@gong-ym/ai-spec-auto 0.2.14 → 0.2.15

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (631) hide show
  1. package/.agents/commands/README.md +33 -33
  2. package/.agents/commands/claude/spec-start-review.md +88 -88
  3. package/.agents/commands/codex/spec-continue.md +74 -74
  4. package/.agents/commands/codex/spec-orchestrate.md +35 -35
  5. package/.agents/commands/codex/spec-start-review.md +88 -88
  6. package/.agents/commands/codex/spec-start.md +67 -67
  7. package/.agents/commands/codex/spec-status.md +22 -22
  8. package/.agents/commands/codex/spec-stop.md +29 -29
  9. package/.agents/commands/codex/spec-update.md +40 -40
  10. package/.agents/commands/common/branch-review.md +117 -117
  11. package/.agents/commands/common/project-init.md +25 -25
  12. package/.agents/commands/common/spec-continue.md +74 -74
  13. package/.agents/commands/common/spec-orchestrate.md +35 -35
  14. package/.agents/commands/common/spec-start-review.md +82 -82
  15. package/.agents/commands/common/spec-start.md +67 -67
  16. package/.agents/commands/common/spec-status.md +22 -22
  17. package/.agents/commands/common/spec-stop.md +29 -29
  18. package/.agents/commands/common/spec-update.md +60 -40
  19. package/.agents/commands/cursor/opsx-apply.md +55 -55
  20. package/.agents/commands/cursor/opsx-archive.md +48 -48
  21. package/.agents/commands/cursor/opsx-explore.md +45 -45
  22. package/.agents/commands/cursor/opsx-propose.md +59 -59
  23. package/.agents/commands/cursor/spec-continue.md +63 -63
  24. package/.agents/commands/cursor/spec-orchestrate.md +53 -53
  25. package/.agents/commands/cursor/spec-start-review.md +78 -78
  26. package/.agents/commands/cursor/spec-start.md +59 -59
  27. package/.agents/commands/cursor/spec-status.md +30 -30
  28. package/.agents/commands/cursor/spec-stop.md +29 -29
  29. package/.agents/commands/cursor/spec-update.md +41 -41
  30. package/.agents/flows/FRONTMATTER.md +263 -263
  31. package/.agents/flows/RUN_OUTPUT.md +263 -263
  32. package/.agents/flows/common/README.md +29 -29
  33. package/.agents/flows/common/bugfix-to-verification.md +95 -95
  34. package/.agents/flows/common/change-to-architecture-review.md +89 -89
  35. package/.agents/flows/common/change-to-release.md +94 -94
  36. package/.agents/flows/common/prd-to-delivery.md +184 -184
  37. package/.agents/flows/common/requirement-to-observability.md +97 -97
  38. package/.agents/orchestration/README.md +22 -22
  39. package/.agents/orchestration/expert-dispatch-spec.md +155 -155
  40. package/.agents/orchestration/expert-executor-spec.md +84 -84
  41. package/.agents/orchestration/expert-runtime-action-spec.md +73 -73
  42. package/.agents/orchestration/runtime-state-handoff-spec.md +264 -264
  43. package/.agents/orchestration/task-anchor-spec.md +212 -212
  44. package/.agents/orchestration/task-orchestrator-adapter-payload.md +153 -153
  45. package/.agents/orchestration/task-orchestrator-bootstrap-payload.md +145 -145
  46. package/.agents/orchestration/task-orchestrator-output-extractor-spec.md +93 -93
  47. package/.agents/orchestration/task-orchestrator-run-plan-template.md +312 -312
  48. package/.agents/orchestration/task-orchestrator-runtime-hooks.md +214 -214
  49. package/.agents/registry/README.md +63 -63
  50. package/.agents/registry/flows.json +125 -125
  51. package/.agents/registry/profiles.json +101 -101
  52. package/.agents/registry/roles.json +1265 -1265
  53. package/.agents/registry/rules.json +148 -148
  54. package/.agents/registry/scenario-packages.json +123 -123
  55. package/.agents/registry/skills.json +130 -130
  56. package/.agents/roles/INDEX.md +346 -346
  57. package/.agents/roles/common/README.md +76 -76
  58. package/.agents/roles/common/archive-change.md +80 -80
  59. package/.agents/roles/common/backend-implementer.md +92 -92
  60. package/.agents/roles/common/code-guardian.md +151 -151
  61. package/.agents/roles/common/frontend-implementer.md +146 -146
  62. package/.agents/roles/common/requirement-analyst.md +138 -138
  63. package/.agents/roles/common/task-orchestrator-routing.md +301 -301
  64. package/.agents/roles/common/task-orchestrator.md +224 -224
  65. package/.agents/roles/common/tooling-implementer.md +92 -92
  66. package/.agents/roles/domains/README.md +35 -35
  67. package/.agents/roles/domains/delivery/README.md +11 -11
  68. package/.agents/roles/domains/delivery/container-specialist.md +50 -50
  69. package/.agents/roles/domains/delivery/deployment-specialist.md +50 -50
  70. package/.agents/roles/domains/delivery/pipeline-specialist.md +50 -50
  71. package/.agents/roles/domains/demand-design/README.md +16 -16
  72. package/.agents/roles/domains/demand-design/api-contract-specialist.md +52 -52
  73. package/.agents/roles/domains/demand-design/design-collaborator.md +58 -58
  74. package/.agents/roles/domains/documentation/README.md +11 -11
  75. package/.agents/roles/domains/documentation/api-doc-specialist.md +50 -50
  76. package/.agents/roles/domains/documentation/component-doc-specialist.md +49 -49
  77. package/.agents/roles/domains/documentation/technical-writing-specialist.md +48 -48
  78. package/.agents/roles/domains/engineering/README.md +17 -17
  79. package/.agents/roles/domains/engineering/architecture-advisor.md +53 -53
  80. package/.agents/roles/domains/engineering/build-specialist.md +51 -51
  81. package/.agents/roles/domains/engineering/dependency-governor.md +52 -52
  82. package/.agents/roles/domains/governance/README.md +17 -17
  83. package/.agents/roles/domains/governance/api-governance-specialist.md +51 -51
  84. package/.agents/roles/domains/governance/lint-policy-specialist.md +49 -49
  85. package/.agents/roles/domains/governance/route-governance-specialist.md +52 -52
  86. package/.agents/roles/domains/observability/README.md +11 -11
  87. package/.agents/roles/domains/observability/error-tracker.md +50 -50
  88. package/.agents/roles/domains/observability/event-instrumentation-specialist.md +51 -51
  89. package/.agents/roles/domains/observability/rum-analyst.md +50 -50
  90. package/.agents/roles/domains/performance/README.md +11 -11
  91. package/.agents/roles/domains/performance/asset-optimizer.md +50 -50
  92. package/.agents/roles/domains/performance/performance-auditor.md +56 -56
  93. package/.agents/roles/domains/performance/vitals-analyst.md +50 -50
  94. package/.agents/roles/domains/security-a11y/README.md +11 -11
  95. package/.agents/roles/domains/security-a11y/a11y-auditor.md +50 -50
  96. package/.agents/roles/domains/security-a11y/aria-specialist.md +51 -51
  97. package/.agents/roles/domains/security-a11y/security-reviewer.md +49 -49
  98. package/.agents/roles/domains/testing/README.md +12 -12
  99. package/.agents/roles/domains/testing/coverage-analyst.md +50 -50
  100. package/.agents/roles/domains/testing/e2e-test-specialist.md +51 -51
  101. package/.agents/roles/domains/testing/unit-test-specialist.md +56 -56
  102. package/.agents/roles/domains/testing/verification-reviewer.md +67 -67
  103. package/.agents/rules/README.md +87 -87
  104. package/.agents/rules/common/02-/347/274/226/347/240/201/350/247/204/350/214/203.md +45 -45
  105. package/.agents/rules/common/08-/351/200/232/347/224/250/347/272/246/346/235/237.md +63 -63
  106. package/.agents/rules/common/10-/346/226/207/346/241/243/350/247/204/350/214/203.md +101 -101
  107. package/.agents/rules/common/12-Superpowers/346/211/247/350/241/214/350/247/204/350/214/203.md +46 -46
  108. package/.agents/rules/common/14-/345/256/241/350/256/241/346/261/207/346/212/245/350/247/204/350/214/203.md +107 -107
  109. package/.agents/rules/common/15-visual-gate-wait.md +90 -90
  110. package/.agents/rules/profiles/nestjs/01-/351/241/271/347/233/256/346/246/202/350/277/260.md +27 -27
  111. package/.agents/rules/profiles/nestjs/03-/351/241/271/347/233/256/347/273/223/346/236/204.md +20 -20
  112. package/.agents/rules/profiles/nestjs/04-/346/250/241/345/235/227/347/273/223/346/236/204/350/247/204/350/214/203.md +24 -24
  113. package/.agents/rules/profiles/nestjs/05-/346/216/245/345/217/243/344/270/216/345/245/221/347/272/246/350/247/204/350/214/203.md +24 -24
  114. package/.agents/rules/profiles/nestjs/06-/346/225/260/346/215/256/350/256/277/351/227/256/350/247/204/350/214/203.md +24 -24
  115. package/.agents/rules/profiles/nestjs/07-/351/205/215/347/275/256/344/270/216/350/277/220/350/241/214/346/227/266/350/247/204/350/214/203.md +20 -20
  116. package/.agents/rules/profiles/nestjs/09-/345/274/202/345/270/270/344/270/216/346/227/245/345/277/227/350/247/204/350/214/203.md +20 -20
  117. package/.agents/rules/profiles/nestjs/11-/346/265/213/350/257/225/350/247/204/350/214/203.md +24 -24
  118. package/.agents/rules/profiles/nestjs/13-/344/273/243/347/240/201/346/240/274/345/274/217/345/214/226/344/270/216/346/243/200/346/237/245.md +20 -20
  119. package/.agents/rules/profiles/node-tooling/01-/351/241/271/347/233/256/346/246/202/350/277/260.md +30 -30
  120. package/.agents/rules/profiles/node-tooling/03-/351/241/271/347/233/256/347/273/223/346/236/204.md +37 -37
  121. package/.agents/rules/profiles/node-tooling/04-CLI/344/270/216/346/250/241/345/235/227/350/247/204/350/214/203.md +42 -42
  122. package/.agents/rules/profiles/node-tooling/05-Contract/344/270/216Schema/350/247/204/350/214/203.md +42 -42
  123. package/.agents/rules/profiles/node-tooling/06-/350/277/220/350/241/214/346/227/266/346/226/207/344/273/266/350/247/204/350/214/203.md +30 -30
  124. package/.agents/rules/profiles/node-tooling/07-/346/227/245/345/277/227/344/270/216/351/224/231/350/257/257/345/244/204/347/220/206/350/247/204/350/214/203.md +60 -60
  125. package/.agents/rules/profiles/node-tooling/09-/350/204/232/346/234/254/344/270/216/345/205/245/345/217/243/350/247/204/350/214/203.md +45 -45
  126. package/.agents/rules/profiles/node-tooling/11-/346/265/213/350/257/225/350/247/204/350/214/203.md +41 -41
  127. package/.agents/rules/profiles/node-tooling/13-/344/273/243/347/240/201/346/240/274/345/274/217/345/214/226/344/270/216/346/243/200/346/237/245.md +55 -55
  128. package/.agents/rules/profiles/react/01-/351/241/271/347/233/256/346/246/202/350/277/260.md +29 -29
  129. package/.agents/rules/profiles/react/03-/351/241/271/347/233/256/347/273/223/346/236/204.md +104 -104
  130. package/.agents/rules/profiles/react/04-/347/273/204/344/273/266/350/247/204/350/214/203.md +46 -46
  131. package/.agents/rules/profiles/react/05-API/350/247/204/350/214/203.md +67 -67
  132. package/.agents/rules/profiles/react/06-/350/267/257/347/224/261/350/247/204/350/214/203.md +54 -54
  133. package/.agents/rules/profiles/react/07-/347/212/266/346/200/201/347/256/241/347/220/206.md +226 -226
  134. package/.agents/rules/profiles/react/09-/346/240/267/345/274/217/350/247/204/350/214/203.md +71 -71
  135. package/.agents/rules/profiles/react/11-/346/265/213/350/257/225/350/247/204/350/214/203.md +80 -80
  136. package/.agents/rules/profiles/react/13-/344/273/243/347/240/201/346/240/274/345/274/217/345/214/226/344/270/216/346/243/200/346/237/245.md +159 -159
  137. package/.agents/rules/profiles/springboot/01-/351/241/271/347/233/256/346/246/202/350/277/260.md +31 -31
  138. package/.agents/rules/profiles/springboot/03-/351/241/271/347/233/256/347/273/223/346/236/204.md +37 -37
  139. package/.agents/rules/profiles/springboot/04-/345/210/206/345/261/202/350/247/204/350/214/203.md +33 -33
  140. package/.agents/rules/profiles/springboot/05-/346/216/245/345/217/243/344/270/216/345/245/221/347/272/246/350/247/204/350/214/203.md +51 -51
  141. package/.agents/rules/profiles/springboot/06-/346/225/260/346/215/256/350/256/277/351/227/256/350/247/204/350/214/203.md +34 -34
  142. package/.agents/rules/profiles/springboot/07-/351/205/215/347/275/256/344/270/216/350/277/220/350/241/214/346/227/266/350/247/204/350/214/203.md +38 -38
  143. package/.agents/rules/profiles/springboot/09-/345/274/202/345/270/270/344/270/216/346/227/245/345/277/227/350/247/204/350/214/203.md +48 -48
