@gong-ym/ai-spec-auto 0.2.3
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/.agents/commands/README.md +33 -0
- package/.agents/commands/claude/spec-start-review.md +88 -0
- package/.agents/commands/codex/spec-continue.md +74 -0
- package/.agents/commands/codex/spec-orchestrate.md +35 -0
- package/.agents/commands/codex/spec-start-review.md +88 -0
- package/.agents/commands/codex/spec-start.md +67 -0
- package/.agents/commands/codex/spec-status.md +22 -0
- package/.agents/commands/codex/spec-stop.md +29 -0
- package/.agents/commands/codex/spec-update.md +40 -0
- package/.agents/commands/common/branch-review.md +117 -0
- package/.agents/commands/common/project-init.md +25 -0
- package/.agents/commands/common/spec-continue.md +74 -0
- package/.agents/commands/common/spec-orchestrate.md +35 -0
- package/.agents/commands/common/spec-start-review.md +82 -0
- package/.agents/commands/common/spec-start.md +67 -0
- package/.agents/commands/common/spec-status.md +22 -0
- package/.agents/commands/common/spec-stop.md +29 -0
- package/.agents/commands/common/spec-update.md +40 -0
- package/.agents/commands/cursor/opsx-apply.md +55 -0
- package/.agents/commands/cursor/opsx-archive.md +48 -0
- package/.agents/commands/cursor/opsx-explore.md +45 -0
- package/.agents/commands/cursor/opsx-propose.md +59 -0
- package/.agents/commands/cursor/spec-continue.md +63 -0
- package/.agents/commands/cursor/spec-orchestrate.md +53 -0
- package/.agents/commands/cursor/spec-start-review.md +78 -0
- package/.agents/commands/cursor/spec-start.md +59 -0
- package/.agents/commands/cursor/spec-status.md +30 -0
- package/.agents/commands/cursor/spec-stop.md +29 -0
- package/.agents/commands/cursor/spec-update.md +41 -0
- package/.agents/flows/FRONTMATTER.md +263 -0
- package/.agents/flows/RUN_OUTPUT.md +263 -0
- package/.agents/flows/common/README.md +29 -0
- package/.agents/flows/common/bugfix-to-verification.md +95 -0
- package/.agents/flows/common/change-to-architecture-review.md +89 -0
- package/.agents/flows/common/change-to-release.md +94 -0
- package/.agents/flows/common/prd-to-delivery.md +184 -0
- package/.agents/flows/common/requirement-to-observability.md +97 -0
- package/.agents/orchestration/README.md +22 -0
- package/.agents/orchestration/expert-dispatch-spec.md +155 -0
- package/.agents/orchestration/expert-executor-spec.md +84 -0
- package/.agents/orchestration/expert-runtime-action-spec.md +73 -0
- package/.agents/orchestration/runtime-state-handoff-spec.md +264 -0
- package/.agents/orchestration/task-anchor-spec.md +212 -0
- package/.agents/orchestration/task-orchestrator-adapter-payload.md +153 -0
- package/.agents/orchestration/task-orchestrator-bootstrap-payload.md +145 -0
- package/.agents/orchestration/task-orchestrator-output-extractor-spec.md +93 -0
- package/.agents/orchestration/task-orchestrator-run-plan-template.md +312 -0
- package/.agents/orchestration/task-orchestrator-runtime-hooks.md +214 -0
- package/.agents/registry/README.md +63 -0
- package/.agents/registry/flows.json +125 -0
- package/.agents/registry/profiles.json +101 -0
- package/.agents/registry/roles.json +1266 -0
- package/.agents/registry/rules.json +148 -0
- package/.agents/registry/scenario-packages.json +123 -0
- package/.agents/registry/skills.json +130 -0
- package/.agents/roles/INDEX.md +346 -0
- package/.agents/roles/common/README.md +76 -0
- package/.agents/roles/common/archive-change.md +80 -0
- package/.agents/roles/common/backend-implementer.md +92 -0
- package/.agents/roles/common/code-guardian.md +151 -0
- package/.agents/roles/common/frontend-implementer.md +146 -0
- package/.agents/roles/common/requirement-analyst.md +138 -0
- package/.agents/roles/common/task-orchestrator-routing.md +301 -0
- package/.agents/roles/common/task-orchestrator.md +224 -0
- package/.agents/roles/common/tooling-implementer.md +92 -0
- package/.agents/roles/domains/README.md +35 -0
- package/.agents/roles/domains/delivery/README.md +11 -0
- package/.agents/roles/domains/delivery/container-specialist.md +50 -0
- package/.agents/roles/domains/delivery/deployment-specialist.md +50 -0
- package/.agents/roles/domains/delivery/pipeline-specialist.md +50 -0
- package/.agents/roles/domains/demand-design/README.md +16 -0
- package/.agents/roles/domains/demand-design/api-contract-specialist.md +52 -0
- package/.agents/roles/domains/demand-design/design-collaborator.md +58 -0
- package/.agents/roles/domains/documentation/README.md +11 -0
- package/.agents/roles/domains/documentation/api-doc-specialist.md +50 -0
- package/.agents/roles/domains/documentation/component-doc-specialist.md +49 -0
- package/.agents/roles/domains/documentation/technical-writing-specialist.md +48 -0
- package/.agents/roles/domains/engineering/README.md +17 -0
- package/.agents/roles/domains/engineering/architecture-advisor.md +53 -0
- package/.agents/roles/domains/engineering/build-specialist.md +51 -0
- package/.agents/roles/domains/engineering/dependency-governor.md +52 -0
- package/.agents/roles/domains/governance/README.md +17 -0
- package/.agents/roles/domains/governance/api-governance-specialist.md +51 -0
- package/.agents/roles/domains/governance/lint-policy-specialist.md +49 -0
- package/.agents/roles/domains/governance/route-governance-specialist.md +52 -0
- package/.agents/roles/domains/observability/README.md +11 -0
- package/.agents/roles/domains/observability/error-tracker.md +50 -0
- package/.agents/roles/domains/observability/event-instrumentation-specialist.md +51 -0
- package/.agents/roles/domains/observability/rum-analyst.md +50 -0
- package/.agents/roles/domains/performance/README.md +11 -0
- package/.agents/roles/domains/performance/asset-optimizer.md +50 -0
- package/.agents/roles/domains/performance/performance-auditor.md +56 -0
- package/.agents/roles/domains/performance/vitals-analyst.md +50 -0
- package/.agents/roles/domains/security-a11y/README.md +11 -0
- package/.agents/roles/domains/security-a11y/a11y-auditor.md +50 -0
- package/.agents/roles/domains/security-a11y/aria-specialist.md +51 -0
- package/.agents/roles/domains/security-a11y/security-reviewer.md +49 -0
- package/.agents/roles/domains/testing/README.md +12 -0
- package/.agents/roles/domains/testing/coverage-analyst.md +50 -0
- package/.agents/roles/domains/testing/e2e-test-specialist.md +51 -0
- package/.agents/roles/domains/testing/unit-test-specialist.md +56 -0
- package/.agents/roles/domains/testing/verification-reviewer.md +67 -0
- package/.agents/rules/README.md +87 -0
- package/.agents/rules/common/02-/347/274/226/347/240/201/350/247/204/350/214/203.md +45 -0
- package/.agents/rules/common/08-/351/200/232/347/224/250/347/272/246/346/235/237.md +63 -0
- package/.agents/rules/common/10-/346/226/207/346/241/243/350/247/204/350/214/203.md +101 -0
- package/.agents/rules/common/12-Superpowers/346/211/247/350/241/214/350/247/204/350/214/203.md +46 -0
- package/.agents/rules/common/14-/345/256/241/350/256/241/346/261/207/346/212/245/350/247/204/350/214/203.md +107 -0
- package/.agents/rules/common/15-visual-gate-wait.md +90 -0
- package/.agents/rules/profiles/nestjs/01-/351/241/271/347/233/256/346/246/202/350/277/260.md +27 -0
- package/.agents/rules/profiles/nestjs/03-/351/241/271/347/233/256/347/273/223/346/236/204.md +20 -0
- package/.agents/rules/profiles/nestjs/04-/346/250/241/345/235/227/347/273/223/346/236/204/350/247/204/350/214/203.md +24 -0
- package/.agents/rules/profiles/nestjs/05-/346/216/245/345/217/243/344/270/216/345/245/221/347/272/246/350/247/204/350/214/203.md +24 -0
- package/.agents/rules/profiles/nestjs/06-/346/225/260/346/215/256/350/256/277/351/227/256/350/247/204/350/214/203.md +24 -0
- package/.agents/rules/profiles/nestjs/07-/351/205/215/347/275/256/344/270/216/350/277/220/350/241/214/346/227/266/350/247/204/350/214/203.md +20 -0
- package/.agents/rules/profiles/nestjs/09-/345/274/202/345/270/270/344/270/216/346/227/245/345/277/227/350/247/204/350/214/203.md +20 -0
- package/.agents/rules/profiles/nestjs/11-/346/265/213/350/257/225/350/247/204/350/214/203.md +24 -0
- package/.agents/rules/profiles/nestjs/13-/344/273/243/347/240/201/346/240/274/345/274/217/345/214/226/344/270/216/346/243/200/346/237/245.md +20 -0
- package/.agents/rules/profiles/node-tooling/01-/351/241/271/347/233/256/346/246/202/350/277/260.md +30 -0
- package/.agents/rules/profiles/node-tooling/03-/351/241/271/347/233/256/347/273/223/346/236/204.md +37 -0
- package/.agents/rules/profiles/node-tooling/04-CLI/344/270/216/346/250/241/345/235/227/350/247/204/350/214/203.md +42 -0
- package/.agents/rules/profiles/node-tooling/05-Contract/344/270/216Schema/350/247/204/350/214/203.md +42 -0
- package/.agents/rules/profiles/node-tooling/06-/350/277/220/350/241/214/346/227/266/346/226/207/344/273/266/350/247/204/350/214/203.md +30 -0
- package/.agents/rules/profiles/node-tooling/07-/346/227/245/345/277/227/344/270/216/351/224/231/350/257/257/345/244/204/347/220/206/350/247/204/350/214/203.md +60 -0
- package/.agents/rules/profiles/node-tooling/09-/350/204/232/346/234/254/344/270/216/345/205/245/345/217/243/350/247/204/350/214/203.md +45 -0
