@gong-ym/ai-spec-auto 0.2.3

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (640) hide show
  1. package/.agents/commands/README.md +33 -0
  2. package/.agents/commands/claude/spec-start-review.md +88 -0
  3. package/.agents/commands/codex/spec-continue.md +74 -0
  4. package/.agents/commands/codex/spec-orchestrate.md +35 -0
  5. package/.agents/commands/codex/spec-start-review.md +88 -0
  6. package/.agents/commands/codex/spec-start.md +67 -0
  7. package/.agents/commands/codex/spec-status.md +22 -0
  8. package/.agents/commands/codex/spec-stop.md +29 -0
  9. package/.agents/commands/codex/spec-update.md +40 -0
  10. package/.agents/commands/common/branch-review.md +117 -0
  11. package/.agents/commands/common/project-init.md +25 -0
  12. package/.agents/commands/common/spec-continue.md +74 -0
  13. package/.agents/commands/common/spec-orchestrate.md +35 -0
  14. package/.agents/commands/common/spec-start-review.md +82 -0
  15. package/.agents/commands/common/spec-start.md +67 -0
  16. package/.agents/commands/common/spec-status.md +22 -0
  17. package/.agents/commands/common/spec-stop.md +29 -0
  18. package/.agents/commands/common/spec-update.md +40 -0
  19. package/.agents/commands/cursor/opsx-apply.md +55 -0
  20. package/.agents/commands/cursor/opsx-archive.md +48 -0
  21. package/.agents/commands/cursor/opsx-explore.md +45 -0
  22. package/.agents/commands/cursor/opsx-propose.md +59 -0
  23. package/.agents/commands/cursor/spec-continue.md +63 -0
  24. package/.agents/commands/cursor/spec-orchestrate.md +53 -0
  25. package/.agents/commands/cursor/spec-start-review.md +78 -0
  26. package/.agents/commands/cursor/spec-start.md +59 -0
  27. package/.agents/commands/cursor/spec-status.md +30 -0
  28. package/.agents/commands/cursor/spec-stop.md +29 -0
  29. package/.agents/commands/cursor/spec-update.md +41 -0
  30. package/.agents/flows/FRONTMATTER.md +263 -0
  31. package/.agents/flows/RUN_OUTPUT.md +263 -0
  32. package/.agents/flows/common/README.md +29 -0
  33. package/.agents/flows/common/bugfix-to-verification.md +95 -0
  34. package/.agents/flows/common/change-to-architecture-review.md +89 -0
  35. package/.agents/flows/common/change-to-release.md +94 -0
  36. package/.agents/flows/common/prd-to-delivery.md +184 -0
  37. package/.agents/flows/common/requirement-to-observability.md +97 -0
  38. package/.agents/orchestration/README.md +22 -0
  39. package/.agents/orchestration/expert-dispatch-spec.md +155 -0
  40. package/.agents/orchestration/expert-executor-spec.md +84 -0
  41. package/.agents/orchestration/expert-runtime-action-spec.md +73 -0
  42. package/.agents/orchestration/runtime-state-handoff-spec.md +264 -0
  43. package/.agents/orchestration/task-anchor-spec.md +212 -0
  44. package/.agents/orchestration/task-orchestrator-adapter-payload.md +153 -0
  45. package/.agents/orchestration/task-orchestrator-bootstrap-payload.md +145 -0
  46. package/.agents/orchestration/task-orchestrator-output-extractor-spec.md +93 -0
  47. package/.agents/orchestration/task-orchestrator-run-plan-template.md +312 -0
  48. package/.agents/orchestration/task-orchestrator-runtime-hooks.md +214 -0
  49. package/.agents/registry/README.md +63 -0
  50. package/.agents/registry/flows.json +125 -0
  51. package/.agents/registry/profiles.json +101 -0
  52. package/.agents/registry/roles.json +1266 -0
  53. package/.agents/registry/rules.json +148 -0
  54. package/.agents/registry/scenario-packages.json +123 -0
  55. package/.agents/registry/skills.json +130 -0
  56. package/.agents/roles/INDEX.md +346 -0
  57. package/.agents/roles/common/README.md +76 -0
  58. package/.agents/roles/common/archive-change.md +80 -0
  59. package/.agents/roles/common/backend-implementer.md +92 -0
  60. package/.agents/roles/common/code-guardian.md +151 -0
  61. package/.agents/roles/common/frontend-implementer.md +146 -0
  62. package/.agents/roles/common/requirement-analyst.md +138 -0
  63. package/.agents/roles/common/task-orchestrator-routing.md +301 -0
  64. package/.agents/roles/common/task-orchestrator.md +224 -0
  65. package/.agents/roles/common/tooling-implementer.md +92 -0
  66. package/.agents/roles/domains/README.md +35 -0
  67. package/.agents/roles/domains/delivery/README.md +11 -0
  68. package/.agents/roles/domains/delivery/container-specialist.md +50 -0
  69. package/.agents/roles/domains/delivery/deployment-specialist.md +50 -0
  70. package/.agents/roles/domains/delivery/pipeline-specialist.md +50 -0
  71. package/.agents/roles/domains/demand-design/README.md +16 -0
  72. package/.agents/roles/domains/demand-design/api-contract-specialist.md +52 -0
  73. package/.agents/roles/domains/demand-design/design-collaborator.md +58 -0
  74. package/.agents/roles/domains/documentation/README.md +11 -0
  75. package/.agents/roles/domains/documentation/api-doc-specialist.md +50 -0
  76. package/.agents/roles/domains/documentation/component-doc-specialist.md +49 -0
  77. package/.agents/roles/domains/documentation/technical-writing-specialist.md +48 -0
  78. package/.agents/roles/domains/engineering/README.md +17 -0
  79. package/.agents/roles/domains/engineering/architecture-advisor.md +53 -0
  80. package/.agents/roles/domains/engineering/build-specialist.md +51 -0
  81. package/.agents/roles/domains/engineering/dependency-governor.md +52 -0
  82. package/.agents/roles/domains/governance/README.md +17 -0
  83. package/.agents/roles/domains/governance/api-governance-specialist.md +51 -0
  84. package/.agents/roles/domains/governance/lint-policy-specialist.md +49 -0
  85. package/.agents/roles/domains/governance/route-governance-specialist.md +52 -0
  86. package/.agents/roles/domains/observability/README.md +11 -0
  87. package/.agents/roles/domains/observability/error-tracker.md +50 -0
  88. package/.agents/roles/domains/observability/event-instrumentation-specialist.md +51 -0
  89. package/.agents/roles/domains/observability/rum-analyst.md +50 -0
  90. package/.agents/roles/domains/performance/README.md +11 -0
  91. package/.agents/roles/domains/performance/asset-optimizer.md +50 -0
  92. package/.agents/roles/domains/performance/performance-auditor.md +56 -0
  93. package/.agents/roles/domains/performance/vitals-analyst.md +50 -0
  94. package/.agents/roles/domains/security-a11y/README.md +11 -0
  95. package/.agents/roles/domains/security-a11y/a11y-auditor.md +50 -0
  96. package/.agents/roles/domains/security-a11y/aria-specialist.md +51 -0
  97. package/.agents/roles/domains/security-a11y/security-reviewer.md +49 -0
  98. package/.agents/roles/domains/testing/README.md +12 -0
  99. package/.agents/roles/domains/testing/coverage-analyst.md +50 -0
  100. package/.agents/roles/domains/testing/e2e-test-specialist.md +51 -0
  101. package/.agents/roles/domains/testing/unit-test-specialist.md +56 -0
  102. package/.agents/roles/domains/testing/verification-reviewer.md +67 -0
  103. package/.agents/rules/README.md +87 -0
  104. package/.agents/rules/common/02-/347/274/226/347/240/201/350/247/204/350/214/203.md +45 -0
  105. package/.agents/rules/common/08-/351/200/232/347/224/250/347/272/246/346/235/237.md +63 -0
  106. package/.agents/rules/common/10-/346/226/207/346/241/243/350/247/204/350/214/203.md +101 -0
  107. package/.agents/rules/common/12-Superpowers/346/211/247/350/241/214/350/247/204/350/214/203.md +46 -0
  108. package/.agents/rules/common/14-/345/256/241/350/256/241/346/261/207/346/212/245/350/247/204/350/214/203.md +107 -0
  109. package/.agents/rules/common/15-visual-gate-wait.md +90 -0
  110. package/.agents/rules/profiles/nestjs/01-/351/241/271/347/233/256/346/246/202/350/277/260.md +27 -0
  111. package/.agents/rules/profiles/nestjs/03-/351/241/271/347/233/256/347/273/223/346/236/204.md +20 -0
  112. package/.agents/rules/profiles/nestjs/04-/346/250/241/345/235/227/347/273/223/346/236/204/350/247/204/350/214/203.md +24 -0
  113. package/.agents/rules/profiles/nestjs/05-/346/216/245/345/217/243/344/270/216/345/245/221/347/272/246/350/247/204/350/214/203.md +24 -0
  114. package/.agents/rules/profiles/nestjs/06-/346/225/260/346/215/256/350/256/277/351/227/256/350/247/204/350/214/203.md +24 -0
  115. package/.agents/rules/profiles/nestjs/07-/351/205/215/347/275/256/344/270/216/350/277/220/350/241/214/346/227/266/350/247/204/350/214/203.md +20 -0
  116. package/.agents/rules/profiles/nestjs/09-/345/274/202/345/270/270/344/270/216/346/227/245/345/277/227/350/247/204/350/214/203.md +20 -0
  117. package/.agents/rules/profiles/nestjs/11-/346/265/213/350/257/225/350/247/204/350/214/203.md +24 -0
  118. package/.agents/rules/profiles/nestjs/13-/344/273/243/347/240/201/346/240/274/345/274/217/345/214/226/344/270/216/346/243/200/346/237/245.md +20 -0
