@liangjie559567/ultrapower 5.5.11 → 5.5.13
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/.claude-plugin/marketplace.json +2 -2
- package/.claude-plugin/plugin.json +1 -1
- package/bridge/mcp-server.cjs +145 -38
- package/commands/wizard.md +5 -0
- package/dist/__tests__/validateMode.test.js +1 -1
- package/dist/__tests__/validateMode.test.js.map +1 -1
- package/dist/agents/__tests__/agent-wrapper.test.d.ts +2 -0
- package/dist/agents/__tests__/agent-wrapper.test.d.ts.map +1 -0
- package/dist/agents/__tests__/agent-wrapper.test.js +37 -0
- package/dist/agents/__tests__/agent-wrapper.test.js.map +1 -0
- package/dist/agents/__tests__/timeout-config.test.d.ts +2 -0
- package/dist/agents/__tests__/timeout-config.test.d.ts.map +1 -0
- package/dist/agents/__tests__/timeout-config.test.js +35 -0
- package/dist/agents/__tests__/timeout-config.test.js.map +1 -0
- package/dist/agents/__tests__/timeout-manager.test.d.ts +2 -0
- package/dist/agents/__tests__/timeout-manager.test.d.ts.map +1 -0
- package/dist/agents/__tests__/timeout-manager.test.js +37 -0
- package/dist/agents/__tests__/timeout-manager.test.js.map +1 -0
- package/dist/agents/agent-wrapper.d.ts +22 -0
- package/dist/agents/agent-wrapper.d.ts.map +1 -0
- package/dist/agents/agent-wrapper.js +51 -0
- package/dist/agents/agent-wrapper.js.map +1 -0
- package/dist/agents/index.d.ts +3 -0
- package/dist/agents/index.d.ts.map +1 -1
- package/dist/agents/index.js +4 -0
- package/dist/agents/index.js.map +1 -1
- package/dist/agents/timeout-config.d.ts +19 -0
- package/dist/agents/timeout-config.d.ts.map +1 -0
- package/dist/agents/timeout-config.js +57 -0
- package/dist/agents/timeout-config.js.map +1 -0
- package/dist/agents/timeout-manager.d.ts +30 -0
- package/dist/agents/timeout-manager.d.ts.map +1 -0
- package/dist/agents/timeout-manager.js +47 -0
- package/dist/agents/timeout-manager.js.map +1 -0
- package/dist/analytics/analytics-summary.d.ts.map +1 -1
- package/dist/analytics/analytics-summary.js +7 -1
- package/dist/analytics/analytics-summary.js.map +1 -1
- package/dist/analytics/metrics-collector.d.ts.map +1 -1
- package/dist/analytics/metrics-collector.js +9 -1
- package/dist/analytics/metrics-collector.js.map +1 -1
- package/dist/analytics/query-engine.d.ts.map +1 -1
- package/dist/analytics/query-engine.js +21 -3
- package/dist/analytics/query-engine.js.map +1 -1
- package/dist/analytics/token-tracker.js +3 -3
- package/dist/analytics/token-tracker.js.map +1 -1
- package/dist/analytics/transcript-scanner.d.ts.map +1 -1
- package/dist/analytics/transcript-scanner.js +1 -0
- package/dist/analytics/transcript-scanner.js.map +1 -1
- package/dist/audit/logger.d.ts +28 -0
- package/dist/audit/logger.d.ts.map +1 -0
- package/dist/audit/logger.js +78 -0
- package/dist/audit/logger.js.map +1 -0
- package/dist/audit/verify-cli.d.ts +2 -0
- package/dist/audit/verify-cli.d.ts.map +1 -0
- package/dist/audit/verify-cli.js +10 -0
- package/dist/audit/verify-cli.js.map +1 -0
- package/dist/core/hud-config.d.ts +19 -0
- package/dist/core/hud-config.d.ts.map +1 -0
- package/dist/core/hud-config.js +6 -0
- package/dist/core/hud-config.js.map +1 -0
- package/dist/core/job-types.d.ts +22 -0
- package/dist/core/job-types.d.ts.map +1 -0
- package/dist/core/job-types.js +6 -0
- package/dist/core/job-types.js.map +1 -0
- package/dist/features/diagnostics/error-matcher.d.ts +12 -0
- package/dist/features/diagnostics/error-matcher.d.ts.map +1 -0
- package/dist/features/diagnostics/error-matcher.js +41 -0
- package/dist/features/diagnostics/error-matcher.js.map +1 -0
- package/dist/features/diagnostics/index.d.ts +3 -0
- package/dist/features/diagnostics/index.d.ts.map +1 -0
- package/dist/features/diagnostics/index.js +3 -0
- package/dist/features/diagnostics/index.js.map +1 -0
- package/dist/features/diagnostics/solution-suggester.d.ts +12 -0
- package/dist/features/diagnostics/solution-suggester.d.ts.map +1 -0
- package/dist/features/diagnostics/solution-suggester.js +46 -0
- package/dist/features/diagnostics/solution-suggester.js.map +1 -0
- package/dist/features/diagnostics/types.d.ts +25 -0
- package/dist/features/diagnostics/types.d.ts.map +1 -0
- package/dist/features/diagnostics/types.js +5 -0
- package/dist/features/diagnostics/types.js.map +1 -0
- package/dist/features/state-manager/__tests__/cache.test.js +17 -17
- package/dist/features/state-manager/__tests__/cache.test.js.map +1 -1
- package/dist/features/state-manager/__tests__/encryption-performance.test.d.ts +2 -0
- package/dist/features/state-manager/__tests__/encryption-performance.test.d.ts.map +1 -0
- package/dist/features/state-manager/__tests__/encryption-performance.test.js +42 -0
- package/dist/features/state-manager/__tests__/encryption-performance.test.js.map +1 -0
- package/dist/features/state-manager/__tests__/encryption.test.d.ts +2 -0
- package/dist/features/state-manager/__tests__/encryption.test.d.ts.map +1 -0
- package/dist/features/state-manager/__tests__/encryption.test.js +68 -0
- package/dist/features/state-manager/__tests__/encryption.test.js.map +1 -0
- package/dist/features/state-manager/encryption.d.ts +24 -0
- package/dist/features/state-manager/encryption.d.ts.map +1 -0
- package/dist/features/state-manager/encryption.js +86 -0
- package/dist/features/state-manager/encryption.js.map +1 -0
- package/dist/features/state-manager/index.d.ts +4 -0
- package/dist/features/state-manager/index.d.ts.map +1 -1
- package/dist/features/state-manager/index.js +94 -6
- package/dist/features/state-manager/index.js.map +1 -1
- package/dist/features/state-manager/tiered-writer.d.ts +44 -0
- package/dist/features/state-manager/tiered-writer.d.ts.map +1 -0
- package/dist/features/state-manager/tiered-writer.js +76 -0
- package/dist/features/state-manager/tiered-writer.js.map +1 -0
- package/dist/features/state-manager/wal.d.ts +21 -0
- package/dist/features/state-manager/wal.d.ts.map +1 -0
- package/dist/features/state-manager/wal.js +75 -0
- package/dist/features/state-manager/wal.js.map +1 -0
- package/dist/features/task-templates/index.d.ts +13 -0
