@geraldmaron/construct 1.0.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/.env.example +69 -0
- package/LICENSE +21 -0
- package/README.md +344 -0
- package/agents/prompts/cx-accessibility.md +29 -0
- package/agents/prompts/cx-ai-engineer.md +31 -0
- package/agents/prompts/cx-architect.md +40 -0
- package/agents/prompts/cx-business-strategist.md +25 -0
- package/agents/prompts/cx-data-analyst.md +30 -0
- package/agents/prompts/cx-data-engineer.md +32 -0
- package/agents/prompts/cx-debugger.md +27 -0
- package/agents/prompts/cx-designer.md +33 -0
- package/agents/prompts/cx-devil-advocate.md +36 -0
- package/agents/prompts/cx-docs-keeper.md +50 -0
- package/agents/prompts/cx-engineer.md +36 -0
- package/agents/prompts/cx-evaluator.md +26 -0
- package/agents/prompts/cx-explorer.md +38 -0
- package/agents/prompts/cx-legal-compliance.md +25 -0
- package/agents/prompts/cx-operations.md +28 -0
- package/agents/prompts/cx-orchestrator.md +30 -0
- package/agents/prompts/cx-platform-engineer.md +25 -0
- package/agents/prompts/cx-product-manager.md +30 -0
- package/agents/prompts/cx-qa.md +42 -0
- package/agents/prompts/cx-rd-lead.md +25 -0
- package/agents/prompts/cx-release-manager.md +31 -0
- package/agents/prompts/cx-researcher.md +31 -0
- package/agents/prompts/cx-reviewer.md +36 -0
- package/agents/prompts/cx-security.md +37 -0
- package/agents/prompts/cx-sre.md +26 -0
- package/agents/prompts/cx-test-automation.md +35 -0
- package/agents/prompts/cx-trace-reviewer.md +76 -0
- package/agents/prompts/cx-ux-researcher.md +30 -0
- package/agents/registry.json +879 -0
- package/agents/teams.json +94 -0
- package/bin/construct +613 -0
- package/commands/build/feature.md +21 -0
- package/commands/build/fix.md +20 -0
- package/commands/design/access.md +19 -0
- package/commands/design/flow.md +16 -0
- package/commands/design/ui.md +18 -0
- package/commands/measure/experiment.md +18 -0
- package/commands/measure/metrics.md +18 -0
- package/commands/measure/results.md +18 -0
- package/commands/plan/api.md +19 -0
- package/commands/plan/challenge.md +18 -0
- package/commands/plan/decide.md +20 -0
- package/commands/plan/feature.md +49 -0
- package/commands/plan/requirements.md +24 -0
- package/commands/remember/context.md +26 -0
- package/commands/remember/handoff.md +19 -0
- package/commands/remember/runbook.md +20 -0
- package/commands/review/code.md +21 -0
- package/commands/review/quality.md +19 -0
- package/commands/review/security.md +16 -0
- package/commands/ship/ready.md +19 -0
- package/commands/ship/release.md +19 -0
- package/commands/ship/status.md +18 -0
- package/commands/understand/docs.md +22 -0
- package/commands/understand/research.md +22 -0
- package/commands/understand/this.md +23 -0
- package/commands/understand/why.md +18 -0
- package/commands/work/clean.md +32 -0
- package/commands/work/drive.md +69 -0
- package/commands/work/optimize-prompts.md +46 -0
- package/commands/work/parallel-review.md +40 -0
- package/db/migrations/001_init.sql +38 -0
- package/langfuse/docker-compose.yml +82 -0
- package/lib/audit-skills.mjs +118 -0
- package/lib/auto-docs.mjs +293 -0
- package/lib/cli-commands.mjs +409 -0
- package/lib/codex-config.mjs +114 -0
- package/lib/comment-lint.mjs +191 -0
- package/lib/completions.mjs +170 -0
- package/lib/context-state.mjs +99 -0
- package/lib/cost.mjs +213 -0
- package/lib/distill.mjs +403 -0
- package/lib/efficiency.mjs +139 -0
- package/lib/env-config.mjs +53 -0
- package/lib/eval-harness.mjs +59 -0
- package/lib/features.mjs +209 -0
- package/lib/headhunt.mjs +597 -0
- package/lib/hooks/adaptive-lint.mjs +112 -0
- package/lib/hooks/agent-tracker.mjs +50 -0
- package/lib/hooks/bootstrap-guard.mjs +90 -0
- package/lib/hooks/comment-lint.mjs +26 -0
- package/lib/hooks/config-protection.mjs +52 -0
- package/lib/hooks/console-warn.mjs +43 -0
- package/lib/hooks/context-window-recovery.mjs +90 -0
- package/lib/hooks/continuation-enforcer.mjs +72 -0
- package/lib/hooks/dep-audit.mjs +155 -0
- package/lib/hooks/drive-guard.mjs +89 -0
- package/lib/hooks/edit-accumulator.mjs +36 -0
- package/lib/hooks/edit-error-recovery.mjs +46 -0
- package/lib/hooks/edit-guard.mjs +109 -0
- package/lib/hooks/env-check.mjs +80 -0
- package/lib/hooks/guard-bash.mjs +83 -0
- package/lib/hooks/mcp-audit.mjs +57 -0
- package/lib/hooks/mcp-health-check.mjs +51 -0
- package/lib/hooks/mcp-task-scope.mjs +47 -0
- package/lib/hooks/model-fallback.mjs +105 -0
- package/lib/hooks/pre-compact.mjs +212 -0
- package/lib/hooks/pre-push-gate.mjs +129 -0
- package/lib/hooks/read-tracker.mjs +129 -0
- package/lib/hooks/registry-sync.mjs +23 -0
- package/lib/hooks/scan-secrets.mjs +76 -0