  144. package/.agents/rules/profiles/springboot/11-/346/265/213/350/257/225/350/247/204/350/214/203.md +43 -43
  145. package/.agents/rules/profiles/springboot/13-/344/273/243/347/240/201/346/240/274/345/274/217/345/214/226/344/270/216/346/243/200/346/237/245.md +48 -48
  146. package/.agents/rules/profiles/vue/01-/351/241/271/347/233/256/346/246/202/350/277/260.md +47 -47
  147. package/.agents/rules/profiles/vue/03-/351/241/271/347/233/256/347/273/223/346/236/204.md +106 -106
  148. package/.agents/rules/profiles/vue/04-/347/273/204/344/273/266/350/247/204/350/214/203.md +61 -61
  149. package/.agents/rules/profiles/vue/05-API/350/247/204/350/214/203.md +67 -67
  150. package/.agents/rules/profiles/vue/06-/350/267/257/347/224/261/350/247/204/350/214/203.md +69 -69
  151. package/.agents/rules/profiles/vue/07-/347/212/266/346/200/201/347/256/241/347/220/206.md +93 -93
  152. package/.agents/rules/profiles/vue/09-/346/240/267/345/274/217/350/247/204/350/214/203.md +67 -67
  153. package/.agents/rules/profiles/vue/11-/346/265/213/350/257/225/350/247/204/350/214/203.md +80 -80
  154. package/.agents/rules/profiles/vue/13-/344/273/243/347/240/201/346/240/274/345/274/217/345/214/226/344/270/216/346/243/200/346/237/245.md +159 -159
  155. package/.agents/skills/README.md +171 -171
  156. package/.agents/skills/common/archive-change/SKILL.md +180 -180
  157. package/.agents/skills/common/branch-code-reviewer/SKILL.md +533 -533
  158. package/.agents/skills/common/branch-code-reviewer/references/business-risk-guide.md +293 -293
  159. package/.agents/skills/common/branch-code-reviewer/references/html-template-guide.md +121 -121
  160. package/.agents/skills/common/config-and-secret-scan/SKILL.md +99 -99
  161. package/.agents/skills/common/create-proposal/SKILL.md +192 -192
  162. package/.agents/skills/common/create-proposal/evals/evals.json +16 -16
  163. package/.agents/skills/common/create-proposal/evals/train_queries.json +18 -18
  164. package/.agents/skills/common/create-proposal/evals/validation_queries.json +18 -18
  165. package/.agents/skills/common/create-proposal/references/interaction-spec-template.md +42 -42
  166. package/.agents/skills/common/create-test/SKILL.md +292 -292
  167. package/.agents/skills/common/dependency-impact-graph/SKILL.md +80 -80
  168. package/.agents/skills/common/execute-task/SKILL.md +206 -206
  169. package/.agents/skills/common/execute-task/evals/evals.json +16 -16
  170. package/.agents/skills/common/execute-task/evals/train_queries.json +18 -18
  171. package/.agents/skills/common/execute-task/evals/validation_queries.json +18 -18
  172. package/.agents/skills/common/find-skills/SKILL.md +144 -144
  173. package/.agents/skills/common/install-ai-spec-auto/SKILL.md +260 -260
  174. package/.agents/skills/common/install-ai-spec-auto/evals/evals.json +17 -17
  175. package/.agents/skills/common/install-ai-spec-auto/evals/train_queries.json +18 -18
  176. package/.agents/skills/common/install-ai-spec-auto/evals/validation_queries.json +18 -18
  177. package/.agents/skills/common/project-init/SKILL.md +178 -178
  178. package/.agents/skills/common/project-init/evals/evals.json +16 -16
  179. package/.agents/skills/common/project-init/evals/train_queries.json +18 -18
  180. package/.agents/skills/common/project-init/evals/validation_queries.json +18 -18
  181. package/.agents/skills/common/project-init/references/custom-rule-generation.md +89 -89
  182. package/.agents/skills/common/project-init/references/deep-scan-rules.md +67 -67
  183. package/.agents/skills/common/project-init/references/output-contracts.md +71 -71
  184. package/.agents/skills/common/project-init/references/repo-fact-gathering.md +83 -83
  185. package/.agents/skills/common/project-init/references/scope-resolution.md +76 -76
  186. package/.agents/skills/common/project-init/scripts/inspect-project.js +112 -112
  187. package/.agents/skills/common/skill-creator/LICENSE.txt +201 -201
  188. package/.agents/skills/common/skill-creator/SKILL.md +370 -370
  189. package/.agents/skills/common/skill-creator/evals/evals.json +16 -16
  190. package/.agents/skills/common/skill-creator/evals/train_queries.json +18 -18
  191. package/.agents/skills/common/skill-creator/evals/validation_queries.json +18 -18
  192. package/.agents/skills/common/skill-creator/references/output-patterns.md +82 -82
  193. package/.agents/skills/common/skill-creator/references/workflows.md +27 -27
  194. package/.agents/skills/common/skill-creator/scripts/init_skill.py +209 -209
  195. package/.agents/skills/common/skill-creator/scripts/package_skill.py +110 -110
  196. package/.agents/skills/common/skill-creator/scripts/quick_validate.py +51 -51
  197. package/.agents/skills/common/skill-optimizer/SKILL.md +102 -102
  198. package/.agents/skills/common/skill-optimizer/evals/evals.json +16 -16
  199. package/.agents/skills/common/skill-optimizer/evals/train_queries.json +18 -18
  200. package/.agents/skills/common/skill-optimizer/evals/validation_queries.json +18 -18
  201. package/.agents/skills/common/skill-optimizer/references/design-patterns.md +26 -26
  202. package/.agents/skills/common/skill-optimizer/references/review-checklist.md +22 -22
  203. package/.agents/skills/common/using-superpowers/SKILL.md +151 -151
  204. package/.agents/skills/common/wait-for-gate-signal/SKILL.md +85 -85
  205. package/.agents/skills/domains/README.md +19 -19
  206. package/.agents/skills/domains/ui-ux-pro-max/SKILL.md +58 -58
  207. package/.agents/skills/domains/web/design-analysis/SKILL.md +89 -89
  208. package/.agents/skills/domains/web/design-analysis/rules/analysis-order.md +61 -61
  209. package/.agents/skills/domains/web/design-analysis/rules/analysis-priorities.md +136 -136
  210. package/.agents/skills/domains/web/design-analysis/rules/checklist-common-misses.md +107 -107
  211. package/.agents/skills/domains/web/design-analysis/rules/implementation-common-errors.md +204 -204
  212. package/.agents/skills/domains/web/design-analysis/rules/implementation-guidelines.md +211 -211
  213. package/.agents/skills/domains/web/design-analysis/rules/output-analysis-checklist.md +247 -247
  214. package/.agents/skills/domains/web/design-analysis/rules/tools-design-guidelines.md +108 -108
  215. package/.agents/skills/domains/web/design-analysis/rules/workflow-element-extraction.md +162 -162
  216. package/.agents/skills/domains/web/design-analysis/rules/workflow-layout-map.md +131 -131
  217. package/.agents/skills/domains/web/design-analysis/rules/workflow-output-checklist.md +70 -70
  218. package/.agents/skills/domains/web/design-analysis/rules/workflow-style-summary.md +91 -91
  219. package/.agents/skills/domains/web/route-permission-map/SKILL.md +103 -103
  220. package/.agents/skills/domains/web/ui-verification/SKILL.md +114 -114
  221. package/.agents/skills/domains/web/ui-verification/evals/evals.json +16 -16
  222. package/.agents/skills/domains/web/ui-verification/evals/train_queries.json +18 -18
  223. package/.agents/skills/domains/web/ui-verification/evals/validation_queries.json +18 -18
  224. package/.agents/skills/domains/web/ui-verification/rules/comparison-content-image.md +34 -34
  225. package/.agents/skills/domains/web/ui-verification/rules/comparison-content-text.md +30 -30
  226. package/.agents/skills/domains/web/ui-verification/rules/comparison-hierarchy.md +33 -33
  227. package/.agents/skills/domains/web/ui-verification/rules/comparison-layout.md +35 -35
  228. package/.agents/skills/domains/web/ui-verification/rules/errors-alignment.md +42 -42
  229. package/.agents/skills/domains/web/ui-verification/rules/errors-button-dimensions.md +28 -28
  230. package/.agents/skills/domains/web/ui-verification/rules/errors-button-position.md +25 -25
  231. package/.agents/skills/domains/web/ui-verification/rules/errors-css-priority.md +50 -50
  232. package/.agents/skills/domains/web/ui-verification/rules/errors-flex-column-width.md +46 -46
  233. package/.agents/skills/domains/web/ui-verification/rules/errors-flex-layout.md +46 -46
  234. package/.agents/skills/domains/web/ui-verification/rules/errors-grid-container-width.md +44 -44
  235. package/.agents/skills/domains/web/ui-verification/rules/errors-page-container-width.md +39 -39
  236. package/.agents/skills/domains/web/ui-verification/rules/tools-browser-navigation.md +53 -53
  237. package/.agents/skills/domains/web/ui-verification/rules/tools-design-guidelines.md +53 -53
  238. package/.agents/skills/domains/web/ui-verification/rules/workflow-checklist.md +27 -27
  239. package/.agents/skills/domains/web/ui-verification/rules/workflow-problem-list.md +56 -56
  240. package/.agents/skills/domains/web/ui-verification/rules/workflow-reflection.md +44 -44
  241. package/.agents/skills/domains/web/ui-verification/rules/writing-alignment.md +44 -44
  242. package/.agents/skills/domains/web/ui-verification/rules/writing-element-completeness.md +63 -63
  243. package/.agents/skills/domains/web/ui-verification/rules/writing-list-layout.md +75 -75
  244. package/.agents/skills/domains/web/ui-verification/rules/writing-page-container-width.md +37 -37
  245. package/.agents/skills/domains/web/web-design-guidelines/SKILL.md +40 -40
  246. package/.agents/skills/profiles/nestjs/README.md +4 -4
  247. package/.agents/skills/profiles/node-tooling/README.md +9 -9
  248. package/.agents/skills/profiles/react/create-api/SKILL.md +145 -145
  249. package/.agents/skills/profiles/react/create-component/SKILL.md +160 -160
  250. package/.agents/skills/profiles/react/create-route/SKILL.md +168 -168
  251. package/.agents/skills/profiles/react/create-store/SKILL.md +262 -262
  252. package/.agents/skills/profiles/react/theme-variables/SKILL.md +82 -82
  253. package/.agents/skills/profiles/react/vercel-composition-patterns/AGENTS.md +899 -899
  254. package/.agents/skills/profiles/react/vercel-composition-patterns/SKILL.md +81 -81
  255. package/.agents/skills/profiles/react/vercel-composition-patterns/rules/architecture-avoid-boolean-props.md +100 -100
  256. package/.agents/skills/profiles/react/vercel-composition-patterns/rules/architecture-compound-components.md +112 -112
  257. package/.agents/skills/profiles/react/vercel-composition-patterns/rules/patterns-children-over-render-props.md +87 -87
  258. package/.agents/skills/profiles/react/vercel-composition-patterns/rules/patterns-explicit-variants.md +100 -100
  259. package/.agents/skills/profiles/react/vercel-composition-patterns/rules/state-context-interface.md +191 -191
  260. package/.agents/skills/profiles/react/vercel-composition-patterns/rules/state-decouple-implementation.md +113 -113
  261. package/.agents/skills/profiles/react/vercel-composition-patterns/rules/state-lift-state.md +125 -125
  262. package/.agents/skills/profiles/react/vercel-react-best-practices/AGENTS.md +2934 -2934
  263. package/.agents/skills/profiles/react/vercel-react-best-practices/SKILL.md +136 -136
  264. package/.agents/skills/profiles/react/vercel-react-best-practices/rules/advanced-event-handler-refs.md +55 -55
  265. package/.agents/skills/profiles/react/vercel-react-best-practices/rules/advanced-init-once.md +42 -42
  266. package/.agents/skills/profiles/react/vercel-react-best-practices/rules/advanced-use-latest.md +39 -39
  267. package/.agents/skills/profiles/react/vercel-react-best-practices/rules/async-api-routes.md +38 -38
  268. package/.agents/skills/profiles/react/vercel-react-best-practices/rules/async-defer-await.md +80 -80
  269. package/.agents/skills/profiles/react/vercel-react-best-practices/rules/async-dependencies.md +51 -51
  270. package/.agents/skills/profiles/react/vercel-react-best-practices/rules/async-parallel.md +28 -28
  271. package/.agents/skills/profiles/react/vercel-react-best-practices/rules/async-suspense-boundaries.md +99 -99
  272. package/.agents/skills/profiles/react/vercel-react-best-practices/rules/bundle-barrel-imports.md +59 -59
  273. package/.agents/skills/profiles/react/vercel-react-best-practices/rules/bundle-conditional.md +31 -31
