@gong-ym/ai-spec-auto 0.2.13 → 0.2.15

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (631) hide show
  1. package/.agents/commands/README.md +33 -33
  2. package/.agents/commands/claude/spec-start-review.md +88 -88
  3. package/.agents/commands/codex/spec-continue.md +74 -74
  4. package/.agents/commands/codex/spec-orchestrate.md +35 -35
  5. package/.agents/commands/codex/spec-start-review.md +88 -88
  6. package/.agents/commands/codex/spec-start.md +67 -67
  7. package/.agents/commands/codex/spec-status.md +22 -22
  8. package/.agents/commands/codex/spec-stop.md +29 -29
  9. package/.agents/commands/codex/spec-update.md +40 -40
  10. package/.agents/commands/common/branch-review.md +117 -117
  11. package/.agents/commands/common/project-init.md +25 -25
  12. package/.agents/commands/common/spec-continue.md +74 -74
  13. package/.agents/commands/common/spec-orchestrate.md +35 -35
  14. package/.agents/commands/common/spec-start-review.md +82 -82
  15. package/.agents/commands/common/spec-start.md +67 -67
  16. package/.agents/commands/common/spec-status.md +22 -22
  17. package/.agents/commands/common/spec-stop.md +29 -29
  18. package/.agents/commands/common/spec-update.md +60 -40
  19. package/.agents/commands/cursor/opsx-apply.md +55 -55
  20. package/.agents/commands/cursor/opsx-archive.md +48 -48
  21. package/.agents/commands/cursor/opsx-explore.md +45 -45
  22. package/.agents/commands/cursor/opsx-propose.md +59 -59
  23. package/.agents/commands/cursor/spec-continue.md +63 -63
  24. package/.agents/commands/cursor/spec-orchestrate.md +53 -53
  25. package/.agents/commands/cursor/spec-start-review.md +78 -78
  26. package/.agents/commands/cursor/spec-start.md +59 -59
  27. package/.agents/commands/cursor/spec-status.md +30 -30
  28. package/.agents/commands/cursor/spec-stop.md +29 -29
  29. package/.agents/commands/cursor/spec-update.md +41 -41
  30. package/.agents/flows/FRONTMATTER.md +263 -263
  31. package/.agents/flows/RUN_OUTPUT.md +263 -263
  32. package/.agents/flows/common/README.md +29 -29
  33. package/.agents/flows/common/bugfix-to-verification.md +95 -95
  34. package/.agents/flows/common/change-to-architecture-review.md +89 -89
  35. package/.agents/flows/common/change-to-release.md +94 -94
  36. package/.agents/flows/common/prd-to-delivery.md +184 -184
  37. package/.agents/flows/common/requirement-to-observability.md +97 -97
  38. package/.agents/orchestration/README.md +22 -22
  39. package/.agents/orchestration/expert-dispatch-spec.md +155 -155
  40. package/.agents/orchestration/expert-executor-spec.md +84 -84
  41. package/.agents/orchestration/expert-runtime-action-spec.md +73 -73
  42. package/.agents/orchestration/runtime-state-handoff-spec.md +264 -264
  43. package/.agents/orchestration/task-anchor-spec.md +212 -212
  44. package/.agents/orchestration/task-orchestrator-adapter-payload.md +153 -153
  45. package/.agents/orchestration/task-orchestrator-bootstrap-payload.md +145 -145
  46. package/.agents/orchestration/task-orchestrator-output-extractor-spec.md +93 -93
  47. package/.agents/orchestration/task-orchestrator-run-plan-template.md +312 -312
  48. package/.agents/orchestration/task-orchestrator-runtime-hooks.md +214 -214
  49. package/.agents/registry/README.md +63 -63
  50. package/.agents/registry/flows.json +125 -125
  51. package/.agents/registry/profiles.json +101 -101
  52. package/.agents/registry/roles.json +1265 -1265
  53. package/.agents/registry/rules.json +148 -148
  54. package/.agents/registry/scenario-packages.json +123 -123
  55. package/.agents/registry/skills.json +130 -130
  56. package/.agents/roles/INDEX.md +346 -346
  57. package/.agents/roles/common/README.md +76 -76
  58. package/.agents/roles/common/archive-change.md +80 -80
  59. package/.agents/roles/common/backend-implementer.md +92 -92
  60. package/.agents/roles/common/code-guardian.md +151 -151
  61. package/.agents/roles/common/frontend-implementer.md +146 -146
  62. package/.agents/roles/common/requirement-analyst.md +138 -138
  63. package/.agents/roles/common/task-orchestrator-routing.md +301 -301
  64. package/.agents/roles/common/task-orchestrator.md +224 -224
  65. package/.agents/roles/common/tooling-implementer.md +92 -92
  66. package/.agents/roles/domains/README.md +35 -35
  67. package/.agents/roles/domains/delivery/README.md +11 -11
  68. package/.agents/roles/domains/delivery/container-specialist.md +50 -50
  69. package/.agents/roles/domains/delivery/deployment-specialist.md +50 -50
  70. package/.agents/roles/domains/delivery/pipeline-specialist.md +50 -50
  71. package/.agents/roles/domains/demand-design/README.md +16 -16
  72. package/.agents/roles/domains/demand-design/api-contract-specialist.md +52 -52
  73. package/.agents/roles/domains/demand-design/design-collaborator.md +58 -58
  74. package/.agents/roles/domains/documentation/README.md +11 -11
  75. package/.agents/roles/domains/documentation/api-doc-specialist.md +50 -50
  76. package/.agents/roles/domains/documentation/component-doc-specialist.md +49 -49
  77. package/.agents/roles/domains/documentation/technical-writing-specialist.md +48 -48
  78. package/.agents/roles/domains/engineering/README.md +17 -17
  79. package/.agents/roles/domains/engineering/architecture-advisor.md +53 -53
  80. package/.agents/roles/domains/engineering/build-specialist.md +51 -51
  81. package/.agents/roles/domains/engineering/dependency-governor.md +52 -52
  82. package/.agents/roles/domains/governance/README.md +17 -17
  83. package/.agents/roles/domains/governance/api-governance-specialist.md +51 -51
  84. package/.agents/roles/domains/governance/lint-policy-specialist.md +49 -49
  85. package/.agents/roles/domains/governance/route-governance-specialist.md +52 -52
  86. package/.agents/roles/domains/observability/README.md +11 -11
  87. package/.agents/roles/domains/observability/error-tracker.md +50 -50
  88. package/.agents/roles/domains/observability/event-instrumentation-specialist.md +51 -51
  89. package/.agents/roles/domains/observability/rum-analyst.md +50 -50
  90. package/.agents/roles/domains/performance/README.md +11 -11
  91. package/.agents/roles/domains/performance/asset-optimizer.md +50 -50
  92. package/.agents/roles/domains/performance/performance-auditor.md +56 -56
  93. package/.agents/roles/domains/performance/vitals-analyst.md +50 -50
  94. package/.agents/roles/domains/security-a11y/README.md +11 -11
  95. package/.agents/roles/domains/security-a11y/a11y-auditor.md +50 -50
  96. package/.agents/roles/domains/security-a11y/aria-specialist.md +51 -51
  97. package/.agents/roles/domains/security-a11y/security-reviewer.md +49 -49
  98. package/.agents/roles/domains/testing/README.md +12 -12
  99. package/.agents/roles/domains/testing/coverage-analyst.md +50 -50
  100. package/.agents/roles/domains/testing/e2e-test-specialist.md +51 -51
  101. package/.agents/roles/domains/testing/unit-test-specialist.md +56 -56
  102. package/.agents/roles/domains/testing/verification-reviewer.md +67 -67
  103. package/.agents/rules/README.md +87 -87
  104. package/.agents/rules/common/02-/347/274/226/347/240/201/350/247/204/350/214/203.md +45 -45
  105. package/.agents/rules/common/08-/351/200/232/347/224/250/347/272/246/346/235/237.md +63 -63
  106. package/.agents/rules/common/10-/346/226/207/346/241/243/350/247/204/350/214/203.md +101 -101
  107. package/.agents/rules/common/12-Superpowers/346/211/247/350/241/214/350/247/204/350/214/203.md +46 -46
  108. package/.agents/rules/common/14-/345/256/241/350/256/241/346/261/207/346/212/245/350/247/204/350/214/203.md +107 -107
  109. package/.agents/rules/common/15-visual-gate-wait.md +90 -90
  110. package/.agents/rules/profiles/nestjs/01-/351/241/271/347/233/256/346/246/202/350/277/260.md +27 -27
  111. package/.agents/rules/profiles/nestjs/03-/351/241/271/347/233/256/347/273/223/346/236/204.md +20 -20
  112. package/.agents/rules/profiles/nestjs/04-/346/250/241/345/235/227/347/273/223/346/236/204/350/247/204/350/214/203.md +24 -24
  113. package/.agents/rules/profiles/nestjs/05-/346/216/245/345/217/243/344/270/216/345/245/221/347/272/246/350/247/204/350/214/203.md +24 -24
  114. package/.agents/rules/profiles/nestjs/06-/346/225/260/346/215/256/350/256/277/351/227/256/350/247/204/350/214/203.md +24 -24
  115. package/.agents/rules/profiles/nestjs/07-/351/205/215/347/275/256/344/270/216/350/277/220/350/241/214/346/227/266/350/247/204/350/214/203.md +20 -20
  116. package/.agents/rules/profiles/nestjs/09-/345/274/202/345/270/270/344/270/216/346/227/245/345/277/227/350/247/204/350/214/203.md +20 -20