- package/lib/hooks/session-start.mjs +95 -0
- package/lib/hooks/stop-notify.mjs +191 -0
- package/lib/hooks/stop-typecheck.mjs +83 -0
- package/lib/hooks/task-completed-guard.mjs +43 -0
- package/lib/hooks/teammate-idle-guard.mjs +54 -0
- package/lib/hooks/workflow-guard.mjs +62 -0
- package/lib/host-capabilities.mjs +123 -0
- package/lib/init-docs.mjs +382 -0
- package/lib/mcp/server.mjs +1123 -0
- package/lib/mcp-catalog.json +243 -0
- package/lib/mcp-manager.mjs +433 -0
- package/lib/mcp-platform-config.mjs +104 -0
- package/lib/model-router.mjs +810 -0
- package/lib/opencode-config.mjs +44 -0
- package/lib/opencode-runtime-plugin.mjs +909 -0
- package/lib/opencode-telemetry.mjs +433 -0
- package/lib/orchestration-policy.mjs +258 -0
- package/lib/prompt-composer.mjs +196 -0
- package/lib/prompt-metadata.mjs +68 -0
- package/lib/review.mjs +429 -0
- package/lib/role-preload.mjs +52 -0
- package/lib/schemas/decision.json +50 -0
- package/lib/schemas/implementation.json +51 -0
- package/lib/schemas/review-report.json +32 -0
- package/lib/schemas/test-report.json +43 -0
- package/lib/server/index.mjs +334 -0
- package/lib/server/static/app.js +841 -0
- package/lib/server/static/index.html +820 -0
- package/lib/service-manager.mjs +225 -0
- package/lib/setup.mjs +319 -0
- package/lib/status.mjs +707 -0
- package/lib/storage/backend.mjs +44 -0
- package/lib/storage/embeddings.mjs +70 -0
- package/lib/storage/hybrid-query.mjs +184 -0
- package/lib/storage/sql-store.mjs +55 -0
- package/lib/storage/state-source.mjs +101 -0
- package/lib/storage/sync.mjs +164 -0
- package/lib/storage/vector-store.mjs +59 -0
- package/lib/telemetry/backends/langfuse.mjs +58 -0
- package/lib/telemetry/backends/noop.mjs +16 -0
- package/lib/telemetry/langfuse-ingest.mjs +108 -0
- package/lib/telemetry/langfuse-model-sync.mjs +270 -0
- package/lib/telemetry/team-rollup.mjs +143 -0
- package/lib/toolkit-env.mjs +30 -0
- package/lib/validator.mjs +181 -0
- package/lib/workflow-state.mjs +794 -0
- package/package.json +53 -0
- package/personas/construct.md +94 -0
- package/platforms/claude/CLAUDE.md +30 -0
- package/platforms/claude/settings.template.json +472 -0
- package/platforms/opencode/config.template.json +65 -0
- package/platforms/opencode/plugins/construct-fallback.js +5 -0
- package/platforms/opencode/sync-config.mjs +69 -0
- package/rules/common/agents.md +55 -0
- package/rules/common/code-review.md +129 -0
- package/rules/common/coding-style.md +95 -0
- package/rules/common/comments.md +139 -0
- package/rules/common/cx-agent-routing.md +61 -0
- package/rules/common/cx-skill-routing.md +11 -0
- package/rules/common/development-workflow.md +49 -0
- package/rules/common/git-workflow.md +29 -0
- package/rules/common/hooks.md +35 -0
- package/rules/common/patterns.md +36 -0
- package/rules/common/performance.md +71 -0
- package/rules/common/security.md +34 -0
- package/rules/common/testing.md +62 -0
- package/rules/golang/coding-style.md +37 -0
- package/rules/golang/hooks.md +22 -0
- package/rules/golang/patterns.md +50 -0
- package/rules/golang/security.md +39 -0
- package/rules/golang/testing.md +36 -0
- package/rules/python/coding-style.md +47 -0
- package/rules/python/hooks.md +24 -0
- package/rules/python/patterns.md +44 -0
- package/rules/python/security.md +35 -0
- package/rules/python/testing.md +43 -0
- package/rules/swift/coding-style.md +52 -0
- package/rules/swift/hooks.md +25 -0
- package/rules/swift/patterns.md +71 -0
- package/rules/swift/security.md +38 -0
- package/rules/swift/testing.md +50 -0
- package/rules/typescript/coding-style.md +204 -0
- package/rules/typescript/hooks.md +27 -0
- package/rules/typescript/patterns.md +57 -0
- package/rules/typescript/security.md +33 -0
- package/rules/typescript/testing.md +23 -0
- package/rules/web/coding-style.md +101 -0
- package/rules/web/design-quality.md +68 -0
- package/rules/web/hooks.md +125 -0
- package/rules/web/patterns.md +84 -0
- package/rules/web/performance.md +69 -0
- package/rules/web/security.md +62 -0
- package/rules/web/testing.md +60 -0
- package/rules/zh/README.md +113 -0
- package/rules/zh/agents.md +55 -0
- package/rules/zh/code-review.md +129 -0
- package/rules/zh/coding-style.md +53 -0
- package/rules/zh/development-workflow.md +49 -0
- package/rules/zh/git-workflow.md +29 -0
- package/rules/zh/hooks.md +35 -0
- package/rules/zh/patterns.md +36 -0
- package/rules/zh/performance.md +60 -0
- package/rules/zh/security.md +34 -0
- package/rules/zh/testing.md +34 -0
- package/skills/ai/agent-dev.md +102 -0
- package/skills/ai/llm-security.md +105 -0
- package/skills/ai/ml-ops.md +169 -0
- package/skills/ai/orchestration-workflow.md +87 -0
