npm - @hongmaple0820/scale-engine - Versions diffs - 0.24.0 → 0.26.0 - Mend

@hongmaple0820/scale-engine 0.24.0 → 0.26.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (155) hide show

package/LICENSE +15 -15
package/README.en.md +336 -304
package/README.md +500 -475
package/dist/adapters/AiderAdapter.js +52 -52
package/dist/adapters/AntigravityAdapter.d.ts +4 -0
package/dist/adapters/AntigravityAdapter.js +21 -0
package/dist/adapters/AntigravityAdapter.js.map +1 -0
package/dist/adapters/ClaudeCodeAdapter.d.ts +4 -1
package/dist/adapters/ClaudeCodeAdapter.js +34 -34
package/dist/adapters/ClaudeCodeAdapter.js.map +1 -1
package/dist/adapters/ClineAdapter.d.ts +4 -0
package/dist/adapters/ClineAdapter.js +20 -0
package/dist/adapters/ClineAdapter.js.map +1 -0
package/dist/adapters/CodexAdapter.js +28 -28
package/dist/adapters/CursorAdapter.js +26 -26
package/dist/adapters/DeepSeekTuiAdapter.js +97 -97
package/dist/adapters/DoubaoAdapter.js +33 -33
package/dist/adapters/GeminiAdapter.js +26 -26
package/dist/adapters/GenericProjectAgentAdapter.d.ts +29 -0
package/dist/adapters/GenericProjectAgentAdapter.js +204 -0
package/dist/adapters/GenericProjectAgentAdapter.js.map +1 -0
package/dist/adapters/HermesAdapter.js +26 -26
package/dist/adapters/JCodeAdapter.d.ts +4 -0
package/dist/adapters/JCodeAdapter.js +19 -0
package/dist/adapters/JCodeAdapter.js.map +1 -0
package/dist/adapters/KiloCodeAdapter.d.ts +4 -0
package/dist/adapters/KiloCodeAdapter.js +20 -0
package/dist/adapters/KiloCodeAdapter.js.map +1 -0
package/dist/adapters/KimiAdapter.js +32 -32
package/dist/adapters/KiroAdapter.js +26 -26
package/dist/adapters/OpenClawAdapter.js +26 -26
package/dist/adapters/OpenCodeAdapter.js +26 -26
package/dist/adapters/QCoderAdapter.js +26 -26
package/dist/adapters/QoderAdapter.d.ts +4 -0
package/dist/adapters/QoderAdapter.js +21 -0
package/dist/adapters/QoderAdapter.js.map +1 -0
package/dist/adapters/TraeAdapter.js +26 -26
package/dist/adapters/VSCAdapter.js +26 -26
package/dist/adapters/WindsurfAdapter.js +32 -32
package/dist/adapters/WorkBuddyAdapter.js +26 -26
package/dist/adapters/index.d.ts +5 -0
package/dist/adapters/index.js +15 -0
package/dist/adapters/index.js.map +1 -1
package/dist/api/cli.js +226 -48
package/dist/api/cli.js.map +1 -1
package/dist/api/doctor.js +10 -3
package/dist/api/doctor.js.map +1 -1
package/dist/api/quickstart.js +7 -1
package/dist/api/quickstart.js.map +1 -1
package/dist/artifact/sqliteStore.js +89 -89
package/dist/artifact/types.d.ts +1 -1
package/dist/cli/phaseCommands.js +45 -45
package/dist/context/AntiPatternRegistry.js +20 -20
package/dist/context/ContextBuilder.js +155 -155
package/dist/evolution/EvolutionEngine.js +31 -31
package/dist/evolution/EvolutionEvaluator.d.ts +2 -0
package/dist/evolution/EvolutionEvaluator.js +7 -1
package/dist/evolution/EvolutionEvaluator.js.map +1 -1
package/dist/fsm/FSMAgentBridge.js +11 -11
package/dist/hooks/HookGeneratorEnhanced.js +218 -218
package/dist/index.d.ts +1 -1
package/dist/index.js +2 -2
package/dist/index.js.map +1 -1
package/dist/knowledge/SQLiteKnowledgeBase.js +28 -28
package/dist/memory/MemoryBrain.d.ts +1 -0
package/dist/memory/MemoryBrain.js +55 -52
package/dist/memory/MemoryBrain.js.map +1 -1
package/dist/memory/MemoryFabric.d.ts +13 -1
package/dist/memory/MemoryFabric.js +35 -0
package/dist/memory/MemoryFabric.js.map +1 -1
package/dist/memory/MemoryProviders.d.ts +111 -0
package/dist/memory/MemoryProviders.js +385 -0
package/dist/memory/MemoryProviders.js.map +1 -0
package/dist/memory/index.d.ts +1 -0
package/dist/memory/index.js +1 -0
package/dist/memory/index.js.map +1 -1
package/dist/output/GovernanceDashboard.js +44 -44
package/dist/output/HTMLArtifactLayer.js +31 -31
package/dist/prompts/VibeTemplateGallery.js +121 -121
package/dist/skills/SkillDiscovery.js +12 -1
package/dist/skills/SkillDiscovery.js.map +1 -1
