@gong-ym/ai-spec-auto 0.2.3

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (640) hide show
  1. package/.agents/commands/README.md +33 -0
  2. package/.agents/commands/claude/spec-start-review.md +88 -0
  3. package/.agents/commands/codex/spec-continue.md +74 -0
  4. package/.agents/commands/codex/spec-orchestrate.md +35 -0
  5. package/.agents/commands/codex/spec-start-review.md +88 -0
  6. package/.agents/commands/codex/spec-start.md +67 -0
  7. package/.agents/commands/codex/spec-status.md +22 -0
  8. package/.agents/commands/codex/spec-stop.md +29 -0
  9. package/.agents/commands/codex/spec-update.md +40 -0
  10. package/.agents/commands/common/branch-review.md +117 -0
  11. package/.agents/commands/common/project-init.md +25 -0
  12. package/.agents/commands/common/spec-continue.md +74 -0
  13. package/.agents/commands/common/spec-orchestrate.md +35 -0
  14. package/.agents/commands/common/spec-start-review.md +82 -0
  15. package/.agents/commands/common/spec-start.md +67 -0
  16. package/.agents/commands/common/spec-status.md +22 -0
  17. package/.agents/commands/common/spec-stop.md +29 -0
  18. package/.agents/commands/common/spec-update.md +40 -0
  19. package/.agents/commands/cursor/opsx-apply.md +55 -0
  20. package/.agents/commands/cursor/opsx-archive.md +48 -0
  21. package/.agents/commands/cursor/opsx-explore.md +45 -0
  22. package/.agents/commands/cursor/opsx-propose.md +59 -0
  23. package/.agents/commands/cursor/spec-continue.md +63 -0
  24. package/.agents/commands/cursor/spec-orchestrate.md +53 -0
  25. package/.agents/commands/cursor/spec-start-review.md +78 -0
  26. package/.agents/commands/cursor/spec-start.md +59 -0
  27. package/.agents/commands/cursor/spec-status.md +30 -0
  28. package/.agents/commands/cursor/spec-stop.md +29 -0
  29. package/.agents/commands/cursor/spec-update.md +41 -0
  30. package/.agents/flows/FRONTMATTER.md +263 -0
  31. package/.agents/flows/RUN_OUTPUT.md +263 -0
  32. package/.agents/flows/common/README.md +29 -0
  33. package/.agents/flows/common/bugfix-to-verification.md +95 -0
  34. package/.agents/flows/common/change-to-architecture-review.md +89 -0
  35. package/.agents/flows/common/change-to-release.md +94 -0
  36. package/.agents/flows/common/prd-to-delivery.md +184 -0
  37. package/.agents/flows/common/requirement-to-observability.md +97 -0
  38. package/.agents/orchestration/README.md +22 -0
  39. package/.agents/orchestration/expert-dispatch-spec.md +155 -0
  40. package/.agents/orchestration/expert-executor-spec.md +84 -0
  41. package/.agents/orchestration/expert-runtime-action-spec.md +73 -0
  42. package/.agents/orchestration/runtime-state-handoff-spec.md +264 -0
  43. package/.agents/orchestration/task-anchor-spec.md +212 -0
  44. package/.agents/orchestration/task-orchestrator-adapter-payload.md +153 -0
  45. package/.agents/orchestration/task-orchestrator-bootstrap-payload.md +145 -0
  46. package/.agents/orchestration/task-orchestrator-output-extractor-spec.md +93 -0
  47. package/.agents/orchestration/task-orchestrator-run-plan-template.md +312 -0
  48. package/.agents/orchestration/task-orchestrator-runtime-hooks.md +214 -0
  49. package/.agents/registry/README.md +63 -0
  50. package/.agents/registry/flows.json +125 -0
  51. package/.agents/registry/profiles.json +101 -0
  52. package/.agents/registry/roles.json +1266 -0
  53. package/.agents/registry/rules.json +148 -0
  54. package/.agents/registry/scenario-packages.json +123 -0
  55. package/.agents/registry/skills.json +130 -0
  56. package/.agents/roles/INDEX.md +346 -0
  57. package/.agents/roles/common/README.md +76 -0
  58. package/.agents/roles/common/archive-change.md +80 -0
  59. package/.agents/roles/common/backend-implementer.md +92 -0
  60. package/.agents/roles/common/code-guardian.md +151 -0
  61. package/.agents/roles/common/frontend-implementer.md +146 -0
  62. package/.agents/roles/common/requirement-analyst.md +138 -0
  63. package/.agents/roles/common/task-orchestrator-routing.md +301 -0
  64. package/.agents/roles/common/task-orchestrator.md +224 -0
  65. package/.agents/roles/common/tooling-implementer.md +92 -0
  66. package/.agents/roles/domains/README.md +35 -0
  67. package/.agents/roles/domains/delivery/README.md +11 -0
  68. package/.agents/roles/domains/delivery/container-specialist.md +50 -0
  69. package/.agents/roles/domains/delivery/deployment-specialist.md +50 -0
  70. package/.agents/roles/domains/delivery/pipeline-specialist.md +50 -0
  71. package/.agents/roles/domains/demand-design/README.md +16 -0
  72. package/.agents/roles/domains/demand-design/api-contract-specialist.md +52 -0
  73. package/.agents/roles/domains/demand-design/design-collaborator.md +58 -0
  74. package/.agents/roles/domains/documentation/README.md +11 -0
  75. package/.agents/roles/domains/documentation/api-doc-specialist.md +50 -0
  76. package/.agents/roles/domains/documentation/component-doc-specialist.md +49 -0
  77. package/.agents/roles/domains/documentation/technical-writing-specialist.md +48 -0
  78. package/.agents/roles/domains/engineering/README.md +17 -0
  79. package/.agents/roles/domains/engineering/architecture-advisor.md +53 -0
  80. package/.agents/roles/domains/engineering/build-specialist.md +51 -0
  81. package/.agents/roles/domains/engineering/dependency-governor.md +52 -0
  82. package/.agents/roles/domains/governance/README.md +17 -0
  83. package/.agents/roles/domains/governance/api-governance-specialist.md +51 -0
  84. package/.agents/roles/domains/governance/lint-policy-specialist.md +49 -0
  85. package/.agents/roles/domains/governance/route-governance-specialist.md +52 -0
  86. package/.agents/roles/domains/observability/README.md +11 -0
  87. package/.agents/roles/domains/observability/error-tracker.md +50 -0
  88. package/.agents/roles/domains/observability/event-instrumentation-specialist.md +51 -0
  89. package/.agents/roles/domains/observability/rum-analyst.md +50 -0
  90. package/.agents/roles/domains/performance/README.md +11 -0
  91. package/.agents/roles/domains/performance/asset-optimizer.md +50 -0
  92. package/.agents/roles/domains/performance/performance-auditor.md +56 -0
  93. package/.agents/roles/domains/performance/vitals-analyst.md +50 -0
  94. package/.agents/roles/domains/security-a11y/README.md +11 -0
  95. package/.agents/roles/domains/security-a11y/a11y-auditor.md +50 -0
  96. package/.agents/roles/domains/security-a11y/aria-specialist.md +51 -0
  97. package/.agents/roles/domains/security-a11y/security-reviewer.md +49 -0
  98. package/.agents/roles/domains/testing/README.md +12 -0
  99. package/.agents/roles/domains/testing/coverage-analyst.md +50 -0
  100. package/.agents/roles/domains/testing/e2e-test-specialist.md +51 -0
  101. package/.agents/roles/domains/testing/unit-test-specialist.md +56 -0
  102. package/.agents/roles/domains/testing/verification-reviewer.md +67 -0
  103. package/.agents/rules/README.md +87 -0
  104. package/.agents/rules/common/02-/347/274/226/347/240/201/350/247/204/350/214/203.md +45 -0
  105. package/.agents/rules/common/08-/351/200/232/347/224/250/347/272/246/346/235/237.md +63 -0
  106. package/.agents/rules/common/10-/346/226/207/346/241/243/350/247/204/350/214/203.md +101 -0
  107. package/.agents/rules/common/12-Superpowers/346/211/247/350/241/214/350/247/204/350/214/203.md +46 -0
  108. package/.agents/rules/common/14-/345/256/241/350/256/241/346/261/207/346/212/245/350/247/204/350/214/203.md +107 -0
  109. package/.agents/rules/common/15-visual-gate-wait.md +90 -0
  110. package/.agents/rules/profiles/nestjs/01-/351/241/271/347/233/256/346/246/202/350/277/260.md +27 -0
  111. package/.agents/rules/profiles/nestjs/03-/351/241/271/347/233/256/347/273/223/346/236/204.md +20 -0
  112. package/.agents/rules/profiles/nestjs/04-/346/250/241/345/235/227/347/273/223/346/236/204/350/247/204/350/214/203.md +24 -0
  113. package/.agents/rules/profiles/nestjs/05-/346/216/245/345/217/243/344/270/216/345/245/221/347/272/246/350/247/204/350/214/203.md +24 -0
  114. package/.agents/rules/profiles/nestjs/06-/346/225/260/346/215/256/350/256/277/351/227/256/350/247/204/350/214/203.md +24 -0
  115. package/.agents/rules/profiles/nestjs/07-/351/205/215/347/275/256/344/270/216/350/277/220/350/241/214/346/227/266/350/247/204/350/214/203.md +20 -0
  116. package/.agents/rules/profiles/nestjs/09-/345/274/202/345/270/270/344/270/216/346/227/245/345/277/227/350/247/204/350/214/203.md +20 -0
