@hupan56/wlkj 2.2.4 → 2.2.5

package/templates/qoder/scripts/team_sync.py

@@ -1,439 +1,439 @@
-#!/usr/bin/env python3
-# -*- coding: utf-8 -*-
-"""
-QODER Team Sync - 无感 git 同步引擎
-
-产品经理完全不需要懂 git。所有 /wl- 命令在产出文件后自动调用本脚本，
-把"我的产出"同步到团队仓库，并拉取别人的最新产出。
-
-Usage:
-  python team_sync.py pull              # 拉取团队最新 (会话开始/init 时)
-  python team_sync.py push [-m "msg"]   # 提交并推送我的产出 (发布动作后)
-  python team_sync.py status            # 查看同步状态 (落后/领先多少)
-
-设计原则 (避免冲突 > 解决冲突):
-  - 只 stage 协作产出区: workspace/ + data/docs/ (+ data/index/ 周五更新时)
-  - 个人产出天然隔离: 每人只写 workspace/members/{自己}/
-  - REQ 编号唯一 -> specs/prd/ 文件名不冲突
-  - push 前 pull --rebase --autostash, 失败自动重试 3 次
-  - rebase 冲突时: 中止 rebase 保留本地提交, 输出 SYNC_CONFLICT 标记
-    (AI 看到标记后负责解决冲突, 人类用户永远不需要碰 git)
-
-Exit codes: 0 = ok, 1 = error, 3 = conflict needs AI resolution
-"""
-
-import os
-import sys
-import subprocess
-from datetime import datetime
-
-if sys.platform == 'win32':
-    try:
-        sys.stdout.reconfigure(encoding='utf-8')
-    except (AttributeError, IOError):
-        pass
-
-sys.path.insert(0, os.path.dirname(os.path.abspath(__file__)))
-from common.paths import get_repo_root, get_developer
-from common.filelock import FileLock, LockTimeoutError
-from syncgate import run_gates, SAFE_EXTENSIONS
-
-BASE = str(get_repo_root())
-
-# 协作产出区: 自动同步只碰这些路径, 永远不动 .qoder/ 引擎和源码区
-SYNC_SCOPES = ['workspace', 'data/docs', 'data/index']
-
-PULL_MARKER = os.path.join(BASE, '.qoder', '.runtime', 'last-pull')
-PUSH_LOCK = os.path.join(BASE, '.qoder', '.runtime', 'team-sync.lock')
-
-MAX_PUSH_RETRY = 3
-
-
-def git(*args, check=False):
-    """git 命令包装。git 未安装时返回 rc=127 的伪结果, 不崩溃。"""
-    try:
-        r = subprocess.run(['git'] + list(args), cwd=BASE, capture_output=True,
-                           text=True, encoding='utf-8', errors='replace')
-    except FileNotFoundError:
-        # git 未安装 — 返回伪 CompletedProcess, 让上层把"无 git"当"无远端/无仓库"处理
-        import types
-        r = types.SimpleNamespace(returncode=127, stdout='', stderr='git not installed',
-                                  encoding='utf-8')
-    if check and r.returncode != 0:
-        print('git {} failed: {}'.format(' '.join(args), r.stderr.strip()[:300]))
-    return r
-
-
-def current_branch():
-    r = git('rev-parse', '--abbrev-ref', 'HEAD')
-    return r.stdout.strip() if r.returncode == 0 else None
-
-
-def has_remote():
-    r = git('remote')
-    return 'origin' in r.stdout.split()
-
-
-def rebase_in_progress():
-    return os.path.isdir(os.path.join(BASE, '.git', 'rebase-merge')) or \
-           os.path.isdir(os.path.join(BASE, '.git', 'rebase-apply'))
-
-
-def touch_pull_marker():
-    os.makedirs(os.path.dirname(PULL_MARKER), exist_ok=True)
-    with open(PULL_MARKER, 'w', encoding='utf-8') as f:
-        f.write(datetime.now().isoformat())
-
-
-def _notify_prd_publications(staged_files):
-    """D2: 检测 staged 里的 PRD 发布, 推飞书通知。
-
-    PRD 路径模式: data/docs/prd/REQ-*.md 或 workspace/specs/prd/REQ-*.md
-    只对"新增"的 PRD 推送 (修改已有 PRD 不通知, 避免噪音)。
-    """
-    import re as _re
-    try:
-        from common.feishu import notify_prd_published, is_enabled
-    except ImportError:
-        return
-    if not is_enabled('prd_published'):
-        return
-
-    req_pattern = _re.compile(r'REQ-(\d{4})-(\d{3,4})', _re.IGNORECASE)