package/dist/skills/SkillRadar.js +20 -0
package/dist/skills/SkillRadar.js.map +1 -1
package/dist/skills/SkillRepository.d.ts +9 -1
package/dist/skills/SkillRepository.js +70 -0
package/dist/skills/SkillRepository.js.map +1 -1
package/dist/skills/routing/SkillPlanner.js +40 -40
package/dist/workflow/EngineeringStandards.js +62 -62
package/dist/workflow/GovernanceTemplatePacks.d.ts +1 -1
package/dist/workflow/GovernanceTemplatePacks.js +1990 -162
package/dist/workflow/GovernanceTemplatePacks.js.map +1 -1
package/dist/workflow/GovernanceTemplates.d.ts +2 -0
package/dist/workflow/GovernanceTemplates.js +1012 -1001
package/dist/workflow/GovernanceTemplates.js.map +1 -1
package/dist/workflow/ResourceGovernance.js +16 -16
package/dist/workflow/TaskArtifactScaffolder.js +10 -10
package/dist/workflow/UpgradeManager.d.ts +3 -2
package/dist/workflow/UpgradeManager.js +134 -49
package/dist/workflow/UpgradeManager.js.map +1 -1
package/dist/workflow/WorkspaceTopology.js +18 -15
package/dist/workflow/WorkspaceTopology.js.map +1 -1
package/docs/CODE_INTELLIGENCE.md +138 -138
package/docs/CONTEXT_BUDGET.md +81 -81
package/docs/EXTERNAL_REFERENCES.md +63 -0
package/docs/GITLAB_FLOW.md +125 -125
package/docs/GOVERNANCE_DASHBOARD.md +64 -64
package/docs/MEMORY_BRAIN.md +104 -104
package/docs/MEMORY_FABRIC.md +134 -107
package/docs/README.md +79 -68
package/docs/RUNTIME_EVIDENCE.md +101 -101
package/docs/SKILL-REPOSITORY.md +57 -0
package/docs/SKILL_RADAR.md +122 -115
package/docs/THIRD_PARTY_SKILLS.md +57 -0
package/docs/WORKFLOW_EVAL.md +151 -151
package/docs/guides/DEVELOPMENT_WORKFLOW.md +80 -0
package/docs/guides/GETTING_STARTED.md +50 -0
package/docs/start/README.md +78 -72
package/docs/start/agent-governance-demo.md +107 -107
package/docs/start/quickstart.md +137 -127
package/docs/start/workflow-upgrade.md +32 -8
package/docs/workflow/README.md +67 -0
package/docs/workflow/node-library.md +52 -0
package/docs/workflow/templates/api-contract.md +29 -0
package/docs/workflow/templates/architecture-review.md +23 -0
package/docs/workflow/templates/db-change-plan.md +20 -0
package/docs/workflow/templates/docs-impact.md +17 -0
package/docs/workflow/templates/e2e-plan.md +20 -0
package/docs/workflow/templates/explore.md +16 -0
package/docs/workflow/templates/github-actions-scale-preflight.yml +32 -0
package/docs/workflow/templates/mini-prd.md +16 -0
package/docs/workflow/templates/plan.md +37 -0
package/docs/workflow/templates/pre-push-scale-preflight.sh +8 -0
package/docs/workflow/templates/product-smoke.md +61 -0
package/docs/workflow/templates/reality-check.md +28 -0
package/docs/workflow/templates/resource-cleanup.md +17 -0
package/docs/workflow/templates/resource-impact.md +25 -0
package/docs/workflow/templates/review.md +12 -0
package/docs/workflow/templates/runtime.md +23 -0
package/docs/workflow/templates/security-review.md +26 -0
package/docs/workflow/templates/skill-evidence.md +33 -0
package/docs/workflow/templates/skill-plan.md +39 -0
package/docs/workflow/templates/spec.md +17 -0
package/docs/workflow/templates/standards-impact.md +28 -0
package/docs/workflow/templates/summary.md +16 -0
package/docs/workflow/templates/tasks.md +8 -0
package/docs/workflow/templates/ui-spec.md +29 -0
package/docs/workflow/templates/verification.md +20 -0
package/docs/workflow/templates/visual-review.md +20 -0
package/examples/demo-projects/agent-governance-demo/CONTEXT.md +14 -14
package/examples/demo-projects/agent-governance-demo/README.md +48 -48
package/examples/demo-projects/agent-governance-demo/docs/CONTEXT-MAP.md +14 -14
package/examples/demo-projects/agent-governance-demo/package.json +22 -21
package/examples/demo-projects/agent-governance-demo/src/oauth-state.ts +39 -39
package/examples/demo-projects/agent-governance-demo/tests/oauth-state.test.ts +52 -52
package/package.json +88 -75

