@namewta/speculo 0.1.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/LICENSE +21 -0
- package/README.md +89 -0
- package/dist/src/cli.d.ts +2 -0
- package/dist/src/cli.js +58 -0
- package/dist/src/cli.js.map +1 -0
- package/dist/src/index.d.ts +10 -0
- package/dist/src/index.js +60 -0
- package/dist/src/index.js.map +1 -0
- package/dist/src/utils.d.ts +1 -0
- package/dist/src/utils.js +11 -0
- package/dist/src/utils.js.map +1 -0
- package/package.json +54 -0
- package/speculo/.speculo/.config/LESSONS.md +9 -0
- package/speculo/.speculo/.config/RULES.md +9 -0
- package/speculo/.speculo/.config/adr/.gitkeep +1 -0
- package/speculo/.speculo/.config/context/.gitkeep +1 -0
- package/speculo/.speculo/archive/dev/.gitkeep +0 -0
- package/speculo/.speculo/archive/doc/.gitkeep +1 -0
- package/speculo/.speculo/commands/.gitkeep +0 -0
- package/speculo/.speculo/dev/.gitkeep +0 -0
- package/speculo/.speculo/dev/docs-sync-state.json +14 -0
- package/speculo/.speculo/dev-status.json +3 -0
- package/speculo/.speculo/doc/.gitkeep +1 -0
- package/speculo/.speculo/doc-status.json +3 -0
- package/speculo/commands/archive.md +53 -0
- package/speculo/commands/caveman.md +43 -0
- package/speculo/commands/grill-me.md +42 -0
- package/speculo/commands/handoff.md +42 -0
- package/speculo/commands/scaffold-exercises.md +50 -0
- package/speculo/commands/status.md +51 -0
- package/speculo/commands/write-a-skill.md +46 -0
- package/speculo/skills/caveman/SKILL.md +38 -0
- package/speculo/skills/caveman/references/compression-rules.md +102 -0
- package/speculo/skills/github-npm-ops/SKILL.md +53 -0
- package/speculo/skills/github-npm-ops/references/ci-and-security-ops.md +178 -0
- package/speculo/skills/github-npm-ops/references/failure-recovery.md +132 -0
- package/speculo/skills/github-npm-ops/references/issue-pr-triage.md +219 -0
- package/speculo/skills/github-npm-ops/references/package-json-checklist.md +171 -0
- package/speculo/skills/github-npm-ops/references/preflight-checklist.md +39 -0
- package/speculo/skills/github-npm-ops/references/publish-detection.md +68 -0
- package/speculo/skills/github-npm-ops/references/release-notes-injection.md +236 -0
- package/speculo/skills/github-npm-ops/references/release-pipeline.md +108 -0
- package/speculo/skills/github-npm-ops/references/setup-npm-token.md +63 -0
- package/speculo/skills/github-npm-ops/references/troubleshooting-playbook.md +305 -0
- package/speculo/skills/github-npm-ops/references/version-bump-flow.md +232 -0
- package/speculo/skills/github-npm-ops/references/workflow-yaml-reference.md +268 -0
- package/speculo/skills/grill-me/SKILL.md +40 -0
- package/speculo/skills/handoff/SKILL.md +41 -0
- package/speculo/skills/scaffold-exercises/SKILL.md +41 -0
- package/speculo/skills/scaffold-exercises/references/exercise-structure.md +85 -0
- package/speculo/skills/scaffold-exercises/references/lint-and-git.md +54 -0
- package/speculo/skills/speculo-write/SKILL.md +53 -0
- package/speculo/skills/speculo-write/references/asset-selection-sop.md +65 -0
- package/speculo/skills/speculo-write/references/command-authoring-sop.md +92 -0
- package/speculo/skills/speculo-write/references/migration-sop.md +101 -0
- package/speculo/skills/speculo-write/references/persistence-contract-sop.md +123 -0
- package/speculo/skills/speculo-write/references/skill-authoring-sop.md +195 -0
- package/speculo/skills/speculo-write/references/validation-checklist.md +73 -0
- package/speculo/skills/speculo-write/references/workflow-authoring-sop.md +130 -0
- package/speculo/workflows/dev/00-INDEX.md +56 -0
- package/speculo/workflows/dev/01-grill-with-docs/01-grill-with-docs.md +79 -0
- package/speculo/workflows/dev/01-grill-with-docs/ADR-FORMAT.md +49 -0