- package/.agents/rules/profiles/node-tooling/11-/346/265/213/350/257/225/350/247/204/350/214/203.md +41 -0
- package/.agents/rules/profiles/node-tooling/13-/344/273/243/347/240/201/346/240/274/345/274/217/345/214/226/344/270/216/346/243/200/346/237/245.md +55 -0
- package/.agents/rules/profiles/react/01-/351/241/271/347/233/256/346/246/202/350/277/260.md +29 -0
- package/.agents/rules/profiles/react/03-/351/241/271/347/233/256/347/273/223/346/236/204.md +104 -0
- package/.agents/rules/profiles/react/04-/347/273/204/344/273/266/350/247/204/350/214/203.md +46 -0
- package/.agents/rules/profiles/react/05-API/350/247/204/350/214/203.md +67 -0
- package/.agents/rules/profiles/react/06-/350/267/257/347/224/261/350/247/204/350/214/203.md +54 -0
- package/.agents/rules/profiles/react/07-/347/212/266/346/200/201/347/256/241/347/220/206.md +226 -0
- package/.agents/rules/profiles/react/09-/346/240/267/345/274/217/350/247/204/350/214/203.md +71 -0
- package/.agents/rules/profiles/react/11-/346/265/213/350/257/225/350/247/204/350/214/203.md +80 -0
- package/.agents/rules/profiles/react/13-/344/273/243/347/240/201/346/240/274/345/274/217/345/214/226/344/270/216/346/243/200/346/237/245.md +159 -0
- package/.agents/rules/profiles/springboot/01-/351/241/271/347/233/256/346/246/202/350/277/260.md +31 -0
- package/.agents/rules/profiles/springboot/03-/351/241/271/347/233/256/347/273/223/346/236/204.md +37 -0
- package/.agents/rules/profiles/springboot/04-/345/210/206/345/261/202/350/247/204/350/214/203.md +33 -0
- package/.agents/rules/profiles/springboot/05-/346/216/245/345/217/243/344/270/216/345/245/221/347/272/246/350/247/204/350/214/203.md +51 -0
- package/.agents/rules/profiles/springboot/06-/346/225/260/346/215/256/350/256/277/351/227/256/350/247/204/350/214/203.md +34 -0
- package/.agents/rules/profiles/springboot/07-/351/205/215/347/275/256/344/270/216/350/277/220/350/241/214/346/227/266/350/247/204/350/214/203.md +38 -0
- package/.agents/rules/profiles/springboot/09-/345/274/202/345/270/270/344/270/216/346/227/245/345/277/227/350/247/204/350/214/203.md +48 -0
- package/.agents/rules/profiles/springboot/11-/346/265/213/350/257/225/350/247/204/350/214/203.md +43 -0
- package/.agents/rules/profiles/springboot/13-/344/273/243/347/240/201/346/240/274/345/274/217/345/214/226/344/270/216/346/243/200/346/237/245.md +48 -0
- package/.agents/rules/profiles/vue/01-/351/241/271/347/233/256/346/246/202/350/277/260.md +47 -0
- package/.agents/rules/profiles/vue/03-/351/241/271/347/233/256/347/273/223/346/236/204.md +106 -0
- package/.agents/rules/profiles/vue/04-/347/273/204/344/273/266/350/247/204/350/214/203.md +61 -0
- package/.agents/rules/profiles/vue/05-API/350/247/204/350/214/203.md +67 -0
- package/.agents/rules/profiles/vue/06-/350/267/257/347/224/261/350/247/204/350/214/203.md +69 -0
- package/.agents/rules/profiles/vue/07-/347/212/266/346/200/201/347/256/241/347/220/206.md +93 -0
- package/.agents/rules/profiles/vue/09-/346/240/267/345/274/217/350/247/204/350/214/203.md +67 -0
- package/.agents/rules/profiles/vue/11-/346/265/213/350/257/225/350/247/204/350/214/203.md +80 -0
- package/.agents/rules/profiles/vue/13-/344/273/243/347/240/201/346/240/274/345/274/217/345/214/226/344/270/216/346/243/200/346/237/245.md +159 -0
- package/.agents/skills/README.md +171 -0
- package/.agents/skills/common/archive-change/SKILL.md +180 -0
- package/.agents/skills/common/branch-code-reviewer/SKILL.md +459 -0
- package/.agents/skills/common/branch-code-reviewer/references/business-risk-guide.md +293 -0
- package/.agents/skills/common/branch-code-reviewer/references/html-template-guide.md +121 -0
- package/.agents/skills/common/config-and-secret-scan/SKILL.md +99 -0
- package/.agents/skills/common/create-proposal/SKILL.md +192 -0
- package/.agents/skills/common/create-proposal/evals/evals.json +16 -0
- package/.agents/skills/common/create-proposal/evals/train_queries.json +18 -0
- package/.agents/skills/common/create-proposal/evals/validation_queries.json +18 -0
- package/.agents/skills/common/create-proposal/references/interaction-spec-template.md +42 -0
- package/.agents/skills/common/create-test/SKILL.md +292 -0
- package/.agents/skills/common/dependency-impact-graph/SKILL.md +80 -0
- package/.agents/skills/common/execute-task/SKILL.md +206 -0
- package/.agents/skills/common/execute-task/evals/evals.json +16 -0
- package/.agents/skills/common/execute-task/evals/train_queries.json +18 -0
- package/.agents/skills/common/execute-task/evals/validation_queries.json +18 -0
- package/.agents/skills/common/find-skills/SKILL.md +144 -0
- package/.agents/skills/common/install-ai-spec-auto/SKILL.md +260 -0
- package/.agents/skills/common/install-ai-spec-auto/evals/evals.json +17 -0
- package/.agents/skills/common/install-ai-spec-auto/evals/train_queries.json +18 -0
- package/.agents/skills/common/install-ai-spec-auto/evals/validation_queries.json +18 -0
- package/.agents/skills/common/project-init/SKILL.md +178 -0
- package/.agents/skills/common/project-init/evals/evals.json +16 -0
- package/.agents/skills/common/project-init/evals/train_queries.json +18 -0
- package/.agents/skills/common/project-init/evals/validation_queries.json +18 -0
- package/.agents/skills/common/project-init/references/custom-rule-generation.md +89 -0
- package/.agents/skills/common/project-init/references/deep-scan-rules.md +67 -0
- package/.agents/skills/common/project-init/references/output-contracts.md +71 -0
- package/.agents/skills/common/project-init/references/repo-fact-gathering.md +83 -0
- package/.agents/skills/common/project-init/references/scope-resolution.md +76 -0
- package/.agents/skills/common/project-init/scripts/inspect-project.js +112 -0
- package/.agents/skills/common/skill-creator/LICENSE.txt +202 -0
- package/.agents/skills/common/skill-creator/SKILL.md +370 -0
- package/.agents/skills/common/skill-creator/evals/evals.json +16 -0
- package/.agents/skills/common/skill-creator/evals/train_queries.json +18 -0
- package/.agents/skills/common/skill-creator/evals/validation_queries.json +18 -0
- package/.agents/skills/common/skill-creator/references/output-patterns.md +82 -0
- package/.agents/skills/common/skill-creator/references/workflows.md +28 -0
- package/.agents/skills/common/skill-creator/scripts/init_skill.py +209 -0
- package/.agents/skills/common/skill-creator/scripts/package_skill.py +110 -0
- package/.agents/skills/common/skill-creator/scripts/quick_validate.py +51 -0
- package/.agents/skills/common/skill-optimizer/SKILL.md +102 -0
- package/.agents/skills/common/skill-optimizer/evals/evals.json +16 -0
- package/.agents/skills/common/skill-optimizer/evals/train_queries.json +18 -0
- package/.agents/skills/common/skill-optimizer/evals/validation_queries.json +18 -0
- package/.agents/skills/common/skill-optimizer/references/design-patterns.md +26 -0
- package/.agents/skills/common/skill-optimizer/references/review-checklist.md +22 -0
- package/.agents/skills/common/using-superpowers/SKILL.md +151 -0
- package/.agents/skills/common/wait-for-gate-signal/SKILL.md +85 -0
- package/.agents/skills/domains/README.md +19 -0
- package/.agents/skills/domains/ui-ux-pro-max/SKILL.md +58 -0
- package/.agents/skills/domains/web/design-analysis/SKILL.md +89 -0
- package/.agents/skills/domains/web/design-analysis/rules/analysis-order.md +61 -0
- package/.agents/skills/domains/web/design-analysis/rules/analysis-priorities.md +136 -0
- package/.agents/skills/domains/web/design-analysis/rules/checklist-common-misses.md +107 -0
- package/.agents/skills/domains/web/design-analysis/rules/implementation-common-errors.md +204 -0
- package/.agents/skills/domains/web/design-analysis/rules/implementation-guidelines.md +211 -0
- package/.agents/skills/domains/web/design-analysis/rules/output-analysis-checklist.md +247 -0
- package/.agents/skills/domains/web/design-analysis/rules/tools-design-guidelines.md +108 -0
- package/.agents/skills/domains/web/design-analysis/rules/workflow-element-extraction.md +162 -0
- package/.agents/skills/domains/web/design-analysis/rules/workflow-layout-map.md +131 -0
- package/.agents/skills/domains/web/design-analysis/rules/workflow-output-checklist.md +70 -0
- package/.agents/skills/domains/web/design-analysis/rules/workflow-style-summary.md +91 -0
- package/.agents/skills/domains/web/route-permission-map/SKILL.md +103 -0
- package/.agents/skills/domains/web/ui-verification/SKILL.md +114 -0
- package/.agents/skills/domains/web/ui-verification/evals/evals.json +16 -0
- package/.agents/skills/domains/web/ui-verification/evals/train_queries.json +18 -0
- package/.agents/skills/domains/web/ui-verification/evals/validation_queries.json +18 -0
- package/.agents/skills/domains/web/ui-verification/rules/comparison-content-image.md +34 -0
- package/.agents/skills/domains/web/ui-verification/rules/comparison-content-text.md +30 -0
- package/.agents/skills/domains/web/ui-verification/rules/comparison-hierarchy.md +33 -0
- package/.agents/skills/domains/web/ui-verification/rules/comparison-layout.md +35 -0
- package/.agents/skills/domains/web/ui-verification/rules/errors-alignment.md +42 -0
- package/.agents/skills/domains/web/ui-verification/rules/errors-button-dimensions.md +28 -0