  274. package/.agents/skills/profiles/react/vercel-react-best-practices/rules/bundle-defer-third-party.md +49 -49
  275. package/.agents/skills/profiles/react/vercel-react-best-practices/rules/bundle-dynamic-imports.md +35 -35
  276. package/.agents/skills/profiles/react/vercel-react-best-practices/rules/bundle-preload.md +50 -50
  277. package/.agents/skills/profiles/react/vercel-react-best-practices/rules/client-event-listeners.md +74 -74
  278. package/.agents/skills/profiles/react/vercel-react-best-practices/rules/client-localstorage-schema.md +71 -71
  279. package/.agents/skills/profiles/react/vercel-react-best-practices/rules/client-passive-event-listeners.md +48 -48
  280. package/.agents/skills/profiles/react/vercel-react-best-practices/rules/client-swr-dedup.md +56 -56
  281. package/.agents/skills/profiles/react/vercel-react-best-practices/rules/js-batch-dom-css.md +107 -107
  282. package/.agents/skills/profiles/react/vercel-react-best-practices/rules/js-cache-function-results.md +80 -80
  283. package/.agents/skills/profiles/react/vercel-react-best-practices/rules/js-cache-property-access.md +28 -28
  284. package/.agents/skills/profiles/react/vercel-react-best-practices/rules/js-cache-storage.md +70 -70
  285. package/.agents/skills/profiles/react/vercel-react-best-practices/rules/js-combine-iterations.md +32 -32
  286. package/.agents/skills/profiles/react/vercel-react-best-practices/rules/js-early-exit.md +50 -50
  287. package/.agents/skills/profiles/react/vercel-react-best-practices/rules/js-hoist-regexp.md +45 -45
  288. package/.agents/skills/profiles/react/vercel-react-best-practices/rules/js-index-maps.md +37 -37
  289. package/.agents/skills/profiles/react/vercel-react-best-practices/rules/js-length-check-first.md +49 -49
  290. package/.agents/skills/profiles/react/vercel-react-best-practices/rules/js-min-max-loop.md +82 -82
  291. package/.agents/skills/profiles/react/vercel-react-best-practices/rules/js-set-map-lookups.md +24 -24
  292. package/.agents/skills/profiles/react/vercel-react-best-practices/rules/js-tosorted-immutable.md +57 -57
  293. package/.agents/skills/profiles/react/vercel-react-best-practices/rules/rendering-activity.md +26 -26
  294. package/.agents/skills/profiles/react/vercel-react-best-practices/rules/rendering-animate-svg-wrapper.md +47 -47
  295. package/.agents/skills/profiles/react/vercel-react-best-practices/rules/rendering-conditional-render.md +40 -40
  296. package/.agents/skills/profiles/react/vercel-react-best-practices/rules/rendering-content-visibility.md +38 -38
  297. package/.agents/skills/profiles/react/vercel-react-best-practices/rules/rendering-hoist-jsx.md +46 -46
  298. package/.agents/skills/profiles/react/vercel-react-best-practices/rules/rendering-hydration-no-flicker.md +82 -82
  299. package/.agents/skills/profiles/react/vercel-react-best-practices/rules/rendering-hydration-suppress-warning.md +30 -30
  300. package/.agents/skills/profiles/react/vercel-react-best-practices/rules/rendering-svg-precision.md +28 -28
  301. package/.agents/skills/profiles/react/vercel-react-best-practices/rules/rendering-usetransition-loading.md +75 -75
  302. package/.agents/skills/profiles/react/vercel-react-best-practices/rules/rerender-defer-reads.md +39 -39
  303. package/.agents/skills/profiles/react/vercel-react-best-practices/rules/rerender-dependencies.md +45 -45
  304. package/.agents/skills/profiles/react/vercel-react-best-practices/rules/rerender-derived-state-no-effect.md +40 -40
  305. package/.agents/skills/profiles/react/vercel-react-best-practices/rules/rerender-derived-state.md +29 -29
  306. package/.agents/skills/profiles/react/vercel-react-best-practices/rules/rerender-functional-setstate.md +74 -74
  307. package/.agents/skills/profiles/react/vercel-react-best-practices/rules/rerender-lazy-state-init.md +58 -58
  308. package/.agents/skills/profiles/react/vercel-react-best-practices/rules/rerender-memo-with-default-value.md +38 -38
  309. package/.agents/skills/profiles/react/vercel-react-best-practices/rules/rerender-memo.md +44 -44
  310. package/.agents/skills/profiles/react/vercel-react-best-practices/rules/rerender-move-effect-to-event.md +45 -45
  311. package/.agents/skills/profiles/react/vercel-react-best-practices/rules/rerender-simple-expression-in-memo.md +35 -35
  312. package/.agents/skills/profiles/react/vercel-react-best-practices/rules/rerender-transitions.md +40 -40
  313. package/.agents/skills/profiles/react/vercel-react-best-practices/rules/rerender-use-ref-transient-values.md +73 -73
  314. package/.agents/skills/profiles/react/vercel-react-best-practices/rules/server-after-nonblocking.md +73 -73
  315. package/.agents/skills/profiles/react/vercel-react-best-practices/rules/server-auth-actions.md +96 -96
  316. package/.agents/skills/profiles/react/vercel-react-best-practices/rules/server-cache-lru.md +41 -41
  317. package/.agents/skills/profiles/react/vercel-react-best-practices/rules/server-cache-react.md +76 -76
  318. package/.agents/skills/profiles/react/vercel-react-best-practices/rules/server-dedup-props.md +65 -65
  319. package/.agents/skills/profiles/react/vercel-react-best-practices/rules/server-parallel-fetching.md +83 -83
  320. package/.agents/skills/profiles/react/vercel-react-best-practices/rules/server-serialization.md +38 -38
  321. package/.agents/skills/profiles/springboot/README.md +10 -10
  322. package/.agents/skills/profiles/vue/create-api/SKILL.md +105 -105
  323. package/.agents/skills/profiles/vue/create-component/SKILL.md +76 -76
  324. package/.agents/skills/profiles/vue/create-route/SKILL.md +141 -141
  325. package/.agents/skills/profiles/vue/create-store/SKILL.md +97 -97
  326. package/.agents/skills/profiles/vue/create-view/SKILL.md +81 -81
  327. package/.agents/skills/profiles/vue/theme-variables/SKILL.md +73 -73
  328. package/.agents/skills/profiles/vue/vue-best-practices/SKILL.md +166 -166
  329. package/.agents/skills/profiles/vue/vue-best-practices/references/animation-class-based-technique.md +254 -254
  330. package/.agents/skills/profiles/vue/vue-best-practices/references/animation-state-driven-technique.md +291 -291
  331. package/.agents/skills/profiles/vue/vue-best-practices/references/component-async.md +97 -97
  332. package/.agents/skills/profiles/vue/vue-best-practices/references/component-data-flow.md +307 -307
  333. package/.agents/skills/profiles/vue/vue-best-practices/references/component-fallthrough-attrs.md +174 -174
  334. package/.agents/skills/profiles/vue/vue-best-practices/references/component-keep-alive.md +137 -137
  335. package/.agents/skills/profiles/vue/vue-best-practices/references/component-slots.md +216 -216
  336. package/.agents/skills/profiles/vue/vue-best-practices/references/component-suspense.md +228 -228
  337. package/.agents/skills/profiles/vue/vue-best-practices/references/component-teleport.md +108 -108
  338. package/.agents/skills/profiles/vue/vue-best-practices/references/component-transition-group.md +128 -128
  339. package/.agents/skills/profiles/vue/vue-best-practices/references/component-transition.md +125 -125
  340. package/.agents/skills/profiles/vue/vue-best-practices/references/composables.md +290 -290
  341. package/.agents/skills/profiles/vue/vue-best-practices/references/directives.md +162 -162
  342. package/.agents/skills/profiles/vue/vue-best-practices/references/perf-avoid-component-abstraction-in-lists.md +159 -159
  343. package/.agents/skills/profiles/vue/vue-best-practices/references/perf-v-once-v-memo-directives.md +182 -182
  344. package/.agents/skills/profiles/vue/vue-best-practices/references/perf-virtualize-large-lists.md +187 -187
  345. package/.agents/skills/profiles/vue/vue-best-practices/references/plugins.md +166 -166
  346. package/.agents/skills/profiles/vue/vue-best-practices/references/reactivity.md +344 -344
  347. package/.agents/skills/profiles/vue/vue-best-practices/references/render-functions.md +201 -201
  348. package/.agents/skills/profiles/vue/vue-best-practices/references/sfc.md +310 -310
  349. package/.agents/skills/profiles/vue/vue-best-practices/references/state-management.md +135 -135
  350. package/.agents/skills/profiles/vue/vue-best-practices/references/updated-hook-performance.md +187 -187
  351. package/.agents/templates/common/README.md +23 -23
  352. package/.agents/templates/common/bugfix.md +22 -22
  353. package/.agents/templates/common/create-expert-package.md +458 -458
  354. package/.agents/templates/common/mock-page.md +28 -28
  355. package/.agents/templates/common/new-component.md +25 -25
  356. package/.agents/templates/common/new-page.md +31 -31
  357. package/.cursor/mcp.json +35 -35
  358. package/.qoder/mcp.json +26 -26
  359. package/bin/archive-change.js +560 -474
  360. package/bin/check-command.js +62 -62
  361. package/bin/cli.js +0 -0
  362. package/bin/command-template-renderer.js +40 -40
  363. package/bin/context-command.js +102 -102
  364. package/bin/demo-runtime-smoke.js +760 -760
  365. package/bin/execution-semantics.js +821 -821
  366. package/bin/executor-command.js +93 -93
  367. package/bin/expert-dispatch.js +334 -334
  368. package/bin/expert-executor.js +1148 -1148
  369. package/bin/guard-command.js +52 -52
  370. package/bin/hub-command.js +876 -876
  371. package/bin/ide-command.js +242 -242
  372. package/bin/init-command.js +193 -193
  373. package/bin/install-workflow.js +35 -3
  374. package/bin/manifest-export.js +34 -34
  375. package/bin/profile-registry.js +90 -90
  376. package/bin/protocol-workflow.js +452 -446
  377. package/bin/repair-command.js +161 -161
  378. package/bin/repo-map.js +177 -177
  379. package/bin/report-command.js +236 -236
  380. package/bin/runtime-bootstrap.js +428 -428
  381. package/bin/runtime-embedded.js +101 -101
  382. package/bin/runtime-fallback.js +106 -106
  383. package/bin/runtime-launcher.js +116 -116
  384. package/bin/runtime-paths.js +177 -177
  385. package/bin/runtime-registry.js +289 -289
  386. package/bin/runtime-state.js +2541 -2541
  387. package/bin/scan.js +96 -96
  388. package/bin/self-upgrade.js +206 -206
  389. package/bin/skill-spec-validator.js +457 -457
  390. package/bin/spec-command.js +366 -366
  391. package/bin/superpowers.js +384 -384
  392. package/bin/sync-command.js +59 -59
  393. package/bin/sync.js +1904 -1904
  394. package/bin/task-orchestrator-adapter.js +341 -341
  395. package/bin/task-orchestrator-extractor.js +274 -274
  396. package/bin/task-orchestrator-runner.js +1208 -1208
  397. package/bin/telemetry/README.md +66 -66
  398. package/bin/telemetry/aspect.js +153 -153
  399. package/bin/telemetry/collect.js +67 -67
  400. package/bin/telemetry/config.js +114 -114
  401. package/bin/telemetry/defaults.json +5 -5
  402. package/bin/telemetry/healthcheck.js +195 -195
  403. package/bin/telemetry/identity.js +53 -53
  404. package/bin/telemetry/index.js +25 -25
  405. package/bin/telemetry/reporter.js +83 -83
  406. package/bin/telemetry/safe.js +39 -39
  407. package/bin/validate-registry.js +740 -740
  408. package/bin/visual-bridge-config.js +117 -117
  409. package/bin/visual-bridge.js +287 -287
  410. package/bin/visual-command.js +432 -432
  411. package/bin/worktree-command.js +194 -194
  412. package/configs/common/.editorconfig +15 -15
  413. package/configs/common/.husky/commit-msg +4 -4
  414. package/configs/common/.husky/pre-commit +4 -4
  415. package/configs/common/.lintstagedrc +11 -11
  416. package/configs/common/.prettierignore +11 -11
  417. package/configs/common/.prettierrc.json +11 -11
  418. package/configs/common/.stylelintignore +14 -14
  419. package/configs/common/.stylelintrc.json +21 -21
  420. package/configs/common/commitlint.config.js +3 -3
  421. package/configs/profiles/nestjs/.gitkeep +1 -1
  422. package/configs/profiles/node-tooling/.gitkeep +1 -1
  423. package/configs/profiles/react/.eslintignore +6 -6
  424. package/configs/profiles/react/.eslintrc.js +16 -16
  425. package/configs/profiles/react/.stylelintrc.json +18 -18
