@gong-ym/ai-spec-auto 0.2.3
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/.agents/commands/README.md +33 -0
- package/.agents/commands/claude/spec-start-review.md +88 -0
- package/.agents/commands/codex/spec-continue.md +74 -0
- package/.agents/commands/codex/spec-orchestrate.md +35 -0
- package/.agents/commands/codex/spec-start-review.md +88 -0
- package/.agents/commands/codex/spec-start.md +67 -0
- package/.agents/commands/codex/spec-status.md +22 -0
- package/.agents/commands/codex/spec-stop.md +29 -0
- package/.agents/commands/codex/spec-update.md +40 -0
- package/.agents/commands/common/branch-review.md +117 -0
- package/.agents/commands/common/project-init.md +25 -0
- package/.agents/commands/common/spec-continue.md +74 -0
- package/.agents/commands/common/spec-orchestrate.md +35 -0
- package/.agents/commands/common/spec-start-review.md +82 -0
- package/.agents/commands/common/spec-start.md +67 -0
- package/.agents/commands/common/spec-status.md +22 -0
- package/.agents/commands/common/spec-stop.md +29 -0
- package/.agents/commands/common/spec-update.md +40 -0
- package/.agents/commands/cursor/opsx-apply.md +55 -0
- package/.agents/commands/cursor/opsx-archive.md +48 -0
- package/.agents/commands/cursor/opsx-explore.md +45 -0
- package/.agents/commands/cursor/opsx-propose.md +59 -0
- package/.agents/commands/cursor/spec-continue.md +63 -0
- package/.agents/commands/cursor/spec-orchestrate.md +53 -0
- package/.agents/commands/cursor/spec-start-review.md +78 -0
- package/.agents/commands/cursor/spec-start.md +59 -0
- package/.agents/commands/cursor/spec-status.md +30 -0
- package/.agents/commands/cursor/spec-stop.md +29 -0
- package/.agents/commands/cursor/spec-update.md +41 -0
- package/.agents/flows/FRONTMATTER.md +263 -0
- package/.agents/flows/RUN_OUTPUT.md +263 -0
- package/.agents/flows/common/README.md +29 -0
- package/.agents/flows/common/bugfix-to-verification.md +95 -0
- package/.agents/flows/common/change-to-architecture-review.md +89 -0
- package/.agents/flows/common/change-to-release.md +94 -0
- package/.agents/flows/common/prd-to-delivery.md +184 -0
- package/.agents/flows/common/requirement-to-observability.md +97 -0
- package/.agents/orchestration/README.md +22 -0
- package/.agents/orchestration/expert-dispatch-spec.md +155 -0
- package/.agents/orchestration/expert-executor-spec.md +84 -0
- package/.agents/orchestration/expert-runtime-action-spec.md +73 -0
- package/.agents/orchestration/runtime-state-handoff-spec.md +264 -0
- package/.agents/orchestration/task-anchor-spec.md +212 -0
- package/.agents/orchestration/task-orchestrator-adapter-payload.md +153 -0
- package/.agents/orchestration/task-orchestrator-bootstrap-payload.md +145 -0
- package/.agents/orchestration/task-orchestrator-output-extractor-spec.md +93 -0
- package/.agents/orchestration/task-orchestrator-run-plan-template.md +312 -0
- package/.agents/orchestration/task-orchestrator-runtime-hooks.md +214 -0
- package/.agents/registry/README.md +63 -0
- package/.agents/registry/flows.json +125 -0
- package/.agents/registry/profiles.json +101 -0
- package/.agents/registry/roles.json +1266 -0
- package/.agents/registry/rules.json +148 -0
- package/.agents/registry/scenario-packages.json +123 -0
- package/.agents/registry/skills.json +130 -0
- package/.agents/roles/INDEX.md +346 -0
- package/.agents/roles/common/README.md +76 -0
- package/.agents/roles/common/archive-change.md +80 -0
- package/.agents/roles/common/backend-implementer.md +92 -0
- package/.agents/roles/common/code-guardian.md +151 -0
- package/.agents/roles/common/frontend-implementer.md +146 -0
- package/.agents/roles/common/requirement-analyst.md +138 -0
- package/.agents/roles/common/task-orchestrator-routing.md +301 -0
- package/.agents/roles/common/task-orchestrator.md +224 -0
- package/.agents/roles/common/tooling-implementer.md +92 -0
- package/.agents/roles/domains/README.md +35 -0
- package/.agents/roles/domains/delivery/README.md +11 -0
- package/.agents/roles/domains/delivery/container-specialist.md +50 -0
- package/.agents/roles/domains/delivery/deployment-specialist.md +50 -0
- package/.agents/roles/domains/delivery/pipeline-specialist.md +50 -0
- package/.agents/roles/domains/demand-design/README.md +16 -0
- package/.agents/roles/domains/demand-design/api-contract-specialist.md +52 -0
- package/.agents/roles/domains/demand-design/design-collaborator.md +58 -0
- package/.agents/roles/domains/documentation/README.md +11 -0
- package/.agents/roles/domains/documentation/api-doc-specialist.md +50 -0
- package/.agents/roles/domains/documentation/component-doc-specialist.md +49 -0
- package/.agents/roles/domains/documentation/technical-writing-specialist.md +48 -0
- package/.agents/roles/domains/engineering/README.md +17 -0
- package/.agents/roles/domains/engineering/architecture-advisor.md +53 -0
- package/.agents/roles/domains/engineering/build-specialist.md +51 -0
- package/.agents/roles/domains/engineering/dependency-governor.md +52 -0
- package/.agents/roles/domains/governance/README.md +17 -0
- package/.agents/roles/domains/governance/api-governance-specialist.md +51 -0
- package/.agents/roles/domains/governance/lint-policy-specialist.md +49 -0
- package/.agents/roles/domains/governance/route-governance-specialist.md +52 -0
- package/.agents/roles/domains/observability/README.md +11 -0
- package/.agents/roles/domains/observability/error-tracker.md +50 -0
- package/.agents/roles/domains/observability/event-instrumentation-specialist.md +51 -0
- package/.agents/roles/domains/observability/rum-analyst.md +50 -0
- package/.agents/roles/domains/performance/README.md +11 -0
- package/.agents/roles/domains/performance/asset-optimizer.md +50 -0
- package/.agents/roles/domains/performance/performance-auditor.md +56 -0
- package/.agents/roles/domains/performance/vitals-analyst.md +50 -0
- package/.agents/roles/domains/security-a11y/README.md +11 -0
- package/.agents/roles/domains/security-a11y/a11y-auditor.md +50 -0
- package/.agents/roles/domains/security-a11y/aria-specialist.md +51 -0
- package/.agents/roles/domains/security-a11y/security-reviewer.md +49 -0
- package/.agents/roles/domains/testing/README.md +12 -0
- package/.agents/roles/domains/testing/coverage-analyst.md +50 -0
- package/.agents/roles/domains/testing/e2e-test-specialist.md +51 -0
- package/.agents/roles/domains/testing/unit-test-specialist.md +56 -0
- package/.agents/roles/domains/testing/verification-reviewer.md +67 -0
- package/.agents/rules/README.md +87 -0
- package/.agents/rules/common/02-/347/274/226/347/240/201/350/247/204/350/214/203.md +45 -0
- package/.agents/rules/common/08-/351/200/232/347/224/250/347/272/246/346/235/237.md +63 -0
- package/.agents/rules/common/10-/346/226/207/346/241/243/350/247/204/350/214/203.md +101 -0
- package/.agents/rules/common/12-Superpowers/346/211/247/350/241/214/350/247/204/350/214/203.md +46 -0
- package/.agents/rules/common/14-/345/256/241/350/256/241/346/261/207/346/212/245/350/247/204/350/214/203.md +107 -0
- package/.agents/rules/common/15-visual-gate-wait.md +90 -0
- package/.agents/rules/profiles/nestjs/01-/351/241/271/347/233/256/346/246/202/350/277/260.md +27 -0
- package/.agents/rules/profiles/nestjs/03-/351/241/271/347/233/256/347/273/223/346/236/204.md +20 -0
- package/.agents/rules/profiles/nestjs/04-/346/250/241/345/235/227/347/273/223/346/236/204/350/247/204/350/214/203.md +24 -0
- package/.agents/rules/profiles/nestjs/05-/346/216/245/345/217/243/344/270/216/345/245/221/347/272/246/350/247/204/350/214/203.md +24 -0
- package/.agents/rules/profiles/nestjs/06-/346/225/260/346/215/256/350/256/277/351/227/256/350/247/204/350/214/203.md +24 -0
- package/.agents/rules/profiles/nestjs/07-/351/205/215/347/275/256/344/270/216/350/277/220/350/241/214/346/227/266/350/247/204/350/214/203.md +20 -0
- package/.agents/rules/profiles/nestjs/09-/345/274/202/345/270/270/344/270/216/346/227/245/345/277/227/350/247/204/350/214/203.md +20 -0
- package/.agents/rules/profiles/nestjs/11-/346/265/213/350/257/225/350/247/204/350/214/203.md +24 -0
- package/.agents/rules/profiles/nestjs/13-/344/273/243/347/240/201/346/240/274/345/274/217/345/214/226/344/270/216/346/243/200/346/237/245.md +20 -0
- package/.agents/rules/profiles/node-tooling/01-/351/241/271/347/233/256/346/246/202/350/277/260.md +30 -0
- package/.agents/rules/profiles/node-tooling/03-/351/241/271/347/233/256/347/273/223/346/236/204.md +37 -0
- package/.agents/rules/profiles/node-tooling/04-CLI/344/270/216/346/250/241/345/235/227/350/247/204/350/214/203.md +42 -0
- package/.agents/rules/profiles/node-tooling/05-Contract/344/270/216Schema/350/247/204/350/214/203.md +42 -0