  117. package/.agents/rules/profiles/nestjs/11-/346/265/213/350/257/225/350/247/204/350/214/203.md +24 -0
  118. package/.agents/rules/profiles/nestjs/13-/344/273/243/347/240/201/346/240/274/345/274/217/345/214/226/344/270/216/346/243/200/346/237/245.md +20 -0
  119. package/.agents/rules/profiles/node-tooling/01-/351/241/271/347/233/256/346/246/202/350/277/260.md +30 -0
  120. package/.agents/rules/profiles/node-tooling/03-/351/241/271/347/233/256/347/273/223/346/236/204.md +37 -0
  121. package/.agents/rules/profiles/node-tooling/04-CLI/344/270/216/346/250/241/345/235/227/350/247/204/350/214/203.md +42 -0
  122. package/.agents/rules/profiles/node-tooling/05-Contract/344/270/216Schema/350/247/204/350/214/203.md +42 -0
  123. package/.agents/rules/profiles/node-tooling/06-/350/277/220/350/241/214/346/227/266/346/226/207/344/273/266/350/247/204/350/214/203.md +30 -0
  124. package/.agents/rules/profiles/node-tooling/07-/346/227/245/345/277/227/344/270/216/351/224/231/350/257/257/345/244/204/347/220/206/350/247/204/350/214/203.md +60 -0
  125. package/.agents/rules/profiles/node-tooling/09-/350/204/232/346/234/254/344/270/216/345/205/245/345/217/243/350/247/204/350/214/203.md +45 -0
  126. package/.agents/rules/profiles/node-tooling/11-/346/265/213/350/257/225/350/247/204/350/214/203.md +41 -0
  127. package/.agents/rules/profiles/node-tooling/13-/344/273/243/347/240/201/346/240/274/345/274/217/345/214/226/344/270/216/346/243/200/346/237/245.md +55 -0
  128. package/.agents/rules/profiles/react/01-/351/241/271/347/233/256/346/246/202/350/277/260.md +29 -0
  129. package/.agents/rules/profiles/react/03-/351/241/271/347/233/256/347/273/223/346/236/204.md +104 -0
  130. package/.agents/rules/profiles/react/04-/347/273/204/344/273/266/350/247/204/350/214/203.md +46 -0
  131. package/.agents/rules/profiles/react/05-API/350/247/204/350/214/203.md +67 -0
  132. package/.agents/rules/profiles/react/06-/350/267/257/347/224/261/350/247/204/350/214/203.md +54 -0
  133. package/.agents/rules/profiles/react/07-/347/212/266/346/200/201/347/256/241/347/220/206.md +226 -0
  134. package/.agents/rules/profiles/react/09-/346/240/267/345/274/217/350/247/204/350/214/203.md +71 -0
  135. package/.agents/rules/profiles/react/11-/346/265/213/350/257/225/350/247/204/350/214/203.md +80 -0
  136. package/.agents/rules/profiles/react/13-/344/273/243/347/240/201/346/240/274/345/274/217/345/214/226/344/270/216/346/243/200/346/237/245.md +159 -0
  137. package/.agents/rules/profiles/springboot/01-/351/241/271/347/233/256/346/246/202/350/277/260.md +31 -0
  138. package/.agents/rules/profiles/springboot/03-/351/241/271/347/233/256/347/273/223/346/236/204.md +37 -0
  139. package/.agents/rules/profiles/springboot/04-/345/210/206/345/261/202/350/247/204/350/214/203.md +33 -0
  140. package/.agents/rules/profiles/springboot/05-/346/216/245/345/217/243/344/270/216/345/245/221/347/272/246/350/247/204/350/214/203.md +51 -0
  141. package/.agents/rules/profiles/springboot/06-/346/225/260/346/215/256/350/256/277/351/227/256/350/247/204/350/214/203.md +34 -0
  142. package/.agents/rules/profiles/springboot/07-/351/205/215/347/275/256/344/270/216/350/277/220/350/241/214/346/227/266/350/247/204/350/214/203.md +38 -0
  143. package/.agents/rules/profiles/springboot/09-/345/274/202/345/270/270/344/270/216/346/227/245/345/277/227/350/247/204/350/214/203.md +48 -0
  144. package/.agents/rules/profiles/springboot/11-/346/265/213/350/257/225/350/247/204/350/214/203.md +43 -0
  145. package/.agents/rules/profiles/springboot/13-/344/273/243/347/240/201/346/240/274/345/274/217/345/214/226/344/270/216/346/243/200/346/237/245.md +48 -0
  146. package/.agents/rules/profiles/vue/01-/351/241/271/347/233/256/346/246/202/350/277/260.md +47 -0
  147. package/.agents/rules/profiles/vue/03-/351/241/271/347/233/256/347/273/223/346/236/204.md +106 -0
  148. package/.agents/rules/profiles/vue/04-/347/273/204/344/273/266/350/247/204/350/214/203.md +61 -0
  149. package/.agents/rules/profiles/vue/05-API/350/247/204/350/214/203.md +67 -0
  150. package/.agents/rules/profiles/vue/06-/350/267/257/347/224/261/350/247/204/350/214/203.md +69 -0
  151. package/.agents/rules/profiles/vue/07-/347/212/266/346/200/201/347/256/241/347/220/206.md +93 -0
  152. package/.agents/rules/profiles/vue/09-/346/240/267/345/274/217/350/247/204/350/214/203.md +67 -0
  153. package/.agents/rules/profiles/vue/11-/346/265/213/350/257/225/350/247/204/350/214/203.md +80 -0
  154. package/.agents/rules/profiles/vue/13-/344/273/243/347/240/201/346/240/274/345/274/217/345/214/226/344/270/216/346/243/200/346/237/245.md +159 -0
  155. package/.agents/skills/README.md +171 -0
  156. package/.agents/skills/common/archive-change/SKILL.md +180 -0
  157. package/.agents/skills/common/branch-code-reviewer/SKILL.md +459 -0
  158. package/.agents/skills/common/branch-code-reviewer/references/business-risk-guide.md +293 -0
  159. package/.agents/skills/common/branch-code-reviewer/references/html-template-guide.md +121 -0
  160. package/.agents/skills/common/config-and-secret-scan/SKILL.md +99 -0
  161. package/.agents/skills/common/create-proposal/SKILL.md +192 -0
  162. package/.agents/skills/common/create-proposal/evals/evals.json +16 -0
  163. package/.agents/skills/common/create-proposal/evals/train_queries.json +18 -0
  164. package/.agents/skills/common/create-proposal/evals/validation_queries.json +18 -0
  165. package/.agents/skills/common/create-proposal/references/interaction-spec-template.md +42 -0
  166. package/.agents/skills/common/create-test/SKILL.md +292 -0
  167. package/.agents/skills/common/dependency-impact-graph/SKILL.md +80 -0
  168. package/.agents/skills/common/execute-task/SKILL.md +206 -0
  169. package/.agents/skills/common/execute-task/evals/evals.json +16 -0
  170. package/.agents/skills/common/execute-task/evals/train_queries.json +18 -0
  171. package/.agents/skills/common/execute-task/evals/validation_queries.json +18 -0
  172. package/.agents/skills/common/find-skills/SKILL.md +144 -0
  173. package/.agents/skills/common/install-ai-spec-auto/SKILL.md +260 -0
  174. package/.agents/skills/common/install-ai-spec-auto/evals/evals.json +17 -0
  175. package/.agents/skills/common/install-ai-spec-auto/evals/train_queries.json +18 -0
  176. package/.agents/skills/common/install-ai-spec-auto/evals/validation_queries.json +18 -0
  177. package/.agents/skills/common/project-init/SKILL.md +178 -0
  178. package/.agents/skills/common/project-init/evals/evals.json +16 -0
  179. package/.agents/skills/common/project-init/evals/train_queries.json +18 -0
  180. package/.agents/skills/common/project-init/evals/validation_queries.json +18 -0
  181. package/.agents/skills/common/project-init/references/custom-rule-generation.md +89 -0
  182. package/.agents/skills/common/project-init/references/deep-scan-rules.md +67 -0
  183. package/.agents/skills/common/project-init/references/output-contracts.md +71 -0
  184. package/.agents/skills/common/project-init/references/repo-fact-gathering.md +83 -0
  185. package/.agents/skills/common/project-init/references/scope-resolution.md +76 -0
  186. package/.agents/skills/common/project-init/scripts/inspect-project.js +112 -0
  187. package/.agents/skills/common/skill-creator/LICENSE.txt +202 -0
  188. package/.agents/skills/common/skill-creator/SKILL.md +370 -0
  189. package/.agents/skills/common/skill-creator/evals/evals.json +16 -0
  190. package/.agents/skills/common/skill-creator/evals/train_queries.json +18 -0
  191. package/.agents/skills/common/skill-creator/evals/validation_queries.json +18 -0
  192. package/.agents/skills/common/skill-creator/references/output-patterns.md +82 -0
  193. package/.agents/skills/common/skill-creator/references/workflows.md +28 -0
  194. package/.agents/skills/common/skill-creator/scripts/init_skill.py +209 -0
  195. package/.agents/skills/common/skill-creator/scripts/package_skill.py +110 -0
  196. package/.agents/skills/common/skill-creator/scripts/quick_validate.py +51 -0
  197. package/.agents/skills/common/skill-optimizer/SKILL.md +102 -0
  198. package/.agents/skills/common/skill-optimizer/evals/evals.json +16 -0
  199. package/.agents/skills/common/skill-optimizer/evals/train_queries.json +18 -0
  200. package/.agents/skills/common/skill-optimizer/evals/validation_queries.json +18 -0
  201. package/.agents/skills/common/skill-optimizer/references/design-patterns.md +26 -0
  202. package/.agents/skills/common/skill-optimizer/references/review-checklist.md +22 -0