  119. package/.agents/rules/profiles/node-tooling/01-/351/241/271/347/233/256/346/246/202/350/277/260.md +30 -0
  120. package/.agents/rules/profiles/node-tooling/03-/351/241/271/347/233/256/347/273/223/346/236/204.md +37 -0
  121. package/.agents/rules/profiles/node-tooling/04-CLI/344/270/216/346/250/241/345/235/227/350/247/204/350/214/203.md +42 -0
  122. package/.agents/rules/profiles/node-tooling/05-Contract/344/270/216Schema/350/247/204/350/214/203.md +42 -0
  123. package/.agents/rules/profiles/node-tooling/06-/350/277/220/350/241/214/346/227/266/346/226/207/344/273/266/350/247/204/350/214/203.md +30 -0
  124. package/.agents/rules/profiles/node-tooling/07-/346/227/245/345/277/227/344/270/216/351/224/231/350/257/257/345/244/204/347/220/206/350/247/204/350/214/203.md +60 -0
  125. package/.agents/rules/profiles/node-tooling/09-/350/204/232/346/234/254/344/270/216/345/205/245/345/217/243/350/247/204/350/214/203.md +45 -0
  126. package/.agents/rules/profiles/node-tooling/11-/346/265/213/350/257/225/350/247/204/350/214/203.md +41 -0
  127. package/.agents/rules/profiles/node-tooling/13-/344/273/243/347/240/201/346/240/274/345/274/217/345/214/226/344/270/216/346/243/200/346/237/245.md +55 -0
  128. package/.agents/rules/profiles/react/01-/351/241/271/347/233/256/346/246/202/350/277/260.md +29 -0
  129. package/.agents/rules/profiles/react/03-/351/241/271/347/233/256/347/273/223/346/236/204.md +104 -0
  130. package/.agents/rules/profiles/react/04-/347/273/204/344/273/266/350/247/204/350/214/203.md +46 -0
  131. package/.agents/rules/profiles/react/05-API/350/247/204/350/214/203.md +67 -0
  132. package/.agents/rules/profiles/react/06-/350/267/257/347/224/261/350/247/204/350/214/203.md +54 -0
  133. package/.agents/rules/profiles/react/07-/347/212/266/346/200/201/347/256/241/347/220/206.md +226 -0
  134. package/.agents/rules/profiles/react/09-/346/240/267/345/274/217/350/247/204/350/214/203.md +71 -0
  135. package/.agents/rules/profiles/react/11-/346/265/213/350/257/225/350/247/204/350/214/203.md +80 -0
  136. package/.agents/rules/profiles/react/13-/344/273/243/347/240/201/346/240/274/345/274/217/345/214/226/344/270/216/346/243/200/346/237/245.md +159 -0
  137. package/.agents/rules/profiles/springboot/01-/351/241/271/347/233/256/346/246/202/350/277/260.md +31 -0
  138. package/.agents/rules/profiles/springboot/03-/351/241/271/347/233/256/347/273/223/346/236/204.md +37 -0
  139. package/.agents/rules/profiles/springboot/04-/345/210/206/345/261/202/350/247/204/350/214/203.md +33 -0
  140. package/.agents/rules/profiles/springboot/05-/346/216/245/345/217/243/344/270/216/345/245/221/347/272/246/350/247/204/350/214/203.md +51 -0
  141. package/.agents/rules/profiles/springboot/06-/346/225/260/346/215/256/350/256/277/351/227/256/350/247/204/350/214/203.md +34 -0
  142. package/.agents/rules/profiles/springboot/07-/351/205/215/347/275/256/344/270/216/350/277/220/350/241/214/346/227/266/350/247/204/350/214/203.md +38 -0
  143. package/.agents/rules/profiles/springboot/09-/345/274/202/345/270/270/344/270/216/346/227/245/345/277/227/350/247/204/350/214/203.md +48 -0
  144. package/.agents/rules/profiles/springboot/11-/346/265/213/350/257/225/350/247/204/350/214/203.md +43 -0
  145. package/.agents/rules/profiles/springboot/13-/344/273/243/347/240/201/346/240/274/345/274/217/345/214/226/344/270/216/346/243/200/346/237/245.md +48 -0
  146. package/.agents/rules/profiles/vue/01-/351/241/271/347/233/256/346/246/202/350/277/260.md +47 -0
  147. package/.agents/rules/profiles/vue/03-/351/241/271/347/233/256/347/273/223/346/236/204.md +106 -0
  148. package/.agents/rules/profiles/vue/04-/347/273/204/344/273/266/350/247/204/350/214/203.md +61 -0
  149. package/.agents/rules/profiles/vue/05-API/350/247/204/350/214/203.md +67 -0
  150. package/.agents/rules/profiles/vue/06-/350/267/257/347/224/261/350/247/204/350/214/203.md +69 -0
  151. package/.agents/rules/profiles/vue/07-/347/212/266/346/200/201/347/256/241/347/220/206.md +93 -0
  152. package/.agents/rules/profiles/vue/09-/346/240/267/345/274/217/350/247/204/350/214/203.md +67 -0
  153. package/.agents/rules/profiles/vue/11-/346/265/213/350/257/225/350/247/204/350/214/203.md +80 -0
  154. package/.agents/rules/profiles/vue/13-/344/273/243/347/240/201/346/240/274/345/274/217/345/214/226/344/270/216/346/243/200/346/237/245.md +159 -0
  155. package/.agents/skills/README.md +171 -0
  156. package/.agents/skills/common/archive-change/SKILL.md +180 -0
  157. package/.agents/skills/common/branch-code-reviewer/SKILL.md +459 -0
  158. package/.agents/skills/common/branch-code-reviewer/references/business-risk-guide.md +293 -0
  159. package/.agents/skills/common/branch-code-reviewer/references/html-template-guide.md +121 -0
  160. package/.agents/skills/common/config-and-secret-scan/SKILL.md +99 -0
  161. package/.agents/skills/common/create-proposal/SKILL.md +192 -0
  162. package/.agents/skills/common/create-proposal/evals/evals.json +16 -0
  163. package/.agents/skills/common/create-proposal/evals/train_queries.json +18 -0
  164. package/.agents/skills/common/create-proposal/evals/validation_queries.json +18 -0
  165. package/.agents/skills/common/create-proposal/references/interaction-spec-template.md +42 -0
  166. package/.agents/skills/common/create-test/SKILL.md +292 -0
  167. package/.agents/skills/common/dependency-impact-graph/SKILL.md +80 -0
  168. package/.agents/skills/common/execute-task/SKILL.md +206 -0
  169. package/.agents/skills/common/execute-task/evals/evals.json +16 -0
  170. package/.agents/skills/common/execute-task/evals/train_queries.json +18 -0
  171. package/.agents/skills/common/execute-task/evals/validation_queries.json +18 -0
  172. package/.agents/skills/common/find-skills/SKILL.md +144 -0
  173. package/.agents/skills/common/install-ai-spec-auto/SKILL.md +260 -0
  174. package/.agents/skills/common/install-ai-spec-auto/evals/evals.json +17 -0
  175. package/.agents/skills/common/install-ai-spec-auto/evals/train_queries.json +18 -0
  176. package/.agents/skills/common/install-ai-spec-auto/evals/validation_queries.json +18 -0
  177. package/.agents/skills/common/project-init/SKILL.md +178 -0
  178. package/.agents/skills/common/project-init/evals/evals.json +16 -0
  179. package/.agents/skills/common/project-init/evals/train_queries.json +18 -0
  180. package/.agents/skills/common/project-init/evals/validation_queries.json +18 -0
  181. package/.agents/skills/common/project-init/references/custom-rule-generation.md +89 -0
  182. package/.agents/skills/common/project-init/references/deep-scan-rules.md +67 -0
  183. package/.agents/skills/common/project-init/references/output-contracts.md +71 -0
  184. package/.agents/skills/common/project-init/references/repo-fact-gathering.md +83 -0
  185. package/.agents/skills/common/project-init/references/scope-resolution.md +76 -0
  186. package/.agents/skills/common/project-init/scripts/inspect-project.js +112 -0
  187. package/.agents/skills/common/skill-creator/LICENSE.txt +202 -0
  188. package/.agents/skills/common/skill-creator/SKILL.md +370 -0
  189. package/.agents/skills/common/skill-creator/evals/evals.json +16 -0
  190. package/.agents/skills/common/skill-creator/evals/train_queries.json +18 -0
  191. package/.agents/skills/common/skill-creator/evals/validation_queries.json +18 -0
  192. package/.agents/skills/common/skill-creator/references/output-patterns.md +82 -0
  193. package/.agents/skills/common/skill-creator/references/workflows.md +28 -0
  194. package/.agents/skills/common/skill-creator/scripts/init_skill.py +209 -0
  195. package/.agents/skills/common/skill-creator/scripts/package_skill.py +110 -0
  196. package/.agents/skills/common/skill-creator/scripts/quick_validate.py +51 -0
  197. package/.agents/skills/common/skill-optimizer/SKILL.md +102 -0
  198. package/.agents/skills/common/skill-optimizer/evals/evals.json +16 -0
  199. package/.agents/skills/common/skill-optimizer/evals/train_queries.json +18 -0
  200. package/.agents/skills/common/skill-optimizer/evals/validation_queries.json +18 -0
  201. package/.agents/skills/common/skill-optimizer/references/design-patterns.md +26 -0
  202. package/.agents/skills/common/skill-optimizer/references/review-checklist.md +22 -0
  203. package/.agents/skills/common/using-superpowers/SKILL.md +151 -0
  204. package/.agents/skills/common/wait-for-gate-signal/SKILL.md +85 -0
  205. package/.agents/skills/domains/README.md +19 -0
  206. package/.agents/skills/domains/ui-ux-pro-max/SKILL.md +58 -0
  207. package/.agents/skills/domains/web/design-analysis/SKILL.md +89 -0
  208. package/.agents/skills/domains/web/design-analysis/rules/analysis-order.md +61 -0