- package/.agents/rules/profiles/node-tooling/06-/350/277/220/350/241/214/346/227/266/346/226/207/344/273/266/350/247/204/350/214/203.md +30 -0
- package/.agents/rules/profiles/node-tooling/07-/346/227/245/345/277/227/344/270/216/351/224/231/350/257/257/345/244/204/347/220/206/350/247/204/350/214/203.md +60 -0
- package/.agents/rules/profiles/node-tooling/09-/350/204/232/346/234/254/344/270/216/345/205/245/345/217/243/350/247/204/350/214/203.md +45 -0
- package/.agents/rules/profiles/node-tooling/11-/346/265/213/350/257/225/350/247/204/350/214/203.md +41 -0
- package/.agents/rules/profiles/node-tooling/13-/344/273/243/347/240/201/346/240/274/345/274/217/345/214/226/344/270/216/346/243/200/346/237/245.md +55 -0
- package/.agents/rules/profiles/react/01-/351/241/271/347/233/256/346/246/202/350/277/260.md +29 -0
- package/.agents/rules/profiles/react/03-/351/241/271/347/233/256/347/273/223/346/236/204.md +104 -0
- package/.agents/rules/profiles/react/04-/347/273/204/344/273/266/350/247/204/350/214/203.md +46 -0
- package/.agents/rules/profiles/react/05-API/350/247/204/350/214/203.md +67 -0
- package/.agents/rules/profiles/react/06-/350/267/257/347/224/261/350/247/204/350/214/203.md +54 -0
- package/.agents/rules/profiles/react/07-/347/212/266/346/200/201/347/256/241/347/220/206.md +226 -0
- package/.agents/rules/profiles/react/09-/346/240/267/345/274/217/350/247/204/350/214/203.md +71 -0
- package/.agents/rules/profiles/react/11-/346/265/213/350/257/225/350/247/204/350/214/203.md +80 -0
- package/.agents/rules/profiles/react/13-/344/273/243/347/240/201/346/240/274/345/274/217/345/214/226/344/270/216/346/243/200/346/237/245.md +159 -0
- package/.agents/rules/profiles/springboot/01-/351/241/271/347/233/256/346/246/202/350/277/260.md +31 -0
- package/.agents/rules/profiles/springboot/03-/351/241/271/347/233/256/347/273/223/346/236/204.md +37 -0
- package/.agents/rules/profiles/springboot/04-/345/210/206/345/261/202/350/247/204/350/214/203.md +33 -0
- package/.agents/rules/profiles/springboot/05-/346/216/245/345/217/243/344/270/216/345/245/221/347/272/246/350/247/204/350/214/203.md +51 -0
- package/.agents/rules/profiles/springboot/06-/346/225/260/346/215/256/350/256/277/351/227/256/350/247/204/350/214/203.md +34 -0
- package/.agents/rules/profiles/springboot/07-/351/205/215/347/275/256/344/270/216/350/277/220/350/241/214/346/227/266/350/247/204/350/214/203.md +38 -0
- package/.agents/rules/profiles/springboot/09-/345/274/202/345/270/270/344/270/216/346/227/245/345/277/227/350/247/204/350/214/203.md +48 -0
- package/.agents/rules/profiles/springboot/11-/346/265/213/350/257/225/350/247/204/350/214/203.md +43 -0
- package/.agents/rules/profiles/springboot/13-/344/273/243/347/240/201/346/240/274/345/274/217/345/214/226/344/270/216/346/243/200/346/237/245.md +48 -0
- package/.agents/rules/profiles/vue/01-/351/241/271/347/233/256/346/246/202/350/277/260.md +47 -0
- package/.agents/rules/profiles/vue/03-/351/241/271/347/233/256/347/273/223/346/236/204.md +106 -0
- package/.agents/rules/profiles/vue/04-/347/273/204/344/273/266/350/247/204/350/214/203.md +61 -0
- package/.agents/rules/profiles/vue/05-API/350/247/204/350/214/203.md +67 -0
- package/.agents/rules/profiles/vue/06-/350/267/257/347/224/261/350/247/204/350/214/203.md +69 -0
- package/.agents/rules/profiles/vue/07-/347/212/266/346/200/201/347/256/241/347/220/206.md +93 -0
- package/.agents/rules/profiles/vue/09-/346/240/267/345/274/217/350/247/204/350/214/203.md +67 -0
- package/.agents/rules/profiles/vue/11-/346/265/213/350/257/225/350/247/204/350/214/203.md +80 -0
- package/.agents/rules/profiles/vue/13-/344/273/243/347/240/201/346/240/274/345/274/217/345/214/226/344/270/216/346/243/200/346/237/245.md +159 -0
- package/.agents/skills/README.md +171 -0
- package/.agents/skills/common/archive-change/SKILL.md +180 -0
- package/.agents/skills/common/branch-code-reviewer/SKILL.md +459 -0
- package/.agents/skills/common/branch-code-reviewer/references/business-risk-guide.md +293 -0
- package/.agents/skills/common/branch-code-reviewer/references/html-template-guide.md +121 -0
- package/.agents/skills/common/config-and-secret-scan/SKILL.md +99 -0
- package/.agents/skills/common/create-proposal/SKILL.md +192 -0
- package/.agents/skills/common/create-proposal/evals/evals.json +16 -0
- package/.agents/skills/common/create-proposal/evals/train_queries.json +18 -0
- package/.agents/skills/common/create-proposal/evals/validation_queries.json +18 -0
- package/.agents/skills/common/create-proposal/references/interaction-spec-template.md +42 -0
- package/.agents/skills/common/create-test/SKILL.md +292 -0
- package/.agents/skills/common/dependency-impact-graph/SKILL.md +80 -0
- package/.agents/skills/common/execute-task/SKILL.md +206 -0
- package/.agents/skills/common/execute-task/evals/evals.json +16 -0
- package/.agents/skills/common/execute-task/evals/train_queries.json +18 -0
- package/.agents/skills/common/execute-task/evals/validation_queries.json +18 -0
- package/.agents/skills/common/find-skills/SKILL.md +144 -0
- package/.agents/skills/common/install-ai-spec-auto/SKILL.md +260 -0
- package/.agents/skills/common/install-ai-spec-auto/evals/evals.json +17 -0
- package/.agents/skills/common/install-ai-spec-auto/evals/train_queries.json +18 -0
- package/.agents/skills/common/install-ai-spec-auto/evals/validation_queries.json +18 -0
- package/.agents/skills/common/project-init/SKILL.md +178 -0
- package/.agents/skills/common/project-init/evals/evals.json +16 -0
- package/.agents/skills/common/project-init/evals/train_queries.json +18 -0
- package/.agents/skills/common/project-init/evals/validation_queries.json +18 -0
- package/.agents/skills/common/project-init/references/custom-rule-generation.md +89 -0
- package/.agents/skills/common/project-init/references/deep-scan-rules.md +67 -0
- package/.agents/skills/common/project-init/references/output-contracts.md +71 -0
- package/.agents/skills/common/project-init/references/repo-fact-gathering.md +83 -0
- package/.agents/skills/common/project-init/references/scope-resolution.md +76 -0
- package/.agents/skills/common/project-init/scripts/inspect-project.js +112 -0
- package/.agents/skills/common/skill-creator/LICENSE.txt +202 -0
- package/.agents/skills/common/skill-creator/SKILL.md +370 -0
- package/.agents/skills/common/skill-creator/evals/evals.json +16 -0
- package/.agents/skills/common/skill-creator/evals/train_queries.json +18 -0
- package/.agents/skills/common/skill-creator/evals/validation_queries.json +18 -0
- package/.agents/skills/common/skill-creator/references/output-patterns.md +82 -0
- package/.agents/skills/common/skill-creator/references/workflows.md +28 -0
- package/.agents/skills/common/skill-creator/scripts/init_skill.py +209 -0
- package/.agents/skills/common/skill-creator/scripts/package_skill.py +110 -0
- package/.agents/skills/common/skill-creator/scripts/quick_validate.py +51 -0
- package/.agents/skills/common/skill-optimizer/SKILL.md +102 -0
- package/.agents/skills/common/skill-optimizer/evals/evals.json +16 -0
- package/.agents/skills/common/skill-optimizer/evals/train_queries.json +18 -0
- package/.agents/skills/common/skill-optimizer/evals/validation_queries.json +18 -0
- package/.agents/skills/common/skill-optimizer/references/design-patterns.md +26 -0
- package/.agents/skills/common/skill-optimizer/references/review-checklist.md +22 -0
- package/.agents/skills/common/using-superpowers/SKILL.md +151 -0
- package/.agents/skills/common/wait-for-gate-signal/SKILL.md +85 -0
- package/.agents/skills/domains/README.md +19 -0
- package/.agents/skills/domains/ui-ux-pro-max/SKILL.md +58 -0
- package/.agents/skills/domains/web/design-analysis/SKILL.md +89 -0
- package/.agents/skills/domains/web/design-analysis/rules/analysis-order.md +61 -0
- package/.agents/skills/domains/web/design-analysis/rules/analysis-priorities.md +136 -0
- package/.agents/skills/domains/web/design-analysis/rules/checklist-common-misses.md +107 -0
- package/.agents/skills/domains/web/design-analysis/rules/implementation-common-errors.md +204 -0
- package/.agents/skills/domains/web/design-analysis/rules/implementation-guidelines.md +211 -0
- package/.agents/skills/domains/web/design-analysis/rules/output-analysis-checklist.md +247 -0
- package/.agents/skills/domains/web/design-analysis/rules/tools-design-guidelines.md +108 -0
- package/.agents/skills/domains/web/design-analysis/rules/workflow-element-extraction.md +162 -0
- package/.agents/skills/domains/web/design-analysis/rules/workflow-layout-map.md +131 -0