  117. package/.agents/rules/profiles/nestjs/11-/346/265/213/350/257/225/350/247/204/350/214/203.md +24 -24
  118. package/.agents/rules/profiles/nestjs/13-/344/273/243/347/240/201/346/240/274/345/274/217/345/214/226/344/270/216/346/243/200/346/237/245.md +20 -20
  119. package/.agents/rules/profiles/node-tooling/01-/351/241/271/347/233/256/346/246/202/350/277/260.md +30 -30
  120. package/.agents/rules/profiles/node-tooling/03-/351/241/271/347/233/256/347/273/223/346/236/204.md +37 -37
  121. package/.agents/rules/profiles/node-tooling/04-CLI/344/270/216/346/250/241/345/235/227/350/247/204/350/214/203.md +42 -42
  122. package/.agents/rules/profiles/node-tooling/05-Contract/344/270/216Schema/350/247/204/350/214/203.md +42 -42
  123. package/.agents/rules/profiles/node-tooling/06-/350/277/220/350/241/214/346/227/266/346/226/207/344/273/266/350/247/204/350/214/203.md +30 -30
  124. package/.agents/rules/profiles/node-tooling/07-/346/227/245/345/277/227/344/270/216/351/224/231/350/257/257/345/244/204/347/220/206/350/247/204/350/214/203.md +60 -60
  125. package/.agents/rules/profiles/node-tooling/09-/350/204/232/346/234/254/344/270/216/345/205/245/345/217/243/350/247/204/350/214/203.md +45 -45
  126. package/.agents/rules/profiles/node-tooling/11-/346/265/213/350/257/225/350/247/204/350/214/203.md +41 -41
  127. package/.agents/rules/profiles/node-tooling/13-/344/273/243/347/240/201/346/240/274/345/274/217/345/214/226/344/270/216/346/243/200/346/237/245.md +55 -55
  128. package/.agents/rules/profiles/react/01-/351/241/271/347/233/256/346/246/202/350/277/260.md +29 -29
  129. package/.agents/rules/profiles/react/03-/351/241/271/347/233/256/347/273/223/346/236/204.md +104 -104
  130. package/.agents/rules/profiles/react/04-/347/273/204/344/273/266/350/247/204/350/214/203.md +46 -46
  131. package/.agents/rules/profiles/react/05-API/350/247/204/350/214/203.md +67 -67
  132. package/.agents/rules/profiles/react/06-/350/267/257/347/224/261/350/247/204/350/214/203.md +54 -54
  133. package/.agents/rules/profiles/react/07-/347/212/266/346/200/201/347/256/241/347/220/206.md +226 -226
  134. package/.agents/rules/profiles/react/09-/346/240/267/345/274/217/350/247/204/350/214/203.md +71 -71
  135. package/.agents/rules/profiles/react/11-/346/265/213/350/257/225/350/247/204/350/214/203.md +80 -80
  136. package/.agents/rules/profiles/react/13-/344/273/243/347/240/201/346/240/274/345/274/217/345/214/226/344/270/216/346/243/200/346/237/245.md +159 -159
  137. package/.agents/rules/profiles/springboot/01-/351/241/271/347/233/256/346/246/202/350/277/260.md +31 -31
  138. package/.agents/rules/profiles/springboot/03-/351/241/271/347/233/256/347/273/223/346/236/204.md +37 -37
  139. package/.agents/rules/profiles/springboot/04-/345/210/206/345/261/202/350/247/204/350/214/203.md +33 -33
  140. package/.agents/rules/profiles/springboot/05-/346/216/245/345/217/243/344/270/216/345/245/221/347/272/246/350/247/204/350/214/203.md +51 -51
  141. package/.agents/rules/profiles/springboot/06-/346/225/260/346/215/256/350/256/277/351/227/256/350/247/204/350/214/203.md +34 -34
  142. package/.agents/rules/profiles/springboot/07-/351/205/215/347/275/256/344/270/216/350/277/220/350/241/214/346/227/266/350/247/204/350/214/203.md +38 -38
  143. package/.agents/rules/profiles/springboot/09-/345/274/202/345/270/270/344/270/216/346/227/245/345/277/227/350/247/204/350/214/203.md +48 -48
  144. package/.agents/rules/profiles/springboot/11-/346/265/213/350/257/225/350/247/204/350/214/203.md +43 -43
  145. package/.agents/rules/profiles/springboot/13-/344/273/243/347/240/201/346/240/274/345/274/217/345/214/226/344/270/216/346/243/200/346/237/245.md +48 -48
  146. package/.agents/rules/profiles/vue/01-/351/241/271/347/233/256/346/246/202/350/277/260.md +47 -47
  147. package/.agents/rules/profiles/vue/03-/351/241/271/347/233/256/347/273/223/346/236/204.md +106 -106
  148. package/.agents/rules/profiles/vue/04-/347/273/204/344/273/266/350/247/204/350/214/203.md +61 -61
  149. package/.agents/rules/profiles/vue/05-API/350/247/204/350/214/203.md +67 -67
  150. package/.agents/rules/profiles/vue/06-/350/267/257/347/224/261/350/247/204/350/214/203.md +69 -69
  151. package/.agents/rules/profiles/vue/07-/347/212/266/346/200/201/347/256/241/347/220/206.md +93 -93
  152. package/.agents/rules/profiles/vue/09-/346/240/267/345/274/217/350/247/204/350/214/203.md +67 -67
  153. package/.agents/rules/profiles/vue/11-/346/265/213/350/257/225/350/247/204/350/214/203.md +80 -80
  154. package/.agents/rules/profiles/vue/13-/344/273/243/347/240/201/346/240/274/345/274/217/345/214/226/344/270/216/346/243/200/346/237/245.md +159 -159
  155. package/.agents/skills/README.md +171 -171
  156. package/.agents/skills/common/archive-change/SKILL.md +180 -180
  157. package/.agents/skills/common/branch-code-reviewer/SKILL.md +533 -459
  158. package/.agents/skills/common/branch-code-reviewer/references/business-risk-guide.md +293 -293
  159. package/.agents/skills/common/branch-code-reviewer/references/html-template-guide.md +121 -121
  160. package/.agents/skills/common/config-and-secret-scan/SKILL.md +99 -99
  161. package/.agents/skills/common/create-proposal/SKILL.md +192 -192
  162. package/.agents/skills/common/create-proposal/evals/evals.json +16 -16
  163. package/.agents/skills/common/create-proposal/evals/train_queries.json +18 -18
  164. package/.agents/skills/common/create-proposal/evals/validation_queries.json +18 -18
  165. package/.agents/skills/common/create-proposal/references/interaction-spec-template.md +42 -42
  166. package/.agents/skills/common/create-test/SKILL.md +292 -292
  167. package/.agents/skills/common/dependency-impact-graph/SKILL.md +80 -80
  168. package/.agents/skills/common/execute-task/SKILL.md +206 -206
  169. package/.agents/skills/common/execute-task/evals/evals.json +16 -16
  170. package/.agents/skills/common/execute-task/evals/train_queries.json +18 -18
  171. package/.agents/skills/common/execute-task/evals/validation_queries.json +18 -18
  172. package/.agents/skills/common/find-skills/SKILL.md +144 -144
  173. package/.agents/skills/common/install-ai-spec-auto/SKILL.md +260 -260
  174. package/.agents/skills/common/install-ai-spec-auto/evals/evals.json +17 -17
  175. package/.agents/skills/common/install-ai-spec-auto/evals/train_queries.json +18 -18
  176. package/.agents/skills/common/install-ai-spec-auto/evals/validation_queries.json +18 -18
  177. package/.agents/skills/common/project-init/SKILL.md +178 -178
  178. package/.agents/skills/common/project-init/evals/evals.json +16 -16
  179. package/.agents/skills/common/project-init/evals/train_queries.json +18 -18
  180. package/.agents/skills/common/project-init/evals/validation_queries.json +18 -18
  181. package/.agents/skills/common/project-init/references/custom-rule-generation.md +89 -89
  182. package/.agents/skills/common/project-init/references/deep-scan-rules.md +67 -67
  183. package/.agents/skills/common/project-init/references/output-contracts.md +71 -71
  184. package/.agents/skills/common/project-init/references/repo-fact-gathering.md +83 -83
  185. package/.agents/skills/common/project-init/references/scope-resolution.md +76 -76
  186. package/.agents/skills/common/project-init/scripts/inspect-project.js +112 -112
  187. package/.agents/skills/common/skill-creator/LICENSE.txt +201 -201
  188. package/.agents/skills/common/skill-creator/SKILL.md +370 -370
  189. package/.agents/skills/common/skill-creator/evals/evals.json +16 -16
  190. package/.agents/skills/common/skill-creator/evals/train_queries.json +18 -18
  191. package/.agents/skills/common/skill-creator/evals/validation_queries.json +18 -18
  192. package/.agents/skills/common/skill-creator/references/output-patterns.md +82 -82
  193. package/.agents/skills/common/skill-creator/references/workflows.md +27 -27
  194. package/.agents/skills/common/skill-creator/scripts/init_skill.py +209 -209
  195. package/.agents/skills/common/skill-creator/scripts/package_skill.py +110 -110
  196. package/.agents/skills/common/skill-creator/scripts/quick_validate.py +51 -51
  197. package/.agents/skills/common/skill-optimizer/SKILL.md +102 -102
  198. package/.agents/skills/common/skill-optimizer/evals/evals.json +16 -16
  199. package/.agents/skills/common/skill-optimizer/evals/train_queries.json +18 -18
  200. package/.agents/skills/common/skill-optimizer/evals/validation_queries.json +18 -18
  201. package/.agents/skills/common/skill-optimizer/references/design-patterns.md +26 -26
  202. package/.agents/skills/common/skill-optimizer/references/review-checklist.md +22 -22
  203. package/.agents/skills/common/using-superpowers/SKILL.md +151 -151