- package/speculo/workflows/dev/01-grill-with-docs/CONTEXT-FORMAT.md +65 -0
- package/speculo/workflows/dev/01-grill-with-docs/grill-context-scan.md +30 -0
- package/speculo/workflows/dev/01-grill-with-docs/grill-decision.md +38 -0
- package/speculo/workflows/dev/02-prd/02-prd.md +64 -0
- package/speculo/workflows/dev/02-prd/prd-synthesis.md +30 -0
- package/speculo/workflows/dev/02-prd/prd-zoom-out.md +29 -0
- package/speculo/workflows/dev/03-tdd/03-tdd.md +80 -0
- package/speculo/workflows/dev/03-tdd/deep-modules.md +33 -0
- package/speculo/workflows/dev/03-tdd/interface-design.md +31 -0
- package/speculo/workflows/dev/03-tdd/mocking.md +60 -0
- package/speculo/workflows/dev/03-tdd/refactoring.md +10 -0
- package/speculo/workflows/dev/03-tdd/tdd-finish.md +28 -0
- package/speculo/workflows/dev/03-tdd/tdd-loop.md +33 -0
- package/speculo/workflows/dev/03-tdd/tdd-plan.md +30 -0
- package/speculo/workflows/dev/03-tdd/tests.md +61 -0
- package/speculo/workflows/dev/D-docs-sync/D-docs-sync.md +97 -0
- package/speculo/workflows/dev/D-docs-sync/agents-contract.md +95 -0
- package/speculo/workflows/dev/D-docs-sync/changelog-contract.md +155 -0
- package/speculo/workflows/dev/D-docs-sync/docs-sync-diff.md +50 -0
- package/speculo/workflows/dev/D-docs-sync/docs-sync-finish.md +33 -0
- package/speculo/workflows/dev/D-docs-sync/docs-sync-state.md +32 -0
- package/speculo/workflows/dev/D-docs-sync/docs-sync-update.md +35 -0
- package/speculo/workflows/dev/D-docs-sync/readme-contract.md +124 -0
- package/speculo/workflows/dev/D-docs-sync/state-json-schema.md +155 -0
- package/speculo/workflows/dev/H-diagnose/H-diagnose.md +80 -0
- package/speculo/workflows/dev/H-diagnose/diagnose-fix.md +34 -0
- package/speculo/workflows/dev/H-diagnose/diagnose-guide.md +114 -0
- package/speculo/workflows/dev/H-diagnose/diagnose-loop.md +32 -0
- package/speculo/workflows/dev/H-diagnose/scripts/hitl-loop.template.sh +41 -0
- package/speculo/workflows/dev/I-to-issues/I-to-issues.md +70 -0
- package/speculo/workflows/dev/I-to-issues/issues-slices.md +31 -0
- package/speculo/workflows/dev/R-review/R-review.md +82 -0
- package/speculo/workflows/dev/R-review/review-setup.md +39 -0
- package/speculo/workflows/dev/R-review/review-two-axis.md +33 -0
- package/speculo/workflows/dev/_templates/diagnosis-template.md +19 -0
- package/speculo/workflows/dev/_templates/docs-sync-report-template.md +28 -0
- package/speculo/workflows/dev/_templates/docs-sync-state-template.json +14 -0
- package/speculo/workflows/dev/_templates/grill-context-map-template.md +19 -0
- package/speculo/workflows/dev/_templates/grill-decision-log-template.md +19 -0
- package/speculo/workflows/dev/_templates/issues-slices-template.md +19 -0
- package/speculo/workflows/dev/_templates/prd-overview-template.md +19 -0
- package/speculo/workflows/dev/_templates/prd-template.md +25 -0
- package/speculo/workflows/dev/_templates/regression-template.md +19 -0
- package/speculo/workflows/dev/_templates/review-report-template.md +16 -0
- package/speculo/workflows/dev/_templates/review-sources-template.md +24 -0
- package/speculo/workflows/dev/_templates/tdd-log-template.md +16 -0
- package/speculo/workflows/dev/_templates/tdd-plan-template.md +19 -0
- package/speculo/workflows/dev/_templates/tdd-verification-template.md +16 -0
- package/speculo/workflows/doc/00-INDEX.md +51 -0
- package/speculo/workflows/doc/B-writing-beats/B-writing-beats.md +77 -0
- package/speculo/workflows/doc/B-writing-beats/writing-beats-append.md +31 -0
- package/speculo/workflows/doc/B-writing-beats/writing-beats-options.md +29 -0
- package/speculo/workflows/doc/E-edit-article/E-edit-article.md +77 -0
- package/speculo/workflows/doc/E-edit-article/edit-article-plan.md +30 -0
