@hongmaple0820/scale-engine 0.21.2 → 0.24.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (135) hide show
  1. package/README.en.md +35 -11
  2. package/README.md +54 -23
  3. package/dist/api/cli.js +476 -5
  4. package/dist/api/cli.js.map +1 -1
  5. package/dist/api/doctor.d.ts +1 -0
  6. package/dist/api/doctor.js +83 -0
  7. package/dist/api/doctor.js.map +1 -1
  8. package/dist/artifact/types.d.ts +1 -1
  9. package/dist/artifact/types.js.map +1 -1
  10. package/dist/cli/phaseCommands.js +22 -6
  11. package/dist/cli/phaseCommands.js.map +1 -1
  12. package/dist/cli/runCommand.d.ts +39 -0
  13. package/dist/cli/runCommand.js +113 -0
  14. package/dist/cli/runCommand.js.map +1 -0
  15. package/dist/config/profiles.d.ts +52 -0
  16. package/dist/config/profiles.js +162 -0
  17. package/dist/config/profiles.js.map +1 -0
  18. package/dist/context/ContextBudget.d.ts +25 -1
  19. package/dist/context/ContextBudget.js +72 -7
  20. package/dist/context/ContextBudget.js.map +1 -1
  21. package/dist/context/ProjectAnatomy.d.ts +18 -0
  22. package/dist/context/ProjectAnatomy.js +287 -0
  23. package/dist/context/ProjectAnatomy.js.map +1 -0
  24. package/dist/dashboard/DashboardServer.d.ts +3 -0
  25. package/dist/dashboard/DashboardServer.js +114 -0
  26. package/dist/dashboard/DashboardServer.js.map +1 -1
  27. package/dist/dashboard/MetricsAggregator.d.ts +38 -0
  28. package/dist/dashboard/MetricsAggregator.js +99 -0
  29. package/dist/dashboard/MetricsAggregator.js.map +1 -0
  30. package/dist/dashboard/index.d.ts +2 -0
  31. package/dist/dashboard/index.js +1 -0
  32. package/dist/dashboard/index.js.map +1 -1
  33. package/dist/dashboard/server.js +1 -1
  34. package/dist/dashboard/server.js.map +1 -1
  35. package/dist/evolution/AutoDefectCreator.d.ts +11 -2
  36. package/dist/evolution/AutoDefectCreator.js +46 -2
  37. package/dist/evolution/AutoDefectCreator.js.map +1 -1
  38. package/dist/evolution/EvolutionEngine.d.ts +3 -0
  39. package/dist/evolution/EvolutionEngine.js +18 -2
  40. package/dist/evolution/EvolutionEngine.js.map +1 -1
  41. package/dist/evolution/RuleMaturity.d.ts +39 -0
  42. package/dist/evolution/RuleMaturity.js +70 -0
  43. package/dist/evolution/RuleMaturity.js.map +1 -0
  44. package/dist/guardrails/ActiveRedTeam.d.ts +46 -0
  45. package/dist/guardrails/ActiveRedTeam.js +203 -0
  46. package/dist/guardrails/ActiveRedTeam.js.map +1 -0
  47. package/dist/guardrails/DependencyAuditor.d.ts +68 -0
  48. package/dist/guardrails/DependencyAuditor.js +331 -0
  49. package/dist/guardrails/DependencyAuditor.js.map +1 -0
  50. package/dist/hooks/BugPatternDetector.d.ts +36 -0
  51. package/dist/hooks/BugPatternDetector.js +207 -0
  52. package/dist/hooks/BugPatternDetector.js.map +1 -0
  53. package/dist/hooks/HookGeneratorEnhanced.js +301 -5
  54. package/dist/hooks/HookGeneratorEnhanced.js.map +1 -1
  55. package/dist/hooks/WorkflowHooksManager.js +24 -0
  56. package/dist/hooks/WorkflowHooksManager.js.map +1 -1
  57. package/dist/index.d.ts +10 -0
  58. package/dist/index.js +7 -0
  59. package/dist/index.js.map +1 -1
  60. package/dist/knowledge/CerebrumManager.d.ts +25 -0
  61. package/dist/knowledge/CerebrumManager.js +127 -0
  62. package/dist/knowledge/CerebrumManager.js.map +1 -0
  63. package/dist/knowledge/SQLiteKnowledgeBase.d.ts +1 -0