- package/dist/features/task-templates/index.d.ts.map +1 -0
- package/dist/features/task-templates/index.js +31 -0
- package/dist/features/task-templates/index.js.map +1 -0
- package/dist/features/task-templates/wizard-integration.d.ts +15 -0
- package/dist/features/task-templates/wizard-integration.d.ts.map +1 -0
- package/dist/features/task-templates/wizard-integration.js +27 -0
- package/dist/features/task-templates/wizard-integration.js.map +1 -0
- package/dist/features/wizard/__tests__/engine.test.d.ts +2 -0
- package/dist/features/wizard/__tests__/engine.test.d.ts.map +1 -0
- package/dist/features/wizard/__tests__/engine.test.js +78 -0
- package/dist/features/wizard/__tests__/engine.test.js.map +1 -0
- package/dist/features/wizard/__tests__/recommendation-engine.test.d.ts +2 -0
- package/dist/features/wizard/__tests__/recommendation-engine.test.d.ts.map +1 -0
- package/dist/features/wizard/__tests__/recommendation-engine.test.js +43 -0
- package/dist/features/wizard/__tests__/recommendation-engine.test.js.map +1 -0
- package/dist/features/wizard/engine.d.ts +15 -0
- package/dist/features/wizard/engine.d.ts.map +1 -0
- package/dist/features/wizard/engine.js +74 -0
- package/dist/features/wizard/engine.js.map +1 -0
- package/dist/features/wizard/index.d.ts +8 -0
- package/dist/features/wizard/index.d.ts.map +1 -0
- package/dist/features/wizard/index.js +7 -0
- package/dist/features/wizard/index.js.map +1 -0
- package/dist/features/wizard/questions.d.ts +6 -0
- package/dist/features/wizard/questions.d.ts.map +1 -0
- package/dist/features/wizard/questions.js +64 -0
- package/dist/features/wizard/questions.js.map +1 -0
- package/dist/features/wizard/recommendation-engine.d.ts +6 -0
- package/dist/features/wizard/recommendation-engine.d.ts.map +1 -0
- package/dist/features/wizard/recommendation-engine.js +33 -0
- package/dist/features/wizard/recommendation-engine.js.map +1 -0
- package/dist/features/wizard/types.d.ts +23 -0
- package/dist/features/wizard/types.d.ts.map +1 -0
- package/dist/features/wizard/types.js +5 -0
- package/dist/features/wizard/types.js.map +1 -0
- package/dist/features/workflow-recommender/context-analyzer.d.ts +6 -0
- package/dist/features/workflow-recommender/context-analyzer.d.ts.map +1 -0
- package/dist/features/workflow-recommender/context-analyzer.js +20 -0
- package/dist/features/workflow-recommender/context-analyzer.js.map +1 -0
- package/dist/features/workflow-recommender/index.d.ts +8 -0
- package/dist/features/workflow-recommender/index.d.ts.map +1 -0
- package/dist/features/workflow-recommender/index.js +7 -0
- package/dist/features/workflow-recommender/index.js.map +1 -0
- package/dist/features/workflow-recommender/intent-classifier.d.ts +6 -0
- package/dist/features/workflow-recommender/intent-classifier.d.ts.map +1 -0
- package/dist/features/workflow-recommender/intent-classifier.js +24 -0
- package/dist/features/workflow-recommender/intent-classifier.js.map +1 -0
- package/dist/features/workflow-recommender/recommendation-engine.d.ts +6 -0
- package/dist/features/workflow-recommender/recommendation-engine.d.ts.map +1 -0
- package/dist/features/workflow-recommender/recommendation-engine.js +110 -0
- package/dist/features/workflow-recommender/recommendation-engine.js.map +1 -0
- package/dist/features/workflow-recommender/types.d.ts +20 -0
- package/dist/features/workflow-recommender/types.d.ts.map +1 -0
- package/dist/features/workflow-recommender/types.js +5 -0
- package/dist/features/workflow-recommender/types.js.map +1 -0
- package/dist/hooks/__tests__/bridge-normalize.test.d.ts +2 -0
- package/dist/hooks/__tests__/bridge-normalize.test.d.ts.map +1 -0
- package/dist/hooks/__tests__/bridge-normalize.test.js +90 -0
- package/dist/hooks/__tests__/bridge-normalize.test.js.map +1 -0
- package/dist/hooks/__tests__/bridge-security.test.js +23 -41
- package/dist/hooks/__tests__/bridge-security.test.js.map +1 -1
- package/dist/hooks/auto-slash-command/__tests__/detector.test.d.ts +2 -0
- package/dist/hooks/auto-slash-command/__tests__/detector.test.d.ts.map +1 -0
- package/dist/hooks/auto-slash-command/__tests__/detector.test.js +70 -0
- package/dist/hooks/auto-slash-command/__tests__/detector.test.js.map +1 -0
- package/dist/hooks/auto-slash-command/__tests__/executor.test.d.ts +2 -0
- package/dist/hooks/auto-slash-command/__tests__/executor.test.d.ts.map +1 -0
- package/dist/hooks/auto-slash-command/__tests__/executor.test.js +55 -0
- package/dist/hooks/auto-slash-command/__tests__/executor.test.js.map +1 -0
- package/dist/hooks/auto-slash-command/__tests__/index.test.d.ts +2 -0
- package/dist/hooks/auto-slash-command/__tests__/index.test.d.ts.map +1 -0
- package/dist/hooks/auto-slash-command/__tests__/index.test.js +50 -0
- package/dist/hooks/auto-slash-command/__tests__/index.test.js.map +1 -0
- package/dist/hooks/autopilot/__tests__/prompts.test.js +19 -1
- package/dist/hooks/autopilot/__tests__/prompts.test.js.map +1 -1
- package/dist/hooks/autopilot/enforcement.d.ts +1 -1
- package/dist/hooks/autopilot/enforcement.d.ts.map +1 -1
- package/dist/hooks/autopilot/enforcement.js +1 -1
- package/dist/hooks/autopilot/enforcement.js.map +1 -1
- package/dist/hooks/bridge-normalize.d.ts +43 -3
- package/dist/hooks/bridge-normalize.d.ts.map +1 -1
- package/dist/hooks/bridge-normalize.js +110 -15
- package/dist/hooks/bridge-normalize.js.map +1 -1
- package/dist/hooks/bridge-types.d.ts +48 -0
- package/dist/hooks/bridge-types.d.ts.map +1 -0
- package/dist/hooks/bridge-types.js +6 -0
- package/dist/hooks/bridge-types.js.map +1 -0
- package/dist/hooks/bridge.d.ts +1 -43
- package/dist/hooks/bridge.d.ts.map +1 -1
- package/dist/hooks/bridge.js +18 -2
- package/dist/hooks/bridge.js.map +1 -1
- package/dist/hooks/dependency-analyzer.d.ts +32 -0
- package/dist/hooks/dependency-analyzer.d.ts.map +1 -0
- package/dist/hooks/dependency-analyzer.js +199 -0
- package/dist/hooks/dependency-analyzer.js.map +1 -0
- package/dist/hooks/index.d.ts +2 -1
- package/dist/hooks/index.d.ts.map +1 -1
- package/dist/hooks/index.js.map +1 -1
- package/dist/hooks/learner/__tests__/detector.test.d.ts +2 -0