-    published = []
-    for f in staged_files:
-        norm = f.replace('\\', '/').lower()
-        if '/prd/' not in norm:
-            continue
-        if not f.lower().endswith('.md'):
-            continue
-        base = os.path.basename(f)
-        m = req_pattern.search(base)
-        if not m:
-            continue
-        req_id = 'REQ-{}-{:03d}'.format(m.group(1), int(m.group(2)))
-        # 提取标题 (从文件第一行)
-        title = base
-        try:
-            full = os.path.join(BASE, f) if not os.path.isabs(f) else f
-            if os.path.isfile(full):
-                with open(full, encoding='utf-8', errors='replace') as fh:
-                    for line in fh:
-                        line = line.strip().lstrip('#').strip()
-                        if line:
-                            title = line[:60]
-                            break
-        except Exception:
-            pass
-        published.append((req_id, title))
-
-    for req_id, title in published:
-        try:
-            notify_prd_published(req_id, title, eval_pct=None)
-        except Exception:
-            pass
-
-
-def report_conflict(stderr):
-    """rebase 冲突: 中止并输出结构化标记, 由会话中的 AI 接手解决"""
-    if rebase_in_progress():
-        r = git('rebase', '--abort')
-        if r.returncode != 0:
-            print('WARNING: rebase --abort 失败 (rc={}): {}'.format(r.returncode, (r.stderr or '').strip()[:120]))
-            print('仓库可能处于半 rebase 状态。AI 请手动跑: git rebase --abort')
-    print('SYNC_CONFLICT: 自动同步遇到冲突, 已安全回退 (本地产出未丢失)。')
-    branch = current_branch()
-    print('AI 请按以下步骤解决冲突:')
-    print('  1. git status                              # 看哪些文件冲突')
-    print('  2. git pull --rebase origin {}             # 重新拉取'.format(branch))
-    print('  3. 编辑冲突文件 (<<<<<<< 标记处), 保留双方改动')
-    print('  4. git add <解决后的文件>                  # 标记已解决')
-    print('  5. git rebase --continue                   # 继续 rebase')
-    print('  6. git push                                # 推送')
-    print('冲突详情: ' + stderr.strip()[:300])
-    return 3
-
-
-def do_pull(quiet=False):
-    """拉取团队最新。安全: autostash 保护未提交改动。"""
-    if rebase_in_progress():
-        print('SYNC_CONFLICT: 仓库处于未完成的 rebase 状态, AI 请先处理 (git rebase --abort 或 --continue)。')
-        return 3
-    if not has_remote():
-        if not quiet:
-            print('No remote configured - local-only mode, skip pull.')
-        touch_pull_marker()
-        return 0
-
-    branch = current_branch()
-    if not branch or branch == 'HEAD':
-        print('ERROR: detached HEAD or no branch - AI please check.')
-        return 1
-
-    r = git('pull', '--rebase', '--autostash', 'origin', branch)
-    if r.returncode != 0:
-        if 'CONFLICT' in (r.stdout + r.stderr) or rebase_in_progress():
-            return report_conflict(r.stderr or r.stdout)
-        print('Pull failed (network/remote?): ' + (r.stderr or r.stdout).strip()[:200])
-        print('继续离线工作, 产出不会丢失, 下次同步会自动补推。')
-        return 1
-
-    touch_pull_marker()
-    out = (r.stdout or '').strip()
-    if not quiet:
-        if 'up to date' in out.lower() or 'up-to-date' in out.lower():
-            print('Already up to date.')
-        else:
-            print('Pulled latest from team.')