  64. package/dist/knowledge/SQLiteKnowledgeBase.js +31 -3
  65. package/dist/knowledge/SQLiteKnowledgeBase.js.map +1 -1
  66. package/dist/knowledge/TfidfIndex.d.ts +50 -0
  67. package/dist/knowledge/TfidfIndex.js +177 -0
  68. package/dist/knowledge/TfidfIndex.js.map +1 -0
  69. package/dist/output/GovernanceDashboard.d.ts +2 -0
  70. package/dist/output/GovernanceDashboard.js +31 -0
  71. package/dist/output/GovernanceDashboard.js.map +1 -1
  72. package/dist/routing/PromptCachePolicy.d.ts +37 -0
  73. package/dist/routing/PromptCachePolicy.js +97 -0
  74. package/dist/routing/PromptCachePolicy.js.map +1 -0
  75. package/dist/runtime/ModelUsageLedger.d.ts +50 -0
  76. package/dist/runtime/ModelUsageLedger.js +92 -0
  77. package/dist/runtime/ModelUsageLedger.js.map +1 -0
  78. package/dist/runtime/index.d.ts +1 -0
  79. package/dist/runtime/index.js +1 -0
  80. package/dist/runtime/index.js.map +1 -1
  81. package/dist/skills/SkillDiscovery.js +1 -1
  82. package/dist/skills/SkillDiscovery.js.map +1 -1
  83. package/dist/tools/CommandOutputCompressor.d.ts +28 -0
  84. package/dist/tools/CommandOutputCompressor.js +242 -0
  85. package/dist/tools/CommandOutputCompressor.js.map +1 -0
  86. package/dist/tools/CommandRunLedger.d.ts +77 -0
  87. package/dist/tools/CommandRunLedger.js +111 -0
  88. package/dist/tools/CommandRunLedger.js.map +1 -0
  89. package/dist/tools/index.d.ts +2 -0
  90. package/dist/tools/index.js +2 -0
  91. package/dist/tools/index.js.map +1 -1
  92. package/dist/workflow/EngineeringStandards.js +91 -2
  93. package/dist/workflow/EngineeringStandards.js.map +1 -1
  94. package/dist/workflow/GovernanceTemplatePacks.js +2 -2
  95. package/dist/workflow/GovernanceTemplates.js +93 -92
  96. package/dist/workflow/GovernanceTemplates.js.map +1 -1
  97. package/dist/workflow/TaskLevelDetector.d.ts +41 -0
  98. package/dist/workflow/TaskLevelDetector.js +219 -0
  99. package/dist/workflow/TaskLevelDetector.js.map +1 -0
  100. package/dist/workflow/WorkflowOrchestrator.d.ts +59 -0
  101. package/dist/workflow/WorkflowOrchestrator.js +326 -0
  102. package/dist/workflow/WorkflowOrchestrator.js.map +1 -0
  103. package/dist/workflow/autonomous/BackgroundHunter.d.ts +74 -0
  104. package/dist/workflow/autonomous/BackgroundHunter.js +220 -0
  105. package/dist/workflow/autonomous/BackgroundHunter.js.map +1 -0
  106. package/dist/workflow/autonomous/index.d.ts +1 -0
  107. package/dist/workflow/autonomous/index.js +1 -0
  108. package/dist/workflow/autonomous/index.js.map +1 -1
  109. package/dist/workflow/gates/GateSystem.d.ts +33 -6
  110. package/dist/workflow/gates/GateSystem.js +176 -25
  111. package/dist/workflow/gates/GateSystem.js.map +1 -1
  112. package/dist/workflow/gates/MetaGovernanceGates.d.ts +70 -0
  113. package/dist/workflow/gates/MetaGovernanceGates.js +617 -0
  114. package/dist/workflow/gates/MetaGovernanceGates.js.map +1 -0
  115. package/dist/workflow/gates/VisualGate.d.ts +41 -0
  116. package/dist/workflow/gates/VisualGate.js +174 -0
  117. package/dist/workflow/gates/VisualGate.js.map +1 -0
  118. package/dist/workflow/index.d.ts +1 -0
  119. package/dist/workflow/index.js +1 -0
  120. package/dist/workflow/index.js.map +1 -1
  121. package/dist/workflow/types.d.ts +6 -1
  122. package/docs/ACTIVE_SECURITY_VISUAL_GATES.md +87 -0
  123. package/docs/BACKGROUND_HUNTER.md +62 -0