- package/dist/hooks/learner/__tests__/detector.test.d.ts.map +1 -0
- package/dist/hooks/learner/__tests__/detector.test.js +170 -0
- package/dist/hooks/learner/__tests__/detector.test.js.map +1 -0
- package/dist/hooks/learner/__tests__/index.test.d.ts +2 -0
- package/dist/hooks/learner/__tests__/index.test.d.ts.map +1 -0
- package/dist/hooks/learner/__tests__/index.test.js +48 -0
- package/dist/hooks/learner/__tests__/index.test.js.map +1 -0
- package/dist/hooks/learner/__tests__/matcher.test.d.ts +2 -0
- package/dist/hooks/learner/__tests__/matcher.test.d.ts.map +1 -0
- package/dist/hooks/learner/__tests__/matcher.test.js +114 -0
- package/dist/hooks/learner/__tests__/matcher.test.js.map +1 -0
- package/dist/hooks/learner/__tests__/promotion.test.d.ts +2 -0
- package/dist/hooks/learner/__tests__/promotion.test.d.ts.map +1 -0
- package/dist/hooks/learner/__tests__/promotion.test.js +146 -0
- package/dist/hooks/learner/__tests__/promotion.test.js.map +1 -0
- package/dist/hooks/learner/__tests__/validator.test.d.ts +2 -0
- package/dist/hooks/learner/__tests__/validator.test.d.ts.map +1 -0
- package/dist/hooks/learner/__tests__/validator.test.js +123 -0
- package/dist/hooks/learner/__tests__/validator.test.js.map +1 -0
- package/dist/hooks/learner/__tests__/writer.test.d.ts +2 -0
- package/dist/hooks/learner/__tests__/writer.test.d.ts.map +1 -0
- package/dist/hooks/learner/__tests__/writer.test.js +141 -0
- package/dist/hooks/learner/__tests__/writer.test.js.map +1 -0
- package/dist/hooks/learner/detection-hook.js +2 -2
- package/dist/hooks/learner/detection-hook.js.map +1 -1
- package/dist/hooks/parallel-executor.d.ts +24 -0
- package/dist/hooks/parallel-executor.d.ts.map +1 -0
- package/dist/hooks/parallel-executor.js +82 -0
- package/dist/hooks/parallel-executor.js.map +1 -0
- package/dist/hooks/persistent-mode/index.d.ts +2 -21
- package/dist/hooks/persistent-mode/index.d.ts.map +1 -1
- package/dist/hooks/persistent-mode/index.js +4 -85
- package/dist/hooks/persistent-mode/index.js.map +1 -1
- package/dist/hooks/persistent-mode/tool-error.d.ts +15 -0
- package/dist/hooks/persistent-mode/tool-error.d.ts.map +1 -0
- package/dist/hooks/persistent-mode/tool-error.js +80 -0
- package/dist/hooks/persistent-mode/tool-error.js.map +1 -0
- package/dist/hooks/pre-compact/index.d.ts.map +1 -1
- package/dist/hooks/pre-compact/index.js +0 -1
- package/dist/hooks/pre-compact/index.js.map +1 -1
- package/dist/hooks/project-memory/learner.d.ts +13 -1
- package/dist/hooks/project-memory/learner.d.ts.map +1 -1
- package/dist/hooks/project-memory/learner.js +24 -12
- package/dist/hooks/project-memory/learner.js.map +1 -1
- package/dist/hooks/race-detector.d.ts +51 -0
- package/dist/hooks/race-detector.d.ts.map +1 -0
- package/dist/hooks/race-detector.js +121 -0
- package/dist/hooks/race-detector.js.map +1 -0
- package/dist/hooks/ralph/__tests__/loop.test.d.ts +2 -0
- package/dist/hooks/ralph/__tests__/loop.test.d.ts.map +1 -0
- package/dist/hooks/ralph/__tests__/loop.test.js +268 -0
- package/dist/hooks/ralph/__tests__/loop.test.js.map +1 -0
- package/dist/hooks/ralph/__tests__/prd.test.d.ts +2 -0
- package/dist/hooks/ralph/__tests__/prd.test.d.ts.map +1 -0
- package/dist/hooks/ralph/__tests__/prd.test.js +197 -0
- package/dist/hooks/ralph/__tests__/prd.test.js.map +1 -0
- package/dist/hooks/ralph/__tests__/progress.test.d.ts +2 -0
- package/dist/hooks/ralph/__tests__/progress.test.d.ts.map +1 -0
- package/dist/hooks/ralph/__tests__/progress.test.js +120 -0
- package/dist/hooks/ralph/__tests__/progress.test.js.map +1 -0
- package/dist/hooks/ralph/__tests__/verifier.test.d.ts +2 -0
- package/dist/hooks/ralph/__tests__/verifier.test.d.ts.map +1 -0
- package/dist/hooks/ralph/__tests__/verifier.test.js +75 -0
- package/dist/hooks/ralph/__tests__/verifier.test.js.map +1 -0
- package/dist/hooks/recovery/__tests__/context-window.test.d.ts +2 -0
- package/dist/hooks/recovery/__tests__/context-window.test.d.ts.map +1 -0
- package/dist/hooks/recovery/__tests__/context-window.test.js +131 -0
- package/dist/hooks/recovery/__tests__/context-window.test.js.map +1 -0
- package/dist/hooks/recovery/__tests__/edit-error.test.d.ts +2 -0
- package/dist/hooks/recovery/__tests__/edit-error.test.d.ts.map +1 -0
- package/dist/hooks/recovery/__tests__/edit-error.test.js +88 -0
- package/dist/hooks/recovery/__tests__/edit-error.test.js.map +1 -0
- package/dist/hooks/recovery/__tests__/index.test.d.ts +2 -0
- package/dist/hooks/recovery/__tests__/index.test.d.ts.map +1 -0
- package/dist/hooks/recovery/__tests__/index.test.js +270 -0
- package/dist/hooks/recovery/__tests__/index.test.js.map +1 -0
- package/dist/hooks/recovery/__tests__/session-recovery.test.d.ts +2 -0
- package/dist/hooks/recovery/__tests__/session-recovery.test.d.ts.map +1 -0
- package/dist/hooks/recovery/__tests__/session-recovery.test.js +129 -0
- package/dist/hooks/recovery/__tests__/session-recovery.test.js.map +1 -0
- package/dist/hooks/recovery/__tests__/storage.test.d.ts +2 -0
- package/dist/hooks/recovery/__tests__/storage.test.d.ts.map +1 -0
- package/dist/hooks/recovery/__tests__/storage.test.js +549 -0
- package/dist/hooks/recovery/__tests__/storage.test.js.map +1 -0
- package/dist/hooks/rules-injector/__tests__/finder.test.d.ts +2 -0
- package/dist/hooks/rules-injector/__tests__/finder.test.d.ts.map +1 -0
- package/dist/hooks/rules-injector/__tests__/finder.test.js +68 -0
- package/dist/hooks/rules-injector/__tests__/finder.test.js.map +1 -0
- package/dist/hooks/rules-injector/__tests__/index.test.d.ts +2 -0
- package/dist/hooks/rules-injector/__tests__/index.test.d.ts.map +1 -0
- package/dist/hooks/rules-injector/__tests__/index.test.js +58 -0
- package/dist/hooks/rules-injector/__tests__/index.test.js.map +1 -0
- package/dist/hooks/rules-injector/__tests__/matcher.test.d.ts +2 -0
- package/dist/hooks/rules-injector/__tests__/matcher.test.d.ts.map +1 -0
- package/dist/hooks/rules-injector/__tests__/matcher.test.js +86 -0
- package/dist/hooks/rules-injector/__tests__/matcher.test.js.map +1 -0
- package/dist/hooks/rules-injector/__tests__/parser.test.d.ts +2 -0
