
|
|
52
|
+
获取当前时间:
|
|
53
|
+
|
|
54
|
+
```bash
|
|
55
|
+
date "+%Y-%m-%d %H:%M:%S"
|
|
56
|
+
```
|
|
57
|
+
|
|
58
|
+
更新 task.md:`current_step` -> `requirement-analysis`。
|
|
59
|
+
- **追加**到 `## Activity Log`(不要覆盖之前的记录):
|
|
60
|
+
```
|
|
61
|
+
- {yyyy-MM-dd HH:mm:ss} — **Import Dependabot Alert** by {agent} — Dependabot alert #{alert-number} imported
|
|
62
|
+
```
|
|
63
|
+
|
|
64
|
+
### 4. 告知用户
|
|
65
|
+
|
|
66
|
+
> **重要**:以下「下一步」中列出的所有 TUI 命令格式必须完整输出,不要只展示当前 AI 代理对应的格式。
|
|
67
|
+
|
|
68
|
+
```
|
|
69
|
+
安全告警 #{alert-number} 已导入。
|
|
70
|
+
|
|
71
|
+
漏洞信息:
|
|
72
|
+
- 严重程度:{severity}
|
|
73
|
+
- CVE/GHSA:{cve-id} / {ghsa-id}
|
|
74
|
+
- 受影响包:{package-name}
|
|
75
|
+
|
|
76
|
+
任务信息:
|
|
77
|
+
- 任务 ID:{task-id}
|
|
78
|
+
|
|
79
|
+
产出文件:
|
|
80
|
+
- 任务文件:.agent-workspace/active/{task-id}/task.md
|
|
81
|
+
|
|
82
|
+
下一步:
|
|
83
|
+
- Claude Code / OpenCode:/analyze-task {task-id}
|
|
84
|
+
- Gemini CLI:/agent-infra:analyze-task {task-id}
|
|
85
|
+
- Codex CLI:$analyze-task {task-id}
|
|
86
|
+
```
|
|
87
|
+
|
|
88
|
+
## 注意事项
|
|
89
|
+
|
|
90
|
+
1. **严重程度优先级**:Critical/High -> 立即处理。Medium -> 计划处理。Low -> 可延后。
|
|
91
|
+
2. **范围**:本技能仅负责导入告警并创建任务;风险评估由 `analyze-task` 负责。
|
|
92
|
+
3. **后续动作**:导入后先执行 `analyze-task`,分析完成后再决定修复或关闭。
|
|
93
|
+
|
|
94
|
+
## 完成检查清单
|
|
95
|
+
|
|
96
|
+
- [ ] 获取并记录了告警关键信息
|
|
97
|
+
- [ ] 创建或确认了对应的任务目录与任务文件
|
|
98
|
+
- [ ] 更新了 task.md 中的 `current_step` 为 requirement-analysis
|
|
99
|
+
- [ ] 更新了 task.md 中的 `updated_at` 为当前时间
|
|
100
|
+
- [ ] 追加了 Activity Log 条目到 task.md
|
|
101
|
+
- [ ] 告知了用户下一步(必须展示所有 TUI 的命令格式,不要筛选)
|
|
102
|
+
|
|
103
|
+
## 错误处理
|
|
104
|
+
|
|
105
|
+
- 告警未找到:提示 "Security alert #{number} not found"
|
|
106
|
+
- 告警已关闭:询问用户是否继续分析
|
|
107
|
+
- 网络/权限错误:提示相应信息
|