  203. package/.agents/skills/common/using-superpowers/SKILL.md +151 -0
  204. package/.agents/skills/common/wait-for-gate-signal/SKILL.md +85 -0
  205. package/.agents/skills/domains/README.md +19 -0
  206. package/.agents/skills/domains/ui-ux-pro-max/SKILL.md +58 -0
  207. package/.agents/skills/domains/web/design-analysis/SKILL.md +89 -0
  208. package/.agents/skills/domains/web/design-analysis/rules/analysis-order.md +61 -0
  209. package/.agents/skills/domains/web/design-analysis/rules/analysis-priorities.md +136 -0
  210. package/.agents/skills/domains/web/design-analysis/rules/checklist-common-misses.md +107 -0
  211. package/.agents/skills/domains/web/design-analysis/rules/implementation-common-errors.md +204 -0
  212. package/.agents/skills/domains/web/design-analysis/rules/implementation-guidelines.md +211 -0
  213. package/.agents/skills/domains/web/design-analysis/rules/output-analysis-checklist.md +247 -0
  214. package/.agents/skills/domains/web/design-analysis/rules/tools-design-guidelines.md +108 -0
  215. package/.agents/skills/domains/web/design-analysis/rules/workflow-element-extraction.md +162 -0
  216. package/.agents/skills/domains/web/design-analysis/rules/workflow-layout-map.md +131 -0
  217. package/.agents/skills/domains/web/design-analysis/rules/workflow-output-checklist.md +70 -0
  218. package/.agents/skills/domains/web/design-analysis/rules/workflow-style-summary.md +91 -0
  219. package/.agents/skills/domains/web/route-permission-map/SKILL.md +103 -0
  220. package/.agents/skills/domains/web/ui-verification/SKILL.md +114 -0
  221. package/.agents/skills/domains/web/ui-verification/evals/evals.json +16 -0
  222. package/.agents/skills/domains/web/ui-verification/evals/train_queries.json +18 -0
  223. package/.agents/skills/domains/web/ui-verification/evals/validation_queries.json +18 -0
  224. package/.agents/skills/domains/web/ui-verification/rules/comparison-content-image.md +34 -0
  225. package/.agents/skills/domains/web/ui-verification/rules/comparison-content-text.md +30 -0
  226. package/.agents/skills/domains/web/ui-verification/rules/comparison-hierarchy.md +33 -0
  227. package/.agents/skills/domains/web/ui-verification/rules/comparison-layout.md +35 -0
  228. package/.agents/skills/domains/web/ui-verification/rules/errors-alignment.md +42 -0
  229. package/.agents/skills/domains/web/ui-verification/rules/errors-button-dimensions.md +28 -0
  230. package/.agents/skills/domains/web/ui-verification/rules/errors-button-position.md +25 -0
  231. package/.agents/skills/domains/web/ui-verification/rules/errors-css-priority.md +50 -0
  232. package/.agents/skills/domains/web/ui-verification/rules/errors-flex-column-width.md +46 -0
  233. package/.agents/skills/domains/web/ui-verification/rules/errors-flex-layout.md +46 -0
  234. package/.agents/skills/domains/web/ui-verification/rules/errors-grid-container-width.md +44 -0
  235. package/.agents/skills/domains/web/ui-verification/rules/errors-page-container-width.md +39 -0
  236. package/.agents/skills/domains/web/ui-verification/rules/tools-browser-navigation.md +53 -0
  237. package/.agents/skills/domains/web/ui-verification/rules/tools-design-guidelines.md +53 -0
  238. package/.agents/skills/domains/web/ui-verification/rules/workflow-checklist.md +27 -0
  239. package/.agents/skills/domains/web/ui-verification/rules/workflow-problem-list.md +56 -0
  240. package/.agents/skills/domains/web/ui-verification/rules/workflow-reflection.md +44 -0
  241. package/.agents/skills/domains/web/ui-verification/rules/writing-alignment.md +44 -0
  242. package/.agents/skills/domains/web/ui-verification/rules/writing-element-completeness.md +63 -0
  243. package/.agents/skills/domains/web/ui-verification/rules/writing-list-layout.md +75 -0
  244. package/.agents/skills/domains/web/ui-verification/rules/writing-page-container-width.md +37 -0
  245. package/.agents/skills/domains/web/web-design-guidelines/SKILL.md +40 -0
  246. package/.agents/skills/profiles/nestjs/README.md +4 -0
  247. package/.agents/skills/profiles/node-tooling/README.md +9 -0
  248. package/.agents/skills/profiles/react/create-api/SKILL.md +145 -0
  249. package/.agents/skills/profiles/react/create-component/SKILL.md +160 -0
  250. package/.agents/skills/profiles/react/create-route/SKILL.md +168 -0
  251. package/.agents/skills/profiles/react/create-store/SKILL.md +262 -0
  252. package/.agents/skills/profiles/react/theme-variables/SKILL.md +82 -0
  253. package/.agents/skills/profiles/react/vercel-composition-patterns/AGENTS.md +899 -0
  254. package/.agents/skills/profiles/react/vercel-composition-patterns/SKILL.md +81 -0
  255. package/.agents/skills/profiles/react/vercel-composition-patterns/rules/architecture-avoid-boolean-props.md +100 -0
  256. package/.agents/skills/profiles/react/vercel-composition-patterns/rules/architecture-compound-components.md +112 -0
  257. package/.agents/skills/profiles/react/vercel-composition-patterns/rules/patterns-children-over-render-props.md +87 -0
  258. package/.agents/skills/profiles/react/vercel-composition-patterns/rules/patterns-explicit-variants.md +100 -0
  259. package/.agents/skills/profiles/react/vercel-composition-patterns/rules/state-context-interface.md +191 -0
  260. package/.agents/skills/profiles/react/vercel-composition-patterns/rules/state-decouple-implementation.md +113 -0
  261. package/.agents/skills/profiles/react/vercel-composition-patterns/rules/state-lift-state.md +125 -0
  262. package/.agents/skills/profiles/react/vercel-react-best-practices/AGENTS.md +2934 -0
  263. package/.agents/skills/profiles/react/vercel-react-best-practices/SKILL.md +136 -0
  264. package/.agents/skills/profiles/react/vercel-react-best-practices/rules/advanced-event-handler-refs.md +55 -0
  265. package/.agents/skills/profiles/react/vercel-react-best-practices/rules/advanced-init-once.md +42 -0
  266. package/.agents/skills/profiles/react/vercel-react-best-practices/rules/advanced-use-latest.md +39 -0
  267. package/.agents/skills/profiles/react/vercel-react-best-practices/rules/async-api-routes.md +38 -0
  268. package/.agents/skills/profiles/react/vercel-react-best-practices/rules/async-defer-await.md +80 -0
  269. package/.agents/skills/profiles/react/vercel-react-best-practices/rules/async-dependencies.md +51 -0
  270. package/.agents/skills/profiles/react/vercel-react-best-practices/rules/async-parallel.md +28 -0
  271. package/.agents/skills/profiles/react/vercel-react-best-practices/rules/async-suspense-boundaries.md +99 -0
  272. package/.agents/skills/profiles/react/vercel-react-best-practices/rules/bundle-barrel-imports.md +59 -0
  273. package/.agents/skills/profiles/react/vercel-react-best-practices/rules/bundle-conditional.md +31 -0
  274. package/.agents/skills/profiles/react/vercel-react-best-practices/rules/bundle-defer-third-party.md +49 -0
  275. package/.agents/skills/profiles/react/vercel-react-best-practices/rules/bundle-dynamic-imports.md +35 -0
  276. package/.agents/skills/profiles/react/vercel-react-best-practices/rules/bundle-preload.md +50 -0
  277. package/.agents/skills/profiles/react/vercel-react-best-practices/rules/client-event-listeners.md +74 -0
  278. package/.agents/skills/profiles/react/vercel-react-best-practices/rules/client-localstorage-schema.md +71 -0
  279. package/.agents/skills/profiles/react/vercel-react-best-practices/rules/client-passive-event-listeners.md +48 -0
  280. package/.agents/skills/profiles/react/vercel-react-best-practices/rules/client-swr-dedup.md +56 -0
  281. package/.agents/skills/profiles/react/vercel-react-best-practices/rules/js-batch-dom-css.md +107 -0
  282. package/.agents/skills/profiles/react/vercel-react-best-practices/rules/js-cache-function-results.md +80 -0
  283. package/.agents/skills/profiles/react/vercel-react-best-practices/rules/js-cache-property-access.md +28 -0
  284. package/.agents/skills/profiles/react/vercel-react-best-practices/rules/js-cache-storage.md +70 -0
  285. package/.agents/skills/profiles/react/vercel-react-best-practices/rules/js-combine-iterations.md +32 -0
  286. package/.agents/skills/profiles/react/vercel-react-best-practices/rules/js-early-exit.md +50 -0
  287. package/.agents/skills/profiles/react/vercel-react-best-practices/rules/js-hoist-regexp.md +45 -0
  288. package/.agents/skills/profiles/react/vercel-react-best-practices/rules/js-index-maps.md +37 -0