  204. package/.agents/skills/common/wait-for-gate-signal/SKILL.md +85 -85
  205. package/.agents/skills/domains/README.md +19 -19
  206. package/.agents/skills/domains/ui-ux-pro-max/SKILL.md +58 -58
  207. package/.agents/skills/domains/web/design-analysis/SKILL.md +89 -89
  208. package/.agents/skills/domains/web/design-analysis/rules/analysis-order.md +61 -61
  209. package/.agents/skills/domains/web/design-analysis/rules/analysis-priorities.md +136 -136
  210. package/.agents/skills/domains/web/design-analysis/rules/checklist-common-misses.md +107 -107
  211. package/.agents/skills/domains/web/design-analysis/rules/implementation-common-errors.md +204 -204
  212. package/.agents/skills/domains/web/design-analysis/rules/implementation-guidelines.md +211 -211
  213. package/.agents/skills/domains/web/design-analysis/rules/output-analysis-checklist.md +247 -247
  214. package/.agents/skills/domains/web/design-analysis/rules/tools-design-guidelines.md +108 -108
  215. package/.agents/skills/domains/web/design-analysis/rules/workflow-element-extraction.md +162 -162
  216. package/.agents/skills/domains/web/design-analysis/rules/workflow-layout-map.md +131 -131
  217. package/.agents/skills/domains/web/design-analysis/rules/workflow-output-checklist.md +70 -70
  218. package/.agents/skills/domains/web/design-analysis/rules/workflow-style-summary.md +91 -91
  219. package/.agents/skills/domains/web/route-permission-map/SKILL.md +103 -103
  220. package/.agents/skills/domains/web/ui-verification/SKILL.md +114 -114
  221. package/.agents/skills/domains/web/ui-verification/evals/evals.json +16 -16
  222. package/.agents/skills/domains/web/ui-verification/evals/train_queries.json +18 -18
  223. package/.agents/skills/domains/web/ui-verification/evals/validation_queries.json +18 -18
  224. package/.agents/skills/domains/web/ui-verification/rules/comparison-content-image.md +34 -34
  225. package/.agents/skills/domains/web/ui-verification/rules/comparison-content-text.md +30 -30
  226. package/.agents/skills/domains/web/ui-verification/rules/comparison-hierarchy.md +33 -33
  227. package/.agents/skills/domains/web/ui-verification/rules/comparison-layout.md +35 -35
  228. package/.agents/skills/domains/web/ui-verification/rules/errors-alignment.md +42 -42
  229. package/.agents/skills/domains/web/ui-verification/rules/errors-button-dimensions.md +28 -28
  230. package/.agents/skills/domains/web/ui-verification/rules/errors-button-position.md +25 -25
  231. package/.agents/skills/domains/web/ui-verification/rules/errors-css-priority.md +50 -50
  232. package/.agents/skills/domains/web/ui-verification/rules/errors-flex-column-width.md +46 -46
  233. package/.agents/skills/domains/web/ui-verification/rules/errors-flex-layout.md +46 -46
  234. package/.agents/skills/domains/web/ui-verification/rules/errors-grid-container-width.md +44 -44
  235. package/.agents/skills/domains/web/ui-verification/rules/errors-page-container-width.md +39 -39
  236. package/.agents/skills/domains/web/ui-verification/rules/tools-browser-navigation.md +53 -53
  237. package/.agents/skills/domains/web/ui-verification/rules/tools-design-guidelines.md +53 -53
  238. package/.agents/skills/domains/web/ui-verification/rules/workflow-checklist.md +27 -27
  239. package/.agents/skills/domains/web/ui-verification/rules/workflow-problem-list.md +56 -56
  240. package/.agents/skills/domains/web/ui-verification/rules/workflow-reflection.md +44 -44
  241. package/.agents/skills/domains/web/ui-verification/rules/writing-alignment.md +44 -44
  242. package/.agents/skills/domains/web/ui-verification/rules/writing-element-completeness.md +63 -63
  243. package/.agents/skills/domains/web/ui-verification/rules/writing-list-layout.md +75 -75
  244. package/.agents/skills/domains/web/ui-verification/rules/writing-page-container-width.md +37 -37
  245. package/.agents/skills/domains/web/web-design-guidelines/SKILL.md +40 -40
  246. package/.agents/skills/profiles/nestjs/README.md +4 -4
  247. package/.agents/skills/profiles/node-tooling/README.md +9 -9
  248. package/.agents/skills/profiles/react/create-api/SKILL.md +145 -145
  249. package/.agents/skills/profiles/react/create-component/SKILL.md +160 -160
  250. package/.agents/skills/profiles/react/create-route/SKILL.md +168 -168
  251. package/.agents/skills/profiles/react/create-store/SKILL.md +262 -262
  252. package/.agents/skills/profiles/react/theme-variables/SKILL.md +82 -82
  253. package/.agents/skills/profiles/react/vercel-composition-patterns/AGENTS.md +899 -899
  254. package/.agents/skills/profiles/react/vercel-composition-patterns/SKILL.md +81 -81
  255. package/.agents/skills/profiles/react/vercel-composition-patterns/rules/architecture-avoid-boolean-props.md +100 -100
  256. package/.agents/skills/profiles/react/vercel-composition-patterns/rules/architecture-compound-components.md +112 -112
  257. package/.agents/skills/profiles/react/vercel-composition-patterns/rules/patterns-children-over-render-props.md +87 -87
  258. package/.agents/skills/profiles/react/vercel-composition-patterns/rules/patterns-explicit-variants.md +100 -100
  259. package/.agents/skills/profiles/react/vercel-composition-patterns/rules/state-context-interface.md +191 -191
  260. package/.agents/skills/profiles/react/vercel-composition-patterns/rules/state-decouple-implementation.md +113 -113
  261. package/.agents/skills/profiles/react/vercel-composition-patterns/rules/state-lift-state.md +125 -125
  262. package/.agents/skills/profiles/react/vercel-react-best-practices/AGENTS.md +2934 -2934
  263. package/.agents/skills/profiles/react/vercel-react-best-practices/SKILL.md +136 -136
  264. package/.agents/skills/profiles/react/vercel-react-best-practices/rules/advanced-event-handler-refs.md +55 -55
  265. package/.agents/skills/profiles/react/vercel-react-best-practices/rules/advanced-init-once.md +42 -42
  266. package/.agents/skills/profiles/react/vercel-react-best-practices/rules/advanced-use-latest.md +39 -39
  267. package/.agents/skills/profiles/react/vercel-react-best-practices/rules/async-api-routes.md +38 -38
  268. package/.agents/skills/profiles/react/vercel-react-best-practices/rules/async-defer-await.md +80 -80
  269. package/.agents/skills/profiles/react/vercel-react-best-practices/rules/async-dependencies.md +51 -51
  270. package/.agents/skills/profiles/react/vercel-react-best-practices/rules/async-parallel.md +28 -28
  271. package/.agents/skills/profiles/react/vercel-react-best-practices/rules/async-suspense-boundaries.md +99 -99
  272. package/.agents/skills/profiles/react/vercel-react-best-practices/rules/bundle-barrel-imports.md +59 -59
  273. package/.agents/skills/profiles/react/vercel-react-best-practices/rules/bundle-conditional.md +31 -31
  274. package/.agents/skills/profiles/react/vercel-react-best-practices/rules/bundle-defer-third-party.md +49 -49
  275. package/.agents/skills/profiles/react/vercel-react-best-practices/rules/bundle-dynamic-imports.md +35 -35
  276. package/.agents/skills/profiles/react/vercel-react-best-practices/rules/bundle-preload.md +50 -50
  277. package/.agents/skills/profiles/react/vercel-react-best-practices/rules/client-event-listeners.md +74 -74
  278. package/.agents/skills/profiles/react/vercel-react-best-practices/rules/client-localstorage-schema.md +71 -71
  279. package/.agents/skills/profiles/react/vercel-react-best-practices/rules/client-passive-event-listeners.md +48 -48
  280. package/.agents/skills/profiles/react/vercel-react-best-practices/rules/client-swr-dedup.md +56 -56
  281. package/.agents/skills/profiles/react/vercel-react-best-practices/rules/js-batch-dom-css.md +107 -107
  282. package/.agents/skills/profiles/react/vercel-react-best-practices/rules/js-cache-function-results.md +80 -80
  283. package/.agents/skills/profiles/react/vercel-react-best-practices/rules/js-cache-property-access.md +28 -28
  284. package/.agents/skills/profiles/react/vercel-react-best-practices/rules/js-cache-storage.md +70 -70
  285. package/.agents/skills/profiles/react/vercel-react-best-practices/rules/js-combine-iterations.md +32 -32
  286. package/.agents/skills/profiles/react/vercel-react-best-practices/rules/js-early-exit.md +50 -50
  287. package/.agents/skills/profiles/react/vercel-react-best-practices/rules/js-hoist-regexp.md +45 -45
  288. package/.agents/skills/profiles/react/vercel-react-best-practices/rules/js-index-maps.md +37 -37
  289. package/.agents/skills/profiles/react/vercel-react-best-practices/rules/js-length-check-first.md +49 -49
  290. package/.agents/skills/profiles/react/vercel-react-best-practices/rules/js-min-max-loop.md +82 -82