- package/.agents/skills/domains/web/ui-verification/rules/errors-button-position.md +25 -0
- package/.agents/skills/domains/web/ui-verification/rules/errors-css-priority.md +50 -0
- package/.agents/skills/domains/web/ui-verification/rules/errors-flex-column-width.md +46 -0
- package/.agents/skills/domains/web/ui-verification/rules/errors-flex-layout.md +46 -0
- package/.agents/skills/domains/web/ui-verification/rules/errors-grid-container-width.md +44 -0
- package/.agents/skills/domains/web/ui-verification/rules/errors-page-container-width.md +39 -0
- package/.agents/skills/domains/web/ui-verification/rules/tools-browser-navigation.md +53 -0
- package/.agents/skills/domains/web/ui-verification/rules/tools-design-guidelines.md +53 -0
- package/.agents/skills/domains/web/ui-verification/rules/workflow-checklist.md +27 -0
- package/.agents/skills/domains/web/ui-verification/rules/workflow-problem-list.md +56 -0
- package/.agents/skills/domains/web/ui-verification/rules/workflow-reflection.md +44 -0
- package/.agents/skills/domains/web/ui-verification/rules/writing-alignment.md +44 -0
- package/.agents/skills/domains/web/ui-verification/rules/writing-element-completeness.md +63 -0
- package/.agents/skills/domains/web/ui-verification/rules/writing-list-layout.md +75 -0
- package/.agents/skills/domains/web/ui-verification/rules/writing-page-container-width.md +37 -0
- package/.agents/skills/domains/web/web-design-guidelines/SKILL.md +40 -0
- package/.agents/skills/profiles/nestjs/README.md +4 -0
- package/.agents/skills/profiles/node-tooling/README.md +9 -0
- package/.agents/skills/profiles/react/create-api/SKILL.md +145 -0
- package/.agents/skills/profiles/react/create-component/SKILL.md +160 -0
- package/.agents/skills/profiles/react/create-route/SKILL.md +168 -0
- package/.agents/skills/profiles/react/create-store/SKILL.md +262 -0
- package/.agents/skills/profiles/react/theme-variables/SKILL.md +82 -0
- package/.agents/skills/profiles/react/vercel-composition-patterns/AGENTS.md +899 -0
- package/.agents/skills/profiles/react/vercel-composition-patterns/SKILL.md +81 -0
- package/.agents/skills/profiles/react/vercel-composition-patterns/rules/architecture-avoid-boolean-props.md +100 -0
- package/.agents/skills/profiles/react/vercel-composition-patterns/rules/architecture-compound-components.md +112 -0
- package/.agents/skills/profiles/react/vercel-composition-patterns/rules/patterns-children-over-render-props.md +87 -0
- package/.agents/skills/profiles/react/vercel-composition-patterns/rules/patterns-explicit-variants.md +100 -0
- package/.agents/skills/profiles/react/vercel-composition-patterns/rules/state-context-interface.md +191 -0
- package/.agents/skills/profiles/react/vercel-composition-patterns/rules/state-decouple-implementation.md +113 -0
- package/.agents/skills/profiles/react/vercel-composition-patterns/rules/state-lift-state.md +125 -0
- package/.agents/skills/profiles/react/vercel-react-best-practices/AGENTS.md +2934 -0
- package/.agents/skills/profiles/react/vercel-react-best-practices/SKILL.md +136 -0
- package/.agents/skills/profiles/react/vercel-react-best-practices/rules/advanced-event-handler-refs.md +55 -0
- package/.agents/skills/profiles/react/vercel-react-best-practices/rules/advanced-init-once.md +42 -0
- package/.agents/skills/profiles/react/vercel-react-best-practices/rules/advanced-use-latest.md +39 -0
- package/.agents/skills/profiles/react/vercel-react-best-practices/rules/async-api-routes.md +38 -0
- package/.agents/skills/profiles/react/vercel-react-best-practices/rules/async-defer-await.md +80 -0
- package/.agents/skills/profiles/react/vercel-react-best-practices/rules/async-dependencies.md +51 -0
- package/.agents/skills/profiles/react/vercel-react-best-practices/rules/async-parallel.md +28 -0
- package/.agents/skills/profiles/react/vercel-react-best-practices/rules/async-suspense-boundaries.md +99 -0
- package/.agents/skills/profiles/react/vercel-react-best-practices/rules/bundle-barrel-imports.md +59 -0
- package/.agents/skills/profiles/react/vercel-react-best-practices/rules/bundle-conditional.md +31 -0
- package/.agents/skills/profiles/react/vercel-react-best-practices/rules/bundle-defer-third-party.md +49 -0
- package/.agents/skills/profiles/react/vercel-react-best-practices/rules/bundle-dynamic-imports.md +35 -0
- package/.agents/skills/profiles/react/vercel-react-best-practices/rules/bundle-preload.md +50 -0
- package/.agents/skills/profiles/react/vercel-react-best-practices/rules/client-event-listeners.md +74 -0
- package/.agents/skills/profiles/react/vercel-react-best-practices/rules/client-localstorage-schema.md +71 -0
- package/.agents/skills/profiles/react/vercel-react-best-practices/rules/client-passive-event-listeners.md +48 -0
- package/.agents/skills/profiles/react/vercel-react-best-practices/rules/client-swr-dedup.md +56 -0
- package/.agents/skills/profiles/react/vercel-react-best-practices/rules/js-batch-dom-css.md +107 -0
- package/.agents/skills/profiles/react/vercel-react-best-practices/rules/js-cache-function-results.md +80 -0
- package/.agents/skills/profiles/react/vercel-react-best-practices/rules/js-cache-property-access.md +28 -0
- package/.agents/skills/profiles/react/vercel-react-best-practices/rules/js-cache-storage.md +70 -0
- package/.agents/skills/profiles/react/vercel-react-best-practices/rules/js-combine-iterations.md +32 -0
- package/.agents/skills/profiles/react/vercel-react-best-practices/rules/js-early-exit.md +50 -0
- package/.agents/skills/profiles/react/vercel-react-best-practices/rules/js-hoist-regexp.md +45 -0
- package/.agents/skills/profiles/react/vercel-react-best-practices/rules/js-index-maps.md +37 -0
- package/.agents/skills/profiles/react/vercel-react-best-practices/rules/js-length-check-first.md +49 -0
- package/.agents/skills/profiles/react/vercel-react-best-practices/rules/js-min-max-loop.md +82 -0
- package/.agents/skills/profiles/react/vercel-react-best-practices/rules/js-set-map-lookups.md +24 -0
- package/.agents/skills/profiles/react/vercel-react-best-practices/rules/js-tosorted-immutable.md +57 -0
- package/.agents/skills/profiles/react/vercel-react-best-practices/rules/rendering-activity.md +26 -0
- package/.agents/skills/profiles/react/vercel-react-best-practices/rules/rendering-animate-svg-wrapper.md +47 -0
- package/.agents/skills/profiles/react/vercel-react-best-practices/rules/rendering-conditional-render.md +40 -0
- package/.agents/skills/profiles/react/vercel-react-best-practices/rules/rendering-content-visibility.md +38 -0
- package/.agents/skills/profiles/react/vercel-react-best-practices/rules/rendering-hoist-jsx.md +46 -0
- package/.agents/skills/profiles/react/vercel-react-best-practices/rules/rendering-hydration-no-flicker.md +82 -0
- package/.agents/skills/profiles/react/vercel-react-best-practices/rules/rendering-hydration-suppress-warning.md +30 -0
- package/.agents/skills/profiles/react/vercel-react-best-practices/rules/rendering-svg-precision.md +28 -0
- package/.agents/skills/profiles/react/vercel-react-best-practices/rules/rendering-usetransition-loading.md +75 -0
- package/.agents/skills/profiles/react/vercel-react-best-practices/rules/rerender-defer-reads.md +39 -0
- package/.agents/skills/profiles/react/vercel-react-best-practices/rules/rerender-dependencies.md +45 -0
- package/.agents/skills/profiles/react/vercel-react-best-practices/rules/rerender-derived-state-no-effect.md +40 -0
- package/.agents/skills/profiles/react/vercel-react-best-practices/rules/rerender-derived-state.md +29 -0
- package/.agents/skills/profiles/react/vercel-react-best-practices/rules/rerender-functional-setstate.md +74 -0
- package/.agents/skills/profiles/react/vercel-react-best-practices/rules/rerender-lazy-state-init.md +58 -0
- package/.agents/skills/profiles/react/vercel-react-best-practices/rules/rerender-memo-with-default-value.md +38 -0
- package/.agents/skills/profiles/react/vercel-react-best-practices/rules/rerender-memo.md +44 -0
- package/.agents/skills/profiles/react/vercel-react-best-practices/rules/rerender-move-effect-to-event.md +45 -0
- package/.agents/skills/profiles/react/vercel-react-best-practices/rules/rerender-simple-expression-in-memo.md +35 -0
- package/.agents/skills/profiles/react/vercel-react-best-practices/rules/rerender-transitions.md +40 -0
- package/.agents/skills/profiles/react/vercel-react-best-practices/rules/rerender-use-ref-transient-values.md +73 -0
- package/.agents/skills/profiles/react/vercel-react-best-practices/rules/server-after-nonblocking.md +73 -0
- package/.agents/skills/profiles/react/vercel-react-best-practices/rules/server-auth-actions.md +96 -0
- package/.agents/skills/profiles/react/vercel-react-best-practices/rules/server-cache-lru.md +41 -0
- package/.agents/skills/profiles/react/vercel-react-best-practices/rules/server-cache-react.md +76 -0
- package/.agents/skills/profiles/react/vercel-react-best-practices/rules/server-dedup-props.md +65 -0
- package/.agents/skills/profiles/react/vercel-react-best-practices/rules/server-parallel-fetching.md +83 -0