  289. package/.agents/skills/profiles/react/vercel-react-best-practices/rules/js-length-check-first.md +49 -0
  290. package/.agents/skills/profiles/react/vercel-react-best-practices/rules/js-min-max-loop.md +82 -0
  291. package/.agents/skills/profiles/react/vercel-react-best-practices/rules/js-set-map-lookups.md +24 -0
  292. package/.agents/skills/profiles/react/vercel-react-best-practices/rules/js-tosorted-immutable.md +57 -0
  293. package/.agents/skills/profiles/react/vercel-react-best-practices/rules/rendering-activity.md +26 -0
  294. package/.agents/skills/profiles/react/vercel-react-best-practices/rules/rendering-animate-svg-wrapper.md +47 -0
  295. package/.agents/skills/profiles/react/vercel-react-best-practices/rules/rendering-conditional-render.md +40 -0
  296. package/.agents/skills/profiles/react/vercel-react-best-practices/rules/rendering-content-visibility.md +38 -0
  297. package/.agents/skills/profiles/react/vercel-react-best-practices/rules/rendering-hoist-jsx.md +46 -0
  298. package/.agents/skills/profiles/react/vercel-react-best-practices/rules/rendering-hydration-no-flicker.md +82 -0
  299. package/.agents/skills/profiles/react/vercel-react-best-practices/rules/rendering-hydration-suppress-warning.md +30 -0
  300. package/.agents/skills/profiles/react/vercel-react-best-practices/rules/rendering-svg-precision.md +28 -0
  301. package/.agents/skills/profiles/react/vercel-react-best-practices/rules/rendering-usetransition-loading.md +75 -0
  302. package/.agents/skills/profiles/react/vercel-react-best-practices/rules/rerender-defer-reads.md +39 -0
  303. package/.agents/skills/profiles/react/vercel-react-best-practices/rules/rerender-dependencies.md +45 -0
  304. package/.agents/skills/profiles/react/vercel-react-best-practices/rules/rerender-derived-state-no-effect.md +40 -0
  305. package/.agents/skills/profiles/react/vercel-react-best-practices/rules/rerender-derived-state.md +29 -0
  306. package/.agents/skills/profiles/react/vercel-react-best-practices/rules/rerender-functional-setstate.md +74 -0
  307. package/.agents/skills/profiles/react/vercel-react-best-practices/rules/rerender-lazy-state-init.md +58 -0
  308. package/.agents/skills/profiles/react/vercel-react-best-practices/rules/rerender-memo-with-default-value.md +38 -0
  309. package/.agents/skills/profiles/react/vercel-react-best-practices/rules/rerender-memo.md +44 -0
  310. package/.agents/skills/profiles/react/vercel-react-best-practices/rules/rerender-move-effect-to-event.md +45 -0
  311. package/.agents/skills/profiles/react/vercel-react-best-practices/rules/rerender-simple-expression-in-memo.md +35 -0
  312. package/.agents/skills/profiles/react/vercel-react-best-practices/rules/rerender-transitions.md +40 -0
  313. package/.agents/skills/profiles/react/vercel-react-best-practices/rules/rerender-use-ref-transient-values.md +73 -0
  314. package/.agents/skills/profiles/react/vercel-react-best-practices/rules/server-after-nonblocking.md +73 -0
  315. package/.agents/skills/profiles/react/vercel-react-best-practices/rules/server-auth-actions.md +96 -0
  316. package/.agents/skills/profiles/react/vercel-react-best-practices/rules/server-cache-lru.md +41 -0
  317. package/.agents/skills/profiles/react/vercel-react-best-practices/rules/server-cache-react.md +76 -0
  318. package/.agents/skills/profiles/react/vercel-react-best-practices/rules/server-dedup-props.md +65 -0
  319. package/.agents/skills/profiles/react/vercel-react-best-practices/rules/server-parallel-fetching.md +83 -0
  320. package/.agents/skills/profiles/react/vercel-react-best-practices/rules/server-serialization.md +38 -0
  321. package/.agents/skills/profiles/springboot/README.md +10 -0
  322. package/.agents/skills/profiles/vue/create-api/SKILL.md +105 -0
  323. package/.agents/skills/profiles/vue/create-component/SKILL.md +76 -0
  324. package/.agents/skills/profiles/vue/create-route/SKILL.md +141 -0
  325. package/.agents/skills/profiles/vue/create-store/SKILL.md +97 -0
  326. package/.agents/skills/profiles/vue/create-view/SKILL.md +81 -0
  327. package/.agents/skills/profiles/vue/theme-variables/SKILL.md +73 -0
  328. package/.agents/skills/profiles/vue/vue-best-practices/SKILL.md +166 -0
  329. package/.agents/skills/profiles/vue/vue-best-practices/references/animation-class-based-technique.md +254 -0
  330. package/.agents/skills/profiles/vue/vue-best-practices/references/animation-state-driven-technique.md +291 -0
  331. package/.agents/skills/profiles/vue/vue-best-practices/references/component-async.md +97 -0
  332. package/.agents/skills/profiles/vue/vue-best-practices/references/component-data-flow.md +307 -0
  333. package/.agents/skills/profiles/vue/vue-best-practices/references/component-fallthrough-attrs.md +174 -0
  334. package/.agents/skills/profiles/vue/vue-best-practices/references/component-keep-alive.md +137 -0
  335. package/.agents/skills/profiles/vue/vue-best-practices/references/component-slots.md +216 -0
  336. package/.agents/skills/profiles/vue/vue-best-practices/references/component-suspense.md +228 -0
  337. package/.agents/skills/profiles/vue/vue-best-practices/references/component-teleport.md +108 -0
  338. package/.agents/skills/profiles/vue/vue-best-practices/references/component-transition-group.md +128 -0
  339. package/.agents/skills/profiles/vue/vue-best-practices/references/component-transition.md +125 -0
  340. package/.agents/skills/profiles/vue/vue-best-practices/references/composables.md +290 -0
  341. package/.agents/skills/profiles/vue/vue-best-practices/references/directives.md +162 -0
  342. package/.agents/skills/profiles/vue/vue-best-practices/references/perf-avoid-component-abstraction-in-lists.md +159 -0
  343. package/.agents/skills/profiles/vue/vue-best-practices/references/perf-v-once-v-memo-directives.md +182 -0
  344. package/.agents/skills/profiles/vue/vue-best-practices/references/perf-virtualize-large-lists.md +187 -0
  345. package/.agents/skills/profiles/vue/vue-best-practices/references/plugins.md +166 -0
  346. package/.agents/skills/profiles/vue/vue-best-practices/references/reactivity.md +344 -0
  347. package/.agents/skills/profiles/vue/vue-best-practices/references/render-functions.md +201 -0
  348. package/.agents/skills/profiles/vue/vue-best-practices/references/sfc.md +310 -0
  349. package/.agents/skills/profiles/vue/vue-best-practices/references/state-management.md +135 -0
  350. package/.agents/skills/profiles/vue/vue-best-practices/references/updated-hook-performance.md +187 -0
  351. package/.agents/templates/common/README.md +23 -0
  352. package/.agents/templates/common/bugfix.md +22 -0
  353. package/.agents/templates/common/create-expert-package.md +458 -0
  354. package/.agents/templates/common/mock-page.md +28 -0
  355. package/.agents/templates/common/new-component.md +25 -0
  356. package/.agents/templates/common/new-page.md +31 -0
  357. package/.cursor/mcp.json +36 -0
  358. package/.qoder/README.md +114 -0
  359. package/.qoder/commands +1 -0
  360. package/.qoder/mcp.json +26 -0
  361. package/.qoder/rules +1 -0
  362. package/.qoder/skills +1 -0
  363. package/LICENSE +21 -0
  364. package/README.md +433 -0
  365. package/bin/archive-change.js +474 -0
  366. package/bin/check-command.js +62 -0
  367. package/bin/cli.js +295 -0
  368. package/bin/command-template-renderer.js +40 -0
  369. package/bin/context-command.js +102 -0
  370. package/bin/demo-runtime-smoke.js +760 -0
  371. package/bin/execution-semantics.js +821 -0
  372. package/bin/executor-command.js +93 -0
  373. package/bin/expert-dispatch.js +334 -0
  374. package/bin/expert-executor.js +1148 -0
  375. package/bin/guard-command.js +52 -0
  376. package/bin/hub-command.js +876 -0
  377. package/bin/ide-command.js +242 -0
  378. package/bin/init-command.js +193 -0
  379. package/bin/install-workflow.js +2983 -0
  380. package/bin/manifest-export.js +34 -0
  381. package/bin/profile-registry.js +90 -0
  382. package/bin/protocol-workflow.js +446 -0
  383. package/bin/repair-command.js +161 -0
  384. package/bin/repo-map.js +177 -0
  385. package/bin/report-command.js +236 -0
  386. package/bin/runtime-bootstrap.js +428 -0
  387. package/bin/runtime-embedded.js +101 -0
  388. package/bin/runtime-fallback.js +106 -0
  389. package/bin/runtime-launcher.js +116 -0
  390. package/bin/runtime-paths.js +177 -0
  391. package/bin/runtime-registry.js +289 -0
  392. package/bin/runtime-state.js +2541 -0
  393. package/bin/scan.js +96 -0