  291. package/.agents/skills/profiles/react/vercel-react-best-practices/rules/js-set-map-lookups.md +24 -24
  292. package/.agents/skills/profiles/react/vercel-react-best-practices/rules/js-tosorted-immutable.md +57 -57
  293. package/.agents/skills/profiles/react/vercel-react-best-practices/rules/rendering-activity.md +26 -26
  294. package/.agents/skills/profiles/react/vercel-react-best-practices/rules/rendering-animate-svg-wrapper.md +47 -47
  295. package/.agents/skills/profiles/react/vercel-react-best-practices/rules/rendering-conditional-render.md +40 -40
  296. package/.agents/skills/profiles/react/vercel-react-best-practices/rules/rendering-content-visibility.md +38 -38
  297. package/.agents/skills/profiles/react/vercel-react-best-practices/rules/rendering-hoist-jsx.md +46 -46
  298. package/.agents/skills/profiles/react/vercel-react-best-practices/rules/rendering-hydration-no-flicker.md +82 -82
  299. package/.agents/skills/profiles/react/vercel-react-best-practices/rules/rendering-hydration-suppress-warning.md +30 -30
  300. package/.agents/skills/profiles/react/vercel-react-best-practices/rules/rendering-svg-precision.md +28 -28
  301. package/.agents/skills/profiles/react/vercel-react-best-practices/rules/rendering-usetransition-loading.md +75 -75
  302. package/.agents/skills/profiles/react/vercel-react-best-practices/rules/rerender-defer-reads.md +39 -39
  303. package/.agents/skills/profiles/react/vercel-react-best-practices/rules/rerender-dependencies.md +45 -45
  304. package/.agents/skills/profiles/react/vercel-react-best-practices/rules/rerender-derived-state-no-effect.md +40 -40
  305. package/.agents/skills/profiles/react/vercel-react-best-practices/rules/rerender-derived-state.md +29 -29
  306. package/.agents/skills/profiles/react/vercel-react-best-practices/rules/rerender-functional-setstate.md +74 -74
  307. package/.agents/skills/profiles/react/vercel-react-best-practices/rules/rerender-lazy-state-init.md +58 -58
  308. package/.agents/skills/profiles/react/vercel-react-best-practices/rules/rerender-memo-with-default-value.md +38 -38
  309. package/.agents/skills/profiles/react/vercel-react-best-practices/rules/rerender-memo.md +44 -44
  310. package/.agents/skills/profiles/react/vercel-react-best-practices/rules/rerender-move-effect-to-event.md +45 -45
  311. package/.agents/skills/profiles/react/vercel-react-best-practices/rules/rerender-simple-expression-in-memo.md +35 -35
  312. package/.agents/skills/profiles/react/vercel-react-best-practices/rules/rerender-transitions.md +40 -40
  313. package/.agents/skills/profiles/react/vercel-react-best-practices/rules/rerender-use-ref-transient-values.md +73 -73
  314. package/.agents/skills/profiles/react/vercel-react-best-practices/rules/server-after-nonblocking.md +73 -73
  315. package/.agents/skills/profiles/react/vercel-react-best-practices/rules/server-auth-actions.md +96 -96
  316. package/.agents/skills/profiles/react/vercel-react-best-practices/rules/server-cache-lru.md +41 -41
  317. package/.agents/skills/profiles/react/vercel-react-best-practices/rules/server-cache-react.md +76 -76
  318. package/.agents/skills/profiles/react/vercel-react-best-practices/rules/server-dedup-props.md +65 -65
  319. package/.agents/skills/profiles/react/vercel-react-best-practices/rules/server-parallel-fetching.md +83 -83
  320. package/.agents/skills/profiles/react/vercel-react-best-practices/rules/server-serialization.md +38 -38
  321. package/.agents/skills/profiles/springboot/README.md +10 -10
  322. package/.agents/skills/profiles/vue/create-api/SKILL.md +105 -105
  323. package/.agents/skills/profiles/vue/create-component/SKILL.md +76 -76
  324. package/.agents/skills/profiles/vue/create-route/SKILL.md +141 -141
  325. package/.agents/skills/profiles/vue/create-store/SKILL.md +97 -97
  326. package/.agents/skills/profiles/vue/create-view/SKILL.md +81 -81
  327. package/.agents/skills/profiles/vue/theme-variables/SKILL.md +73 -73
  328. package/.agents/skills/profiles/vue/vue-best-practices/SKILL.md +166 -166
  329. package/.agents/skills/profiles/vue/vue-best-practices/references/animation-class-based-technique.md +254 -254
  330. package/.agents/skills/profiles/vue/vue-best-practices/references/animation-state-driven-technique.md +291 -291
  331. package/.agents/skills/profiles/vue/vue-best-practices/references/component-async.md +97 -97
  332. package/.agents/skills/profiles/vue/vue-best-practices/references/component-data-flow.md +307 -307
  333. package/.agents/skills/profiles/vue/vue-best-practices/references/component-fallthrough-attrs.md +174 -174
  334. package/.agents/skills/profiles/vue/vue-best-practices/references/component-keep-alive.md +137 -137
  335. package/.agents/skills/profiles/vue/vue-best-practices/references/component-slots.md +216 -216
  336. package/.agents/skills/profiles/vue/vue-best-practices/references/component-suspense.md +228 -228
  337. package/.agents/skills/profiles/vue/vue-best-practices/references/component-teleport.md +108 -108
  338. package/.agents/skills/profiles/vue/vue-best-practices/references/component-transition-group.md +128 -128
  339. package/.agents/skills/profiles/vue/vue-best-practices/references/component-transition.md +125 -125
  340. package/.agents/skills/profiles/vue/vue-best-practices/references/composables.md +290 -290
  341. package/.agents/skills/profiles/vue/vue-best-practices/references/directives.md +162 -162
  342. package/.agents/skills/profiles/vue/vue-best-practices/references/perf-avoid-component-abstraction-in-lists.md +159 -159
  343. package/.agents/skills/profiles/vue/vue-best-practices/references/perf-v-once-v-memo-directives.md +182 -182
  344. package/.agents/skills/profiles/vue/vue-best-practices/references/perf-virtualize-large-lists.md +187 -187
  345. package/.agents/skills/profiles/vue/vue-best-practices/references/plugins.md +166 -166
  346. package/.agents/skills/profiles/vue/vue-best-practices/references/reactivity.md +344 -344
  347. package/.agents/skills/profiles/vue/vue-best-practices/references/render-functions.md +201 -201
  348. package/.agents/skills/profiles/vue/vue-best-practices/references/sfc.md +310 -310
  349. package/.agents/skills/profiles/vue/vue-best-practices/references/state-management.md +135 -135
  350. package/.agents/skills/profiles/vue/vue-best-practices/references/updated-hook-performance.md +187 -187
  351. package/.agents/templates/common/README.md +23 -23
  352. package/.agents/templates/common/bugfix.md +22 -22
  353. package/.agents/templates/common/create-expert-package.md +458 -458
  354. package/.agents/templates/common/mock-page.md +28 -28
  355. package/.agents/templates/common/new-component.md +25 -25
  356. package/.agents/templates/common/new-page.md +31 -31
  357. package/.cursor/mcp.json +35 -35
  358. package/.qoder/mcp.json +26 -26
  359. package/bin/archive-change.js +560 -474
  360. package/bin/check-command.js +62 -62
  361. package/bin/cli.js +0 -0
  362. package/bin/command-template-renderer.js +40 -40
  363. package/bin/context-command.js +102 -102
  364. package/bin/demo-runtime-smoke.js +760 -760
  365. package/bin/execution-semantics.js +821 -821
  366. package/bin/executor-command.js +93 -93
  367. package/bin/expert-dispatch.js +334 -334
  368. package/bin/expert-executor.js +1148 -1148
  369. package/bin/guard-command.js +52 -52
  370. package/bin/hub-command.js +876 -876
  371. package/bin/ide-command.js +242 -242
  372. package/bin/init-command.js +193 -193
  373. package/bin/install-workflow.js +35 -3
  374. package/bin/manifest-export.js +34 -34
  375. package/bin/profile-registry.js +90 -90
  376. package/bin/protocol-workflow.js +452 -446
  377. package/bin/repair-command.js +161 -161
  378. package/bin/repo-map.js +177 -177
  379. package/bin/report-command.js +236 -236
  380. package/bin/runtime-bootstrap.js +428 -428
  381. package/bin/runtime-embedded.js +101 -101
  382. package/bin/runtime-fallback.js +106 -106
  383. package/bin/runtime-launcher.js +116 -116
  384. package/bin/runtime-paths.js +177 -177
  385. package/bin/runtime-registry.js +289 -289
  386. package/bin/runtime-state.js +2541 -2541
  387. package/bin/scan.js +96 -96
  388. package/bin/self-upgrade.js +206 -206
  389. package/bin/skill-spec-validator.js +457 -457
  390. package/bin/spec-command.js +366 -366
  391. package/bin/superpowers.js +384 -384
  392. package/bin/sync-command.js +59 -59
  393. package/bin/sync.js +1904 -1904
  394. package/bin/task-orchestrator-adapter.js +341 -341
  395. package/bin/task-orchestrator-extractor.js +274 -274
  396. package/bin/task-orchestrator-runner.js +1208 -1208