  209. package/.agents/skills/domains/web/design-analysis/rules/analysis-priorities.md +136 -0
  210. package/.agents/skills/domains/web/design-analysis/rules/checklist-common-misses.md +107 -0
  211. package/.agents/skills/domains/web/design-analysis/rules/implementation-common-errors.md +204 -0
  212. package/.agents/skills/domains/web/design-analysis/rules/implementation-guidelines.md +211 -0
  213. package/.agents/skills/domains/web/design-analysis/rules/output-analysis-checklist.md +247 -0
  214. package/.agents/skills/domains/web/design-analysis/rules/tools-design-guidelines.md +108 -0
  215. package/.agents/skills/domains/web/design-analysis/rules/workflow-element-extraction.md +162 -0
  216. package/.agents/skills/domains/web/design-analysis/rules/workflow-layout-map.md +131 -0
  217. package/.agents/skills/domains/web/design-analysis/rules/workflow-output-checklist.md +70 -0
  218. package/.agents/skills/domains/web/design-analysis/rules/workflow-style-summary.md +91 -0
  219. package/.agents/skills/domains/web/route-permission-map/SKILL.md +103 -0
  220. package/.agents/skills/domains/web/ui-verification/SKILL.md +114 -0
  221. package/.agents/skills/domains/web/ui-verification/evals/evals.json +16 -0
  222. package/.agents/skills/domains/web/ui-verification/evals/train_queries.json +18 -0
  223. package/.agents/skills/domains/web/ui-verification/evals/validation_queries.json +18 -0
  224. package/.agents/skills/domains/web/ui-verification/rules/comparison-content-image.md +34 -0
  225. package/.agents/skills/domains/web/ui-verification/rules/comparison-content-text.md +30 -0
  226. package/.agents/skills/domains/web/ui-verification/rules/comparison-hierarchy.md +33 -0
  227. package/.agents/skills/domains/web/ui-verification/rules/comparison-layout.md +35 -0
  228. package/.agents/skills/domains/web/ui-verification/rules/errors-alignment.md +42 -0
  229. package/.agents/skills/domains/web/ui-verification/rules/errors-button-dimensions.md +28 -0
  230. package/.agents/skills/domains/web/ui-verification/rules/errors-button-position.md +25 -0
  231. package/.agents/skills/domains/web/ui-verification/rules/errors-css-priority.md +50 -0
  232. package/.agents/skills/domains/web/ui-verification/rules/errors-flex-column-width.md +46 -0
  233. package/.agents/skills/domains/web/ui-verification/rules/errors-flex-layout.md +46 -0
  234. package/.agents/skills/domains/web/ui-verification/rules/errors-grid-container-width.md +44 -0
  235. package/.agents/skills/domains/web/ui-verification/rules/errors-page-container-width.md +39 -0
  236. package/.agents/skills/domains/web/ui-verification/rules/tools-browser-navigation.md +53 -0
  237. package/.agents/skills/domains/web/ui-verification/rules/tools-design-guidelines.md +53 -0
  238. package/.agents/skills/domains/web/ui-verification/rules/workflow-checklist.md +27 -0
  239. package/.agents/skills/domains/web/ui-verification/rules/workflow-problem-list.md +56 -0
  240. package/.agents/skills/domains/web/ui-verification/rules/workflow-reflection.md +44 -0
  241. package/.agents/skills/domains/web/ui-verification/rules/writing-alignment.md +44 -0
  242. package/.agents/skills/domains/web/ui-verification/rules/writing-element-completeness.md +63 -0
  243. package/.agents/skills/domains/web/ui-verification/rules/writing-list-layout.md +75 -0
  244. package/.agents/skills/domains/web/ui-verification/rules/writing-page-container-width.md +37 -0
  245. package/.agents/skills/domains/web/web-design-guidelines/SKILL.md +40 -0
  246. package/.agents/skills/profiles/nestjs/README.md +4 -0
  247. package/.agents/skills/profiles/node-tooling/README.md +9 -0
  248. package/.agents/skills/profiles/react/create-api/SKILL.md +145 -0
  249. package/.agents/skills/profiles/react/create-component/SKILL.md +160 -0
  250. package/.agents/skills/profiles/react/create-route/SKILL.md +168 -0
  251. package/.agents/skills/profiles/react/create-store/SKILL.md +262 -0
  252. package/.agents/skills/profiles/react/theme-variables/SKILL.md +82 -0
  253. package/.agents/skills/profiles/react/vercel-composition-patterns/AGENTS.md +899 -0
  254. package/.agents/skills/profiles/react/vercel-composition-patterns/SKILL.md +81 -0
  255. package/.agents/skills/profiles/react/vercel-composition-patterns/rules/architecture-avoid-boolean-props.md +100 -0
  256. package/.agents/skills/profiles/react/vercel-composition-patterns/rules/architecture-compound-components.md +112 -0
  257. package/.agents/skills/profiles/react/vercel-composition-patterns/rules/patterns-children-over-render-props.md +87 -0
  258. package/.agents/skills/profiles/react/vercel-composition-patterns/rules/patterns-explicit-variants.md +100 -0
  259. package/.agents/skills/profiles/react/vercel-composition-patterns/rules/state-context-interface.md +191 -0
  260. package/.agents/skills/profiles/react/vercel-composition-patterns/rules/state-decouple-implementation.md +113 -0
  261. package/.agents/skills/profiles/react/vercel-composition-patterns/rules/state-lift-state.md +125 -0
  262. package/.agents/skills/profiles/react/vercel-react-best-practices/AGENTS.md +2934 -0
  263. package/.agents/skills/profiles/react/vercel-react-best-practices/SKILL.md +136 -0
  264. package/.agents/skills/profiles/react/vercel-react-best-practices/rules/advanced-event-handler-refs.md +55 -0
  265. package/.agents/skills/profiles/react/vercel-react-best-practices/rules/advanced-init-once.md +42 -0
  266. package/.agents/skills/profiles/react/vercel-react-best-practices/rules/advanced-use-latest.md +39 -0
  267. package/.agents/skills/profiles/react/vercel-react-best-practices/rules/async-api-routes.md +38 -0
  268. package/.agents/skills/profiles/react/vercel-react-best-practices/rules/async-defer-await.md +80 -0
  269. package/.agents/skills/profiles/react/vercel-react-best-practices/rules/async-dependencies.md +51 -0
  270. package/.agents/skills/profiles/react/vercel-react-best-practices/rules/async-parallel.md +28 -0
  271. package/.agents/skills/profiles/react/vercel-react-best-practices/rules/async-suspense-boundaries.md +99 -0
  272. package/.agents/skills/profiles/react/vercel-react-best-practices/rules/bundle-barrel-imports.md +59 -0
  273. package/.agents/skills/profiles/react/vercel-react-best-practices/rules/bundle-conditional.md +31 -0
  274. package/.agents/skills/profiles/react/vercel-react-best-practices/rules/bundle-defer-third-party.md +49 -0
  275. package/.agents/skills/profiles/react/vercel-react-best-practices/rules/bundle-dynamic-imports.md +35 -0
  276. package/.agents/skills/profiles/react/vercel-react-best-practices/rules/bundle-preload.md +50 -0
  277. package/.agents/skills/profiles/react/vercel-react-best-practices/rules/client-event-listeners.md +74 -0
  278. package/.agents/skills/profiles/react/vercel-react-best-practices/rules/client-localstorage-schema.md +71 -0
  279. package/.agents/skills/profiles/react/vercel-react-best-practices/rules/client-passive-event-listeners.md +48 -0
  280. package/.agents/skills/profiles/react/vercel-react-best-practices/rules/client-swr-dedup.md +56 -0
  281. package/.agents/skills/profiles/react/vercel-react-best-practices/rules/js-batch-dom-css.md +107 -0
  282. package/.agents/skills/profiles/react/vercel-react-best-practices/rules/js-cache-function-results.md +80 -0
  283. package/.agents/skills/profiles/react/vercel-react-best-practices/rules/js-cache-property-access.md +28 -0
  284. package/.agents/skills/profiles/react/vercel-react-best-practices/rules/js-cache-storage.md +70 -0
  285. package/.agents/skills/profiles/react/vercel-react-best-practices/rules/js-combine-iterations.md +32 -0
  286. package/.agents/skills/profiles/react/vercel-react-best-practices/rules/js-early-exit.md +50 -0
  287. package/.agents/skills/profiles/react/vercel-react-best-practices/rules/js-hoist-regexp.md +45 -0
  288. package/.agents/skills/profiles/react/vercel-react-best-practices/rules/js-index-maps.md +37 -0
  289. package/.agents/skills/profiles/react/vercel-react-best-practices/rules/js-length-check-first.md +49 -0
  290. package/.agents/skills/profiles/react/vercel-react-best-practices/rules/js-min-max-loop.md +82 -0
  291. package/.agents/skills/profiles/react/vercel-react-best-practices/rules/js-set-map-lookups.md +24 -0
  292. package/.agents/skills/profiles/react/vercel-react-best-practices/rules/js-tosorted-immutable.md +57 -0
  293. package/.agents/skills/profiles/react/vercel-react-best-practices/rules/rendering-activity.md +26 -0
  294. package/.agents/skills/profiles/react/vercel-react-best-practices/rules/rendering-animate-svg-wrapper.md +47 -0