-    return 0
-
-
-def summarize_changes():
-    """生成人类可读的提交摘要 (基于 staged 文件)"""
-    r = git('diff', '--cached', '--name-only')
-    files = [f for f in r.stdout.strip().splitlines() if f.strip()]
-    if not files:
-        return None, 0
-    cats = {'prd': 0, 'prototype': 0, 'task': 0, 'journal': 0, 'index': 0, 'other': 0}
-    for f in files:
-        fl = f.lower()
-        if 'prototype' in fl and fl.endswith('.html'):
-            cats['prototype'] += 1
-        elif '/prd/' in fl or fl.split('/')[-1].startswith(('req-', 'prd-')):
-            cats['prd'] += 1
-        elif '/tasks/' in fl:
-            cats['task'] += 1
-        elif '/journal/' in fl:
-            cats['journal'] += 1
-        elif 'data/index/' in fl:
-            cats['index'] += 1
-        else:
-            cats['other'] += 1
-    parts = []
-    label = {'prd': 'PRD', 'prototype': '原型', 'task': '任务', 'journal': '日志',
-             'index': '索引', 'other': '其他'}
-    for k, v in cats.items():
-        if v:
-            parts.append('{}x{}'.format(label[k], v))
-    return ' '.join(parts), len(files)
-
-
-def _stage_scopes_safely(skip_secret=False):
-    """用 allowlist 替代危险的 git add -A。
-
-    只 stage SYNC_SCOPES 下、扩展名在 SAFE_EXTENSIONS 里的文件。
-    其他文件 (如误放的 .env/.zip/.docx) 被跳过并打印警告。
-
-    Returns:
-        (staged_count, skipped_files)
-    """
-    staged = 0
-    skipped = []
-    for scope in SYNC_SCOPES:
-        scope_path = os.path.join(BASE, scope)
-        if not os.path.isdir(scope_path):
-            continue
-        # 用 git ls-files 拿已跟踪的 + git status 拿未跟踪的, 逐个判断扩展名
-        # 已跟踪文件: 直接 add (它们已经在版本控制, 不可能是新秘密)
-        r = git('ls-files', '--', scope)
-        tracked = [f for f in r.stdout.strip().splitlines() if f.strip()]
-        for f in tracked:
-            git('add', '--', f)
-            staged += 1
-        # 未跟踪的新文件: 按扩展名过滤
-        r = git('status', '--porcelain', '--', scope)
-        for line in r.stdout.strip().splitlines():
-            if not line.strip():
-                continue
-            # porcelain 格式: "XY filepath" (XY 是 2 字符状态)
-            status = line[:2]
-            fpath = line[3:]
-            if status[0] == '?' or status[1] == '?':  # 未跟踪
-                ext = os.path.splitext(fpath)[1].lower()
-                if ext in SAFE_EXTENSIONS:
-                    git('add', '--', fpath)
-                    staged += 1
-                else:
-                    skipped.append(fpath)
-            elif 'D' not in status:
-                # 修改/重命名等 (非删除) —— 已跟踪, 直接 add
-                # 重命名格式 "R  old -> new", 取 new
-                if '->' in fpath:
-                    fpath = fpath.split('->')[-1].strip().strip('"')
-                git('add', '--', fpath)
-                staged += 1
-    if skipped:
-        print('[gate] 跳过 {} 个非白名单文件 (可能含二进制/秘密, 手动处理):'.format(len(skipped)))
-        for s in skipped[:10]:
-            print('  ' + s)
-    return staged, skipped
-
-
-def do_push(message=None, skip_eval=False, skip_secret=False):
-    """提交我的产出并推送。零信任门禁 + 文件锁 + rebase 重试。
-
-    门禁 (任一失败则拒绝 commit/push):
-      1. 身份强制 (已注册 + 有本地密钥)
-      2. git 作者与注册身份一致
-      3. 秘密扫描 (AWS/GitHub/私钥/密码)
-      4. EVA PRD 质量门禁 (>=80%)
-    """
-    if rebase_in_progress():
-        print('SYNC_CONFLICT: 仓库处于未完成的 rebase 状态, AI 请先处理。')
-        return 3
-
-    dev = get_developer()
-
-    # === 文件锁: 串行化 push, 避免并发 stage/commit 交叉 ===
-    os.makedirs(os.path.dirname(PUSH_LOCK), exist_ok=True)
-    try:
-        lock_ctx = FileLock(PUSH_LOCK, timeout=60, stale_seconds=300)
-        lock_ctx.acquire()
-    except LockTimeoutError as e:
-        print('SYNC_BUSY: 另一个同步正在进行, 等待超时。稍后重试。')
-        print('  ' + str(e))
-        return 2  # lock contention
-
-    try:
-        return _do_push_locked(message, dev, skip_eval, skip_secret)
-    finally:
-        lock_ctx.release()
-
-
-def _do_push_locked(message, dev, skip_eval, skip_secret):
-    """锁内的实际 push 逻辑。"""
-    # 1. allowlist staging
-    staged_count, skipped = _stage_scopes_safely(skip_secret)
-
-    # 2. 取 staged 文件清单 (给门禁用)
-    r = git('diff', '--cached', '--name-only')
-    staged_files = [f for f in r.stdout.strip().splitlines() if f.strip()]
-
-    summary, count = summarize_changes()
-
-    # 3. 零信任门禁 (只在有东西要提交时才跑, 避免空提交报错)
-    if staged_files:
-        passed, reason = run_gates(
-            staged_files, dev, BASE,
-            skip_eval=skip_eval, skip_secret=skip_secret,
-        )
-        if not passed:
-            print(reason)
-            # 撤销 staging (用户修完再来)
-            rr = git('reset', 'HEAD', '--')
-            if rr.returncode != 0:
-                print('WARNING: 门禁失败后 git reset 失败, staged 文件可能仍暂存!')