  397. package/bin/telemetry/README.md +66 -66
  398. package/bin/telemetry/aspect.js +153 -153
  399. package/bin/telemetry/collect.js +67 -67
  400. package/bin/telemetry/config.js +114 -114
  401. package/bin/telemetry/defaults.json +5 -5
  402. package/bin/telemetry/healthcheck.js +195 -195
  403. package/bin/telemetry/identity.js +53 -53
  404. package/bin/telemetry/index.js +25 -25
  405. package/bin/telemetry/reporter.js +83 -83
  406. package/bin/telemetry/safe.js +39 -39
  407. package/bin/validate-registry.js +740 -740
  408. package/bin/visual-bridge-config.js +117 -117
  409. package/bin/visual-bridge.js +287 -287
  410. package/bin/visual-command.js +432 -432
  411. package/bin/worktree-command.js +194 -194
  412. package/configs/common/.editorconfig +15 -15
  413. package/configs/common/.husky/commit-msg +4 -4
  414. package/configs/common/.husky/pre-commit +4 -4
  415. package/configs/common/.lintstagedrc +11 -11
  416. package/configs/common/.prettierignore +11 -11
  417. package/configs/common/.prettierrc.json +11 -11
  418. package/configs/common/.stylelintignore +14 -14
  419. package/configs/common/.stylelintrc.json +21 -21
  420. package/configs/common/commitlint.config.js +3 -3
  421. package/configs/profiles/nestjs/.gitkeep +1 -1
  422. package/configs/profiles/node-tooling/.gitkeep +1 -1
  423. package/configs/profiles/react/.eslintignore +6 -6
  424. package/configs/profiles/react/.eslintrc.js +16 -16
  425. package/configs/profiles/react/.stylelintrc.json +18 -18
  426. package/configs/profiles/springboot/.gitkeep +1 -1
  427. package/configs/profiles/vue/.eslintignore +6 -6
  428. package/configs/profiles/vue/.eslintrc.cjs +17 -17
  429. package/contracts/README.md +28 -28
  430. package/contracts/fixtures/asset-package.fixture.json +26 -26
  431. package/contracts/fixtures/asset-usage-feedback.fixture.json +14 -14
  432. package/contracts/fixtures/evidence-report.fixture.json +28 -28
  433. package/contracts/fixtures/manifest.fixture.json +20 -20
  434. package/contracts/fixtures/run-event.fixture.json +15 -15
  435. package/contracts/schemas/asset-package.schema.json +76 -76
  436. package/contracts/schemas/asset-usage-feedback.schema.json +57 -57
  437. package/contracts/schemas/evidence-report.schema.json +60 -60
  438. package/contracts/schemas/manifest.schema.json +63 -63
  439. package/contracts/schemas/run-event.schema.json +72 -72
  440. package/install.ps1 +35 -35
  441. package/install.sh +17 -17
  442. package/internal/ai-protocol-workflow.js +5824 -5600
  443. package/internal/hub-client.js +98 -98
  444. package/internal/hub-sync-selection.js +69 -69
  445. package/internal/visual-hooks/README.md +481 -481
  446. package/internal/visual-hooks/config-loader.js +218 -218
  447. package/internal/visual-hooks/control-puller.js +206 -206
  448. package/internal/visual-hooks/gate-signal.js +150 -150
  449. package/internal/visual-hooks/inbox-consumer.js +469 -469
  450. package/internal/visual-hooks/index.js +197 -197
  451. package/internal/visual-hooks/push-client.js +189 -189
  452. package/internal/visual-hooks/receipt-pusher.js +176 -176
  453. package/internal/visual-hooks/runtime-state-pusher.js +128 -128
  454. package/openspec/config.yaml.template +52 -52
  455. package/openspec/schemas/expert-delivery/schema.yaml +68 -68
  456. package/openspec/schemas/expert-delivery/templates/checklist.md +39 -39
  457. package/openspec/schemas/expert-delivery/templates/design.md +61 -61
  458. package/openspec/schemas/expert-delivery/templates/iterations.md +25 -25
  459. package/openspec/schemas/expert-delivery/templates/proposal.md +45 -45
  460. package/openspec/schemas/expert-delivery/templates/spec.md +29 -29
  461. package/openspec/schemas/expert-delivery/templates/tasks.md +24 -24
  462. package/package.json +1 -1
  463. package/scripts/acceptance-zero-intrusion.sh +168 -168
  464. package/scripts/hub-sync-assets.config.example.json +296 -296
  465. package/scripts/hub-sync-assets.js +2038 -2038
  466. package/scripts/local-verify.sh +280 -280
  467. package/scripts/post-publish-auto-fix-check.js +404 -404
  468. package/scripts/post-publish-verify.sh +175 -175
  469. package/scripts/setup-cursor-manual-test.sh +107 -107
  470. package/scripts/setup-cursor-spec-archive-test.sh +111 -111
  471. package/scripts/setup-visual-integration.sh +225 -225
  472. package/scripts/test-integration.sh +176 -176
  473. package/scripts/update-test-project.sh +93 -93
  474. package/scripts/upload-four-web.sh +57 -57
  475. package/scripts/verify-install-ps1-bom.js +26 -26
  476. package/src/agent/agent-context.js +259 -259
  477. package/src/agent/agent-profile.js +185 -185
  478. package/src/agent/agent-templates.js +161 -161
  479. package/src/agent/agent-types.js +108 -108
  480. package/src/agent/collaboration-protocol.js +333 -333
  481. package/src/agent/conflict-handler.js +364 -364
  482. package/src/agent/file-permission.js +121 -121
  483. package/src/agent/index.js +38 -38
  484. package/src/agent/permission-audit.js +151 -151
  485. package/src/agent/review-repair-loop.js +270 -270
  486. package/src/agent/tool-permission.js +101 -101
  487. package/src/asset/asset-dependency.js +322 -322
  488. package/src/asset/asset-feedback.js +350 -350
  489. package/src/asset/asset-fork.js +300 -300
  490. package/src/asset/asset-install.js +278 -278
  491. package/src/asset/asset-installer.js +497 -497
  492. package/src/asset/asset-lifecycle.js +324 -324
  493. package/src/asset/asset-manager.js +245 -245
  494. package/src/asset/asset-package-manager.js +349 -349
  495. package/src/asset/asset-package.js +186 -186
  496. package/src/asset/asset-quality.js +262 -262
  497. package/src/asset/asset-registry.js +387 -387
  498. package/src/asset/asset-version.js +293 -293
  499. package/src/asset/index.js +86 -86
  500. package/src/cache/agent-profile-cache.js +59 -59
  501. package/src/cache/asset-cache.js +63 -63
  502. package/src/cache/global-cache.js +61 -61
  503. package/src/cache/manifest-cache.js +30 -30
  504. package/src/check/check-service.js +32 -32
  505. package/src/config/config-layer.js +343 -343
  506. package/src/config/config-loader.js +60 -60
  507. package/src/config/defaults.js +49 -49
  508. package/src/connectors/hub/asset-package.js +72 -72
  509. package/src/connectors/hub/asset-usage-feedback.js +46 -46
  510. package/src/connectors/hub/hub-connector.js +44 -44
  511. package/src/connectors/hub/index.js +21 -21
  512. package/src/connectors/visual/evidence-report.js +49 -49
  513. package/src/connectors/visual/index.js +15 -15
  514. package/src/connectors/visual/queue.js +41 -41
  515. package/src/connectors/visual/run-event.js +81 -81
  516. package/src/connectors/visual/visual-connector.js +77 -77
  517. package/src/context/context-budget.js +59 -59
  518. package/src/context/context-builder.js +285 -285
  519. package/src/context/context-loader.js +116 -116
  520. package/src/context/context-planner.js +158 -158
  521. package/src/context/types.js +96 -96
  522. package/src/contracts/index.js +63 -63
  523. package/src/executor/executor-registry.js +78 -78
  524. package/src/executor/executor-result-parser.js +44 -44
  525. package/src/executor/executor-runner.js +141 -141
  526. package/src/executor/executor-selector.js +139 -139
  527. package/src/executor/executor-timeout.js +36 -36
  528. package/src/executor/providers/base-provider-utils.js +189 -189
  529. package/src/executor/providers/claude-code-executor-provider.js +128 -128
  530. package/src/executor/providers/codex-executor-provider.js +126 -126
  531. package/src/executor/providers/cursor-executor-provider.js +99 -99
  532. package/src/executor/types.js +137 -137
  533. package/src/git/branch-manager.js +71 -71
  534. package/src/git/dirty-checker.js +43 -43
  535. package/src/git/dirty-strategy-handler.js +29 -29
  536. package/src/git/git-command.js +37 -37
  537. package/src/git/git-repository-detector.js +45 -45
  538. package/src/git/multi-repo-worktree-planner.js +88 -88
  539. package/src/git/policy.js +19 -19
  540. package/src/git/strategies/block-dirty-strategy.js +34 -34
  541. package/src/git/strategies/ignore-dirty-strategy.js +33 -33
  542. package/src/git/strategies/patch-snapshot-strategy.js +53 -53
  543. package/src/git/strategies/wip-commit-strategy.js +38 -38
  544. package/src/git/types.js +71 -71
  545. package/src/git/worktree-manager.js +85 -85
  546. package/src/governance/asset-review.js +351 -351
  547. package/src/governance/audit-log.js +368 -368
  548. package/src/governance/gray-release.js +312 -312
  549. package/src/governance/index.js +31 -31