  295. package/.agents/skills/profiles/react/vercel-react-best-practices/rules/rendering-conditional-render.md +40 -0
  296. package/.agents/skills/profiles/react/vercel-react-best-practices/rules/rendering-content-visibility.md +38 -0
  297. package/.agents/skills/profiles/react/vercel-react-best-practices/rules/rendering-hoist-jsx.md +46 -0
  298. package/.agents/skills/profiles/react/vercel-react-best-practices/rules/rendering-hydration-no-flicker.md +82 -0
  299. package/.agents/skills/profiles/react/vercel-react-best-practices/rules/rendering-hydration-suppress-warning.md +30 -0
  300. package/.agents/skills/profiles/react/vercel-react-best-practices/rules/rendering-svg-precision.md +28 -0
  301. package/.agents/skills/profiles/react/vercel-react-best-practices/rules/rendering-usetransition-loading.md +75 -0
  302. package/.agents/skills/profiles/react/vercel-react-best-practices/rules/rerender-defer-reads.md +39 -0
  303. package/.agents/skills/profiles/react/vercel-react-best-practices/rules/rerender-dependencies.md +45 -0
  304. package/.agents/skills/profiles/react/vercel-react-best-practices/rules/rerender-derived-state-no-effect.md +40 -0
  305. package/.agents/skills/profiles/react/vercel-react-best-practices/rules/rerender-derived-state.md +29 -0
  306. package/.agents/skills/profiles/react/vercel-react-best-practices/rules/rerender-functional-setstate.md +74 -0
  307. package/.agents/skills/profiles/react/vercel-react-best-practices/rules/rerender-lazy-state-init.md +58 -0
  308. package/.agents/skills/profiles/react/vercel-react-best-practices/rules/rerender-memo-with-default-value.md +38 -0
  309. package/.agents/skills/profiles/react/vercel-react-best-practices/rules/rerender-memo.md +44 -0
  310. package/.agents/skills/profiles/react/vercel-react-best-practices/rules/rerender-move-effect-to-event.md +45 -0
  311. package/.agents/skills/profiles/react/vercel-react-best-practices/rules/rerender-simple-expression-in-memo.md +35 -0
  312. package/.agents/skills/profiles/react/vercel-react-best-practices/rules/rerender-transitions.md +40 -0
  313. package/.agents/skills/profiles/react/vercel-react-best-practices/rules/rerender-use-ref-transient-values.md +73 -0
  314. package/.agents/skills/profiles/react/vercel-react-best-practices/rules/server-after-nonblocking.md +73 -0
  315. package/.agents/skills/profiles/react/vercel-react-best-practices/rules/server-auth-actions.md +96 -0
  316. package/.agents/skills/profiles/react/vercel-react-best-practices/rules/server-cache-lru.md +41 -0
  317. package/.agents/skills/profiles/react/vercel-react-best-practices/rules/server-cache-react.md +76 -0
  318. package/.agents/skills/profiles/react/vercel-react-best-practices/rules/server-dedup-props.md +65 -0
  319. package/.agents/skills/profiles/react/vercel-react-best-practices/rules/server-parallel-fetching.md +83 -0
  320. package/.agents/skills/profiles/react/vercel-react-best-practices/rules/server-serialization.md +38 -0
  321. package/.agents/skills/profiles/springboot/README.md +10 -0
  322. package/.agents/skills/profiles/vue/create-api/SKILL.md +105 -0
  323. package/.agents/skills/profiles/vue/create-component/SKILL.md +76 -0
  324. package/.agents/skills/profiles/vue/create-route/SKILL.md +141 -0
  325. package/.agents/skills/profiles/vue/create-store/SKILL.md +97 -0
  326. package/.agents/skills/profiles/vue/create-view/SKILL.md +81 -0
  327. package/.agents/skills/profiles/vue/theme-variables/SKILL.md +73 -0
  328. package/.agents/skills/profiles/vue/vue-best-practices/SKILL.md +166 -0
  329. package/.agents/skills/profiles/vue/vue-best-practices/references/animation-class-based-technique.md +254 -0
  330. package/.agents/skills/profiles/vue/vue-best-practices/references/animation-state-driven-technique.md +291 -0
  331. package/.agents/skills/profiles/vue/vue-best-practices/references/component-async.md +97 -0
  332. package/.agents/skills/profiles/vue/vue-best-practices/references/component-data-flow.md +307 -0
  333. package/.agents/skills/profiles/vue/vue-best-practices/references/component-fallthrough-attrs.md +174 -0
  334. package/.agents/skills/profiles/vue/vue-best-practices/references/component-keep-alive.md +137 -0
  335. package/.agents/skills/profiles/vue/vue-best-practices/references/component-slots.md +216 -0
  336. package/.agents/skills/profiles/vue/vue-best-practices/references/component-suspense.md +228 -0
  337. package/.agents/skills/profiles/vue/vue-best-practices/references/component-teleport.md +108 -0
  338. package/.agents/skills/profiles/vue/vue-best-practices/references/component-transition-group.md +128 -0
  339. package/.agents/skills/profiles/vue/vue-best-practices/references/component-transition.md +125 -0
  340. package/.agents/skills/profiles/vue/vue-best-practices/references/composables.md +290 -0
  341. package/.agents/skills/profiles/vue/vue-best-practices/references/directives.md +162 -0
  342. package/.agents/skills/profiles/vue/vue-best-practices/references/perf-avoid-component-abstraction-in-lists.md +159 -0
  343. package/.agents/skills/profiles/vue/vue-best-practices/references/perf-v-once-v-memo-directives.md +182 -0
  344. package/.agents/skills/profiles/vue/vue-best-practices/references/perf-virtualize-large-lists.md +187 -0
  345. package/.agents/skills/profiles/vue/vue-best-practices/references/plugins.md +166 -0
  346. package/.agents/skills/profiles/vue/vue-best-practices/references/reactivity.md +344 -0
  347. package/.agents/skills/profiles/vue/vue-best-practices/references/render-functions.md +201 -0
  348. package/.agents/skills/profiles/vue/vue-best-practices/references/sfc.md +310 -0
  349. package/.agents/skills/profiles/vue/vue-best-practices/references/state-management.md +135 -0
  350. package/.agents/skills/profiles/vue/vue-best-practices/references/updated-hook-performance.md +187 -0
  351. package/.agents/templates/common/README.md +23 -0
  352. package/.agents/templates/common/bugfix.md +22 -0
  353. package/.agents/templates/common/create-expert-package.md +458 -0
  354. package/.agents/templates/common/mock-page.md +28 -0
  355. package/.agents/templates/common/new-component.md +25 -0
  356. package/.agents/templates/common/new-page.md +31 -0
  357. package/.cursor/mcp.json +36 -0
  358. package/.qoder/README.md +114 -0
  359. package/.qoder/commands +1 -0
  360. package/.qoder/mcp.json +26 -0
  361. package/.qoder/rules +1 -0
  362. package/.qoder/skills +1 -0
  363. package/LICENSE +21 -0
  364. package/README.md +433 -0
  365. package/bin/archive-change.js +474 -0
  366. package/bin/check-command.js +62 -0
  367. package/bin/cli.js +295 -0
  368. package/bin/command-template-renderer.js +40 -0
  369. package/bin/context-command.js +102 -0
  370. package/bin/demo-runtime-smoke.js +760 -0
  371. package/bin/execution-semantics.js +821 -0
  372. package/bin/executor-command.js +93 -0
  373. package/bin/expert-dispatch.js +334 -0
  374. package/bin/expert-executor.js +1148 -0
  375. package/bin/guard-command.js +52 -0
  376. package/bin/hub-command.js +876 -0
  377. package/bin/ide-command.js +242 -0
  378. package/bin/init-command.js +193 -0
  379. package/bin/install-workflow.js +2983 -0
  380. package/bin/manifest-export.js +34 -0
  381. package/bin/profile-registry.js +90 -0
  382. package/bin/protocol-workflow.js +446 -0
  383. package/bin/repair-command.js +161 -0
  384. package/bin/repo-map.js +177 -0
  385. package/bin/report-command.js +236 -0
  386. package/bin/runtime-bootstrap.js +428 -0
  387. package/bin/runtime-embedded.js +101 -0
  388. package/bin/runtime-fallback.js +106 -0
  389. package/bin/runtime-launcher.js +116 -0
  390. package/bin/runtime-paths.js +177 -0
  391. package/bin/runtime-registry.js +289 -0
  392. package/bin/runtime-state.js +2541 -0
  393. package/bin/scan.js +96 -0
  394. package/bin/self-upgrade.js +206 -0
  395. package/bin/skill-spec-validator.js +457 -0
  396. package/bin/spec-command.js +366 -0
  397. package/bin/superpowers.js +384 -0
  398. package/bin/sync-command.js +59 -0
  399. package/bin/sync.js +1904 -0
  400. package/bin/task-orchestrator-adapter.js +341 -0
  401. package/bin/task-orchestrator-extractor.js +274 -0
  402. package/bin/task-orchestrator-runner.js +1208 -0
  403. package/bin/telemetry/README.md +66 -0
  404. package/bin/telemetry/aspect.js +153 -0
  405. package/bin/telemetry/collect.js +67 -0
  406. package/bin/telemetry/config.js +114 -0
  407. package/bin/telemetry/defaults.json +5 -0
  408. package/bin/telemetry/healthcheck.js +195 -0
  409. package/bin/telemetry/identity.js +53 -0
  410. package/bin/telemetry/index.js +25 -0
  411. package/bin/telemetry/reporter.js +83 -0
  412. package/bin/telemetry/safe.js +39 -0