package/docs/workflow/templates/plan.md ADDED Viewed

@@ -0,0 +1,37 @@
+# Plan - {{TASK_ID}}
+Date: {{DATE}}
+Level: {{LEVEL}}
+## Scope / Boundary
+- In scope:
+- Out of scope / non-goals:
+## Approach
+1. TBD
+2. TBD
+3. TBD
+## Exception / Failure Paths
+- Expected failure:
+- Error handling:
+- Manual recovery:
+## Rollback / Fallback
+- Rollback:
+- Fallback:
+- Disable path:
+## Acceptance Criteria
+- TBD
+## Verification
+- `make gate-quality`
+- `make verify PROFILE=default`
+- `git diff --check`

package/docs/workflow/templates/pre-push-scale-preflight.sh ADDED Viewed

@@ -0,0 +1,8 @@
+#!/usr/bin/env sh
+set -eu
+if command -v scale >/dev/null 2>&1; then
+  scale preflight --service all
+else
+  npx @hongmaple0820/scale-engine@latest preflight --service all
+fi

package/docs/workflow/templates/product-smoke.md ADDED Viewed

@@ -0,0 +1,61 @@
+# Product Smoke
+## Real Product Path
+Describe the smallest end-to-end path that proves the change works through the real product boundary.
+Example:
+```text
+UI or client -> gateway/router -> service -> database/storage/queue -> observable result
+```
+Do not use a green health endpoint as the only proof when the user-facing path depends on routing, authentication, storage, async tasks, browser behavior, or third-party integration.
+## Quick Setup
+1. Open `.scale/product-smoke.json`.
+2. Replace the example command with one real product path command.
+3. Set that probe's `enabled` field to `true`.
+4. Run `scale preflight --profile productSmoke --json`.
+5. Run `scale runtime final-check --level M --json`.
+`status: "skipped"` means no real product path was exercised. It does not count as completion evidence.
+## Setup
+- Base URL:
+- Test user or tenant:
+- Required fixtures:
+- Services that must be running:
+## Smoke Commands
+| Command | Expected Result | Evidence Artifact |
+| --- | --- | --- |
+| TBD | TBD | TBD |
+## Runtime Evidence
+Record at least one runtime evidence item:
+```bash
+scale runtime record \
+  --kind command \
+  --title "Product smoke: <flow>" \
+  --status passed \
+  --command "<exact smoke command>" \
+  --exit-code 0 \
+  --summary "<business result, task id, status, or observable output>" \
+  --artifacts ".agent/logs/<service>/<smoke>.json" \
+  --metadata-json '{"productSmoke":true,"realProductPath":true}'
+```
+## Assertions
+- [ ] Request crossed the real product boundary, not only an isolated unit.
+- [ ] Authentication or user identity path was exercised when relevant.
+- [ ] Persistence/storage/queue side effect was verified when relevant.
+- [ ] Async task or eventual state was polled to terminal status when relevant.
+- [ ] Failure output is specific enough to diagnose the failing layer.
+- [ ] Runtime artifacts are ignored or deliberately promoted according to resource governance.