  124. package/docs/CONTEXT_BUDGET.md +32 -6
  125. package/docs/DEPENDENCY_AUDIT.md +89 -0
  126. package/docs/EVOLUTION_SHADOW_MODE.md +63 -0
  127. package/docs/GOVERNANCE_DASHBOARD.md +21 -5
  128. package/docs/README.md +24 -12
  129. package/docs/start/README.md +29 -3
  130. package/docs/start/artifact-lifecycle.md +326 -0
  131. package/docs/start/workflow-upgrade.md +150 -0
  132. package/image/wechat-public.jpg +0 -0
  133. package/image/wxPay.jpg +0 -0
  134. package/image/zfb.jpg +0 -0
  135. package/package.json +7 -2
package/docs/README.md CHANGED
@@ -9,15 +9,18 @@
9
9
  | [start/README.md](start/README.md) | 入门路径总览 |
10
10
  | [start/quickstart.md](start/quickstart.md) | 3 分钟快速开始 |
11
11
  | [start/agent-governance-demo.md](start/agent-governance-demo.md) | 官方 demo walkthrough |
12
+ | [start/artifact-lifecycle.md](start/artifact-lifecycle.md) | Artifact 生命周期完整 walkthrough |
12
13
  | [../README.md](../README.md) | 项目主页和能力总览 |
13
14
 
14
- ## 当前治理能力
15
-
16
- | 文档 | 说明 |
17
- | --- | --- |
15
+ ## 当前治理能力
16
+
17
+ | 文档 | 说明 |
18
+ | --- | --- |
18
19
  | [RESOURCE_GOVERNANCE.md](RESOURCE_GOVERNANCE.md) | 文档、报告、媒体、脚本、临时产物的生命周期治理 |
19
- | [ENGINEERING_STANDARDS.md](ENGINEERING_STANDARDS.md) | 日志、安全、ORM、框架、测试、部署等工程规范 |
20
- | [TOOL_ORCHESTRATION.md](TOOL_ORCHESTRATION.md) | skills、MCP、CLI、浏览器、桌面自动化的编排策略 |
20
+ | [ENGINEERING_STANDARDS.md](ENGINEERING_STANDARDS.md) | 日志、安全、ORM、框架、测试、部署等工程规范 |
21
+ | [BACKGROUND_HUNTER.md](BACKGROUND_HUNTER.md) | Background Hunter 只读主动巡检、诊断交接和 ignore baseline |
22
+ | [DEPENDENCY_AUDIT.md](DEPENDENCY_AUDIT.md) | 供应链依赖审计、G7 dependency 子门禁和 dependency policy |
23
+ | [TOOL_ORCHESTRATION.md](TOOL_ORCHESTRATION.md) | skills、MCP、CLI、浏览器、桌面自动化的编排策略 |
21
24
  | [RUNTIME_EVIDENCE.md](RUNTIME_EVIDENCE.md) | 会话 ledger、运行时证据和最终交付检查 |
22
25
  | [MEMORY_FABRIC.md](MEMORY_FABRIC.md) | Runtime evidence、session events、knowledge recall 和 graph status 的预算化上下文包 |
23
26
  | [MEMORY_BRAIN.md](MEMORY_BRAIN.md) | 证据驱动的长期记忆、矛盾检测、dream 整理和 failure replay 沉淀 |
@@ -28,14 +31,23 @@
28
31
  | [UPGRADE_MANAGEMENT.md](UPGRADE_MANAGEMENT.md) | SCALE CLI、governance pack、skills、MCP 和 CLI 工具的安全升级流程 |
29
32
  | [GOVERNANCE_DASHBOARD.md](GOVERNANCE_DASHBOARD.md) | Runtime、eval、memory、resource、HTML artifact 的统一治理面板 |
30
33
  | [RELEASE_READINESS.md](RELEASE_READINESS.md) | 发版前质量门槛、官方 demo 和真实项目落地验收 |
34
+ | [DOCUMENT_STANDARDS.md](DOCUMENT_STANDARDS.md) | 文档编写与维护规范 |
31
35
  | [GITLAB_FLOW.md](GITLAB_FLOW.md) | GitLab Flow 分支、发版、tag 和临时 worktree 生命周期规范 |
32
36
  | [SKILL-REPOSITORY.md](SKILL-REPOSITORY.md) | 受治理 skill repository 和安装安全策略 |
33
- | [VIBE-TEMPLATES.md](VIBE-TEMPLATES.md) | 可复制的 Vibe Coding 提示词模板 |
34
- | [LEADERSHIP-PRESETS.md](LEADERSHIP-PRESETS.md) | CEO、CTO、PM、Architect 等内置领导者角色预设 |
35
-
36
- ## 架构与参考
37
-
38
- | 文档 | 说明 |
37
+ | [VIBE-TEMPLATES.md](VIBE-TEMPLATES.md) | 可复制的 Vibe Coding 提示词模板 |
38
+ | [LEADERSHIP-PRESETS.md](LEADERSHIP-PRESETS.md) | CEO、CTO、PM、Architect 等内置领导者角色预设 |
39
+
40
+ ## 当前规划与执行蓝图
41
+
42
+ 这些文档描述计划中的架构演进,不代表当前 CLI 已全部实现。进入实现前应按文档中的验收标准和红线逐项拆分任务。
43
+
44
+ | 文档 | 说明 |
45
+ | --- | --- |
46
+ | [plans/2026-05-20-scale-engine-v2-final-architecture-plan.md](plans/2026-05-20-scale-engine-v2-final-architecture-plan.md) | SCALE Engine V2.0 最终架构落地方案:Prompt Cache、Dashboard 聚合、Background Hunter、供应链门禁、动态/视觉验证和 Evolution Shadow Mode |
47
+
48
+ ## 架构与参考
49
+
50
+ | 文档 | 说明 |