  426. package/configs/profiles/springboot/.gitkeep +1 -1
  427. package/configs/profiles/vue/.eslintignore +6 -6
  428. package/configs/profiles/vue/.eslintrc.cjs +17 -17
  429. package/contracts/README.md +28 -28
  430. package/contracts/fixtures/asset-package.fixture.json +26 -26
  431. package/contracts/fixtures/asset-usage-feedback.fixture.json +14 -14
  432. package/contracts/fixtures/evidence-report.fixture.json +28 -28
  433. package/contracts/fixtures/manifest.fixture.json +20 -20
  434. package/contracts/fixtures/run-event.fixture.json +15 -15
  435. package/contracts/schemas/asset-package.schema.json +76 -76
  436. package/contracts/schemas/asset-usage-feedback.schema.json +57 -57
  437. package/contracts/schemas/evidence-report.schema.json +60 -60
  438. package/contracts/schemas/manifest.schema.json +63 -63
  439. package/contracts/schemas/run-event.schema.json +72 -72
  440. package/install.ps1 +35 -35
  441. package/install.sh +17 -17
  442. package/internal/ai-protocol-workflow.js +5824 -5600
  443. package/internal/hub-client.js +98 -98
  444. package/internal/hub-sync-selection.js +69 -69
  445. package/internal/visual-hooks/README.md +481 -481
  446. package/internal/visual-hooks/config-loader.js +218 -218
  447. package/internal/visual-hooks/control-puller.js +206 -206
  448. package/internal/visual-hooks/gate-signal.js +150 -150
  449. package/internal/visual-hooks/inbox-consumer.js +469 -469
  450. package/internal/visual-hooks/index.js +197 -197
  451. package/internal/visual-hooks/push-client.js +189 -189
  452. package/internal/visual-hooks/receipt-pusher.js +176 -176
  453. package/internal/visual-hooks/runtime-state-pusher.js +128 -128
  454. package/openspec/config.yaml.template +52 -52
  455. package/openspec/schemas/expert-delivery/schema.yaml +68 -68
  456. package/openspec/schemas/expert-delivery/templates/checklist.md +39 -39
  457. package/openspec/schemas/expert-delivery/templates/design.md +61 -61
  458. package/openspec/schemas/expert-delivery/templates/iterations.md +25 -25
  459. package/openspec/schemas/expert-delivery/templates/proposal.md +45 -45
  460. package/openspec/schemas/expert-delivery/templates/spec.md +29 -29
  461. package/openspec/schemas/expert-delivery/templates/tasks.md +24 -24
  462. package/package.json +1 -1
  463. package/scripts/acceptance-zero-intrusion.sh +168 -168
  464. package/scripts/hub-sync-assets.config.example.json +296 -296
  465. package/scripts/hub-sync-assets.js +2038 -2038
  466. package/scripts/local-verify.sh +280 -280
  467. package/scripts/post-publish-auto-fix-check.js +404 -404
  468. package/scripts/post-publish-verify.sh +175 -175
  469. package/scripts/setup-cursor-manual-test.sh +107 -107
  470. package/scripts/setup-cursor-spec-archive-test.sh +111 -111
  471. package/scripts/setup-visual-integration.sh +225 -225
  472. package/scripts/test-integration.sh +176 -176
  473. package/scripts/update-test-project.sh +93 -93
  474. package/scripts/upload-four-web.sh +57 -57
  475. package/scripts/verify-install-ps1-bom.js +26 -26
  476. package/src/agent/agent-context.js +259 -259
  477. package/src/agent/agent-profile.js +185 -185
  478. package/src/agent/agent-templates.js +161 -161
  479. package/src/agent/agent-types.js +108 -108
  480. package/src/agent/collaboration-protocol.js +333 -333
  481. package/src/agent/conflict-handler.js +364 -364
  482. package/src/agent/file-permission.js +121 -121
  483. package/src/agent/index.js +38 -38
  484. package/src/agent/permission-audit.js +151 -151
  485. package/src/agent/review-repair-loop.js +270 -270
  486. package/src/agent/tool-permission.js +101 -101
  487. package/src/asset/asset-dependency.js +322 -322
  488. package/src/asset/asset-feedback.js +350 -350
  489. package/src/asset/asset-fork.js +300 -300
  490. package/src/asset/asset-install.js +278 -278
  491. package/src/asset/asset-installer.js +497 -497
  492. package/src/asset/asset-lifecycle.js +324 -324
  493. package/src/asset/asset-manager.js +245 -245
  494. package/src/asset/asset-package-manager.js +349 -349
  495. package/src/asset/asset-package.js +186 -186
  496. package/src/asset/asset-quality.js +262 -262
  497. package/src/asset/asset-registry.js +387 -387
  498. package/src/asset/asset-version.js +293 -293
  499. package/src/asset/index.js +86 -86
  500. package/src/cache/agent-profile-cache.js +59 -59
  501. package/src/cache/asset-cache.js +63 -63
  502. package/src/cache/global-cache.js +61 -61
  503. package/src/cache/manifest-cache.js +30 -30
  504. package/src/check/check-service.js +32 -32
  505. package/src/config/config-layer.js +343 -343
  506. package/src/config/config-loader.js +60 -60
  507. package/src/config/defaults.js +49 -49
  508. package/src/connectors/hub/asset-package.js +72 -72
  509. package/src/connectors/hub/asset-usage-feedback.js +46 -46
  510. package/src/connectors/hub/hub-connector.js +44 -44
  511. package/src/connectors/hub/index.js +21 -21
  512. package/src/connectors/visual/evidence-report.js +49 -49
  513. package/src/connectors/visual/index.js +15 -15
  514. package/src/connectors/visual/queue.js +41 -41
  515. package/src/connectors/visual/run-event.js +81 -81
  516. package/src/connectors/visual/visual-connector.js +77 -77
  517. package/src/context/context-budget.js +59 -59
  518. package/src/context/context-builder.js +285 -285
  519. package/src/context/context-loader.js +116 -116
  520. package/src/context/context-planner.js +158 -158
  521. package/src/context/types.js +96 -96
  522. package/src/contracts/index.js +63 -63
  523. package/src/executor/executor-registry.js +78 -78
  524. package/src/executor/executor-result-parser.js +44 -44
  525. package/src/executor/executor-runner.js +141 -141
  526. package/src/executor/executor-selector.js +139 -139
  527. package/src/executor/executor-timeout.js +36 -36
  528. package/src/executor/providers/base-provider-utils.js +189 -189
  529. package/src/executor/providers/claude-code-executor-provider.js +128 -128
  530. package/src/executor/providers/codex-executor-provider.js +126 -126
  531. package/src/executor/providers/cursor-executor-provider.js +99 -99
  532. package/src/executor/types.js +137 -137
  533. package/src/git/branch-manager.js +71 -71
  534. package/src/git/dirty-checker.js +43 -43
  535. package/src/git/dirty-strategy-handler.js +29 -29
  536. package/src/git/git-command.js +37 -37
  537. package/src/git/git-repository-detector.js +45 -45
  538. package/src/git/multi-repo-worktree-planner.js +88 -88
  539. package/src/git/policy.js +19 -19
  540. package/src/git/strategies/block-dirty-strategy.js +34 -34
  541. package/src/git/strategies/ignore-dirty-strategy.js +33 -33
  542. package/src/git/strategies/patch-snapshot-strategy.js +53 -53
  543. package/src/git/strategies/wip-commit-strategy.js +38 -38
  544. package/src/git/types.js +71 -71
  545. package/src/git/worktree-manager.js +85 -85
  546. package/src/governance/asset-review.js +351 -351
  547. package/src/governance/audit-log.js +368 -368
  548. package/src/governance/gray-release.js +312 -312
  549. package/src/governance/index.js +31 -31
  550. package/src/governance/policy-types.js +56 -56
  551. package/src/governance/rbac-types.js +171 -171
  552. package/src/governance/rbac.js +382 -382
  553. package/src/governance/rollback.js +360 -360
  554. package/src/governance/security-policy.js +354 -354
  555. package/src/hook/hook-config-writer.js +125 -125
  556. package/src/hub/hub-client.js +186 -186
  557. package/src/hub/hub-config.js +39 -39
  558. package/src/hub/project-facts.js +31 -31
  559. package/src/hub/runtime-feedback-reporter.js +55 -55
  560. package/src/ide/adapters/adapter-protocol.js +385 -385
  561. package/src/ide/adapters/claude-adapter.js +419 -419
  562. package/src/ide/adapters/codex-adapter.js +60 -60
  563. package/src/ide/adapters/cursor-adapter.js +484 -484
  564. package/src/ide/adapters/index.js +24 -24
  565. package/src/ide/anchors/markdown-anchor-writer.js +152 -152
  566. package/src/ide/ide-service.js +270 -270
  567. package/src/ide/ide-types.js +94 -94
  568. package/src/ide/links/link-mode-resolver.js +160 -160
  569. package/src/ide/registry/ide-registry-builder.js +165 -165
  570. package/src/incident/incident-writer.js +47 -47
  571. package/src/incident/types.js +22 -22
  572. package/src/init/ide-linker.js +126 -126
  573. package/src/init/ide-pointer-injector.js +75 -75
  574. package/src/init/init-applier.js +197 -197
  575. package/src/init/init-plan.js +294 -294
  576. package/src/init/init-service.js +65 -65
  577. package/src/init/manifest-installer.js +302 -302
  578. package/src/init/types.js +26 -26
  579. package/src/project/config-writer.js +83 -83
  580. package/src/project/context-index-writer.js +82 -82
  581. package/src/project/json-utils.js +72 -72
  582. package/src/project/local-state-writer.js +50 -50
  583. package/src/project/lock-file-writer.js +98 -98
  584. package/src/project/manifest-writer.js +126 -126
  585. package/src/project/policy-config-writer.js +91 -91
  586. package/src/project/project-config-writer.js +74 -74
  587. package/src/project/project-files.js +39 -39
  588. package/src/project/registry-index-writer.js +43 -43
  589. package/src/project/workspace-config-writer.js +63 -63
  590. package/src/run/index.js +11 -11
  591. package/src/run/run-id.js +32 -32
  592. package/src/run/run-service.js +269 -269
  593. package/src/run/run-store.js +80 -80
  594. package/src/scanner/aggregator/detection-aggregator.js +23 -23
  595. package/src/scanner/boundary/boundary-resolver.js +229 -229
  596. package/src/scanner/detectors/detector-registry.js +44 -44
  597. package/src/scanner/detectors/fastapi-detector.js +46 -46
  598. package/src/scanner/detectors/go-detector.js +46 -46
  599. package/src/scanner/detectors/nestjs-detector.js +57 -57
  600. package/src/scanner/detectors/nextjs-detector.js +52 -52
  601. package/src/scanner/detectors/react-vite-detector.js +52 -52
  602. package/src/scanner/detectors/react-webpack-detector.js +57 -57
  603. package/src/scanner/detectors/springboot-detector.js +46 -46
  604. package/src/scanner/detectors/springcloud-detector.js +46 -46
  605. package/src/scanner/detectors/springmvc-detector.js +46 -46
  606. package/src/scanner/detectors/vue-vite-detector.js +52 -52
  607. package/src/scanner/engine.js +72 -72
  608. package/src/scanner/facts/fact-extractor.js +211 -211
  609. package/src/scanner/types.js +30 -30
  610. package/src/security/asset-tamper-checker.js +188 -188
  611. package/src/security/checksum.js +40 -40
  612. package/src/spec/spec-writer.js +302 -302
  613. package/src/state-machine/circuit-breaker.js +112 -112
  614. package/src/state-machine/escape-hatch.js +49 -49
  615. package/src/state-machine/stage-runner.js +281 -281
  616. package/src/state-machine/state-machine.js +24 -24
  617. package/src/state-machine/transition-guard.js +36 -36
  618. package/src/state-machine/types.js +37 -37
  619. package/src/sync/sync-service.js +192 -192
  620. package/src/visual/agent-visual.js +142 -142
  621. package/src/visual/event-gateway.js +357 -357
  622. package/src/visual/event-mapper.js +128 -128
  623. package/src/visual/hook-dashboard.js +216 -216
  624. package/src/visual/index.js +27 -27
  625. package/src/visual/metrics.js +287 -287
  626. package/src/visual/privacy-filter.js +100 -100
  627. package/src/visual/risk-board.js +252 -252
  628. package/src/visual/timeline.js +245 -245
  629. package/src/visual/visual-client.js +94 -94
  630. package/src/visual/visual-config.js +40 -40
  631. package/src/visual/visual-reporter.js +88 -88
@@ -1,533 +1,533 @@
1
- ---
2
- name: branch-code-reviewer
3
- description: 分支代码评审专家。将功能分支与主分支(master/main)进行代码比对分析,自动识别技术风险和业务风险,生成可视化HTML评审报告。当需要进行分支间代码评审、合并前代码检查、代码质量分析时使用。
4
- compatibility: Requires git repository with at least two branches. Supports both requirement documentation mode and project documentation mode for business risk analysis.