- package/skills/ai/prompt-and-eval.md +114 -0
- package/skills/ai/prompt-optimizer.md +114 -0
- package/skills/ai/rag-system.md +104 -0
- package/skills/architecture/api-design.md +100 -0
- package/skills/architecture/caching.md +101 -0
- package/skills/architecture/cloud-native.md +97 -0
- package/skills/architecture/message-queue.md +100 -0
- package/skills/architecture/security-arch.md +105 -0
- package/skills/development/cpp.md +127 -0
- package/skills/development/go.md +129 -0
- package/skills/development/java.md +134 -0
- package/skills/development/kotlin.md +140 -0
- package/skills/development/mobile-crossplatform.md +144 -0
- package/skills/development/python.md +109 -0
- package/skills/development/rust.md +127 -0
- package/skills/development/shell.md +127 -0
- package/skills/development/swift.md +129 -0
- package/skills/development/typescript.md +129 -0
- package/skills/devops/ci-cd.md +108 -0
- package/skills/devops/containerization.md +106 -0
- package/skills/devops/cost-optimization.md +105 -0
- package/skills/devops/data-engineering.md +181 -0
- package/skills/devops/database.md +95 -0
- package/skills/devops/dependency-management.md +91 -0
- package/skills/devops/devsecops.md +96 -0
- package/skills/devops/git-workflow.md +100 -0
- package/skills/devops/incident-response.md +167 -0
- package/skills/devops/monorepo.md +87 -0
- package/skills/devops/observability.md +103 -0
- package/skills/devops/performance.md +104 -0
- package/skills/devops/testing.md +104 -0
- package/skills/docs/adr-workflow.md +32 -0
- package/skills/docs/backlog-proposal-workflow.md +19 -0
- package/skills/docs/customer-profile-workflow.md +22 -0
- package/skills/docs/evidence-ingest-workflow.md +23 -0
- package/skills/docs/init-docs.md +160 -0
- package/skills/docs/init-project.md +50 -0
- package/skills/docs/prd-workflow.md +57 -0
- package/skills/docs/prfaq-workflow.md +25 -0
- package/skills/docs/product-intelligence-review.md +22 -0
- package/skills/docs/product-intelligence-workflow.md +62 -0
- package/skills/docs/product-signal-workflow.md +27 -0
- package/skills/docs/research-workflow.md +28 -0
- package/skills/docs/runbook-workflow.md +24 -0
- package/skills/exploration/repo-map.md +297 -0
- package/skills/frameworks/django.md +159 -0
- package/skills/frameworks/nextjs.md +148 -0
- package/skills/frameworks/react.md +132 -0
- package/skills/frameworks/spring-boot.md +165 -0
- package/skills/frontend-design/accessibility.md +153 -0
- package/skills/frontend-design/component-patterns.md +111 -0
- package/skills/frontend-design/engineering.md +122 -0
- package/skills/frontend-design/state-management.md +118 -0
- package/skills/frontend-design/ui-aesthetics.md +102 -0
- package/skills/frontend-design/ux-principles.md +126 -0
- package/skills/quality-gates/review-work.md +90 -0
- package/skills/quality-gates/verify-change.md +94 -0
- package/skills/quality-gates/verify-module.md +96 -0
- package/skills/quality-gates/verify-quality.md +93 -0
- package/skills/quality-gates/verify-security.md +95 -0
- package/skills/roles/architect.ai-systems.md +37 -0
- package/skills/roles/architect.data.md +37 -0
- package/skills/roles/architect.enterprise.md +37 -0
- package/skills/roles/architect.integration.md +37 -0
- package/skills/roles/architect.md +68 -0
- package/skills/roles/architect.platform.md +37 -0
- package/skills/roles/data-analyst.experiment.md +37 -0
- package/skills/roles/data-analyst.md +68 -0
- package/skills/roles/data-analyst.product-intelligence.md +37 -0
- package/skills/roles/data-analyst.product.md +37 -0
- package/skills/roles/data-analyst.telemetry.md +37 -0
- package/skills/roles/data-engineer.pipeline.md +37 -0
- package/skills/roles/data-engineer.vector-retrieval.md +37 -0
- package/skills/roles/data-engineer.warehouse.md +37 -0
- package/skills/roles/debugger.md +68 -0
- package/skills/roles/designer.accessibility.md +43 -0
- package/skills/roles/designer.md +68 -0
- package/skills/roles/engineer.ai.md +49 -0
- package/skills/roles/engineer.data.md +49 -0
- package/skills/roles/engineer.md +85 -0
- package/skills/roles/engineer.platform.md +49 -0
- package/skills/roles/operator.docs.md +43 -0
- package/skills/roles/operator.md +68 -0
- package/skills/roles/operator.release.md +43 -0
- package/skills/roles/operator.sre.md +43 -0
- package/skills/roles/orchestrator.md +66 -0
- package/skills/roles/product-manager.ai-product.md +37 -0
- package/skills/roles/product-manager.business-strategy.md +43 -0
- package/skills/roles/product-manager.enterprise.md +37 -0
- package/skills/roles/product-manager.growth.md +37 -0
- package/skills/roles/product-manager.md +67 -0
- package/skills/roles/product-manager.platform.md +37 -0