  413. package/bin/validate-registry.js +740 -0
  414. package/bin/visual-bridge-config.js +117 -0
  415. package/bin/visual-bridge.js +287 -0
  416. package/bin/visual-command.js +432 -0
  417. package/bin/worktree-command.js +194 -0
  418. package/configs/common/.editorconfig +15 -0
  419. package/configs/common/.husky/commit-msg +4 -0
  420. package/configs/common/.husky/pre-commit +4 -0
  421. package/configs/common/.lintstagedrc +11 -0
  422. package/configs/common/.prettierignore +11 -0
  423. package/configs/common/.prettierrc.json +11 -0
  424. package/configs/common/.stylelintignore +14 -0
  425. package/configs/common/.stylelintrc.json +21 -0
  426. package/configs/common/commitlint.config.js +3 -0
  427. package/configs/profiles/nestjs/.gitkeep +1 -0
  428. package/configs/profiles/node-tooling/.gitkeep +1 -0
  429. package/configs/profiles/react/.eslintignore +6 -0
  430. package/configs/profiles/react/.eslintrc.js +16 -0
  431. package/configs/profiles/react/.stylelintrc.json +18 -0
  432. package/configs/profiles/springboot/.gitkeep +1 -0
  433. package/configs/profiles/vue/.eslintignore +7 -0
  434. package/configs/profiles/vue/.eslintrc.cjs +17 -0
  435. package/contracts/README.md +28 -0
  436. package/contracts/fixtures/asset-package.fixture.json +26 -0
  437. package/contracts/fixtures/asset-usage-feedback.fixture.json +14 -0
  438. package/contracts/fixtures/evidence-report.fixture.json +28 -0
  439. package/contracts/fixtures/manifest.fixture.json +20 -0
  440. package/contracts/fixtures/run-event.fixture.json +15 -0
  441. package/contracts/schemas/asset-package.schema.json +76 -0
  442. package/contracts/schemas/asset-usage-feedback.schema.json +57 -0
  443. package/contracts/schemas/evidence-report.schema.json +60 -0
  444. package/contracts/schemas/manifest.schema.json +63 -0
  445. package/contracts/schemas/run-event.schema.json +72 -0
  446. package/install.ps1 +35 -0
  447. package/install.sh +17 -0
  448. package/internal/ai-protocol-workflow.js +5600 -0
  449. package/internal/hub-client.js +98 -0
  450. package/internal/hub-sync-selection.js +69 -0
  451. package/internal/visual-hooks/README.md +481 -0
  452. package/internal/visual-hooks/config-loader.js +218 -0
  453. package/internal/visual-hooks/control-puller.js +206 -0
  454. package/internal/visual-hooks/gate-signal.js +150 -0
  455. package/internal/visual-hooks/inbox-consumer.js +469 -0
  456. package/internal/visual-hooks/index.js +197 -0
  457. package/internal/visual-hooks/push-client.js +189 -0
  458. package/internal/visual-hooks/receipt-pusher.js +176 -0
  459. package/internal/visual-hooks/runtime-state-pusher.js +128 -0
  460. package/openspec/changes/.gitkeep +0 -0
  461. package/openspec/changes/archive/.gitkeep +0 -0
  462. package/openspec/config.yaml.template +52 -0
  463. package/openspec/schemas/expert-delivery/schema.yaml +68 -0
  464. package/openspec/schemas/expert-delivery/templates/checklist.md +39 -0
  465. package/openspec/schemas/expert-delivery/templates/design.md +61 -0
  466. package/openspec/schemas/expert-delivery/templates/iterations.md +25 -0
  467. package/openspec/schemas/expert-delivery/templates/proposal.md +45 -0
  468. package/openspec/schemas/expert-delivery/templates/spec.md +29 -0
  469. package/openspec/schemas/expert-delivery/templates/tasks.md +24 -0
  470. package/openspec/specs/.gitkeep +0 -0
  471. package/package.json +73 -0
  472. package/scripts/acceptance-zero-intrusion.sh +168 -0
  473. package/scripts/hub-sync-assets.config.example.json +296 -0
  474. package/scripts/hub-sync-assets.js +2038 -0
  475. package/scripts/local-verify.sh +280 -0
  476. package/scripts/post-publish-auto-fix-check.js +404 -0
  477. package/scripts/post-publish-verify.sh +175 -0
  478. package/scripts/setup-cursor-manual-test.sh +107 -0
  479. package/scripts/setup-cursor-spec-archive-test.sh +111 -0
  480. package/scripts/setup-visual-integration.sh +225 -0
  481. package/scripts/test-integration.sh +176 -0
  482. package/scripts/update-test-project.sh +93 -0
  483. package/scripts/upload-four-web.sh +57 -0
  484. package/scripts/verify-install-ps1-bom.js +26 -0
  485. package/src/agent/agent-context.js +259 -0
  486. package/src/agent/agent-profile.js +185 -0
  487. package/src/agent/agent-templates.js +161 -0
  488. package/src/agent/agent-types.js +108 -0
  489. package/src/agent/collaboration-protocol.js +333 -0
  490. package/src/agent/conflict-handler.js +364 -0
  491. package/src/agent/file-permission.js +121 -0
  492. package/src/agent/index.js +38 -0
  493. package/src/agent/permission-audit.js +151 -0
  494. package/src/agent/review-repair-loop.js +270 -0
  495. package/src/agent/tool-permission.js +101 -0
  496. package/src/asset/asset-dependency.js +322 -0
  497. package/src/asset/asset-feedback.js +350 -0
  498. package/src/asset/asset-fork.js +300 -0
  499. package/src/asset/asset-install.js +278 -0
  500. package/src/asset/asset-installer.js +497 -0
  501. package/src/asset/asset-lifecycle.js +324 -0
  502. package/src/asset/asset-manager.js +245 -0
  503. package/src/asset/asset-package-manager.js +349 -0
  504. package/src/asset/asset-package.js +186 -0
  505. package/src/asset/asset-quality.js +262 -0
  506. package/src/asset/asset-registry.js +387 -0
  507. package/src/asset/asset-version.js +293 -0
  508. package/src/asset/index.js +86 -0
  509. package/src/cache/agent-profile-cache.js +59 -0
  510. package/src/cache/asset-cache.js +63 -0
  511. package/src/cache/global-cache.js +61 -0
  512. package/src/cache/manifest-cache.js +30 -0
  513. package/src/check/check-service.js +32 -0
  514. package/src/config/config-layer.js +343 -0
  515. package/src/config/config-loader.js +60 -0
  516. package/src/config/defaults.js +49 -0
  517. package/src/connectors/hub/asset-package.js +72 -0
  518. package/src/connectors/hub/asset-usage-feedback.js +46 -0
  519. package/src/connectors/hub/hub-connector.js +44 -0
  520. package/src/connectors/hub/index.js +21 -0
  521. package/src/connectors/visual/evidence-report.js +49 -0
  522. package/src/connectors/visual/index.js +15 -0
  523. package/src/connectors/visual/queue.js +41 -0
  524. package/src/connectors/visual/run-event.js +81 -0
  525. package/src/connectors/visual/visual-connector.js +77 -0
  526. package/src/context/context-budget.js +59 -0
  527. package/src/context/context-builder.js +285 -0
  528. package/src/context/context-loader.js +116 -0
  529. package/src/context/context-planner.js +158 -0
  530. package/src/context/types.js +96 -0
  531. package/src/contracts/index.js +63 -0
  532. package/src/executor/executor-registry.js +78 -0
  533. package/src/executor/executor-result-parser.js +44 -0
  534. package/src/executor/executor-runner.js +141 -0
  535. package/src/executor/executor-selector.js +139 -0
  536. package/src/executor/executor-timeout.js +36 -0
  537. package/src/executor/providers/base-provider-utils.js +189 -0
  538. package/src/executor/providers/claude-code-executor-provider.js +128 -0
  539. package/src/executor/providers/codex-executor-provider.js +126 -0
  540. package/src/executor/providers/cursor-executor-provider.js +99 -0
  541. package/src/executor/types.js +137 -0
  542. package/src/git/branch-manager.js +71 -0
  543. package/src/git/dirty-checker.js +43 -0
  544. package/src/git/dirty-strategy-handler.js +29 -0
  545. package/src/git/git-command.js +37 -0
  546. package/src/git/git-repository-detector.js +45 -0
  547. package/src/git/multi-repo-worktree-planner.js +88 -0
  548. package/src/git/policy.js +19 -0
  549. package/src/git/strategies/block-dirty-strategy.js +34 -0
  550. package/src/git/strategies/ignore-dirty-strategy.js +33 -0
  551. package/src/git/strategies/patch-snapshot-strategy.js +53 -0
  552. package/src/git/strategies/wip-commit-strategy.js +38 -0
  553. package/src/git/types.js +71 -0
  554. package/src/git/worktree-manager.js +85 -0
  555. package/src/governance/asset-review.js +351 -0
  556. package/src/governance/audit-log.js +368 -0
  557. package/src/governance/gray-release.js +312 -0
  558. package/src/governance/index.js +31 -0
  559. package/src/governance/policy-types.js +56 -0
  560. package/src/governance/rbac-types.js +171 -0
  561. package/src/governance/rbac.js +382 -0
  562. package/src/governance/rollback.js +360 -0
  563. package/src/governance/security-policy.js +354 -0
  564. package/src/hook/hook-config-writer.js +125 -0
  565. package/src/hub/hub-client.js +186 -0
  566. package/src/hub/hub-config.js +39 -0
  567. package/src/hub/project-facts.js +31 -0
  568. package/src/hub/runtime-feedback-reporter.js +55 -0
  569. package/src/ide/adapters/adapter-protocol.js +385 -0