package/docs/workflow/templates/reality-check.md ADDED Viewed

@@ -0,0 +1,28 @@
+# Reality Check - {{TASK_ID}}
+Date: {{DATE}}
+Level: {{LEVEL}}
+## Confirmed
+- TBD
+## Not Verified
+- TBD
+## Stub / Fake / Partial
+- TBD
+## Credential-Gated
+- TBD
+## Environment-Gated
+- TBD
+## User-Visible Risk
+- TBD

package/docs/workflow/templates/resource-cleanup.md ADDED Viewed

@@ -0,0 +1,17 @@
+# Resource Cleanup - {{TASK_ID}}
+Date: {{DATE}}
+Level: {{LEVEL}}
+## New Resources
+| Resource | Location | Keep / Move / Delete | Reason |
+| --- | --- | --- | --- |
+| TBD | TBD | TBD | TBD |
+## Docs Promotion
+- Promote to `docs/`:
+- Keep in `.planning/`:
+- Keep local under `.agent/`:
+- Delete before handoff:

package/docs/workflow/templates/resource-impact.md ADDED Viewed

@@ -0,0 +1,25 @@
+# Resource Impact
+## Resources Created
+| Path | Type | Git Policy | Retention |
+| --- | --- | --- | --- |
+| TBD | canonical-doc/task-artifact/evidence-report/temporary/reusable-script/generated-media/contract/decision-record | commit/ignore/lfs/external/review | TBD |
+## Resources Updated
+- TBD
+## Resources Promoted To Maintained Docs
+- TBD
+## Resources To Delete Or Archive Before Finish
+- TBD
+## Source Of Truth Updates
+- [ ] .scale/resource-policy.json
+- [ ] .scale/assets.json
+- [ ] docs/modules/<module>/README.md

package/docs/workflow/templates/review.md ADDED Viewed

@@ -0,0 +1,12 @@
+# Review - {{TASK_ID}}
+Date: {{DATE}}
+Level: {{LEVEL}}
+## Findings
+- TBD
+## Residual Risk
+- TBD

package/docs/workflow/templates/runtime.md ADDED Viewed

@@ -0,0 +1,23 @@
+# Runtime Contract - {{TASK_ID}}
+Date: {{DATE}}
+Level: {{LEVEL}}
+## Configuration Source
+- Source: TBD
+- Environment/profile: TBD
+- Local override file: TBD
+## Service Topology
+| Service | URL / Command | Config source | Auth mode | Status |
+| --- | --- | --- | --- | --- |
+| primary | TBD | TBD | TBD | Not checked |
+## Verification Boundary
+- Confirmed:
+- Not covered:
+- Requires external credentials:
+- Requires shared/cloud environment:

package/docs/workflow/templates/security-review.md ADDED Viewed

@@ -0,0 +1,26 @@
+# Security Review
+## Assets And Trust Boundaries
+TBD
+## Authorization Rules
+TBD
+## Abuse Cases
+1. TBD
+2. TBD
+3. TBD
+## Sensitive Data Impact
+TBD
+## Rollback Or Disable Strategy
+TBD
+## Final Verdict
+TBD

package/docs/workflow/templates/skill-evidence.md ADDED Viewed

@@ -0,0 +1,33 @@
+# Skill Evidence
+## Planned Skills
+- TBD
+## Tool Selection Rationale
+TBD
+## Used Skills
+| Skill | Phase | Trigger | Evidence | Status |
+| --- | --- | --- | --- | --- |
+| skill-id | plan/build/verify/review | why it was selected | command, screenshot, report, or artifact path | executed/skipped/fallback |
+## Browser Or Web Evidence
+| Tool | Target | Evidence | Result |
+| --- | --- | --- | --- |
+| web-access/agent-browser/Chrome DevTools MCP | URL or local target | screenshot, console log, network finding, source URL | passed/failed/skipped |
+## Desktop Or External CLI Evidence
+| Tool | Scope | Safety Boundary | Evidence | Result |
+| --- | --- | --- | --- | --- |
+| cua/codex/gemini/opencode/wps/wechat | command or app target | read-only/dry-run/test account/manual approval | output summary, screenshot, or report path | passed/failed/skipped |
+## Skipped Skills
+| Skill | Reason | Fallback Evidence |
+| --- | --- | --- |
+| skill-id | why it could not run | manual review, alternate command, or explicit risk |