- package/dist/hooks/rules-injector/__tests__/parser.test.d.ts.map +1 -0
- package/dist/hooks/rules-injector/__tests__/parser.test.js +86 -0
- package/dist/hooks/rules-injector/__tests__/parser.test.js.map +1 -0
- package/dist/hooks/session-end/__tests__/index.test.d.ts +2 -0
- package/dist/hooks/session-end/__tests__/index.test.d.ts.map +1 -0
- package/dist/hooks/session-end/__tests__/index.test.js +77 -0
- package/dist/hooks/session-end/__tests__/index.test.js.map +1 -0
- package/dist/hooks/session-end/callbacks.d.ts +1 -1
- package/dist/hooks/session-end/index.d.ts +2 -21
- package/dist/hooks/session-end/index.d.ts.map +1 -1
- package/dist/hooks/session-end/index.js.map +1 -1
- package/dist/hooks/session-end/types.d.ts +26 -0
- package/dist/hooks/session-end/types.d.ts.map +1 -0
- package/dist/hooks/session-end/types.js +6 -0
- package/dist/hooks/session-end/types.js.map +1 -0
- package/dist/hooks/setup/__tests__/index.test.d.ts +2 -0
- package/dist/hooks/setup/__tests__/index.test.d.ts.map +1 -0
- package/dist/hooks/setup/__tests__/index.test.js +68 -0
- package/dist/hooks/setup/__tests__/index.test.js.map +1 -0
- package/dist/hooks/team-pipeline/__tests__/state.test.d.ts +2 -0
- package/dist/hooks/team-pipeline/__tests__/state.test.d.ts.map +1 -0
- package/dist/hooks/team-pipeline/__tests__/state.test.js +94 -0
- package/dist/hooks/team-pipeline/__tests__/state.test.js.map +1 -0
- package/dist/hud/elements/autopilot.d.ts +1 -1
- package/dist/hud/elements/autopilot.d.ts.map +1 -1
- package/dist/hud/state.d.ts.map +1 -1
- package/dist/hud/state.js +69 -1
- package/dist/hud/state.js.map +1 -1
- package/dist/hud/types.d.ts +2 -15
- package/dist/hud/types.d.ts.map +1 -1
- package/dist/hud/types.js.map +1 -1
- package/dist/lib/__tests__/validateMode.test.d.ts +2 -0
- package/dist/lib/__tests__/validateMode.test.d.ts.map +1 -0
- package/dist/lib/__tests__/validateMode.test.js +61 -0
- package/dist/lib/__tests__/validateMode.test.js.map +1 -0
- package/dist/lib/path-validator.d.ts +25 -0
- package/dist/lib/path-validator.d.ts.map +1 -0
- package/dist/lib/path-validator.js +81 -0
- package/dist/lib/path-validator.js.map +1 -0
- package/dist/lib/validateMode.d.ts +3 -0
- package/dist/lib/validateMode.d.ts.map +1 -1
- package/dist/lib/validateMode.js +28 -2
- package/dist/lib/validateMode.js.map +1 -1
- package/dist/mcp/__tests__/cli-detection.test.d.ts +2 -0
- package/dist/mcp/__tests__/cli-detection.test.d.ts.map +1 -0
- package/dist/mcp/__tests__/cli-detection.test.js +50 -0
- package/dist/mcp/__tests__/cli-detection.test.js.map +1 -0
- package/dist/mcp/__tests__/codex-core.test.d.ts +2 -0
- package/dist/mcp/__tests__/codex-core.test.d.ts.map +1 -0
- package/dist/mcp/__tests__/codex-core.test.js +143 -0
- package/dist/mcp/__tests__/codex-core.test.js.map +1 -0
- package/dist/mcp/__tests__/codex-integration.test.d.ts +2 -0
- package/dist/mcp/__tests__/codex-integration.test.d.ts.map +1 -0
- package/dist/mcp/__tests__/codex-integration.test.js +59 -0
- package/dist/mcp/__tests__/codex-integration.test.js.map +1 -0
- package/dist/mcp/__tests__/gemini-core.test.d.ts +2 -0
- package/dist/mcp/__tests__/gemini-core.test.d.ts.map +1 -0
- package/dist/mcp/__tests__/gemini-core.test.js +53 -0
- package/dist/mcp/__tests__/gemini-core.test.js.map +1 -0
- package/dist/mcp/__tests__/gemini-integration.test.d.ts +2 -0
- package/dist/mcp/__tests__/gemini-integration.test.d.ts.map +1 -0
- package/dist/mcp/__tests__/gemini-integration.test.js +50 -0
- package/dist/mcp/__tests__/gemini-integration.test.js.map +1 -0
- package/dist/mcp/__tests__/job-state-db-deprecation.test.js +48 -1
- package/dist/mcp/__tests__/job-state-db-deprecation.test.js.map +1 -1
- package/dist/mcp/__tests__/omc-tools-server.test.d.ts +2 -0
- package/dist/mcp/__tests__/omc-tools-server.test.d.ts.map +1 -0
- package/dist/mcp/__tests__/omc-tools-server.test.js +108 -0
- package/dist/mcp/__tests__/omc-tools-server.test.js.map +1 -0
- package/dist/mcp/__tests__/prompt-injection.test.d.ts +2 -0
- package/dist/mcp/__tests__/prompt-injection.test.d.ts.map +1 -0
- package/dist/mcp/__tests__/prompt-injection.test.js +86 -0
- package/dist/mcp/__tests__/prompt-injection.test.js.map +1 -0
- package/dist/mcp/job-state-db.d.ts +1 -1
- package/dist/mcp/job-state-db.d.ts.map +1 -1
- package/dist/mcp/prompt-persistence.d.ts +2 -17
- package/dist/mcp/prompt-persistence.d.ts.map +1 -1
- package/dist/mcp/prompt-persistence.js.map +1 -1
- package/dist/team/__tests__/deadlock-detector.test.d.ts +2 -0
- package/dist/team/__tests__/deadlock-detector.test.d.ts.map +1 -0
- package/dist/team/__tests__/deadlock-detector.test.js +50 -0
- package/dist/team/__tests__/deadlock-detector.test.js.map +1 -0
- package/dist/team/__tests__/dependency-graph.test.d.ts +2 -0
- package/dist/team/__tests__/dependency-graph.test.d.ts.map +1 -0
- package/dist/team/__tests__/dependency-graph.test.js +29 -0
- package/dist/team/__tests__/dependency-graph.test.js.map +1 -0
- package/dist/team/capabilities.d.ts +1 -2
- package/dist/team/capabilities.d.ts.map +1 -1
- package/dist/team/capabilities.js.map +1 -1
- package/dist/team/deadlock-detector.d.ts +16 -0
- package/dist/team/deadlock-detector.d.ts.map +1 -0
- package/dist/team/deadlock-detector.js +52 -0
- package/dist/team/deadlock-detector.js.map +1 -0
- package/dist/team/dependency-graph.d.ts +23 -0
- package/dist/team/dependency-graph.d.ts.map +1 -0
- package/dist/team/dependency-graph.js +35 -0
- package/dist/team/dependency-graph.js.map +1 -0
- package/dist/team/index.d.ts +3 -0
- package/dist/team/index.d.ts.map +1 -1
- package/dist/team/index.js +2 -0
- package/dist/team/index.js.map +1 -1
- package/dist/team/types.d.ts +15 -4
- package/dist/team/types.d.ts.map +1 -1
- package/dist/team/types.js +0 -1
- package/dist/team/types.js.map +1 -1
- package/dist/team/unified-team.d.ts +2 -11
- package/dist/team/unified-team.d.ts.map +1 -1
- package/dist/team/unified-team.js.map +1 -1
- package/dist/tools/__tests__/ast-tools.test.d.ts +2 -0
- package/dist/tools/__tests__/ast-tools.test.d.ts.map +1 -0