-                print('  请手动跑: git reset HEAD --')
-            return 1
-
-    # 4. commit
-    if summary:
-        msg = message or '[wl-sync] {}: {}'.format(dev or 'unknown', summary)
-        r = git('commit', '-m', msg)
-        if r.returncode != 0:
-            print('Commit failed: ' + (r.stderr or r.stdout).strip()[:200])
-            return 1
-        print('Committed {} files: {}'.format(count, msg))
-    else:
-        print('Nothing new to commit.')
-
-    if not has_remote():
-        print('No remote configured - committed locally only.')
-        return 0
-
-    branch = current_branch()
-    if not branch or branch == 'HEAD':
-        print('ERROR: detached HEAD - AI please check.')
-        return 1
-
-    # 5. 检查是否有待推送的提交
-    git('fetch', 'origin', branch)
-    r = git('rev-list', '--count', 'origin/{}..HEAD'.format(branch))
-    ahead = int(r.stdout.strip() or 0) if r.returncode == 0 else 1
-    if ahead == 0:
-        print('Already in sync with team.')
-        touch_pull_marker()
-        return 0
-
-    # 6. pull --rebase + push, 失败重试
-    for attempt in range(1, MAX_PUSH_RETRY + 1):
-        r = git('pull', '--rebase', '--autostash', 'origin', branch)
-        if r.returncode != 0:
-            if 'CONFLICT' in (r.stdout + r.stderr) or rebase_in_progress():
-                return report_conflict(r.stderr or r.stdout)
-            # 非冲突的 pull 失败 (网络/auth/fetch 拒绝): 不往下 push (仓库可能处于
-            # 半 rebase 状态), 重试本循环
-            print('Pull failed (attempt {}): {}'.format(attempt, (r.stderr or r.stdout).strip()[:150]))
-            if rebase_in_progress():
-                # 兜底: 万一 pull 留下了未完成的 rebase, abort 掉防仓库损坏
-                git('rebase', '--abort')
-            continue
-
-        r = git('push', 'origin', branch)
-        if r.returncode == 0:
-            touch_pull_marker()
-            print('Synced to team. (attempt {})'.format(attempt))
-            # D2: 检测 PRD 发布并推飞书通知
-            _notify_prd_publications(staged_files)
-            return 0
-        if attempt < MAX_PUSH_RETRY:
-            print('Push rejected (someone pushed first?), retrying...')
-
-    print('Push failed after {} attempts: 产出已本地提交不会丢失, 下次同步自动补推。'.format(MAX_PUSH_RETRY))
-    return 1
-
-
-def do_status():
-    branch = current_branch()
-    print('Branch: {}'.format(branch))
-    print('Developer: {}'.format(get_developer() or 'NOT SET'))
-
-    if not has_remote():
-        print('Remote: none (local-only mode)')
-        return 0
-
-    git('fetch', 'origin', branch)
-    r = git('rev-list', '--left-right', '--count', 'origin/{}...HEAD'.format(branch))
-    if r.returncode == 0 and r.stdout.strip():
-        behind, ahead = r.stdout.split()
-        print('Ahead (待推送): {}, Behind (待拉取): {}'.format(ahead, behind))
-
-    r = git('status', '--short', '--', *SYNC_SCOPES)
-    dirty = [l for l in r.stdout.strip().splitlines() if l.strip()]
-    print('未同步的本地产出: {} 个文件'.format(len(dirty)))
-    for l in dirty[:10]:
-        print('  ' + l)
-
-    if os.path.isfile(PULL_MARKER):
-        with open(PULL_MARKER, encoding='utf-8') as f:
-            print('Last pull: ' + f.read().strip())
-    return 0
-
-
-def main():
-    args = sys.argv[1:]
-    cmd = args[0] if args else 'status'
-    message = None
-    if '-m' in args:
-        i = args.index('-m')
-        if i + 1 < len(args):
-            message = args[i + 1]
-    skip_eval = '--skip-eval' in args
-    skip_secret = '--skip-secret' in args
-
-    if not os.path.isdir(os.path.join(BASE, '.git')):
-        print('Not a git repository - skip sync.')
