@hongmaple0820/scale-engine 0.20.0 → 0.21.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (24) hide show
  1. package/README.en.md +2 -2
  2. package/README.md +38 -2
  3. package/dist/api/cli.js +181 -1
  4. package/dist/api/cli.js.map +1 -1
  5. package/dist/memory/MemoryBrain.js +52 -52
  6. package/dist/output/GovernanceDashboard.js +44 -44
  7. package/dist/workflow/GovernanceTemplates.d.ts +1 -1
  8. package/dist/workflow/GovernanceTemplates.js +128 -18
  9. package/dist/workflow/GovernanceTemplates.js.map +1 -1
  10. package/dist/workflow/ResourceGovernance.js +10 -1
  11. package/dist/workflow/ResourceGovernance.js.map +1 -1
  12. package/dist/workflow/TaskArtifactScaffolder.js +43 -5
  13. package/dist/workflow/TaskArtifactScaffolder.js.map +1 -1
  14. package/dist/workflow/UpgradeManager.d.ts +140 -0
  15. package/dist/workflow/UpgradeManager.js +434 -0
  16. package/dist/workflow/UpgradeManager.js.map +1 -0
  17. package/docs/README.md +1 -0
  18. package/docs/RESOURCE_GOVERNANCE.md +92 -0
  19. package/docs/start/README.md +5 -1
  20. package/examples/demo-projects/agent-governance-demo/CONTEXT.md +14 -0
  21. package/examples/demo-projects/agent-governance-demo/README.md +32 -21
  22. package/examples/demo-projects/agent-governance-demo/docs/CONTEXT-MAP.md +14 -0
  23. package/examples/demo-projects/agent-governance-demo/package.json +6 -1
  24. package/package.json +2 -1
package/examples/demo-projects/agent-governance-demo/README.md CHANGED
@@ -1,37 +1,48 @@
1
1
  # Agent Governance Demo
2
2
 
3
- 这是 SCALE Engine 的最小官方 demo 项目,用来演示 Agent 如何在治理工作流下完成一个安全敏感任务。
3
+ 这是 SCALE Engine 的最小官方 demo 项目,用一个 OAuth state 校验场景展示 Agent 工程治理如何落到真实代码、测试、证据和报告里。
4
4
 
5
- 业务场景:OAuth callback 必须拒绝过期、已消费或不匹配的 state。
5
+ 业务目标很小:OAuth callback 必须拒绝缺失、过期、已消费或不匹配的 state。
6
6
 
7
- ## 运行
7
+ 治理目标更重要:Agent 不能只说“我完成了”,必须留下可验证证据。
8
+
9
+ ## 快速运行
8
10
 
9
11
  ```bash
10
12
  npm install
11
13
  npm test
12
14
  ```
13
15
 
14
- ## 接入 SCALE
16
+ ## 一键治理烟测
17
+
18
+ ```bash
19
+ npm run workflow:smoke
20
+ ```
21
+
22
+ 这个命令会依次运行:
23
+
24
+ - `npm test`:验证业务行为。
25
+ - `scale eval run --dir .`:运行工作流基线评测。
26
+ - `scale context budget --dir .`:检查上下文预算,避免无节制读取。
27
+ - `scale artifact dashboard --dir . --lang zh`:生成本地治理 HTML 看板。
28
+
29
+ ## 适合演示的 SCALE 命令
15
30
 
16
31
  ```bash
17
- scale init --governance-pack node-library
18
- scale preflight --preflight-profile quick
19
- scale context init --name "Agent Governance Demo"
20
- scale runtime start --session-id 2026-05-18-oauth-state --task-id 2026-05-18-oauth-state --level M --agent codex
21
- scale context grill --task-id 2026-05-18-oauth-state --task "加固 OAuth state 校验"
22
- scale diagnose plan --task-id 2026-05-18-oauth-state --symptom "OAuth callback 在 state 过期或不匹配时行为不明确"
23
- scale tdd slice --task-id 2026-05-18-oauth-state --behavior "拒绝过期、已消费或不匹配的 OAuth state" --public-interface "verifyOAuthState(record, providedState, now)" --failing-test "expired, consumed, mismatched state should return ok=false" --test-file tests/oauth-state.test.ts --impl-files src/oauth-state.ts
24
- scale runtime record --title "demo business tests" --kind command --status passed --command "npm test" --exit-code 0 --summary "official demo OAuth state tests passed"
25
- scale runtime final-check --task-id 2026-05-18-oauth-state --session-id 2026-05-18-oauth-state --level M
26
- scale memory pack --task-id 2026-05-18-oauth-state --session-id 2026-05-18-oauth-state --task "加固 OAuth state 校验" --level M --budget 4000
27
- scale memory settle --task-id 2026-05-18-oauth-state --session-id 2026-05-18-oauth-state --task "加固 OAuth state 校验" --level M
28
- scale artifact render --task-id 2026-05-18-oauth-state --artifact-dir docs/worklog/tasks/2026-05-18-oauth-state
29
- scale artifact doctor --artifact-dir docs/worklog/tasks/2026-05-18-oauth-state
32
+ scale governance mode --task "修复 OAuth state 校验绕过问题" --files "src/oauth-state.ts,tests/oauth-state.test.ts"
33
+ scale skill radar --dir . --task "修复 OAuth state 校验绕过问题" --phase verify --level M --files "src/oauth-state.ts,tests/oauth-state.test.ts"
34
+ scale codegraph status --dir .
35
+ scale eval run --dir .
36
+ scale artifact dashboard --dir . --lang zh
30
37
  ```
31
38
 