- package/speculo/workflows/doc/E-edit-article/edit-article-rewrite.md +31 -0
- package/speculo/workflows/doc/F-writing-fragments/F-writing-fragments.md +78 -0
- package/speculo/workflows/doc/F-writing-fragments/writing-fragments-interview.md +32 -0
- package/speculo/workflows/doc/F-writing-fragments/writing-fragments-log.md +29 -0
- package/speculo/workflows/doc/S-writing-shape/S-writing-shape.md +79 -0
- package/speculo/workflows/doc/S-writing-shape/writing-shape-block.md +32 -0
- package/speculo/workflows/doc/S-writing-shape/writing-shape-opening.md +27 -0
- package/speculo/workflows/doc/_templates/edit-article-plan-template.md +24 -0
- package/speculo/workflows/doc/_templates/edit-article-template.md +6 -0
- package/speculo/workflows/doc/_templates/writing-article-template.md +6 -0
- package/speculo/workflows/doc/_templates/writing-beat-options-template.md +20 -0
- package/speculo/workflows/doc/_templates/writing-fragments-template.md +6 -0
- package/speculo/workflows/doc/_templates/writing-interview-log-template.md +20 -0
- package/speculo/workflows/doc/_templates/writing-shape-log-template.md +24 -0
|
@@ -0,0 +1,51 @@
|
|
|
1
|
+
---
|
|
2
|
+
id: status
|
|
3
|
+
type: command
|
|
4
|
+
name: Global Status
|
|
5
|
+
description: 按需聚合全局工作流状态(替代物理 STATUS.json)
|
|
6
|
+
keywords: [status, 状态, 进度]
|
|
7
|
+
---
|
|
8
|
+
|
|
9
|
+
# Status 命令
|
|
10
|
+
|
|
11
|
+
## 归档路径模式
|
|
12
|
+
|
|
13
|
+
可选产物归档至:`../.speculo/commands/<YYYY-MM-DD>-status-<topic>/`
|
|
14
|
+
(若仅是回显报告、不需要持久化时可不归档)
|
|
15
|
+
|
|
16
|
+
## 调用的 skills
|
|
17
|
+
|
|
18
|
+
无
|
|
19
|
+
|
|
20
|
+
## 执行步骤
|
|
21
|
+
|
|
22
|
+
1. 读取已存在的 `../.speculo/<cat>-status.json`,当前内置分类至少包括 `dev` 与 `doc`。缺失时报告缺失路径,并建议按 `docs/adopting.md` 重新运行 `speculo init`,或创建空索引 `{"active":[]}`。
|
|
23
|
+
2. 对每个索引的 `active[]` 条目,读取 `../.speculo/<cat>/<change>/.status.json`。读取失败时把该 change 标记为 `broken-index`,不要擅自删除索引项。
|
|
24
|
+
3. 扫描 `../.speculo/<cat>/*/.status.json`,找出 `change_status: completed` 且尚未位于 `../.speculo/archive/` 的待归档 change。
|
|
25
|
+
4. 聚合输出:
|
|
26
|
+
- 各分类 active 数量、completed 待归档数量、broken-index 数量
|
|
27
|
+
- 最近更新的 5 个 change(按 `updated_at` 倒序)
|
|
28
|
+
- 当前可能阻塞项:`phase_history` 最后一项为 `blocked`,或 `updated_at` 超过 14 天未变化
|
|
29
|
+
- 推荐下一步:优先处理 broken-index,其次处理 blocked,再推荐继续最近 active change 的 `current_phase`
|
|
30
|
+
5. 用户要求持久化快照时,把报告写入 `../.speculo/commands/<YYYY-MM-DD>-status-<topic>/snapshot.md`;否则只在对话中返回。
|
|
31
|
+
|
|
32
|
+
## 产物模板(snapshot.md,可选)
|
|
33
|
+
|
|
34
|
+
> **服务命令:** `status.md`
|
|
35
|
+
> **产物文件名:** `snapshot.md`
|
|
36
|
+
|
|
37
|
+
```markdown
|
|
38
|
+
# Status Snapshot
|
|
39
|
+
|
|
40
|
+
## 快照时间
|
|
41
|
+
[TODO: ISO 8601 时间戳。]
|
|
42
|
+
|
|
43
|
+
## 分类汇总
|
|
44
|
+
[TODO: 按分类列出 active 数量、completed 待归档数量和 broken-index 数量]
|
|
45
|
+
|
|
46
|
+
## 最近活跃 Changes
|
|
47
|
+
[TODO: 列出最近 5 个更新的 change + 分类 + 当前 phase]
|
|
48
|
+
|
|
49
|
+
## 可能僵尸 Changes
|
|
50
|
+
[TODO: 超过 N 天未更新的 change 清单]
|
|
51
|
+
```
|
|
@@ -0,0 +1,46 @@
|
|
|
1
|
+
---
|
|
2
|
+
id: write-a-skill
|
|
3
|
+
type: command
|
|
4
|
+
name: Write A Skill
|
|
5
|
+
description: 创建或审查新的 Speculo skill 草稿
|
|
6
|
+
keywords: [skill, create, write, 技能]
|
|
7
|
+
---
|
|
8
|
+
|
|
9
|
+
# Write A Skill 命令
|
|
10
|
+
|
|
11
|
+
## 归档路径模式
|
|
12
|
+
|
|
13
|
+
产物归档至:`../.speculo/commands/<YYYY-MM-DD>-write-a-skill-<topic>/`
|
|
14
|
+
|
|
15
|
+
## 调用的 skills
|
|
16
|
+
|
|
17
|
+
- `../skills/speculo-write/SKILL.md` — 用户要求创建、审查或改进可复用 skill 时读取;该 skill 自带 skill authoring 规范。
|
|
18
|
+
|
|
19
|
+
## 执行步骤
|
|
20
|
+
|
|
21
|
+
1. 读取 `../skills/speculo-write/SKILL.md`,并按其 `references/skill-authoring-sop.md` 内化 skill 规范。
|
|
22
|
+
2. 先收集技能用途、触发条件、输入输出、脚本需求和示例需求。