-        return 0
-
-    if cmd == 'pull':
-        return do_pull()
-    if cmd == 'push':
-        return do_push(message, skip_eval=skip_eval, skip_secret=skip_secret)
-    if cmd == 'status':
-        return do_status()
-    print('Usage: team_sync.py pull|push|status [-m "message"] [--skip-eval] [--skip-secret]')
-    return 1
-
-
-if __name__ == '__main__':
-    sys.exit(main())
+#!/usr/bin/env python3
+# -*- coding: utf-8 -*-
+"""
+QODER Team Sync - 无感 git 同步引擎
+
+产品经理完全不需要懂 git。所有 /wl- 命令在产出文件后自动调用本脚本，
+把"我的产出"同步到团队仓库，并拉取别人的最新产出。
+
+Usage:
+  python team_sync.py pull              # 拉取团队最新 (会话开始/init 时)
+  python team_sync.py push [-m "msg"]   # 提交并推送我的产出 (发布动作后)
+  python team_sync.py status            # 查看同步状态 (落后/领先多少)
+
+设计原则 (避免冲突 > 解决冲突):
+  - 只 stage 协作产出区: workspace/ + data/docs/ (+ data/index/ 周五更新时)
+  - 个人产出天然隔离: 每人只写 workspace/members/{自己}/
+  - REQ 编号唯一 -> specs/prd/ 文件名不冲突
+  - push 前 pull --rebase --autostash, 失败自动重试 3 次
+  - rebase 冲突时: 中止 rebase 保留本地提交, 输出 SYNC_CONFLICT 标记
+    (AI 看到标记后负责解决冲突, 人类用户永远不需要碰 git)
+
+Exit codes: 0 = ok, 1 = error, 3 = conflict needs AI resolution
+"""
+
+import os
+import sys
+import subprocess
+from datetime import datetime
+
+if sys.platform == 'win32':
+    try:
+        sys.stdout.reconfigure(encoding='utf-8')
+    except (AttributeError, IOError):
+        pass
+
+sys.path.insert(0, os.path.dirname(os.path.abspath(__file__)))
+from common.paths import get_repo_root, get_developer
+from common.filelock import FileLock, LockTimeoutError
+from syncgate import run_gates, SAFE_EXTENSIONS
+
+BASE = str(get_repo_root())
+
+# 协作产出区: 自动同步只碰这些路径, 永远不动 .qoder/ 引擎和源码区
+SYNC_SCOPES = ['workspace', 'data/docs', 'data/index']
+
+PULL_MARKER = os.path.join(BASE, '.qoder', '.runtime', 'last-pull')
+PUSH_LOCK = os.path.join(BASE, '.qoder', '.runtime', 'team-sync.lock')
+
+MAX_PUSH_RETRY = 3
+
+
+def git(*args, check=False):
+    """git 命令包装。git 未安装时返回 rc=127 的伪结果, 不崩溃。"""
+    try:
+        r = subprocess.run(['git'] + list(args), cwd=BASE, capture_output=True,
+                           text=True, encoding='utf-8', errors='replace')
+    except FileNotFoundError:
+        # git 未安装 — 返回伪 CompletedProcess, 让上层把"无 git"当"无远端/无仓库"处理
+        import types
+        r = types.SimpleNamespace(returncode=127, stdout='', stderr='git not installed',
+                                  encoding='utf-8')
+    if check and r.returncode != 0:
+        print('git {} failed: {}'.format(' '.join(args), r.stderr.strip()[:300]))
+    return r
+
+
+def current_branch():
+    r = git('rev-parse', '--abbrev-ref', 'HEAD')
+    return r.stdout.strip() if r.returncode == 0 else None
+
+
+def has_remote():
+    r = git('remote')
+    return 'origin' in r.stdout.split()
+
+
+def rebase_in_progress():
+    return os.path.isdir(os.path.join(BASE, '.git', 'rebase-merge')) or \
+           os.path.isdir(os.path.join(BASE, '.git', 'rebase-apply'))
+
+
+def touch_pull_marker():
+    os.makedirs(os.path.dirname(PULL_MARKER), exist_ok=True)
+    with open(PULL_MARKER, 'w', encoding='utf-8') as f:
+        f.write(datetime.now().isoformat())
+
+
+def _notify_prd_publications(staged_files):
+    """D2: 检测 staged 里的 PRD 发布, 推飞书通知。
+
+    PRD 路径模式: data/docs/prd/REQ-*.md 或 workspace/specs/prd/REQ-*.md
+    只对"新增"的 PRD 推送 (修改已有 PRD 不通知, 避免噪音)。
+    """
+    import re as _re
+    try:
+        from common.feishu import notify_prd_published, is_enabled