  394. package/bin/self-upgrade.js +206 -0
  395. package/bin/skill-spec-validator.js +457 -0
  396. package/bin/spec-command.js +366 -0
  397. package/bin/superpowers.js +384 -0
  398. package/bin/sync-command.js +59 -0
  399. package/bin/sync.js +1904 -0
  400. package/bin/task-orchestrator-adapter.js +341 -0
  401. package/bin/task-orchestrator-extractor.js +274 -0
  402. package/bin/task-orchestrator-runner.js +1208 -0
  403. package/bin/telemetry/README.md +66 -0
  404. package/bin/telemetry/aspect.js +153 -0
  405. package/bin/telemetry/collect.js +67 -0
  406. package/bin/telemetry/config.js +114 -0
  407. package/bin/telemetry/defaults.json +5 -0
  408. package/bin/telemetry/healthcheck.js +195 -0
  409. package/bin/telemetry/identity.js +53 -0
  410. package/bin/telemetry/index.js +25 -0
  411. package/bin/telemetry/reporter.js +83 -0
  412. package/bin/telemetry/safe.js +39 -0
  413. package/bin/validate-registry.js +740 -0
  414. package/bin/visual-bridge-config.js +117 -0
  415. package/bin/visual-bridge.js +287 -0
  416. package/bin/visual-command.js +432 -0
  417. package/bin/worktree-command.js +194 -0
  418. package/configs/common/.editorconfig +15 -0
  419. package/configs/common/.husky/commit-msg +4 -0
  420. package/configs/common/.husky/pre-commit +4 -0
  421. package/configs/common/.lintstagedrc +11 -0
  422. package/configs/common/.prettierignore +11 -0
  423. package/configs/common/.prettierrc.json +11 -0
  424. package/configs/common/.stylelintignore +14 -0
  425. package/configs/common/.stylelintrc.json +21 -0
  426. package/configs/common/commitlint.config.js +3 -0
  427. package/configs/profiles/nestjs/.gitkeep +1 -0
  428. package/configs/profiles/node-tooling/.gitkeep +1 -0
  429. package/configs/profiles/react/.eslintignore +6 -0
  430. package/configs/profiles/react/.eslintrc.js +16 -0
  431. package/configs/profiles/react/.stylelintrc.json +18 -0
  432. package/configs/profiles/springboot/.gitkeep +1 -0
  433. package/configs/profiles/vue/.eslintignore +7 -0
  434. package/configs/profiles/vue/.eslintrc.cjs +17 -0
  435. package/contracts/README.md +28 -0
  436. package/contracts/fixtures/asset-package.fixture.json +26 -0
  437. package/contracts/fixtures/asset-usage-feedback.fixture.json +14 -0
  438. package/contracts/fixtures/evidence-report.fixture.json +28 -0
  439. package/contracts/fixtures/manifest.fixture.json +20 -0
  440. package/contracts/fixtures/run-event.fixture.json +15 -0
  441. package/contracts/schemas/asset-package.schema.json +76 -0
  442. package/contracts/schemas/asset-usage-feedback.schema.json +57 -0
  443. package/contracts/schemas/evidence-report.schema.json +60 -0
  444. package/contracts/schemas/manifest.schema.json +63 -0
  445. package/contracts/schemas/run-event.schema.json +72 -0
  446. package/install.ps1 +35 -0
  447. package/install.sh +17 -0
  448. package/internal/ai-protocol-workflow.js +5600 -0
  449. package/internal/hub-client.js +98 -0
  450. package/internal/hub-sync-selection.js +69 -0
  451. package/internal/visual-hooks/README.md +481 -0
  452. package/internal/visual-hooks/config-loader.js +218 -0
  453. package/internal/visual-hooks/control-puller.js +206 -0
  454. package/internal/visual-hooks/gate-signal.js +150 -0
  455. package/internal/visual-hooks/inbox-consumer.js +469 -0
  456. package/internal/visual-hooks/index.js +197 -0
  457. package/internal/visual-hooks/push-client.js +189 -0
  458. package/internal/visual-hooks/receipt-pusher.js +176 -0
  459. package/internal/visual-hooks/runtime-state-pusher.js +128 -0
  460. package/openspec/changes/.gitkeep +0 -0
  461. package/openspec/changes/archive/.gitkeep +0 -0
  462. package/openspec/config.yaml.template +52 -0
  463. package/openspec/schemas/expert-delivery/schema.yaml +68 -0
  464. package/openspec/schemas/expert-delivery/templates/checklist.md +39 -0
  465. package/openspec/schemas/expert-delivery/templates/design.md +61 -0
  466. package/openspec/schemas/expert-delivery/templates/iterations.md +25 -0
  467. package/openspec/schemas/expert-delivery/templates/proposal.md +45 -0
  468. package/openspec/schemas/expert-delivery/templates/spec.md +29 -0
  469. package/openspec/schemas/expert-delivery/templates/tasks.md +24 -0
  470. package/openspec/specs/.gitkeep +0 -0
  471. package/package.json +73 -0
  472. package/scripts/acceptance-zero-intrusion.sh +168 -0
  473. package/scripts/hub-sync-assets.config.example.json +296 -0
  474. package/scripts/hub-sync-assets.js +2038 -0
  475. package/scripts/local-verify.sh +280 -0
  476. package/scripts/post-publish-auto-fix-check.js +404 -0
  477. package/scripts/post-publish-verify.sh +175 -0
  478. package/scripts/setup-cursor-manual-test.sh +107 -0
  479. package/scripts/setup-cursor-spec-archive-test.sh +111 -0
  480. package/scripts/setup-visual-integration.sh +225 -0
  481. package/scripts/test-integration.sh +176 -0
  482. package/scripts/update-test-project.sh +93 -0
  483. package/scripts/upload-four-web.sh +57 -0
  484. package/scripts/verify-install-ps1-bom.js +26 -0
  485. package/src/agent/agent-context.js +259 -0
  486. package/src/agent/agent-profile.js +185 -0
  487. package/src/agent/agent-templates.js +161 -0
  488. package/src/agent/agent-types.js +108 -0
  489. package/src/agent/collaboration-protocol.js +333 -0
  490. package/src/agent/conflict-handler.js +364 -0
  491. package/src/agent/file-permission.js +121 -0
  492. package/src/agent/index.js +38 -0
  493. package/src/agent/permission-audit.js +151 -0
  494. package/src/agent/review-repair-loop.js +270 -0
  495. package/src/agent/tool-permission.js +101 -0
  496. package/src/asset/asset-dependency.js +322 -0
  497. package/src/asset/asset-feedback.js +350 -0
  498. package/src/asset/asset-fork.js +300 -0
  499. package/src/asset/asset-install.js +278 -0
  500. package/src/asset/asset-installer.js +497 -0
  501. package/src/asset/asset-lifecycle.js +324 -0
  502. package/src/asset/asset-manager.js +245 -0
  503. package/src/asset/asset-package-manager.js +349 -0
  504. package/src/asset/asset-package.js +186 -0
  505. package/src/asset/asset-quality.js +262 -0
  506. package/src/asset/asset-registry.js +387 -0
  507. package/src/asset/asset-version.js +293 -0
  508. package/src/asset/index.js +86 -0
  509. package/src/cache/agent-profile-cache.js +59 -0
  510. package/src/cache/asset-cache.js +63 -0
  511. package/src/cache/global-cache.js +61 -0
  512. package/src/cache/manifest-cache.js +30 -0
  513. package/src/check/check-service.js +32 -0
  514. package/src/config/config-layer.js +343 -0
  515. package/src/config/config-loader.js +60 -0
  516. package/src/config/defaults.js +49 -0
  517. package/src/connectors/hub/asset-package.js +72 -0
  518. package/src/connectors/hub/asset-usage-feedback.js +46 -0
  519. package/src/connectors/hub/hub-connector.js +44 -0
  520. package/src/connectors/hub/index.js +21 -0
  521. package/src/connectors/visual/evidence-report.js +49 -0
  522. package/src/connectors/visual/index.js +15 -0
  523. package/src/connectors/visual/queue.js +41 -0
  524. package/src/connectors/visual/run-event.js +81 -0
  525. package/src/connectors/visual/visual-connector.js +77 -0
  526. package/src/context/context-budget.js +59 -0
  527. package/src/context/context-builder.js +285 -0
  528. package/src/context/context-loader.js +116 -0
  529. package/src/context/context-planner.js +158 -0
  530. package/src/context/types.js +96 -0
  531. package/src/contracts/index.js +63 -0
  532. package/src/executor/executor-registry.js +78 -0
  533. package/src/executor/executor-result-parser.js +44 -0
  534. package/src/executor/executor-runner.js +141 -0
  535. package/src/executor/executor-selector.js +139 -0
  536. package/src/executor/executor-timeout.js +36 -0
  537. package/src/executor/providers/base-provider-utils.js +189 -0
  538. package/src/executor/providers/claude-code-executor-provider.js +128 -0
  539. package/src/executor/providers/codex-executor-provider.js +126 -0
  540. package/src/executor/providers/cursor-executor-provider.js +99 -0
  541. package/src/executor/types.js +137 -0
  542. package/src/git/branch-manager.js +71 -0
  543. package/src/git/dirty-checker.js +43 -0
  544. package/src/git/dirty-strategy-handler.js +29 -0
  545. package/src/git/git-command.js +37 -0
  546. package/src/git/git-repository-detector.js +45 -0
  547. package/src/git/multi-repo-worktree-planner.js +88 -0
  548. package/src/git/policy.js +19 -0