32
- ## 看点
39
+ ## 观察点
40
+
41
+ - `src/oauth-state.ts` 保持很小,便于核对 Agent 是否过度设计。
42
+ - `tests/oauth-state.test.ts` 覆盖成功、缺失、过期、已消费和不匹配 state。
43
+ - `CONTEXT.md` 和 `docs/CONTEXT-MAP.md` 只提供必要上下文,避免 demo 自己变成 token 污染源。
44
+ - `.scale/evals/suites/workflow-baseline.json` 可由 `scale eval init --dir .` 重新生成。
33
45
 
34
- - 业务逻辑很小,但风险边界明确。
35
- - 测试覆盖成功、过期、已消费、不匹配和缺失记录。
36
- - SCALE 命令会生成任务证据、运行证据、记忆候选和 HTML 交付视图,避免 Agent 只口头说“已完成”。
46
+ ## 这不是业务模板
37
47
 
48
+ 这个 demo 不是 OAuth 产品模板,而是治理闭环模板。真实项目接入时,应保留 SCALE 的证据、评测、上下文预算和看板机制,再替换成自己的业务代码、服务矩阵和验证脚本。
package/examples/demo-projects/agent-governance-demo/docs/CONTEXT-MAP.md ADDED
@@ -0,0 +1,14 @@
1
+ # CONTEXT-MAP.md
2
+
3
+ Project: Agent Governance Demo
4
+
5
+ | Module | Owner | Product Doc | Architecture Doc |
6
+ | --- | --- | --- | --- |
7
+ | OAuth state verifier | SCALE demo | `README.md` | `src/oauth-state.ts` |
8
+ | Workflow evidence | SCALE demo | `README.md` | `.scale/evals/suites/workflow-baseline.json` |
9
+
10
+ ## Cross-Module Rules
11
+
12
+ - Behavior changes in `src/oauth-state.ts` must update `tests/oauth-state.test.ts`.
13
+ - Workflow command changes must update `README.md`.
14
+ - Generated reports under `.scale/reports/` are review artifacts, not source of truth.
package/examples/demo-projects/agent-governance-demo/package.json CHANGED
@@ -6,9 +6,14 @@
6
6
  "scripts": {
7
7
  "build": "tsc --noEmit --module NodeNext --moduleResolution NodeNext --target ES2022 src/oauth-state.ts tests/oauth-state.test.ts",
8
8
  "lint": "tsc --noEmit --module NodeNext --moduleResolution NodeNext --target ES2022 src/oauth-state.ts tests/oauth-state.test.ts",
9
- "test": "vitest run"
9
+ "test": "vitest run",
10
+ "scale:eval": "scale eval run --dir .",
11
+ "scale:budget": "scale context budget --dir .",
12
+ "scale:dashboard": "scale artifact dashboard --dir . --lang zh",
13
+ "workflow:smoke": "npm test && npm run scale:eval && npm run scale:budget && npm run scale:dashboard"
10
14
  },
11
15
  "devDependencies": {
16
+ "@hongmaple0820/scale-engine": "^0.20.0",
12
17
  "typescript": "^5.5.0",
13
18
  "vitest": "^2.1.9"
14
19
  }
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "@hongmaple0820/scale-engine",
3
- "version": "0.20.0",
3
+ "version": "0.21.1",
4
4
  "description": "Executable AI agent governance with workflow gates, evidence, skill/tool orchestration, and traceable HTML artifacts",
5
5
  "type": "module",
6
6
  "bin": {
@@ -25,6 +25,7 @@
25
25
  "docs/GOVERNANCE_DASHBOARD.md",
26
26
  "docs/MEMORY_FABRIC.md",
27
27
  "docs/RUNTIME_EVIDENCE.md",
28
+ "docs/RESOURCE_GOVERNANCE.md",
28
29
  "docs/start",
29
30
  "examples/demo-projects/agent-governance-demo"
30
31
  ],