package/docs/workflow/templates/skill-plan.md ADDED Viewed

@@ -0,0 +1,39 @@
+# Skill Plan
+## Detected Intents
+| Domain | Score | Evidence |
+| --- | ---: | --- |
+|  |  |  |
+## Required Skills
+- TBD
+## Recommended Skills
+- TBD
+## Required Artifacts
+- TBD
+## Required Verification Evidence
+- TBD
+## Tool Orchestration
+| Capability | Primary Tool Or Skill | Fallback | Required Evidence |
+| --- | --- | --- | --- |
+| UI/UX design | frontend-design, ui-ux-pro-max | awesome-design-md | design-system, ui-spec.md, visual-review.md |
+| Web research or logged-in pages | web-access | agent-browser, Chrome DevTools MCP | source citations, browser evidence |
+| Browser E2E | webapp-testing, Playwright | agent-browser, web-access | screenshot, console, network evidence |
+| Desktop GUI automation | CUA/computer-use | manual verification | desktop screenshot, operator-safety notes |
+| External agent CLI | codex/gemini/opencode CLI | manual review | version check, exact command output |
+## Skipped Skills
+| Skill | Reason | Fallback Evidence |
+| --- | --- | --- |
+|  |  |  |

package/docs/workflow/templates/spec.md ADDED Viewed

@@ -0,0 +1,17 @@
+# Spec - {{TASK_ID}}
+Date: {{DATE}}
+Level: {{LEVEL}}
+## What
+## Why
+## Boundaries
+## Acceptance Criteria
+- [ ]

package/docs/workflow/templates/standards-impact.md ADDED Viewed

@@ -0,0 +1,28 @@
+# Standards Impact
+## Standards Checked
+- [ ] Logging and redaction
+- [ ] Architecture boundaries
+- [ ] ORM/database access
+- [ ] Framework/component conventions
+- [ ] UI/UX acceptance where user-facing
+- [ ] Test and verification rigor
+- [ ] Security-sensitive inputs and outputs
+## Findings
+| Severity | Rule | Path | Decision |
+| --- | --- | --- | --- |
+| TBD | TBD | TBD | fix/accept/escalate |
+## Policy Updates
+- [ ] .scale/engineering-standards.json
+- [ ] .scale/frameworks.json
+- [ ] docs/standards/
+## Settlement
+- Standards scan:
+- Standards doctor:

package/docs/workflow/templates/summary.md ADDED Viewed

@@ -0,0 +1,16 @@
+# Summary - {{TASK_ID}}
+Date: {{DATE}}
+Level: {{LEVEL}}
+## What Changed
+- TBD
+## Verification Result
+- TBD
+## Follow-up
+- TBD

package/docs/workflow/templates/tasks.md ADDED Viewed

@@ -0,0 +1,8 @@
+# Tasks - {{TASK_ID}}
+Date: {{DATE}}
+Level: {{LEVEL}}
+## Task List
+- [ ]

package/docs/workflow/templates/ui-spec.md ADDED Viewed

@@ -0,0 +1,29 @@
+# UI Spec
+## User Goal
+TBD
+## Primary Flow
+TBD
+## Interaction States
+- Default:
+- Loading:
+- Empty:
+- Error:
+- Success:
+## Responsive Behavior
+TBD
+## Accessibility Requirements
+TBD
+## Acceptance Criteria
+- [ ] TBD

package/docs/workflow/templates/verification.md ADDED Viewed

@@ -0,0 +1,20 @@
+# Verification - {{TASK_ID}}
+Date: {{DATE}}
+Level: {{LEVEL}}
+## Commands Run
+- TBD
+## Passed
+- TBD
+## Failed / Blocked
+- TBD
+## Not Run
+- TBD

package/docs/workflow/templates/visual-review.md ADDED Viewed

@@ -0,0 +1,20 @@
+# Visual Review
+## Screenshots Or Evidence
+TBD
+## Layout And Responsiveness
+TBD
+## Text Fit And Overlap
+TBD
+## Accessibility Notes
+TBD
+## Final Verdict
+TBD