39
51
  | --- | --- |
40
52
  | [00-OVERVIEW.md](00-OVERVIEW.md) | 系统概览 |
41
53
  | [01-ARCHITECTURE.md](01-ARCHITECTURE.md) | 架构设计 |
package/docs/start/README.md CHANGED
@@ -1,16 +1,19 @@
1
1
  # SCALE Engine 入门路径
2
2
 
3
- 这个目录只放面向新用户的上手内容。目标是让用户先跑通,再理解完整体系。
3
+ 这个目录面向新用户。目标是先跑通一条最小路径,再理解完整体系,不要求一开始掌握所有命令。
4
4
 
5
5
  ## 推荐阅读顺序
6
6
 
7
7
  1. [3 分钟快速开始](quickstart.md)
8
8
  从空目录初始化治理工作流,看到 `.scale`、模板、验证 profile 和状态输出。
9
9
 
10
- 2. [官方 Demo Walkthrough](agent-governance-demo.md)
10
+ 2. [Artifact 生命周期](artifact-lifecycle.md)
11
+ 完整走一遍 Need → Spec → Plan → Task → Change → Evidence → Release,理解 FSM 和 Guard 如何用物理约束替代提示词建议。
12
+
13
+ 3. [官方 Demo Walkthrough](agent-governance-demo.md)
11
14
  用一个 OAuth state 加固任务演示:上下文对齐、诊断计划、TDD 切片、HTML artifact、资源治理和工程规范扫描。
12
15
 
13
- 3. 回到根目录 [README](../../README.md)
16
+ 4. 回到根目录 [README](../../README.md)
14
17
  理解 SCALE Engine 的核心能力和 governance pack 选择。
15
18
 
16
19
  4. [升级管理](../UPGRADE_MANAGEMENT.md)
@@ -19,6 +22,25 @@
19
22
  5. 查看 [文档地图](../README.md)
20
23
  区分哪些文档是用户指南、哪些是参考资料、哪些是历史规划和过程记录。
21
24
 
25
+ ## 15 分钟学习路径
26
+
27
+ ```bash
28
+ npm install -g @hongmaple0820/scale-engine
29
+ scale --version
30
+ mkdir scale-demo && cd scale-demo
31
+ scale init --governance-pack standard
32
+ scale preflight --preflight-profile quick
33
+ scale status
34
+ ```
35
+
36
+ 跑完后先回答三个问题:
37
+
38
+ - `.scale/verification.json` 里定义了哪些验证 profile?
39
+ - `docs/workflow/templates/` 里有哪些任务产物模板?
40
+ - `scale status` 建议下一步做什么?
41
+
42
+ 如果这三个问题答不上来,先不要继续看高级命令。
43
+
22
44
  ## 你应该先看到什么
23
45
 
24
46
  跑完 quickstart 后,至少应该能看到:
@@ -44,3 +66,7 @@
44
66
  | 文档、报告、截图、脚本混乱 | `scale init --governance-pack resource-governance` |
45
67
  | 工作流或第三方能力要升级 | `scale upgrade check && scale upgrade plan --html` |
46
68
 
69
+
70
+ ## 工作流升级短路径
71
+
72
+ 已有项目先看 [SCALE workflow upgrade guide](workflow-upgrade.md)。它说明 `scale init --interactive`、`scale upgrade check/plan/apply/rollback`、仓库本地 `make workflow-upgrade-*` 入口,以及生成文件更新和项目级验证之间的边界。
package/docs/start/artifact-lifecycle.md ADDED
@@ -0,0 +1,326 @@
1
+ <!--
2
+ Version: 1.0
3
+ Last Updated: 2026-05-19
4
+ Scope: Tutorial — Artifact lifecycle from Need to Release
5
+ Maintainer: SCALE Engine Team
6
+ -->
7
+ # Artifact Lifecycle Walkthrough
8
+
9
+ This tutorial walks through a **complete Artifact lifecycle**: Need → Spec → Plan → Task → Change → Evidence → Release. It demonstrates how SCALE's FSM, Gates, and Guardrails work together to enforce quality through physical constraints.
10
+
11
+ ## Prerequisites
12
+
13
+ - SCALE Engine installed (`npm install -g @hongmaple0820/scale-engine`)
14
+ - Node.js 20+
15
+ - A project directory initialized with `scale init`
16
+
17
+ ## The Scenario
18
+
19
+ You have a simple calculator library. The user requests: **"Add a multiply function"**. We'll trace this request through the entire SCALE lifecycle.
20
+
21
+ ---
22
+
23
+ ## Step 1: Create a Need
24
+
25
+ Every request starts as a **Need** — the raw user intent.
26
+
27
+ ```bash
28
+ scale create need "Add multiply function to calculator"
29
+ ```
30
+
31
+ Output:
32
+ ```json
33
+ {
34
+ "id": "ART-need-20260519-0001",
35
+ "type": "Need",
36
+ "status": "DRAFT",
37
+ "title": "Add multiply function to calculator"
38
+ }
39
+ ```
40
+
41
+ The Need starts in `DRAFT` state. It's fuzzy — no success criteria, no scope boundaries.