- package/.agents/skills/profiles/react/vercel-react-best-practices/rules/server-serialization.md +38 -0
- package/.agents/skills/profiles/springboot/README.md +10 -0
- package/.agents/skills/profiles/vue/create-api/SKILL.md +105 -0
- package/.agents/skills/profiles/vue/create-component/SKILL.md +76 -0
- package/.agents/skills/profiles/vue/create-route/SKILL.md +141 -0
- package/.agents/skills/profiles/vue/create-store/SKILL.md +97 -0
- package/.agents/skills/profiles/vue/create-view/SKILL.md +81 -0
- package/.agents/skills/profiles/vue/theme-variables/SKILL.md +73 -0
- package/.agents/skills/profiles/vue/vue-best-practices/SKILL.md +166 -0
- package/.agents/skills/profiles/vue/vue-best-practices/references/animation-class-based-technique.md +254 -0
- package/.agents/skills/profiles/vue/vue-best-practices/references/animation-state-driven-technique.md +291 -0
- package/.agents/skills/profiles/vue/vue-best-practices/references/component-async.md +97 -0
- package/.agents/skills/profiles/vue/vue-best-practices/references/component-data-flow.md +307 -0
- package/.agents/skills/profiles/vue/vue-best-practices/references/component-fallthrough-attrs.md +174 -0
- package/.agents/skills/profiles/vue/vue-best-practices/references/component-keep-alive.md +137 -0
- package/.agents/skills/profiles/vue/vue-best-practices/references/component-slots.md +216 -0
- package/.agents/skills/profiles/vue/vue-best-practices/references/component-suspense.md +228 -0
- package/.agents/skills/profiles/vue/vue-best-practices/references/component-teleport.md +108 -0
- package/.agents/skills/profiles/vue/vue-best-practices/references/component-transition-group.md +128 -0
- package/.agents/skills/profiles/vue/vue-best-practices/references/component-transition.md +125 -0
- package/.agents/skills/profiles/vue/vue-best-practices/references/composables.md +290 -0
- package/.agents/skills/profiles/vue/vue-best-practices/references/directives.md +162 -0
- package/.agents/skills/profiles/vue/vue-best-practices/references/perf-avoid-component-abstraction-in-lists.md +159 -0
- package/.agents/skills/profiles/vue/vue-best-practices/references/perf-v-once-v-memo-directives.md +182 -0
- package/.agents/skills/profiles/vue/vue-best-practices/references/perf-virtualize-large-lists.md +187 -0
- package/.agents/skills/profiles/vue/vue-best-practices/references/plugins.md +166 -0
- package/.agents/skills/profiles/vue/vue-best-practices/references/reactivity.md +344 -0
- package/.agents/skills/profiles/vue/vue-best-practices/references/render-functions.md +201 -0
- package/.agents/skills/profiles/vue/vue-best-practices/references/sfc.md +310 -0
- package/.agents/skills/profiles/vue/vue-best-practices/references/state-management.md +135 -0
- package/.agents/skills/profiles/vue/vue-best-practices/references/updated-hook-performance.md +187 -0
- package/.agents/templates/common/README.md +23 -0
- package/.agents/templates/common/bugfix.md +22 -0
- package/.agents/templates/common/create-expert-package.md +458 -0
- package/.agents/templates/common/mock-page.md +28 -0
- package/.agents/templates/common/new-component.md +25 -0
- package/.agents/templates/common/new-page.md +31 -0
- package/.cursor/mcp.json +36 -0
- package/.qoder/README.md +114 -0
- package/.qoder/commands +1 -0
- package/.qoder/mcp.json +26 -0
- package/.qoder/rules +1 -0
- package/.qoder/skills +1 -0
- package/LICENSE +21 -0
- package/README.md +433 -0
- package/bin/archive-change.js +474 -0
- package/bin/check-command.js +62 -0
- package/bin/cli.js +295 -0
- package/bin/command-template-renderer.js +40 -0
- package/bin/context-command.js +102 -0
- package/bin/demo-runtime-smoke.js +760 -0
- package/bin/execution-semantics.js +821 -0
- package/bin/executor-command.js +93 -0
- package/bin/expert-dispatch.js +334 -0
- package/bin/expert-executor.js +1148 -0
- package/bin/guard-command.js +52 -0
- package/bin/hub-command.js +876 -0
- package/bin/ide-command.js +242 -0
- package/bin/init-command.js +193 -0
- package/bin/install-workflow.js +2983 -0
- package/bin/manifest-export.js +34 -0
- package/bin/profile-registry.js +90 -0
- package/bin/protocol-workflow.js +446 -0
- package/bin/repair-command.js +161 -0
- package/bin/repo-map.js +177 -0
- package/bin/report-command.js +236 -0
- package/bin/runtime-bootstrap.js +428 -0
- package/bin/runtime-embedded.js +101 -0
- package/bin/runtime-fallback.js +106 -0
- package/bin/runtime-launcher.js +116 -0
- package/bin/runtime-paths.js +177 -0
- package/bin/runtime-registry.js +289 -0
- package/bin/runtime-state.js +2541 -0
- package/bin/scan.js +96 -0
- package/bin/self-upgrade.js +206 -0
- package/bin/skill-spec-validator.js +457 -0
- package/bin/spec-command.js +366 -0
- package/bin/superpowers.js +384 -0
- package/bin/sync-command.js +59 -0
- package/bin/sync.js +1904 -0
- package/bin/task-orchestrator-adapter.js +341 -0
- package/bin/task-orchestrator-extractor.js +274 -0
- package/bin/task-orchestrator-runner.js +1208 -0
- package/bin/telemetry/README.md +66 -0
- package/bin/telemetry/aspect.js +153 -0
- package/bin/telemetry/collect.js +67 -0
- package/bin/telemetry/config.js +114 -0
- package/bin/telemetry/defaults.json +5 -0
- package/bin/telemetry/healthcheck.js +195 -0
- package/bin/telemetry/identity.js +53 -0
- package/bin/telemetry/index.js +25 -0
- package/bin/telemetry/reporter.js +83 -0
- package/bin/telemetry/safe.js +39 -0
- package/bin/validate-registry.js +740 -0
- package/bin/visual-bridge-config.js +117 -0
- package/bin/visual-bridge.js +287 -0
- package/bin/visual-command.js +432 -0
- package/bin/worktree-command.js +194 -0
- package/configs/common/.editorconfig +15 -0
- package/configs/common/.husky/commit-msg +4 -0
- package/configs/common/.husky/pre-commit +4 -0
- package/configs/common/.lintstagedrc +11 -0
- package/configs/common/.prettierignore +11 -0
- package/configs/common/.prettierrc.json +11 -0
- package/configs/common/.stylelintignore +14 -0
- package/configs/common/.stylelintrc.json +21 -0
- package/configs/common/commitlint.config.js +3 -0
- package/configs/profiles/nestjs/.gitkeep +1 -0
- package/configs/profiles/node-tooling/.gitkeep +1 -0
- package/configs/profiles/react/.eslintignore +6 -0
- package/configs/profiles/react/.eslintrc.js +16 -0
- package/configs/profiles/react/.stylelintrc.json +18 -0
- package/configs/profiles/springboot/.gitkeep +1 -0
- package/configs/profiles/vue/.eslintignore +7 -0
- package/configs/profiles/vue/.eslintrc.cjs +17 -0
- package/contracts/README.md +28 -0
- package/contracts/fixtures/asset-package.fixture.json +26 -0
- package/contracts/fixtures/asset-usage-feedback.fixture.json +14 -0
- package/contracts/fixtures/evidence-report.fixture.json +28 -0
- package/contracts/fixtures/manifest.fixture.json +20 -0
- package/contracts/fixtures/run-event.fixture.json +15 -0
- package/contracts/schemas/asset-package.schema.json +76 -0
- package/contracts/schemas/asset-usage-feedback.schema.json +57 -0
- package/contracts/schemas/evidence-report.schema.json +60 -0
- package/contracts/schemas/manifest.schema.json +63 -0
- package/contracts/schemas/run-event.schema.json +72 -0
- package/install.ps1 +35 -0
- package/install.sh +17 -0
- package/internal/ai-protocol-workflow.js +5600 -0
- package/internal/hub-client.js +98 -0
- package/internal/hub-sync-selection.js +69 -0
- package/internal/visual-hooks/README.md +481 -0
- package/internal/visual-hooks/config-loader.js +218 -0
- package/internal/visual-hooks/control-puller.js +206 -0
- package/internal/visual-hooks/gate-signal.js +150 -0
- package/internal/visual-hooks/inbox-consumer.js +469 -0
- package/internal/visual-hooks/index.js +197 -0
- package/internal/visual-hooks/push-client.js +189 -0
- package/internal/visual-hooks/receipt-pusher.js +176 -0
- package/internal/visual-hooks/runtime-state-pusher.js +128 -0
- package/openspec/changes/.gitkeep +0 -0
- package/openspec/changes/archive/.gitkeep +0 -0
- package/openspec/config.yaml.template +52 -0
- package/openspec/schemas/expert-delivery/schema.yaml +68 -0
- package/openspec/schemas/expert-delivery/templates/checklist.md +39 -0
- package/openspec/schemas/expert-delivery/templates/design.md +61 -0
- package/openspec/schemas/expert-delivery/templates/iterations.md +25 -0
- package/openspec/schemas/expert-delivery/templates/proposal.md +45 -0
- package/openspec/schemas/expert-delivery/templates/spec.md +29 -0
- package/openspec/schemas/expert-delivery/templates/tasks.md +24 -0
- package/openspec/specs/.gitkeep +0 -0
- package/package.json +73 -0
- package/scripts/acceptance-zero-intrusion.sh +168 -0
- package/scripts/hub-sync-assets.config.example.json +296 -0
- package/scripts/hub-sync-assets.js +2038 -0
- package/scripts/local-verify.sh +280 -0
- package/scripts/post-publish-auto-fix-check.js +404 -0
- package/scripts/post-publish-verify.sh +175 -0
- package/scripts/setup-cursor-manual-test.sh +107 -0
- package/scripts/setup-cursor-spec-archive-test.sh +111 -0
- package/scripts/setup-visual-integration.sh +225 -0
- package/scripts/test-integration.sh +176 -0
- package/scripts/update-test-project.sh +93 -0
- package/scripts/upload-four-web.sh +57 -0
- package/scripts/verify-install-ps1-bom.js +26 -0