package/examples/demo-projects/agent-governance-demo/CONTEXT.md CHANGED Viewed

@@ -1,14 +1,14 @@
-# CONTEXT.md
-Project: Agent Governance Demo
-| Term | Definition | Examples | Aliases | Source |
-|------|------------|----------|---------|--------|
-| OAuth state | One-time callback correlation value that binds authorization return traffic to a user session | `state-123` | callback state | `src/oauth-state.ts` |
-| Consumed state | A state record that has already been used and must not be accepted again | `consumedAt: 900` | replayed state | `tests/oauth-state.test.ts` |
-| Evidence | A command result or artifact that proves what was verified | `npm test`, eval report, dashboard | verification proof | SCALE workflow |
-## Rejected Meanings
-- Do not treat an expired state as recoverable without a new authorization flow.
-- Do not treat a dashboard or eval report as a substitute for the business test.
+# CONTEXT.md
+Project: Agent Governance Demo
+| Term | Definition | Examples | Aliases | Source |
+|------|------------|----------|---------|--------|
+| OAuth state | One-time callback correlation value that binds authorization return traffic to a user session | `state-123` | callback state | `src/oauth-state.ts` |
+| Consumed state | A state record that has already been used and must not be accepted again | `consumedAt: 900` | replayed state | `tests/oauth-state.test.ts` |
+| Evidence | A command result or artifact that proves what was verified | `npm test`, eval report, dashboard | verification proof | SCALE workflow |
+## Rejected Meanings
+- Do not treat an expired state as recoverable without a new authorization flow.
+- Do not treat a dashboard or eval report as a substitute for the business test.

package/examples/demo-projects/agent-governance-demo/README.md CHANGED Viewed

@@ -1,48 +1,48 @@
-# Agent Governance Demo
-这是 SCALE Engine 的最小官方 demo 项目，用一个 OAuth state 校验场景展示 Agent 工程治理如何落到真实代码、测试、证据和报告里。
-业务目标很小：OAuth callback 必须拒绝缺失、过期、已消费或不匹配的 state。
-治理目标更重要：Agent 不能只说“我完成了”，必须留下可验证证据。
-## 快速运行
-```bash
-npm install
-npm test
-```
-## 一键治理烟测
-```bash
-npm run workflow:smoke
-```
-这个命令会依次运行：
-- `npm test`：验证业务行为。
-- `scale eval run --dir .`：运行工作流基线评测。
-- `scale context budget --dir .`：检查上下文预算，避免无节制读取。
-- `scale artifact dashboard --dir . --lang zh`：生成本地治理 HTML 看板。
-## 适合演示的 SCALE 命令
-```bash
-scale governance mode --task "修复 OAuth state 校验绕过问题" --files "src/oauth-state.ts,tests/oauth-state.test.ts"
-scale skill radar --dir . --task "修复 OAuth state 校验绕过问题" --phase verify --level M --files "src/oauth-state.ts,tests/oauth-state.test.ts"
-scale codegraph status --dir .
-scale eval run --dir .
-scale artifact dashboard --dir . --lang zh
-```
-## 观察点
-- `src/oauth-state.ts` 保持很小，便于核对 Agent 是否过度设计。
-- `tests/oauth-state.test.ts` 覆盖成功、缺失、过期、已消费和不匹配 state。
-- `CONTEXT.md` 和 `docs/CONTEXT-MAP.md` 只提供必要上下文，避免 demo 自己变成 token 污染源。
-- `.scale/evals/suites/workflow-baseline.json` 可由 `scale eval init --dir .` 重新生成。
-## 这不是业务模板
-这个 demo 不是 OAuth 产品模板，而是治理闭环模板。真实项目接入时，应保留 SCALE 的证据、评测、上下文预算和看板机制，再替换成自己的业务代码、服务矩阵和验证脚本。
+# Agent Governance Demo
+这是 SCALE Engine 的最小官方 demo 项目，用一个 OAuth state 校验场景展示 Agent 工程治理如何落到真实代码、测试、证据和报告里。
+业务目标很小：OAuth callback 必须拒绝缺失、过期、已消费或不匹配的 state。
+治理目标更重要：Agent 不能只说“我完成了”，必须留下可验证证据。
+## 快速运行
+```bash
+npm install
+npm test
+```
+## 一键治理烟测
+```bash
+npm run workflow:smoke
+```
+这个命令会依次运行：
+- `npm test`：验证业务行为。
+- `scale eval run --dir .`：运行工作流基线评测。
+- `scale context budget --dir .`：检查上下文预算，避免无节制读取。
+- `scale artifact dashboard --dir . --lang zh`：生成本地治理 HTML 看板。
+## 适合演示的 SCALE 命令
+```bash
+scale governance mode --task "修复 OAuth state 校验绕过问题" --files "src/oauth-state.ts,tests/oauth-state.test.ts"
+scale skill radar --dir . --task "修复 OAuth state 校验绕过问题" --phase verify --level M --files "src/oauth-state.ts,tests/oauth-state.test.ts"
+scale codegraph status --dir .
+scale eval run --dir .
+scale artifact dashboard --dir . --lang zh
+```
+## 观察点
+- `src/oauth-state.ts` 保持很小，便于核对 Agent 是否过度设计。
+- `tests/oauth-state.test.ts` 覆盖成功、缺失、过期、已消费和不匹配 state。
+- `CONTEXT.md` 和 `docs/CONTEXT-MAP.md` 只提供必要上下文，避免 demo 自己变成 token 污染源。
+- `.scale/evals/suites/workflow-baseline.json` 可由 `scale eval init --dir .` 重新生成。
+## 这不是业务模板
+这个 demo 不是 OAuth 产品模板，而是治理闭环模板。真实项目接入时，应保留 SCALE 的证据、评测、上下文预算和看板机制，再替换成自己的业务代码、服务矩阵和验证脚本。