  550. package/src/governance/policy-types.js +56 -56
  551. package/src/governance/rbac-types.js +171 -171
  552. package/src/governance/rbac.js +382 -382
  553. package/src/governance/rollback.js +360 -360
  554. package/src/governance/security-policy.js +354 -354
  555. package/src/hook/hook-config-writer.js +125 -125
  556. package/src/hub/hub-client.js +186 -186
  557. package/src/hub/hub-config.js +39 -39
  558. package/src/hub/project-facts.js +31 -31
  559. package/src/hub/runtime-feedback-reporter.js +55 -55
  560. package/src/ide/adapters/adapter-protocol.js +385 -385
  561. package/src/ide/adapters/claude-adapter.js +419 -419
  562. package/src/ide/adapters/codex-adapter.js +60 -60
  563. package/src/ide/adapters/cursor-adapter.js +484 -484
  564. package/src/ide/adapters/index.js +24 -24
  565. package/src/ide/anchors/markdown-anchor-writer.js +152 -152
  566. package/src/ide/ide-service.js +270 -270
  567. package/src/ide/ide-types.js +94 -94
  568. package/src/ide/links/link-mode-resolver.js +160 -160
  569. package/src/ide/registry/ide-registry-builder.js +165 -165
  570. package/src/incident/incident-writer.js +47 -47
  571. package/src/incident/types.js +22 -22
  572. package/src/init/ide-linker.js +126 -126
  573. package/src/init/ide-pointer-injector.js +75 -75
  574. package/src/init/init-applier.js +197 -197
  575. package/src/init/init-plan.js +294 -294
  576. package/src/init/init-service.js +65 -65
  577. package/src/init/manifest-installer.js +302 -302
  578. package/src/init/types.js +26 -26
  579. package/src/project/config-writer.js +83 -83
  580. package/src/project/context-index-writer.js +82 -82
  581. package/src/project/json-utils.js +72 -72
  582. package/src/project/local-state-writer.js +50 -50
  583. package/src/project/lock-file-writer.js +98 -98
  584. package/src/project/manifest-writer.js +126 -126
  585. package/src/project/policy-config-writer.js +91 -91
  586. package/src/project/project-config-writer.js +74 -74
  587. package/src/project/project-files.js +39 -39
  588. package/src/project/registry-index-writer.js +43 -43
  589. package/src/project/workspace-config-writer.js +63 -63
  590. package/src/run/index.js +11 -11
  591. package/src/run/run-id.js +32 -32
  592. package/src/run/run-service.js +269 -269
  593. package/src/run/run-store.js +80 -80
  594. package/src/scanner/aggregator/detection-aggregator.js +23 -23
  595. package/src/scanner/boundary/boundary-resolver.js +229 -229
  596. package/src/scanner/detectors/detector-registry.js +44 -44
  597. package/src/scanner/detectors/fastapi-detector.js +46 -46
  598. package/src/scanner/detectors/go-detector.js +46 -46
  599. package/src/scanner/detectors/nestjs-detector.js +57 -57
  600. package/src/scanner/detectors/nextjs-detector.js +52 -52
  601. package/src/scanner/detectors/react-vite-detector.js +52 -52
  602. package/src/scanner/detectors/react-webpack-detector.js +57 -57
  603. package/src/scanner/detectors/springboot-detector.js +46 -46
  604. package/src/scanner/detectors/springcloud-detector.js +46 -46
  605. package/src/scanner/detectors/springmvc-detector.js +46 -46
  606. package/src/scanner/detectors/vue-vite-detector.js +52 -52
  607. package/src/scanner/engine.js +72 -72
  608. package/src/scanner/facts/fact-extractor.js +211 -211
  609. package/src/scanner/types.js +30 -30
  610. package/src/security/asset-tamper-checker.js +188 -188
  611. package/src/security/checksum.js +40 -40
  612. package/src/spec/spec-writer.js +302 -302
  613. package/src/state-machine/circuit-breaker.js +112 -112
  614. package/src/state-machine/escape-hatch.js +49 -49
  615. package/src/state-machine/stage-runner.js +281 -281
  616. package/src/state-machine/state-machine.js +24 -24
  617. package/src/state-machine/transition-guard.js +36 -36
  618. package/src/state-machine/types.js +37 -37
  619. package/src/sync/sync-service.js +192 -192
  620. package/src/visual/agent-visual.js +142 -142
  621. package/src/visual/event-gateway.js +357 -357
  622. package/src/visual/event-mapper.js +128 -128
  623. package/src/visual/hook-dashboard.js +216 -216
  624. package/src/visual/index.js +27 -27
  625. package/src/visual/metrics.js +287 -287
  626. package/src/visual/privacy-filter.js +100 -100
  627. package/src/visual/risk-board.js +252 -252
  628. package/src/visual/timeline.js +245 -245
  629. package/src/visual/visual-client.js +94 -94
  630. package/src/visual/visual-config.js +40 -40
  631. package/src/visual/visual-reporter.js +88 -88
@@ -1,368 +1,368 @@
1
- /**
2
- * P3.3 审计日志 — 内存模型 + NDJSON 最小文件持久化
3
- *
4
- * 审计事件 schema、写入、查询、红脱策略、NDJSON 文件持久化
5
- */
6
-
7
- const fs = require('fs');
8
- const path = require('path');
9
-
10
- // ============================================================
11
- // 审计事件类型
12
- // ============================================================
13
-
14
- const AUDIT_EVENT_TYPES = Object.freeze({
15
- ASSET_CHANGE: 'asset_change',
16
- PERMISSION_CHANGE: 'permission_change',
17
- POLICY_DENIED: 'policy_denied',
18
- GRAY_RELEASE: 'gray_release',
19
- ROLLBACK: 'rollback',
20
- REVIEW_ACTION: 'review_action',
21
- SECURITY_SCAN: 'security_scan',
22
- });
23
-
24
- const AUDIT_SEVERITY = Object.freeze({
25
- INFO: 'info',
26
- WARN: 'warn',
27
- ERROR: 'error',
28
- BLOCKING: 'blocking',
29
- });
30
-
31
- const AUDIT_RESULT = Object.freeze({
32
- SUCCESS: 'success',
33
- DENIED: 'denied',
34
- ERROR: 'error',
35
- });
36
-
37
- const VALID_EVENT_TYPES = new Set(Object.values(AUDIT_EVENT_TYPES));
38
- const VALID_SEVERITY = new Set(Object.values(AUDIT_SEVERITY));
39
- const VALID_RESULT = new Set(Object.values(AUDIT_RESULT));
40
-
41
- // ============================================================
42
- // 敏感信息红脱(复用 P2 模式)
43
- // ============================================================
44
-
45
- const SENSITIVE_PATTERNS = [
46
- { pattern: /password\s*[=:]\s*["'][^"']*["']/gi, replacement: 'password=[REDACTED]' },
47
- { pattern: /password\s*[=:]\s*\S+/gi, replacement: 'password=[REDACTED]' },
48
- { pattern: /api[_-]?key\s*[=:]\s*["'][^"']*["']/gi, replacement: 'api_key=[REDACTED]' },
49
- { pattern: /api[_-]?key\s*[=:]\s*\S+/gi, replacement: 'api_key=[REDACTED]' },
50
- { pattern: /secret\s*[=:]\s*["'][^"']*["']/gi, replacement: 'secret=[REDACTED]' },
51
- { pattern: /secret\s*[=:]\s*\S+/gi, replacement: 'secret=[REDACTED]' },
52
- { pattern: /token\s*[=:]\s*["'][^"']*["']/gi, replacement: 'token=[REDACTED]' },
53
- { pattern: /token\s*[=:]\s*\S+/gi, replacement: 'token=[REDACTED]' },
54
- { pattern: /access[_-]?key\s*[=:]\s*["'][^"']*["']/gi, replacement: 'access_key=[REDACTED]' },
55
- { pattern: /access[_-]?key\s*[=:]\s*\S+/gi, replacement: 'access_key=[REDACTED]' },
56
- { pattern: /private[_-]?key\s*[=:]\s*["'][^"']*["']/gi, replacement: 'private_key=[REDACTED]' },
57
- { pattern: /private[_-]?key\s*[=:]\s*\S+/gi, replacement: 'private_key=[REDACTED]' },
58
- ];
59
-
60
- function redactSensitive(text) {
61
- if (typeof text !== 'string') return text;
62
- let result = text;
63
- for (const { pattern, replacement } of SENSITIVE_PATTERNS) {
64
- result = result.replace(pattern, replacement);
65
- }
66
- return result;
67
- }
68
-
69
- const SENSITIVE_KEY_PATTERNS = /^(password|api[_-]?key|secret|token|access[_-]?key|private[_-]?key|raw[_-]?prompt)$/i;
70
-
71
- function redactObject(obj) {
72
- if (obj === null || obj === undefined) return obj;
73
- if (typeof obj === 'string') return redactSensitive(obj);
74
- if (typeof obj !== 'object') return obj;
75
- if (Array.isArray(obj)) return obj.map(redactObject);
76
-
77
- const result = {};
78
- for (const [key, value] of Object.entries(obj)) {
79
- if (SENSITIVE_KEY_PATTERNS.test(key)) {
80
- result[key] = '[REDACTED]';
81
- } else if (typeof value === 'string') {
82
- result[key] = redactSensitive(value);
83
- } else if (typeof value === 'object' && value !== null) {
84
- result[key] = redactObject(value);
85
- } else {
86
- result[key] = value;
87
- }
88
- }
89
- return result;
90
- }
91
-
92
- // ============================================================
93
- // 审计日志类
94
- // ============================================================
95
-
96
- class AuditLog {
97
- constructor(options = {}) {
98
- /** @type {object[]} */
99
- this.entries = [];
100
- /** @type {number} */
101
- this._nextEventId = 1;
102
- /** @type {number} */
103
- this._maxEntries = options.maxEntries || 10000;
104
- /** @type {string|null} */
105
- this.storagePath = options.storagePath || null;
106
- /** @type {boolean} */
107
- this.loadExisting = options.loadExisting !== false;
108
- /** @type {boolean} */
109