  570. package/src/ide/adapters/claude-adapter.js +419 -0
  571. package/src/ide/adapters/codex-adapter.js +60 -0
  572. package/src/ide/adapters/cursor-adapter.js +484 -0
  573. package/src/ide/adapters/index.js +24 -0
  574. package/src/ide/anchors/markdown-anchor-writer.js +152 -0
  575. package/src/ide/ide-service.js +270 -0
  576. package/src/ide/ide-types.js +94 -0
  577. package/src/ide/links/link-mode-resolver.js +160 -0
  578. package/src/ide/registry/ide-registry-builder.js +165 -0
  579. package/src/incident/incident-writer.js +47 -0
  580. package/src/incident/types.js +22 -0
  581. package/src/init/ide-linker.js +126 -0
  582. package/src/init/ide-pointer-injector.js +75 -0
  583. package/src/init/init-applier.js +197 -0
  584. package/src/init/init-plan.js +294 -0
  585. package/src/init/init-service.js +65 -0
  586. package/src/init/manifest-installer.js +302 -0
  587. package/src/init/types.js +26 -0
  588. package/src/project/config-writer.js +83 -0
  589. package/src/project/context-index-writer.js +82 -0
  590. package/src/project/json-utils.js +72 -0
  591. package/src/project/local-state-writer.js +50 -0
  592. package/src/project/lock-file-writer.js +98 -0
  593. package/src/project/manifest-writer.js +126 -0
  594. package/src/project/policy-config-writer.js +91 -0
  595. package/src/project/project-config-writer.js +74 -0
  596. package/src/project/project-files.js +39 -0
  597. package/src/project/registry-index-writer.js +43 -0
  598. package/src/project/workspace-config-writer.js +63 -0
  599. package/src/run/index.js +11 -0
  600. package/src/run/run-id.js +32 -0
  601. package/src/run/run-service.js +269 -0
  602. package/src/run/run-store.js +80 -0
  603. package/src/scanner/aggregator/detection-aggregator.js +23 -0
  604. package/src/scanner/boundary/boundary-resolver.js +229 -0
  605. package/src/scanner/detectors/detector-registry.js +44 -0
  606. package/src/scanner/detectors/fastapi-detector.js +46 -0
  607. package/src/scanner/detectors/go-detector.js +46 -0
  608. package/src/scanner/detectors/nestjs-detector.js +57 -0
  609. package/src/scanner/detectors/nextjs-detector.js +52 -0
  610. package/src/scanner/detectors/react-vite-detector.js +52 -0
  611. package/src/scanner/detectors/react-webpack-detector.js +57 -0
  612. package/src/scanner/detectors/springboot-detector.js +46 -0
  613. package/src/scanner/detectors/springcloud-detector.js +46 -0
  614. package/src/scanner/detectors/springmvc-detector.js +46 -0
  615. package/src/scanner/detectors/vue-vite-detector.js +52 -0
  616. package/src/scanner/engine.js +72 -0
  617. package/src/scanner/facts/fact-extractor.js +211 -0
  618. package/src/scanner/types.js +30 -0
  619. package/src/security/asset-tamper-checker.js +188 -0
  620. package/src/security/checksum.js +40 -0
  621. package/src/spec/spec-writer.js +302 -0
  622. package/src/state-machine/circuit-breaker.js +112 -0
  623. package/src/state-machine/escape-hatch.js +49 -0
  624. package/src/state-machine/stage-runner.js +281 -0
  625. package/src/state-machine/state-machine.js +24 -0
  626. package/src/state-machine/transition-guard.js +36 -0
  627. package/src/state-machine/types.js +37 -0
  628. package/src/sync/sync-service.js +192 -0
  629. package/src/visual/agent-visual.js +142 -0
  630. package/src/visual/event-gateway.js +357 -0
  631. package/src/visual/event-mapper.js +128 -0
  632. package/src/visual/hook-dashboard.js +216 -0
  633. package/src/visual/index.js +27 -0
  634. package/src/visual/metrics.js +287 -0
  635. package/src/visual/privacy-filter.js +100 -0
  636. package/src/visual/risk-board.js +252 -0
  637. package/src/visual/timeline.js +245 -0
  638. package/src/visual/visual-client.js +94 -0
  639. package/src/visual/visual-config.js +40 -0
  640. package/src/visual/visual-reporter.js +88 -0
@@ -0,0 +1,46 @@
1
+ class SpringMvcDetector {
2
+ constructor() {
3
+ this.name = 'SpringMvcDetector';
4
+ }
5
+
6
+ detect(facts) {
7
+ const javaText = `${facts.java?.pomXml || ''}\n${facts.java?.gradle || ''}`.toLowerCase();
8
+ const keyPaths = facts.keyPaths || [];
9
+ const reasons = [];
10
+ let confidence = 0;
11
+
12
+ if (facts.java?.keywords?.springMvc || javaText.includes('spring-webmvc')) {
13
+ confidence += 55;
14
+ reasons.push('检测到 Spring MVC 依赖');
15
+ }
16
+ if (javaText.includes('javax.servlet') || javaText.includes('jakarta.servlet')) {
17
+ confidence += 15;
18
+ reasons.push('检测到 Servlet 依赖');
19
+ }
20
+ if (keyPaths.includes('src/main/java')) {
21
+ confidence += 10;
22
+ reasons.push('检测到 Java 源码目录');
23
+ }
24
+ if (keyPaths.includes('pom.xml') || keyPaths.includes('build.gradle') || keyPaths.includes('build.gradle.kts')) {
25
+ confidence += 10;
26
+ reasons.push('检测到 Java 构建文件');
27
+ }
28
+
29
+ if (confidence < 50) return null;
30
+
31
+ return {
32
+ detector: this.name,
33
+ framework: 'spring-mvc',
34
+ language: ['Java'],
35
+ buildTool: keyPaths.includes('pom.xml') ? 'Maven' : 'Gradle',
36
+ confidence: Math.min(confidence, 100),
37
+ tags: ['backend', 'java', 'spring-mvc'],
38
+ reasons,
39
+ manifestSlug: 'backend-java-springmvc-standard',
40
+ };
41
+ }
42
+ }
43
+
44
+ module.exports = {
45
+ SpringMvcDetector,
46
+ };
@@ -0,0 +1,52 @@
1
+ function hasDependency(facts, name) {
2
+ return Boolean(facts.dependencies?.[name] || facts.devDependencies?.[name]);
3
+ }
4
+
5
+ class VueViteDetector {
6
+ constructor() {
7
+ this.name = 'VueViteDetector';
8
+ }
9
+
10
+ detect(facts) {
11
+ const reasons = [];
12
+ let confidence = 0;
13
+
14
+ if (hasDependency(facts, 'vue')) {
15
+ confidence += 40;
16
+ reasons.push('检测到 vue 依赖');
17
+ }
18
+ if (hasDependency(facts, 'vite')) {
19
+ confidence += 25;
20
+ reasons.push('检测到 vite 依赖');
21
+ }
22
+ if (hasDependency(facts, '@vitejs/plugin-vue')) {
23
+ confidence += 20;
24
+ reasons.push('检测到 @vitejs/plugin-vue 插件');
25
+ }
26
+ if ((facts.keyPaths || []).includes('src/main.ts') || (facts.keyPaths || []).includes('src/main.js')) {
27
+ confidence += 5;
28
+ reasons.push('检测到 Vue 常见入口文件');
29
+ }
30
+ if ((facts.keyPaths || []).some((item) => item.startsWith('vite.config.'))) {
31
+ confidence += 5;
32
+ reasons.push('检测到 vite.config 配置');
33
+ }
34
+
35
+ if (confidence < 40) return null;
36
+
37
+ return {
38
+ detector: this.name,
39
+ framework: 'vue-vite',
40
+ language: hasDependency(facts, 'typescript') ? ['TypeScript'] : ['JavaScript'],
41
+ buildTool: 'Vite',
42
+ confidence: Math.min(confidence, 100),
43
+ tags: ['frontend', 'vue', 'vite'],
44
+ reasons,
45
+ manifestSlug: 'frontend-vue-vite-standard',
46
+ };
47
+ }
48
+ }
49
+
50
+ module.exports = {
51
+ VueViteDetector,
52
+ };
@@ -0,0 +1,72 @@
1
+ const { BoundaryResolver } = require('./boundary/boundary-resolver');
2
+ const { FactExtractor } = require('./facts/fact-extractor');
3
+ const { DetectorRegistry } = require('./detectors/detector-registry');
4
+
5
+ function mergeDependencyMaps(...maps) {
6
+ return maps.reduce((acc, item) => {
7
+ for (const [name, meta] of Object.entries(item || {})) {
8
+ acc[name] = meta;
9
+ }
10
+ return acc;
11
+ }, {});
12
+ }
13
+
14
+ function buildPackageResult(facts, detection) {
15
+ const primary = detection.primary || null;
16
+ return {
17
+ packageId: facts.packageId,
18
+ name: facts.name || undefined,
19
+ path: facts.relativePath,
20
+ primary,
21
+ candidates: detection.candidates,
22
+ tags: detection.tags,
23
+ recommendedManifest: primary?.manifestSlug || undefined,
24
+ confidence: primary?.confidence || 0,
25
+ reasons: primary?.reasons || [],
26
+ buildTool: primary?.buildTool || undefined,
27
+ language: primary?.language || undefined,
28
+ testTools: facts.testTools || [],
29
+ componentLibraries: facts.componentLibraries || [],
30
+ packageManager: facts.packageManager || undefined,
31
+ };
32
+ }
33
+
34
+ class TechScannerEngine {
35
+ constructor(options = {}) {
36
+ this.boundaryResolver = options.boundaryResolver || new BoundaryResolver();
37
+ this.factExtractor = options.factExtractor || new FactExtractor();
38
+ this.detectorRegistry = options.detectorRegistry || new DetectorRegistry();
39
+ }
40
+
41
+ async scan(rootDir, options = {}) {
42
+ const workspace = this.boundaryResolver.resolve(rootDir, options);
43
+ const rootFacts = this.factExtractor.extract({
44
+ rootDir: workspace.rootDir,
45
+ relativePath: '.',
46
+ workspaceRoot: workspace.rootDir,
47
+ });
48
+ const packages = workspace.packages.map((pkg) => {
49
+ const facts = this.factExtractor.extract({
50
+ rootDir: pkg.rootDir,
51
+ relativePath: pkg.relativePath,
52
+ workspaceRoot: workspace.rootDir,
53
+ });
54
+ const detection = this.detectorRegistry.detect(facts);
55