- package/src/agent/agent-context.js +259 -0
- package/src/agent/agent-profile.js +185 -0
- package/src/agent/agent-templates.js +161 -0
- package/src/agent/agent-types.js +108 -0
- package/src/agent/collaboration-protocol.js +333 -0
- package/src/agent/conflict-handler.js +364 -0
- package/src/agent/file-permission.js +121 -0
- package/src/agent/index.js +38 -0
- package/src/agent/permission-audit.js +151 -0
- package/src/agent/review-repair-loop.js +270 -0
- package/src/agent/tool-permission.js +101 -0
- package/src/asset/asset-dependency.js +322 -0
- package/src/asset/asset-feedback.js +350 -0
- package/src/asset/asset-fork.js +300 -0
- package/src/asset/asset-install.js +278 -0
- package/src/asset/asset-installer.js +497 -0
- package/src/asset/asset-lifecycle.js +324 -0
- package/src/asset/asset-manager.js +245 -0
- package/src/asset/asset-package-manager.js +349 -0
- package/src/asset/asset-package.js +186 -0
- package/src/asset/asset-quality.js +262 -0
- package/src/asset/asset-registry.js +387 -0
- package/src/asset/asset-version.js +293 -0
- package/src/asset/index.js +86 -0
- package/src/cache/agent-profile-cache.js +59 -0
- package/src/cache/asset-cache.js +63 -0
- package/src/cache/global-cache.js +61 -0
- package/src/cache/manifest-cache.js +30 -0
- package/src/check/check-service.js +32 -0
- package/src/config/config-layer.js +343 -0
- package/src/config/config-loader.js +60 -0
- package/src/config/defaults.js +49 -0
- package/src/connectors/hub/asset-package.js +72 -0
- package/src/connectors/hub/asset-usage-feedback.js +46 -0
- package/src/connectors/hub/hub-connector.js +44 -0
- package/src/connectors/hub/index.js +21 -0
- package/src/connectors/visual/evidence-report.js +49 -0
- package/src/connectors/visual/index.js +15 -0
- package/src/connectors/visual/queue.js +41 -0
- package/src/connectors/visual/run-event.js +81 -0
- package/src/connectors/visual/visual-connector.js +77 -0
- package/src/context/context-budget.js +59 -0
- package/src/context/context-builder.js +285 -0
- package/src/context/context-loader.js +116 -0
- package/src/context/context-planner.js +158 -0
- package/src/context/types.js +96 -0
- package/src/contracts/index.js +63 -0
- package/src/executor/executor-registry.js +78 -0
- package/src/executor/executor-result-parser.js +44 -0
- package/src/executor/executor-runner.js +141 -0
- package/src/executor/executor-selector.js +139 -0
- package/src/executor/executor-timeout.js +36 -0
- package/src/executor/providers/base-provider-utils.js +189 -0
- package/src/executor/providers/claude-code-executor-provider.js +128 -0
- package/src/executor/providers/codex-executor-provider.js +126 -0
- package/src/executor/providers/cursor-executor-provider.js +99 -0
- package/src/executor/types.js +137 -0
- package/src/git/branch-manager.js +71 -0
- package/src/git/dirty-checker.js +43 -0
- package/src/git/dirty-strategy-handler.js +29 -0
- package/src/git/git-command.js +37 -0
- package/src/git/git-repository-detector.js +45 -0
- package/src/git/multi-repo-worktree-planner.js +88 -0
- package/src/git/policy.js +19 -0
- package/src/git/strategies/block-dirty-strategy.js +34 -0
- package/src/git/strategies/ignore-dirty-strategy.js +33 -0
- package/src/git/strategies/patch-snapshot-strategy.js +53 -0
- package/src/git/strategies/wip-commit-strategy.js +38 -0
- package/src/git/types.js +71 -0
- package/src/git/worktree-manager.js +85 -0
- package/src/governance/asset-review.js +351 -0
- package/src/governance/audit-log.js +368 -0
- package/src/governance/gray-release.js +312 -0
- package/src/governance/index.js +31 -0
- package/src/governance/policy-types.js +56 -0
- package/src/governance/rbac-types.js +171 -0
- package/src/governance/rbac.js +382 -0
- package/src/governance/rollback.js +360 -0
- package/src/governance/security-policy.js +354 -0
- package/src/hook/hook-config-writer.js +125 -0
- package/src/hub/hub-client.js +186 -0
- package/src/hub/hub-config.js +39 -0
- package/src/hub/project-facts.js +31 -0
- package/src/hub/runtime-feedback-reporter.js +55 -0
- package/src/ide/adapters/adapter-protocol.js +385 -0
- package/src/ide/adapters/claude-adapter.js +419 -0
- package/src/ide/adapters/codex-adapter.js +60 -0
- package/src/ide/adapters/cursor-adapter.js +484 -0
- package/src/ide/adapters/index.js +24 -0
- package/src/ide/anchors/markdown-anchor-writer.js +152 -0
- package/src/ide/ide-service.js +270 -0
- package/src/ide/ide-types.js +94 -0
- package/src/ide/links/link-mode-resolver.js +160 -0
- package/src/ide/registry/ide-registry-builder.js +165 -0
- package/src/incident/incident-writer.js +47 -0
- package/src/incident/types.js +22 -0
- package/src/init/ide-linker.js +126 -0
- package/src/init/ide-pointer-injector.js +75 -0
- package/src/init/init-applier.js +197 -0
- package/src/init/init-plan.js +294 -0
- package/src/init/init-service.js +65 -0
- package/src/init/manifest-installer.js +302 -0
- package/src/init/types.js +26 -0
- package/src/project/config-writer.js +83 -0
- package/src/project/context-index-writer.js +82 -0
- package/src/project/json-utils.js +72 -0
- package/src/project/local-state-writer.js +50 -0
- package/src/project/lock-file-writer.js +98 -0
- package/src/project/manifest-writer.js +126 -0
- package/src/project/policy-config-writer.js +91 -0
- package/src/project/project-config-writer.js +74 -0
- package/src/project/project-files.js +39 -0
- package/src/project/registry-index-writer.js +43 -0
- package/src/project/workspace-config-writer.js +63 -0
- package/src/run/index.js +11 -0
- package/src/run/run-id.js +32 -0
- package/src/run/run-service.js +269 -0
- package/src/run/run-store.js +80 -0
- package/src/scanner/aggregator/detection-aggregator.js +23 -0
- package/src/scanner/boundary/boundary-resolver.js +229 -0
- package/src/scanner/detectors/detector-registry.js +44 -0
- package/src/scanner/detectors/fastapi-detector.js +46 -0
- package/src/scanner/detectors/go-detector.js +46 -0
- package/src/scanner/detectors/nestjs-detector.js +57 -0
- package/src/scanner/detectors/nextjs-detector.js +52 -0
- package/src/scanner/detectors/react-vite-detector.js +52 -0
- package/src/scanner/detectors/react-webpack-detector.js +57 -0
- package/src/scanner/detectors/springboot-detector.js +46 -0
- package/src/scanner/detectors/springcloud-detector.js +46 -0
- package/src/scanner/detectors/springmvc-detector.js +46 -0
- package/src/scanner/detectors/vue-vite-detector.js +52 -0
- package/src/scanner/engine.js +72 -0
- package/src/scanner/facts/fact-extractor.js +211 -0
- package/src/scanner/types.js +30 -0
- package/src/security/asset-tamper-checker.js +188 -0
- package/src/security/checksum.js +40 -0
- package/src/spec/spec-writer.js +302 -0
- package/src/state-machine/circuit-breaker.js +112 -0
- package/src/state-machine/escape-hatch.js +49 -0
- package/src/state-machine/stage-runner.js +281 -0
- package/src/state-machine/state-machine.js +24 -0
- package/src/state-machine/transition-guard.js +36 -0
- package/src/state-machine/types.js +37 -0
- package/src/sync/sync-service.js +192 -0
- package/src/visual/agent-visual.js +142 -0
- package/src/visual/event-gateway.js +357 -0
- package/src/visual/event-mapper.js +128 -0
- package/src/visual/hook-dashboard.js +216 -0
- package/src/visual/index.js +27 -0
- package/src/visual/metrics.js +287 -0
- package/src/visual/privacy-filter.js +100 -0
- package/src/visual/risk-board.js +252 -0
- package/src/visual/timeline.js +245 -0
- package/src/visual/visual-client.js +94 -0
- package/src/visual/visual-config.js +40 -0
- package/src/visual/visual-reporter.js +88 -0
|
@@ -0,0 +1,293 @@
|
|
|
1
|
+
# 业务风险评估指南
|
|
2
|
+
|
|
3
|
+
## 概述
|
|
4
|
+
|
|
5
|
+
本指南帮助 AI 评审专家系统性地识别业务类风险,确保代码实现与需求文档一致。
|
|
6
|
+
|
|
7
|
+
## 评估维度
|
|
8
|
+
|
|
9
|
+
### 1. 需求覆盖度检查
|
|
10
|
+
|
|
11
|
+
#### 检查清单
|
|
12
|
+
|
|
13
|
+
- [ ] **功能完整性**: 需求文档中的所有功能点是否都已实现
|
|
14
|
+
- [ ] **验收标准**: 是否满足需求文档中的验收标准
|
|
15
|
+
- [ ] **业务规则**: 代码实现是否符合业务规则
|
|
16
|
+
- [ ] **边界场景**: 需求文档中提到的边界场景是否都处理了
|
|
17
|
+
- [ ] **异常流程**: 异常场景是否有对应处理逻辑
|
|
18
|
+
|
|
19
|
+
#### 示例
|
|
20
|
+
|
|
21
|
+
**需求文档**:
|
|
22
|
+
> 用户下单时必须校验库存,库存不足时显示"暂时缺货"并禁止提交订单。
|
|
23
|
+
|
|
24
|
+
**代码检查**:
|
|
25
|
+
```javascript
|
|
26
|
+
// ✅ 正确实现
|
|
27
|
+
if (stock <= 0) {
|
|
28
|
+
showError('暂时缺货');
|
|
29
|
+
disableSubmit();
|
|
30
|
+
}
|
|
31
|
+
|
|
32
|
+
// ❌ 风险实现 - 缺少库存校验
|
|
33
|
+
submitOrder(); // 直接提交,未检查库存
|
|
34
|
+
```
|
|
35
|
+
|
|
36
|
+
### 2. 业务流程完整性
|
|
37
|
+
|
|
38
|
+
#### 常见业务流程
|
|
39
|
+
|
|
40
|
+
**电商订单流程**:
|
|
41
|
+
```
|
|
42
|
+
浏览商品 → 加入购物车 → 确认订单 → 支付 → 发货 → 完成
|
|
43
|
+
↓
|
|
44
|
+
取消订单 → 退款
|
|
45
|
+
```
|
|
46
|
+
|
|
47
|
+
**检查要点**:
|
|
48
|
+
- 流程是否完整,有无缺失环节
|
|
49
|
+
- 流程跳转是否正确
|
|
50
|
+
- 异常流程是否处理(如支付失败、库存不足)
|
|
51
|
+
|
|
52
|
+
#### 示例
|
|
53
|
+
|
|
54
|
+
**风险场景**:
|
|
55
|
+
```
|
|
56
|
+
✅ 正常流程: 创建订单 → 支付 → 更新库存
|
|
57
|
+
❌ 缺失流程: 支付失败 → 无处理逻辑
|
|
58
|
+
```
|
|
59
|
+
|
|
60
|
+
### 3. 状态流转一致性
|
|
61
|
+
|
|
62
|
+
#### 常见状态机
|
|
63
|
+
|
|
64
|
+
**订单状态流转**:
|
|
65
|
+
```
|
|
66
|
+
待支付 → 已支付 → 待发货 → 已发货 → 已完成
|
|
67
|
+
↓ ↓
|
|
68
|
+
取消 退款中 → 已退款
|
|
69
|
+
```
|
|
70
|
+
|
|
71
|
+
**检查要点**:
|