  549. package/src/git/strategies/block-dirty-strategy.js +34 -0
  550. package/src/git/strategies/ignore-dirty-strategy.js +33 -0
  551. package/src/git/strategies/patch-snapshot-strategy.js +53 -0
  552. package/src/git/strategies/wip-commit-strategy.js +38 -0
  553. package/src/git/types.js +71 -0
  554. package/src/git/worktree-manager.js +85 -0
  555. package/src/governance/asset-review.js +351 -0
  556. package/src/governance/audit-log.js +368 -0
  557. package/src/governance/gray-release.js +312 -0
  558. package/src/governance/index.js +31 -0
  559. package/src/governance/policy-types.js +56 -0
  560. package/src/governance/rbac-types.js +171 -0
  561. package/src/governance/rbac.js +382 -0
  562. package/src/governance/rollback.js +360 -0
  563. package/src/governance/security-policy.js +354 -0
  564. package/src/hook/hook-config-writer.js +125 -0
  565. package/src/hub/hub-client.js +186 -0
  566. package/src/hub/hub-config.js +39 -0
  567. package/src/hub/project-facts.js +31 -0
  568. package/src/hub/runtime-feedback-reporter.js +55 -0
  569. package/src/ide/adapters/adapter-protocol.js +385 -0
  570. package/src/ide/adapters/claude-adapter.js +419 -0
  571. package/src/ide/adapters/codex-adapter.js +60 -0
  572. package/src/ide/adapters/cursor-adapter.js +484 -0
  573. package/src/ide/adapters/index.js +24 -0
  574. package/src/ide/anchors/markdown-anchor-writer.js +152 -0
  575. package/src/ide/ide-service.js +270 -0
  576. package/src/ide/ide-types.js +94 -0
  577. package/src/ide/links/link-mode-resolver.js +160 -0
  578. package/src/ide/registry/ide-registry-builder.js +165 -0
  579. package/src/incident/incident-writer.js +47 -0
  580. package/src/incident/types.js +22 -0
  581. package/src/init/ide-linker.js +126 -0
  582. package/src/init/ide-pointer-injector.js +75 -0
  583. package/src/init/init-applier.js +197 -0
  584. package/src/init/init-plan.js +294 -0
  585. package/src/init/init-service.js +65 -0
  586. package/src/init/manifest-installer.js +302 -0
  587. package/src/init/types.js +26 -0
  588. package/src/project/config-writer.js +83 -0
  589. package/src/project/context-index-writer.js +82 -0
  590. package/src/project/json-utils.js +72 -0
  591. package/src/project/local-state-writer.js +50 -0
  592. package/src/project/lock-file-writer.js +98 -0
  593. package/src/project/manifest-writer.js +126 -0
  594. package/src/project/policy-config-writer.js +91 -0
  595. package/src/project/project-config-writer.js +74 -0
  596. package/src/project/project-files.js +39 -0
  597. package/src/project/registry-index-writer.js +43 -0
  598. package/src/project/workspace-config-writer.js +63 -0
  599. package/src/run/index.js +11 -0
  600. package/src/run/run-id.js +32 -0
  601. package/src/run/run-service.js +269 -0
  602. package/src/run/run-store.js +80 -0
  603. package/src/scanner/aggregator/detection-aggregator.js +23 -0
  604. package/src/scanner/boundary/boundary-resolver.js +229 -0
  605. package/src/scanner/detectors/detector-registry.js +44 -0
  606. package/src/scanner/detectors/fastapi-detector.js +46 -0
  607. package/src/scanner/detectors/go-detector.js +46 -0
  608. package/src/scanner/detectors/nestjs-detector.js +57 -0
  609. package/src/scanner/detectors/nextjs-detector.js +52 -0
  610. package/src/scanner/detectors/react-vite-detector.js +52 -0
  611. package/src/scanner/detectors/react-webpack-detector.js +57 -0
  612. package/src/scanner/detectors/springboot-detector.js +46 -0
  613. package/src/scanner/detectors/springcloud-detector.js +46 -0
  614. package/src/scanner/detectors/springmvc-detector.js +46 -0
  615. package/src/scanner/detectors/vue-vite-detector.js +52 -0
  616. package/src/scanner/engine.js +72 -0
  617. package/src/scanner/facts/fact-extractor.js +211 -0
  618. package/src/scanner/types.js +30 -0
  619. package/src/security/asset-tamper-checker.js +188 -0
  620. package/src/security/checksum.js +40 -0
  621. package/src/spec/spec-writer.js +302 -0
  622. package/src/state-machine/circuit-breaker.js +112 -0
  623. package/src/state-machine/escape-hatch.js +49 -0
  624. package/src/state-machine/stage-runner.js +281 -0
  625. package/src/state-machine/state-machine.js +24 -0
  626. package/src/state-machine/transition-guard.js +36 -0
  627. package/src/state-machine/types.js +37 -0
  628. package/src/sync/sync-service.js +192 -0
  629. package/src/visual/agent-visual.js +142 -0
  630. package/src/visual/event-gateway.js +357 -0
  631. package/src/visual/event-mapper.js +128 -0
  632. package/src/visual/hook-dashboard.js +216 -0
  633. package/src/visual/index.js +27 -0
  634. package/src/visual/metrics.js +287 -0
  635. package/src/visual/privacy-filter.js +100 -0
  636. package/src/visual/risk-board.js +252 -0
  637. package/src/visual/timeline.js +245 -0
  638. package/src/visual/visual-client.js +94 -0
  639. package/src/visual/visual-config.js +40 -0
  640. package/src/visual/visual-reporter.js +88 -0
@@ -0,0 +1,360 @@
1
+ /**
2
+ * P3.5 版本回滚
3
+ *
4
+ * 资产版本回滚、锁回滚、适配器重新生成、回滚验证
5
+ */
6
+
7
+ // ============================================================
8
+ // 常量
9
+ // ============================================================
10
+
11
+ const ROLLBACK_STATUS = Object.freeze({
12
+ PENDING: 'pending',
13
+ IN_PROGRESS: 'in_progress',
14
+ COMPLETED: 'completed',
15
+ FAILED: 'failed',
16
+ VERIFIED: 'verified',
17
+ });
18
+
19
+ const VALID_ROLLBACK_STATUS = new Set(Object.values(ROLLBACK_STATUS));
20
+
21
+ // ============================================================
22
+ // 版本回滚管理器
23
+ // ============================================================
24
+
25
+ class RollbackManager {
26
+ constructor(options = {}) {
27
+ /** @type {Map<string, object[]>} assetId → 版本记录[] */
28
+ this.versions = new Map();
29
+ /** @type {Map<string, object[]>} projectId → 锁版本记录[] */
30
+ this.lockVersions = new Map();
31
+ /** @type {Map<string, object>} rollbackId → 回滚记录 */
32
+ this.rollbacks = new Map();
33
+ /** @type {Function|null} 审计日志回调 */
34
+ this._auditCallback = options.onAudit || null;
35
+ /** @type {number} */
36
+ this._nextVersionId = 1;
37
+ /** @type {number} */
38
+ this._nextRollbackId = 1;
39
+ }
40
+
41
+ /**
42
+ * 注册资产版本
43
+ * @param {object} params
44
+ * @returns {object} 版本记录
45
+ */
46
+ registerVersion({ assetId, version, content = {}, metadata = {} }) {
47
+ if (!assetId || !version) {
48
+ throw new Error('assetId, version 必填');
49
+ }
50
+
51
+ const versionId = `ver-${this._nextVersionId++}`;
52
+ const record = {
53
+ versionId,
54
+ assetId,
55
+ version,
56
+ content: { ...content },
57
+ metadata: { ...metadata },
58
+ createdAt: new Date().toISOString(),
59
+ };
60
+
61
+ if (!this.versions.has(assetId)) {
62
+ this.versions.set(assetId, []);
63
+ }
64
+ this.versions.get(assetId).push(record);
65
+
66
+ return { ...record };
67
+ }
68
+
69
+ /**
70
+ * 列出资产所有版本
71
+ * @param {string} assetId
72
+ * @returns {object[]}
73
+ */
74
+ listVersions(assetId) {
75
+ const versions = this.versions.get(assetId) || [];
76
+ return versions.map(v => ({ ...v }));
77
+ }
78
+
79
+ /**
80
+ * 注册锁版本
81
+ * @param {object} params
82
+ * @returns {object} 锁版本记录
83
+ */
84
+ registerLockVersion({ projectId, lockVersion, lockData = {} }) {
85
+ if (!projectId || !lockVersion) {
86
+ throw new Error('projectId, lockVersion 必填');
87
+ }
88
+
89
+ const record = {
90
+ lockVersionId: `lock-${this._nextVersionId++}`,
91
+ projectId,
92
+ lockVersion,
93
+ lockData: { ...lockData },
94
+ createdAt: new Date().toISOString(),
95
+ };
96
+
97
+ if (!this.lockVersions.has(projectId)) {
98
+ this.lockVersions.set(projectId, []);
99
+ }
100
+ this.lockVersions.get(projectId).push(record);
101
+
102
+ return { ...record };
103
+ }
104
+
105
+ /**
106
+ * 回滚资产到指定版本
107
+ * @param {string} assetId
108
+ * @param {string} targetVersion
109
+ * @param {string} operatorId
110
+ * @returns {object} { ok, rollback?, error? }
111
+ */
112
+ rollbackAssetVersion(assetId, targetVersion, operatorId) {
113
+ if (!assetId || !targetVersion || !operatorId) {
114
+ return { ok: false, error: 'assetId, targetVersion, operatorId 必填' };
115
+ }
116
+
117
+ const versions = this.versions.get(assetId) || [];
118
+ const target = versions.find(v => v.version === targetVersion);
119
+ if (!target) {
120
+ return { ok: false, error: `资产 ${assetId} 没有版本 ${targetVersion}` };
121
+ }
122
+
123
+ const rollbackId = `rb-${this._nextRollbackId++}`;