- package/.agents/skills/domains/web/design-analysis/rules/workflow-output-checklist.md +70 -0
- package/.agents/skills/domains/web/design-analysis/rules/workflow-style-summary.md +91 -0
- package/.agents/skills/domains/web/route-permission-map/SKILL.md +103 -0
- package/.agents/skills/domains/web/ui-verification/SKILL.md +114 -0
- package/.agents/skills/domains/web/ui-verification/evals/evals.json +16 -0
- package/.agents/skills/domains/web/ui-verification/evals/train_queries.json +18 -0
- package/.agents/skills/domains/web/ui-verification/evals/validation_queries.json +18 -0
- package/.agents/skills/domains/web/ui-verification/rules/comparison-content-image.md +34 -0
- package/.agents/skills/domains/web/ui-verification/rules/comparison-content-text.md +30 -0
- package/.agents/skills/domains/web/ui-verification/rules/comparison-hierarchy.md +33 -0
- package/.agents/skills/domains/web/ui-verification/rules/comparison-layout.md +35 -0
- package/.agents/skills/domains/web/ui-verification/rules/errors-alignment.md +42 -0
- package/.agents/skills/domains/web/ui-verification/rules/errors-button-dimensions.md +28 -0
- package/.agents/skills/domains/web/ui-verification/rules/errors-button-position.md +25 -0
- package/.agents/skills/domains/web/ui-verification/rules/errors-css-priority.md +50 -0
- package/.agents/skills/domains/web/ui-verification/rules/errors-flex-column-width.md +46 -0
- package/.agents/skills/domains/web/ui-verification/rules/errors-flex-layout.md +46 -0
- package/.agents/skills/domains/web/ui-verification/rules/errors-grid-container-width.md +44 -0
- package/.agents/skills/domains/web/ui-verification/rules/errors-page-container-width.md +39 -0
- package/.agents/skills/domains/web/ui-verification/rules/tools-browser-navigation.md +53 -0
- package/.agents/skills/domains/web/ui-verification/rules/tools-design-guidelines.md +53 -0
- package/.agents/skills/domains/web/ui-verification/rules/workflow-checklist.md +27 -0
- package/.agents/skills/domains/web/ui-verification/rules/workflow-problem-list.md +56 -0
- package/.agents/skills/domains/web/ui-verification/rules/workflow-reflection.md +44 -0
- package/.agents/skills/domains/web/ui-verification/rules/writing-alignment.md +44 -0
- package/.agents/skills/domains/web/ui-verification/rules/writing-element-completeness.md +63 -0
- package/.agents/skills/domains/web/ui-verification/rules/writing-list-layout.md +75 -0
- package/.agents/skills/domains/web/ui-verification/rules/writing-page-container-width.md +37 -0
- package/.agents/skills/domains/web/web-design-guidelines/SKILL.md +40 -0
- package/.agents/skills/profiles/nestjs/README.md +4 -0
- package/.agents/skills/profiles/node-tooling/README.md +9 -0
- package/.agents/skills/profiles/react/create-api/SKILL.md +145 -0
- package/.agents/skills/profiles/react/create-component/SKILL.md +160 -0
- package/.agents/skills/profiles/react/create-route/SKILL.md +168 -0
- package/.agents/skills/profiles/react/create-store/SKILL.md +262 -0
- package/.agents/skills/profiles/react/theme-variables/SKILL.md +82 -0
- package/.agents/skills/profiles/react/vercel-composition-patterns/AGENTS.md +899 -0
- package/.agents/skills/profiles/react/vercel-composition-patterns/SKILL.md +81 -0
- package/.agents/skills/profiles/react/vercel-composition-patterns/rules/architecture-avoid-boolean-props.md +100 -0
- package/.agents/skills/profiles/react/vercel-composition-patterns/rules/architecture-compound-components.md +112 -0
- package/.agents/skills/profiles/react/vercel-composition-patterns/rules/patterns-children-over-render-props.md +87 -0
- package/.agents/skills/profiles/react/vercel-composition-patterns/rules/patterns-explicit-variants.md +100 -0
- package/.agents/skills/profiles/react/vercel-composition-patterns/rules/state-context-interface.md +191 -0
- package/.agents/skills/profiles/react/vercel-composition-patterns/rules/state-decouple-implementation.md +113 -0
- package/.agents/skills/profiles/react/vercel-composition-patterns/rules/state-lift-state.md +125 -0
- package/.agents/skills/profiles/react/vercel-react-best-practices/AGENTS.md +2934 -0
- package/.agents/skills/profiles/react/vercel-react-best-practices/SKILL.md +136 -0
- package/.agents/skills/profiles/react/vercel-react-best-practices/rules/advanced-event-handler-refs.md +55 -0
- package/.agents/skills/profiles/react/vercel-react-best-practices/rules/advanced-init-once.md +42 -0
- package/.agents/skills/profiles/react/vercel-react-best-practices/rules/advanced-use-latest.md +39 -0
- package/.agents/skills/profiles/react/vercel-react-best-practices/rules/async-api-routes.md +38 -0
- package/.agents/skills/profiles/react/vercel-react-best-practices/rules/async-defer-await.md +80 -0
- package/.agents/skills/profiles/react/vercel-react-best-practices/rules/async-dependencies.md +51 -0
- package/.agents/skills/profiles/react/vercel-react-best-practices/rules/async-parallel.md +28 -0
- package/.agents/skills/profiles/react/vercel-react-best-practices/rules/async-suspense-boundaries.md +99 -0
- package/.agents/skills/profiles/react/vercel-react-best-practices/rules/bundle-barrel-imports.md +59 -0
- package/.agents/skills/profiles/react/vercel-react-best-practices/rules/bundle-conditional.md +31 -0
- package/.agents/skills/profiles/react/vercel-react-best-practices/rules/bundle-defer-third-party.md +49 -0
- package/.agents/skills/profiles/react/vercel-react-best-practices/rules/bundle-dynamic-imports.md +35 -0
- package/.agents/skills/profiles/react/vercel-react-best-practices/rules/bundle-preload.md +50 -0
- package/.agents/skills/profiles/react/vercel-react-best-practices/rules/client-event-listeners.md +74 -0
- package/.agents/skills/profiles/react/vercel-react-best-practices/rules/client-localstorage-schema.md +71 -0
- package/.agents/skills/profiles/react/vercel-react-best-practices/rules/client-passive-event-listeners.md +48 -0
- package/.agents/skills/profiles/react/vercel-react-best-practices/rules/client-swr-dedup.md +56 -0
- package/.agents/skills/profiles/react/vercel-react-best-practices/rules/js-batch-dom-css.md +107 -0
- package/.agents/skills/profiles/react/vercel-react-best-practices/rules/js-cache-function-results.md +80 -0
- package/.agents/skills/profiles/react/vercel-react-best-practices/rules/js-cache-property-access.md +28 -0
- package/.agents/skills/profiles/react/vercel-react-best-practices/rules/js-cache-storage.md +70 -0
- package/.agents/skills/profiles/react/vercel-react-best-practices/rules/js-combine-iterations.md +32 -0
- package/.agents/skills/profiles/react/vercel-react-best-practices/rules/js-early-exit.md +50 -0
- package/.agents/skills/profiles/react/vercel-react-best-practices/rules/js-hoist-regexp.md +45 -0
- package/.agents/skills/profiles/react/vercel-react-best-practices/rules/js-index-maps.md +37 -0
- package/.agents/skills/profiles/react/vercel-react-best-practices/rules/js-length-check-first.md +49 -0
- package/.agents/skills/profiles/react/vercel-react-best-practices/rules/js-min-max-loop.md +82 -0
- package/.agents/skills/profiles/react/vercel-react-best-practices/rules/js-set-map-lookups.md +24 -0
- package/.agents/skills/profiles/react/vercel-react-best-practices/rules/js-tosorted-immutable.md +57 -0
- package/.agents/skills/profiles/react/vercel-react-best-practices/rules/rendering-activity.md +26 -0
- package/.agents/skills/profiles/react/vercel-react-best-practices/rules/rendering-animate-svg-wrapper.md +47 -0
- package/.agents/skills/profiles/react/vercel-react-best-practices/rules/rendering-conditional-render.md +40 -0
- package/.agents/skills/profiles/react/vercel-react-best-practices/rules/rendering-content-visibility.md +38 -0
- package/.agents/skills/profiles/react/vercel-react-best-practices/rules/rendering-hoist-jsx.md +46 -0
- package/.agents/skills/profiles/react/vercel-react-best-practices/rules/rendering-hydration-no-flicker.md +82 -0
- package/.agents/skills/profiles/react/vercel-react-best-practices/rules/rendering-hydration-suppress-warning.md +30 -0
- package/.agents/skills/profiles/react/vercel-react-best-practices/rules/rendering-svg-precision.md +28 -0
- package/.agents/skills/profiles/react/vercel-react-best-practices/rules/rendering-usetransition-loading.md +75 -0
- package/.agents/skills/profiles/react/vercel-react-best-practices/rules/rerender-defer-reads.md +39 -0
- package/.agents/skills/profiles/react/vercel-react-best-practices/rules/rerender-dependencies.md +45 -0
- package/.agents/skills/profiles/react/vercel-react-best-practices/rules/rerender-derived-state-no-effect.md +40 -0
- package/.agents/skills/profiles/react/vercel-react-best-practices/rules/rerender-derived-state.md +29 -0