42
+
43
+ ```bash
44
+ scale transition ART-need-20260519-0001 clarify \
45
+ --reason "Added success criteria and scope"
46
+ ```
47
+
48
+ **FSM Path:** `DRAFT → CLARIFIED`
49
+
50
+ ---
51
+
52
+ ## Step 2: Create a Spec from the Need
53
+
54
+ A **Spec** is the requirements contract — WHAT to build, not HOW.
55
+
56
+ ```bash
57
+ scale create spec "Multiply function spec" \
58
+ --from ART-need-20260519-0001 \
59
+ --payload '{
60
+ "what": "Add multiply(a, b) function that returns the product of two numbers",
61
+ "successCriteria": [
62
+ "multiply(2, 3) returns 6",
63
+ "multiply(-1, 5) returns -5",
64
+ "multiply(0, 100) returns 0",
65
+ "multiply(2.5, 4) returns 10"
66
+ ],
67
+ "outOfScope": ["Division", "Modulo", "Complex numbers"],
68
+ "edgeCases": ["Overflow", "NaN inputs", "Infinity"],
69
+ "northStar": "Reliable basic arithmetic operations"
70
+ }'
71
+ ```
72
+
73
+ Output:
74
+ ```json
75
+ {
76
+ "id": "ART-spec-20260519-0002",
77
+ "type": "Spec",
78
+ "status": "DRAFT",
79
+ "parents": ["ART-need-20260519-0001"]
80
+ }
81
+ ```
82
+
83
+ ### Spec State Machine
84
+
85
+ ```
86
+ ┌──── reject ────┐
87
+ ▼ │
88
+ DRAFT ──refine──▶ REVIEWING ──approve──▶ FROZEN
89
+ ```
90
+
91
+ The Spec must be **FROZEN** before downstream artifacts (Plan, Task) can be created. This prevents building on unstable requirements.
92
+
93
+ ```bash
94
+ # Move to review
95
+ scale transition ART-spec-20260519-0002 review --reason "Ready for review"
96
+
97
+ # Approve and freeze
98
+ scale transition ART-spec-20260519-0002 approve --reason "Requirements clear, scope defined"
99
+ ```
100
+
101
+ **FSM Path:** `DRAFT → REVIEWING → FROZEN`
102
+
103
+ ---
104
+
105
+ ## Step 3: Create a Plan
106
+
107
+ A **Plan** is the technical approach — HOW to build it.
108
+
109
+ ```bash
110
+ scale create plan "Multiply implementation plan" \
111
+ --from ART-spec-20260519-0002 \
112
+ --payload '{
113
+ "approach": "Add multiply function to existing calculator module",
114
+ "techChoices": [
115
+ {
116
+ "decision": "Simple function, not a class method",
117
+ "rationale": "Consistent with existing add/subtract pattern",
118
+ "alternatives": ["Class method", "Operator overloading"]
119
+ }
120
+ ],
121
+ "modules": [
122
+ {"path": "src/calculator.ts", "action": "modify", "reason": "Add multiply export"},
123
+ {"path": "tests/calculator.test.ts", "action": "modify", "reason": "Add multiply tests"}
124
+ ],
125
+ "rollbackStrategy": "Revert git commit",
126
+ "estimatedComplexity": 0.2
127
+ }'
128
+ ```
129
+
130
+ ```bash
131
+ scale transition ART-plan-20260519-0003 approve --reason "Plan is straightforward"
132
+ ```
133
+
134
+ **FSM Path:** `DRAFT → APPROVED`
135
+
136
+ ---
137
+
138
+ ## Step 4: Create and Execute a Task
139
+
140
+ A **Task** is the atomic execution unit.
141
+
142
+ ```bash
143
+ scale create task "Implement multiply function" \
144
+ --from ART-plan-20260519-0003 \
145
+ --payload '{
146
+ "description": "Write multiply function and tests",
147
+ "filesInvolved": ["src/calculator.ts", "tests/calculator.test.ts"],
148
+ "requiredRole": "implementer",
149
+ "requiredCapabilities": ["can_modify_code", "can_run_tests"]
150
+ }'
151
+ ```
152
+
153
+ ### Task State Machine with Guards
154
+
155
+ ```
156
+ PENDING ──schedule──▶ READY ──start──▶ RUNNING ──complete──▶ COMPLETED
157
+
158
+ └── BLOCKED by Guards
159
+ ```
160
+
161
+ The Task has **physical guards** that prevent false completion:
162
+
163
+ ```bash
164
+ # Schedule and start
165
+ scale transition ART-task-20260519-0004 schedule --reason "Ready"
166
+ scale transition ART-task-20260519-0004 start --reason "Starting implementation"
167
+
168
+ # Agent writes code (simulated)
169
+ # ... src/calculator.ts modified ...