+ return buildPackageResult(facts, detection);
56
+ });
57
+
58
+ return {
59
+ workspace: {
60
+ rootDir: workspace.rootDir,
61
+ type: workspace.type,
62
+ packageManager: workspace.packageManager || rootFacts.packageManager || undefined,
63
+ rootDependencies: mergeDependencyMaps(rootFacts.dependencies, rootFacts.devDependencies),
64
+ },
65
+ packages,
66
+ };
67
+ }
68
+ }
69
+
70
+ module.exports = {
71
+ TechScannerEngine,
72
+ };
@@ -0,0 +1,211 @@
1
+ const fs = require('fs');
2
+ const path = require('path');
3
+
4
+ function readJsonIfExists(filePath) {
5
+ if (!fs.existsSync(filePath)) return null;
6
+ try {
7
+ return JSON.parse(fs.readFileSync(filePath, 'utf8'));
8
+ } catch {
9
+ return null;
10
+ }
11
+ }
12
+
13
+ function readTextIfExists(filePath) {
14
+ if (!fs.existsSync(filePath)) return '';
15
+ return fs.readFileSync(filePath, 'utf8');
16
+ }
17
+
18
+ function addDependencies(target, dependencies, source, overwrite = true) {
19
+ for (const [name, version] of Object.entries(dependencies || {})) {
20
+ if (!overwrite && target[name]) continue;
21
+ if (version && typeof version === 'object' && Object.prototype.hasOwnProperty.call(version, 'version')) {
22
+ target[name] = { ...version, source: version.source || source };
23
+ continue;
24
+ }
25
+ target[name] = {
26
+ version: String(version),
27
+ source,
28
+ };
29
+ }
30
+ }
31
+
32
+ function detectPackageManager(packageDir, packageJson) {
33
+ if (fs.existsSync(path.join(packageDir, 'pnpm-lock.yaml'))) return 'pnpm';
34
+ if (fs.existsSync(path.join(packageDir, 'yarn.lock'))) return 'yarn';
35
+ if (fs.existsSync(path.join(packageDir, 'package-lock.json'))) return 'npm';
36
+ if (typeof packageJson?.packageManager === 'string') {
37
+ return packageJson.packageManager.split('@')[0];
38
+ }
39
+ return null;
40
+ }
41
+
42
+ const TEST_TOOL_MARKERS = {
43
+ vitest: ['vitest'],
44
+ jest: ['jest', '@jest/core', 'ts-jest'],
45
+ mocha: ['mocha', '@types/mocha'],
46
+ cypress: ['cypress'],
47
+ playwright: ['playwright', '@playwright/test'],
48
+ 'testing-library': ['@testing-library/react', '@testing-library/vue', '@testing-library/jest-dom'],
49
+ };
50
+
51
+ const COMPONENT_LIBRARY_MARKERS = {
52
+ 'ant-design': ['antd', '@ant-design/icons', '@ant-design/pro-components'],
53
+ 'element-plus': ['element-plus'],
54
+ 'element-ui': ['element-ui'],
55
+ 'ant-design-vue': ['ant-design-vue'],
56
+ 'arco-design': ['@arco-design/web-react', '@arco-design/web-vue'],
57
+ 'naive-ui': ['naive-ui'],
58
+ 'vuetify': ['vuetify'],
59
+ 'chakra-ui': ['@chakra-ui/react', '@chakra-ui/vue'],
60
+ 'mui': ['@mui/material', '@mui/icons-material', '@mui/x-data-grid'],
61
+ 'radix-ui': ['@radix-ui/react-dialog', '@radix-ui/react-dropdown-menu'],
62
+ 'shadcn-ui': ['@shadcn/ui'],
63
+ };
64
+
65
+ function detectTestTools(allDeps) {
66
+ const found = [];
67
+ for (const [tool, markers] of Object.entries(TEST_TOOL_MARKERS)) {
68
+ if (markers.some((m) => allDeps[m])) {
69
+ found.push(tool);
70
+ }
71
+ }
72
+ return found;
73
+ }
74
+
75
+ function detectComponentLibraries(allDeps) {
76
+ const found = [];
77
+ for (const [lib, markers] of Object.entries(COMPONENT_LIBRARY_MARKERS)) {
78
+ if (markers.some((m) => allDeps[m])) {
79
+ found.push(lib);
80
+ }
81
+ }
82
+ return found;
83
+ }
84
+
85
+ function collectKeyPaths(packageDir) {
86
+ const candidates = [
87
+ 'package.json',
88
+ 'pnpm-workspace.yaml',
89
+ 'vite.config.ts',
90
+ 'vite.config.js',
91
+ 'next.config.js',
92
+ 'next.config.mjs',
93
+ 'next.config.ts',
94
+ 'src/app/layout.tsx',
95
+ 'src/app/page.tsx',
96
+ 'src/pages/_app.tsx',
97
+ 'src/main.tsx',
98
+ 'src/main.jsx',
99
+ 'src/index.tsx',
100
+ 'src/index.jsx',
101
+ 'src/main.ts',
102
+ 'src/main.js',
103
+ 'src/App.tsx',
104
+ 'config/webpack.config.js',
105
+ 'webpack.config.js',
106
+ 'nest-cli.json',
107
+ 'src/app.module.ts',
108
+ 'pom.xml',
109
+ 'build.gradle',
110
+ 'build.gradle.kts',
111
+ 'src/main/java',
112
+ 'src/main/resources/application.yml',
113
+ 'src/main/resources/application.properties',
114
+ 'go.mod',
115
+ 'main.go',
116
+ 'pyproject.toml',
117
+ 'requirements.txt',
118
+ ];
119
+ return candidates.filter((relativePath) => fs.existsSync(path.join(packageDir, relativePath)));
120
+ }
121
+
122
+ function extractJavaKeywords(text) {
123
+ const value = String(text || '').toLowerCase();
124
+ return {
125
+ springBoot: value.includes('spring-boot') || value.includes('org.springframework.boot'),
126
+ springCloud: value.includes('spring-cloud') || value.includes('org.springframework.cloud'),
127
+ springMvc: value.includes('spring-webmvc') || value.includes('springframework.web.servlet') || value.includes('spring-context'),
128
+ myBatis: value.includes('mybatis') || value.includes('mybatis-spring'),
129
+ };
130
+ }
131
+
132
+ function readRootPackageFacts(workspaceRoot) {
133
+ const packageJson = readJsonIfExists(path.join(workspaceRoot, 'package.json'));
134
+ const dependencies = {};
135
+ const devDependencies = {};
136
+ if (packageJson) {
137
+ addDependencies(dependencies, packageJson.dependencies, 'workspace-root');
138
+ addDependencies(devDependencies, packageJson.devDependencies, 'workspace-root');
139
+ addDependencies(dependencies, packageJson.peerDependencies, 'workspace-root');
140
+ }
141
+ return {
142
+ packageJson,
143
+ dependencies,
144
+ devDependencies,
145
+ };
146
+ }
147
+
148
+ class FactExtractor {
149
+ extract(input) {
150
+ const packageDir = path.resolve(input.rootDir);
151
+ const workspaceRoot = path.resolve(input.workspaceRoot || packageDir);
152
+ const packageJson = readJsonIfExists(path.join(packageDir, 'package.json'));
153
+ const rootFacts = packageDir === workspaceRoot
154
+ ? { packageJson, dependencies: {}, devDependencies: {} }
155
+ : readRootPackageFacts(workspaceRoot);
156
+ const dependencies = {};
157
+ const devDependencies = {};
158
+
159
+ addDependencies(dependencies, rootFacts.dependencies, 'workspace-root', false);
160
+ addDependencies(devDependencies, rootFacts.devDependencies, 'workspace-root', false);
161
+
162
+ if (packageJson) {
163
+ addDependencies(dependencies, packageJson.dependencies, 'local');
164
+ addDependencies(devDependencies, packageJson.devDependencies, 'local');
165
+ addDependencies(dependencies, packageJson.peerDependencies, 'local');
166
+ }
167
+
168
+ const pomXml = readTextIfExists(path.join(packageDir, 'pom.xml'));
169
+ const gradle = [
170
+ readTextIfExists(path.join(packageDir, 'build.gradle')),
171
+ readTextIfExists(path.join(packageDir, 'build.gradle.kts')),
172
+ ].filter(Boolean).join('\n');
173
+ const goMod = readTextIfExists(path.join(packageDir, 'go.mod'));
174
+ const requirementsTxt = readTextIfExists(path.join(packageDir, 'requirements.txt'));
175
+ const pyprojectToml = readTextIfExists(path.join(packageDir, 'pyproject.toml'));
176
+ const keyPaths = collectKeyPaths(packageDir);
177
+ const javaKeywords = extractJavaKeywords(`${pomXml}\n${gradle}`);
178
+
179
+ return {
180
+ packageId: input.relativePath === '.' ? 'root' : input.relativePath.replace(/[^a-zA-Z0-9_-]+/g, '_'),
181
+ name: packageJson?.name || null,
182
+ relativePath: input.relativePath || path.relative(workspaceRoot, packageDir) || '.',
183
+ rootDir: packageDir,
184
+ packageJson: packageJson || null,
185
+ packageManager: detectPackageManager(packageDir, packageJson),
186
+ scripts: packageJson?.scripts || {},
187
+ dependencies,
188
+ devDependencies,
189
+ testTools: detectTestTools({ ...dependencies, ...devDependencies }),
190
+ componentLibraries: detectComponentLibraries({ ...dependencies, ...devDependencies }),
191
+ manifestFiles: keyPaths.filter((item) => ['package.json', 'pom.xml', 'build.gradle', 'build.gradle.kts', 'go.mod', 'pyproject.toml', 'requirements.txt'].includes(item)),
192
+ keyPaths,
193
+ java: {
194
+ pomXml,
195
+ gradle,
196
+ keywords: javaKeywords,
197
+ },
198
+ python: {
199
+ requirementsTxt,
200
+ pyprojectToml,
201
+ },
202
+ go: {
203
+ goMod,
204
+ },
205
+ };
206
+ }
207
+ }
208
+
209
+ module.exports = {
210
+ FactExtractor,
211
+ };
@@ -0,0 +1,30 @@
1
+ const SCANNER_SCHEMA_VERSION = 1;
2
+
3
+ const PROJECT_TYPES = Object.freeze({
4
+ SINGLE: 'single-project',
5
+ NODE_WORKSPACE: 'node-workspace',
6
+ PNPM_WORKSPACE: 'pnpm-workspace',
7
+ PACKAGE_JSON_WORKSPACE: 'package-json-workspace',
8
+ LERNA_WORKSPACE: 'lerna-workspace',
9
+ TURBO_WORKSPACE: 'turbo-workspace',
10
+ NX_WORKSPACE: 'nx-workspace',
11
+ MAVEN_MULTI_MODULE: 'maven-multi-module',
12
+ GRADLE_MULTI_MODULE: 'gradle-multi-module',
13
+ MULTI_PROJECT_WORKSPACE: 'multi-project-workspace',
14
+ JAVA_PROJECT: 'java-project',
15
+ GO_PROJECT: 'go-project',