- package/skills/roles/product-manager.product.md +37 -0
- package/skills/roles/qa.ai-eval.md +37 -0
- package/skills/roles/qa.api-contract.md +37 -0
- package/skills/roles/qa.data-pipeline.md +37 -0
- package/skills/roles/qa.md +68 -0
- package/skills/roles/qa.test-automation.md +49 -0
- package/skills/roles/qa.web-ui.md +37 -0
- package/skills/roles/researcher.explorer.md +43 -0
- package/skills/roles/researcher.md +68 -0
- package/skills/roles/researcher.ux.md +43 -0
- package/skills/roles/reviewer.devil-advocate.md +43 -0
- package/skills/roles/reviewer.evaluator.md +43 -0
- package/skills/roles/reviewer.md +68 -0
- package/skills/roles/reviewer.trace.md +43 -0
- package/skills/roles/security.ai.md +37 -0
- package/skills/roles/security.appsec.md +37 -0
- package/skills/roles/security.cloud.md +37 -0
- package/skills/roles/security.legal-compliance.md +49 -0
- package/skills/roles/security.md +68 -0
- package/skills/roles/security.privacy.md +37 -0
- package/skills/roles/security.supply-chain.md +37 -0
- package/skills/routing.md +139 -0
- package/skills/security/blue-team.md +83 -0
- package/skills/security/code-audit.md +94 -0
- package/skills/security/pentest.md +84 -0
- package/skills/security/red-team.md +81 -0
- package/skills/security/threat-intel.md +89 -0
- package/skills/security/vuln-research.md +87 -0
- package/skills/utility/clean-code.md +165 -0
- package/sync-agents.mjs +899 -0
- package/templates/docs/adr.md +27 -0
- package/templates/docs/backlog-proposal.md +26 -0
- package/templates/docs/customer-profile.md +34 -0
- package/templates/docs/evidence-brief.md +37 -0
- package/templates/docs/incident-report.md +46 -0
- package/templates/docs/memo.md +27 -0
- package/templates/docs/meta-prd.md +56 -0
- package/templates/docs/one-pager.md +24 -0
- package/templates/docs/prd-business.md +61 -0
- package/templates/docs/prd-platform.md +62 -0
- package/templates/docs/prd.md +47 -0
- package/templates/docs/prfaq.md +31 -0
- package/templates/docs/product-intelligence-report.md +31 -0
- package/templates/docs/research-brief.md +29 -0
- package/templates/docs/rfc-platform.md +60 -0
- package/templates/docs/rfc.md +46 -0
- package/templates/docs/runbook.md +33 -0
- package/templates/docs/signal-brief.md +25 -0
|
@@ -0,0 +1,129 @@
|
|
|
1
|
+
<!--
|
|
2
|
+
rules/zh/code-review.md — <one-line purpose>
|
|
3
|
+
|
|
4
|
+
<2–6 line summary.>
|
|
5
|
+
-->
|
|
6
|
+
# 代码审查标准
|
|
7
|
+
|
|
8
|
+
## 目的
|
|
9
|
+
|
|
10
|
+
代码审查确保代码合并前的质量、安全性和可维护性。此规则定义何时以及如何进行代码审查。
|
|
11
|
+
|
|
12
|
+
## 何时审查
|
|
13
|
+
|
|
14
|
+
**强制审查触发条件:**
|
|
15
|
+
|
|
16
|
+
- 编写或修改代码后
|
|
17
|
+
- 提交到共享分支之前
|
|
18
|
+
- 更改安全敏感代码时(认证、支付、用户数据)
|
|
19
|
+
- 进行架构更改时
|
|
20
|
+
- 合并 pull request 之前
|
|
21
|
+
|
|
22
|
+
**审查前要求:**
|
|
23
|
+
|
|
24
|
+
在请求审查之前,确保:
|
|
25
|
+
|
|
26
|
+
- 所有自动化检查(CI/CD)已通过
|
|
27
|
+
- 合并冲突已解决
|
|
28
|
+
- 分支已与目标分支同步
|
|
29
|
+
|
|
30
|
+
## 审查检查清单
|
|
31
|
+
|
|
32
|
+
在标记代码完成之前:
|
|
33
|
+
|
|
34
|
+
- [ ] 代码可读且命名良好
|
|
35
|
+
- [ ] 函数聚焦(<50 行)
|
|
36
|
+
- [ ] 文件内聚(<800 行)
|
|
37
|
+
- [ ] 无深层嵌套(>4 层)
|
|
38
|
+
- [ ] 错误显式处理
|
|
39
|
+
- [ ] 无硬编码密钥或凭据
|
|
40
|
+
- [ ] 无 console.log 或调试语句
|
|
41
|
+
- [ ] 新功能有测试
|
|
42
|
+
- [ ] 测试覆盖率满足 80% 最低要求
|
|
43
|
+
|
|
44
|
+
## 安全审查触发条件
|
|
45
|
+
|
|
46
|
+
**停止并使用 security-reviewer 代理当:**
|
|
47
|
+
|
|
48
|
+
- 认证或授权代码
|
|
49
|
+
- 用户输入处理
|
|
50
|
+
- 数据库查询
|
|
51
|
+
- 文件系统操作
|
|
52
|
+
- 外部 API 调用
|
|
53
|
+
- 加密操作
|
|
54
|
+
- 支付或金融代码
|
|
55
|
+
|
|
56
|
+
## 审查严重级别
|
|
57
|
+
|
|
58
|
+
| 级别 | 含义 | 行动 |
|
|
59
|
+
|-------|---------|--------|
|
|
60
|
+
| CRITICAL(关键) | 安全漏洞或数据丢失风险 | **阻止** - 合并前必须修复 |
|
|
61
|
+
| HIGH(高) | Bug 或重大质量问题 | **警告** - 合并前应修复 |
|
|
62
|
+
| MEDIUM(中) | 可维护性问题 | **信息** - 考虑修复 |
|
|
63
|
+
| LOW(低) | 风格或次要建议 | **注意** - 可选 |
|
|
64
|
+
|
|
65
|
+
## 代理使用
|
|
66
|
+
|
|
67
|
+
使用这些代理进行代码审查:
|
|
68
|
+
|
|
69
|
+
| 代理 | 用途 |
|
|
70
|
+
|-------|--------|
|
|
71
|
+
| **code-reviewer** | 通用代码质量、模式、最佳实践 |
|
|
72
|
+
| **security-reviewer** | 安全漏洞、OWASP Top 10 |
|
|
73
|
+
| **typescript-reviewer** | TypeScript/JavaScript 特定问题 |
|
|
74
|
+
| **python-reviewer** | Python 特定问题 |
|
|
75
|
+
| **go-reviewer** | Go 特定问题 |
|
|
76
|
+
| **rust-reviewer** | Rust 特定问题 |
|
|
77
|
+
|
|
78
|
+
## 审查工作流
|
|
79
|
+
|
|
80
|
+
```
|
|
81
|
+
1. 运行 git diff 了解更改
|
|
82
|
+
2. 先检查安全检查清单
|
|
83
|
+
3. 审查代码质量检查清单
|
|
84
|
+
4. 运行相关测试
|
|
85
|
+
5. 验证覆盖率 >= 80%
|
|
86
|
+
6. 使用适当的代理进行详细审查
|
|
87
|
+
```
|
|
88
|
+
|
|
89
|
+
## 常见问题捕获
|
|
90
|
+
|
|
91
|
+
### 安全
|
|
92
|
+
|
|
93
|
+
- 硬编码凭据(API 密钥、密码、令牌)
|
|
94
|
+
- SQL 注入(查询中的字符串拼接)
|
|
95
|
+
- XSS 漏洞(未转义的用户输入)
|
|
96
|
+
- 路径遍历(未净化的文件路径)
|
|
97
|
+
- CSRF 保护缺失
|
|
98
|
+
- 认证绕过