+    except ImportError:
+        return
+    if not is_enabled('prd_published'):
+        return
+
+    req_pattern = _re.compile(r'REQ-(\d{4})-(\d{3,4})', _re.IGNORECASE)
+    published = []
+    for f in staged_files:
+        norm = f.replace('\\', '/').lower()
+        if '/prd/' not in norm:
+            continue
+        if not f.lower().endswith('.md'):
+            continue
+        base = os.path.basename(f)
+        m = req_pattern.search(base)
+        if not m:
+            continue
+        req_id = 'REQ-{}-{:03d}'.format(m.group(1), int(m.group(2)))
+        # 提取标题 (从文件第一行)
+        title = base
+        try:
+            full = os.path.join(BASE, f) if not os.path.isabs(f) else f
+            if os.path.isfile(full):
+                with open(full, encoding='utf-8', errors='replace') as fh:
+                    for line in fh:
+                        line = line.strip().lstrip('#').strip()
+                        if line:
+                            title = line[:60]
+                            break
+        except Exception:
+            pass
+        published.append((req_id, title))
+
+    for req_id, title in published:
+        try:
+            notify_prd_published(req_id, title, eval_pct=None)
+        except Exception:
+            pass
+
+
+def report_conflict(stderr):
+    """rebase 冲突: 中止并输出结构化标记, 由会话中的 AI 接手解决"""
+    if rebase_in_progress():
+        r = git('rebase', '--abort')
+        if r.returncode != 0:
+            print('WARNING: rebase --abort 失败 (rc={}): {}'.format(r.returncode, (r.stderr or '').strip()[:120]))
+            print('仓库可能处于半 rebase 状态。AI 请手动跑: git rebase --abort')
+    print('SYNC_CONFLICT: 自动同步遇到冲突, 已安全回退 (本地产出未丢失)。')
+    branch = current_branch()
+    print('AI 请按以下步骤解决冲突:')
+    print('  1. git status                              # 看哪些文件冲突')
+    print('  2. git pull --rebase origin {}             # 重新拉取'.format(branch))
+    print('  3. 编辑冲突文件 (<<<<<<< 标记处), 保留双方改动')
+    print('  4. git add <解决后的文件>                  # 标记已解决')
+    print('  5. git rebase --continue                   # 继续 rebase')
+    print('  6. git push                                # 推送')
+    print('冲突详情: ' + stderr.strip()[:300])
+    return 3
+
+
+def do_pull(quiet=False):
+    """拉取团队最新。安全: autostash 保护未提交改动。"""
+    if rebase_in_progress():
+        print('SYNC_CONFLICT: 仓库处于未完成的 rebase 状态, AI 请先处理 (git rebase --abort 或 --continue)。')
+        return 3
+    if not has_remote():
+        if not quiet:
+            print('No remote configured - local-only mode, skip pull.')
+        touch_pull_marker()
+        return 0
+
+    branch = current_branch()
+    if not branch or branch == 'HEAD':
+        print('ERROR: detached HEAD or no branch - AI please check.')
+        return 1
+
+    r = git('pull', '--rebase', '--autostash', 'origin', branch)
+    if r.returncode != 0:
+        if 'CONFLICT' in (r.stdout + r.stderr) or rebase_in_progress():
+            return report_conflict(r.stderr or r.stdout)
+        print('Pull failed (network/remote?): ' + (r.stderr or r.stdout).strip()[:200])
+        print('继续离线工作, 产出不会丢失, 下次同步会自动补推。')
+        return 1
+
+    touch_pull_marker()
+    out = (r.stdout or '').strip()
+    if not quiet:
+        if 'up to date' in out.lower() or 'up-to-date' in out.lower():
+            print('Already up to date.')
+        else:
+            print('Pulled latest from team.')