16
+ PYTHON_PROJECT: 'python-project',
17
+ UNKNOWN: 'unknown',
18
+ });
19
+
20
+ const DETECTION_CONFIDENCE = Object.freeze({
21
+ HIGH: 80,
22
+ MEDIUM: 60,
23
+ LOW: 30,
24
+ });
25
+
26
+ module.exports = {
27
+ SCANNER_SCHEMA_VERSION,
28
+ PROJECT_TYPES,
29
+ DETECTION_CONFIDENCE,
30
+ };
@@ -0,0 +1,188 @@
1
+ const fs = require('fs');
2
+ const { GlobalCache } = require('../cache/global-cache');
3
+ const { readProjectState } = require('../project/project-files');
4
+ const { sha256File } = require('./checksum');
5
+
6
+ const PRIVACY_FALSE_FIELDS = [
7
+ 'uploadSourceCode',
8
+ 'uploadAbsolutePath',
9
+ 'uploadUserName',
10
+ 'uploadRawPrompt',
11
+ 'uploadRawResponse',
12
+ 'uploadFileContent',
13
+ ];
14
+
15
+ function issue(level, code, message, suggestion) {
16
+ return { level, code, message, suggestion };
17
+ }
18
+
19
+ function addIssue(result, item) {
20
+ result[`${item.level}s`].push(item);
21
+ }
22
+
23
+ function assetIdentity(asset) {
24
+ return `${asset.kind || 'asset'}:${asset.slug || ''}:${asset.version || ''}`;
25
+ }
26
+
27
+ function flattenRegistryAssets(registry) {
28
+ const assets = registry?.assets || {};
29
+ const result = [];
30
+ for (const [group, items] of Object.entries(assets)) {
31
+ if (Array.isArray(items)) {
32
+ for (const item of items) {
33
+ result.push({
34
+ ...item,
35
+ kind: item.kind || (group === 'agentProfiles' ? 'agent-profile' : group.replace(/s$/, '')),
36
+ });
37
+ }
38
+ }
39
+ }
40
+ return result;
41
+ }
42
+
43
+ function containsContent(value) {
44
+ if (!value || typeof value !== 'object') return false;
45
+ if (Object.prototype.hasOwnProperty.call(value, 'content')) return true;
46
+ if (Array.isArray(value)) return value.some(containsContent);
47
+ return Object.values(value).some(containsContent);
48
+ }
49
+
50
+ class AssetTamperChecker {
51
+ constructor(options = {}) {
52
+ this.globalCache = options.globalCache || new GlobalCache(options);
53
+ }
54
+
55
+ check(rootDir, options = {}) {
56
+ const strictCache = Boolean(options.strictCache);
57
+ const result = {
58
+ passed: true,
59
+ errors: [],
60
+ warnings: [],
61
+ infos: [],
62
+ };
63
+ let state;
64
+ try {
65
+ state = readProjectState(rootDir);
66
+ } catch (error) {
67
+ addIssue(result, issue('error', 'JSON_INVALID', error.message, '请修复 JSON 格式后重新执行检查'));
68
+ result.passed = false;
69
+ return result;
70
+ }
71
+
72
+ const requiredFiles = [
73
+ ['project', '.ai-spec/project.json'],
74
+ ['policy', '.ai-spec/policy.json'],
75
+ ['lock', '.ai-spec/ai-spec.lock.json'],
76
+ ['registry', '.agents/registry.index.json'],
77
+ ['contextIndex', '.ai-spec/context-index.json'],
78
+ ];
79
+ for (const [key, label] of requiredFiles) {
80
+ if (!state[key]) {
81
+ addIssue(result, issue('error', `MISSING_${key.toUpperCase()}`, `缺少 ${label}`, '请先执行 ai-spec-auto init . --recommend --yes'));
82
+ }
83
+ }
84
+ if (result.errors.length > 0) {
85
+ result.passed = false;
86
+ return result;
87
+ }
88
+
89
+ this.checkPrivacy(state.policy, result);
90
+ this.checkLock(state.lock, result);
91
+ this.checkRegistry(state.lock, state.registry, result);
92
+ this.checkContextIndex(state.contextIndex, result);
93
+ this.checkAssetCache(state.lock, result, { strictCache });
94
+ this.checkOverlays(state.lock, result);
95
+
96
+ addIssue(result, issue('info', 'CHECK_COMPLETE', '资产完整性检查完成', '无需处理'));
97
+ result.passed = result.errors.length === 0;
98
+ return result;
99
+ }
100
+
101
+ checkPrivacy(policy, result) {
102
+ const privacy = policy.privacyPolicy || {};
103
+ for (const field of PRIVACY_FALSE_FIELDS) {
104
+ if (privacy[field] === true) {
105
+ addIssue(result, issue('error', 'PRIVACY_POLICY_VIOLATION', `隐私配置违规:privacyPolicy.${field} 不能为 true`, '请将该字段设置为 false'));
106
+ }
107
+ }
108
+ }
109
+
110
+ checkLock(lock, result) {
111
+ if (!lock.schemaVersion) {
112
+ addIssue(result, issue('error', 'LOCK_SCHEMA_MISSING', 'lock 缺少 schemaVersion', '请重新生成 ai-spec.lock.json'));
113
+ }
114
+ if (lock.manifest && !lock.manifest.checksum) {
115
+ addIssue(result, issue('error', 'MANIFEST_CHECKSUM_MISSING', 'manifest checksum 字段缺失', '请重新执行 sync 或 init'));
116
+ }
117
+ if (!lock.manifest) {
118
+ addIssue(result, issue('warning', 'MANIFEST_NOT_INSTALLED', 'lock 未包含 Manifest', '如需安装规范,请使用 --manifest 手动指定'));
119
+ }
120
+ for (const asset of lock.assets || []) {
121
+ if (!asset.checksum) {
122
+ addIssue(result, issue('error', 'ASSET_CHECKSUM_MISSING', `资产 ${asset.slug || ''} 缺少 checksum`, '请修正 lock 文件'));
123
+ }
124
+ }
125
+ for (const profile of lock.agentProfiles || []) {
126
+ if (!profile.checksum) {
127
+ addIssue(result, issue('error', 'AGENT_PROFILE_CHECKSUM_MISSING', `Agent Profile ${profile.slug || ''} 缺少 checksum`, '请修正 lock 文件'));
128
+ }
129
+ }
130
+ }
131
+
132
+ checkRegistry(lock, registry, result) {
133
+ if (containsContent(registry)) {
134
+ addIssue(result, issue('error', 'REGISTRY_CONTENT_FORBIDDEN', 'registry.index.json 不允许包含完整 content', '请只保留 cacheKey/cachePath/checksum 索引'));
135
+ }
136
+ const registryAssets = flattenRegistryAssets(registry);
137
+ const registryByIdentity = new Map(registryAssets.map((asset) => [assetIdentity(asset), asset]));
138
+ for (const asset of lock.assets || []) {
139
+ const registryAsset = registryByIdentity.get(assetIdentity(asset));
140
+ if (!registryAsset) {
141
+ addIssue(result, issue('error', 'REGISTRY_ASSET_MISSING', `registry 缺少资产索引:${asset.slug || asset.checksum}`, '请执行 ai-spec-auto sync . 重新生成索引'));
142
+ continue;
143
+ }
144
+ if (registryAsset.checksum !== asset.checksum) {
145
+ addIssue(result, issue('error', 'REGISTRY_LOCK_MISMATCH', `registry 与 lock checksum 不一致:${asset.slug || asset.checksum}`, '请执行 ai-spec-auto sync . 重新生成索引'));
146
+ }
147
+ }
148
+ }
149
+
150
+ checkContextIndex(contextIndex, result) {
151
+ if (contextIndex.contextStrategy !== 'progressive') {
152
+ addIssue(result, issue('error', 'CONTEXT_STRATEGY_INVALID', 'contextStrategy 必须是 progressive', '请重新生成 context-index.json'));
153
+ }
154
+ const stages = new Set((contextIndex.stageLoadRules || []).map((item) => item.stage));
155
+ for (const stage of ['planning', 'implementation', 'verification', 'diagnosing']) {
156
+ if (!stages.has(stage)) {
157
+ addIssue(result, issue('error', 'CONTEXT_STAGE_MISSING', `context-index 缺少 ${stage} 阶段`, '请重新生成 context-index.json'));
158
+ }
159
+ }
160
+ }
161
+
162
+ checkAssetCache(lock, result, options = {}) {
163
+ for (const asset of lock.assets || []) {
164
+ if (!asset.checksum) continue;
165
+ const contentPath = this.globalCache.getAssetContentPath(asset.checksum);
166
+ if (!fs.existsSync(contentPath)) {
167
+ addIssue(result, issue(options.strictCache ? 'error' : 'warning', 'ASSET_CACHE_MISSING', `缓存缺失:${asset.slug || asset.checksum}`, '请先执行 ai-spec-auto sync .'));
168
+ continue;
169
+ }
170
+ const actual = sha256File(contentPath);
171
+ if (actual !== asset.checksum) {
172
+ addIssue(result, issue('error', 'ASSET_TAMPERED', `标准资产 checksum 不一致:${asset.slug || asset.checksum}`, '请执行 ai-spec-auto sync . 恢复缓存'));
173
+ }
174
+ }
175
+ }
176
+
177
+ checkOverlays(lock, result) {
178
+ if (Array.isArray(lock.overlays) && lock.overlays.length > 0) {
179
+ addIssue(result, issue('warning', 'OVERLAY_CHECK_NOT_IMPLEMENTED', 'overlay checksum 校验暂未实现', '后续实现 overlay 后补充校验'));
180
+ }
181
+ }
182
+ }
183
+
184
+ module.exports = {
185
+ AssetTamperChecker,
186
+ PRIVACY_FALSE_FIELDS,
187
+ flattenRegistryAssets,
188
+ };
@@ -0,0 +1,40 @@
1
+ const crypto = require('crypto');
2
+ const fs = require('fs');
3
+
4
+ function sha256Text(text) {
5
+ if (text === undefined || text === null) {
6
+ throw new Error('内容不能为空,无法计算 checksum');
7
+ }
8
+ return `sha256:${crypto.createHash('sha256').update(String(text)).digest('hex')}`;
9
+ }
10
+
11
+ function sha256File(filePath) {
12
+ if (!filePath || !fs.existsSync(filePath)) {
13
+ throw new Error(`文件不存在,无法计算 checksum:${filePath || '未提供路径'}`);
14
+ }
15
+ return sha256Text(fs.readFileSync(filePath));
16
+ }
17
+
18
+ function stableStringify(value) {
19
+ if (value === undefined || value === null) {
20
+ throw new Error('JSON 内容不能为空,无法计算 checksum');
21
+ }
22
+ if (Array.isArray(value)) {
23
+ return `[${value.map((item) => stableStringify(item)).join(',')}]`;
24
+ }
25
+ if (typeof value === 'object') {
26
+ return `{${Object.keys(value).sort().map((key) => `${JSON.stringify(key)}:${stableStringify(value[key])}`).join(',')}}`;
27
+ }
28
+ return JSON.stringify(value);
29
+ }
30
+
31
+ function safeJsonHash(object) {
32
+ return sha256Text(stableStringify(object));
33
+ }
34
+
35
+ module.exports = {
36
+ safeJsonHash,
37
+ sha256File,
38
+ sha256Text,
39
+ stableStringify,
40
+ };