- this.appendOnRecord = options.appendOnRecord !== false;
110
- /** @type {object[]} */
111
- this.loadErrors = [];
112
-
113
- // 指定 storagePath 且 loadExisting 不为 false 时,加载历史记录
114
- if (this.storagePath && this.loadExisting) {
115
- this.loadFromFile();
116
- }
117
- }
118
-
119
- /**
120
- * 从 NDJSON 文件加载历史记录
121
- * @returns {object[]} 加载的记录
122
- */
123
- loadFromFile() {
124
- if (!this.storagePath) return [];
125
-
126
- try {
127
- if (!fs.existsSync(this.storagePath)) return [];
128
- } catch {
129
- return [];
130
- }
131
-
132
- let content;
133
- try {
134
- content = fs.readFileSync(this.storagePath, 'utf-8');
135
- } catch {
136
- return [];
137
- }
138
-
139
- if (!content || !content.trim()) return [];
140
-
141
- const lines = content.split('\n');
142
- const loaded = [];
143
-
144
- for (let i = 0; i < lines.length; i++) {
145
- const line = lines[i].trim();
146
- if (!line) continue;
147
-
148
- try {
149
- const entry = JSON.parse(line);
150
- loaded.push(entry);
151
-
152
- // 恢复 eventId 编号
153
- if (entry.eventId && typeof entry.eventId === 'string') {
154
- const match = entry.eventId.match(/^audit-(\d+)$/);
155
- if (match) {
156
- const num = parseInt(match[1], 10);
157
- if (num >= this._nextEventId) {
158
- this._nextEventId = num + 1;
159
- }
160
- }
161
- }
162
- } catch (err) {
163
- this.loadErrors.push({
164
- lineNumber: i + 1,
165
- line: line.substring(0, 200),
166
- message: err.message || 'JSON 解析失败',
167
- });
168
- }
169
- }
170
-
171
- // 应用 maxEntries 约束
172
- this.entries = loaded.length > this._maxEntries
173
- ? loaded.slice(-this._maxEntries)
174
- : loaded;
175
-
176
- return this.entries;
177
- }
178
-
179
- /**
180
- * 追加一条已红脱的 entry 到 NDJSON 文件
181
- * @param {object} entry
182
- */
183
- appendToFile(entry) {
184
- if (!this.storagePath) return;
185
- if (this.appendOnRecord === false) return;
186
-
187
- const dir = path.dirname(this.storagePath);
188
- if (!fs.existsSync(dir)) {
189
- fs.mkdirSync(dir, { recursive: true });
190
- }
191
-
192
- const line = JSON.stringify(entry) + '\n';
193
- fs.appendFileSync(this.storagePath, line, 'utf-8');
194
- }
195
-
196
- /**
197
- * 写入审计事件(自动红脱)
198
- * @param {object} params
199
- * @returns {object} 审计记录
200
- */
201
- record({ eventType, actor, target, action, result, severity = 'info', message = '', metadata = {} }) {
202
- if (!eventType || !VALID_EVENT_TYPES.has(eventType)) {
203
- throw new Error(`无效事件类型: ${eventType},必须是 ${[...VALID_EVENT_TYPES].join(', ')} 之一`);
204
- }
205
- if (!VALID_SEVERITY.has(severity)) {
206
- throw new Error(`无效严重级别: ${severity},必须是 ${[...VALID_SEVERITY].join(', ')} 之一`);
207
- }
208
- if (result && !VALID_RESULT.has(result)) {
209
- throw new Error(`无效结果: ${result},必须是 ${[...VALID_RESULT].join(', ')} 之一`);
210
- }
211
-
212
- const entry = {
213
- eventId: `audit-${this._nextEventId++}`,
214
- eventType,
215
- actor: actor || 'system',
216
- target: target || '',
217
- action: action || '',
218
- result: result || 'success',
219
- severity,
220
- message: redactSensitive(message || ''),
221
- metadata: redactObject(metadata || {}),
222
- timestamp: new Date().toISOString(),
223
- };
224
-
225
- this.entries.push(entry);
226
-
227
- // 超出上限时移除最旧的
228
- if (this.entries.length > this._maxEntries) {
229
- this.entries = this.entries.slice(-this._maxEntries);
230
- }
231
-
232
- // 追加到文件(使用已红脱的 entry)
233
- this.appendToFile(entry);
234
-
235
- return { ...entry, metadata: { ...entry.metadata } };
236
- }
237
-
238
- /**
239
- * 查询审计日志
240
- * @param {object} filters
241
- * @returns {object[]}
242
- */
243
- query({ eventType, actor, target, result, severity, from, to, limit = 100 } = {}) {
244
- let filtered = this.entries;
245
-
246
- if (eventType) {
247
- filtered = filtered.filter(e => e.eventType === eventType);
248
- }
249
- if (actor) {
250
- filtered = filtered.filter(e => e.actor === actor);
251
- }
252
- if (target) {
253
- filtered = filtered.filter(e => e.target === target);
254
- }
255
- if (result) {
256
- filtered = filtered.filter(e => e.result === result);
257
- }
258
- if (severity) {
259
- filtered = filtered.filter(e => e.severity === severity);
260
- }
261
- if (from) {
262
- filtered = filtered.filter(e => e.timestamp >= from);
263
- }
264
- if (to) {
265
- filtered = filtered.filter(e => e.timestamp <= to);
266
- }
267
-
268
- return filtered.slice(-limit).map(e => ({ ...e, metadata: { ...e.metadata } }));
269
- }
270
-
271
- /**
272
- * 按事件类型统计
273
- * @returns {object}
274
- */
275
- getStats() {
276
- const byType = {};
277
- const bySeverity = {};
278
- const byResult = {};
279
-
280
- for (const entry of this.entries) {
281
- byType[entry.eventType] = (byType[entry.eventType] || 0) + 1;
282
- bySeverity[entry.severity] = (bySeverity[entry.severity] || 0) + 1;
283
- byResult[entry.result] = (byResult[entry.result] || 0) + 1;
284
- }
285
-
286
- return {
287
- total: this.entries.length,
288
- byType,
289
- bySeverity,
290
- byResult,
291
- };
292
- }
293
-
294
- /**
295
- * 导出审计日志
296
- * @param {string} format - 'json' | 'ndjson'
297
- * @returns {string}
298
- */
299
- export(format = 'json') {
300
- if (format === 'ndjson') {
301
- return this.entries.map(e => JSON.stringify(e)).join('\n');
302
- }
303
- return JSON.stringify(this.entries, null, 2);
304
- }
305
-
306
- /**
307
- * 清空审计日志(同时清空内存和持久化文件)
308
- */
309
- clear() {
310
- this.entries = [];
311
- this._nextEventId = 1;
312
- this.loadErrors = [];
313
-
314
- if (this.storagePath) {
315
- const dir = path.dirname(this.storagePath);
316
- if (!fs.existsSync(dir)) {
317
- fs.mkdirSync(dir, { recursive: true });
318
- }
319
- fs.writeFileSync(this.storagePath, '', 'utf-8');
320
- }
321
- }
322
-
323
- /**
324
- * 获取坏行加载错误
325
- * @returns {object[]}
326
- */
327
- getLoadErrors() {
328
- return this.loadErrors.map(e => ({ ...e }));
329
- }
330
-
331
- /**
332
- * 条目数量
333
- * @returns {number}
334
- */
335
- get size() {
336
- return this.entries.length;
337
- }
338
-
339
- /**
340
- * 导出为 JSON
341
- * @returns {object[]}
342
- */
343
- toJSON() {
344
- return this.entries.map(e => ({ ...e, metadata: { ...e.metadata } }));
345
- }
346
- }
347
-
348
- /**
349
- * 工厂函数
350
- * @param {object} [options]
351
- * @returns {AuditLog}
352
- */
353
- function createAuditLog(options) {
354
- return new AuditLog(options);
355
- }
356
-
357
- module.exports = {
358
- AUDIT_EVENT_TYPES,
359
- AUDIT_SEVERITY,
360
- AUDIT_RESULT,
361
- VALID_EVENT_TYPES,
362
- VALID_SEVERITY,
363
- VALID_RESULT,
364
- AuditLog,
365
- createAuditLog,
366
- redactSensitive,
367
- redactObject,
368
- };
1
+ /**
2
+ * P3.3 审计日志 — 内存模型 + NDJSON 最小文件持久化
3
+ *
4
+ * 审计事件 schema、写入、查询、红脱策略、NDJSON 文件持久化
5
+ */
6
+
7
+ const fs = require('fs');
8
+ const path = require('path');
9
+
10
+ // ============================================================
11
+ // 审计事件类型
12
+ // ============================================================
13
+
14
+ const AUDIT_EVENT_TYPES = Object.freeze({
15
+ ASSET_CHANGE: 'asset_change',
16
+ PERMISSION_CHANGE: 'permission_change',
17
+ POLICY_DENIED: 'policy_denied',
18
+ GRAY_RELEASE: 'gray_release',
19
+ ROLLBACK: 'rollback',
20
+ REVIEW_ACTION: 'review_action',
21
+ SECURITY_SCAN: 'security_scan',
22
+ });
23
+
24
+ const AUDIT_SEVERITY = Object.freeze({
25
+ INFO: 'info',
26
+ WARN: 'warn',
27
+ ERROR: 'error',
28
+ BLOCKING: 'blocking',
29
+ });
30
+
31
+ const AUDIT_RESULT = Object.freeze({
32
+ SUCCESS: 'success',
33
+ DENIED: 'denied',
34
+ ERROR: 'error',
35
+ });
36
+
37
+ const VALID_EVENT_TYPES = new Set(Object.values(AUDIT_EVENT_TYPES));
38
+ const VALID_SEVERITY = new Set(Object.values(AUDIT_SEVERITY));
39
+ const VALID_RESULT = new Set(Object.values(AUDIT_RESULT));
40
+
41
+ // ============================================================
42
+ // 敏感信息红脱(复用 P2 模式)
43
+ // ============================================================
44
+
45
+ const SENSITIVE_PATTERNS = [
46
+ { pattern: /password\s*[=:]\s*["'][^"']*["']/gi, replacement: 'password=[REDACTED]' },
47
+ { pattern: /password\s*[=:]\s*\S+/gi, replacement: 'password=[REDACTED]' },
48
+ { pattern: /api[_-]?key\s*[=:]\s*["'][^"']*["']/gi, replacement: 'api_key=[REDACTED]' },
49
+ { pattern: /api[_-]?key\s*[=:]\s*\S+/gi, replacement: 'api_key=[REDACTED]' },
50
+ { pattern: /secret\s*[=:]\s*["'][^"']*["']/gi, replacement: 'secret=[REDACTED]' },
51
+ { pattern: /secret\s*[=:]\s*\S+/gi, replacement: 'secret=[REDACTED]' },
52
+ { pattern: /token\s*[=:]\s*["'][^"']*["']/gi, replacement: 'token=[REDACTED]' },
53
+ { pattern: /token\s*[=:]\s*\S+/gi, replacement: 'token=[REDACTED]' },
54
+ { pattern: /access[_-]?key\s*[=:]\s*["'][^"']*["']/gi, replacement: 'access_key=[REDACTED]' },