170
+
171
+ # Agent tries to complete WITHOUT verification
172
+ scale transition ART-task-20260519-0004 complete --reason "Done"
173
+ ```
174
+
175
+ **Output (BLOCKED):**
176
+ ```json
177
+ {
178
+ "success": false,
179
+ "blockedBy": [
180
+ {
181
+ "guard": "build_passed",
182
+ "message": "Task must pass build verification before completion. Run: scale verify-task <id>"
183
+ },
184
+ {
185
+ "guard": "lint_passed",
186
+ "message": "Task must pass lint before completion. Run: scale verify-task <id>"
187
+ },
188
+ {
189
+ "guard": "tests_passed",
190
+ "message": "Task must pass tests before completion. Run: scale verify-task <id>"
191
+ }
192
+ ]
193
+ }
194
+ ```
195
+
196
+ **The transition is physically blocked.** The agent cannot claim completion without running verification.
197
+
198
+ ### Run Verification
199
+
200
+ ```bash
201
+ scale verifyTask ART-task-20260519-0004
202
+ ```
203
+
204
+ Output:
205
+ ```
206
+ Running build...
207
+ Build passed
208
+
209
+ Running lint...
210
+ Lint passed
211
+
212
+ Running tests...
213
+ Tests passed
214
+
215
+ Verification results:
216
+ Build: success (exit code: 0)
217
+ Lint: success
218
+ Tests: passed
219
+
220
+ All checks passed! Task can now be completed.
221
+ ```
222
+
223
+ Now the transition succeeds:
224
+
225
+ ```bash
226
+ scale transition ART-task-20260519-0004 complete --reason "Verified and all checks passed"
227
+ ```
228
+
229
+ **FSM Path:** `PENDING → READY → RUNNING → COMPLETED`
230
+
231
+ ---
232
+
233
+ ## Step 5: Record the Change
234
+
235
+ A **Change** tracks the actual code modification (git commit/PR).
236
+
237
+ ```bash
238
+ scale create change "Multiply function implementation" \
239
+ --from ART-task-20260519-0004 \
240
+ --payload '{
241
+ "commitSha": "abc123",
242
+ "filesChanged": [
243
+ {"path": "src/calculator.ts", "additions": 8, "deletions": 0},
244
+ {"path": "tests/calculator.test.ts", "additions": 20, "deletions": 0}
245
+ ],
246
+ "diffSummary": "Added multiply function with type safety and edge case handling"
247
+ }'
248
+
249
+ scale transition ART-change-20260519-0005 commit --reason "Committed"
250
+ scale transition ART-change-20260519-0005 verify --reason "Tests pass"
251
+ ```
252
+
253
+ **FSM Path:** `DRAFT → COMMITTED → VERIFIED`
254
+
255
+ ---
256
+
257
+ ## Step 6: Record Evidence
258
+
259
+ An **Evidence** artifact captures verification results.
260
+
261
+ ```bash
262
+ scale create evidence "Multiply function test results" \
263
+ --from ART-change-20260519-0005 \
264
+ --payload '{
265
+ "testPlanId": "ART-testplan-...",
266
+ "toolUsed": "pnpm test",
267
+ "passed": true,
268
+ "output": "Tests: 4 passed, 4 total. Coverage: 95%",
269
+ "duration": 1200,
270
+ "artifacts": ["coverage/lcov-report/index.html"]
271
+ }'
272
+ ```
273
+
274
+ ---
275
+
276
+ ## Step 7: Close the Release
277
+
278
+ A **Release** bundles everything together. It can only be created when all Defects are closed.
279
+
280
+ ```bash
281
+ scale create release "v1.1.0 - Add multiply" \
282
+ --payload '{
283
+ "version": "v1.1.0",
284
+ "includesSpecs": ["ART-spec-20260519-0002"],
285
+ "includesChanges": ["ART-change-20260519-0005"],
286
+ "rolloutStrategy": "all_at_once"
287
+ }'
288
+
289
+ scale transition ART-release-20260519-0007 prepare --reason "Ready"
290
+ scale transition ART-release-20260519-0007 ship --reason "Deploying"
291
+ scale transition ART-release-20260519-0007 verify --reason "Deployed and verified"
292
+ ```
293
+
294
+ **FSM Path:** `PLANNED → READY → DEPLOYING → DEPLOYED`
295
+
296
+ ---
297
+
298
+ ## The Complete Artifact DAG
299
+
300
+ ```
301
+ Need (CLARIFIED)
302
+ └── Spec (FROZEN)
303
+ └── Plan (APPROVED)
304
+ └── Task (COMPLETED)
305
+ └── Change (VERIFIED)
306
+ └── Evidence (PASS)
307
+ └── Release (DEPLOYED)
308
+ ```
309
+
310
+ Every arrow represents a parent-child relationship. Every state transition went through the FSM with Guards. The agent **could not skip verification** — it was physically blocked.