- package/.agents/skills/profiles/react/vercel-react-best-practices/rules/rerender-functional-setstate.md +74 -0
- package/.agents/skills/profiles/react/vercel-react-best-practices/rules/rerender-lazy-state-init.md +58 -0
- package/.agents/skills/profiles/react/vercel-react-best-practices/rules/rerender-memo-with-default-value.md +38 -0
- package/.agents/skills/profiles/react/vercel-react-best-practices/rules/rerender-memo.md +44 -0
- package/.agents/skills/profiles/react/vercel-react-best-practices/rules/rerender-move-effect-to-event.md +45 -0
- package/.agents/skills/profiles/react/vercel-react-best-practices/rules/rerender-simple-expression-in-memo.md +35 -0
- package/.agents/skills/profiles/react/vercel-react-best-practices/rules/rerender-transitions.md +40 -0
- package/.agents/skills/profiles/react/vercel-react-best-practices/rules/rerender-use-ref-transient-values.md +73 -0
- package/.agents/skills/profiles/react/vercel-react-best-practices/rules/server-after-nonblocking.md +73 -0
- package/.agents/skills/profiles/react/vercel-react-best-practices/rules/server-auth-actions.md +96 -0
- package/.agents/skills/profiles/react/vercel-react-best-practices/rules/server-cache-lru.md +41 -0
- package/.agents/skills/profiles/react/vercel-react-best-practices/rules/server-cache-react.md +76 -0
- package/.agents/skills/profiles/react/vercel-react-best-practices/rules/server-dedup-props.md +65 -0
- package/.agents/skills/profiles/react/vercel-react-best-practices/rules/server-parallel-fetching.md +83 -0
- package/.agents/skills/profiles/react/vercel-react-best-practices/rules/server-serialization.md +38 -0
- package/.agents/skills/profiles/springboot/README.md +10 -0
- package/.agents/skills/profiles/vue/create-api/SKILL.md +105 -0
- package/.agents/skills/profiles/vue/create-component/SKILL.md +76 -0
- package/.agents/skills/profiles/vue/create-route/SKILL.md +141 -0
- package/.agents/skills/profiles/vue/create-store/SKILL.md +97 -0
- package/.agents/skills/profiles/vue/create-view/SKILL.md +81 -0
- package/.agents/skills/profiles/vue/theme-variables/SKILL.md +73 -0
- package/.agents/skills/profiles/vue/vue-best-practices/SKILL.md +166 -0
- package/.agents/skills/profiles/vue/vue-best-practices/references/animation-class-based-technique.md +254 -0
- package/.agents/skills/profiles/vue/vue-best-practices/references/animation-state-driven-technique.md +291 -0
- package/.agents/skills/profiles/vue/vue-best-practices/references/component-async.md +97 -0
- package/.agents/skills/profiles/vue/vue-best-practices/references/component-data-flow.md +307 -0
- package/.agents/skills/profiles/vue/vue-best-practices/references/component-fallthrough-attrs.md +174 -0
- package/.agents/skills/profiles/vue/vue-best-practices/references/component-keep-alive.md +137 -0
- package/.agents/skills/profiles/vue/vue-best-practices/references/component-slots.md +216 -0
- package/.agents/skills/profiles/vue/vue-best-practices/references/component-suspense.md +228 -0
- package/.agents/skills/profiles/vue/vue-best-practices/references/component-teleport.md +108 -0
- package/.agents/skills/profiles/vue/vue-best-practices/references/component-transition-group.md +128 -0
- package/.agents/skills/profiles/vue/vue-best-practices/references/component-transition.md +125 -0
- package/.agents/skills/profiles/vue/vue-best-practices/references/composables.md +290 -0
- package/.agents/skills/profiles/vue/vue-best-practices/references/directives.md +162 -0
- package/.agents/skills/profiles/vue/vue-best-practices/references/perf-avoid-component-abstraction-in-lists.md +159 -0
- package/.agents/skills/profiles/vue/vue-best-practices/references/perf-v-once-v-memo-directives.md +182 -0
- package/.agents/skills/profiles/vue/vue-best-practices/references/perf-virtualize-large-lists.md +187 -0
- package/.agents/skills/profiles/vue/vue-best-practices/references/plugins.md +166 -0
- package/.agents/skills/profiles/vue/vue-best-practices/references/reactivity.md +344 -0
- package/.agents/skills/profiles/vue/vue-best-practices/references/render-functions.md +201 -0
- package/.agents/skills/profiles/vue/vue-best-practices/references/sfc.md +310 -0
- package/.agents/skills/profiles/vue/vue-best-practices/references/state-management.md +135 -0
- package/.agents/skills/profiles/vue/vue-best-practices/references/updated-hook-performance.md +187 -0
- package/.agents/templates/common/README.md +23 -0
- package/.agents/templates/common/bugfix.md +22 -0
- package/.agents/templates/common/create-expert-package.md +458 -0
- package/.agents/templates/common/mock-page.md +28 -0
- package/.agents/templates/common/new-component.md +25 -0
- package/.agents/templates/common/new-page.md +31 -0
- package/.cursor/mcp.json +36 -0
- package/.qoder/README.md +114 -0
- package/.qoder/commands +1 -0
- package/.qoder/mcp.json +26 -0
- package/.qoder/rules +1 -0
- package/.qoder/skills +1 -0
- package/LICENSE +21 -0
- package/README.md +433 -0
- package/bin/archive-change.js +474 -0
- package/bin/check-command.js +62 -0
- package/bin/cli.js +295 -0
- package/bin/command-template-renderer.js +40 -0
- package/bin/context-command.js +102 -0
- package/bin/demo-runtime-smoke.js +760 -0
- package/bin/execution-semantics.js +821 -0
- package/bin/executor-command.js +93 -0
- package/bin/expert-dispatch.js +334 -0
- package/bin/expert-executor.js +1148 -0
- package/bin/guard-command.js +52 -0
- package/bin/hub-command.js +876 -0
- package/bin/ide-command.js +242 -0
- package/bin/init-command.js +193 -0
- package/bin/install-workflow.js +2983 -0
- package/bin/manifest-export.js +34 -0
- package/bin/profile-registry.js +90 -0
- package/bin/protocol-workflow.js +446 -0
- package/bin/repair-command.js +161 -0
- package/bin/repo-map.js +177 -0
- package/bin/report-command.js +236 -0
- package/bin/runtime-bootstrap.js +428 -0
- package/bin/runtime-embedded.js +101 -0
- package/bin/runtime-fallback.js +106 -0
- package/bin/runtime-launcher.js +116 -0
- package/bin/runtime-paths.js +177 -0
- package/bin/runtime-registry.js +289 -0
- package/bin/runtime-state.js +2541 -0
- package/bin/scan.js +96 -0
- package/bin/self-upgrade.js +206 -0
- package/bin/skill-spec-validator.js +457 -0
- package/bin/spec-command.js +366 -0
- package/bin/superpowers.js +384 -0
- package/bin/sync-command.js +59 -0
- package/bin/sync.js +1904 -0
- package/bin/task-orchestrator-adapter.js +341 -0
- package/bin/task-orchestrator-extractor.js +274 -0
- package/bin/task-orchestrator-runner.js +1208 -0
- package/bin/telemetry/README.md +66 -0
- package/bin/telemetry/aspect.js +153 -0
- package/bin/telemetry/collect.js +67 -0
- package/bin/telemetry/config.js +114 -0
- package/bin/telemetry/defaults.json +5 -0
- package/bin/telemetry/healthcheck.js +195 -0
- package/bin/telemetry/identity.js +53 -0
- package/bin/telemetry/index.js +25 -0
- package/bin/telemetry/reporter.js +83 -0
- package/bin/telemetry/safe.js +39 -0
- package/bin/validate-registry.js +740 -0
- package/bin/visual-bridge-config.js +117 -0
- package/bin/visual-bridge.js +287 -0
- package/bin/visual-command.js +432 -0
- package/bin/worktree-command.js +194 -0
- package/configs/common/.editorconfig +15 -0
- package/configs/common/.husky/commit-msg +4 -0
- package/configs/common/.husky/pre-commit +4 -0
- package/configs/common/.lintstagedrc +11 -0
- package/configs/common/.prettierignore +11 -0
- package/configs/common/.prettierrc.json +11 -0
- package/configs/common/.stylelintignore +14 -0
- package/configs/common/.stylelintrc.json +21 -0
- package/configs/common/commitlint.config.js +3 -0
- package/configs/profiles/nestjs/.gitkeep +1 -0
- package/configs/profiles/node-tooling/.gitkeep +1 -0
- package/configs/profiles/react/.eslintignore +6 -0
- package/configs/profiles/react/.eslintrc.js +16 -0
- package/configs/profiles/react/.stylelintrc.json +18 -0
- package/configs/profiles/springboot/.gitkeep +1 -0
- package/configs/profiles/vue/.eslintignore +7 -0
- package/configs/profiles/vue/.eslintrc.cjs +17 -0
- package/contracts/README.md +28 -0
- package/contracts/fixtures/asset-package.fixture.json +26 -0
- package/contracts/fixtures/asset-usage-feedback.fixture.json +14 -0
- package/contracts/fixtures/evidence-report.fixture.json +28 -0
- package/contracts/fixtures/manifest.fixture.json +20 -0
- package/contracts/fixtures/run-event.fixture.json +15 -0
- package/contracts/schemas/asset-package.schema.json +76 -0
- package/contracts/schemas/asset-usage-feedback.schema.json +57 -0
- package/contracts/schemas/evidence-report.schema.json +60 -0
- package/contracts/schemas/manifest.schema.json +63 -0