- package/dist/tools/__tests__/ast-tools.test.js +178 -0
- package/dist/tools/__tests__/ast-tools.test.js.map +1 -0
- package/dist/tools/__tests__/lsp-tools.test.d.ts +2 -0
- package/dist/tools/__tests__/lsp-tools.test.d.ts.map +1 -0
- package/dist/tools/__tests__/lsp-tools.test.js +252 -0
- package/dist/tools/__tests__/lsp-tools.test.js.map +1 -0
- package/dist/tools/diagnostics/__tests__/index.test.d.ts +2 -0
- package/dist/tools/diagnostics/__tests__/index.test.d.ts.map +1 -0
- package/dist/tools/diagnostics/__tests__/index.test.js +111 -0
- package/dist/tools/diagnostics/__tests__/index.test.js.map +1 -0
- package/dist/tools/diagnostics/__tests__/lsp-aggregator.test.d.ts +2 -0
- package/dist/tools/diagnostics/__tests__/lsp-aggregator.test.d.ts.map +1 -0
- package/dist/tools/diagnostics/__tests__/lsp-aggregator.test.js +120 -0
- package/dist/tools/diagnostics/__tests__/lsp-aggregator.test.js.map +1 -0
- package/dist/tools/diagnostics/__tests__/tsc-runner.test.d.ts +2 -0
- package/dist/tools/diagnostics/__tests__/tsc-runner.test.d.ts.map +1 -0
- package/dist/tools/diagnostics/__tests__/tsc-runner.test.js +86 -0
- package/dist/tools/diagnostics/__tests__/tsc-runner.test.js.map +1 -0
- package/dist/tools/diagnostics/constants.d.ts +5 -0
- package/dist/tools/diagnostics/constants.d.ts.map +1 -0
- package/dist/tools/diagnostics/constants.js +5 -0
- package/dist/tools/diagnostics/constants.js.map +1 -0
- package/dist/tools/diagnostics/index.d.ts +2 -1
- package/dist/tools/diagnostics/index.d.ts.map +1 -1
- package/dist/tools/diagnostics/index.js +2 -1
- package/dist/tools/diagnostics/index.js.map +1 -1
- package/dist/tools/diagnostics/lsp-aggregator.js +1 -1
- package/dist/tools/diagnostics/lsp-aggregator.js.map +1 -1
- package/dist/tools/lsp/__tests__/utils.test.d.ts +2 -0
- package/dist/tools/lsp/__tests__/utils.test.d.ts.map +1 -0
- package/dist/tools/lsp/__tests__/utils.test.js +338 -0
- package/dist/tools/lsp/__tests__/utils.test.js.map +1 -0
- package/dist/tools/lsp/utils.d.ts.map +1 -1
- package/dist/tools/lsp/utils.js +2 -2
- package/dist/tools/lsp/utils.js.map +1 -1
- package/dist/tools/python-repl/__tests__/bridge-manager.test.d.ts +2 -0
- package/dist/tools/python-repl/__tests__/bridge-manager.test.d.ts.map +1 -0
- package/dist/tools/python-repl/__tests__/bridge-manager.test.js +338 -0
- package/dist/tools/python-repl/__tests__/bridge-manager.test.js.map +1 -0
- package/dist/tools/python-repl/__tests__/socket-client.test.d.ts +2 -0
- package/dist/tools/python-repl/__tests__/socket-client.test.d.ts.map +1 -0
- package/dist/tools/python-repl/__tests__/socket-client.test.js +155 -0
- package/dist/tools/python-repl/__tests__/socket-client.test.js.map +1 -0
- package/dist/tools/python-repl/bridge-manager.d.ts +4 -0
- package/dist/tools/python-repl/bridge-manager.d.ts.map +1 -1
- package/dist/tools/python-repl/bridge-manager.js +4 -1
- package/dist/tools/python-repl/bridge-manager.js.map +1 -1
- package/docs/CLAUDE.md +1 -1
- package/docs/guides/task-templates-guide.md +153 -0
- package/docs/guides/troubleshooting-guide.md +110 -0
- package/docs/guides/wizard-user-guide.md +85 -0
- package/docs/guides/workflow-recommendation-guide.md +97 -0
- package/docs/reviews/ultrapower-security/review_critic.md +450 -0
- package/docs/reviews/ultrapower-tech-review/review_tech.md +180 -0
- package/docs/troubleshooting/agent-timeouts.md +37 -0
- package/docs/troubleshooting/common-errors.md +37 -0
- package/docs/troubleshooting/hook-failures.md +29 -0
- package/docs/troubleshooting/performance-issues.md +41 -0
- package/docs/troubleshooting/state-corruption.md +36 -0
- package/package.json +2 -1
- package/scripts/analyze-dependencies.ts +47 -0
- package/scripts/analyze-hook-coverage.ts +55 -0
- package/scripts/performance-regression.ts +28 -0
- package/scripts/profiling.ts +95 -0
- package/scripts/run-profiling.ts +64 -0
- package/scripts/test-parallel-execution.ts +72 -0
- package/scripts/test-race-detection.ts +57 -0
- package/scripts/test-tiered-writer.ts +60 -0
- package/scripts/test-wal-integration.ts +29 -0
- package/scripts/test-wal.ts +48 -0
- package/skills/next-step-router/SKILL.md +17 -0
- package/skills/wizard/SKILL.md +103 -72
- package/templates/tasks/README.md +45 -0
- package/templates/tasks/bug-fix.md +37 -0
- package/templates/tasks/code-review.md +36 -0
- package/templates/tasks/feature-development.md +43 -0
- package/templates/tasks/refactoring.md +37 -0
- package/templates/tasks/security-audit.md +37 -0
|
@@ -0,0 +1,450 @@
|
|
|
1
|
+
# Critic Review: Ultrapower 安全性与健壮性评审
|
|
2
|
+
|
|
3
|
+
**评审日期**: 2026-03-03
|
|
4
|
+
**评审范围**: 安全漏洞、边界情况、逻辑一致性
|
|
5
|
+
**评审材料**: runtime-protection.md, bridge-normalize.ts, validateMode.ts, atomic-write.ts, state-manager
|
|
6
|
+
|
|
7
|
+
---
|
|
8
|
+
|
|
9
|
+
## 评分:2.5/5 (Conditional Pass - 需要重大改进)
|
|
10
|
+
|
|
11
|
+
**结论**: 系统存在多个 P0 级安全漏洞和逻辑不一致问题,必须在生产环境部署前修复。当前实现虽有安全意识,但执行不彻底,存在多处防护缺口。
|
|
12
|
+
|
|
13
|
+
---
|
|
14
|
+
|
|
15
|
+
## 1. 安全审计 (Security Audit - FAIL)
|
|
16
|
+
|
|
17
|
+
### 🔴 P0 - 严重安全漏洞
|
|
18
|
+
|
|
19
|
+
#### 1.1 permission-request 静默降级 (差异点 D-05)
|
|
20
|
+
**位置**: `src/hooks/persistent-mode/index.ts`
|
|
21
|
+
|
|
22
|
+
```typescript
|
|
23
|
+
// ❌ 当前实现:permission-request 失败时静默降级
|
|
24
|
+
export function createHookOutput(result: PersistentModeResult): {
|
|
25
|
+
continue: boolean; message?: string;
|
|
26
|
+
} {
|
|
27
|
+
return { continue: true, message: result.message || undefined };
|
|
28
|
+
// 注意:始终返回 { continue: true },包括 permission-request 失败时
|
|
29
|
+
}
|
|
30
|
+
```
|
|
31
|
+
|
|
32
|
+
**风险等级**: 🔴 Critical
|
|
33
|
+
**影响**: 权限检查失败时系统继续执行,绕过安全边界
|
|
34
|
+
**攻击场景**:
|
|
35
|
+
- 恶意工具调用在权限被拒绝后仍然执行
|
|
36
|
+
- 敏感操作(文件删除、网络请求)未经授权执行
|
|
37
|
+
|
|
38
|
+
**修复要求**:
|
|
39
|
+
```typescript
|
|
40
|
+
// ✅ 必须实现
|
|
41
|
+
if (hookType === 'permission-request' && result.error) {
|
|
42
|
+
return { continue: false, message: result.message };
|
|
43
|
+
}
|
|
44
|
+
```
|
|
45
|
+
|
|
46
|
+
---
|
|
47
|
+
|
|
48
|
+
#### 1.2 状态文件未加密 (P1 → P0 升级)
|
|
49
|
+