311
+
312
+ ---
313
+
314
+ ## Key Takeaways
315
+
316
+ 1. **FSM enforces order** — You can't create a Plan from a non-FROZEN Spec
317
+ 2. **Guards prevent false completion** — Task completion is blocked without verification
318
+ 3. **Event sourcing records everything** — Every transition is logged as an immutable event
319
+ 4. **Defects create feedback loops** — If Evidence fails, a Defect is created and the cycle continues
320
+ 5. **Lessons are extracted** — After 3+ similar Defects, SCALE proposes a Lesson; after review, it becomes a Rule; after violation, it becomes a Hook
321
+
322
+ ## Next Steps
323
+
324
+ - [Agent Governance Demo](agent-governance-demo.md) — See a real-world task walkthrough
325
+ - [Task Guard Workflow Demo](../TASK_GUARD_WORKFLOW_DEMO.md) — Deep dive into Guard mechanics
326
+ - [Data Model](../02-DATA-MODEL.md) — Understand Artifact types, events, and FSM definitions
package/docs/start/workflow-upgrade.md ADDED
@@ -0,0 +1,150 @@
1
+ # SCALE 工作流升级指南
2
+
3
+ 本文是已有仓库安装、更新、适配 SCALE 工作流资产的短路径。
4
+
5
+ 适合三类人:
6
+
7
+ | 角色 | 关注点 |
8
+ | --- | --- |
9
+ | 项目维护者 | 如何把 SCALE 接入已有仓库,并避免覆盖本地规则 |
10
+ | 普通开发者 | 拉取仓库后如何检查或安装正确的 SCALE 版本 |
11
+ | Agent 使用者 | 哪些步骤可以命令化,哪些必须人工或 Agent 审阅 |
12
+
13
+ ## 哪些可以自动化
14
+
15
+ SCALE 把更新分成三层:
16
+
17
+ | 层级 | 命令支持 | 默认行为 |
18
+ | --- | --- | --- |
19
+ | SCALE CLI | `npm install -g @hongmaple0820/scale-engine@latest` | 用户显式安装或升级 |
20
+ | 生成的工作流文件 | `scale upgrade check/plan/apply/rollback` | 先安全检查和生成计划,只有 `--confirm` 才应用 |
21
+ | 项目级验证 | 仓库 `make` 目标和 `scripts/workflow/*` | 必须保留项目语义;SCALE 不猜业务路由、凭据和服务拓扑 |
22
+
23
+ 这意味着工作流适配不是 Codex-only。Codex 可以帮助审阅和处理 `manual-review`,但常规路径应该是命令驱动。
24
+
25
+ ## 首次安装
26
+
27
+ ```bash
28
+ npm install -g @hongmaple0820/scale-engine
29
+ scale --version
30
+ ```
31
+
32
+ 已有项目可以用交互式初始化选择最接近的 governance pack:
33
+
34
+ ```bash
35
+ scale init --interactive
36
+ ```
37
+
38
+ 也可以直接指定:
39
+
40
+ ```bash
41
+ scale init --governance-pack standard
42
+ scale init --governance-pack project-scaffold
43
+ scale init --governance-pack moe-workspace
44
+ scale init --governance-pack go-service-matrix
45
+ scale init --governance-pack node-library
46
+ scale init --governance-pack frontend-app
47
+ ```
48
+
49
+ 不确定时先用 `standard`。仓库形态明确时再用更具体的 pack。
50
+
51
+ ## 更新已有工作流
52
+
53
+ 按这个顺序运行:
54
+
55
+ ```bash
56
+ scale upgrade check --dir .
57
+ scale upgrade plan --dir . --html
58
+ scale upgrade apply --dir . --confirm
59
+ scale preflight --dir . --service all --preflight-profile quick
60
+ ```
61
+
62
+ 如果仓库已有本地封装,优先使用本地命令,因为它们编码了项目默认值:
63
+
64
+ ```bash
65
+ make workflow-upgrade-check
66
+ make workflow-upgrade-plan
67
+ make workflow-upgrade-apply
68
+ make workflow-upgrade-verify
69
+ ```
70
+
71
+ 回滚只撤回最近一次 SCALE 管理的安全应用:
72
+
73
+ ```bash
74
+ scale upgrade rollback --dir .
75
+ ```
76
+
77
+ ## 如何读取结果
78
+
79
+ | 结果 | 含义 | 下一步 |
80
+ | --- | --- | --- |
81
+ | clean | 生成的工作流集合和 lock 文件一致 | 运行项目级验证 |
82
+ | missing | 生成文件缺失 | 通常可用 `apply --confirm` 恢复 |
83
+ | outdated | SCALE 有更新的生成模板 | 审阅计划,确认安全后应用 |
84
+ | manual-review | 生成文件已有本地修改 | 检查 diff,不要自动覆盖 |
85
+
86
+ `manual-review` 是有意设计。SCALE 不应该抹掉本地项目知识、服务命令或 Agent 规则。
87
+
88
+ ## 项目级适配
89
+
90
+ 生成文件更新后,再按真实仓库适配这些文件:
91
+
92
+ - `.scale/verification.json`: service matrix, required checks, optional UI or E2E checks.
93
+ - `.scale/workspace.json`: branch model, protected branches, monorepo or workspace boundaries.
94
+ - `AGENTS.md` and `CLAUDE.md`: short agent entry rules.