|
|
23
|
+
3. 写文件前列出将创建或修改的路径,并等待用户明确确认。
|
|
24
|
+
4. 用户确认后,按 Speculo 契约创建 `../skills/<name>/SKILL.md` 及可选 `references/`、`scripts/`、`examples/`。
|
|
25
|
+
5. 把设计摘要、影响路径和验证结果写入 `../.speculo/commands/<YYYY-MM-DD>-write-a-skill-<topic>/report.md`。
|
|
26
|
+
|
|
27
|
+
## 产物模板(report.md)
|
|
28
|
+
|
|
29
|
+
> **服务命令:** `write-a-skill.md`
|
|
30
|
+
> **产物文件名:** `report.md`
|
|
31
|
+
|
|
32
|
+
```markdown
|
|
33
|
+
# Write A Skill Report
|
|
34
|
+
|
|
35
|
+
## 技能目标
|
|
36
|
+
[TODO: 描述新 skill 的任务、触发条件和使用者。]
|
|
37
|
+
|
|
38
|
+
## 影响路径
|
|
39
|
+
[TODO: 列出本次创建或修改的路径。]
|
|
40
|
+
|
|
41
|
+
## 用户确认
|
|
42
|
+
[TODO: 记录用户确认创建或修改文件的原始内容摘要。]
|
|
43
|
+
|
|
44
|
+
## 验证结果
|
|
45
|
+
[TODO: 记录 frontmatter、自包含性、渐进披露和脚本检查结果。]
|
|
46
|
+
```
|
|
@@ -0,0 +1,38 @@
|
|
|
1
|
+
---
|
|
2
|
+
id: caveman
|
|
3
|
+
type: skill
|
|
4
|
+
name: Caveman
|
|
5
|
+
description: 启用或关闭超压缩沟通模式以降低 token 消耗;当用户要求 caveman mode、少 token、极简技术表达,或调用 command/caveman 时使用。
|
|
6
|
+
---
|
|
7
|
+
|
|
8
|
+
# Caveman
|
|
9
|
+
|
|
10
|
+
## 何时使用
|
|
11
|
+
|
|
12
|
+
当用户要求 `caveman mode`、`talk like caveman`、`use caveman`、少 token、极简表达、`be brief`,或调用对应 command 时使用。
|
|
13
|
+
|
|
14
|
+
当用户要求 `stop caveman`、`normal mode` 或明确恢复正常表达时关闭。
|
|
15
|
+
|
|
16
|
+
## 输入
|
|
17
|
+
|
|
18
|
+
- 用户对沟通模式的启用、关闭或保持要求
|
|
19
|
+
- 当前对话中的技术事实、风险和下一步动作
|
|
20
|
+
- 需要原样保留的代码、命令、错误信息或用户引用
|
|
21
|
+
|
|
22
|
+
## 输出
|
|
23
|
+
|
|
24
|
+
- 保留技术准确性的压缩回复风格
|
|
25
|
+
- 必要时对安全风险、不可逆操作或多步骤顺序使用完整清晰表达
|
|
26
|
+
- 不产生 `.speculo/` 或 `.status.json` 持久化产物
|
|
27
|
+
|
|
28
|
+
## 执行步骤
|
|
29
|
+
|
|
30
|
+
1. 判定用户是在启用、关闭还是检查 caveman mode。
|
|
31
|
+
2. 启用后跨轮保持,直到用户明确关闭。
|
|
32
|
+
3. 使用 `references/compression-rules.md` 的压缩规则、例外和示例。
|
|
33
|
+
4. 原样保留代码块、命令、错误信息和需要精确引用的文本。
|
|
34
|
+
5. 遇到安全警告、不可逆操作确认、易误读的多步骤序列或用户反复澄清时,暂时退出压缩表达;清晰部分结束后恢复。
|
|
35
|
+
|
|
36
|
+
## 渐进披露
|
|
37
|
+
|
|
38
|
+
- `references/compression-rules.md`:启用 caveman mode 或判断何时暂时退出压缩表达时读取。
|
|
@@ -0,0 +1,102 @@
|
|
|
1
|
+
# Caveman Compression Rules
|
|
2
|
+
|
|
3
|
+
## 持久性
|
|
4
|
+
|
|
5
|
+
一旦触发,每次回复都保持激活。多轮对话后不回退,不漂移回普通表达。
|
|
6
|
+
|
|
7
|
+
如果不确定是否仍激活,就继续保持。只有当用户说 `stop caveman`、`normal mode` 或等价指令时才关闭。
|
|
8
|
+
|
|
9
|
+
## 压缩规则
|
|
10
|
+
|
|
11
|
+
去除:
|
|
12
|
+
|
|
13
|
+
- 冠词和不影响含义的连接词
|
|
14
|
+
- 填充词,如 just、really、basically、actually、simply
|
|
15
|
+
- 客套话,如 sure、certainly、of course、happy to
|
|
16
|
+
- 模糊化表达和不必要的铺垫
|
|
17
|
+
|
|
18
|
+
优先使用:
|
|
19
|
+
|
|
20
|
+
- 句子片段
|
|
21
|
+
- 短同义词,例如用 `big` 而不是 `extensive`
|
|
22
|
+
- 常见技术缩写,例如 DB、auth、config、req、res、fn、impl
|
|
23
|
+
- 箭头表示因果关系,例如 `X -> Y`
|
|
24
|
+
- 一个词能说清时不用两个词
|
|
25
|
+
|
|
26
|
+
保持精确:
|
|
27
|
+
|
|
28
|
+
- 技术术语不降级
|
|
29
|
+
- 代码块不改写
|
|
30
|
+
- 错误信息原样引用
|
|
31
|
+
- 不为了短而省略关键前提、风险或边界
|
|
32
|
+
|
|
33
|
+
## 输出模式
|
|
34
|
+
|
|
35
|
+
默认句式:
|
|
36
|
+
|
|
37
|
+
```text
|
|
38
|
+
[东西] [动作] [原因]。[下一步]。
|
|
39
|
+
```
|
|
40
|
+
|
|
41
|
+
不要:
|
|
42
|
+
|
|
43
|
+
```text
|
|
44
|
+
Sure! I'd be happy to help you with that. The issue you're experiencing is likely caused by...
|
|
45
|
+
```
|
|
46
|
+
|
|
47
|
+
要:
|
|
48
|
+
|
|
49
|
+
```text
|
|
50
|
+
Bug in auth middleware. Token expiry check use `<` not `<=`. Fix:
|
|
51
|
+
```
|
|
52
|
+
|
|
53
|
+
## 示例
|
|
54
|
+
|
|
55
|
+
用户问:为什么 React 组件重新渲染?
|
|
56
|
+
|
|
57
|
+
回答:
|
|
58
|
+
|
|
59
|
+
```text
|
|
60
|
+
内联对象属性 -> 新引用 -> 重新渲染。用 `useMemo`。
|
|
61
|
+
```
|
|
62
|
+
|
|
63
|
+
用户问:解释数据库连接池。
|
|
64
|
+
|
|
65
|
+
回答:
|
|
66
|
+
|
|
67
|
+
```text
|
|
68
|
+
连接池 = 复用数据库连接。跳过握手 -> 高负载下更快。
|
|
69
|
+
```
|
|
70
|
+
|
|
71
|
+
## 自动清晰度例外
|
|
72
|
+
|
|
73
|
+
遇到以下情况暂时退出 caveman mode:
|
|
74
|
+
|
|
75
|
+
- 安全警告
|
|
76
|
+
- 不可逆操作的确认
|
|
77
|
+
- 片段顺序可能导致误读的多步骤序列
|