55
+ { pattern: /access[_-]?key\s*[=:]\s*\S+/gi, replacement: 'access_key=[REDACTED]' },
56
+ { pattern: /private[_-]?key\s*[=:]\s*["'][^"']*["']/gi, replacement: 'private_key=[REDACTED]' },
57
+ { pattern: /private[_-]?key\s*[=:]\s*\S+/gi, replacement: 'private_key=[REDACTED]' },
58
+ ];
59
+
60
+ function redactSensitive(text) {
61
+ if (typeof text !== 'string') return text;
62
+ let result = text;
63
+ for (const { pattern, replacement } of SENSITIVE_PATTERNS) {
64
+ result = result.replace(pattern, replacement);
65
+ }
66
+ return result;
67
+ }
68
+
69
+ const SENSITIVE_KEY_PATTERNS = /^(password|api[_-]?key|secret|token|access[_-]?key|private[_-]?key|raw[_-]?prompt)$/i;
70
+
71
+ function redactObject(obj) {
72
+ if (obj === null || obj === undefined) return obj;
73
+ if (typeof obj === 'string') return redactSensitive(obj);
74
+ if (typeof obj !== 'object') return obj;
75
+ if (Array.isArray(obj)) return obj.map(redactObject);
76
+
77
+ const result = {};
78
+ for (const [key, value] of Object.entries(obj)) {
79
+ if (SENSITIVE_KEY_PATTERNS.test(key)) {
80
+ result[key] = '[REDACTED]';
81
+ } else if (typeof value === 'string') {
82
+ result[key] = redactSensitive(value);
83
+ } else if (typeof value === 'object' && value !== null) {
84
+ result[key] = redactObject(value);
85
+ } else {
86
+ result[key] = value;
87
+ }
88
+ }
89
+ return result;
90
+ }
91
+
92
+ // ============================================================
93
+ // 审计日志类
94
+ // ============================================================
95
+
96
+ class AuditLog {
97
+ constructor(options = {}) {
98
+ /** @type {object[]} */
99
+ this.entries = [];
100
+ /** @type {number} */
101
+ this._nextEventId = 1;
102
+ /** @type {number} */
103
+ this._maxEntries = options.maxEntries || 10000;
104
+ /** @type {string|null} */
105
+ this.storagePath = options.storagePath || null;
106
+ /** @type {boolean} */
107
+ this.loadExisting = options.loadExisting !== false;
108
+ /** @type {boolean} */
109
+ this.appendOnRecord = options.appendOnRecord !== false;
110
+ /** @type {object[]} */
111
+ this.loadErrors = [];
112
+
113
+ // 指定 storagePath 且 loadExisting 不为 false 时,加载历史记录
114
+ if (this.storagePath && this.loadExisting) {
115
+ this.loadFromFile();
116
+ }
117
+ }
118
+
119
+ /**
120
+ * 从 NDJSON 文件加载历史记录
121
+ * @returns {object[]} 加载的记录
122
+ */
123
+ loadFromFile() {
124
+ if (!this.storagePath) return [];
125
+
126
+ try {
127
+ if (!fs.existsSync(this.storagePath)) return [];
128
+ } catch {
129
+ return [];
130
+ }
131
+
132
+ let content;
133
+ try {
134
+ content = fs.readFileSync(this.storagePath, 'utf-8');
135
+ } catch {
136
+ return [];
137
+ }
138
+
139
+ if (!content || !content.trim()) return [];
140
+
141
+ const lines = content.split('\n');
142
+ const loaded = [];
143
+
144
+ for (let i = 0; i < lines.length; i++) {
145
+ const line = lines[i].trim();
146
+ if (!line) continue;
147
+
148
+ try {
149
+ const entry = JSON.parse(line);
150
+ loaded.push(entry);
151
+
152
+ // 恢复 eventId 编号
153
+ if (entry.eventId && typeof entry.eventId === 'string') {
154
+ const match = entry.eventId.match(/^audit-(\d+)$/);
155
+ if (match) {
156
+ const num = parseInt(match[1], 10);
157
+ if (num >= this._nextEventId) {
158
+ this._nextEventId = num + 1;
159
+ }
160
+ }
161
+ }
162
+ } catch (err) {
163
+ this.loadErrors.push({
164
+ lineNumber: i + 1,
165
+ line: line.substring(0, 200),
166
+ message: err.message || 'JSON 解析失败',
167
+ });
168
+ }
169
+ }
170
+
171
+ // 应用 maxEntries 约束
172
+ this.entries = loaded.length > this._maxEntries
173
+ ? loaded.slice(-this._maxEntries)
174
+ : loaded;
175
+
176
+ return this.entries;
177
+ }
178
+
179
+ /**
180
+ * 追加一条已红脱的 entry 到 NDJSON 文件
181
+ * @param {object} entry
182
+ */
183
+ appendToFile(entry) {
184
+ if (!this.storagePath) return;
185
+ if (this.appendOnRecord === false) return;
186
+
187
+ const dir = path.dirname(this.storagePath);
188
+ if (!fs.existsSync(dir)) {
189
+ fs.mkdirSync(dir, { recursive: true });
190
+ }
191
+
192
+ const line = JSON.stringify(entry) + '\n';
193
+ fs.appendFileSync(this.storagePath, line, 'utf-8');
194
+ }
195
+
196
+ /**
197
+ * 写入审计事件(自动红脱)
198
+ * @param {object} params
199
+ * @returns {object} 审计记录
200
+ */
201
+ record({ eventType, actor, target, action, result, severity = 'info', message = '', metadata = {} }) {
202
+ if (!eventType || !VALID_EVENT_TYPES.has(eventType)) {
203
+ throw new Error(`无效事件类型: ${eventType},必须是 ${[...VALID_EVENT_TYPES].join(', ')} 之一`);
204
+ }
205
+ if (!VALID_SEVERITY.has(severity)) {
206
+ throw new Error(`无效严重级别: ${severity},必须是 ${[...VALID_SEVERITY].join(', ')} 之一`);
207
+ }
208
+ if (result && !VALID_RESULT.has(result)) {
209
+ throw new Error(`无效结果: ${result},必须是 ${[...VALID_RESULT].join(', ')} 之一`);
210
+ }
211
+
212
+ const entry = {
213
+ eventId: `audit-${this._nextEventId++}`,
214
+ eventType,
215
+ actor: actor || 'system',
216
+ target: target || '',
217
+ action: action || '',
218
+ result: result || 'success',
219
+ severity,
220
+ message: redactSensitive(message || ''),
221
+ metadata: redactObject(metadata || {}),
222
+ timestamp: new Date().toISOString(),
223
+ };
224
+
225
+ this.entries.push(entry);
226
+
227
+ // 超出上限时移除最旧的
228
+ if (this.entries.length > this._maxEntries) {
229
+ this.entries = this.entries.slice(-this._maxEntries);
230
+ }
231
+
232
+ // 追加到文件(使用已红脱的 entry)
233
+ this.appendToFile(entry);
234
+
235
+ return { ...entry, metadata: { ...entry.metadata } };
236
+ }
237
+
238
+ /**
239
+ * 查询审计日志
240
+ * @param {object} filters
241
+ * @returns {object[]}
242
+ */
243
+ query({ eventType, actor, target, result, severity, from, to, limit = 100 } = {}) {
244
+ let filtered = this.entries;
245
+
246
+ if (eventType) {
247
+ filtered = filtered.filter(e => e.eventType === eventType);
248
+ }
249
+ if (actor) {
250
+ filtered = filtered.filter(e => e.actor === actor);
251
+ }
252
+ if (target) {
253
+ filtered = filtered.filter(e => e.target === target);
254
+ }
255
+ if (result) {
256
+ filtered = filtered.filter(e => e.result === result);
257
+ }
258
+ if (severity) {
259
+ filtered = filtered.filter(e => e.severity === severity);
260
+ }
261
+ if (from) {
262
+ filtered = filtered.filter(e => e.timestamp >= from);
263
+ }
264
+ if (to) {
265
+ filtered = filtered.filter(e => e.timestamp <= to);
266
+ }
267
+
268
+ return filtered.slice(-limit).map(e => ({ ...e, metadata: { ...e.metadata } }));
269
+ }
270
+
271
+ /**
272
+ * 按事件类型统计
273
+ * @returns {object}
274
+ */
275
+ getStats() {
276
+ const byType = {};
277
+ const bySeverity = {};
278
+ const byResult = {};
279
+
280
+ for (const entry of this.entries) {
281
+ byType[entry.eventType] = (byType[entry.eventType] || 0) + 1;
282
+ bySeverity[entry.severity] = (bySeverity[entry.severity] || 0) + 1;
283
+ byResult[entry.result] = (byResult[entry.result] || 0) + 1;
284
+ }
285
+
286
+ return {
287
+ total: this.entries.length,
288
+ byType,
289
+ bySeverity,
290
+ byResult,
291
+ };
292
+ }
293
+
294
+ /**
295
+ * 导出审计日志
296
+ * @param {string} format - 'json' | 'ndjson'
297
+ * @returns {string}
298
+ */
299
+ export(format = 'json') {
300
+ if (format === 'ndjson') {
301
+ return this.entries.map(e => JSON.stringify(e)).join('\n');
302
+ }
303
+ return JSON.stringify(this.entries, null, 2);
304
+ }
305
+
306
+ /**
307
+ * 清空审计日志(同时清空内存和持久化文件)
308
+ */
309
+ clear() {
310
+ this.entries = [];
311
+ this._nextEventId = 1;
312
+ this.loadErrors = [];
313
+
314
+ if (this.storagePath) {
315
+ const dir = path.dirname(this.storagePath);
316
+ if (!fs.existsSync(dir)) {
317
+ fs.mkdirSync(dir, { recursive: true });
318
+ }
319
+ fs.writeFileSync(this.storagePath, '', 'utf-8');
320
+ }
321
+ }
322
+
323
+ /**
324
+ * 获取坏行加载错误
325
+ * @returns {object[]}
326
+ */
327
+ getLoadErrors() {
328
+ return this.loadErrors.map(e => ({ ...e }));
329
+ }
330
+
331
+ /**
332
+ * 条目数量
333
+ * @returns {number}
334
+ */
335
+ get size() {
336
+ return this.entries.length;
337
+ }
338
+
339
+ /**
340
+ * 导出为 JSON
341
+ * @returns {object[]}
342
+ */
343
+ toJSON() {
344
+ return this.entries.map(e => ({ ...e, metadata: { ...e.metadata } }));
345
+ }
346
+ }
347
+
348
+ /**
349
+ * 工厂函数
350
+ * @param {object} [options]
351
+ * @returns {AuditLog}
352
+ */
353
+ function createAuditLog(options) {
354
+ return new AuditLog(options);
355
+ }
356
+
357
+ module.exports = {
358
+ AUDIT_EVENT_TYPES,
359
+ AUDIT_SEVERITY,
360
+ AUDIT_RESULT,
361
+ VALID_EVENT_TYPES,
362
+ VALID_SEVERITY,
363
+ VALID_RESULT,
364
+ AuditLog,
365
+ createAuditLog,
366
+ redactSensitive,
367
+ redactObject,
368
+ };