95
+ - `docs/workflow/README.md`: human-readable workflow and verification commands.
96
+ - Repository wrappers such as `Makefile` and `scripts/workflow/verify.ps1`.
97
+
98
+ 对 `netdisk-project` 这类多服务产品,不能把 `/health` 当作充分验证。验证必须覆盖本次变更影响的真实产品路径,例如 gateway 路由、`/api/v1/*` 请求、OAuth callback、存储驱动、UI 调用和数据持久化。
99
+
100
+ ## Agent 本地产物忽略规则
101
+
102
+ 工作流资产和团队协作规则可以提交;Agent 平台的本地状态、临时 worktree、缓存、日志和会话产物不应提交。已有项目接入或升级 SCALE 时,检查根 `.gitignore` 是否至少覆盖这些本地产物:
103
+
104
+ ```gitignore
105
+ .claude/worktrees/
106
+ .claude/tmp/
107
+ .claude/local/
108
+ .codex/worktrees/
109
+ .codex/tmp/
110
+ .codex-tmp/
111
+ .cursor/tmp/
112
+ .continue/
113
+ .aider*
114
+ .gemini/tmp/
115
+ .omc/
116
+ .roo/tmp/
117
+ .cline/tmp/
118
+ .windsurf/
119
+ .playwright-mcp/
120
+ ```
121
+
122
+ 不要为了省事直接忽略所有协作配置目录。像 `AGENTS.md`、`CLAUDE.md`、`.cursor/rules/`、团队共享的 `.claude/settings.json`、`.scale/governance.lock.json` 这类稳定规则可以进入版本库。
123
+
124
+ ## 推荐仓库封装
125
+
126
+ 接入 SCALE 的仓库建议暴露这些命令:
127
+
128
+ ```makefile
129
+ workflow-upgrade-check:
130
+ scale upgrade check --dir .
131
+ workflow-upgrade-plan:
132
+ scale upgrade plan --dir . --html
133
+ workflow-upgrade-apply:
134
+ scale upgrade apply --dir . --confirm
135
+ workflow-upgrade-rollback:
136
+ scale upgrade rollback --dir .
137
+ workflow-upgrade-verify:
138
+ scale preflight --dir . --service all --preflight-profile quick
139
+ ```
140
+
141
+ 如果 Windows 环境没有 `make`,提供等价 PowerShell 脚本,或在文档里写清原始 `scale` 命令。
142
+
143
+ ## 完成检查
144
+
145
+ - `scale --version` 输出预期版本。
146
+ - `scale upgrade check --dir .` 没有非预期 drift。
147
+ - 有变更时,`scale upgrade plan --dir . --html` 能生成可审阅计划。
148
+ - `scale upgrade apply --dir . --confirm` 只在审阅计划后使用。
149
+ - 项目级验证通过,或记录清楚已知失败。
150
+ - `README.md`、`AGENTS.md`、`CLAUDE.md`、`docs/workflow/README.md` 指向同一组工作流命令。
package/image/wechat-public.jpg ADDED
Binary file
package/image/wxPay.jpg ADDED
Binary file
package/image/zfb.jpg ADDED
Binary file
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "@hongmaple0820/scale-engine",
3
- "version": "0.21.2",
3
+ "version": "0.24.0",
4
4
  "description": "Executable AI agent governance with workflow gates, evidence, skill/tool orchestration, and traceable HTML artifacts",
5
5
  "type": "module",
6
6
  "bin": {
@@ -19,6 +19,10 @@
19
19
  "docs/README.md",
20
20
  "docs/CODE_INTELLIGENCE.md",
21
21
  "docs/CONTEXT_BUDGET.md",
22
+ "docs/BACKGROUND_HUNTER.md",
23
+ "docs/DEPENDENCY_AUDIT.md",
24
+ "docs/ACTIVE_SECURITY_VISUAL_GATES.md",
25
+ "docs/EVOLUTION_SHADOW_MODE.md",
22
26
  "docs/WORKFLOW_EVAL.md",
23
27
  "docs/SKILL_RADAR.md",
24
28
  "docs/MEMORY_BRAIN.md",
@@ -28,6 +32,7 @@
28
32
  "docs/RUNTIME_EVIDENCE.md",
29
33
  "docs/RESOURCE_GOVERNANCE.md",
30
34
  "docs/start",
35
+ "image",
31
36
  "examples/demo-projects/agent-governance-demo"
32
37
  ],
33
38
  "publishConfig": {
@@ -36,7 +41,7 @@
36
41
  "scripts": {
37
42
  "build": "tsc",
38
43
  "dev": "bun --watch src/api/cli.ts",
39
- "test": "vitest",
44
+ "test": "vitest run --reporter dot --pool=forks --poolOptions.forks.maxForks=1 --poolOptions.forks.minForks=1",
40
45
  "typecheck": "tsc --noEmit",
41
46
  "lint": "eslint src/**/*.ts",
42
47
  "mcp": "node dist/api/mcp.js",