|
|
99
|
+
|
|
100
|
+
### 代码质量
|
|
101
|
+
|
|
102
|
+
- 大函数(>50 行)- 拆分为更小的
|
|
103
|
+
- 大文件(>800 行)- 提取模块
|
|
104
|
+
- 深层嵌套(>4 层)- 使用提前返回
|
|
105
|
+
- 缺少错误处理 - 显式处理
|
|
106
|
+
- 变更模式 - 优先使用不可变操作
|
|
107
|
+
- 缺少测试 - 添加测试覆盖
|
|
108
|
+
|
|
109
|
+
### 性能
|
|
110
|
+
|
|
111
|
+
- N+1 查询 - 使用 JOIN 或批处理
|
|
112
|
+
- 缺少分页 - 给查询添加 LIMIT
|
|
113
|
+
- 无界查询 - 添加约束
|
|
114
|
+
- 缺少缓存 - 缓存昂贵操作
|
|
115
|
+
|
|
116
|
+
## 批准标准
|
|
117
|
+
|
|
118
|
+
- **批准**:无关键或高优先级问题
|
|
119
|
+
- **警告**:仅有高优先级问题(谨慎合并)
|
|
120
|
+
- **阻止**:发现关键问题
|
|
121
|
+
|
|
122
|
+
## 与其他规则的集成
|
|
123
|
+
|
|
124
|
+
此规则与以下规则配合:
|
|
125
|
+
|
|
126
|
+
- [testing.md](testing.md) - 测试覆盖率要求
|
|
127
|
+
- [security.md](security.md) - 安全检查清单
|
|
128
|
+
- [git-workflow.md](git-workflow.md) - 提交标准
|
|
129
|
+
- [agents.md](agents.md) - 代理委托
|
|
@@ -0,0 +1,53 @@
|
|
|
1
|
+
<!--
|
|
2
|
+
rules/zh/coding-style.md — <one-line purpose>
|
|
3
|
+
|
|
4
|
+
<2–6 line summary.>
|
|
5
|
+
-->
|
|
6
|
+
# 编码风格
|
|
7
|
+
|
|
8
|
+
## 不可变性(关键)
|
|
9
|
+
|
|
10
|
+
始终创建新对象,永远不要修改现有对象:
|
|
11
|
+
|
|
12
|
+
```
|
|
13
|
+
// 伪代码
|
|
14
|
+
错误: modify(original, field, value) → 就地修改 original
|
|
15
|
+
正确: update(original, field, value) → 返回带有更改的新副本
|
|
16
|
+
```
|
|
17
|
+
|
|
18
|
+
原理:不可变数据防止隐藏的副作用,使调试更容易,并启用安全的并发。
|
|
19
|
+
|
|
20
|
+
## 文件组织
|
|
21
|
+
|
|
22
|
+
多个小文件 > 少量大文件:
|
|
23
|
+
- 高内聚,低耦合
|
|
24
|
+
- 典型 200-400 行,最多 800 行
|
|
25
|
+
- 从大模块中提取工具函数
|
|
26
|
+
- 按功能/领域组织,而非按类型
|
|
27
|
+
|
|
28
|
+
## 错误处理
|
|
29
|
+
|
|
30
|
+
始终全面处理错误:
|
|
31
|
+
- 在每一层显式处理错误
|
|
32
|
+
- 在面向 UI 的代码中提供用户友好的错误消息
|
|
33
|
+
- 在服务器端记录详细的错误上下文
|
|
34
|
+
- 永远不要静默吞掉错误
|
|
35
|
+
|
|
36
|
+
## 输入验证
|
|
37
|
+
|
|
38
|
+
始终在系统边界验证:
|
|
39
|
+
- 处理前验证所有用户输入
|
|
40
|
+
- 在可用的情况下使用基于模式的验证
|
|
41
|
+
- 快速失败并给出清晰的错误消息
|
|
42
|
+
- 永远不要信任外部数据(API 响应、用户输入、文件内容)
|
|
43
|
+
|
|
44
|
+
## 代码质量检查清单
|
|
45
|
+
|
|
46
|
+
在标记工作完成前:
|
|
47
|
+
- [ ] 代码可读且命名良好
|
|
48
|
+
- [ ] 函数很小(<50 行)
|
|
49
|
+
- [ ] 文件聚焦(<800 行)
|
|
50
|
+
- [ ] 没有深层嵌套(>4 层)
|
|
51
|
+
- [ ] 正确的错误处理
|
|
52
|
+
- [ ] 没有硬编码值(使用常量或配置)
|
|
53
|
+
- [ ] 没有变更(使用不可变模式)
|
|
@@ -0,0 +1,49 @@
|
|
|
1
|
+
<!--
|
|
2
|
+
rules/zh/development-workflow.md — <one-line purpose>
|
|
3
|
+
|
|
4
|
+
<2–6 line summary.>
|
|
5
|
+
-->
|
|
6
|
+
# 开发工作流
|
|
7
|
+
|
|
8
|
+
> 此文件扩展 [common/git-workflow.md](./git-workflow.md),包含 git 操作之前的完整功能开发流程。
|
|
9
|
+
|
|
10
|
+
功能实现工作流描述了开发管道:研究、规划、TDD、代码审查,然后提交到 git。
|
|
11
|
+
|
|
12
|
+
## 功能实现工作流
|
|
13
|
+
|
|
14
|
+
0. **研究与重用** _(任何新实现前必需)_
|
|
15
|
+
- **GitHub 代码搜索优先:** 在编写任何新代码之前,运行 `gh search repos` 和 `gh search code` 查找现有实现、模板和模式。
|
|
16
|
+
- **库文档其次:** 使用 Context7 或主要供应商文档确认 API 行为、包使用和版本特定细节。
|
|
17
|
+
- **仅当前两者不足时使用 Exa:** 在 GitHub 搜索和主要文档之后,使用 Exa 进行更广泛的网络研究或发现。
|
|
18
|
+
- **检查包注册表:** 在编写工具代码之前搜索 npm、PyPI、crates.io 和其他注册表。首选久经考验的库而非手工编写的解决方案。
|
|
19
|
+
- **搜索可适配的实现:** 寻找解决问题 80%+ 且可以分支、移植或包装的开源项目。
|
|
20
|
+
- 当满足需求时,优先采用或移植经验证的方法而非从头编写新代码。
|
|
21
|
+
|
|
22
|
+
1. **先规划**
|
|
23
|
+
- 使用 **planner** 代理创建实现计划
|
|
24
|
+
- 编码前生成规划文档:PRD、架构、系统设计、技术文档、任务列表
|
|
25
|
+
- 识别依赖和风险
|
|
26
|
+
- 分解为阶段
|
|
27
|
+
|
|
28
|
+
2. **TDD 方法**
|
|
29
|
+
- 使用 **tdd-guide** 代理
|
|
30
|
+
- 先写测试(RED)
|
|
31
|
+
- 实现以通过测试(GREEN)
|
|
32
|
+
- 重构(IMPROVE)
|
|
33
|
+
- 验证 80%+ 覆盖率
|
|
34
|
+
|
|
35
|
+
3. **代码审查**
|
|
36
|
+
- 编写代码后立即使用 **code-reviewer** 代理
|
|
37
|
+
- 解决关键和高优先级问题
|
|
38
|
+
- 尽可能修复中优先级问题
|
|
39
|
+
|
|
40
|
+
4. **提交与推送**
|
|
41
|
+
- 详细的提交消息
|
|
42
|
+
- 遵循约定式提交格式
|
|
43
|
+
- 参见 [git-workflow.md](./git-workflow.md) 了解提交消息格式和 PR 流程
|
|
44
|
+
|
|
45
|
+
5. **审查前检查**
|
|
46
|
+
- 验证所有自动化检查(CI/CD)已通过
|
|
47
|
+
- 解决任何合并冲突
|
|
48
|
+
- 确保分支已与目标分支同步
|
|
49
|
+
- 仅在这些检查通过后请求审查
|
|
@@ -0,0 +1,29 @@
|
|
|
1
|
+
<!--
|
|
2
|
+
rules/zh/git-workflow.md — <one-line purpose>
|
|
3
|
+
|
|
4
|
+
<2–6 line summary.>
|
|
5
|
+
-->
|
|
6
|
+
# Git 工作流
|
|
7
|
+
|
|
8
|
+
## 提交消息格式
|
|
9
|
+
```
|
|
10
|
+
<类型>: <描述>
|
|
11
|
+
|
|
12
|
+
<可选正文>
|
|
13
|
+
```
|
|
14
|
+
|
|
15
|
+
类型:feat, fix, refactor, docs, test, chore, perf, ci
|
|
16
|
+
|
|
17
|
+
注意:通过 ~/.claude/settings.json 全局禁用归属。
|
|
18
|
+
|
|
19
|
+
## Pull Request 工作流
|
|
20
|
+
|
|
21
|
+
创建 PR 时:
|
|
22
|
+
1. 分析完整提交历史(不仅是最新提交)
|
|
23
|
+
2. 使用 `git diff [base-branch]...HEAD` 查看所有更改
|
|
24
|
+
3. 起草全面的 PR 摘要
|
|
25
|
+
4. 包含带有 TODO 的测试计划
|
|
26
|
+
5. 如果是新分支,使用 `-u` 标志推送
|
|
27
|
+
|
|
28
|
+
> 对于 git 操作之前的完整开发流程(规划、TDD、代码审查),
|
|
29
|
+
> 参见 [development-workflow.md](./development-workflow.md)。
|
|
@@ -0,0 +1,35 @@
|
|
|
1
|
+
<!--
|
|
2
|
+
rules/zh/hooks.md — <one-line purpose>
|
|
3
|
+
|
|
4
|
+
<2–6 line summary.>
|
|
5
|
+
-->
|
|
6
|
+
# 钩子系统
|
|
7
|
+
|
|
8
|
+
## 钩子类型
|
|
9
|
+
|
|
10
|
+