- package/contracts/schemas/run-event.schema.json +72 -0
- package/install.ps1 +35 -0
- package/install.sh +17 -0
- package/internal/ai-protocol-workflow.js +5600 -0
- package/internal/hub-client.js +98 -0
- package/internal/hub-sync-selection.js +69 -0
- package/internal/visual-hooks/README.md +481 -0
- package/internal/visual-hooks/config-loader.js +218 -0
- package/internal/visual-hooks/control-puller.js +206 -0
- package/internal/visual-hooks/gate-signal.js +150 -0
- package/internal/visual-hooks/inbox-consumer.js +469 -0
- package/internal/visual-hooks/index.js +197 -0
- package/internal/visual-hooks/push-client.js +189 -0
- package/internal/visual-hooks/receipt-pusher.js +176 -0
- package/internal/visual-hooks/runtime-state-pusher.js +128 -0
- package/openspec/changes/.gitkeep +0 -0
- package/openspec/changes/archive/.gitkeep +0 -0
- package/openspec/config.yaml.template +52 -0
- package/openspec/schemas/expert-delivery/schema.yaml +68 -0
- package/openspec/schemas/expert-delivery/templates/checklist.md +39 -0
- package/openspec/schemas/expert-delivery/templates/design.md +61 -0
- package/openspec/schemas/expert-delivery/templates/iterations.md +25 -0
- package/openspec/schemas/expert-delivery/templates/proposal.md +45 -0
- package/openspec/schemas/expert-delivery/templates/spec.md +29 -0
- package/openspec/schemas/expert-delivery/templates/tasks.md +24 -0
- package/openspec/specs/.gitkeep +0 -0
- package/package.json +73 -0
- package/scripts/acceptance-zero-intrusion.sh +168 -0
- package/scripts/hub-sync-assets.config.example.json +296 -0
- package/scripts/hub-sync-assets.js +2038 -0
- package/scripts/local-verify.sh +280 -0
- package/scripts/post-publish-auto-fix-check.js +404 -0
- package/scripts/post-publish-verify.sh +175 -0
- package/scripts/setup-cursor-manual-test.sh +107 -0
- package/scripts/setup-cursor-spec-archive-test.sh +111 -0
- package/scripts/setup-visual-integration.sh +225 -0
- package/scripts/test-integration.sh +176 -0
- package/scripts/update-test-project.sh +93 -0
- package/scripts/upload-four-web.sh +57 -0
- package/scripts/verify-install-ps1-bom.js +26 -0
- package/src/agent/agent-context.js +259 -0
- package/src/agent/agent-profile.js +185 -0
- package/src/agent/agent-templates.js +161 -0
- package/src/agent/agent-types.js +108 -0
- package/src/agent/collaboration-protocol.js +333 -0
- package/src/agent/conflict-handler.js +364 -0
- package/src/agent/file-permission.js +121 -0
- package/src/agent/index.js +38 -0
- package/src/agent/permission-audit.js +151 -0
- package/src/agent/review-repair-loop.js +270 -0
- package/src/agent/tool-permission.js +101 -0
- package/src/asset/asset-dependency.js +322 -0
- package/src/asset/asset-feedback.js +350 -0
- package/src/asset/asset-fork.js +300 -0
- package/src/asset/asset-install.js +278 -0
- package/src/asset/asset-installer.js +497 -0
- package/src/asset/asset-lifecycle.js +324 -0
- package/src/asset/asset-manager.js +245 -0
- package/src/asset/asset-package-manager.js +349 -0
- package/src/asset/asset-package.js +186 -0
- package/src/asset/asset-quality.js +262 -0
- package/src/asset/asset-registry.js +387 -0
- package/src/asset/asset-version.js +293 -0
- package/src/asset/index.js +86 -0
- package/src/cache/agent-profile-cache.js +59 -0
- package/src/cache/asset-cache.js +63 -0
- package/src/cache/global-cache.js +61 -0
- package/src/cache/manifest-cache.js +30 -0
- package/src/check/check-service.js +32 -0
- package/src/config/config-layer.js +343 -0
- package/src/config/config-loader.js +60 -0
- package/src/config/defaults.js +49 -0
- package/src/connectors/hub/asset-package.js +72 -0
- package/src/connectors/hub/asset-usage-feedback.js +46 -0
- package/src/connectors/hub/hub-connector.js +44 -0
- package/src/connectors/hub/index.js +21 -0
- package/src/connectors/visual/evidence-report.js +49 -0
- package/src/connectors/visual/index.js +15 -0
- package/src/connectors/visual/queue.js +41 -0
- package/src/connectors/visual/run-event.js +81 -0
- package/src/connectors/visual/visual-connector.js +77 -0
- package/src/context/context-budget.js +59 -0
- package/src/context/context-builder.js +285 -0
- package/src/context/context-loader.js +116 -0
- package/src/context/context-planner.js +158 -0
- package/src/context/types.js +96 -0
- package/src/contracts/index.js +63 -0
- package/src/executor/executor-registry.js +78 -0
- package/src/executor/executor-result-parser.js +44 -0
- package/src/executor/executor-runner.js +141 -0
- package/src/executor/executor-selector.js +139 -0
- package/src/executor/executor-timeout.js +36 -0
- package/src/executor/providers/base-provider-utils.js +189 -0
- package/src/executor/providers/claude-code-executor-provider.js +128 -0
- package/src/executor/providers/codex-executor-provider.js +126 -0
- package/src/executor/providers/cursor-executor-provider.js +99 -0
- package/src/executor/types.js +137 -0
- package/src/git/branch-manager.js +71 -0
- package/src/git/dirty-checker.js +43 -0
- package/src/git/dirty-strategy-handler.js +29 -0
- package/src/git/git-command.js +37 -0
- package/src/git/git-repository-detector.js +45 -0
- package/src/git/multi-repo-worktree-planner.js +88 -0
- package/src/git/policy.js +19 -0
- package/src/git/strategies/block-dirty-strategy.js +34 -0
- package/src/git/strategies/ignore-dirty-strategy.js +33 -0
- package/src/git/strategies/patch-snapshot-strategy.js +53 -0
- package/src/git/strategies/wip-commit-strategy.js +38 -0
- package/src/git/types.js +71 -0
- package/src/git/worktree-manager.js +85 -0
- package/src/governance/asset-review.js +351 -0
- package/src/governance/audit-log.js +368 -0
- package/src/governance/gray-release.js +312 -0
- package/src/governance/index.js +31 -0
- package/src/governance/policy-types.js +56 -0
- package/src/governance/rbac-types.js +171 -0
- package/src/governance/rbac.js +382 -0
- package/src/governance/rollback.js +360 -0
- package/src/governance/security-policy.js +354 -0
- package/src/hook/hook-config-writer.js +125 -0
- package/src/hub/hub-client.js +186 -0
- package/src/hub/hub-config.js +39 -0
- package/src/hub/project-facts.js +31 -0
- package/src/hub/runtime-feedback-reporter.js +55 -0
- package/src/ide/adapters/adapter-protocol.js +385 -0
- package/src/ide/adapters/claude-adapter.js +419 -0
- package/src/ide/adapters/codex-adapter.js +60 -0
- package/src/ide/adapters/cursor-adapter.js +484 -0
- package/src/ide/adapters/index.js +24 -0
- package/src/ide/anchors/markdown-anchor-writer.js +152 -0
- package/src/ide/ide-service.js +270 -0
- package/src/ide/ide-types.js +94 -0
- package/src/ide/links/link-mode-resolver.js +160 -0
- package/src/ide/registry/ide-registry-builder.js +165 -0
- package/src/incident/incident-writer.js +47 -0
- package/src/incident/types.js +22 -0
- package/src/init/ide-linker.js +126 -0
- package/src/init/ide-pointer-injector.js +75 -0
- package/src/init/init-applier.js +197 -0
- package/src/init/init-plan.js +294 -0
- package/src/init/init-service.js +65 -0
- package/src/init/manifest-installer.js +302 -0
- package/src/init/types.js +26 -0
- package/src/project/config-writer.js +83 -0
- package/src/project/context-index-writer.js +82 -0
- package/src/project/json-utils.js +72 -0
- package/src/project/local-state-writer.js +50 -0
- package/src/project/lock-file-writer.js +98 -0
- package/src/project/manifest-writer.js +126 -0
- package/src/project/policy-config-writer.js +91 -0
- package/src/project/project-config-writer.js +74 -0
- package/src/project/project-files.js +39 -0
- package/src/project/registry-index-writer.js +43 -0
- package/src/project/workspace-config-writer.js +63 -0
- package/src/run/index.js +11 -0
- package/src/run/run-id.js +32 -0
- package/src/run/run-service.js +269 -0
- package/src/run/run-store.js +80 -0
- package/src/scanner/aggregator/detection-aggregator.js +23 -0
- package/src/scanner/boundary/boundary-resolver.js +229 -0
- package/src/scanner/detectors/detector-registry.js +44 -0
- package/src/scanner/detectors/fastapi-detector.js +46 -0
- package/src/scanner/detectors/go-detector.js +46 -0
- package/src/scanner/detectors/nestjs-detector.js +57 -0
- package/src/scanner/detectors/nextjs-detector.js +52 -0
- package/src/scanner/detectors/react-vite-detector.js +52 -0
- package/src/scanner/detectors/react-webpack-detector.js +57 -0
- package/src/scanner/detectors/springboot-detector.js +46 -0
- package/src/scanner/detectors/springcloud-detector.js +46 -0
- package/src/scanner/detectors/springmvc-detector.js +46 -0
- package/src/scanner/detectors/vue-vite-detector.js +52 -0
- package/src/scanner/engine.js +72 -0