|
72
|
+
- 状态流转是否符合需求文档
|
|
73
|
+
- 是否存在非法状态跳转
|
|
74
|
+
- 状态变更是否有对应业务逻辑
|
|
75
|
+
|
|
76
|
+
#### 示例
|
|
77
|
+
|
|
78
|
+
**风险场景**:
|
|
79
|
+
```javascript
|
|
80
|
+
// ❌ 风险: 状态从"待支付"直接跳到"已完成"
|
|
81
|
+
order.status = 'completed'; // 缺少"已支付"状态
|
|
82
|
+
|
|
83
|
+
// ✅ 正确: 按流程流转
|
|
84
|
+
if (order.status === 'pending_payment' && payment.success) {
|
|
85
|
+
order.status = 'paid';
|
|
86
|
+
// 后续流程...
|
|
87
|
+
}
|
|
88
|
+
```
|
|
89
|
+
|
|
90
|
+
### 4. 数据一致性
|
|
91
|
+
|
|
92
|
+
#### 检查要点
|
|
93
|
+
|
|
94
|
+
- **事务性**: 多个数据操作是否在同一事务中
|
|
95
|
+
- **并发控制**: 是否存在并发安全问题
|
|
96
|
+
- **数据校验**: 输入数据是否符合业务约束
|
|
97
|
+
- **数据关联**: 关联数据是否同步更新
|
|
98
|
+
|
|
99
|
+
#### 示例
|
|
100
|
+
|
|
101
|
+
**风险场景**:
|
|
102
|
+
```javascript
|
|
103
|
+
// ❌ 风险: 库存扣减与订单创建不在同一事务
|
|
104
|
+
await createOrder(orderData);
|
|
105
|
+
await deductStock(productId, quantity);
|
|
106
|
+
// 如果 createOrder 成功但 deductStock 失败,数据不一致
|
|
107
|
+
|
|
108
|
+
// ✅ 正确: 使用事务
|
|
109
|
+
await db.transaction(async (tx) => {
|
|
110
|
+
await createOrder(tx, orderData);
|
|
111
|
+
await deductStock(tx, productId, quantity);
|
|
112
|
+
});
|
|
113
|
+
```
|
|
114
|
+
|
|
115
|
+
### 5. 权限与合规
|
|
116
|
+
|
|
117
|
+
#### 检查要点
|
|
118
|
+
|
|
119
|
+
- **身份认证**: 操作前是否校验用户身份
|
|
120
|
+
- **权限控制**: 用户是否有权限执行该操作
|
|
121
|
+
- **数据权限**: 用户只能访问自己的数据
|
|
122
|
+
- **合规要求**: 是否符合法律法规(如隐私保护)
|
|
123
|
+
|
|
124
|
+
#### 示例
|
|
125
|
+
|
|
126
|
+
**风险场景**:
|
|
127
|
+
```javascript
|
|
128
|
+
// ❌ 风险: 未校验权限即可删除订单
|
|
129
|
+
async function deleteOrder(orderId) {
|
|
130
|
+
await api.delete(`/orders/${orderId}`);
|
|
131
|
+
}
|
|
132
|
+
|
|
133
|
+
// ✅ 正确: 校验权限
|
|
134
|
+
async function deleteOrder(orderId) {
|
|
135
|
+
const order = await getOrder(orderId);
|
|
136
|
+
if (order.userId !== currentUser.id) {
|
|
137
|
+
throw new Error('无权限操作');
|
|
138
|
+
}
|
|
139
|
+
await api.delete(`/orders/${orderId}`);
|
|
140
|
+
}
|
|
141
|
+
```
|
|
142
|
+
|
|
143
|
+
### 6. 异常场景处理
|
|
144
|
+
|
|
145
|
+
#### 常见异常场景
|
|
146
|
+
|
|
147
|
+
- **网络异常**: 请求失败、超时、重试
|
|
148
|
+
- **业务异常**: 库存不足、余额不足、状态不符
|
|
149
|
+
- **系统异常**: 服务不可用、数据库连接失败
|
|
150
|
+
- **用户异常**: 用户取消、用户退出
|
|
151
|
+
|
|
152
|
+
#### 检查要点
|
|
153
|
+
|
|
154
|
+
- 是否有错误提示
|
|
155
|
+
- 是否有降级方案
|
|
156
|
+
- 是否有重试机制
|
|
157
|
+
- 是否有回滚逻辑
|
|
158
|
+
|
|
159
|
+
#### 示例
|
|
160
|
+
|
|
161
|
+
**风险场景**:
|
|
162
|
+
```javascript
|
|
163
|
+
// ❌ 风险: 支付失败无处理
|
|
164
|
+
async function handlePayment() {
|
|
165
|
+
const result = await pay();
|
|
166
|
+
// 如果支付失败,无任何提示
|
|
167
|
+
}
|
|
168
|
+
|
|
169
|
+
// ✅ 正确: 完整的异常处理
|
|
170
|
+
async function handlePayment() {
|
|
171
|
+
try {
|
|
172
|
+
const result = await pay();
|
|
173
|
+
if (result.success) {
|
|
174
|
+
showSuccess('支付成功');
|
|
175
|
+
navigateToOrderDetail();
|
|
176
|
+
} else {
|
|
177
|
+
showError(result.message);
|
|
178
|
+
enableRetry();
|
|
179
|
+
}
|
|
180
|
+
} catch (error) {
|
|
181
|
+
showError('支付失败,请重试');
|
|
182
|
+
enableRetry();
|
|
183
|
+
logError(error);
|
|
184
|
+
}
|
|
185
|
+
}
|
|
186
|
+
```
|
|
187
|
+
|
|
188
|
+
## 风险等级判定标准
|
|
189
|
+
|
|
190
|
+
### 🔴 严重(Critical)
|
|
191
|
+
|
|
192
|
+
**判定标准**:
|
|
193
|
+
- 缺失核心功能点
|
|
194
|
+
- 业务流程错误
|
|
195
|
+
- 数据一致性问题
|
|
196
|
+
- 安全合规问题
|
|
197
|
+
|
|
198
|
+
**处理建议**: 必须修复后才能上线
|
|
199
|
+
|
|
200
|
+
### 🟡 警告(Warning)
|
|
201
|
+
|
|
202
|
+
**判定标准**:
|
|
203
|
+
- 缺少异常场景处理
|
|
204
|
+
- 边界条件遗漏
|
|
205
|
+
- 状态流转不完整
|
|
206
|
+
- 用户体验问题
|
|
207
|
+
|
|
208
|
+
**处理建议**: 建议修复后上线
|
|
209
|
+
|
|
210
|
+
### 🔵 建议(Suggestion)
|
|
211
|
+
|
|
212
|
+
**判定标准**:
|
|
213
|
+
- 体验优化
|
|
214
|
+
- 流程改进
|
|
215
|
+
- 性能优化
|
|
216
|
+
- 代码重构
|
|
217
|
+
|
|
218
|
+
**处理建议**: 可在后续迭代中处理
|
|
219
|
+
|
|
220
|
+
## 需求文档解析要点
|
|
221
|
+
|
|
222
|
+
### 提取关键信息
|
|
223
|
+
|
|
224
|
+
1. **业务目标**: 为什么要做这个功能
|
|
225
|
+
2. **功能清单**: 需要实现哪些功能
|
|
226
|
+
3. **业务规则**: 有什么约束条件
|
|
227
|
+
4. **验收标准**: 怎样算完成
|
|
228
|
+
5. **边界场景**: 有哪些特殊情况
|
|
229
|
+
6. **异常流程**: 出错时怎么处理
|
|
230
|
+
|
|
231
|
+
### 映射到代码
|
|
232
|
+
|
|
233
|
+
| 需求文档内容 | 代码检查点 |
|
|
234
|
+
|-------------|-----------|
|
|
235
|
+
| "必须校验库存" | 库存校验逻辑 |
|
|
236
|
+
| "支付失败显示错误提示" | 支付异常处理 |
|
|
237
|
+
| "仅管理员可删除" | 权限校验 |
|
|
238
|
+
| "3秒无响应显示loading" | loading 状态管理 |
|
|
239
|
+
| "支持批量操作" | 批量处理逻辑 |
|
|
240
|
+
|
|
241
|
+
## 输出格式要求
|
|
242
|
+
|
|
243
|
+
每个业务风险必须包含:
|
|
244
|
+
|
|
245
|
+
```markdown
|
|
246
|
+
### [风险标题]
|
|
247
|
+
|
|
248
|
+
**风险等级**: 🔴 严重 / 🟡 警告 / 🔵 建议
|
|
249
|
+
**需求来源**: 需求文档章节引用
|
|
250
|
+
**影响范围**: 影响的业务场景
|
|
251
|
+
**问题描述**: 详细说明风险
|
|
252
|
+
**修复建议**: 具体的修复方案
|
|
253
|
+
**示例代码**: 修复后的代码示例(可选)
|
|
254
|
+
```
|
|
255
|
+
|
|
256
|
+
## 常见业务风险模式
|
|
257
|
+
|
|
258
|
+
### 1. 缺失功能
|
|
259
|
+
|
|
260
|
+
- 需求文档要求的功能未实现
|
|
261
|
+
- 只实现了正常流程,缺少异常流程
|
|
262
|
+
- 只实现了主流程,缺少分支流程
|
|
263
|
+
|
|
264
|
+
### 2. 流程错误
|
|
265
|
+
|
|
266
|
+
- 流程顺序错误
|
|
267
|
+
- 缺少必要的流程环节
|
|
268
|
+
- 流程跳转逻辑错误
|
|
269
|
+
|
|
270
|
+
### 3. 状态管理混乱
|
|
271
|
+
|
|
272
|
+
- 状态定义不完整
|
|
273
|
+
- 状态流转不合法
|
|
274
|
+
- 状态变更无业务逻辑支撑
|
|
275
|
+
|
|
276
|
+
### 4. 数据不一致
|
|
277
|
+
|
|
278
|
+
- 关联数据未同步
|
|
279
|
+
- 操作非原子性
|
|
280
|
+
- 缺少数据校验
|
|
281
|
+
|
|
282
|
+
### 5. 权限漏洞
|
|
283
|
+
|
|
284
|
+
- 未校验用户身份
|
|
285
|
+
- 权限控制缺失
|
|
286
|
+
- 数据权限泄露
|
|
287
|
+
|
|
288
|
+
### 6. 异常处理不足
|
|
289
|
+
|
|
290
|
+
- 无错误提示
|
|
291
|
+
- 无降级方案
|
|
292
|
+
- 无重试机制
|
|
293
|
+
- 无回滚逻辑
|
|
@@ -0,0 +1,121 @@
|
|
|
1
|
+
# 评审报告 HTML 模板参考
|
|
2
|
+
|
|
3
|
+
## 报告结构示例
|
|
4
|
+
|
|
5
|
+
本文件提供 HTML 报告的结构参考,实际生成时应动态填充数据。
|
|
6
|
+
|
|
7
|
+
## 核心功能模块
|
|
8
|
+
|
|
9
|
+
### 1. 概览面板
|
|
10
|
+
|
|
11
|
+
应包含的统计指标:
|
|
12
|
+
- 变更文件总数
|
|
13
|
+
- 新增行数 / 删除行数
|
|
14
|
+
- 提交次数
|
|
15
|
+
- 技术风险总数(按等级分布)
|
|
16
|
+
- 业务风险总数(按等级分布)
|
|
17
|
+
- 需求覆盖度(如果有需求文档)
|
|
18
|
+
- 整体通过率
|
|
19
|
+
|
|
20
|
+
### 2. 文件树导航
|
|
21
|
+
|
|
22
|
+
展示结构:
|
|
23
|
+
```
|
|
24
|
+
src/
|
|
25
|
+
├── components/
|
|
26
|
+
│ ├── OrderForm.vue (+120/-15) 🟡 2个风险
|
|
27
|
+
│ └── PaymentButton.vue (+80/-0) 🔴 1个风险
|
|
28
|
+
├── api/
|
|
29
|
+
│ └── order.js (+200/-30) 🔵 3个建议
|
|
30
|
+
└── utils/
|
|
31
|
+
└── validator.js (+50/-0) ⚪ 1个提示
|
|
32
|
+
```
|
|
33
|
+
|
|
34
|
+
### 3. 代码差异展示
|
|
35
|
+
|
|
36
|
+
支持两种模式:
|
|
37
|
+
- **Side-by-Side**: 左右对比
|
|
38
|
+
- **Unified**: 统一显示
|
|
39
|
+
|
|
40
|
+
颜色标记:
|
|
41
|
+
- 绿色背景: 新增行
|
|
42
|
+
- 红色背景: 删除行
|
|
43
|
+
- 黄色背景: 修改行
|
|
44
|
+
|
|
45
|
+
### 4. 技术风险列表
|
|
46
|
+
|
|
47
|
+
每个风险项包含:
|
|
48
|
+
```json
|
|
49
|
+
{
|
|
50
|
+
"file": "src/components/OrderForm.vue",
|
|
51
|
+
"line": 45,
|
|
52
|
+
"severity": "critical",
|
|
53
|
+
"category": "security",
|
|
54
|
+
"title": "XSS 攻击风险",
|
|
55
|
+
"description": "用户输入未转义直接渲染到页面",
|
|
56
|
+
"suggestion": "使用 v-html 时应对内容进行转义处理",
|
|
57
|
+
"code": "<div v-html=\"userInput\"></div>",
|
|
58
|
+
"fixed_code": "<div>{{ userInput }}</div>"
|
|
59
|
+
}
|
|
60
|
+
```
|
|
61
|
+
|
|
62
|
+
### 5. 业务风险列表
|
|
63
|
+
|
|
64
|
+
每个业务风险项包含:
|
|
65
|
+
```json
|
|
66
|
+
{
|
|
67
|
+
"severity": "critical",
|
|
68
|
+
"category": "missing_feature",
|
|
69
|
+
"title": "缺少支付失败处理逻辑",
|
|
70
|
+
"description": "需求文档要求支付失败时显示错误提示并提供重试选项",
|
|
71
|
+
"requirement_ref": "docs/prd-order-module.md §4.2 支付流程",
|
|
72
|
+
"related_files": ["src/components/PaymentButton.vue"],
|
|
73
|
+
"suggestion": "添加支付失败的 catch 处理,显示错误提示",
|
|
74
|
+
"impact": "用户支付失败后无法继续操作,影响转化率"
|
|
75
|
+
}
|
|
76
|
+
```
|
|
77
|
+
|
|
78
|
+
## 交互功能实现要点
|
|
79
|
+
|
|
80
|
+
### 模式切换
|
|
81
|
+
- 使用 JavaScript 切换 CSS class 实现
|
|
82
|
+
- Side-by-Side: `display: grid; grid-template-columns: 1fr 1fr;`
|
|
83
|
+
- Unified: `display: block;`
|
|
84
|
+
|
|
85
|
+
### 主题切换
|
|
86
|
+
- 使用 CSS 变量定义颜色
|
|
87
|
+
- 通过切换 `data-theme="dark"` 属性实现
|
|
88
|
+
- 使用 localStorage 保存用户偏好
|
|
89
|
+
|
|
90
|
+
### 评论功能
|
|
91
|
+
- 点击行号触发评论输入
|
|
92
|
+
- 评论数据存储在 localStorage
|
|
93
|
+
- 格式: `comments:{fileName}:{line}: [{user, content, timestamp}]`
|
|
94
|
+
|
|
95
|
+
### 搜索功能
|
|
96
|
+
- 使用正则表达式匹配文件名和代码内容
|
|
97
|
+
- 高亮匹配结果
|
|
98
|
+
- 支持上一个/下一个跳转
|
|
99
|
+
|
|
100
|
+
### 过滤功能
|
|
101
|
+
- 按文件类型过滤: `.vue`, `.js`, `.ts` 等
|
|
102
|
+
- 按风险等级过滤: critical, warning, suggestion, info
|
|
103
|
+
- 按风险类型过滤: technical, business
|
|
104
|
+
|
|
105
|
+
## 性能优化建议
|
|
106
|
+
|
|
107
|
+
1. **虚拟滚动**: 大量代码差异时使用虚拟滚动
|
|
108
|
+
2. **懒加载**: 文件树展开时才加载子节点
|
|
109
|
+
3. **代码折叠**: 默认折叠未变更区域
|
|
110
|
+
4. **防抖搜索**: 搜索输入防抖 300ms
|
|
111
|
+
5. **Web Worker**: 复杂计算(如代码分析)放到 Web Worker
|
|
112
|
+
|
|
113
|
+
## 打印优化
|
|
114
|
+
|
|
115
|
+
```css
|
|
116
|
+
@media print {
|
|
117
|
+
.no-print { display: none; }
|
|
118
|
+
.diff-viewer { page-break-inside: avoid; }
|
|
119
|
+
.risk-item { page-break-inside: avoid; }
|
|
120
|
+
}
|
|
121
|
+
```
|
|
@@ -0,0 +1,99 @@
|
|
|
1
|
+
---
|
|
2
|
+
name: config-and-secret-scan
|
|
3
|
+
description: 统一配置项命名、分层与校验方式,并扫描代码与配置文件中的硬编码密钥、敏感信息或不安全配置。当用户说“检查配置”“新增配置项”“扫描敏感信息”“密钥泄露”“secret scan”“环境变量规范”时使用。
|
|
4
|
+
compatibility: Requires access to a local repository workspace and project config files; designed for source scanning rather than remote-only review.