5
- metadata:
6
- version: "1.1.0"
7
- openclaw-user-invocable: "true"
8
- type: flexible
9
- category: code-review
10
- tags: ["branch-diff", "code-review", "risk-analysis", "business-risk", "technical-risk", "html-report"]
11
- ---
12
-
13
- # 分支代码评审专家 (Branch Code Reviewer)
14
-
15
- > 本技能专注于**分支间代码差异分析**与**多维度风险识别**,不仅检查技术类风险,还结合需求文档分析业务类风险,最终生成精美的可视化 HTML 评审报告。
16
-
17
- ## 触发条件
18
-
19
- 当用户输入以下类似指令时,**必须**强制调用此技能:
20
-
21
- - "评审当前分支"
22
- - "对比分支差异"
23
- - "分析代码风险"
24
- - "生成评审报告"
25
- - "检查合并风险"
26
- - "/branch-review"
27
-
28
- ## 环境依赖
29
-
30
- - Git 仓库,至少有两个分支(功能分支 + 主分支)
31
- - 可选:需求文档路径(用于业务风险分析)
32
- - 需要文件读写权限以生成 HTML 报告
33
-
34
- ## 前置要求
35
-
36
- 1. 必须在 Git 仓库中执行
37
- 2. 必须确认要对比的两个分支(功能分支 vs 主分支)
38
- 3. 如果用户提供了需求文档路径,必须读取该文档用于业务风险分析
39
- 4. 确保 `.code-review/` 目录存在,不存在则创建
40
-
41
- ---
42
-
43
- ## 工作流程
44
-
45
- ### 第一步:确认分支信息与需求文档
46
-
47
- **强制输出标题**: `### 第一步:确认评审上下文`
48
-
49
- 1. 获取当前 Git 仓库的分支列表:
50
- ```bash
51
- git branch -a
52
- ```
53
-
54
- 2. 确认要对比的功能分支和目标分支:
55
- - 如果用户指定了分支,使用用户指定的分支
56
- - 如果用户未指定,使用当前分支作为功能分支,自动检测主分支(优先 master,其次 main)
57
-
58
- 3. **重要**: 首先检查本次开发是否已有需求文档归档:
59
- ```bash
60
- # 检查 .ai-spec/ 目录下是否有本次开发的需求文档
61
- ls .ai-spec/ | grep -E "(spec|proposal|requirement|prd)"
62
- ```
63
-
64
- 然后根据情况询问用户:
65
- ```
66
- 请选择本次业务审查的模式:
67
-
68
- 1. 需求文档模式(推荐) - 使用本次开发归档的需求文档进行审查
69
- - 适用场景:使用 OpenSpec/Superpowers 完成的需求开发,已有需求文档归档到 .ai-spec/
70
- - 文档路径: [.ai-spec/ 下的需求文档]
71
-
72
- 2. 外部需求文档 - 提供本次开发的需求文档路径
73
- - 适用场景:需求文档在其他位置(PRD、用户故事等)
74
- - 文档路径: [用户输入]
75
-
76
- 3. 项目说明模式 - 基于项目说明文档和 master 基线进行泛类审查
77
- - 适用场景:重构、优化、技术债清理等无明确需求文档的场景
78
-
79
- 请输入选项编号(1/2/3),或直接提供文档路径(默认模式1):
80
- [用户输入]
81
- ```
82
-
83
- 4. 根据用户选择执行:
84
- - **模式1(归档需求文档)**: 读取 `.ai-spec/` 目录下的需求文档,分析核心业务目标、关键功能点、业务约束与规则、验收标准
85
- - **模式2(外部需求文档)**: 读取用户提供的需求文档路径,分析核心业务目标、关键功能点、业务约束与规则、验收标准
86
- - **模式3(项目说明)**: 读取项目说明文档(README.md/PROJECT.md等),提取项目定位、核心能力、关键业务模块、既有业务规则
87
-
88
- 5. 输出确认信息:
89
- ```
90
- ✅ 评审上下文已确认:
91
- - 功能分支: [branch-name]
92
- - 主分支: [master/main]
93
- - 需求文档: [已读取/未提供]
94
- - 评审范围: [技术风险 + 业务风险 / 仅技术风险]
95
- ```
96
-
97
- ### 第二步:获取代码差异与提交历史
98
-
99
- **强制输出标题**: `### 第二步:收集代码差异数据`
100
-
101
- 1. 获取两个分支间的完整差异:
102
- ```bash
103
- git diff [main-branch]..[feature-branch] > diff-full.patch
104
- ```
105
-
106
- 2. 获取文件级别的变更统计:
107
- ```bash
108
- git diff --stat [main-branch]..[feature-branch]
109
- ```
110
-
111
- 3. 获取每个文件的增删行数统计:
112
- ```bash
113
- git diff --numstat [main-branch]..[feature-branch]
114
- ```
115
-
116
- 4. 获取功能分支相对于主分支的提交历史:
117
- ```bash
118
- git log [main-branch]..[feature-branch] --oneline
119
- ```
120
-
121
- 5. 获取变更文件列表:
122
- ```bash
123
- git diff --name-status [main-branch]..[feature-branch]
124
- ```
125
-
126
- 6. 对于每个变更文件,获取足够的上下文代码(至少前后10行):
127
- ```bash
128
- git diff [main-branch]..[feature-branch] -- [file-path]
129
- ```
130
-
131
- 7. 输出收集结果:
132
- ```
133
- 📊 差异数据已收集:
134
- - 变更文件数: X
135
- - 新增行数: +X
136
- - 删除行数: -X
137
- - 提交次数: X
138
- - 变更文件列表: [file1, file2, ...]