- **PreToolUse**:工具执行前(验证、参数修改)
|
|
11
|
+
- **PostToolUse**:工具执行后(自动格式化、检查)
|
|
12
|
+
- **Stop**:会话结束时(最终验证)
|
|
13
|
+
|
|
14
|
+
## 自动接受权限
|
|
15
|
+
|
|
16
|
+
谨慎使用:
|
|
17
|
+
- 为可信、定义明确的计划启用
|
|
18
|
+
- 探索性工作时禁用
|
|
19
|
+
- 永远不要使用 dangerously-skip-permissions 标志
|
|
20
|
+
- 改为在 `~/.claude.json` 中配置 `allowedTools`
|
|
21
|
+
|
|
22
|
+
## TodoWrite 最佳实践
|
|
23
|
+
|
|
24
|
+
使用 TodoWrite 工具:
|
|
25
|
+
- 跟踪多步骤任务的进度
|
|
26
|
+
- 验证对指令的理解
|
|
27
|
+
- 启用实时引导
|
|
28
|
+
- 显示细粒度的实现步骤
|
|
29
|
+
|
|
30
|
+
待办列表揭示:
|
|
31
|
+
- 顺序错误的步骤
|
|
32
|
+
- 缺失的项目
|
|
33
|
+
- 多余的不必要项目
|
|
34
|
+
- 错误的粒度
|
|
35
|
+
- 误解的需求
|
|
@@ -0,0 +1,36 @@
|
|
|
1
|
+
<!--
|
|
2
|
+
rules/zh/patterns.md — <one-line purpose>
|
|
3
|
+
|
|
4
|
+
<2–6 line summary.>
|
|
5
|
+
-->
|
|
6
|
+
# 常用模式
|
|
7
|
+
|
|
8
|
+
## 骨架项目
|
|
9
|
+
|
|
10
|
+
实现新功能时:
|
|
11
|
+
1. 搜索久经考验的骨架项目
|
|
12
|
+
2. 使用并行代理评估选项:
|
|
13
|
+
- 安全性评估
|
|
14
|
+
- 可扩展性分析
|
|
15
|
+
- 相关性评分
|
|
16
|
+
- 实现规划
|
|
17
|
+
3. 克隆最佳匹配作为基础
|
|
18
|
+
4. 在经验证的结构内迭代
|
|
19
|
+
|
|
20
|
+
## 设计模式
|
|
21
|
+
|
|
22
|
+
### 仓储模式
|
|
23
|
+
|
|
24
|
+
将数据访问封装在一致的接口后面:
|
|
25
|
+
- 定义标准操作:findAll、findById、create、update、delete
|
|
26
|
+
- 具体实现处理存储细节(数据库、API、文件等)
|
|
27
|
+
- 业务逻辑依赖抽象接口,而非存储机制
|
|
28
|
+
- 便于轻松切换数据源,并简化使用模拟的测试
|
|
29
|
+
|
|
30
|
+
### API 响应格式
|
|
31
|
+
|
|
32
|
+
对所有 API 响应使用一致的信封:
|
|
33
|
+
- 包含成功/状态指示器
|
|
34
|
+
- 包含数据负载(错误时可为空)
|
|
35
|
+
- 包含错误消息字段(成功时可为空)
|
|
36
|
+
- 包含分页响应的元数据(total、page、limit)
|
|
@@ -0,0 +1,60 @@
|
|
|
1
|
+
<!--
|
|
2
|
+
rules/zh/performance.md — <one-line purpose>
|
|
3
|
+
|
|
4
|
+
<2–6 line summary.>
|
|
5
|
+
-->
|
|
6
|
+
# 性能优化
|
|
7
|
+
|
|
8
|
+
## 模型选择策略
|
|
9
|
+
|
|
10
|
+
**Haiku 4.5**(Sonnet 90% 的能力,3 倍成本节省):
|
|
11
|
+
- 频繁调用的轻量级代理
|
|
12
|
+
- 结对编程和代码生成
|
|
13
|
+
- 多代理系统中的工作者代理
|
|
14
|
+
|
|
15
|
+
**Sonnet 4.6**(最佳编码模型):
|
|
16
|
+
- 主要开发工作
|
|
17
|
+
- 编排多代理工作流
|
|
18
|
+
- 复杂编码任务
|
|
19
|
+
|
|
20
|
+
**Opus 4.5**(最深度推理):
|
|
21
|
+
- 复杂架构决策
|
|
22
|
+
- 最大推理需求
|
|
23
|
+
- 研究和分析任务
|
|
24
|
+
|
|
25
|
+
## 上下文窗口管理
|
|
26
|
+
|
|
27
|
+
避免在上下文窗口的最后 20% 进行以下操作:
|
|
28
|
+
- 大规模重构
|
|
29
|
+
- 跨多个文件的功能实现
|
|
30
|
+
- 调试复杂交互
|
|
31
|
+
|
|
32
|
+
上下文敏感度较低的任务:
|
|
33
|
+
- 单文件编辑
|
|
34
|
+
- 独立工具创建
|
|
35
|
+
- 文档更新
|
|
36
|
+
- 简单 bug 修复
|
|
37
|
+
|
|
38
|
+
## 扩展思考 + 规划模式
|
|
39
|
+
|
|
40
|
+
扩展思考默认启用,为内部推理保留最多 31,999 个 token。
|
|
41
|
+
|
|
42
|
+
通过以下方式控制扩展思考:
|
|
43
|
+
- **切换**:Option+T(macOS)/ Alt+T(Windows/Linux)
|
|
44
|
+
- **配置**:在 `~/.claude/settings.json` 中设置 `alwaysThinkingEnabled`
|
|
45
|
+
- **预算上限**:`export MAX_THINKING_TOKENS=10000`
|
|
46
|
+
- **详细模式**:Ctrl+O 查看思考输出
|
|
47
|
+
|
|
48
|
+
对于需要深度推理的复杂任务:
|
|
49
|
+
1. 确保扩展思考已启用(默认开启)
|
|
50
|
+
2. 启用**规划模式**进行结构化方法
|
|
51
|
+
3. 使用多轮审查进行彻底分析
|
|
52
|
+
4. 使用分角色子代理获得多样化视角
|
|
53
|
+
|
|
54
|
+
## 构建排查
|
|
55
|
+
|
|
56
|
+
如果构建失败:
|
|
57
|
+
1. 使用 **build-error-resolver** 代理
|
|
58
|
+
2. 分析错误消息
|
|
59
|
+
3. 增量修复
|
|
60
|
+
4. 每次修复后验证
|
|
@@ -0,0 +1,34 @@
|
|
|
1
|
+
<!--
|
|
2
|
+
rules/zh/security.md — <one-line purpose>
|
|
3
|
+
|
|
4
|
+
<2–6 line summary.>
|
|
5
|
+
-->
|
|
6
|
+
# 安全指南
|
|
7
|
+
|
|
8
|
+
## 强制安全检查
|
|
9
|
+
|
|
10
|
+
在任何提交之前:
|
|
11
|
+
- [ ] 无硬编码密钥(API 密钥、密码、令牌)
|
|
12
|
+
- [ ] 所有用户输入已验证
|
|
13
|
+
- [ ] SQL 注入防护(参数化查询)
|
|
14
|
+
- [ ] XSS 防护(净化 HTML)
|
|
15
|
+
- [ ] CSRF 保护已启用
|
|
16
|
+
- [ ] 认证/授权已验证
|
|
17
|
+
- [ ] 所有端点启用速率限制
|
|
18
|
+
- [ ] 错误消息不泄露敏感数据
|
|
19
|
+
|
|
20
|
+
## 密钥管理
|
|
21
|
+
|
|
22
|
+
- 永远不要在源代码中硬编码密钥
|
|
23
|
+
- 始终使用环境变量或密钥管理器
|
|
24
|
+
- 启动时验证所需的密钥是否存在
|
|
25
|
+
- 轮换任何可能已暴露的密钥
|
|
26
|
+
|
|
27
|
+
## 安全响应协议
|
|
28
|
+
|
|
29
|
+
如果发现安全问题:
|
|
30
|
+
1. 立即停止
|
|
31
|
+
2. 使用 **security-reviewer** 代理
|
|
32
|
+
3. 在继续之前修复关键问题
|
|
33
|
+
4. 轮换任何已暴露的密钥
|
|
34
|
+
5. 审查整个代码库中的类似问题
|
|
@@ -0,0 +1,34 @@
|
|
|
1
|
+
<!--
|
|
2
|
+
rules/zh/testing.md — <one-line purpose>
|
|
3
|
+
|
|
4
|
+
<2–6 line summary.>
|
|
5
|
+
-->
|
|
6
|
+
# 测试要求
|
|
7
|
+
|
|
8
|
+
## 最低测试覆盖率:80%
|
|
9
|
+
|
|
10
|
+
测试类型(全部必需):
|
|
11
|
+
1. **单元测试** - 单个函数、工具、组件
|
|
12
|
+
2. **集成测试** - API 端点、数据库操作
|
|
13
|
+
3. **E2E 测试** - 关键用户流程(框架根据语言选择)
|
|
14
|
+
|
|
15
|
+
## 测试驱动开发
|
|
16
|
+
|
|
17
|
+
强制工作流:
|
|
18
|
+
1. 先写测试(RED)
|
|
19
|
+
2. 运行测试 - 应该失败
|
|
20
|
+
3. 编写最小实现(GREEN)
|
|
21
|
+
4. 运行测试 - 应该通过
|
|
22
|
+
5. 重构(IMPROVE)
|
|
23
|
+
6. 验证覆盖率(80%+)
|
|
24
|
+
|
|
25
|
+
## 测试失败排查
|
|
26
|
+
|
|
27
|
+
1. 使用 **tdd-guide** 代理
|
|
28
|
+
2. 检查测试隔离
|
|
29
|
+
3. 验证模拟是否正确
|
|
30
|
+
4. 修复实现,而非测试(除非测试有误)
|
|
31
|
+
|
|
32
|
+
## 代理支持
|
|
33
|
+
|
|
34
|
+
- **tdd-guide** - 主动用于新功能,强制先写测试
|
|
@@ -0,0 +1,102 @@
|
|
|
1
|
+
<!--
|
|
2
|
+
skills/ai/agent-dev.md — AI Agent Development — Use this skill when building AI agents, tool-use systems, or multi-agent workflo