|
|
5
|
+
---
|
|
6
|
+
|
|
7
|
+
# 配置与敏感信息扫描
|
|
8
|
+
|
|
9
|
+
## 使用时机
|
|
10
|
+
|
|
11
|
+
当你需要:
|
|
12
|
+
|
|
13
|
+
- 新增或调整环境变量、配置项、配置文档
|
|
14
|
+
- 检查仓库里是否有硬编码 token、密码、API Key、证书片段
|
|
15
|
+
- 对齐 `.env`、配置模块、启动校验的写法
|
|
16
|
+
|
|
17
|
+
优先同时参考:
|
|
18
|
+
|
|
19
|
+
- `.agents/rules/common/08-通用约束.md`
|
|
20
|
+
- 当前项目已有的 `.env.example`、配置模块、启动入口
|
|
21
|
+
|
|
22
|
+
## 核心原则
|
|
23
|
+
|
|
24
|
+
- 配置名保持全大写、下划线分隔,避免写死业务前缀假设
|
|
25
|
+
- 示例只写占位符,不写真实密钥
|
|
26
|
+
- 先看项目已有配置约定,再补统一规范
|
|
27
|
+
- 输出以位置、风险和修复建议为主,不做空泛安全口号
|
|
28
|
+
- 若当前在协议流程中,优先把结果沉淀到当前 `checklist.md`、`risk-findings` 或用户指定文档,不写死固定输出目录
|
|
29
|
+
|
|
30
|
+
## 配置规范
|
|
31
|
+
|
|
32
|
+
### 命名与分层
|
|
33
|
+
|
|
34
|
+
- 环境变量:如 `API_BASE_URL`、`LOG_LEVEL`、`ACCESS_TOKEN_TTL`
|
|
35
|
+
- 按环境区分:`.env.development`、`.env.test`、`.env.production` 或配置中心 namespace
|
|
36
|
+
- 新增配置项至少说明:
|
|
37
|
+
- 用途
|
|
38
|
+
- 类型
|
|
39
|
+
- 默认值
|
|
40
|
+
- 是否必填
|
|
41
|
+
- 缺失时的处理方式
|
|
42
|
+
|
|
43
|
+
### 启动校验
|
|
44
|
+
|
|
45
|
+
- 启动时校验关键配置,避免运行时才暴露缺失项
|
|
46
|
+
- 端口、URL、布尔、枚举值应做最小格式校验
|
|
47
|
+
- `.env.example` 只保留字段名、示例值或占位符
|
|
48
|
+
|
|
49
|
+
## 扫描目标
|
|
50
|
+
|
|
51
|
+
默认检查下列内容:
|
|
52
|
+
|
|
53
|
+
- 硬编码密码:`password = "..."`、`pwd = "..."` 等
|
|
54
|
+
- API Key / Token:`apiKey`、`token`、`secret`、`bearer`、`authorization`
|
|
55
|
+
- 私钥或证书片段:`-----BEGIN`
|
|
56
|
+
- 配置文件中的敏感字段:`.env`、`config.*`、`*.yaml`、`*.yml`
|
|
57
|
+
- 明显不安全配置:关闭鉴权、跳过证书校验、生产环境默认弱口令
|
|
58
|
+
|
|
59
|
+
## 排除项
|
|
60
|
+
|
|
61
|
+
- `node_modules`、`dist`、`coverage`、缓存目录
|
|
62
|
+
- `.env.example`、模板文档中的明确占位符
|
|
63
|
+
- 测试假值:`dummy`、`test`、`example`、`your_xxx`
|
|
64
|
+
|
|
65
|
+
## 输出格式
|
|
66
|
+
|
|
67
|
+
按表格或清单输出:
|
|
68
|
+
|
|
69
|
+
| 文件 | 行号 | 风险类型 | 片段 | 建议 |
|
|
70
|
+
|------|------|----------|------|------|
|
|
71
|
+
| `src/config/auth.ts` | `12` | `hardcoded-token` | `Bearer sk-***` | 改为从环境变量或密钥服务读取 |
|
|
72
|
+
|
|
73
|
+
若没有发现问题,明确写:
|
|
74
|
+
|
|
75
|
+
- 未发现疑似硬编码密钥或明显不安全配置
|
|
76
|
+
|
|
77
|
+
## 执行步骤
|
|
78
|
+
|
|
79
|
+
### 1. 识别当前任务
|
|
80
|
+
|
|
81
|
+
- 若是“新增配置项”,先找现有配置模块、启动入口、`.env.example`
|
|
82
|
+
- 若是“扫描敏感信息”,先确定扫描范围;未指定时默认扫描仓库源码与配置目录
|
|
83
|
+
|
|
84
|
+
### 2. 读取项目事实
|
|
85
|
+
|
|
86
|
+
- 查看 `package.json`、启动入口、配置模块
|
|
87
|
+
- 判断项目是直接读 `process.env`、配置对象,还是走统一配置层
|
|
88
|
+
|
|
89
|
+
### 3. 输出结果
|
|
90
|
+
|
|
91
|
+
- 配置类需求:给出字段定义、示例、读取方式、校验建议
|
|
92
|
+
- 扫描类需求:给出命中位置、风险说明、修复建议
|
|
93
|
+
- 若在协议流程内,优先将结果归入当前审查/风险产物
|
|
94
|
+
|
|
95
|
+
## 禁止事项
|
|
96
|
+
|
|
97
|
+
- 不写入真实密钥
|
|
98
|
+
- 不把占位符误判为真实泄露
|
|
99
|
+
- 不忽略项目已有配置约定,自行发明另一套命名体系
|
|
@@ -0,0 +1,192 @@
|
|
|
1
|
+
---
|
|
2
|
+
name: create-proposal
|
|
3
|
+
description: 当用户需要为新需求、改版需求或补充方案发起 OpenSpec 提案时,在 `/opsx:propose` 前完成需求分析、上下文注入和提案后置检查。
|
|
4
|
+
compatibility: Requires an OpenSpec workspace, local .agents/rules constraints, and repository paths such as openspec/changes/ and docs/样式还原/.
|
|
5
|
+
---
|
|
6
|
+
|
|
7
|
+
# 创建提案(OpenSpec 增强层)
|
|
8
|
+
|
|
9
|
+
## 定位
|
|
10
|
+
|
|
11
|
+
本技能是 OpenSpec `/opsx:propose` 的**增强层**,不替代、不干预 OpenSpec 的产物生成。
|
|
12
|
+
|
|
13
|
+
职责划分:
|
|
14
|
+
|
|
15
|
+
| 层 | 职责 | 产物位置 |
|
|
16
|
+
|----|------|----------|
|
|
17
|
+
| **本技能** | 需求前置分析 + 上下文注入 + 后置检查 | 无独立产物(分析结论注入 OpenSpec 上下文) |
|
|
18
|
+
| **OpenSpec** | 生成 proposal.md / specs/ / design.md / tasks.md | `openspec/changes/<name>/` |
|
|
19
|
+
| **config.yaml** | 桥接 ai-spec-auto 规范到 OpenSpec rules | `openspec/config.yaml` |
|
|
20
|
+
|
|
21
|
+
## 使用时机
|
|
22
|
+
|
|
23
|
+
当需要为一个**需求**创建提案时使用。需求可能是:
|
|
24
|
+
|
|
25
|
+
- 新增/改版一个**页面**(有或没有设计稿)
|
|
26
|
+
- 开发一系列**功能组件**(有或没有 UI 描述)
|
|
27
|
+
- **有接口**或**无接口**(后端未就绪时用 mock)
|
|
28
|
+
- 纯逻辑、纯接口、或 UI + 接口 等组合
|
|
29
|
+
|
|
30
|
+
## 环境依赖
|
|
31
|
+
|
|
32
|
+
- 依赖本仓库的 `openspec/` 目录、`.agents/rules/` 规范和相关命令约定
|
|
33
|
+
- 设计稿分析与 UI 产物默认落到 `docs/样式还原/`
|
|
34
|
+
- 会引用兄弟 skill 与 OpenSpec 命令,不适合作为脱离仓库的通用提案模板
|
|
35
|
+
|
|
36
|
+
## 注意事项
|
|
37
|
+
|
|
38
|
+
- 本技能只做提案增强,不替代 OpenSpec 原生产物生成
|
|
39
|
+
- 复杂交互必须先整理交互摘要,不能把实现口径留到编码阶段临时补
|
|
40
|
+
- 只要进入后置检查,就必须按审计汇报规范输出结论
|
|
41
|
+
|
|
42
|
+
---
|
|
43
|
+
|
|
44
|
+
## 步骤 1:需求前置分析
|
|
45
|
+
|
|
46
|
+
在委托 OpenSpec 生成提案之前,先确认下列条件,作为传递给 OpenSpec 的上下文。
|
|
47
|
+
|
|
48
|
+
| 条件 | 选项 | 影响 |
|
|
49
|
+
|------|------|------|
|
|
50
|
+
| **是否有设计稿或 UI 要求描述** | 有 / 无 | 有 → 步骤 2 触发 design-analysis;OpenSpec 的 tasks 中应包含 UI 验收任务 |
|
|
51
|
+
| **是否有接口(已提供或约定)** | 有 / 无 / 未就绪 | 有 → 正常对接;无 → 可不做数据层;未就绪 → mock,见项目 Mock 数据策略 |
|
|
52
|
+
| **交付形态** | 新页面 / 功能组件 / 能力模块 / 其它 | 决定目录结构(routes vs components)与 OpenSpec design.md 中的技术方案 |
|
|
53
|
+
| **是否仅样式/还原类** | 是 / 否 | 是 → 重点在 design-analysis + 验收 |
|
|
54
|
+
| **是否存在复杂交互** | 有 / 无 | 有 → 先按 `references/interaction-spec-template.md` 收口搜索、表单、弹窗、批量操作等交互说明,再写 proposal/design/tasks |
|
|
55
|
+
|
|
56
|
+
---
|
|
57
|
+
|
|
58
|
+
## 步骤 2:设计稿分析(可选但推荐)
|
|
59
|
+
|
|
60
|
+
当需求**包含界面**且**有设计稿**(.pen、figma 链接、设计图、标注)或**有明确 UI 描述**时:
|
|
61
|
+
|
|
62
|
+
- **使用技能**:`.agents/skills/design-analysis/SKILL.md`
|
|
63
|
+
- **产出**:`docs/样式还原/<名称>-UI分析清单.md`
|
|
64
|
+
|
|
65
|
+
分析清单应在 OpenSpec 生成提案前或同步完成,以便 OpenSpec 的 specs/、design.md、tasks.md 能引用分析结果。
|
|
66
|
+
|
|
67
|
+
若页面包含搜索、表单、弹窗、批量操作、复杂状态切换等交互,先参考 `references/interaction-spec-template.md` 把交互说明整理成摘要,再写入 `proposal.md / design.md / tasks.md`,避免实现阶段自己补口径。
|
|
68
|
+
|
|
69
|
+
---
|
|
70
|
+
|
|
71
|
+
## 步骤 3:委托 OpenSpec 生成提案
|
|
72
|
+
|
|
73
|
+
将步骤 1-2 的分析结论整合为变更描述,调用 `/opsx:propose <change-name>`。
|
|
74
|
+
|
|
75
|
+
OpenSpec 会在 `openspec/changes/<change-name>/` 下生成原生产物:
|
|
76
|
+
|
|
77
|
+
```
|
|
78
|
+
openspec/changes/<change-name>/
|
|
79
|
+
├── .openspec.yaml # 变更元数据