package/examples/demo-projects/agent-governance-demo/docs/CONTEXT-MAP.md CHANGED Viewed

@@ -1,14 +1,14 @@
-# CONTEXT-MAP.md
-Project: Agent Governance Demo
-| Module | Owner | Product Doc | Architecture Doc |
-| --- | --- | --- | --- |
-| OAuth state verifier | SCALE demo | `README.md` | `src/oauth-state.ts` |
-| Workflow evidence | SCALE demo | `README.md` | `.scale/evals/suites/workflow-baseline.json` |
-## Cross-Module Rules
-- Behavior changes in `src/oauth-state.ts` must update `tests/oauth-state.test.ts`.
-- Workflow command changes must update `README.md`.
-- Generated reports under `.scale/reports/` are review artifacts, not source of truth.
+# CONTEXT-MAP.md
+Project: Agent Governance Demo
+| Module | Owner | Product Doc | Architecture Doc |
+| --- | --- | --- | --- |
+| OAuth state verifier | SCALE demo | `README.md` | `src/oauth-state.ts` |
+| Workflow evidence | SCALE demo | `README.md` | `.scale/evals/suites/workflow-baseline.json` |
+## Cross-Module Rules
+- Behavior changes in `src/oauth-state.ts` must update `tests/oauth-state.test.ts`.
+- Workflow command changes must update `README.md`.
+- Generated reports under `.scale/reports/` are review artifacts, not source of truth.

package/examples/demo-projects/agent-governance-demo/package.json CHANGED Viewed

@@ -1,21 +1,22 @@
-{
-  "name": "scale-agent-governance-demo",
-  "version": "0.1.0",
-  "private": true,
-  "type": "module",
-  "scripts": {
-    "build": "tsc --noEmit --module NodeNext --moduleResolution NodeNext --target ES2022 src/oauth-state.ts tests/oauth-state.test.ts",
-    "lint": "tsc --noEmit --module NodeNext --moduleResolution NodeNext --target ES2022 src/oauth-state.ts tests/oauth-state.test.ts",
-    "test": "vitest run",
-    "scale:eval": "scale eval run --dir .",
-    "scale:budget": "scale context budget --dir .",
-    "scale:dashboard": "scale artifact dashboard --dir . --lang zh",
-    "workflow:smoke": "npm test && npm run scale:eval && npm run scale:budget && npm run scale:dashboard"
-  },
-  "devDependencies": {
-    "@hongmaple0820/scale-engine": "^0.20.0",
-    "typescript": "^5.5.0",
-    "vitest": "^2.1.9"
-  }
-}
+{
+  "name": "scale-agent-governance-demo",
+  "version": "0.1.0",
+  "private": true,
+  "type": "module",
+  "scripts": {
+    "build": "tsc --noEmit --module NodeNext --moduleResolution NodeNext --target ES2022 src/oauth-state.ts tests/oauth-state.test.ts",
+    "lint": "tsc --noEmit --module NodeNext --moduleResolution NodeNext --target ES2022 src/oauth-state.ts tests/oauth-state.test.ts",
+    "test": "vitest run",
+    "scale:eval": "scale eval run --dir .",
+    "scale:budget": "scale context budget --dir .",
+    "scale:dashboard": "scale artifact dashboard --dir . --lang zh",
+    "workflow:smoke": "npm test && npm run scale:eval && npm run scale:budget && npm run scale:dashboard"
+  },
+  "devDependencies": {
+    "@hongmaple0820/scale-engine": "^0.20.0",
+    "@types/node": "^20.14.0",
+    "typescript": "^5.5.0",
+    "vitest": "^2.1.9"
+  }
+}