|
|
3
|
+
|
|
4
|
+
Use this skill when building AI agents, tool-use systems, or multi-agent workflows. ## Agent Architecture
|
|
5
|
+
-->
|
|
6
|
+
# AI Agent Development
|
|
7
|
+
|
|
8
|
+
Use this skill when building AI agents, tool-use systems, or multi-agent workflows.
|
|
9
|
+
|
|
10
|
+
## Agent Architecture
|
|
11
|
+
|
|
12
|
+
### Core Loop
|
|
13
|
+
1. Receive user input or system event
|
|
14
|
+
2. Plan: decide what action to take (tool call, response, delegation)
|
|
15
|
+
3. Act: execute the chosen action
|
|
16
|
+
4. Observe: process the result
|
|
17
|
+
5. Repeat until the task is complete or a stop condition is met
|
|
18
|
+
|
|
19
|
+
### Planning Strategies
|
|
20
|
+
- ReAct: interleave reasoning and acting in a single prompt
|
|
21
|
+
- Plan-then-execute: generate a full plan, execute steps sequentially
|
|
22
|
+
- Tree of thought: explore multiple approaches, select the best
|
|
23
|
+
- Choose based on task complexity; ReAct for simple, plan-first for multi-step
|
|
24
|
+
|
|
25
|
+
## Tool Design
|
|
26
|
+
|
|
27
|
+
### Principles
|
|
28
|
+
- Each tool does one thing well
|
|
29
|
+
- Tool names and descriptions are clear enough for the LLM to select correctly
|
|
30
|
+
- Parameters have strict types and validation
|
|
31
|
+
- Return structured results the LLM can parse
|
|
32
|
+
- Include error states the agent can reason about
|
|
33
|
+
|
|
34
|
+
### Tool Schema
|
|
35
|
+
- Use JSON Schema or equivalent for parameter definitions
|
|
36
|
+
- Required vs optional parameters clearly marked
|
|
37
|
+
- Enum values for constrained choices
|
|
38
|
+
- Description field explains when and why to use the tool
|
|
39
|
+
- Examples in the description improve selection accuracy
|
|
40
|
+
|
|
41
|
+
### Common Tool Categories
|
|
42
|
+
- Information retrieval: search, database query, API call
|
|
43
|
+
- Computation: calculator, code execution, data transformation
|
|
44
|
+
- Communication: email, messaging, notifications
|
|
45
|
+
- File operations: read, write, list
|
|
46
|
+
- System control: deploy, configure, monitor
|
|
47
|
+
|
|
48
|
+
## Function Calling
|
|
49
|
+
|
|
50
|
+
- Validate all tool arguments before execution
|
|
51
|
+
- Sanitize user-influenced inputs passed to tools
|
|
52
|
+
- Set timeouts on all external tool calls
|
|
53
|
+
- Handle tool failures gracefully; allow the agent to retry or choose alternatives
|
|
54
|
+
- Log every tool call with inputs, outputs, latency, and success/failure
|
|
55
|
+
|
|
56
|
+
## Multi-Agent Systems
|
|
57
|
+
|
|
58
|
+
### Patterns
|
|
59
|
+
- **Orchestrator-worker**: one agent delegates subtasks to specialists
|
|
60
|
+
- **Pipeline**: agents process sequentially, each adding to the context
|
|
61
|
+
- **Debate**: multiple agents propose solutions, a judge selects the best
|
|
62
|
+
- **Swarm**: agents claim tasks from a shared queue
|
|
63
|
+
|
|
64
|
+
### Coordination
|
|
65
|
+
- Define clear responsibilities per agent role
|
|
66
|
+
- One writer per resource at any time to avoid conflicts
|
|
67
|
+
- Shared context via message passing, not shared mutable state
|
|
68
|
+
- Supervisor agent monitors progress and handles failures
|
|
69
|
+
- Set maximum iterations to prevent infinite loops
|
|
70
|
+
|
|
71
|
+
## Prompt Engineering for Agents
|
|
72
|
+
|
|
73
|
+
- System prompt: role, capabilities, constraints, output format
|
|
74
|
+
- Include examples of correct tool selection and usage
|
|
75
|
+
- Specify when to ask for clarification vs proceed with assumptions
|
|
76
|
+
- Define stop conditions: task complete, max iterations, confidence threshold
|
|
77
|
+
- Separate instructions from context; keep instructions stable
|
|
78
|
+
|
|
79
|
+
## Error Handling
|
|
80
|
+
|
|
81
|
+
- Retry transient failures with backoff
|
|
82
|
+
- Escalate persistent failures to the user or supervisor
|
|
83
|
+
- Maintain a fallback path when tools are unavailable
|
|
84
|
+
- Log enough context to debug failures post-hoc
|
|
85
|
+
- Prevent cascading failures in multi-agent systems
|
|
86
|
+
|
|
87
|
+
## Safety and Guardrails
|
|
88
|
+
|
|
89
|
+
- Validate agent outputs before executing side effects
|
|
90
|
+
- Require human approval for high-impact actions (delete, deploy, send)
|
|
91
|
+
- Rate limit tool calls to prevent runaway loops
|
|
92
|
+
- Monitor token usage and cost per agent session
|
|
93
|
+
- Content filtering on both inputs and outputs
|
|
94
|
+
|
|
95
|
+
## Evaluation
|
|
96
|
+
|
|
97
|
+
- Task completion rate on a benchmark set
|
|
98
|
+
- Tool selection accuracy: did the agent pick the right tool?