|
78
|
+
- 用户要求澄清或重复提问
|
|
79
|
+
|
|
80
|
+
清晰部分完成后恢复 caveman mode。
|
|
81
|
+
|
|
82
|
+
示例:
|
|
83
|
+
|
|
84
|
+
```md
|
|
85
|
+
**警告:** 这将永久删除 `users` 表中的所有行,且无法撤销。
|
|
86
|
+
|
|
87
|
+
DROP TABLE users;
|
|
88
|
+
|
|
89
|
+
恢复 caveman mode。先确认备份存在。
|
|
90
|
+
```
|
|
91
|
+
|
|
92
|
+
也可以在实际回复中使用 SQL fence:
|
|
93
|
+
|
|
94
|
+
````md
|
|
95
|
+
**警告:** 这将永久删除 `users` 表中的所有行,且无法撤销。
|
|
96
|
+
|
|
97
|
+
```sql
|
|
98
|
+
DROP TABLE users;
|
|
99
|
+
```
|
|
100
|
+
|
|
101
|
+
恢复 caveman mode。先确认备份存在。
|
|
102
|
+
````
|
|
@@ -0,0 +1,53 @@
|
|
|
1
|
+
---
|
|
2
|
+
id: github-npm-ops
|
|
3
|
+
type: skill
|
|
4
|
+
name: GitHub npm Ops
|
|
5
|
+
description: GitHub 仓库运营与 npm 发布原子能力;用于 issue/PR/CI/security 治理、release.yml 配置、npm provenance 发布、tag 发版、三端验证和失败恢复。
|
|
6
|
+
---
|
|
7
|
+
|
|
8
|
+
# GitHub npm Ops
|
|
9
|
+
|
|
10
|
+
## 何时使用
|
|
11
|
+
|
|
12
|
+
当 command 或 workflow 需要处理 GitHub 仓库运营、CI 排障、安全告警、npm 包发布、GitHub Release、release notes 注入、tag 触发发布或发布失败恢复时使用。
|
|
13
|
+
|
|
14
|
+
## 输入
|
|
15
|
+
|
|
16
|
+
- GitHub 仓库上下文、目标分支、目标版本号或待处理 issue / PR / run id
|
|
17
|
+
- npm 包信息:`package.json`、包名、版本、发布分支、是否 scoped
|
|
18
|
+
- 发布流水线文件:通常是 `.github/workflows/release.yml`
|
|
19
|
+
- CHANGELOG 类文档路径,默认优先识别 `CHANGELOG.md` 或 `CHANGELOGS.md`
|
|
20
|
+
- 可选:调用方 workflow 提供的 `.speculo/dev/docs-sync-state.json` 与 docs-sync 报告
|
|
21
|
+
|
|
22
|
+
## 输出
|
|
23
|
+
|
|
24
|
+
- GitHub issue / PR / CI / security 的操作建议或执行结果
|
|
25
|
+
- npm 发布前置检查结论
|
|
26
|
+
- release.yml 配置、tag 发版步骤、三端验证结果
|
|
27
|
+
- 失败恢复路径:可重试同 tag、只补 GitHub Release、或必须 bump 新版本
|
|
28
|
+
- 调用方可归档的发布摘要、风险、验证命令和后续动作
|
|
29
|
+
|
|
30
|
+
## 执行步骤
|
|
31
|
+
|
|
32
|
+
1. 先判定任务类型:日常治理、发布基础设施搭建、正式发版、失败恢复。
|
|
33
|
+
2. 发布类任务先执行只读前置检查:分支、工作区、远端、`gh auth`、Node/包管理器、`release.yml`、tag 冲突、docs-sync state。
|
|
34
|
+
3. 需要同步对外文档时,交给调用方读取 `../workflows/dev/D-docs-sync/D-docs-sync.md`;本 skill 不直接写 `.speculo/` 或 `.status.json`。
|
|
35
|
+
4. 正式发版必须保证 release commit 同时包含版本 bump 与 CHANGELOG 迁移,并且 tag 精确指向 release commit。
|
|
36
|
+
5. release workflow 必须包含 tag/package version 校验、质量闸、可选 npm publish、CHANGELOG release notes 注入、GitHub Release 创建。
|
|
37
|
+
6. 发布完成后做三端验证:workflow success、GitHub Release 非 draft 且正文非空、如流水线包含 npm publish 则 `npm view` 版本与 dist-tag 一致。
|
|
38
|
+
7. 失败恢复先判断 npm 是否已成功上传;一旦 npm 已上传,同版本号不可重发,只能补后续动作或 bump 新版本。
|
|
39
|
+
|
|
40
|
+
## 渐进披露
|
|
41
|
+
|
|
42
|
+
- `references/release-pipeline.md`:执行正式 npm/GitHub release 编排时读取。
|
|
43
|
+
- `references/preflight-checklist.md`:发布前只读检查或 dry-run 时读取。
|
|
44
|
+
- `references/publish-detection.md`:判断 release workflow 是否实际发布 npm 包时读取。
|
|
45
|
+
- `references/package-json-checklist.md`:检查 npm 包元数据、bin、files、provenance 相关字段时读取。
|
|
46
|
+
- `references/setup-npm-token.md`:配置或排查 `NPM_TOKEN`、2FA bypass、scope 权限时读取。
|
|
47
|
+
- `references/workflow-yaml-reference.md`:创建或修复 `.github/workflows/release.yml` 时读取。
|
|
48
|
+
- `references/release-notes-injection.md`:Release 正文为空、需要从 CHANGELOG 注入 release notes 时读取。
|
|
49
|
+
- `references/version-bump-flow.md`:执行版本 bump、release commit、tag、push 时读取。
|
|
50
|
+
- `references/failure-recovery.md`:发布编排失败、需要判断是否能重试同 tag 时读取。
|
|
51
|
+
- `references/troubleshooting-playbook.md`:npm/GitHub Actions 具体错误码排障时读取。
|
|
52
|
+
- `references/issue-pr-triage.md`:issue / PR 分诊、标签、社区响应时读取。
|
|
53
|
+
- `references/ci-and-security-ops.md`:CI 失败、安全告警、Dependabot / secret scanning 处理时读取。
|
|
@@ -0,0 +1,178 @@
|
|
|
1
|
+
# CI 排障与安全告警巡检
|
|
2
|
+
|
|
3
|
+
两部分内容:
|
|
4
|
+
|
|
5
|
+
1. CI 失败的结构化排障流程(与发布专用的 release workflow 相区分)
|
|
6
|
+
2. 安全告警(Dependabot、secret scanning、code scanning)的巡检节奏与响应模板
|
|
7
|
+
|
|
8
|
+
## CI 排障
|
|
9
|
+
|
|
10
|
+
### 第一步:拿到日志
|
|
11
|
+
|
|
12
|
+
```bash
|
|
13
|
+