139
- ```
140
-
141
- ### 第三步:技术类风险代码分析
142
-
143
- **强制输出标题**: `### 第三步:技术风险分析`
144
-
145
- 针对每个变更文件进行深度技术分析:
146
-
147
- #### 3.1 代码质量检查
148
-
149
- - **命名规范**: 变量、函数、组件命名是否符合项目规范
150
- - **代码重复度**: 是否存在复制粘贴代码
151
- - **函数复杂度**: 函数是否过长,圈复杂度是否过高
152
- - **代码可读性**: 逻辑是否清晰,注释是否充分
153
-
154
- #### 3.2 潜在技术问题识别
155
-
156
- - **性能问题**:
157
- - 不必要的重渲染(React/Vue)
158
- - 内存泄漏(未清理的监听器、定时器等)
159
- - 大循环或嵌套循环性能瓶颈
160
- - 未使用缓存导致重复计算
161
-
162
- - **安全漏洞**:
163
- - XSS 攻击风险(未转义的用户输入)
164
- - SQL/命令注入攻击
165
- - 敏感信息暴露(硬编码密钥、密码等)
166
- - CSRF 防护缺失
167
-
168
- - **错误处理缺失**:
169
- - Promise 未 catch
170
- - try-catch 缺失
171
- - 边界条件未处理
172
- - 空值/undefined 未检查
173
-
174
- #### 3.3 最佳实践检查
175
-
176
- - 设计模式是否恰当
177
- - API 使用是否正确
178
- - 是否遵循项目既有规范(参考 `.agents/rules/`)
179
- - 组件化与模块化程度
180
- - 测试覆盖率是否足够
181
-
182
- #### 3.4 技术改进建议
183
-
184
- 输出具体的:
185
- - 代码重构建议
186
- - 性能优化方案
187
- - 更优的实现方式
188
- - 代码简化建议
189
-
190
- ### 第四步:业务类风险分析
191
-
192
- **强制输出标题**: `### 第四步:业务风险分析`
193
-
194
- **业务审查的三种模式**:
195
- 1. **需求文档模式(推荐)**: 使用本次开发归档到 `.ai-spec/` 的需求文档进行审查
196
- 2. **外部需求文档**: 用户提供本次开发的需求文档路径
197
- 3. **项目说明模式**: 如果没有需求文档,读取项目说明文档(如 README.md、PROJECT.md、01-项目概述.md等),结合 master 分支的代码基线,进行泛类业务审查
198
-
199
- #### 4.1 模式一:需求文档覆盖度检查(推荐模式)
200
-
201
- **优先使用本次开发归档到 `.ai-spec/` 的需求文档**。
202
-
203
- 对比代码变更与需求文档,检查:
204
-
205
- - **功能完整性**: 需求文档中的所有功能点是否都已实现
206
- - **验收标准**: 是否满足需求文档中的验收标准
207
- - **业务规则**: 代码实现是否符合业务规则
208
- - **边界场景**: 需求文档中提到的边界场景是否都处理了
209
-
210
- #### 4.2 模式二:外部需求文档审查
211
-
212
- 用户提供本次开发的需求文档路径,检查内容同模式一。
213
-
214
- #### 4.3 模式三:项目说明与基线对比审查(通用模式)
215
-
216
- **当没有需求文档时,执行此模式**。
217
-
218
- 1. **读取项目说明文档**:
219
- - 优先读取: `README.md`、`PROJECT.md`、`01-项目概述.md`、`docs/` 目录下的项目说明
220
- - 提取信息:
221
- - 项目定位与核心能力
222
- - 关键业务模块与功能
223
- - 技术栈与架构约束
224
- - 已有的业务规则与流程
225
-
226
- 2. **对比 master 分支基线**:
227
- - 分析功能分支相对于 master 的变更范围
228
- - 识别变更是否影响核心业务流程
229
- - 检查新增代码是否与项目既有业务逻辑一致
230
-
231
- 3. **泛类业务审查维度**:
232
-
233
- - **业务流程完整性**:
234
- - 关键业务流程是否遗漏(如:创建→审批→执行→归档)
235
- - 新增功能是否缺少上下游衔接
236
- - 例如:新增订单创建但缺少支付/退款流程
237
-
238
- - **状态流转一致性**:
239
- - 业务状态流转是否符合项目既有模式
240
- - 是否存在状态跳跃或缺失中间态
241
- - 例如:订单状态从"待支付"直接到"已完成",缺少"已支付"
242
-
243
- - **数据约束与一致性**:
244
- - 数据操作是否符合项目已有的数据约束
245
- - 关键业务数据是否缺少校验
246
- - 例如:金额字段缺少精度校验,库存扣减不在事务中
247
-
248
- - **权限与合规性**:
249
- - 是否符合项目既有的权限控制模式
250
- - 敏感操作是否缺少权限校验
251
- - 例如:未校验用户角色即可删除核心数据
252
-
253
- - **异常场景处理**:
254
- - 业务异常是否有降级方案
255
- - 失败场景是否有补偿机制
256
- - 例如:支付失败后无回滚逻辑,接口超时无重试
257
-
258
- - **与既有代码的一致性**:
259
- - 新增代码是否遵循项目既有的业务抽象
260
- - 是否重复实现了已有的业务逻辑
261
- - 例如:项目已有统一的审批流引擎,但新代码自己实现了一套
262
-
263
- #### 4.3 业务改进建议
264
-
265
- 根据审查模式输出:
266
-
267
- **需求文档模式(模式1/2)**:
268
- - 缺失功能点清单
269
- - 业务逻辑修正建议
270
- - 流程补充建议
271
- - 风险控制建议
272
- - 需求覆盖度评分
273
-
274
- **项目说明模式(模式3)**:
275
- - 与项目既有业务逻辑不一致的代码清单
276
- - 可能缺失的业务流程环节
277
- - 建议补充的异常处理场景
278
- - 可复用的项目既有业务抽象
279
- - 业务一致性评分
280
-
281
- ### 第五步:生成可视化 HTML 报告
282
-
283
- **强制输出标题**: `### 第五步:生成可视化评审报告`
284
-
285
- 生成一个独立的 HTML 文件(无需外部依赖),包含以下功能模块:
286
-
287
- #### 5.1 HTML 报告结构
288
-
289
- ##### 1. 概览面板(Overview Dashboard)
290
-
291
- ```
292
- ┌─────────────────────────────────────────────┐
293
- │ 📊 代码评审报告 - [分支名] vs [主分支名] │
294
- ├─────────────────────────────────────────────┤
295
- │ 变更文件数 | 新增行数 | 删除行数 | 修改行数 │
296
- │ 提交次数 | 技术风险数 | 业务风险数 | 通过率 │
297
- └─────────────────────────────────────────────┘
298
- ```
299
-
300
- ##### 2. 文件导航树(File Tree Navigator)
301
-
302
- - 左侧显示文件树结构
303
- - 使用不同颜色/图标标注文件状态(新增/修改/删除)
304
- - 支持目录折叠/展开
305
- - 显示每个文件的变更行数统计
306
- - 点击文件快速跳转到对应差异区域
307
-
308
- ##### 3. 差异展示区(Diff Viewer)
309
-
310
- - **并排模式(Side-by-Side)**: 左侧显示旧代码,右侧显示新代码
311
- - **统一模式(Unified)**: 在同一列中显示差异,使用颜色区分增删
312
- - 支持两种模式切换
313
- - 代码语法高亮(根据文件类型)
314
- - 行号显示
315
- - 变更行用背景色标注:
316
- - 绿色: 新增行
317
- - 红色: 删除行
318
- - 黄色: 修改行
319
- - 折叠未变更的代码区域,保留上下文(可点击展开)
320
-
321
- ##### 4. 技术风险区(Technical Risks)
322
-
323
- 每个文件的技术评审结果:
324
-
325
- - 问题按严重程度分级:
326
- - 🔴 严重(Critical): 必须修复
327
- - 🟡 警告(Warning): 建议修复
328
- - 🔵 建议(Suggestion): 可选优化
329
- - ⚪ 提示(Info): 信息说明
330
-
331
- - 每个问题包含:
332
- - 问题描述
333
- - 风险原因
334
- - 修复建议
335
- - 示例代码
336
- - 关联到具体代码行
337
-
338
- ##### 5. 业务风险区(Business Risks) - 如果有业务风险分析
339
-
340
- 业务风险分析结果(需求文档模式或项目说明模式):
341
-
342
- - 需求覆盖度评分(需求文档模式) / 业务一致性评分(项目说明模式)
343
- - 缺失功能点清单 / 与既有业务逻辑不一致的代码清单
344
- - 业务逻辑风险
345
- - 流程缺失警告
346
- - 状态不一致问题
347
- - 数据一致性问题
348
- - 每个业务风险关联到:
349
- - 需求文档章节(需求文档模式) / 项目说明文档(项目说明模式)
350
- - 相关代码文件
351
- - 风险等级
352
- - 修复建议
353
-
354
- ##### 6. 交互功能
355
-
356
- - **搜索**: 支持全局搜索文件名和代码内容
357
- - **过滤**: 按文件类型、变更类型、问题严重程度、风险类型(技术/业务)筛选
358
- - **导航**: 上一个/下一个文件、上一个/下一个问题快速跳转
359
- - **统计图表**: 使用 CSS 绘制变更统计图、风险分布图
360
- - **主题切换**: 支持亮色/暗色主题
361
- - **评论功能**: 可以在代码行上添加评论(存储在 localStorage)
362
- - **标记功能**: 可以标记已审阅/未审阅的文件
363
- - **导出功能**: 导出评审结果为 JSON 或 Markdown
364
-
365
- #### 5.2 HTML 技术要求
366
-
367
- 1. **纯 HTML/CSS/JavaScript**: 不依赖任何外部 CDN 或库
368
- 2. **响应式设计**: 适配不同屏幕尺寸
369
- 3. **高性能**: 大量代码差异时也能流畅滚动
370
- 4. **可访问性**: 支持键盘导航
371
- 5. **打印友好**: 支持导出打印
372
-
373
- #### 5.3 CSS 样式要求
374
-
375
- - 使用现代 CSS(Grid、Flexbox)
376
- - 代码字体使用等宽字体
377
- - 颜色方案协调,适合长时间阅读
378
- - 动画过渡效果自然
379
- - 暗色主题配色参考主流代码编辑器
380
-
381
- ### 第六步:输出报告与后续建议
382
-
383
- **强制输出标题**: `### 第六步:输出评审结果`
384
-
385
- 1. 将 HTML 报告保存到项目根目录下的 `.code-review/` 目录中
386
- 2. 文件名格式: `review-[功能分支名]-[日期].html`
387
- 3. 确保目录存在,不存在则创建:
388
- ```bash
389
- mkdir -p .code-review
390
- ```
391
-
392
- 4. 完成后在终端输出:
393
- ```
394
- ✅ 评审报告已生成:
395
- 📄 报告路径: .code-review/review-[branch]-[date].html
396
-
397
- 📊 评审统计:
398
- - 技术风险: X 个(🔴 X | 🟡 X | 🔵 X | ⚪ X)
399
- - 业务风险: X 个(🔴 X | 🟡 X | 🔵 X)
400
- - 需求覆盖度: X%
401
- - 整体通过率: X%
402
-
403
- 🎯 关键发现:
404
- 1. [最严重的技术风险]
405
- 2. [最严重的业务风险]
406
- 3. [关键改进建议]
407
-
408
- 💡 后续建议:
409
- - 建议优先修复 🔴 严重问题
410
- - 建议补充缺失的业务功能
411
- - 建议合并前解决所有 🟡 警告
412
- ```
413
-
414
- 5. 如果条件允许,自动在浏览器中打开报告
415
-
416
- ---
417
-
418
- ## 输出规范
419
-
420
- ### 必须做到:
421
-
422
- - ✅ 所有代码差异必须完整展示,不可省略
423
- - ✅ 评审意见必须具体,关联到具体代码行
424
- - ✅ HTML 必须是自包含的,复制文件到任何地方都能正常打开
425
- - ✅ 保持代码原有的缩进和格式
426
- - ✅ 中文界面,评审意见使用中文
427
- - ✅ 优先使用本次开发归档到 `.ai-spec/` 的需求文档进行业务审查
428
- - ✅ 如果用户选择需求文档模式,必须进行需求覆盖度审查
429
- - ✅ 如果用户选择项目说明模式,必须基于项目说明和 master 基线进行泛类业务审查
430
- - ✅ 技术风险和业务风险分开展示,但关联到相同代码
431
-
432
- ### 禁止做到:
433
-
434
- - ❌ 不得引用外部 CDN 资源
435
- - ❌ 不得生成不完整的 HTML
436
- - ❌ 不得忽略任何变更文件
437
- - ❌ 不得给出模糊的评审意见(如"代码需要优化")
438
- - ❌ 不得修改任何源代码文件
439
- - ❌ 不得在没有项目说明文档的情况下臆测业务风险
440
-
441
- ---
442
-
443
- ## 风险等级定义
444
-
445
- ### 技术风险等级
446
-
447
- | 等级 | 标识 | 说明 | 处理建议 |
448
- |------|------|------|----------|
449
- | 严重 | 🔴 | 会导致崩溃、安全漏洞、数据丢失 | 必须修复后才能合并 |
450
- | 警告 | 🟡 | 会影响性能、可维护性、用户体验 | 建议修复后合并 |
451
- | 建议 | 🔵 | 代码优化、重构建议 | 可在后续迭代中处理 |
452
- | 提示 | ⚪ | 信息说明、最佳实践提醒 | 可选处理 |
453
-
454
- ### 业务风险等级
455
-
456
- | 等级 | 标识 | 说明 | 处理建议 |
457
- |------|------|------|----------|
458
- | 严重 | 🔴 | 缺失核心功能、业务流程错误 | 必须修复后才能上线 |
459
- | 警告 | 🟡 | 缺少异常场景处理、边界条件遗漏 | 建议补充后上线 |
460
- | 建议 | 🔵 | 体验优化、流程改进 | 可在后续迭代中优化 |
461
-
462
- ---
463
-
464
- ## 示例用法
465
-
466
- ### 示例 1: 技术 + 业务风险分析(项目说明模式)
467
-
468
- ```
469
- 用户: 评审当前分支
470
-
471
- AI: ### 第一步:确认评审上下文
472
-
473
- 请选择本次业务审查的模式:
474
-
475
- 1. 需求文档模式 - 提供本次开发的需求文档,对照需求审查
476
- 2. 项目说明模式 - 基于项目说明文档和 master 基线进行泛类审查
477
-
478
- 请提供需求文档路径(选1时),或直接回车使用项目说明模式(选2):
479
- [用户留空]
480
-
481
- 已读取项目说明: README.md
482
- - 项目定位: 风控管理系统
483
- - 核心能力: 规则引擎、审批流、数据权限
484
- - 关键业务模块: 规则配置、风险预警、审计日志
485
-
486
- ✅ 评审上下文已确认:
487
- - 功能分支: feature/rule-optimization
488
- - 主分支: main
489
- - 审查模式: 项目说明模式
490
- - 评审范围: 技术风险 + 业务风险
491
-
492
- [继续执行技术 + 业务风险分析...]
493
- ```
494
-
495
- ### 示例 2: 技术 + 业务风险分析
496
-
497
- ```
498
- 用户: 评审当前分支,需求文档在 docs/prd-order-module.md
499
-
500
- AI: ### 第一步:确认评审上下文
501
-
502
- 已读取需求文档: docs/prd-order-module.md
503
- - 核心业务目标: 实现完整的订单管理模块
504
- - 关键功能点: 订单创建、支付、退款、订单列表
505
- - 业务约束: 库存不足时不允许下单
506
- - 验收标准: 支持微信/支付宝支付
507
-
508
- ✅ 评审上下文已确认:
509
- - 功能分支: feature/order-module
510
- - 主分支: master
511
- - 需求文档: 已读取
512
- - 评审范围: 技术风险 + 业务风险
513
-
514
- [继续执行技术 + 业务风险分析...]