+    return 0
+
+
+def summarize_changes():
+    """生成人类可读的提交摘要 (基于 staged 文件)"""
+    r = git('diff', '--cached', '--name-only')
+    files = [f for f in r.stdout.strip().splitlines() if f.strip()]
+    if not files:
+        return None, 0
+    cats = {'prd': 0, 'prototype': 0, 'task': 0, 'journal': 0, 'index': 0, 'other': 0}
+    for f in files:
+        fl = f.lower()
+        if 'prototype' in fl and fl.endswith('.html'):
+            cats['prototype'] += 1
+        elif '/prd/' in fl or fl.split('/')[-1].startswith(('req-', 'prd-')):
+            cats['prd'] += 1
+        elif '/tasks/' in fl:
+            cats['task'] += 1
+        elif '/journal/' in fl:
+            cats['journal'] += 1
+        elif 'data/index/' in fl:
+            cats['index'] += 1
+        else:
+            cats['other'] += 1
+    parts = []
+    label = {'prd': 'PRD', 'prototype': '原型', 'task': '任务', 'journal': '日志',
+             'index': '索引', 'other': '其他'}
+    for k, v in cats.items():
+        if v:
+            parts.append('{}x{}'.format(label[k], v))
+    return ' '.join(parts), len(files)
+
+
+def _stage_scopes_safely(skip_secret=False):
+    """用 allowlist 替代危险的 git add -A。
+
+    只 stage SYNC_SCOPES 下、扩展名在 SAFE_EXTENSIONS 里的文件。
+    其他文件 (如误放的 .env/.zip/.docx) 被跳过并打印警告。
+
+    Returns:
+        (staged_count, skipped_files)
+    """
+    staged = 0
+    skipped = []
+    for scope in SYNC_SCOPES:
+        scope_path = os.path.join(BASE, scope)
+        if not os.path.isdir(scope_path):
+            continue
+        # 用 git ls-files 拿已跟踪的 + git status 拿未跟踪的, 逐个判断扩展名
+        # 已跟踪文件: 直接 add (它们已经在版本控制, 不可能是新秘密)
+        r = git('ls-files', '--', scope)
+        tracked = [f for f in r.stdout.strip().splitlines() if f.strip()]
+        for f in tracked:
+            git('add', '--', f)
+            staged += 1
+        # 未跟踪的新文件: 按扩展名过滤
+        r = git('status', '--porcelain', '--', scope)
+        for line in r.stdout.strip().splitlines():
+            if not line.strip():
+                continue
+            # porcelain 格式: "XY filepath" (XY 是 2 字符状态)
+            status = line[:2]
+            fpath = line[3:]
+            if status[0] == '?' or status[1] == '?':  # 未跟踪
+                ext = os.path.splitext(fpath)[1].lower()
+                if ext in SAFE_EXTENSIONS:
+                    git('add', '--', fpath)
+                    staged += 1
+                else:
+                    skipped.append(fpath)
+            elif 'D' not in status:
+                # 修改/重命名等 (非删除) —— 已跟踪, 直接 add
+                # 重命名格式 "R  old -> new", 取 new
+                if '->' in fpath:
+                    fpath = fpath.split('->')[-1].strip().strip('"')
+                git('add', '--', fpath)
+                staged += 1
+    if skipped:
+        print('[gate] 跳过 {} 个非白名单文件 (可能含二进制/秘密, 手动处理):'.format(len(skipped)))
+        for s in skipped[:10]:
+            print('  ' + s)
+    return staged, skipped
+
+
+def do_push(message=None, skip_eval=False, skip_secret=False):
+    """提交我的产出并推送。零信任门禁 + 文件锁 + rebase 重试。
+
+    门禁 (任一失败则拒绝 commit/push):
+      1. 身份强制 (已注册 + 有本地密钥)
+      2. git 作者与注册身份一致
+      3. 秘密扫描 (AWS/GitHub/私钥/密码)
+      4. EVA PRD 质量门禁 (>=80%)
+    """
+    if rebase_in_progress():
+        print('SYNC_CONFLICT: 仓库处于未完成的 rebase 状态, AI 请先处理。')
+        return 3
+
+    dev = get_developer()
+
+    # === 文件锁: 串行化 push, 避免并发 stage/commit 交叉 ===
+    os.makedirs(os.path.dirname(PUSH_LOCK), exist_ok=True)
+    try:
+        lock_ctx = FileLock(PUSH_LOCK, timeout=60, stale_seconds=300)
+        lock_ctx.acquire()
+    except LockTimeoutError as e:
+        print('SYNC_BUSY: 另一个同步正在进行, 等待超时。稍后重试。')
+        print('  ' + str(e))
+        return 2  # lock contention
+
+    try:
+        return _do_push_locked(message, dev, skip_eval, skip_secret)
+    finally:
+        lock_ctx.release()
+
+
+def _do_push_locked(message, dev, skip_eval, skip_secret):
+    """锁内的实际 push 逻辑。"""
+    # 1. allowlist staging
+    staged_count, skipped = _stage_scopes_safely(skip_secret)
+
+    # 2. 取 staged 文件清单 (给门禁用)
+    r = git('diff', '--cached', '--name-only')
+    staged_files = [f for f in r.stdout.strip().splitlines() if f.strip()]
+
+    summary, count = summarize_changes()
+
+    # 3. 零信任门禁 (只在有东西要提交时才跑, 避免空提交报错)
+    if staged_files:
+        passed, reason = run_gates(
+            staged_files, dev, BASE,
+            skip_eval=skip_eval, skip_secret=skip_secret,
+        )
+        if not passed:
+            print(reason)
+            # 撤销 staging (用户修完再来)
+            rr = git('reset', 'HEAD', '--')
+            if rr.returncode != 0:
+                print('WARNING: 门禁失败后 git reset 失败, staged 文件可能仍暂存!')