# 列最近失败的 run
|
|
14
|
+
gh run list --status failure --limit 10 \
|
|
15
|
+
--json databaseId,displayTitle,headBranch,conclusion,event
|
|
16
|
+
|
|
17
|
+
# 查单次失败的完整日志
|
|
18
|
+
gh run view <databaseId> --log-failed
|
|
19
|
+
|
|
20
|
+
# 只看失败步骤的摘要(更快)
|
|
21
|
+
gh run view <databaseId> --log-failed 2>&1 \
|
|
22
|
+
| grep -E "##\[error\]|Error:|FAIL|error TS" | head -40
|
|
23
|
+
```
|
|
24
|
+
|
|
25
|
+
### 第二步:判定是真实失败还是 flaky
|
|
26
|
+
|
|
27
|
+
- **真实失败**:代码层面的 bug、依赖变更、lint 违规、测试逻辑错误
|
|
28
|
+
- **Flaky**:网络抖动、时序竞争、外部服务临时 500、测试隔离不够
|
|
29
|
+
|
|
30
|
+
判别方法:
|
|
31
|
+
|
|
32
|
+
1. 在相同 commit 上 `gh run rerun <id> --failed`,连续失败 2 次 = 真实
|
|
33
|
+
2. 查看测试名是否出现在历史 flaky 列表里
|
|
34
|
+
3. 看错误是否与环境相关(如 DNS、超时)
|
|
35
|
+
|
|
36
|
+
### 第三步:真实失败的修复
|
|
37
|
+
|
|
38
|
+
按错误类型对应:
|
|
39
|
+
|
|
40
|
+
| 错误类型 | 典型信号 | 处理方向 |
|
|
41
|
+
| --------------- | --------------------------------- | ------------------------------------------ |
|
|
42
|
+
| Lint | `error TS*` / `Parsing error` | 在本地 `pnpm lint --fix`,推新 commit |
|
|
43
|
+
| 类型 | `Type 'X' is not assignable` | 修类型定义,或在必要处用类型守卫 |
|
|
44
|
+
| 测试逻辑 | 断言失败、期望值不匹配 | 检查最近是否改了被测行为,更新测试或代码 |
|
|
45
|
+
| 环境依赖 | `command not found` / 版本不符 | 对齐 `setup-node` 版本与 `packageManager` |
|
|
46
|
+
| 依赖冲突 | peer dep 警告 + 运行时错误 | 检查 lockfile 变更,pin 冲突的 transitive |
|
|
47
|
+
| 构建产物 | `Cannot find module './dist/...'` | 确认构建步骤在测试/发布前执行 |
|
|
48
|
+
|
|
49
|
+
### 第四步:Flaky 的处理
|
|
50
|
+
|
|
51
|
+
- **临时**:加 retry(`jest.retryTimes(2)` 或 vitest 的 `retry`)
|
|
52
|
+
- **中期**:在 issue 里记录 flaky 模式,打 `flaky-test` 标签
|
|
53
|
+
- **长期**:重构测试用例(解耦外部服务、用 fake clock、隔离共享状态)
|
|
54
|
+
|
|
55
|
+
**避免**:无脑 `gh run rerun` 把失败掩盖掉。Flaky 积累会慢慢腐蚀对 CI 的信任。
|
|
56
|
+
|
|
57
|
+
### CI 性能优化
|
|
58
|
+
|
|
59
|
+
查询 workflow 耗时:
|
|
60
|
+
|
|
61
|
+
```bash
|
|
62
|
+
gh run list --workflow ci.yml --limit 20 \
|
|
63
|
+
--json databaseId,conclusion,createdAt,updatedAt \
|
|
64
|
+
--jq '.[] | "\(.databaseId) \((.updatedAt | fromdate) - (.createdAt | fromdate))s"'
|
|
65
|
+
```
|
|
66
|
+
|
|
67
|
+
常见加速手段:
|
|
68
|
+
|
|
69
|
+
- 缓存 `~/.pnpm-store` / `node_modules/.cache`
|
|
70
|
+
- 分离 lint / test / build 到并行 job
|
|
71
|
+
- Matrix 测试(多 Node 版本)加 `fail-fast: false` 让其他 cell 跑完
|
|
72
|
+
- 把重测试移到 nightly schedule 而不是 PR
|
|
73
|
+
|
|
74
|
+
## 安全告警巡检
|
|
75
|
+
|
|
76
|
+
GitHub 提供三类安全告警,都可以通过 `gh api` 查询。
|
|
77
|
+
|
|
78
|
+
### Dependabot(依赖漏洞)
|
|
79
|
+
|
|
80
|
+
```bash
|
|
81
|
+
# 列所有未解决告警
|
|
82
|
+
gh api repos/{owner}/{repo}/dependabot/alerts \
|
|
83
|
+
--jq '.[] | select(.state=="open") | {severity: .security_advisory.severity, pkg: .security_vulnerability.package.name, summary: .security_advisory.summary}'
|
|
84
|
+
|
|
85
|
+
# 按严重性过滤
|
|
86
|
+
gh api repos/{owner}/{repo}/dependabot/alerts \
|
|
87
|
+
--jq '.[] | select(.security_advisory.severity=="critical" or .security_advisory.severity=="high")'
|
|
88
|
+
```
|
|
89
|
+
|
|
90
|
+
响应节奏:
|
|
91
|
+
|
|
92
|
+
- **critical**:24h 内评估;有 fix 版本就立即升级,无则评估临时缓解(移除依赖、关闭受影响功能)
|
|
93
|
+
- **high**:一周内处理
|
|
94
|
+
- **medium / low**:入 backlog,定期批量清
|
|
95
|
+
|
|
96
|
+
Dependabot 自动开 PR 时,标签是 `dependencies`:
|
|
97
|
+
|
|
98
|
+
```bash
|
|
99
|
+
# 看当前自动 PR
|
|
100
|
+
gh pr list --label "dependencies" --state open \
|
|
101
|
+
--json number,title,createdAt,mergeable
|
|
102
|
+
```
|
|
103
|
+
|
|
104
|
+
安全升级的 PR 审查要点:
|
|
105
|
+
|
|
106
|
+
1. 看 diff 是否只是版本 bump(无其它改动)
|
|
107
|
+
2. CI 绿 → 大多数可以合
|
|
108
|
+
3. major 版本要看 release notes,可能有 breaking change
|
|
109
|
+
|
|
110
|
+
可考虑给 `dependabot.yml` 配自动合并策略(低风险的 patch/minor)。
|
|
111
|
+
|
|
112
|
+
### Secret Scanning
|
|
113
|
+
|
|
114
|
+
```bash
|
|
115
|
+
# 所有 secret 泄露告警
|