**位置**: `.omc/state/*.json`, `agent-replay-*.jsonl`
|
|
50
|
+
|
|
51
|
+
**当前状态**:
|
|
52
|
+
- 文件权限: `0o600` (仅所有者可读写) ✅
|
|
53
|
+
- 内容加密: ❌ 无
|
|
54
|
+
- 敏感数据: 包含代码片段、API 调用、可能的密钥片段
|
|
55
|
+
|
|
56
|
+
**风险等级**: 🔴 High
|
|
57
|
+
**攻击场景**:
|
|
58
|
+
- 磁盘被物理访问时,状态文件明文可读
|
|
59
|
+
- 备份系统可能泄露敏感上下文
|
|
60
|
+
- 多用户系统上,root 用户可读取所有状态
|
|
61
|
+
|
|
62
|
+
**修复建议**:
|
|
63
|
+
1. 对 `agent-replay-*.jsonl` 实施字段级加密(敏感字段:prompt、toolInput、toolOutput)
|
|
64
|
+
2. 使用用户密钥派生(基于 session_id + 机器标识)
|
|
65
|
+
3. 保留 7 天自动清理机制
|
|
66
|
+
|
|
67
|
+
---
|
|
68
|
+
|
|
69
|
+
#### 1.3 Windows 平台 rename 竞态条件
|
|
70
|
+
**位置**: `src/lib/atomic-write.ts`
|
|
71
|
+
|
|
72
|
+
**问题描述**:
|
|
73
|
+
```typescript
|
|
74
|
+
// Windows 上,如果目标文件被其他进程持有,renameSync 会失败
|
|
75
|
+
await fs.rename(tempPath, filePath);
|
|
76
|
+
```
|
|
77
|
+
|
|
78
|
+
**风险等级**: 🟡 Medium
|
|
79
|
+
**影响**:
|
|
80
|
+
- 并发写入时可能导致状态文件损坏
|
|
81
|
+
- `subagent-tracking.json` 在高并发场景下易受影响
|
|
82
|
+
|
|
83
|
+
**当前缓解措施**:
|
|
84
|
+
- `subagent-tracking.json` 使用文件锁 + debounce ✅
|
|
85
|
+
- 其他状态文件无额外保护 ❌
|
|
86
|
+
|
|
87
|
+
**修复建议**:
|
|
88
|
+
- 统一所有状态文件使用 debounce + 文件锁(技术债务 TD-4)
|
|
89
|
+
- Windows 平台增加重试机制(最多 3 次,间隔 50ms)
|
|
90
|
+
|
|
91
|
+
---
|
|
92
|
+
|
|
93
|
+
### 🟡 P1 - 中等安全风险
|
|
94
|
+
|
|
95
|
+
#### 1.4 非敏感 Hook 未知字段透传 (差异点 D-06)
|
|
96
|
+
**位置**: `src/hooks/bridge-normalize.ts:198-230`
|
|
97
|
+
|
|
98
|
+
**当前行为**:
|
|
99
|
+
```typescript
|
|
100
|
+
// 非敏感 hook:未知字段透传,仅记录 debug 警告
|
|
101
|
+
if (!isSensitive) {
|
|
102
|
+
extra[key] = value;
|
|
103
|
+
console.debug(`Unknown field "${key}" passed through`);
|
|
104
|
+
}
|
|
105
|
+
```
|
|
106
|
+
|
|
107
|
+
**风险**:
|
|
108
|
+
- 攻击者可注入未知字段污染内部状态
|
|
109
|
+
- 日志注入攻击(如果 key 包含控制字符)
|
|
110
|
+
|
|
111
|
+
**修复要求** (v2):
|
|
112
|
+
- 统一所有 15 类 HookType 使用严格白名单
|
|
113
|
+
- 未知字段一律丢弃,不透传
|
|
114
|
+
|
|
115
|
+
---
|
|
116
|
+
|
|
117
|
+
#### 1.5 Mode 参数校验覆盖不完整
|
|
118
|
+
**位置**: 多处状态文件路径拼接
|
|
119
|
+
|
|
120
|
+
**已防护**:
|
|
121
|
+
- `src/lib/validateMode.ts` 提供 `assertValidMode()` ✅
|
|
122
|
+
- 8 个合法 mode 值白名单 ✅
|
|
123
|
+
|
|
124
|
+
**未防护**:
|
|
125
|
+
- 部分旧代码直接拼接路径,未调用 `assertValidMode()` ❌
|
|
126
|
+
- 需要全代码库审计确保 100% 覆盖
|
|
127
|
+
|
|
128
|
+
**验证命令**:
|
|
129
|
+
```bash
|
|
130
|
+
# 查找未使用 assertValidMode 的路径拼接
|
|
131
|
+
grep -r "\.omc/state/\${" src/ | grep -v "assertValidMode"
|
|
132
|
+
```
|
|
133
|
+
|
|
134
|
+
---
|
|
135
|
+
|
|
136
|
+
## 2. 边界情况分析 (Edge Case Analysis)
|
|
137
|
+
|
|
138
|
+
### 🔴 Critical Edge Cases
|
|
139
|
+
|
|
140
|
+
#### 2.1 并发状态写入冲突
|
|
141
|
+
**场景**: 多个 agent 同时写入 `subagent-tracking.json`
|
|
142
|
+
|
|
143
|
+
**当前保护**:
|
|
144
|
+
- debounce (100ms) ✅
|
|
145
|
+
- flushInProgress Set ✅
|
|
146
|
+
- 文件锁 (PID:timestamp) ✅
|
|
147
|
+
- mergeTrackerStates 合并策略 ✅
|
|
148
|
+
|
|
149
|
+
**缺失保护**:
|
|
150
|
+
- 其他状态文件(`team-state.json`, `ralph-state.json`)无 debounce ❌
|
|
151
|
+
- 差异点 D-07: subagent-tracker 内部即时写入使用 `writeFileSync`,无原子保护
|
|
152
|
+
|
|
153
|
+
**测试覆盖**:
|
|
154
|
+
- `src/hooks/__tests__/compaction-concurrency.test.ts` ✅
|
|
155
|
+
- `src/hooks/subagent-tracker/__tests__/flush-race.test.ts` ✅
|
|
156
|
+
|
|
157
|
+
**风险**: 在 Team 模式下,5+ agents 并发写入可能导致状态丢失
|
|
158
|
+
|
|
159
|
+
---
|
|
160
|
+
|
|
161
|
+
#### 2.2 状态文件损坏恢复
|
|
162
|
+
**场景**: JSON 解析失败、部分写入、磁盘满
|
|
163
|
+
|
|
164
|
+
**当前处理**:
|
|
165
|
+
```typescript
|
|
166
|
+
// src/lib/atomic-write.ts: safeReadJson
|
|
167
|
+
export function safeReadJson<T>(filePath: string): T | null {
|
|
168
|
+
// ENOENT 或 JSON.parse 失败时返回 null(不崩溃)
|
|
169
|
+
}
|
|
170
|
+
```
|
|
171
|
+
|
|
172
|
+
**问题**:
|
|
173
|
+
- 返回 `null` 后,调用方使用空状态初始化 ✅
|
|
174
|
+
- 但损坏文件未被备份,直接覆盖 ❌
|
|
175
|
+
- 无法事后分析损坏原因
|
|
176
|
+
|
|
177
|
+
**修复建议**:
|
|
178
|
+
```typescript
|
|
179
|
+
// 损坏文件重命名为 .corrupted.{timestamp}
|
|
180
|
+
if (parseError) {
|
|
181
|
+
fs.renameSync(filePath, `${filePath}.corrupted.${Date.now()}`);
|
|
182
|
+
}
|
|
183
|
+
```
|
|
184
|
+
|
|
185
|
+
---
|
|
186
|
+
|
|
187
|
+
#### 2.3 极端输入处理
|
|
188
|
+
|
|
189
|
+
##### 空字符串 / 空对象
|
|
190
|
+
**测试覆盖**:
|
|
191
|
+
- `validateMode('')` → `false` ✅
|
|
192
|
+
- `normalizeHookInput({})` → `{}` ✅
|
|
193
|
+
|
|
194
|
+
##### 超大输入
|
|
195
|
+
**问题**:
|
|
196
|
+
- `assertValidMode()` 截断到 50 字符 ✅
|
|
197
|
+
- 但 Hook 输入未限制大小 ❌
|
|
198
|
+
- 恶意 1GB `tool_response` 可导致内存耗尽
|
|
199
|
+
|
|
200
|
+
**修复建议**:
|
|
201
|
+
```typescript
|
|
202
|
+
// bridge-normalize.ts 增加大小限制
|
|
203
|
+
const MAX_FIELD_SIZE = 10 * 1024 * 1024; // 10MB
|
|
204
|
+
if (typeof value === 'string' && value.length > MAX_FIELD_SIZE) {
|
|
205
|
+
value = value.slice(0, MAX_FIELD_SIZE) + '...(truncated)';
|
|
206
|
+
}
|
|
207
|
+
```
|
|
208
|
+
|
|
209
|
+
##### Unicode / 控制字符
|
|
210
|
+
**未测试**:
|
|
211
|
+
- mode = `"auto\u0000pilot"` (null byte)
|
|
212
|
+
- hookType = `"setup\r\n-init"` (CRLF 注入)
|
|
213
|
+
|
|
214
|
+
---
|
|
215
|
+
|
|
216
|
+
#### 2.4 竞态条件
|
|
217
|
+
|
|
218
|
+
##### Session 隔离失效
|
|
219
|
+
**场景**: 两个 session 同时操作同一 mode 状态
|
|
220
|
+
|
|
221
|
+
**当前行为**:
|
|
222
|
+
- 会话级状态: `.omc/state/sessions/{sessionId}/` ✅
|
|
223
|
+
- 回退到全局状态: `.omc/state/{mode}-state.json` ❌
|
|
224
|
+
|
|
225
|
+
**问题**:
|
|
226
|
+
- 如果 sessionId 未传递,两个 session 共享同一状态文件
|
|
227
|
+
- 后写入覆盖先写入,导致状态丢失
|
|
228
|
+
|
|
229
|
+
**测试**: `src/hooks/persistent-mode/session-isolation.test.ts` ✅
|
|
230
|
+
|
|
231
|
+
---
|
|
232
|
+
|
|
233
|
+
### 🟡 Medium Edge Cases
|
|
234
|
+
|
|
235
|
+
#### 2.5 磁盘空间耗尽
|
|
236
|
+
**场景**: 原子写入时磁盘满
|
|
237
|
+
|
|
238
|
+
**当前处理**:
|
|
239
|
+
```typescript
|
|
240
|
+
// atomicWriteJson 会抛出异常
|
|
241
|
+
const fd = await fs.open(tempPath, "wx", 0o600);
|
|
242
|
+
await fd.write(jsonContent, 0, "utf-8"); // 可能失败
|
|
243
|
+
```
|
|
244
|
+
|
|
245
|
+
**问题**:
|
|
246
|
+
- 临时文件可能残留 ❌
|
|
247
|
+
- 无自动清理机制
|
|
248
|
+
|
|
249
|
+
**修复**:
|
|
250
|
+
```typescript
|
|
251
|
+
} catch (err) {
|
|
252
|
+
// 清理临时文件
|
|
253
|
+
try { fs.unlinkSync(tempPath); } catch {}
|
|
254
|
+
throw err;
|
|
255
|
+
}
|
|
256
|
+
```
|
|
257
|
+
|
|
258
|
+
---