124
+ const now = new Date().toISOString();
125
+
126
+ // 回滚不删除旧版本,而是创建新版本记录指向目标版本
127
+ const newVersion = this.registerVersion({
128
+ assetId,
129
+ version: `rollback-${Date.now()}`,
130
+ content: { ...target.content },
131
+ metadata: { rollbackFrom: versions[versions.length - 1]?.version, rollbackTo: targetVersion },
132
+ });
133
+
134
+ const rollback = {
135
+ rollbackId,
136
+ type: 'asset_version',
137
+ assetId,
138
+ targetVersion,
139
+ operatorId,
140
+ status: ROLLBACK_STATUS.COMPLETED,
141
+ newVersionId: newVersion.versionId,
142
+ createdAt: now,
143
+ completedAt: now,
144
+ verifiedAt: null,
145
+ verificationResult: null,
146
+ };
147
+
148
+ this.rollbacks.set(rollbackId, rollback);
149
+ this._audit('rollback', operatorId, assetId, 'rollback_asset_version', 'success', { targetVersion });
150
+
151
+ return { ok: true, rollback: { ...rollback } };
152
+ }
153
+
154
+ /**
155
+ * 回滚项目锁
156
+ * @param {string} projectId
157
+ * @param {string} targetLockVersion
158
+ * @param {string} operatorId
159
+ * @returns {object} { ok, rollback?, error? }
160
+ */
161
+ rollbackLock(projectId, targetLockVersion, operatorId) {
162
+ if (!projectId || !targetLockVersion || !operatorId) {
163
+ return { ok: false, error: 'projectId, targetLockVersion, operatorId 必填' };
164
+ }
165
+
166
+ const locks = this.lockVersions.get(projectId) || [];
167
+ const target = locks.find(l => l.lockVersion === targetLockVersion);
168
+ if (!target) {
169
+ return { ok: false, error: `项目 ${projectId} 没有锁版本 ${targetLockVersion}` };
170
+ }
171
+
172
+ const rollbackId = `rb-${this._nextRollbackId++}`;
173
+ const now = new Date().toISOString();
174
+
175
+ // 创建新的锁版本记录
176
+ const newLock = this.registerLockVersion({
177
+ projectId,
178
+ lockVersion: `rollback-${Date.now()}`,
179
+ lockData: { ...target.lockData },
180
+ });
181
+
182
+ const rollback = {
183
+ rollbackId,
184
+ type: 'lock',
185
+ projectId,
186
+ targetLockVersion,
187
+ operatorId,
188
+ status: ROLLBACK_STATUS.COMPLETED,
189
+ newLockVersionId: newLock.lockVersionId,
190
+ createdAt: now,
191
+ completedAt: now,
192
+ verifiedAt: null,
193
+ verificationResult: null,
194
+ };
195
+
196
+ this.rollbacks.set(rollbackId, rollback);
197
+ this._audit('rollback', operatorId, projectId, 'rollback_lock', 'success', { targetLockVersion });
198
+
199
+ return { ok: true, rollback: { ...rollback } };
200
+ }
201
+
202
+ /**
203
+ * 重新生成适配器输出
204
+ * @param {string} projectId
205
+ * @param {string} targetVersion
206
+ * @param {string[]} adapterNames
207
+ * @returns {object} { ok, rollback?, error? }
208
+ */
209
+ rollbackAdapters(projectId, targetVersion, adapterNames) {
210
+ if (!projectId || !targetVersion) {
211
+ return { ok: false, error: 'projectId, targetVersion 必填' };
212
+ }
213
+ if (!adapterNames || !Array.isArray(adapterNames) || adapterNames.length === 0) {
214
+ return { ok: false, error: 'adapterNames 必填且不能为空' };
215
+ }
216
+
217
+ const rollbackId = `rb-${this._nextRollbackId++}`;
218
+ const now = new Date().toISOString();
219
+
220
+ // 模拟适配器重新生成结果
221
+ const adapterResults = adapterNames.map(name => ({
222
+ adapter: name,
223
+ status: 'regenerated',
224
+ targetVersion,
225
+ }));
226
+
227
+ const rollback = {
228
+ rollbackId,
229
+ type: 'adapter',
230
+ projectId,
231
+ targetVersion,
232
+ adapterNames: [...adapterNames],
233
+ adapterResults,
234
+ status: ROLLBACK_STATUS.COMPLETED,
235
+ createdAt: now,
236
+ completedAt: now,
237
+ verifiedAt: null,
238
+ verificationResult: null,
239
+ };
240
+
241
+ this.rollbacks.set(rollbackId, rollback);
242
+ this._audit('rollback', 'system', projectId, 'rollback_adapters', 'success', { targetVersion, adapterNames });
243
+
244
+ return { ok: true, rollback: { ...rollback } };
245
+ }
246
+
247
+ /**
248
+ * 验证回滚结果
249
+ * @param {string} projectId
250
+ * @param {string} rollbackId
251
+ * @returns {object} { ok, verified?, error? }
252
+ */
253
+ verifyRollback(projectId, rollbackId) {
254
+ const rollback = this.rollbacks.get(rollbackId);
255
+ if (!rollback) {
256
+ return { ok: false, error: `回滚记录 ${rollbackId} 不存在` };
257
+ }
258
+ if (rollback.status === ROLLBACK_STATUS.VERIFIED) {
259
+ return { ok: false, error: '回滚已验证,不可重复验证' };
260
+ }
261
+ if (rollback.status !== ROLLBACK_STATUS.COMPLETED) {
262
+ return { ok: false, error: `回滚状态为 ${rollback.status},不可验证` };
263
+ }
264
+
265
+ const now = new Date().toISOString();
266
+ rollback.status = ROLLBACK_STATUS.VERIFIED;
267
+ rollback.verifiedAt = now;
268
+ rollback.verificationResult = {
269
+ passed: true,
270
+ checks: ['version_integrity', 'content_match', 'metadata_consistent'],
271
+ verifiedAt: now,
272
+ };
273
+
274
+ this._audit('rollback', 'system', projectId || '', 'verify_rollback', 'success', { rollbackId });
275
+
276
+ return { ok: true, verified: { ...rollback } };
277
+ }
278
+
279
+ /**
280
+ * 获取回滚历史
281
+ * @param {string} projectId
282
+ * @returns {object[]}
283
+ */
284
+ getRollbackHistory(projectId) {
285
+ const result = [];
286
+ for (const rb of this.rollbacks.values()) {
287
+ if (!projectId || rb.projectId === projectId || rb.assetId === projectId) {
288
+ result.push({ ...rb });
289
+ }
290
+ }
291
+ return result;
292
+ }
293
+
294
+ /**
295
+ * 获取单个回滚记录
296
+ * @param {string} rollbackId
297
+ * @returns {object|null}
298
+ */
299
+ getRollback(rollbackId) {
300
+ const rb = this.rollbacks.get(rollbackId);
301
+ return rb ? { ...rb } : null;
302
+ }
303
+
304
+ /**
305
+ * 获取统计
306
+ * @returns {object}
307
+ */
308
+ getStats() {
309
+ const byType = {};
310
+ const byStatus = {};
311
+ for (const rb of this.rollbacks.values()) {
312
+ byType[rb.type] = (byType[rb.type] || 0) + 1;
313
+ byStatus[rb.status] = (byStatus[rb.status] || 0) + 1;
314
+ }
315
+ return {
316
+ totalRollbacks: this.rollbacks.size,
317
+ totalVersions: [...this.versions.values()].reduce((s, a) => s + a.length, 0),
318
+ totalLockVersions: [...this.lockVersions.values()].reduce((s, a) => s + a.length, 0),
319
+ byType,
320
+ byStatus,
321
+ };
322
+ }
323
+
324
+ /**
325
+ * 重置
326
+ */
327
+ reset() {
328
+ this.versions.clear();
329
+ this.lockVersions.clear();
330
+ this.rollbacks.clear();
331
+ this._nextVersionId = 1;
332
+ this._nextRollbackId = 1;
333
+ }
334
+
335
+ // ============================================================
336
+ // 内部方法
337
+ // ============================================================
338
+
339
+ _audit(eventType, actor, target, action, result, metadata) {
340
+ if (this._auditCallback) {
341
+ this._auditCallback({ eventType, actor, target, action, result, metadata });
342
+ }
343
+ }
344
+ }
345
+
346
+ /**
347
+ * 工厂函数
348
+ * @param {object} [options]
349
+ * @returns {RollbackManager}
350
+ */
351
+ function createRollbackManager(options) {
352
+ return new RollbackManager(options);
353
+ }
354
+
355
+ module.exports = {
356
+ ROLLBACK_STATUS,
357
+ VALID_ROLLBACK_STATUS,
358
+ RollbackManager,
359
+ createRollbackManager,
360
+ };
@@ -0,0 +1,354 @@
1
+ /**
2
+ * P3.6 Security Policy Engine
3
+ *
4
+ * 密钥保护、源码不外泄、敏感信息红脱、命令白名单、Prompt 注入防护
5
+ */
6
+
7
+ const {
8
+ POLICY_TYPES,
9
+ POLICY_SEVERITY,
10
+ VALID_POLICY_TYPES,
11
+ VALID_POLICY_SEVERITY,
12
+ DEFAULT_SECRET_PATTERNS,
13
+ DEFAULT_INJECTION_PATTERNS,
14
+ } = require('./policy-types');
15
+
16
+ // ============================================================
17
+ // 安全策略引擎
18
+ // ============================================================
19
+
20
+ class SecurityPolicyEngine {
21
+ constructor(policies = []) {
22
+ /** @type {Map<string, object>} policyId → policy */
23
+ this.policies = new Map();
24
+ /** @type {number} */
25
+ this._nextPolicyId = 1;
26
+
27
+ // 注册默认策略
28
+ this._registerDefaults();
29
+
30
+ // 注册用户自定义策略
31
+ for (const policy of policies) {
32
+ this.addPolicy(policy);
33
+ }
34
+ }
35
+
36
+ /**
37
+ * 添加策略
38
+ * @param {object} policy
39
+ * @returns {object} 完整策略
40
+ */
41
+ addPolicy({ name, type, enabled = true, severity = 'warn', config = {} }) {
42
+ if (!name || !type) {
43
+ throw new Error('name, type 必填');
44
+ }
45
+ if (!VALID_POLICY_TYPES.has(type)) {
46
+ throw new Error(`无效策略类型: ${type},必须是 ${[...VALID_POLICY_TYPES].join(', ')} 之一`);
47
+ }
48
+ if (!VALID_POLICY_SEVERITY.has(severity)) {
49
+ throw new Error(`无效严重级别: ${severity},必须是 ${[...VALID_POLICY_SEVERITY].join(', ')} 之一`);
50
+ }
51
+
52
+ const policyId = `policy-${this._nextPolicyId++}`;
53
+ const policy = {