- package/src/scanner/facts/fact-extractor.js +211 -0
- package/src/scanner/types.js +30 -0
- package/src/security/asset-tamper-checker.js +188 -0
- package/src/security/checksum.js +40 -0
- package/src/spec/spec-writer.js +302 -0
- package/src/state-machine/circuit-breaker.js +112 -0
- package/src/state-machine/escape-hatch.js +49 -0
- package/src/state-machine/stage-runner.js +281 -0
- package/src/state-machine/state-machine.js +24 -0
- package/src/state-machine/transition-guard.js +36 -0
- package/src/state-machine/types.js +37 -0
- package/src/sync/sync-service.js +192 -0
- package/src/visual/agent-visual.js +142 -0
- package/src/visual/event-gateway.js +357 -0
- package/src/visual/event-mapper.js +128 -0
- package/src/visual/hook-dashboard.js +216 -0
- package/src/visual/index.js +27 -0
- package/src/visual/metrics.js +287 -0
- package/src/visual/privacy-filter.js +100 -0
- package/src/visual/risk-board.js +252 -0
- package/src/visual/timeline.js +245 -0
- package/src/visual/visual-client.js +94 -0
- package/src/visual/visual-config.js +40 -0
- package/src/visual/visual-reporter.js +88 -0
|
@@ -0,0 +1,360 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* P3.5 版本回滚
|
|
3
|
+
*
|
|
4
|
+
* 资产版本回滚、锁回滚、适配器重新生成、回滚验证
|
|
5
|
+
*/
|
|
6
|
+
|
|
7
|
+
// ============================================================
|
|
8
|
+
// 常量
|
|
9
|
+
// ============================================================
|
|
10
|
+
|
|
11
|
+
const ROLLBACK_STATUS = Object.freeze({
|
|
12
|
+
PENDING: 'pending',
|
|
13
|
+
IN_PROGRESS: 'in_progress',
|
|
14
|
+
COMPLETED: 'completed',
|
|
15
|
+
FAILED: 'failed',
|
|
16
|
+
VERIFIED: 'verified',
|
|
17
|
+
});
|
|
18
|
+
|
|
19
|
+
const VALID_ROLLBACK_STATUS = new Set(Object.values(ROLLBACK_STATUS));
|
|
20
|
+
|
|
21
|
+
// ============================================================
|
|
22
|
+
// 版本回滚管理器
|
|
23
|
+
// ============================================================
|
|
24
|
+
|
|
25
|
+
class RollbackManager {
|
|
26
|
+
constructor(options = {}) {
|
|
27
|
+
/** @type {Map<string, object[]>} assetId → 版本记录[] */
|
|
28
|
+
this.versions = new Map();
|
|
29
|
+
/** @type {Map<string, object[]>} projectId → 锁版本记录[] */
|
|
30
|
+
this.lockVersions = new Map();
|
|
31
|
+
/** @type {Map<string, object>} rollbackId → 回滚记录 */
|
|
32
|
+
this.rollbacks = new Map();
|
|
33
|
+
/** @type {Function|null} 审计日志回调 */
|
|
34
|
+
this._auditCallback = options.onAudit || null;
|
|
35
|
+
/** @type {number} */
|
|
36
|
+
this._nextVersionId = 1;
|
|
37
|
+
/** @type {number} */
|
|
38
|
+
this._nextRollbackId = 1;
|
|
39
|
+
}
|
|
40
|
+
|
|
41
|
+
/**
|
|
42
|
+
* 注册资产版本
|
|
43
|
+
* @param {object} params
|
|
44
|
+
* @returns {object} 版本记录
|
|
45
|
+
*/
|
|
46
|
+
registerVersion({ assetId, version, content = {}, metadata = {} }) {
|
|
47
|
+
if (!assetId || !version) {
|
|
48
|
+
throw new Error('assetId, version 必填');
|
|
49
|
+
}
|
|
50
|
+
|
|
51
|
+
const versionId = `ver-${this._nextVersionId++}`;
|
|
52
|
+
const record = {
|
|
53
|
+
versionId,
|
|
54
|
+
assetId,
|
|
55
|
+
version,
|
|
56
|
+
content: { ...content },
|
|
57
|
+
metadata: { ...metadata },
|
|
58
|
+
createdAt: new Date().toISOString(),
|
|
59
|
+
};
|
|
60
|
+
|
|
61
|
+
if (!this.versions.has(assetId)) {
|
|
62
|
+
this.versions.set(assetId, []);
|
|
63
|
+
}
|
|
64
|
+
this.versions.get(assetId).push(record);
|
|
65
|
+
|
|
66
|
+
return { ...record };
|
|
67
|
+
}
|
|
68
|
+
|
|
69
|
+
/**
|
|
70
|
+
* 列出资产所有版本
|
|
71
|
+
* @param {string} assetId
|
|
72
|
+
* @returns {object[]}
|
|
73
|
+
*/
|
|
74
|
+
listVersions(assetId) {
|
|
75
|
+
const versions = this.versions.get(assetId) || [];
|
|
76
|
+
return versions.map(v => ({ ...v }));
|
|
77
|
+
}
|
|
78
|
+
|
|
79
|
+
/**
|
|
80
|
+
* 注册锁版本
|
|
81
|
+
* @param {object} params
|
|
82
|
+
* @returns {object} 锁版本记录
|
|
83
|
+
*/
|
|
84
|
+
registerLockVersion({ projectId, lockVersion, lockData = {} }) {
|
|
85
|
+
if (!projectId || !lockVersion) {
|
|
86
|
+
throw new Error('projectId, lockVersion 必填');
|
|
87
|
+
}
|
|
88
|
+
|
|
89
|
+
const record = {
|
|
90
|
+
lockVersionId: `lock-${this._nextVersionId++}`,
|
|
91
|
+
projectId,
|
|
92
|
+
lockVersion,
|
|
93
|
+
lockData: { ...lockData },
|
|
94
|
+
createdAt: new Date().toISOString(),
|
|
95
|
+
};
|
|
96
|
+
|
|
97
|
+
if (!this.lockVersions.has(projectId)) {
|
|
98
|
+
this.lockVersions.set(projectId, []);
|
|
99
|
+
}
|
|
100
|
+
this.lockVersions.get(projectId).push(record);
|
|
101
|
+
|
|
102
|
+
return { ...record };
|
|
103
|
+
}
|
|
104
|
+
|
|
105
|
+
/**
|
|
106
|
+
* 回滚资产到指定版本
|
|
107
|
+
* @param {string} assetId
|
|
108
|
+
* @param {string} targetVersion
|
|
109
|
+
* @param {string} operatorId
|
|
110
|
+
* @returns {object} { ok, rollback?, error? }
|
|
111
|
+
*/
|
|
112
|
+
rollbackAssetVersion(assetId, targetVersion, operatorId) {
|
|
113
|
+
if (!assetId || !targetVersion || !operatorId) {
|
|
114
|
+
return { ok: false, error: 'assetId, targetVersion, operatorId 必填' };
|
|
115
|
+
}
|
|
116
|
+
|
|
117
|
+
const versions = this.versions.get(assetId) || [];
|
|
118
|
+
const target = versions.find(v => v.version === targetVersion);
|
|
119
|
+
if (!target) {
|
|
120
|
+
return { ok: false, error: `资产 ${assetId} 没有版本 ${targetVersion}` };
|
|
121
|
+
}
|
|
122
|
+
|
|
123
|
+
const rollbackId = `rb-${this._nextRollbackId++}`;
|
|
124
|
+
const now = new Date().toISOString();
|
|
125
|
+
|
|
126
|
+
// 回滚不删除旧版本,而是创建新版本记录指向目标版本
|
|
127
|
+
const newVersion = this.registerVersion({
|
|
128
|
+
assetId,
|
|
129
|
+
version: `rollback-${Date.now()}`,
|
|
130
|
+
content: { ...target.content },
|
|
131
|
+
metadata: { rollbackFrom: versions[versions.length - 1]?.version, rollbackTo: targetVersion },
|
|
132
|
+
});
|
|
133
|
+
|
|
134
|
+
const rollback = {
|
|
135
|
+
rollbackId,
|
|
136
|
+
type: 'asset_version',
|
|
137
|
+
assetId,
|
|
138
|
+
targetVersion,
|
|
139
|
+
operatorId,
|
|
140
|
+
status: ROLLBACK_STATUS.COMPLETED,
|
|
141
|
+
newVersionId: newVersion.versionId,
|
|
142
|
+
createdAt: now,
|
|
143
|
+
completedAt: now,
|
|
144
|
+
verifiedAt: null,
|
|
145
|
+
verificationResult: null,
|
|
146
|
+
};
|
|
147
|
+
|
|
148
|
+
this.rollbacks.set(rollbackId, rollback);
|
|
149
|
+
this._audit('rollback', operatorId, assetId, 'rollback_asset_version', 'success', { targetVersion });
|
|
150
|
+
|
|
151
|
+
return { ok: true, rollback: { ...rollback } };
|
|
152
|
+
}
|
|
153
|
+
|
|
154
|
+
/**
|
|
155
|
+
* 回滚项目锁
|
|
156
|
+
* @param {string} projectId
|
|
157
|
+
* @param {string} targetLockVersion
|
|
158
|
+
* @param {string} operatorId
|
|
159
|
+
* @returns {object} { ok, rollback?, error? }
|
|
160
|
+
*/
|
|
161
|
+
rollbackLock(projectId, targetLockVersion, operatorId) {
|
|
162
|
+
if (!projectId || !targetLockVersion || !operatorId) {
|
|
163
|
+
return { ok: false, error: 'projectId, targetLockVersion, operatorId 必填' };
|
|
164
|
+
}
|
|
165
|
+
|
|
166
|
+
const locks = this.lockVersions.get(projectId) || [];
|
|
167
|
+
const target = locks.find(l => l.lockVersion === targetLockVersion);
|
|
168
|
+
if (!target) {
|
|
169
|
+
return { ok: false, error: `项目 ${projectId} 没有锁版本 ${targetLockVersion}` };
|
|
170
|
+
}
|
|
171
|
+
|
|
172
|
+
const rollbackId = `rb-${this._nextRollbackId++}`;
|
|
173
|
+
const now = new Date().toISOString();
|
|
174
|
+
|
|
175
|
+
// 创建新的锁版本记录
|
|
176
|
+
const newLock = this.registerLockVersion({
|
|
177
|
+
projectId,
|
|
178
|
+
lockVersion: `rollback-${Date.now()}`,
|
|
179
|
+
lockData: { ...target.lockData },
|
|
180
|
+
});
|
|
181
|
+
|
|
182
|
+
const rollback = {
|
|
183
|
+
rollbackId,
|
|
184
|
+
type: 'lock',
|
|
185
|
+
projectId,
|
|
186
|
+
targetLockVersion,
|
|
187
|
+
operatorId,
|
|
188
|
+
status: ROLLBACK_STATUS.COMPLETED,
|
|
189
|
+
newLockVersionId: newLock.lockVersionId,
|
|
190
|
+
createdAt: now,
|
|
191
|
+
completedAt: now,
|
|
192
|
+
verifiedAt: null,
|
|
193
|
+
verificationResult: null,
|
|
194
|
+
};
|
|
195
|
+
|
|
196
|
+
this.rollbacks.set(rollbackId, rollback);
|
|
197
|
+
this._audit('rollback', operatorId, projectId, 'rollback_lock', 'success', { targetLockVersion });
|
|
198
|
+
|
|
199
|
+
return { ok: true, rollback: { ...rollback } };
|
|
200
|
+
}
|
|
201
|
+
|
|
202
|
+
/**
|
|
203
|
+
* 重新生成适配器输出
|
|
204
|
+
* @param {string} projectId
|
|
205
|
+
* @param {string} targetVersion
|
|
206
|
+
* @param {string[]} adapterNames
|
|
207
|
+
* @returns {object} { ok, rollback?, error? }
|
|
208
|
+
*/
|
|
209
|
+
rollbackAdapters(projectId, targetVersion, adapterNames) {
|
|
210
|
+
if (!projectId || !targetVersion) {
|
|
211
|
+