|
|
259
|
+
|
|
260
|
+
#### 2.6 时区 / 时间戳问题
|
|
261
|
+
**场景**: 跨时区协作、系统时间回拨
|
|
262
|
+
|
|
263
|
+
**当前实现**:
|
|
264
|
+
- 所有时间戳使用 `new Date().toISOString()` ✅
|
|
265
|
+
- UTC 时间,无时区问题 ✅
|
|
266
|
+
|
|
267
|
+
**潜在问题**:
|
|
268
|
+
- 系统时间回拨时,`started_at > completed_at` 可能为真
|
|
269
|
+
- 文件锁 stale 检测依赖时间戳,可能误判
|
|
270
|
+
|
|
271
|
+
---
|
|
272
|
+
|
|
273
|
+
## 3. 逻辑一致性 (Logical Consistency)
|
|
274
|
+
|
|
275
|
+
### 🔴 Critical Inconsistencies
|
|
276
|
+
|
|
277
|
+
#### 3.1 Hook 敏感级别不一致
|
|
278
|
+
**问题**: PRD 描述 3 类敏感 hook,实际实现 4 类
|
|
279
|
+
|
|
280
|
+
**PRD**: `permission-request`, `setup`, `session-end`
|
|
281
|
+
**实现**: `permission-request`, `setup-init`, `setup-maintenance`, `session-end`
|
|
282
|
+
|
|
283
|
+
**差异点 D-01**: `setup` 拆分为两个独立类型
|
|
284
|
+
|
|
285
|
+
**影响**:
|
|
286
|
+
- 文档与代码不一致,维护者困惑
|
|
287
|
+
- 如果新增 `setup-*` 类型,可能忘记加入 `SENSITIVE_HOOKS`
|
|
288
|
+
|
|
289
|
+
**修复**: 更新 PRD 或统一实现
|
|
290
|
+
|
|
291
|
+
---
|
|
292
|
+
|
|
293
|
+
#### 3.2 状态文件并发保护不统一
|
|
294
|
+
**问题**: 不同状态文件使用不同保护机制
|
|
295
|
+
|
|
296
|
+
| 文件 | 保护级别 |
|
|
297
|
+
|------|---------|
|
|
298
|
+
| `subagent-tracking.json` | 四层保护(debounce + 锁 + 合并 + 原子写入) |
|
|
299
|
+
| `team-state.json` | 仅原子写入 |
|
|
300
|
+
| `ralph-state.json` | 仅原子写入 |
|
|
301
|
+
|
|
302
|
+
**差异点 D-07**: subagent-tracker 内部即时写入使用 `writeFileSync`
|
|
303
|
+
|
|
304
|
+
**影响**:
|
|
305
|
+
- 高并发场景下,`team-state.json` 更易损坏
|
|
306
|
+
- 维护者无法预测哪些文件需要额外保护
|
|
307
|
+
|
|
308
|
+
**修复**: 技术债务 TD-4 - 统一为 debounce + atomic
|
|
309
|
+
|
|
310
|
+
---
|
|
311
|
+
|
|
312
|
+
#### 3.3 错误处理策略不一致
|
|
313
|
+
|
|
314
|
+
**观察**:
|
|
315
|
+
- `safeReadJson()` 返回 `null`(不崩溃)✅
|
|
316
|
+
- `assertValidMode()` 抛出异常(崩溃)✅
|
|
317
|
+
- `normalizeHookInput()` 记录警告但继续(不崩溃)✅
|
|
318
|
+
|
|
319
|
+
**问题**:
|
|
320
|
+
- 无统一的错误处理哲学
|
|
321
|
+
- 部分函数静默失败,部分函数崩溃
|
|
322
|
+
- 调用方无法预测行为
|
|
323
|
+
|
|
324
|
+
**建议**:
|
|
325
|
+
- 制定错误处理规范:何时崩溃、何时降级、何时重试
|
|
326
|
+
- 文档化每个模块的错误策略
|
|
327
|
+
|
|
328
|
+
---
|
|
329
|
+
|
|
330
|
+
### 🟡 Medium Inconsistencies
|
|
331
|
+
|
|
332
|
+
#### 3.4 Mode 数量不一致
|
|
333
|
+
**差异点 D-03**: PRD 描述 7 个 mode,实际 8 个(含 `swarm`)
|
|
334
|
+
|
|
335
|
+
**影响**: 文档过时,新贡献者困惑
|
|
336
|
+
|
|
337
|
+
---
|
|
338
|
+
|
|
339
|
+
#### 3.5 测试覆盖不均衡
|
|
340
|
+
**统计**:
|
|
341
|
+
- 测试文件数: 231 个 ✅
|
|
342
|
+
- try-catch 块数: 999 个(227 个文件)✅
|
|
343
|
+
- 测试覆盖率: 未提供(估计 40-60%)❌
|
|
344
|
+
|
|
345
|
+
**问题**:
|
|
346
|
+
- 核心安全模块(`validateMode.ts`, `bridge-normalize.ts`)有测试 ✅
|
|
347
|
+
- 但边界情况测试不足(Unicode、超大输入、磁盘满)❌
|
|
348
|
+
- 集成测试覆盖不足(多 agent 并发、状态恢复)❌
|
|
349
|
+
|
|
350
|
+
---
|
|
351
|
+
|
|
352
|
+
## 4. 严重阻碍 (Major Blockers)
|
|
353
|
+
|
|
354
|
+
### 必须修复才能发布 (P0)
|
|
355
|
+
|
|
356
|
+
1. **permission-request 静默降级** (差异点 D-05)
|
|
357
|
+
- 修复时间: 2 小时
|
|
358
|
+
- 风险: 安全边界失效
|
|
359
|
+
|
|
360
|
+
2. **状态文件加密** (agent-replay-*.jsonl)
|
|
361
|
+
- 修复时间: 1-2 天
|
|
362
|
+
- 风险: 敏感数据泄露
|
|
363
|
+
|
|
364
|
+
3. **Mode 参数校验全覆盖审计**
|
|
365
|
+
- 修复时间: 4 小时
|
|
366
|
+
- 风险: 路径遍历攻击
|
|
367
|
+
|
|
368
|
+
### 应该修复 (P1)
|
|
369
|
+
|
|
370
|
+
4. **非敏感 Hook 白名单统一** (差异点 D-06)
|
|
371
|
+
- 修复时间: 1 天
|
|
372
|
+
- 风险: 字段注入攻击
|
|
373
|
+
|
|
374
|
+
5. **状态文件并发保护统一** (差异点 D-07, TD-4)
|
|
375
|
+
- 修复时间: 2-3 天
|
|
376
|
+
- 风险: 高并发下状态损坏
|
|
377
|
+
|
|
378
|
+
6. **超大输入限制**
|
|
379
|
+
- 修复时间: 4 小时
|
|
380
|
+
- 风险: 内存耗尽 DoS
|
|
381
|
+
|
|
382
|
+
---
|
|
383
|
+
|
|
384
|
+
## 5. 推荐改进 (Recommendations)
|
|
385
|
+
|
|
386
|
+
### 短期 (1-2 周)
|
|
387
|
+
|
|
388
|
+
1. **增加边界情况测试**
|
|
389
|
+
- Unicode / 控制字符注入
|
|
390
|
+
- 磁盘空间耗尽
|
|
391
|
+
- 超大输入(1GB+ tool_response)
|
|
392
|
+
|
|
393
|
+
2. **状态文件损坏备份**
|
|
394
|
+
- 损坏文件重命名为 `.corrupted.{timestamp}`
|
|
395
|
+
- 保留最近 3 个损坏文件用于分析
|
|
396
|
+
|
|
397
|
+
3. **Windows 平台重试机制**
|
|
398
|
+
- rename 失败时重试 3 次
|
|
399
|
+
- 间隔 50ms
|
|
400
|
+
|
|
401
|
+
### 中期 (1-2 月)
|
|
402
|
+
|
|
403
|
+
4. **统一错误处理策略**
|
|
404
|
+
- 制定规范文档
|
|
405
|
+
- 审计所有 try-catch 块(999 个)
|
|
406
|
+
|
|
407
|
+
5. **集成测试增强**
|
|
408
|
+
- 多 agent 并发场景(5+ agents)
|
|
409
|
+
- 状态恢复流程(损坏、丢失、版本不兼容)
|
|
410
|
+
|
|
411
|
+
6. **安全审计自动化**
|
|
412
|
+
- CI 检查 `.gitignore` 包含 `.omc/`
|
|
413
|
+
- 静态分析检测未使用 `assertValidMode()` 的路径拼接
|
|
414
|
+
|
|
415
|
+
### 长期 (3-6 月)
|
|
416
|
+
|
|
417
|
+
7. **状态文件加密框架**
|
|
418
|
+
- 字段级加密(敏感字段)
|
|
419
|
+
- 密钥管理(用户密钥派生)
|
|
420
|
+
|
|
421
|
+
8. **监控与告警**
|
|
422
|
+
- 状态文件损坏率监控
|
|
423
|
+
- 并发冲突检测
|
|
424
|
+
- 异常 mode 参数告警
|
|
425
|
+
|
|
426
|
+
---
|
|
427
|
+
|
|
428
|
+
## 6. 总结
|
|
429
|
+
|
|
430
|
+
**优点**:
|
|
431
|
+
- ✅ 核心安全机制已实现(mode 白名单、原子写入、文件权限)
|
|
432
|
+
- ✅ 有安全意识,文档完善(runtime-protection.md)
|
|
433
|
+
- ✅ 测试覆盖较好(231 个测试文件)
|
|
434
|
+
|
|
435
|
+
**缺点**:
|
|
436
|
+
- ❌ 执行不彻底,存在多处防护缺口
|
|
437
|
+
- ❌ 逻辑不一致,不同模块使用不同策略
|
|
438
|
+
- ❌ 边界情况测试不足
|
|
439
|
+
|
|
440
|
+
**最终评分**: 2.5/5 (Conditional Pass)
|
|
441
|
+
|
|
442
|
+
**发布建议**:
|
|
443
|
+
- 必须修复 3 个 P0 问题后才能发布生产环境
|
|
444
|
+
- P1 问题可在后续版本修复,但需在 CHANGELOG 中明确标注风险
|
|
445
|
+
- 建议进行外部安全审计(penetration testing)
|
|
446
|
+
|
|
447
|
+
---
|
|
448
|
+
|
|
449
|
+
**评审人**: The Critic (批判者)
|
|
450
|
+
**评审时间**: 2026-03-03 08:03 UTC
|
|
@@ -0,0 +1,180 @@
|
|
|
1
|
+
### ⚠️ 架构风险
|
|
2
|
+
|
|
3
|
+
**循环依赖问题**
|
|
4
|
+
- 多个模块间存在循环引用
|
|
5
|
+
- 影响:构建顺序敏感,可能导致运行时错误
|
|
6
|
+
- 建议:引入依赖注入容器或事件总线解耦
|
|
7
|
+
|
|
8
|
+
**状态管理复杂度**
|
|
9
|
+
- 多种状态文件:`.omc/state/{mode}-state.json`
|
|
10
|
+
- 会话级状态:`.omc/state/sessions/{sessionId}/`
|
|
11
|
+
- 状态同步机制需要严格测试
|
|
12
|
+
|
|
13
|
+
**并发控制**
|
|
14
|
+
- Team 模式支持多 Agent 并行
|
|
15
|
+
- 需要关注:资源竞争、死锁、超时处理
|
|
16
|
+
- 当前有 `agent-lifecycle.md` 规范,但实现复杂度高
|
|
17
|
+
|
|
18
|
+
**风险等级**: 🟡 中等(需持续监控)
|
|
19
|
+
|
|
20
|
+
---
|
|
21
|
+
|
|
22
|
+
## 3. 技术债务评估
|
|
23
|
+
|
|
24
|
+
### 📊 债务指标
|
|
25
|
+
|
|
26
|
+
| 指标 | 当前值 | 目标值 | 状态 |
|
|
27
|
+
|------|--------|--------|------|
|
|
28
|
+
| `any` 类型使用 | 603 次 | <200 | 🔴 高 |
|
|
29
|
+
| 源码文件数 | 661 个 | - | ✅ |
|
|
30
|
+
| 测试文件数 | 231 个 | - | ✅ |
|
|
31
|
+
| 测试覆盖率 | 40-60% | >80% | 🟡 中 |
|
|
32
|
+
| TypeScript strict | ✅ 已启用 | ✅ | ✅ |
|
|
33
|
+