|
116
|
+
gh api repos/{owner}/{repo}/secret-scanning/alerts \
|
|
117
|
+
--jq '.[] | select(.state=="open") | {type: .secret_type, location: .locations_url}'
|
|
118
|
+
```
|
|
119
|
+
|
|
120
|
+
告警响应(**关键操作立即做完**):
|
|
121
|
+
|
|
122
|
+
1. **先撤销**:在对应服务(npm、AWS、Stripe...)作废泄露的 secret
|
|
123
|
+
2. **再修复**:从 git history 里清除(可能需要 force push 或让上游 rotate)
|
|
124
|
+
3. **最后标记**:在 GitHub UI 将告警标记为 `resolved`
|
|
125
|
+
|
|
126
|
+
**不要**在撤销前 force push:secret 可能已被爬虫抓走,只靠 git history 清理不安全。
|
|
127
|
+
|
|
128
|
+
### Code Scanning(CodeQL 等)
|
|
129
|
+
|
|
130
|
+
```bash
|
|
131
|
+
gh api repos/{owner}/{repo}/code-scanning/alerts \
|
|
132
|
+
--jq '.[] | select(.state=="open") | {rule: .rule.id, severity: .rule.security_severity_level, path: .most_recent_instance.location.path}'
|
|
133
|
+
```
|
|
134
|
+
|
|
135
|
+
处理优先级与 Dependabot 一致,但更偏代码层面(SQL 注入、XSS、不安全反序列化等)。
|
|
136
|
+
|
|
137
|
+
### 巡检节奏
|
|
138
|
+
|
|
139
|
+
**每周**(推荐周一):
|
|
140
|
+
|
|
141
|
+
```bash
|
|
142
|
+
# 一次性看三类告警
|
|
143
|
+
echo "=== Dependabot ==="
|
|
144
|
+
gh api repos/OWNER/REPO/dependabot/alerts \
|
|
145
|
+
--jq '[.[] | select(.state=="open")] | length'
|
|
146
|
+
|
|
147
|
+
echo "=== Secret scanning ==="
|
|
148
|
+
gh api repos/OWNER/REPO/secret-scanning/alerts \
|
|
149
|
+
--jq '[.[] | select(.state=="open")] | length'
|
|
150
|
+
|
|
151
|
+
echo "=== Code scanning ==="
|
|
152
|
+
gh api repos/OWNER/REPO/code-scanning/alerts \
|
|
153
|
+
--jq '[.[] | select(.state=="open")] | length'
|
|
154
|
+
```
|
|
155
|
+
|
|
156
|
+
记录在维护者的周报中,critical/high 数量单独标出。
|
|
157
|
+
|
|
158
|
+
### 回复 public 报告的安全问题
|
|
159
|
+
|
|
160
|
+
若有人在 public issue 里报了漏洞:
|
|
161
|
+
|
|
162
|
+
1. **立即** 引导到 private 渠道(Security Advisory 或邮箱)
|
|
163
|
+
2. 关闭 issue 并删除敏感细节
|
|
164
|
+
3. 在私有渠道跟进,准备 advisory 草稿
|
|
165
|
+
|
|
166
|
+
```markdown
|
|
167
|
+
感谢报告。为了保护用户,请通过 GitHub Security Advisory(
|
|
168
|
+
https://github.com/OWNER/REPO/security/advisories/new)或发邮件至
|
|
169
|
+
security@example.com 提交详情。本 issue 将被关闭以避免扩散。
|
|
170
|
+
```
|
|
171
|
+
|
|
172
|
+
## CI 与安全的联动
|
|
173
|
+
|
|
174
|
+
发布 workflow 失败需要结合 CI 与安全一起看:
|
|
175
|
+
|
|
176
|
+
- Workflow 在 `pnpm audit` 步骤失败 → 先看 Dependabot 告警
|
|
177
|
+
- Publish 被拒(`E403`)且 token 刚生成 → 检查是否有 secret scanning 告警提示 token 已泄露
|
|
178
|
+
- CI 在 `npm install` 阶段网络错误 → 区分 npm registry 抖动 vs CI 节点出口异常
|
|
@@ -0,0 +1,132 @@
|
|
|
1
|
+
# 失败回滚与恢复剧本
|
|
2
|
+
|
|
3
|
+
> 命令正文给出 4 类失败场景的对照表;这里给出每类的完整恢复 SOP、配套命令与错误码映射。
|
|
4
|
+
> 通用前置:所有恢复操作前先 `git fetch --tags` 同步远端 tag 状态,避免本地与远端不一致。
|
|
5
|
+
|
|
6
|
+
## 场景 A:publish 之前任何步骤失败(含 build / verify-bin / Extract release notes)
|
|
7
|
+
|
|
8
|
+
**特征**:`gh run view <id>` 显示 fail 步骤位于 `Publish to npm` 之前;npm 端尚未上传任何 tarball。
|
|
9
|
+
|
|
10
|
+
**恢复**:可重发同 tag。
|
|
11
|
+
|
|
12
|
+
```bash
|
|
13
|
+
# 1. 删本地 + 远端 tag
|
|
14
|
+
git tag -d vX.Y.Z
|
|
15
|
+
git push origin :refs/tags/vX.Y.Z
|
|
16
|
+
|
|
17
|
+
# 2. 修代码(修 lint / 修测试 / 补 CHANGELOG 段落 / 修 release.yml)
|
|
18
|
+
# 修复完后落新的非 release commit,保持 release commit 干净
|
|
19
|
+
|
|
20
|
+
# 3. (若 release commit 已被 push)amend / 追加修复 commit 都可
|
|
21
|
+
# 重要:若需要修改 package.json 或 CHANGELOGS.md,最好新落一个 fix commit
|
|
22
|
+
# 再用 --amend 合并到 release commit 后 force-push(仅个人分支或本地未推时)
|
|
23
|
+
|
|
24
|
+
# 4. 重新打 tag 指向(可能更新过的)release commit
|
|
25
|
+
git tag vX.Y.Z <release-commit-sha>
|
|
26
|
+
git push origin vX.Y.Z
|
|
27
|
+
```
|
|
28
|
+
|
|
29
|
+
**错误码映射**:失败步骤决定 E 码,常见有 `E004_noVerificationEvidence`(lint/test/build fail)、`E001_missingPrerequisiteArtifact`(CHANGELOG 段落抽空)。
|
|
30
|
+
|
|
31
|
+
---
|
|
32
|
+
|
|
33
|
+
## 场景 B:publish 之后步骤失败(如 Create GitHub Release fail)
|
|
34
|
+
|
|
35
|
+