54
+ policyId,
55
+ name,
56
+ type,
57
+ enabled,
58
+ severity,
59
+ config: { ...config },
60
+ createdAt: new Date().toISOString(),
61
+ };
62
+
63
+ this.policies.set(policyId, policy);
64
+ return { ...policy };
65
+ }
66
+
67
+ /**
68
+ * 移除策略
69
+ * @param {string} policyId
70
+ * @returns {boolean}
71
+ */
72
+ removePolicy(policyId) {
73
+ return this.policies.delete(policyId);
74
+ }
75
+
76
+ /**
77
+ * 获取策略
78
+ * @param {string} policyId
79
+ * @returns {object|null}
80
+ */
81
+ getPolicy(policyId) {
82
+ const p = this.policies.get(policyId);
83
+ return p ? { ...p } : null;
84
+ }
85
+
86
+ /**
87
+ * 列出所有策略
88
+ * @returns {object[]}
89
+ */
90
+ listPolicies() {
91
+ return [...this.policies.values()].map(p => ({ ...p }));
92
+ }
93
+
94
+ /**
95
+ * 扫描内容中的密钥
96
+ * @param {string} content
97
+ * @returns {object} { found: boolean, matches: Array<{name, match, index}> }
98
+ */
99
+ scanForSecrets(content) {
100
+ if (typeof content !== 'string') return { found: false, matches: [] };
101
+
102
+ const matches = [];
103
+ const patterns = this._getPatternsByType(POLICY_TYPES.SECRET_SCANNER);
104
+
105
+ for (const { name, pattern } of patterns) {
106
+ const regex = new RegExp(pattern.source, pattern.flags);
107
+ let match;
108
+ while ((match = regex.exec(content)) !== null) {
109
+ matches.push({
110
+ name,
111
+ match: match[0].substring(0, 20) + '...',
112
+ index: match.index,
113
+ });
114
+ }
115
+ }
116
+
117
+ return { found: matches.length > 0, matches };
118
+ }
119
+
120
+ /**
121
+ * 红脱敏感信息
122
+ * @param {string} content
123
+ * @returns {string} 红脱后的内容
124
+ */
125
+ redactSensitive(content) {
126
+ if (typeof content !== 'string') return content;
127
+
128
+ let result = content;
129
+ const patterns = this._getPatternsByType(POLICY_TYPES.REDACTION);
130
+
131
+ for (const { pattern } of patterns) {
132
+ const regex = new RegExp(pattern.source, pattern.flags);
133
+ result = result.replace(regex, '[REDACTED]');
134
+ }
135
+
136
+ // 同时应用密钥扫描模式的红脱
137
+ const secretPatterns = this._getPatternsByType(POLICY_TYPES.SECRET_SCANNER);
138
+ for (const { pattern } of secretPatterns) {
139
+ const regex = new RegExp(pattern.source, pattern.flags);
140
+ result = result.replace(regex, '[REDACTED]');
141
+ }
142
+
143
+ return result;
144
+ }
145
+
146
+ /**
147
+ * 检查命令是否在白名单
148
+ * @param {string} command
149
+ * @returns {object} { allowed: boolean, reason? }
150
+ */
151
+ checkCommand(command) {
152
+ if (typeof command !== 'string') return { allowed: false, reason: '命令格式无效' };
153
+
154
+ const allowlistPolicies = this._getEnabledPoliciesByType(POLICY_TYPES.COMMAND_ALLOWLIST);
155
+ if (allowlistPolicies.length === 0) {
156
+ return { allowed: true };
157
+ }
158
+
159
+ const cmd = command.trim().split(/\s+/)[0];
160
+ for (const policy of allowlistPolicies) {
161
+ const allowed = policy.config.allowedCommands || [];
162
+ if (allowed.includes(cmd) || allowed.includes('*')) {
163
+ return { allowed: true };
164
+ }
165
+ }
166
+
167
+ return { allowed: false, reason: `命令 ${cmd} 不在白名单中` };
168
+ }
169
+
170
+ /**
171
+ * 检测 prompt 注入
172
+ * @param {string} prompt
173
+ * @returns {object} { detected: boolean, matches: Array<{name, pattern, index}> }
174
+ */
175
+ detectInjection(prompt) {
176
+ if (typeof prompt !== 'string') return { detected: false, matches: [] };
177
+
178
+ const matches = [];
179
+ const patterns = this._getPatternsByType(POLICY_TYPES.INJECTION_GUARD);
180
+
181
+ for (const { name, pattern } of patterns) {
182
+ const regex = new RegExp(pattern.source, pattern.flags);
183
+ let match;
184
+ while ((match = regex.exec(prompt)) !== null) {
185
+ matches.push({
186
+ name,
187
+ match: match[0],
188
+ index: match.index,
189
+ });
190
+ }
191
+ }
192
+
193
+ return { detected: matches.length > 0, matches };
194
+ }
195
+
196
+ /**
197
+ * 综合评估(串联所有策略)
198
+ * @param {string} content
199
+ * @param {object} context - { type: 'content'|'command'|'prompt', ... }
200
+ * @returns {object} { passed: boolean, violations: Array<{policyId, name, type, severity, detail}> }
201
+ */
202
+ evaluate(content, context = {}) {
203
+ const violations = [];
204
+
205
+ // 密钥扫描
206
+ const secretResult = this.scanForSecrets(content);
207
+ if (secretResult.found) {
208
+ const policy = this._findFirstEnabledPolicy(POLICY_TYPES.SECRET_SCANNER);
209
+ violations.push({
210
+ policyId: policy?.policyId || 'default',
211
+ name: policy?.name || 'secret-scanner',
212
+ type: POLICY_TYPES.SECRET_SCANNER,
213
+ severity: policy?.severity || 'block',
214
+ detail: `发现 ${secretResult.matches.length} 个密钥匹配`,
215
+ });
216
+ }
217
+
218
+ // 注入检测
219
+ if (context.type === 'prompt' || !context.type) {
220
+ const injectionResult = this.detectInjection(content);
221
+ if (injectionResult.detected) {
222
+ const policy = this._findFirstEnabledPolicy(POLICY_TYPES.INJECTION_GUARD);
223
+ violations.push({
224
+ policyId: policy?.policyId || 'default',
225
+ name: policy?.name || 'injection-guard',
226
+ type: POLICY_TYPES.INJECTION_GUARD,
227
+ severity: policy?.severity || 'block',
228
+ detail: `检测到 ${injectionResult.matches.length} 个注入模式`,
229
+ });
230
+ }
231
+ }
232
+
233
+ // 命令白名单
234
+ if (context.type === 'command') {
235
+ const cmdResult = this.checkCommand(content);
236
+ if (!cmdResult.allowed) {
237
+ const policy = this._findFirstEnabledPolicy(POLICY_TYPES.COMMAND_ALLOWLIST);
238
+ violations.push({
239
+ policyId: policy?.policyId || 'default',
240
+ name: policy?.name || 'command-allowlist',
241
+ type: POLICY_TYPES.COMMAND_ALLOWLIST,
242
+ severity: policy?.severity || 'block',
243
+ detail: cmdResult.reason,
244
+ });
245
+ }
246
+ }
247
+
248
+ const hasBlocking = violations.some(v => v.severity === 'block');
249
+ return {
250
+ passed: violations.length === 0,
251
+ blocked: hasBlocking,
252
+ violations,
253
+ };
254
+ }
255
+
256
+ /**
257
+ * 获取统计
258
+ * @returns {object}
259
+ */
260
+ getStats() {
261
+ const byType = {};
262
+ const bySeverity = {};
263
+ for (const p of this.policies.values()) {
264
+ byType[p.type] = (byType[p.type] || 0) + 1;
265
+ bySeverity[p.severity] = (bySeverity[p.severity] || 0) + 1;
266
+ }
267
+ return {
268
+ total: this.policies.size,
269
+ byType,
270
+ bySeverity,
271
+ };
272
+ }
273
+
274
+ /**
275
+ * 重置为默认策略
276
+ */
277
+ reset() {
278
+ this.policies.clear();
279
+ this._nextPolicyId = 1;
280
+ this._registerDefaults();
281
+ }
282
+
283
+ // ============================================================
284
+ // 内部方法
285
+ // ============================================================
286
+
287
+ _registerDefaults() {
288
+ // 默认密钥扫描策略
289
+ this.addPolicy({
290
+ name: 'default-secret-scanner',
291
+ type: POLICY_TYPES.SECRET_SCANNER,
292
+ severity: 'block',
293
+ config: { patterns: DEFAULT_SECRET_PATTERNS },
294
+ });
295
+
296
+ // 默认红脱策略
297
+ this.addPolicy({
298
+ name: 'default-redaction',
299
+ type: POLICY_TYPES.REDACTION,
300
+ severity: 'warn',
301
+ config: {
302
+ patterns: [
303
+ { pattern: /password\s*[=:]\s*['"][^'"]+['"]/gi },
304
+ { pattern: /api[_-]?key\s*[=:]\s*['"][^'"]+['"]/gi },
305
+ { pattern: /secret\s*[=:]\s*['"][^'"]+['"]/gi },
306
+ { pattern: /token\s*[=:]\s*['"][^'"]+['"]/gi },
307
+ ],
308
+ },
309
+ });
310
+
311
+ // 默认注入防护策略
312
+ this.addPolicy({
313
+ name: 'default-injection-guard',
314
+ type: POLICY_TYPES.INJECTION_GUARD,
315
+ severity: 'block',
316
+ config: { patterns: DEFAULT_INJECTION_PATTERNS },
317
+ });
318
+ }
319
+
320
+ _getPatternsByType(type) {
321
+ const patterns = [];
322
+ for (const policy of this.policies.values()) {
323
+ if (policy.type === type && policy.enabled && policy.config.patterns) {
324
+ patterns.push(...policy.config.patterns);
325
+ }
326
+ }
327
+ return patterns;
328
+ }
329
+
330
+ _getEnabledPoliciesByType(type) {
331
+ return [...this.policies.values()].filter(p => p.type === type && p.enabled);
332
+ }
333
+
334
+ _findFirstEnabledPolicy(type) {
335
+ for (const policy of this.policies.values()) {
336
+ if (policy.type === type && policy.enabled) return policy;
337
+ }
338
+ return null;
339
+ }
340
+ }
341
+
342
+ /**
343
+ * 工厂函数
344
+ * @param {object[]} [policies]
345
+ * @returns {SecurityPolicyEngine}
346
+ */
347
+ function createSecurityPolicyEngine(policies) {
348
+ return new SecurityPolicyEngine(policies);
349
+ }
350
+
351
+ module.exports = {
352
+ SecurityPolicyEngine,
353
+ createSecurityPolicyEngine,
354
+ };