|
|
34
|
+
### 🔴 P0 技术债务
|
|
35
|
+
|
|
36
|
+
**1. any 类型泛滥 (603 处)**
|
|
37
|
+
- 影响:类型安全丧失,运行时错误风险高
|
|
38
|
+
- 建议:
|
|
39
|
+
- 优先修复核心模块(agents/、team/、hooks/)
|
|
40
|
+
- 使用 `unknown` 替代 `any`,强制类型收窄
|
|
41
|
+
- 引入 `zod` schema 验证外部输入
|
|
42
|
+
|
|
43
|
+
**2. 测试覆盖率不足 (40-60%)**
|
|
44
|
+
- 影响:重构风险高,回归测试不充分
|
|
45
|
+
- 建议:
|
|
46
|
+
- 核心路径(Agent 路由、状态机转换)达到 90%+
|
|
47
|
+
- Hook 系统需要集成测试
|
|
48
|
+
- 添加 E2E 测试覆盖关键工作流
|
|
49
|
+
|
|
50
|
+
### 🟡 P1 技术债务
|
|
51
|
+
|
|
52
|
+
**3. 循环依赖**
|
|
53
|
+
- 影响:模块耦合度高,难以独立测试
|
|
54
|
+
- 建议:使用 `madge` 工具检测并逐步解耦
|
|
55
|
+
|
|
56
|
+
**4. 错误处理不统一**
|
|
57
|
+
- 影响:调试困难,用户体验差
|
|
58
|
+
- 建议:引入统一的错误类型体系和错误边界
|
|
59
|
+
|
|
60
|
+
---
|
|
61
|
+
|
|
62
|
+
## 4. 架构质量评估
|
|
63
|
+
|
|
64
|
+
### ✅ 优秀实践
|
|
65
|
+
|
|
66
|
+
1. **规范文档完善**
|
|
67
|
+
- `docs/standards/` 包含 7 个核心规范文档
|
|
68
|
+
- 安全规范:路径遍历防护、输入消毒
|
|
69
|
+
- 状态机规范:清晰的转换矩阵
|
|
70
|
+
|
|
71
|
+
2. **安全设计**
|
|
72
|
+
- `assertValidMode()` 路径校验
|
|
73
|
+
- Hook 输入白名单过滤
|
|
74
|
+
- 状态文件权限控制
|
|
75
|
+
|
|
76
|
+
3. **可观测性**
|
|
77
|
+
- Analytics 引擎:使用指标追踪
|
|
78
|
+
- Trace 系统:Hook/Agent/Tool 调用链
|
|
79
|
+
- 审计日志:`.omc/logs/`
|
|
80
|
+
|
|
81
|
+
### ⚠️ 改进空间
|
|
82
|
+
|
|
83
|
+
1. **性能优化**
|
|
84
|
+
- 大量文件 I/O 操作,缺少缓存层
|
|
85
|
+
- Agent 并行度可配置性不足
|
|
86
|
+
- 建议:引入 LRU 缓存、连接池
|
|
87
|
+
|
|
88
|
+
2. **可测试性**
|
|
89
|
+
- 部分模块依赖文件系统,Mock 困难
|
|
90
|
+
- 建议:抽象文件系统接口
|
|
91
|
+
|
|
92
|
+
3. **文档同步**
|
|
93
|
+
- 代码与文档可能不同步
|
|
94
|
+
- 建议:CI 中添加文档验证步骤
|
|
95
|
+
|
|
96
|
+
---
|
|
97
|
+
|
|
98
|
+
## 5. 实施风险评估
|
|
99
|
+
|
|
100
|
+
### 🟢 低风险项
|
|
101
|
+
|
|
102
|
+
- ✅ 技术栈成熟稳定
|
|
103
|
+
- ✅ 模块化设计清晰
|
|
104
|
+
- ✅ 有完整的规范文档
|
|
105
|
+
|
|
106
|
+
### 🟡 中风险项
|
|
107
|
+
|
|
108
|
+
- ⚠️ **any 类型债务**: 需要 2-3 个 sprint 逐步清理
|
|
109
|
+
- ⚠️ **测试覆盖率**: 需要持续投入,优先核心路径
|
|
110
|
+
- ⚠️ **循环依赖**: 需要架构重构,影响范围大
|
|
111
|
+
|
|
112
|
+
### 🔴 高风险项
|
|
113
|
+
|
|
114
|
+
- 🔴 **并发控制复杂度**:
|
|
115
|
+
- Team 模式下多 Agent 协调
|
|
116
|
+
- 状态同步、死锁检测、超时处理
|
|
117
|
+
- 建议:先做 POC 验证关键场景
|
|
118
|
+
|
|
119
|
+
- 🔴 **MCP 协议依赖**:
|
|
120
|
+
- 外部协议变更风险
|
|
121
|
+
- 建议:抽象 MCP 适配层,降低耦合
|
|
122
|
+
|
|
123
|
+
---
|
|
124
|
+
|
|
125
|
+
## 6. 实施计划建议
|
|
126
|
+
|
|
127
|
+
### Phase 1: 债务清理 (2-3 周)
|
|
128
|
+
1. 修复核心模块 any 类型(agents/、team/、hooks/)
|
|
129
|
+
2. 补充核心路径单元测试(目标 80%+)
|
|
130
|
+
3. 使用 `madge` 检测并修复循环依赖
|
|
131
|
+
|
|
132
|
+
### Phase 2: 架构加固 (2-3 周)
|
|
133
|
+
1. 引入统一错误处理体系
|
|
134
|
+
2. 添加性能监控和缓存层
|
|
135
|
+
3. 完善 E2E 测试套件
|
|
136
|
+
|
|
137
|
+
### Phase 3: 持续优化 (长期)
|
|
138
|
+
1. 监控 MCP 协议变更,及时适配
|
|
139
|
+
2. 定期 Review 技术债务指标
|
|
140
|
+
3. 优化并发控制和资源管理
|
|
141
|
+
|
|
142
|
+
---
|
|
143
|
+
|
|
144
|
+
## 7. 结论
|
|
145
|
+
|
|
146
|
+
### ✅ Pass(有条件通过)
|
|
147
|
+
|
|
148
|
+
**通过理由**:
|
|
149
|
+
- 技术选型合理,架构设计清晰
|
|
150
|
+
- 有完善的规范文档和安全设计
|
|
151
|
+
- 核心功能可实现,风险可控
|
|
152
|
+
|
|
153
|
+
**前置条件**:
|
|
154
|
+
1. **必须**: 完成 Phase 1 债务清理(P0 优先级)
|
|
155
|
+
2. **必须**: 核心路径测试覆盖率达到 80%+
|
|
156
|
+
3. **建议**: 完成并发控制 POC 验证
|
|
157
|
+
|
|
158
|
+
### 📊 工作量估算
|
|
159
|
+
|
|
160
|
+
| 阶段 | 工作量 | 优先级 |
|
|
161
|
+
|------|--------|--------|
|
|
162
|
+
| Phase 1: 债务清理 | 2-3 周 | P0 |
|
|
163
|
+
| Phase 2: 架构加固 | 2-3 周 | P1 |
|
|
164
|
+
| Phase 3: 持续优化 | 长期 | P2 |
|
|
165
|
+
|
|
166
|
+
**总计**: 4-6 周可达到生产就绪状态
|
|
167
|
+
|
|
168
|
+
---
|
|
169
|
+
|
|
170
|
+
## 8. 关键建议
|
|
171
|
+
|
|
172
|
+
1. **立即行动**: 清理核心模块 any 类型,引入 zod 验证
|
|
173
|
+
2. **短期目标**: 测试覆盖率达到 80%,修复循环依赖
|
|
174
|
+
3. **长期规划**: 建立技术债务监控机制,定期 Review
|
|
175
|
+
4. **风险缓解**: 为并发控制和 MCP 适配准备降级方案
|
|
176
|
+
|
|
177
|
+
---
|
|
178
|
+
|
|
179
|
+
**评审签名**: Tech Lead
|
|
180
|
+
**评审日期**: 2026-03-03
|
|
@@ -0,0 +1,37 @@
|
|
|
1
|
+
# Agent Timeouts
|
|
2
|
+
|
|
3
|
+
## Timeout Configuration
|
|
4
|
+
|
|
5
|
+
Default timeouts by agent type:
|
|
6
|
+
- Haiku: 2 minutes
|
|
7
|
+
- Sonnet: 5 minutes
|
|
8
|
+
- Opus: 10 minutes
|
|
9
|
+
|
|
10
|
+
## Common Causes
|
|
11
|
+
|
|
12
|
+
1. **Large codebase analysis**: Agent reading too many files
|
|
13
|
+
2. **Complex operations**: Multi-step refactoring
|
|
14
|
+
3. **Network issues**: MCP provider delays
|
|
15
|
+
|
|
16
|
+
## Solutions
|
|
17
|
+
|
|
18
|
+
### Increase Timeout
|
|
19
|
+
Edit `src/agents/timeout-config.ts`:
|
|
20
|
+
```typescript
|
|
21
|
+
export const AGENT_TIMEOUTS = {
|
|
22
|
+
haiku: 180000, // 3 min
|
|
23
|
+
sonnet: 600000, // 10 min
|
|
24
|
+
opus: 1200000 // 20 min
|
|
25
|
+
};
|
|
26
|
+
```
|
|
27
|
+
|
|
28
|
+
### Break Down Task
|
|
29
|
+
- Split large tasks into smaller chunks
|
|
30
|
+
- Use incremental approach
|
|
31
|
+
- Limit file scope
|
|
32
|
+
|
|
33
|
+
### Agent Stuck
|
|
34
|
+
If agent appears hung:
|
|
35
|
+
1. Use `/ultrapower:cancel`
|
|
36
|
+
2. Clear `.omc/state/` files
|
|
37
|
+
3. Restart with reduced scope
|
|
@@ -0,0 +1,37 @@
|
|
|
1
|
+
# Common Errors
|
|
2
|
+
|
|
3
|
+
## TypeScript Errors
|
|
4
|
+
|
|
5
|
+
### TS2339: Property does not exist
|
|
6
|
+
**Cause**: Accessing undefined property or type mismatch
|
|
7
|
+
|
|
8
|
+
**Solution**:
|
|
9
|
+
1. Run `tsc --noEmit` to see all errors
|
|
10
|
+
2. Check type definitions
|
|
11
|
+
3. Add missing properties or fix type annotations
|
|
12
|
+
|
|
13
|
+
### Import Errors
|
|
14
|
+
**Cause**: Missing .js extension or wrong path
|
|
15
|
+
|
|
16
|
+
**Solution**:
|
|
17
|
+
1. Verify file exists at import path
|
|
18
|
+
2. Add .js extension for ESM imports
|
|
19
|
+
3. Run `npm install` to ensure dependencies
|
|
20
|
+
|
|
21
|
+
## Runtime Errors
|
|
22
|
+
|
|
23
|
+
### ENOENT: File not found
|
|
24
|
+
**Cause**: Missing file or incorrect path
|
|
25
|
+
|
|
26
|
+
**Solution**:
|
|
27
|
+
1. Verify file path is correct
|
|
28
|
+
2. Check file permissions
|
|
29
|
+
3. Ensure .omc/ directory structure exists
|
|
30
|
+
|
|
31
|
+
### Permission Denied
|
|
32
|
+
**Cause**: Insufficient file system permissions
|
|
33
|
+
|
|
34
|
+
**Solution**:
|
|
35
|
+
1. Check file/directory permissions
|
|
36
|
+
2. Run with appropriate user privileges
|
|
37
|
+
3. Verify allowedDirectories in config
|