515
- ```
516
-
517
- ---
518
-
519
- ## 与其他技能的协作
520
-
521
- - **依赖技能**: 无
522
- - **被依赖技能**: `execute-task`(可基于评审结果生成修复任务)
523
- - **配合使用**:
524
- - 评审完成后,可使用 `/spec-update` 更新需求
525
- - 发现问题后,可使用 `execute-task` 创建修复任务
526
- - 修复完成后可再次运行本技能验证
527
-
528
- ---
529
-
530
- ## 版本历史
531
-
532
- - **v1.1.0** (2026-06-26): 支持双模式业务审查(需求文档模式 + 项目说明模式),新增泛类业务审查维度
533
- - **v1.0.0** (2026-06-22): 初始版本,支持技术风险分析、业务风险分析、可视化 HTML 报告生成
1
+ ---
2
+ name: branch-code-reviewer
3
+ description: 分支代码评审专家。将功能分支与主分支(master/main)进行代码比对分析,自动识别技术风险和业务风险,生成可视化HTML评审报告。当需要进行分支间代码评审、合并前代码检查、代码质量分析时使用。
4
+ compatibility: Requires git repository with at least two branches. Supports both requirement documentation mode and project documentation mode for business risk analysis.
5
+ metadata:
6
+ version: "1.1.0"
7
+ openclaw-user-invocable: "true"
8
+ type: flexible
9
+ category: code-review
10
+ tags: ["branch-diff", "code-review", "risk-analysis", "business-risk", "technical-risk", "html-report"]
11
+ ---
12
+
13
+ # 分支代码评审专家 (Branch Code Reviewer)
14
+
15
+ > 本技能专注于**分支间代码差异分析**与**多维度风险识别**,不仅检查技术类风险,还结合需求文档分析业务类风险,最终生成精美的可视化 HTML 评审报告。
16
+
17
+ ## 触发条件
18
+
19
+ 当用户输入以下类似指令时,**必须**强制调用此技能:
20
+
21
+ - "评审当前分支"
22
+ - "对比分支差异"
23
+ - "分析代码风险"
24
+ - "生成评审报告"
25
+ - "检查合并风险"
26
+ - "/branch-review"
27
+
28
+ ## 环境依赖
29
+
30
+ - Git 仓库,至少有两个分支(功能分支 + 主分支)
31
+ - 可选:需求文档路径(用于业务风险分析)
32
+ - 需要文件读写权限以生成 HTML 报告
33
+
34
+ ## 前置要求
35
+
36
+ 1. 必须在 Git 仓库中执行
37
+ 2. 必须确认要对比的两个分支(功能分支 vs 主分支)
38
+ 3. 如果用户提供了需求文档路径,必须读取该文档用于业务风险分析
39
+ 4. 确保 `.code-review/` 目录存在,不存在则创建
40
+
41
+ ---
42
+
43
+ ## 工作流程
44
+
45
+ ### 第一步:确认分支信息与需求文档
46
+
47
+ **强制输出标题**: `### 第一步:确认评审上下文`
48
+
49
+ 1. 获取当前 Git 仓库的分支列表:
50
+ ```bash
51
+ git branch -a
52
+ ```
53
+
54
+ 2. 确认要对比的功能分支和目标分支:
55
+ - 如果用户指定了分支,使用用户指定的分支
56
+ - 如果用户未指定,使用当前分支作为功能分支,自动检测主分支(优先 master,其次 main)
57
+
58
+ 3. **重要**: 首先检查本次开发是否已有需求文档归档:
59
+ ```bash
60
+ # 检查 .ai-spec/ 目录下是否有本次开发的需求文档
61
+ ls .ai-spec/ | grep -E "(spec|proposal|requirement|prd)"
62
+ ```
63
+
64
+ 然后根据情况询问用户:
65
+ ```
66
+ 请选择本次业务审查的模式:
67
+
68
+ 1. 需求文档模式(推荐) - 使用本次开发归档的需求文档进行审查
69
+ - 适用场景:使用 OpenSpec/Superpowers 完成的需求开发,已有需求文档归档到 .ai-spec/
70
+ - 文档路径: [.ai-spec/ 下的需求文档]
71
+
72
+ 2. 外部需求文档 - 提供本次开发的需求文档路径
73
+ - 适用场景:需求文档在其他位置(PRD、用户故事等)
74
+ - 文档路径: [用户输入]
75
+
76
+ 3. 项目说明模式 - 基于项目说明文档和 master 基线进行泛类审查
77
+ - 适用场景:重构、优化、技术债清理等无明确需求文档的场景
78
+
79
+ 请输入选项编号(1/2/3),或直接提供文档路径(默认模式1):
80
+ [用户输入]
81
+ ```
82
+
83
+ 4. 根据用户选择执行:
84
+ - **模式1(归档需求文档)**: 读取 `.ai-spec/` 目录下的需求文档,分析核心业务目标、关键功能点、业务约束与规则、验收标准
85
+ - **模式2(外部需求文档)**: 读取用户提供的需求文档路径,分析核心业务目标、关键功能点、业务约束与规则、验收标准
86
+ - **模式3(项目说明)**: 读取项目说明文档(README.md/PROJECT.md等),提取项目定位、核心能力、关键业务模块、既有业务规则
87
+
88
+ 5. 输出确认信息:
89
+ ```
90
+ ✅ 评审上下文已确认:
91
+ - 功能分支: [branch-name]
92
+ - 主分支: [master/main]
93
+ - 需求文档: [已读取/未提供]
94
+ - 评审范围: [技术风险 + 业务风险 / 仅技术风险]
95
+ ```
96
+
97
+ ### 第二步:获取代码差异与提交历史
98
+
99
+ **强制输出标题**: `### 第二步:收集代码差异数据`
100
+
101
+ 1. 获取两个分支间的完整差异:
102
+ ```bash
103
+ git diff [main-branch]..[feature-branch] > diff-full.patch
104
+ ```
105
+
106
+ 2. 获取文件级别的变更统计:
107
+ ```bash
108
+ git diff --stat [main-branch]..[feature-branch]
109
+ ```
110
+
111
+ 3. 获取每个文件的增删行数统计:
112
+ ```bash
113
+ git diff --numstat [main-branch]..[feature-branch]
114
+ ```
115
+
116
+ 4. 获取功能分支相对于主分支的提交历史:
117
+ ```bash
118
+ git log [main-branch]..[feature-branch] --oneline
119
+ ```
120
+
121
+ 5. 获取变更文件列表:
122
+ ```bash
123
+ git diff --name-status [main-branch]..[feature-branch]
124
+ ```
125
+
126
+ 6. 对于每个变更文件,获取足够的上下文代码(至少前后10行):
127
+ ```bash
128
+ git diff [main-branch]..[feature-branch] -- [file-path]
129
+ ```
130
+
131
+ 7. 输出收集结果:
132
+ ```
133
+ 📊 差异数据已收集:
134
+ - 变更文件数: X
135
+ - 新增行数: +X
136
+ - 删除行数: -X
137
+ - 提交次数: X
138
+ - 变更文件列表: [file1, file2, ...]
139
+ ```
140
+
141
+ ### 第三步:技术类风险代码分析
142
+
143
+ **强制输出标题**: `### 第三步:技术风险分析`
144
+
145
+ 针对每个变更文件进行深度技术分析:
146
+
147
+ #### 3.1 代码质量检查
148
+
149
+ - **命名规范**: 变量、函数、组件命名是否符合项目规范
150
+ - **代码重复度**: 是否存在复制粘贴代码
151
+ - **函数复杂度**: 函数是否过长,圈复杂度是否过高
152
+ - **代码可读性**: 逻辑是否清晰,注释是否充分
153
+
154
+ #### 3.2 潜在技术问题识别
155
+
156
+ - **性能问题**:
157
+ - 不必要的重渲染(React/Vue)
158
+ - 内存泄漏(未清理的监听器、定时器等)
159
+ - 大循环或嵌套循环性能瓶颈
160
+ - 未使用缓存导致重复计算
161
+
162
+ - **安全漏洞**:
163
+ - XSS 攻击风险(未转义的用户输入)
164
+ - SQL/命令注入攻击
165
+ - 敏感信息暴露(硬编码密钥、密码等)
166
+ - CSRF 防护缺失
167
+
168
+ - **错误处理缺失**:
169
+ - Promise 未 catch
170
+ - try-catch 缺失
171
+ - 边界条件未处理
172
+ - 空值/undefined 未检查
173
+
174
+ #### 3.3 最佳实践检查
175
+
176
+ - 设计模式是否恰当
177
+ - API 使用是否正确
178
+ - 是否遵循项目既有规范(参考 `.agents/rules/`)
179
+ - 组件化与模块化程度
180
+ - 测试覆盖率是否足够
181
+
182
+ #### 3.4 技术改进建议
183
+
184
+ 输出具体的:
185
+ - 代码重构建议
186
+ - 性能优化方案
187
+ - 更优的实现方式
188
+ - 代码简化建议
189
+
190
+ ### 第四步:业务类风险分析
191
+
192
+ **强制输出标题**: `### 第四步:业务风险分析`
193
+
194
+ **业务审查的三种模式**:
195
+ 1. **需求文档模式(推荐)**: 使用本次开发归档到 `.ai-spec/` 的需求文档进行审查
196
+ 2. **外部需求文档**: 用户提供本次开发的需求文档路径
197
+ 3. **项目说明模式**: 如果没有需求文档,读取项目说明文档(如 README.md、PROJECT.md、01-项目概述.md等),结合 master 分支的代码基线,进行泛类业务审查
198
+
199
+ #### 4.1 模式一:需求文档覆盖度检查(推荐模式)
200
+
201
+ **优先使用本次开发归档到 `.ai-spec/` 的需求文档**。
202
+
203
+ 对比代码变更与需求文档,检查:
204
+
205
+ - **功能完整性**: 需求文档中的所有功能点是否都已实现
206
+ - **验收标准**: 是否满足需求文档中的验收标准
207
+ - **业务规则**: 代码实现是否符合业务规则
208
+ - **边界场景**: 需求文档中提到的边界场景是否都处理了
209
+
210
+ #### 4.2 模式二:外部需求文档审查
211
+
212
+ 用户提供本次开发的需求文档路径,检查内容同模式一。
213
+
214
+ #### 4.3 模式三:项目说明与基线对比审查(通用模式)
215
+
216
+ **当没有需求文档时,执行此模式**。
217
+
218
+ 1. **读取项目说明文档**:
219
+ - 优先读取: `README.md`、`PROJECT.md`、`01-项目概述.md`、`docs/` 目录下的项目说明
220
+ - 提取信息:
221
+ - 项目定位与核心能力
222
+ - 关键业务模块与功能
223
+ - 技术栈与架构约束
224
+ - 已有的业务规则与流程
225
+
226
+ 2. **对比 master 分支基线**:
227
+ - 分析功能分支相对于 master 的变更范围
228
+ - 识别变更是否影响核心业务流程
229
+ - 检查新增代码是否与项目既有业务逻辑一致
230
+
231
+ 3. **泛类业务审查维度**:
232
+
233
+ - **业务流程完整性**:
234
+ - 关键业务流程是否遗漏(如:创建→审批→执行→归档)
235
+ - 新增功能是否缺少上下游衔接
236
+ - 例如:新增订单创建但缺少支付/退款流程
237
+
238
+ - **状态流转一致性**:
239
+ - 业务状态流转是否符合项目既有模式
240
+ - 是否存在状态跳跃或缺失中间态
241
+ - 例如:订单状态从"待支付"直接到"已完成",缺少"已支付"
242
+
243
+ - **数据约束与一致性**:
244
+ - 数据操作是否符合项目已有的数据约束
245
+ - 关键业务数据是否缺少校验
246
+ - 例如:金额字段缺少精度校验,库存扣减不在事务中
247
+
248
+ - **权限与合规性**:
249
+ - 是否符合项目既有的权限控制模式
250