return { ok: false, error: 'projectId, targetVersion 必填' };
|
|
212
|
+
}
|
|
213
|
+
if (!adapterNames || !Array.isArray(adapterNames) || adapterNames.length === 0) {
|
|
214
|
+
return { ok: false, error: 'adapterNames 必填且不能为空' };
|
|
215
|
+
}
|
|
216
|
+
|
|
217
|
+
const rollbackId = `rb-${this._nextRollbackId++}`;
|
|
218
|
+
const now = new Date().toISOString();
|
|
219
|
+
|
|
220
|
+
// 模拟适配器重新生成结果
|
|
221
|
+
const adapterResults = adapterNames.map(name => ({
|
|
222
|
+
adapter: name,
|
|
223
|
+
status: 'regenerated',
|
|
224
|
+
targetVersion,
|
|
225
|
+
}));
|
|
226
|
+
|
|
227
|
+
const rollback = {
|
|
228
|
+
rollbackId,
|
|
229
|
+
type: 'adapter',
|
|
230
|
+
projectId,
|
|
231
|
+
targetVersion,
|
|
232
|
+
adapterNames: [...adapterNames],
|
|
233
|
+
adapterResults,
|
|
234
|
+
status: ROLLBACK_STATUS.COMPLETED,
|
|
235
|
+
createdAt: now,
|
|
236
|
+
completedAt: now,
|
|
237
|
+
verifiedAt: null,
|
|
238
|
+
verificationResult: null,
|
|
239
|
+
};
|
|
240
|
+
|
|
241
|
+
this.rollbacks.set(rollbackId, rollback);
|
|
242
|
+
this._audit('rollback', 'system', projectId, 'rollback_adapters', 'success', { targetVersion, adapterNames });
|
|
243
|
+
|
|
244
|
+
return { ok: true, rollback: { ...rollback } };
|
|
245
|
+
}
|
|
246
|
+
|
|
247
|
+
/**
|
|
248
|
+
* 验证回滚结果
|
|
249
|
+
* @param {string} projectId
|
|
250
|
+
* @param {string} rollbackId
|
|
251
|
+
* @returns {object} { ok, verified?, error? }
|
|
252
|
+
*/
|
|
253
|
+
verifyRollback(projectId, rollbackId) {
|
|
254
|
+
const rollback = this.rollbacks.get(rollbackId);
|
|
255
|
+
if (!rollback) {
|
|
256
|
+
return { ok: false, error: `回滚记录 ${rollbackId} 不存在` };
|
|
257
|
+
}
|
|
258
|
+
if (rollback.status === ROLLBACK_STATUS.VERIFIED) {
|
|
259
|
+
return { ok: false, error: '回滚已验证,不可重复验证' };
|
|
260
|
+
}
|
|
261
|
+
if (rollback.status !== ROLLBACK_STATUS.COMPLETED) {
|
|
262
|
+
return { ok: false, error: `回滚状态为 ${rollback.status},不可验证` };
|
|
263
|
+
}
|
|
264
|
+
|
|
265
|
+
const now = new Date().toISOString();
|
|
266
|
+
rollback.status = ROLLBACK_STATUS.VERIFIED;
|
|
267
|
+
rollback.verifiedAt = now;
|
|
268
|
+
rollback.verificationResult = {
|
|
269
|
+
passed: true,
|
|
270
|
+
checks: ['version_integrity', 'content_match', 'metadata_consistent'],
|
|
271
|
+
verifiedAt: now,
|
|
272
|
+
};
|
|
273
|
+
|
|
274
|
+
this._audit('rollback', 'system', projectId || '', 'verify_rollback', 'success', { rollbackId });
|
|
275
|
+
|
|
276
|
+
return { ok: true, verified: { ...rollback } };
|
|
277
|
+
}
|
|
278
|
+
|
|
279
|
+
/**
|
|
280
|
+
* 获取回滚历史
|
|
281
|
+
* @param {string} projectId
|
|
282
|
+
* @returns {object[]}
|
|
283
|
+
*/
|
|
284
|
+
getRollbackHistory(projectId) {
|
|
285
|
+
const result = [];
|
|
286
|
+
for (const rb of this.rollbacks.values()) {
|
|
287
|
+
if (!projectId || rb.projectId === projectId || rb.assetId === projectId) {
|
|
288
|
+
result.push({ ...rb });
|
|
289
|
+
}
|
|
290
|
+
}
|
|
291
|
+
return result;
|
|
292
|
+
}
|
|
293
|
+
|
|
294
|
+
/**
|
|
295
|
+
* 获取单个回滚记录
|
|
296
|
+
* @param {string} rollbackId
|
|
297
|
+
* @returns {object|null}
|
|
298
|
+
*/
|
|
299
|
+
getRollback(rollbackId) {
|
|
300
|
+
const rb = this.rollbacks.get(rollbackId);
|
|
301
|
+
return rb ? { ...rb } : null;
|
|
302
|
+
}
|
|
303
|
+
|
|
304
|
+
/**
|
|
305
|
+
* 获取统计
|
|
306
|
+
* @returns {object}
|
|
307
|
+
*/
|
|
308
|
+
getStats() {
|
|
309
|
+
const byType = {};
|
|
310
|
+
const byStatus = {};
|
|
311
|
+
for (const rb of this.rollbacks.values()) {
|
|
312
|
+
byType[rb.type] = (byType[rb.type] || 0) + 1;
|
|
313
|
+
byStatus[rb.status] = (byStatus[rb.status] || 0) + 1;
|
|
314
|
+
}
|
|
315
|
+
return {
|
|
316
|
+
totalRollbacks: this.rollbacks.size,
|
|
317
|
+
totalVersions: [...this.versions.values()].reduce((s, a) => s + a.length, 0),
|
|
318
|
+
totalLockVersions: [...this.lockVersions.values()].reduce((s, a) => s + a.length, 0),
|
|
319
|
+
byType,
|
|
320
|
+
byStatus,
|
|
321
|
+
};
|
|
322
|
+
}
|
|
323
|
+
|
|
324
|
+
/**
|
|
325
|
+
* 重置
|
|
326
|
+
*/
|
|
327
|
+
reset() {
|
|
328
|
+
this.versions.clear();
|
|
329
|
+
this.lockVersions.clear();
|
|
330
|
+
this.rollbacks.clear();
|
|
331
|
+
this._nextVersionId = 1;
|
|
332
|
+
this._nextRollbackId = 1;
|
|
333
|
+
}
|
|
334
|
+
|
|
335
|
+
// ============================================================
|
|
336
|
+
// 内部方法
|
|
337
|
+
// ============================================================
|
|
338
|
+
|
|
339
|
+
_audit(eventType, actor, target, action, result, metadata) {
|
|
340
|
+
if (this._auditCallback) {
|
|
341
|
+
this._auditCallback({ eventType, actor, target, action, result, metadata });
|
|
342
|
+
}
|
|
343
|
+
}
|
|
344
|
+
}
|
|
345
|
+
|
|
346
|
+
/**
|
|
347
|
+
* 工厂函数
|
|
348
|
+
* @param {object} [options]
|
|
349
|
+
* @returns {RollbackManager}
|
|
350
|
+
*/
|
|
351
|
+
function createRollbackManager(options) {
|
|
352
|
+
return new RollbackManager(options);
|
|
353
|
+
}
|
|
354
|
+
|
|
355
|
+
module.exports = {
|
|
356
|
+
ROLLBACK_STATUS,
|
|
357
|
+
VALID_ROLLBACK_STATUS,
|
|
358
|
+
RollbackManager,
|
|
359
|
+
createRollbackManager,
|
|
360
|
+
};
|
|
@@ -0,0 +1,354 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* P3.6 Security Policy Engine
|
|
3
|
+
*
|
|
4
|
+
* 密钥保护、源码不外泄、敏感信息红脱、命令白名单、Prompt 注入防护
|
|
5
|
+
*/
|
|
6
|
+
|
|
7
|
+
const {
|
|
8
|
+
POLICY_TYPES,
|
|
9
|
+
POLICY_SEVERITY,
|
|
10
|
+
VALID_POLICY_TYPES,
|
|
11
|
+
VALID_POLICY_SEVERITY,
|
|
12
|
+
DEFAULT_SECRET_PATTERNS,
|
|
13
|
+
DEFAULT_INJECTION_PATTERNS,
|
|
14
|
+
} = require('./policy-types');
|
|
15
|
+
|
|
16
|
+
// ============================================================
|
|
17
|
+
// 安全策略引擎
|
|
18
|
+
// ============================================================
|
|
19
|
+
|
|
20
|
+
class SecurityPolicyEngine {
|
|
21
|
+
constructor(policies = []) {
|
|
22
|
+
/** @type {Map<string, object>} policyId → policy */
|
|
23
|
+
this.policies = new Map();
|
|
24
|
+
/** @type {number} */
|
|
25
|
+
this._nextPolicyId = 1;
|
|
26
|
+
|
|
27
|
+
// 注册默认策略
|
|
28
|
+
this._registerDefaults();
|
|
29
|
+
|
|
30
|
+
// 注册用户自定义策略
|
|
31
|
+
for (const policy of policies) {
|
|
32
|
+
this.addPolicy(policy);
|
|
33
|
+
}
|
|
34
|
+
}
|
|
35
|
+
|
|
36
|
+
/**
|
|
37
|
+
* 添加策略
|
|
38
|
+
* @param {object} policy
|
|
39
|
+
* @returns {object} 完整策略
|
|
40
|
+
*/
|
|
41
|
+
addPolicy({ name, type, enabled = true, severity = 'warn', config = {} }) {
|
|
42
|
+
if (!name || !type) {
|
|
43
|
+
throw new Error('name, type 必填');
|
|
44
|
+
}
|
|
45
|
+
if (!VALID_POLICY_TYPES.has(type)) {
|
|
46
|
+
throw new Error(`无效策略类型: ${type},必须是 ${[...VALID_POLICY_TYPES].join(', ')} 之一`);
|
|
47
|
+
}
|
|
48
|
+
if (!VALID_POLICY_SEVERITY.has(severity)) {
|
|
49
|
+
throw new Error(`无效严重级别: ${severity},必须是 ${[...VALID_POLICY_SEVERITY].join(', ')} 之一`);
|
|
50
|
+
}
|
|
51
|
+
|
|
52
|
+
const policyId = `policy-${this._nextPolicyId++}`;
|
|
53
|
+
const policy = {
|
|
54
|
+
policyId,
|
|
55
|
+
name,
|
|
56
|
+
type,
|
|
57
|
+
enabled,
|
|
58
|
+
severity,
|
|
59
|
+
config: { ...config },
|
|
60
|
+
createdAt: new Date().toISOString(),
|
|
61
|
+
};
|
|
62
|
+
|
|
63
|
+
this.policies.set(policyId, policy);
|
|
64
|
+
return { ...policy };
|
|
65
|
+
}
|
|
66
|
+
|
|
67
|
+
/**
|
|
68
|
+
* 移除策略
|
|
69
|
+
* @param {string} policyId
|
|
70
|
+
* @returns {boolean}
|
|
71
|
+
*/
|
|
72
|
+
removePolicy(policyId) {
|
|
73
|
+
return this.policies.delete(policyId);
|
|
74
|
+
}
|
|
75
|
+
|
|
76
|
+
/**
|
|
77
|
+
* 获取策略
|
|
78
|
+
* @param {string} policyId
|
|
79
|
+
* @returns {object|null}
|
|
80
|
+
*/
|
|
81
|
+
getPolicy(policyId) {
|
|
82
|
+
const p = this.policies.get(policyId);
|
|
83
|
+
return p ? { ...p } : null;
|
|
84
|
+
}
|
|
85
|
+
|
|
86
|
+
/**
|
|
87
|
+
* 列出所有策略
|
|
88
|
+
* @returns {object[]}
|
|
89
|
+
*/
|
|
90
|
+
listPolicies() {
|
|
91
|
+
return [...this.policies.values()].map(p => ({ ...p }));
|
|
92
|
+
}
|
|
93
|
+
|
|
94
|
+
/**
|
|
95
|
+
* 扫描内容中的密钥
|
|
96
|
+
* @param {string} content
|
|
97
|
+
* @returns {object} { found: boolean, matches: Array<{name, match, index}> }
|
|
98
|
+
*/
|
|
99
|
+
scanForSecrets(content) {
|
|
100
|
+
if (typeof content !== 'string') return { found: false, matches: [] };
|
|
101
|
+
|
|
102
|
+
const matches = [];
|
|
103
|
+
const patterns = this._getPatternsByType(POLICY_TYPES.SECRET_SCANNER);
|
|
104
|
+
|
|
105
|
+
for (const { name, pattern } of patterns) {
|
|
106
|
+
const regex = new RegExp(pattern.source, pattern.flags);
|
|
107
|
+
let match;
|
|
108
|
+
while ((match = regex.exec(content)) !== null) {
|