+                print('  请手动跑: git reset HEAD --')
+            return 1
+
+    # 4. commit
+    if summary:
+        msg = message or '[wl-sync] {}: {}'.format(dev or 'unknown', summary)
+        r = git('commit', '-m', msg)
+        if r.returncode != 0:
+            print('Commit failed: ' + (r.stderr or r.stdout).strip()[:200])
+            return 1
+        print('Committed {} files: {}'.format(count, msg))
+    else:
+        print('Nothing new to commit.')
+
+    if not has_remote():
+        print('No remote configured - committed locally only.')
+        return 0
+
+    branch = current_branch()
+    if not branch or branch == 'HEAD':
+        print('ERROR: detached HEAD - AI please check.')
+        return 1
+
+    # 5. 检查是否有待推送的提交
+    git('fetch', 'origin', branch)
+    r = git('rev-list', '--count', 'origin/{}..HEAD'.format(branch))
+    ahead = int(r.stdout.strip() or 0) if r.returncode == 0 else 1
+    if ahead == 0:
+        print('Already in sync with team.')
+        touch_pull_marker()
+        return 0
+
+    # 6. pull --rebase + push, 失败重试
+    for attempt in range(1, MAX_PUSH_RETRY + 1):
+        r = git('pull', '--rebase', '--autostash', 'origin', branch)
+        if r.returncode != 0:
+            if 'CONFLICT' in (r.stdout + r.stderr) or rebase_in_progress():
+                return report_conflict(r.stderr or r.stdout)
+            # 非冲突的 pull 失败 (网络/auth/fetch 拒绝): 不往下 push (仓库可能处于
+            # 半 rebase 状态), 重试本循环
+            print('Pull failed (attempt {}): {}'.format(attempt, (r.stderr or r.stdout).strip()[:150]))
+            if rebase_in_progress():
+                # 兜底: 万一 pull 留下了未完成的 rebase, abort 掉防仓库损坏
+                git('rebase', '--abort')
+            continue
+
+        r = git('push', 'origin', branch)
+        if r.returncode == 0:
+            touch_pull_marker()
+            print('Synced to team. (attempt {})'.format(attempt))
+            # D2: 检测 PRD 发布并推飞书通知
+            _notify_prd_publications(staged_files)
+            return 0
+        if attempt < MAX_PUSH_RETRY:
+            print('Push rejected (someone pushed first?), retrying...')
+
+    print('Push failed after {} attempts: 产出已本地提交不会丢失, 下次同步自动补推。'.format(MAX_PUSH_RETRY))
+    return 1
+
+
+def do_status():
+    branch = current_branch()
+    print('Branch: {}'.format(branch))
+    print('Developer: {}'.format(get_developer() or 'NOT SET'))
+
+    if not has_remote():
+        print('Remote: none (local-only mode)')
+        return 0
+
+    git('fetch', 'origin', branch)
+    r = git('rev-list', '--left-right', '--count', 'origin/{}...HEAD'.format(branch))
+    if r.returncode == 0 and r.stdout.strip():
+        behind, ahead = r.stdout.split()
+        print('Ahead (待推送): {}, Behind (待拉取): {}'.format(ahead, behind))
+
+    r = git('status', '--short', '--', *SYNC_SCOPES)
+    dirty = [l for l in r.stdout.strip().splitlines() if l.strip()]
+    print('未同步的本地产出: {} 个文件'.format(len(dirty)))
+    for l in dirty[:10]:
+        print('  ' + l)
+
+    if os.path.isfile(PULL_MARKER):
+        with open(PULL_MARKER, encoding='utf-8') as f:
+            print('Last pull: ' + f.read().strip())
+    return 0
+
+
+def main():
+    args = sys.argv[1:]
+    cmd = args[0] if args else 'status'
+    message = None
+    if '-m' in args:
+        i = args.index('-m')
+        if i + 1 < len(args):
+            message = args[i + 1]
+    skip_eval = '--skip-eval' in args
+    skip_secret = '--skip-secret' in args
+
+    if not os.path.isdir(os.path.join(BASE, '.git')):
+        print('Not a git repository - skip sync.')
+        return 0
+
+    if cmd == 'pull':
+        return do_pull()
+    if cmd == 'push':
+        return do_push(message, skip_eval=skip_eval, skip_secret=skip_secret)
+    if cmd == 'status':
+        return do_status()
+    print('Usage: team_sync.py pull|push|status [-m "message"] [--skip-eval] [--skip-secret]')
+    return 1
+
+
+if __name__ == '__main__':
+    sys.exit(main())