|
|
99
|
+
- Step efficiency: how many steps to complete vs optimal?
|
|
100
|
+
- Error recovery rate: does the agent recover from tool failures?
|
|
101
|
+
- Cost per task: tokens consumed, API calls made, latency
|
|
102
|
+
- Run evals on every prompt or tool change
|
|
@@ -0,0 +1,105 @@
|
|
|
1
|
+
<!--
|
|
2
|
+
skills/ai/llm-security.md — LLM Security — Use this skill when securing LLM-powered applications against prompt injection,
|
|
3
|
+
|
|
4
|
+
Use this skill when securing LLM-powered applications against prompt injection, data leakage, and misuse. ## Prompt Injection
|
|
5
|
+
-->
|
|
6
|
+
# LLM Security
|
|
7
|
+
|
|
8
|
+
Use this skill when securing LLM-powered applications against prompt injection, data leakage, and misuse.
|
|
9
|
+
|
|
10
|
+
## Prompt Injection
|
|
11
|
+
|
|
12
|
+
### Direct Injection
|
|
13
|
+
- User input overrides system instructions ("ignore previous instructions and...")
|
|
14
|
+
- Instruction delimiters in user content confuse the model
|
|
15
|
+
- Encoded payloads: base64, ROT13, unicode tricks bypass naive filters
|
|
16
|
+
|
|
17
|
+
### Indirect Injection
|
|
18
|
+
- Malicious instructions embedded in retrieved documents, emails, or web pages
|
|
19
|
+
- Tool outputs containing adversarial prompts
|
|
20
|
+
- Injected content in database records, file metadata, or API responses
|
|
21
|
+
|
|
22
|
+
### Mitigations
|
|
23
|
+
- Separate system instructions from user input with clear structural delimiters
|
|
24
|
+
- Use structured tool calling instead of free-text tool invocation
|
|
25
|
+
- Validate and sanitize all external content before including in prompts
|
|
26
|
+
- Monitor for instruction-following anomalies in outputs
|
|
27
|
+
- Defense in depth: no single mitigation is sufficient
|
|
28
|
+
|
|
29
|
+
## Data Leakage
|
|
30
|
+
|
|
31
|
+
### System Prompt Extraction
|
|
32
|
+
- Adversarial queries designed to make the model reveal its instructions
|
|
33
|
+
- Avoid placing secrets, API keys, or sensitive logic in prompts
|
|
34
|
+
- Test with extraction attempts before deployment
|
|
35
|
+
|
|
36
|
+
### Training Data Leakage
|
|
37
|
+
- Model may memorize and reproduce sensitive training data
|
|
38
|
+
- Use output filtering for PII, credentials, and proprietary content
|
|
39
|
+
- Fine-tuned models have higher memorization risk
|
|
40
|
+
|
|
41
|
+
### Context Window Leakage
|
|
42
|
+
- Multi-turn conversations may expose prior context to subsequent users
|
|
43
|
+
- Isolate sessions; do not share context across users
|
|
44
|
+
- Clear context between logically separate interactions
|
|
45
|
+
|
|
46
|
+
## Output Validation
|
|
47
|
+
|
|
48
|
+
- Classify outputs for harmful content before delivering to users
|
|
49
|
+
- Filter PII from generated responses
|
|
50
|
+
- Validate structured outputs against expected schema
|
|
51
|
+
- Block responses that reference system prompt content
|
|
52
|
+
- Rate limit generation to prevent abuse
|
|
53
|
+
|
|
54
|
+
## Guardrails Architecture
|
|
55
|
+
|
|
56
|
+
### Input Layer
|
|
57
|
+
1. Input validation: length, format, character set
|
|
58
|
+
2. Content classification: detect adversarial, toxic, or off-topic input
|
|
59
|
+
3. Rate limiting per user, per IP, per session
|
|
60
|
+
4. Blocklist for known attack patterns (with awareness that blocklists are bypassable)
|
|
61
|
+
|
|
62
|
+
### Processing Layer
|
|
63
|
+
1. Separate system context from user context structurally
|
|
64
|
+
2. Minimize sensitive information in prompts
|
|
65
|
+
3. Use tool-level permissions: agent cannot access tools beyond its scope
|
|
66
|
+
4. Constrain generation parameters: temperature, max tokens, stop sequences
|
|
67
|
+
|
|
68
|
+
### Output Layer
|
|
69
|
+
1. Content classification on generated text
|
|
70
|
+
2. PII detection and redaction
|
|
71
|
+
3. Schema validation for structured outputs
|
|
72
|
+
4. Citation verification against source material
|
|
73
|
+
5. Human review queue for high-risk outputs
|
|
74
|
+
|
|
75
|
+
## Tool Use Security
|
|
76
|
+
|
|
77
|
+
- Principle of least privilege: each tool call should require minimum permissions
|
|
78
|
+
- Validate all tool arguments; do not pass user input directly to tools
|
|
79
|
+
- Sandbox code execution environments
|
|
80
|
+
- Log all tool invocations for audit
|
|
81
|
+
- Require confirmation for destructive operations
|
|
82
|
+
|
|
83
|
+
## Jailbreak Resistance
|
|
84
|
+
|
|
85
|
+
- No single defense stops all jailbreaks; layer mitigations
|
|
86
|
+
- Regularly test with known jailbreak techniques
|
|
87
|
+
- Monitor for novel attack patterns in production logs
|
|
88
|
+
- Update defenses as new techniques emerge
|
|
89
|
+
- Accept that sufficiently motivated attackers will find bypasses; limit blast radius
|
|
90
|
+
|
|
91
|
+
## Monitoring and Incident Response
|
|
92
|
+
|
|
93
|
+
- Log all prompts, responses, and tool calls (with PII redaction)
|
|
94
|
+
- Alert on: unusual token patterns, repeated injection attempts, output policy violations
|
|
95
|
+
- Maintain an incident response playbook for LLM-specific failures
|
|
96
|
+
- Track and categorize bypass attempts to improve defenses
|
|
97
|
+
- Measure: injection detection rate, false positive rate, policy violation rate
|
|
98
|
+
|
|
99
|
+
## Compliance
|
|
100
|
+
|
|
101
|
+
- Document AI usage and limitations for users
|
|
102
|
+
- Maintain audit trail of model inputs, outputs, and decisions
|
|
103
|
+
- Disclose AI-generated content where required by policy or regulation
|
|
104
|
+
- Ensure data processing complies with privacy regulations (GDPR, CCPA)
|
|
105
|
+
- Review and update security controls with each model or prompt change
|