+ - 敏感操作是否缺少权限校验
251
+ - 例如:未校验用户角色即可删除核心数据
252
+
253
+ - **异常场景处理**:
254
+ - 业务异常是否有降级方案
255
+ - 失败场景是否有补偿机制
256
+ - 例如:支付失败后无回滚逻辑,接口超时无重试
257
+
258
+ - **与既有代码的一致性**:
259
+ - 新增代码是否遵循项目既有的业务抽象
260
+ - 是否重复实现了已有的业务逻辑
261
+ - 例如:项目已有统一的审批流引擎,但新代码自己实现了一套
262
+
263
+ #### 4.3 业务改进建议
264
+
265
+ 根据审查模式输出:
266
+
267
+ **需求文档模式(模式1/2)**:
268
+ - 缺失功能点清单
269
+ - 业务逻辑修正建议
270
+ - 流程补充建议
271
+ - 风险控制建议
272
+ - 需求覆盖度评分
273
+
274
+ **项目说明模式(模式3)**:
275
+ - 与项目既有业务逻辑不一致的代码清单
276
+ - 可能缺失的业务流程环节
277
+ - 建议补充的异常处理场景
278
+ - 可复用的项目既有业务抽象
279
+ - 业务一致性评分
280
+
281
+ ### 第五步:生成可视化 HTML 报告
282
+
283
+ **强制输出标题**: `### 第五步:生成可视化评审报告`
284
+
285
+ 生成一个独立的 HTML 文件(无需外部依赖),包含以下功能模块:
286
+
287
+ #### 5.1 HTML 报告结构
288
+
289
+ ##### 1. 概览面板(Overview Dashboard)
290
+
291
+ ```
292
+ ┌─────────────────────────────────────────────┐
293
+ │ 📊 代码评审报告 - [分支名] vs [主分支名] │
294
+ ├─────────────────────────────────────────────┤
295
+ │ 变更文件数 | 新增行数 | 删除行数 | 修改行数 │
296
+ │ 提交次数 | 技术风险数 | 业务风险数 | 通过率 │
297
+ └─────────────────────────────────────────────┘
298
+ ```
299
+
300
+ ##### 2. 文件导航树(File Tree Navigator)
301
+
302
+ - 左侧显示文件树结构
303
+ - 使用不同颜色/图标标注文件状态(新增/修改/删除)
304
+ - 支持目录折叠/展开
305
+ - 显示每个文件的变更行数统计
306
+ - 点击文件快速跳转到对应差异区域
307
+
308
+ ##### 3. 差异展示区(Diff Viewer)
309
+
310
+ - **并排模式(Side-by-Side)**: 左侧显示旧代码,右侧显示新代码
311
+ - **统一模式(Unified)**: 在同一列中显示差异,使用颜色区分增删
312
+ - 支持两种模式切换
313
+ - 代码语法高亮(根据文件类型)
314
+ - 行号显示
315
+ - 变更行用背景色标注:
316
+ - 绿色: 新增行
317
+ - 红色: 删除行
318
+ - 黄色: 修改行
319
+ - 折叠未变更的代码区域,保留上下文(可点击展开)
320
+
321
+ ##### 4. 技术风险区(Technical Risks)
322
+
323
+ 每个文件的技术评审结果:
324
+
325
+ - 问题按严重程度分级:
326
+ - 🔴 严重(Critical): 必须修复
327
+ - 🟡 警告(Warning): 建议修复
328
+ - 🔵 建议(Suggestion): 可选优化
329
+ - ⚪ 提示(Info): 信息说明
330
+
331
+ - 每个问题包含:
332
+ - 问题描述
333
+ - 风险原因
334
+ - 修复建议
335
+ - 示例代码
336
+ - 关联到具体代码行
337
+
338
+ ##### 5. 业务风险区(Business Risks) - 如果有业务风险分析
339
+
340
+ 业务风险分析结果(需求文档模式或项目说明模式):
341
+
342
+ - 需求覆盖度评分(需求文档模式) / 业务一致性评分(项目说明模式)
343
+ - 缺失功能点清单 / 与既有业务逻辑不一致的代码清单
344
+ - 业务逻辑风险
345
+ - 流程缺失警告
346
+ - 状态不一致问题
347
+ - 数据一致性问题
348
+ - 每个业务风险关联到:
349
+ - 需求文档章节(需求文档模式) / 项目说明文档(项目说明模式)
350
+ - 相关代码文件
351
+ - 风险等级
352
+ - 修复建议
353
+
354
+ ##### 6. 交互功能
355
+
356
+ - **搜索**: 支持全局搜索文件名和代码内容
357
+ - **过滤**: 按文件类型、变更类型、问题严重程度、风险类型(技术/业务)筛选
358
+ - **导航**: 上一个/下一个文件、上一个/下一个问题快速跳转
359
+ - **统计图表**: 使用 CSS 绘制变更统计图、风险分布图
360
+ - **主题切换**: 支持亮色/暗色主题
361
+ - **评论功能**: 可以在代码行上添加评论(存储在 localStorage)
362
+ - **标记功能**: 可以标记已审阅/未审阅的文件
363
+ - **导出功能**: 导出评审结果为 JSON 或 Markdown
364
+
365
+ #### 5.2 HTML 技术要求
366
+
367
+ 1. **纯 HTML/CSS/JavaScript**: 不依赖任何外部 CDN 或库
368
+ 2. **响应式设计**: 适配不同屏幕尺寸
369
+ 3. **高性能**: 大量代码差异时也能流畅滚动
370
+ 4. **可访问性**: 支持键盘导航
371
+ 5. **打印友好**: 支持导出打印
372
+
373
+ #### 5.3 CSS 样式要求
374
+
375
+ - 使用现代 CSS(Grid、Flexbox)
376
+ - 代码字体使用等宽字体
377
+ - 颜色方案协调,适合长时间阅读
378
+ - 动画过渡效果自然
379
+ - 暗色主题配色参考主流代码编辑器
380
+
381
+ ### 第六步:输出报告与后续建议
382
+
383
+ **强制输出标题**: `### 第六步:输出评审结果`
384
+
385
+ 1. 将 HTML 报告保存到项目根目录下的 `.code-review/` 目录中
386
+ 2. 文件名格式: `review-[功能分支名]-[日期].html`
387
+ 3. 确保目录存在,不存在则创建:
388
+ ```bash
389
+ mkdir -p .code-review
390
+ ```
391
+
392
+ 4. 完成后在终端输出:
393
+ ```
394
+ ✅ 评审报告已生成:
395
+ 📄 报告路径: .code-review/review-[branch]-[date].html
396
+
397
+ 📊 评审统计:
398
+ - 技术风险: X 个(🔴 X | 🟡 X | 🔵 X | ⚪ X)
399
+ - 业务风险: X 个(🔴 X | 🟡 X | 🔵 X)
400
+ - 需求覆盖度: X%
401
+ - 整体通过率: X%
402
+
403
+ 🎯 关键发现:
404
+ 1. [最严重的技术风险]
405
+ 2. [最严重的业务风险]
406
+ 3. [关键改进建议]
407
+
408
+ 💡 后续建议:
409
+ - 建议优先修复 🔴 严重问题
410
+ - 建议补充缺失的业务功能
411
+ - 建议合并前解决所有 🟡 警告
412
+ ```
413
+
414
+ 5. 如果条件允许,自动在浏览器中打开报告
415
+
416
+ ---
417
+
418
+ ## 输出规范
419
+
420
+ ### 必须做到:
421
+
422
+ - ✅ 所有代码差异必须完整展示,不可省略
423
+ - ✅ 评审意见必须具体,关联到具体代码行
424
+ - ✅ HTML 必须是自包含的,复制文件到任何地方都能正常打开
425
+ - ✅ 保持代码原有的缩进和格式
426
+ - ✅ 中文界面,评审意见使用中文
427
+ - ✅ 优先使用本次开发归档到 `.ai-spec/` 的需求文档进行业务审查
428
+ - ✅ 如果用户选择需求文档模式,必须进行需求覆盖度审查
429
+ - ✅ 如果用户选择项目说明模式,必须基于项目说明和 master 基线进行泛类业务审查
430
+ - ✅ 技术风险和业务风险分开展示,但关联到相同代码
431
+
432
+ ### 禁止做到:
433
+
434
+ - ❌ 不得引用外部 CDN 资源
435
+ - ❌ 不得生成不完整的 HTML
436
+ - ❌ 不得忽略任何变更文件
437
+ - ❌ 不得给出模糊的评审意见(如"代码需要优化")
438
+ - ❌ 不得修改任何源代码文件
439
+ - ❌ 不得在没有项目说明文档的情况下臆测业务风险
440
+
441
+ ---
442
+
443
+ ## 风险等级定义
444
+
445
+ ### 技术风险等级
446
+
447
+ | 等级 | 标识 | 说明 | 处理建议 |
448
+ |------|------|------|----------|
449
+ | 严重 | 🔴 | 会导致崩溃、安全漏洞、数据丢失 | 必须修复后才能合并 |
450
+ | 警告 | 🟡 | 会影响性能、可维护性、用户体验 | 建议修复后合并 |
451
+ | 建议 | 🔵 | 代码优化、重构建议 | 可在后续迭代中处理 |
452
+ | 提示 | ⚪ | 信息说明、最佳实践提醒 | 可选处理 |
453
+
454
+ ### 业务风险等级
455
+
456
+ | 等级 | 标识 | 说明 | 处理建议 |
457
+ |------|------|------|----------|
458
+ | 严重 | 🔴 | 缺失核心功能、业务流程错误 | 必须修复后才能上线 |
459
+ | 警告 | 🟡 | 缺少异常场景处理、边界条件遗漏 | 建议补充后上线 |
460
+ | 建议 | 🔵 | 体验优化、流程改进 | 可在后续迭代中优化 |
461
+
462
+ ---
463
+
464
+ ## 示例用法
465
+
466
+ ### 示例 1: 技术 + 业务风险分析(项目说明模式)
467
+
468
+ ```
469
+ 用户: 评审当前分支
470
+
471
+ AI: ### 第一步:确认评审上下文
472
+
473
+ 请选择本次业务审查的模式:
474
+
475
+ 1. 需求文档模式 - 提供本次开发的需求文档,对照需求审查
476
+ 2. 项目说明模式 - 基于项目说明文档和 master 基线进行泛类审查
477
+
478
+ 请提供需求文档路径(选1时),或直接回车使用项目说明模式(选2):
479
+ [用户留空]
480
+
481
+ 已读取项目说明: README.md
482
+ - 项目定位: 风控管理系统
483
+ - 核心能力: 规则引擎、审批流、数据权限
484
+ - 关键业务模块: 规则配置、风险预警、审计日志
485
+
486
+ ✅ 评审上下文已确认:
487
+ - 功能分支: feature/rule-optimization
488
+ - 主分支: main
489
+ - 审查模式: 项目说明模式
490
+ - 评审范围: 技术风险 + 业务风险
491
+
492
+ [继续执行技术 + 业务风险分析...]
493
+ ```
494
+
495
+ ### 示例 2: 技术 + 业务风险分析
496
+
497
+ ```
498
+ 用户: 评审当前分支,需求文档在 docs/prd-order-module.md
499
+
500
+ AI: ### 第一步:确认评审上下文
501
+
502
+ 已读取需求文档: docs/prd-order-module.md
503
+ - 核心业务目标: 实现完整的订单管理模块
504
+ - 关键功能点: 订单创建、支付、退款、订单列表
505
+ - 业务约束: 库存不足时不允许下单
506
+ - 验收标准: 支持微信/支付宝支付
507
+
508
+ ✅ 评审上下文已确认:
509
+ - 功能分支: feature/order-module
510
+ - 主分支: master
511
+ - 需求文档: 已读取
512
+ - 评审范围: 技术风险 + 业务风险
513
+
514
+ [继续执行技术 + 业务风险分析...]
515
+ ```
516
+
517
+ ---
518
+
519
+ ## 与其他技能的协作
520
+
521
+ - **依赖技能**: 无
522
+ - **被依赖技能**: `execute-task`(可基于评审结果生成修复任务)
523
+ - **配合使用**:
524
+ - 评审完成后,可使用 `/spec-update` 更新需求
525
+ - 发现问题后,可使用 `execute-task` 创建修复任务
526
+ - 修复完成后可再次运行本技能验证
527
+
528
+ ---
529
+
530
+ ## 版本历史
531
+
532
+ - **v1.1.0** (2026-06-26): 支持双模式业务审查(需求文档模式 + 项目说明模式),新增泛类业务审查维度
533
+ - **v1.0.0** (2026-06-22): 初始版本,支持技术风险分析、业务风险分析、可视化 HTML 报告生成