|
|
80
|
+
├── proposal.md # 变更概述(why + what + impact)
|
|
81
|
+
├── specs/ # Delta specs(新增/修改/删除的需求)
|
|
82
|
+
│ └── <domain>/
|
|
83
|
+
│ └── spec.md
|
|
84
|
+
├── design.md # 技术设计(方案选型、组件拆分、数据结构)
|
|
85
|
+
└── tasks.md # 实施任务清单
|
|
86
|
+
```
|
|
87
|
+
|
|
88
|
+
**上下文注入**:OpenSpec 通过 `openspec/config.yaml` 中的 `context` 和 `rules` 字段自动读取 ai-spec-auto 的规范约束(路由、组件、API、样式等),无需本技能额外干预。
|
|
89
|
+
|
|
90
|
+
**传递给 OpenSpec 的信息**(作为 propose 描述的一部分):
|
|
91
|
+
- 步骤 1 确认的条件(交付形态、接口情况、设计稿情况)
|
|
92
|
+
- 步骤 2 产出的 UI 分析清单路径(如有)
|
|
93
|
+
- 涉及 UI 时:组件放置位置建议(依据 `.agents/rules/04-组件规范.md`)
|
|
94
|
+
- 涉及接口时:接口结构建议(依据 `.agents/rules/05-API规范.md`)
|
|
95
|
+
- 接口未就绪时:标注 mock 策略
|
|
96
|
+
|
|
97
|
+
---
|
|
98
|
+
|
|
99
|
+
## 步骤 4:后置检查与增强
|
|
100
|
+
|
|
101
|
+
OpenSpec 生成提案后,检查以下项目并按需补充:
|
|
102
|
+
|
|
103
|
+
### 4.1 design.md 检查
|
|
104
|
+
- 技术方案是否遵循 `.agents/rules/` 中的架构约束
|
|
105
|
+
- 涉及页面时,是否参考了 `.agents/rules/06-路由规范.md`
|
|
106
|
+
- 涉及组件时,是否参考了 `.agents/rules/04-组件规范.md`
|
|
107
|
+
- 样式方案是否使用主题变量(`.agents/rules/09-样式规范.md`)
|
|
108
|
+
|
|
109
|
+
### 4.2 tasks.md 检查
|
|
110
|
+
- 涉及 UI 且有设计稿时,末尾是否包含 UI 还原验收任务(引用 `.agents/skills/ui-verification/SKILL.md`)
|
|
111
|
+
- 涉及接口时,是否包含接口封装任务(引用 `.agents/rules/05-API规范.md`)
|
|
112
|
+
- 图标/图片未定时,是否标注占位元素(`.agents/rules/08-通用约束.md`)
|
|
113
|
+
- 有 UI 分析清单时,开发任务是否引用 `docs/样式还原/<名称>-UI分析清单.md`
|
|
114
|
+
- 存在复杂交互时,是否把搜索、表单、弹窗、批量操作和异常状态写成明确任务项,而不是只留一句“完善交互”
|
|
115
|
+
|
|
116
|
+
### 4.3 specs/ 检查
|
|
117
|
+
- 每个 capability 的验收场景是否可测试
|
|
118
|
+
- 有设计稿时,是否引用 UI 分析清单作为验收参考
|
|
119
|
+
|
|
120
|
+
### 4.4 执行交接与审计(提案阶段)
|
|
121
|
+
|
|
122
|
+
- 提案确认后进入执行阶段时,遵循 `.agents/rules/12-Superpowers执行规范.md`,按 `.agents/skills/execute-task/SKILL.md` 的四步循环逐条执行 `openspec/changes/<change-name>/tasks.md`,或通过 IDE/OpenSpec 的 apply 命令进入同一执行链路。
|
|
123
|
+
- **本步骤 4 后置检查完成、向用户交付分析摘要与检查结果时**,须遵守 `.agents/rules/14-审计汇报规范.md`(适用范围含「完成 create-proposal 后置检查」)。执行阶段的审计要求见 **4.5** 中与方案一、方案二的衔接说明。
|
|
124
|
+
|
|
125
|
+
### 4.5 输出模板:下一步(必选)
|
|
126
|
+
|
|
127
|
+
OpenSpec 生成提案且本步骤 4 检查完毕后,**必须**以独立小节 **「下一步」** 输出以下内容(将 `<change-name>` 替换为实际变更目录名,如 `add-simple-input`)。
|
|
128
|
+
|
|
129
|
+
#### 4.5.1 如何写对 apply 命令(IDE 启发式)
|
|
130
|
+
|
|
131
|
+
无法从仓库自动检测 IDE;按本轮对话线索选用主推命令,**无法判断时并列整张对照表**:
|
|
132
|
+
|
|
133
|
+
| 情况 | 主推命令 |
|
|
134
|
+
|------|----------|
|
|
135
|
+
| 用户已使用 `/opsx-propose`、`/opsx-apply` 等**连字符**命令 | `/opsx-apply <change-name>`(Cursor / Windsurf / Copilot IDE 等) |
|
|
136
|
+
| 用户使用 `/opsx:propose`、`/opsx:apply` 等**冒号**命令 | `/opsx:apply <change-name>`(Claude Code) |
|
|
137
|
+
| **无法判断** | 并列给出:Claude Code → `/opsx:apply <change-name>`;Cursor / Windsurf / Copilot IDE → `/opsx-apply <change-name>`;Trae → `/openspec-apply <change-name>`(与 `docs/openspec-guide.md` §7.4 一致) |
|
|
138
|
+
|
|
139
|
+
另附一句:若使用 **OpenSpec CLI** 本地 `openspec apply`,与上述 apply 流程语义一致,不替代各 IDE 中的斜杠命令。
|
|
140
|
+
|
|
141
|
+
#### 4.5.2 方案一:Superpowers + execute-task(推荐)
|
|
142
|
+
|
|
143
|
+
向用户提供**可复制**的提示语(可整段粘贴到新会话):
|
|
144
|
+
|
|
145
|
+
> 请使用 execute-task 技能,以 `openspec/changes/<change-name>/tasks.md` 为准,从第一条未勾选 `- [ ]` 开始,按 Superpowers 四步(头脑风暴 → TDD → 双重审查 → 状态更新)逐条执行;必要时先执行 `/opsx-apply <change-name>`(Cursor 等)或 `/opsx:apply <change-name>`(Claude Code)。执行须遵守 `.agents/rules/12-Superpowers执行规范.md` 与 `.agents/rules/14-审计汇报规范.md`(第四步状态更新含审计报告)。
|
|
146
|
+
|
|
147
|
+
技能路径:`.cursor/skills/common/execute-task/SKILL.md` 或 `.agents/skills/common/execute-task/SKILL.md`。
|
|
148
|
+
|
|
149
|
+
#### 4.5.3 方案二:仅按 tasks.md 清单
|
|
150
|
+
|
|
151
|
+
适合小改动或用户明确要求「快扫清单」、不强制每步输出四步标题时,提供**可复制**提示语:
|
|
152
|
+
|
|
153
|
+
> 请直接按 `openspec/changes/<change-name>/tasks.md` 顺序逐项实现,每完成一项将对应 `- [ ]` 改为 `- [x]`,并保证与 `design.md`、`specs/` 一致。**凡产生代码变更**,仍须按 `.agents/rules/14-审计汇报规范.md` 输出审计报告,不得因未走 execute-task 四步而省略。
|
|
154
|
+
|
|
155
|
+
#### 4.5.4 可选说明
|
|
156
|
+
|
|
157
|
+
若用户只需子集(例如仅改导出、仅改单文件),可提示其用一句话收窄范围,并仍指向同一 `tasks.md` 或具体条目。
|
|
158
|
+
|
|
159
|
+
#### 4.5.5 审计汇报(跨阶段小结)
|
|
160
|
+
|
|
161
|
+
在「下一步」小节末尾用一两句汇总:**提案阶段**后置检查交付已适用 `14-审计汇报规范.md`;**执行阶段**每条任务或批量实现后的审计要求不变,与方案一、方案二中的引用一致。
|
|
162
|
+
|
|
163
|
+
---
|
|
164
|
+
|
|
165
|
+
## 样式还原验证检查清单(供 create-route / create-component 引用)
|
|
166
|
+
|
|
167
|
+
当开发涉及 **UI 还原**(有设计稿或分析清单)时,可对照以下检查项自检;更完整项见 `docs/样式还原/<名称>-UI分析清单.md` 中的「验证检查清单」。
|
|
168
|
+
|
|
169
|
+
**布局**:区域位置、尺寸、间距是否与分析清单/设计稿一致;对齐方式(如 flex-start vs center)是否正确。
|
|
170
|
+
**样式**:颜色、字体、字号、字重、圆角、边框、阴影、效果(如 backdrop-filter)是否一致。
|
|
171
|
+
**元素**:是否缺少区块、图标、占位图;占位尺寸与比例是否正确。
|
|
172
|
+
**交互**:默认/hover/active 等状态是否还原(若有设计)。
|
|
173
|
+
|
|
174
|
+
create-route、create-component 等技能中「涉及 UI 还原时」可引用:`.agents/skills/create-proposal/SKILL.md` 中的「样式还原验证检查清单」及对应页面的 `docs/样式还原/<名称>-UI分析清单.md`。
|
|
175
|
+
|
|
176
|
+
---
|
|
177
|
+
|
|
178
|
+
## 相关规范与技能
|
|
179
|
+
|
|
180
|
+
- `.agents/rules/03-项目结构.md` - 目录结构、Mock 数据策略
|
|
181
|
+
- `.agents/rules/04-组件规范.md` - 组件放置决策
|
|
182
|
+
- `.agents/rules/05-API规范.md` - 接口封装
|
|
183
|
+
- `.agents/rules/06-路由规范.md` - 路由结构
|
|
184
|
+
- `.agents/rules/08-通用约束.md` - 占位元素等
|
|
185
|
+
- `.agents/rules/09-样式规范.md` - 设计稿颜色提取、主题变量
|
|
186
|
+
- `.agents/rules/12-Superpowers执行规范.md` - 执行原则
|
|
187
|
+
- `.agents/rules/14-审计汇报规范.md` - 后置检查交付与执行任务后的审计报告
|
|
188
|
+
- `.agents/skills/execute-task/SKILL.md` - Superpowers 四步循环执行
|
|
189
|
+
- `.agents/skills/design-analysis/SKILL.md` - 设计稿分析(有设计稿时使用,产出 UI 分析清单)
|
|
190
|
+
- `.agents/skills/ui-verification/SKILL.md` - UI 验收(实现后需验收时使用)
|
|
191
|
+
- `references/interaction-spec-template.md` - 搜索、表单、弹窗、批量操作等复杂交互的摘要模板
|
|
192
|
+
- `openspec/config.yaml` - OpenSpec 配置(含 ai-spec-auto 上下文注入)
|