**特征**:`gh run view <id>` 中 `Publish to npm` 步骤 success;其后步骤(多为 `Create GitHub Release`)fail。npm 已成功上传。
|
|
36
|
+
|
|
37
|
+
**恢复**:**不要**重发 npm(同版本号永久不可重发),仅手动补 GitHub Release。
|
|
38
|
+
|
|
39
|
+
```bash
|
|
40
|
+
# 1. 抽取 CHANGELOG 段落作为 Release notes
|
|
41
|
+
awk -v v="X.Y.Z" '
|
|
42
|
+
$0 ~ "^## \\["v"\\]" { found=1; print; next }
|
|
43
|
+
found && /^## \[/ { exit }
|
|
44
|
+
found && /^---[[:space:]]*$/ { next }
|
|
45
|
+
found { print }
|
|
46
|
+
' CHANGELOGS.md > /tmp/notes.md
|
|
47
|
+
|
|
48
|
+
# 2. 手动创建 GitHub Release
|
|
49
|
+
gh release create vX.Y.Z \
|
|
50
|
+
--title "Release vX.Y.Z" \
|
|
51
|
+
--notes-file /tmp/notes.md \
|
|
52
|
+
--latest
|
|
53
|
+
|
|
54
|
+
# 3. 三端再次校验
|
|
55
|
+
npm view <pkg> version # 应 == X.Y.Z
|
|
56
|
+
gh release view vX.Y.Z --json body,isDraft,isPrerelease
|
|
57
|
+
```
|
|
58
|
+
|
|
59
|
+
**错误码映射**:通常是基础设施层错误(GitHub API 抖动 / token 权限缺 `contents: write`),不计入项目业务错误字典。
|
|
60
|
+
|
|
61
|
+
---
|
|
62
|
+
|
|
63
|
+
## 场景 C:`Publish to npm` 本身上传失败
|
|
64
|
+
|
|
65
|
+
**特征**:`Publish to npm` 步骤 fail;npm 端 `npm view <pkg> version` 仍是上一版本(未上传成功)。
|
|
66
|
+
|
|
67
|
+
**恢复**:可重发同 tag(与场景 A 相同流程),但务必先确认 npm 端没有"半上传"状态。
|
|
68
|
+
|
|
69
|
+
```bash
|
|
70
|
+
# 确认 npm 没收到 tarball
|
|
71
|
+
npm view <pkg> versions --json | jq '. | index("X.Y.Z")' # 应输出 null
|
|
72
|
+
|
|
73
|
+
# 删 tag → 修因(多为 NPM_TOKEN 失效 / provenance 配置 / package.json#repository.url 不匹配)
|
|
74
|
+
git tag -d vX.Y.Z
|
|
75
|
+
git push origin :refs/tags/vX.Y.Z
|
|
76
|
+
|
|
77
|
+
# 修复后重打同 tag
|
|
78
|
+
git tag vX.Y.Z <release-commit-sha>
|
|
79
|
+
git push origin vX.Y.Z
|
|
80
|
+
```
|
|
81
|
+
|
|
82
|
+
常见根因:
|
|
83
|
+
|
|
84
|
+
| 根因 | 修复 |
|
|
85
|
+
|------|------|
|
|
86
|
+
| `NPM_TOKEN` 过期 / 失效 | 重新生成 Granular Token,更新仓库 secret |
|
|
87
|
+
| `provenance` 失败 | workflow 缺 `id-token: write` 权限;package.json `repository.url` 不严格匹配 GitHub URL |
|
|
88
|
+
| 包名 scope 不属于当前 token | 检查 token 配置的 scope;首次发布 scoped 包需 `--access public` |
|
|
89
|
+
| 网络抖动 / npm registry 临时不可用 | 等几分钟后 rerun |
|
|
90
|
+
|
|
91
|
+
---
|
|
92
|
+
|
|
93
|
+
## 场景 D:npm 已成功上传 + 任何后续问题
|
|
94
|
+
|
|
95
|
+
**特征**:`npm view <pkg> version` 已是 `X.Y.Z`。
|
|
96
|
+
|
|
97
|
+
**铁律**:npm 不允许重发同 `version`(unpublish 过也不行)。**禁止**重打同 tag、**禁止**修代码后试图覆盖。
|
|
98
|
+
|
|
99
|
+
**恢复**:
|
|
100
|
+
|
|
101
|
+
```bash
|
|
102
|
+
# 1. bump 到 X.Y.(Z+1),从 Phase 3 重走整条流水线
|
|
103
|
+
重新执行调用方的发布流程,并显式指定版本 X.Y.(Z+1)
|
|
104
|
+
|
|
105
|
+
# 2. 在 CHANGELOG 中诚实记录本次发布的偏差
|
|
106
|
+
# 在 [X.Y.(Z+1)] 段落开头加一句 "supersedes vX.Y.Z due to <根因>"
|
|
107
|
+
```
|
|
108
|
+
|
|
109
|
+
**错误码映射**:场景 D 通常是上游错误溢出(场景 B/C 处理不当后果),不单独列 E 码;流程上要求**事后复盘**,把可复用根因输出给调用方 workflow,由其追加到 `.speculo/.config/LESSONS.md`(本 skill 不直接写 `.speculo/`)。
|
|
110
|
+
|
|
111
|
+
---
|
|
112
|
+
|
|
113
|
+
## 场景共性:何时触发 P9(反重复失败原则)
|
|
114
|
+
|
|
115
|
+
> 反重复失败原则:同根因连续失败时,必须先声明新尝试与上次的差异。
|
|
116
|
+
|
|
117
|
+
- **同根因连续失败 ≥ 2 次** → 必须先停手,**书面声明**本次重试与上次的差异
|
|
118
|
+
- 未声明差异即重试 → 触发 `E010_repeatedFailurePattern`,`npm-cicd-release` 命令应主动暂停,等待用户输入差异声明
|
|
119
|
+
|
|
120
|
+
例:场景 C 中 NPM_TOKEN 失效连续两次 fail,第二次失败后必须先确认 token 已真正更新(粘贴新 token 的尾 4 位摘要 / GitHub Secrets 更新时间),再继续。
|
|
121
|
+
|
|
122
|
+
---
|
|
123
|
+
|
|
124
|
+
## 与 github-ops skill 的关系
|
|
125
|
+
|
|
126
|
+
本文件是发布编排视角下的失败恢复入口;更细粒度的失败案例(如 EUSAGE / E422 / provenance 错误码、package.json 字段错误)见 `troubleshooting-playbook.md`。
|
|
127
|
+
|
|
128
|
+
| 失败位置 | 看本文件 | 看 github-ops troubleshooting-playbook |
|
|
129
|
+
|---------|---------|---------------------------------------|
|
|
130
|
+
| Phase 1–6 编排逻辑层面 | ✅ | ❌ |
|
|
131
|
+
| release.yml 内部步骤的具体错误码 | ❌ | ✅ |
|
|
132
|
+
| npm 错误码(E403 / E404 / E422 / EUSAGE) | ❌ | ✅ |
|