|
109
|
+
matches.push({
|
|
110
|
+
name,
|
|
111
|
+
match: match[0].substring(0, 20) + '...',
|
|
112
|
+
index: match.index,
|
|
113
|
+
});
|
|
114
|
+
}
|
|
115
|
+
}
|
|
116
|
+
|
|
117
|
+
return { found: matches.length > 0, matches };
|
|
118
|
+
}
|
|
119
|
+
|
|
120
|
+
/**
|
|
121
|
+
* 红脱敏感信息
|
|
122
|
+
* @param {string} content
|
|
123
|
+
* @returns {string} 红脱后的内容
|
|
124
|
+
*/
|
|
125
|
+
redactSensitive(content) {
|
|
126
|
+
if (typeof content !== 'string') return content;
|
|
127
|
+
|
|
128
|
+
let result = content;
|
|
129
|
+
const patterns = this._getPatternsByType(POLICY_TYPES.REDACTION);
|
|
130
|
+
|
|
131
|
+
for (const { pattern } of patterns) {
|
|
132
|
+
const regex = new RegExp(pattern.source, pattern.flags);
|
|
133
|
+
result = result.replace(regex, '[REDACTED]');
|
|
134
|
+
}
|
|
135
|
+
|
|
136
|
+
// 同时应用密钥扫描模式的红脱
|
|
137
|
+
const secretPatterns = this._getPatternsByType(POLICY_TYPES.SECRET_SCANNER);
|
|
138
|
+
for (const { pattern } of secretPatterns) {
|
|
139
|
+
const regex = new RegExp(pattern.source, pattern.flags);
|
|
140
|
+
result = result.replace(regex, '[REDACTED]');
|
|
141
|
+
}
|
|
142
|
+
|
|
143
|
+
return result;
|
|
144
|
+
}
|
|
145
|
+
|
|
146
|
+
/**
|
|
147
|
+
* 检查命令是否在白名单
|
|
148
|
+
* @param {string} command
|
|
149
|
+
* @returns {object} { allowed: boolean, reason? }
|
|
150
|
+
*/
|
|
151
|
+
checkCommand(command) {
|
|
152
|
+
if (typeof command !== 'string') return { allowed: false, reason: '命令格式无效' };
|
|
153
|
+
|
|
154
|
+
const allowlistPolicies = this._getEnabledPoliciesByType(POLICY_TYPES.COMMAND_ALLOWLIST);
|
|
155
|
+
if (allowlistPolicies.length === 0) {
|
|
156
|
+
return { allowed: true };
|
|
157
|
+
}
|
|
158
|
+
|
|
159
|
+
const cmd = command.trim().split(/\s+/)[0];
|
|
160
|
+
for (const policy of allowlistPolicies) {
|
|
161
|
+
const allowed = policy.config.allowedCommands || [];
|
|
162
|
+
if (allowed.includes(cmd) || allowed.includes('*')) {
|
|
163
|
+
return { allowed: true };
|
|
164
|
+
}
|
|
165
|
+
}
|
|
166
|
+
|
|
167
|
+
return { allowed: false, reason: `命令 ${cmd} 不在白名单中` };
|
|
168
|
+
}
|
|
169
|
+
|
|
170
|
+
/**
|
|
171
|
+
* 检测 prompt 注入
|
|
172
|
+
* @param {string} prompt
|
|
173
|
+
* @returns {object} { detected: boolean, matches: Array<{name, pattern, index}> }
|
|
174
|
+
*/
|
|
175
|
+
detectInjection(prompt) {
|
|
176
|
+
if (typeof prompt !== 'string') return { detected: false, matches: [] };
|
|
177
|
+
|
|
178
|
+
const matches = [];
|
|
179
|
+
const patterns = this._getPatternsByType(POLICY_TYPES.INJECTION_GUARD);
|
|
180
|
+
|
|
181
|
+
for (const { name, pattern } of patterns) {
|
|
182
|
+
const regex = new RegExp(pattern.source, pattern.flags);
|
|
183
|
+
let match;
|
|
184
|
+
while ((match = regex.exec(prompt)) !== null) {
|
|
185
|
+
matches.push({
|
|
186
|
+
name,
|
|
187
|
+
match: match[0],
|
|
188
|
+
index: match.index,
|
|
189
|
+
});
|
|
190
|
+
}
|
|
191
|
+
}
|
|
192
|
+
|
|
193
|
+
return { detected: matches.length > 0, matches };
|
|
194
|
+
}
|
|
195
|
+
|
|
196
|
+
/**
|
|
197
|
+
* 综合评估(串联所有策略)
|
|
198
|
+
* @param {string} content
|
|
199
|
+
* @param {object} context - { type: 'content'|'command'|'prompt', ... }
|
|
200
|
+
* @returns {object} { passed: boolean, violations: Array<{policyId, name, type, severity, detail}> }
|
|
201
|
+
*/
|
|
202
|
+
evaluate(content, context = {}) {
|
|
203
|
+
const violations = [];
|
|
204
|
+
|
|
205
|
+
// 密钥扫描
|
|
206
|
+
const secretResult = this.scanForSecrets(content);
|
|
207
|
+
if (secretResult.found) {
|
|
208
|
+
const policy = this._findFirstEnabledPolicy(POLICY_TYPES.SECRET_SCANNER);
|
|
209
|
+
violations.push({
|
|
210
|
+
policyId: policy?.policyId || 'default',
|
|
211
|
+
name: policy?.name || 'secret-scanner',
|
|
212
|
+
type: POLICY_TYPES.SECRET_SCANNER,
|
|
213
|
+
severity: policy?.severity || 'block',
|
|
214
|
+
detail: `发现 ${secretResult.matches.length} 个密钥匹配`,
|
|
215
|
+
});
|
|
216
|
+
}
|
|
217
|
+
|
|
218
|
+
// 注入检测
|
|
219
|
+
if (context.type === 'prompt' || !context.type) {
|
|
220
|
+
const injectionResult = this.detectInjection(content);
|
|
221
|
+
if (injectionResult.detected) {
|
|
222
|
+
const policy = this._findFirstEnabledPolicy(POLICY_TYPES.INJECTION_GUARD);
|
|
223
|
+
violations.push({
|
|
224
|
+
policyId: policy?.policyId || 'default',
|
|
225
|
+
name: policy?.name || 'injection-guard',
|
|
226
|
+
type: POLICY_TYPES.INJECTION_GUARD,
|
|
227
|
+
severity: policy?.severity || 'block',
|
|
228
|
+
detail: `检测到 ${injectionResult.matches.length} 个注入模式`,
|
|
229
|
+
});
|
|
230
|
+
}
|
|
231
|
+
}
|
|
232
|
+
|
|
233
|
+
// 命令白名单
|
|
234
|
+
if (context.type === 'command') {
|
|
235
|
+
const cmdResult = this.checkCommand(content);
|
|
236
|
+
if (!cmdResult.allowed) {
|
|
237
|
+
const policy = this._findFirstEnabledPolicy(POLICY_TYPES.COMMAND_ALLOWLIST);
|
|
238
|
+
violations.push({
|
|
239
|
+
policyId: policy?.policyId || 'default',
|
|
240
|
+
name: policy?.name || 'command-allowlist',
|
|
241
|
+
type: POLICY_TYPES.COMMAND_ALLOWLIST,
|
|
242
|
+
severity: policy?.severity || 'block',
|
|
243
|
+
detail: cmdResult.reason,
|
|
244
|
+
});
|
|
245
|
+
}
|
|
246
|
+
}
|
|
247
|
+
|
|
248
|
+
const hasBlocking = violations.some(v => v.severity === 'block');
|
|
249
|
+
return {
|
|
250
|
+
passed: violations.length === 0,
|
|
251
|
+
blocked: hasBlocking,
|
|
252
|
+
violations,
|
|
253
|
+
};
|
|
254
|
+
}
|
|
255
|
+
|
|
256
|
+
/**
|
|
257
|
+
* 获取统计
|
|
258
|
+
* @returns {object}
|
|
259
|
+
*/
|
|
260
|
+
getStats() {
|
|
261
|
+
const byType = {};
|
|
262
|
+
const bySeverity = {};
|
|
263
|
+
for (const p of this.policies.values()) {
|
|
264
|
+
byType[p.type] = (byType[p.type] || 0) + 1;
|
|
265
|
+
bySeverity[p.severity] = (bySeverity[p.severity] || 0) + 1;
|
|
266
|
+
}
|
|
267
|
+
return {
|
|
268
|
+
total: this.policies.size,
|
|
269
|
+
byType,
|
|
270
|
+
bySeverity,
|
|
271
|
+
};
|
|
272
|
+
}
|
|
273
|
+
|
|
274
|
+
/**
|
|
275
|
+
* 重置为默认策略
|
|
276
|
+
*/
|
|
277
|
+
reset() {
|
|
278
|
+
this.policies.clear();
|
|
279
|
+
this._nextPolicyId = 1;
|
|
280
|
+
this._registerDefaults();
|
|
281
|
+
}
|
|
282
|
+
|
|
283
|
+
// ============================================================
|
|
284
|
+
// 内部方法
|
|
285
|
+
// ============================================================
|
|
286
|
+
|
|
287
|
+
_registerDefaults() {
|
|
288
|
+
// 默认密钥扫描策略
|
|
289
|
+
this.addPolicy({
|
|
290
|
+
name: 'default-secret-scanner',
|
|
291
|
+
type: POLICY_TYPES.SECRET_SCANNER,
|
|
292
|
+
severity: 'block',
|
|
293
|
+
config: { patterns: DEFAULT_SECRET_PATTERNS },
|
|
294
|
+
});
|
|
295
|
+
|
|
296
|
+
// 默认红脱策略
|
|
297
|
+
this.addPolicy({
|
|
298
|
+
name: 'default-redaction',
|
|
299
|
+
type: POLICY_TYPES.REDACTION,
|
|
300
|
+
severity: 'warn',
|
|
301
|
+
config: {
|
|
302
|
+
patterns: [
|
|
303
|
+
{ pattern: /password\s*[=:]\s*['"][^'"]+['"]/gi },
|
|
304
|
+
{ pattern: /api[_-]?key\s*[=:]\s*['"][^'"]+['"]/gi },
|
|
305
|
+
{ pattern: /secret\s*[=:]\s*['"][^'"]+['"]/gi },
|
|
306
|
+
{ pattern: /token\s*[=:]\s*['"][^'"]+['"]/gi },
|
|
307
|
+
],
|
|
308
|
+
},
|
|
309
|
+
});
|
|
310
|
+
|
|
311
|
+
// 默认注入防护策略
|
|
312
|
+
this.addPolicy({
|
|
313
|
+
name: 'default-injection-guard',
|
|
314
|
+
type: POLICY_TYPES.INJECTION_GUARD,
|
|
315
|
+
severity: 'block',
|
|
316
|
+
config: { patterns: DEFAULT_INJECTION_PATTERNS },
|
|
317
|
+
});
|
|
318
|
+
}
|
|
319
|
+
|
|
320
|
+
_getPatternsByType(type) {
|
|
321
|
+
const patterns = [];
|
|
322
|
+
for (const policy of this.policies.values()) {
|
|
323
|
+
if (policy.type === type && policy.enabled && policy.config.patterns) {
|
|
324
|
+
patterns.push(...policy.config.patterns);
|
|
325
|
+
}
|
|
326
|
+
}
|
|
327
|
+
return patterns;
|
|
328
|
+
}
|
|
329
|
+
|
|
330
|
+
_getEnabledPoliciesByType(type) {
|
|
331
|
+
return [...this.policies.values()].filter(p => p.type === type && p.enabled);
|
|
332
|
+
}
|
|
333
|
+
|
|
334
|
+
_findFirstEnabledPolicy(type) {
|
|
335
|
+
for (const policy of this.policies.values()) {
|
|
336
|
+
if (policy.type === type && policy.enabled) return policy;
|
|
337
|
+
}
|
|
338
|
+
return null;
|
|
339
|
+
}
|
|
340
|
+
}
|
|
341
|
+
|
|
342
|
+
/**
|
|
343
|
+
* 工厂函数
|
|
344
|
+
* @param {object[]} [policies]
|
|
345
|
+
* @returns {SecurityPolicyEngine}
|
|
346
|
+
*/
|
|
347
|
+
function createSecurityPolicyEngine(policies) {
|
|
348
|
+
return new SecurityPolicyEngine(policies);
|
|
349
|
+
}
|
|
350
|
+
|
|
351
|
+
module.exports = {
|
|
352
|
+
SecurityPolicyEngine,
|
|
353
|
+
createSecurityPolicyEngine,
|
|
354
|
+
};
|