npm - @umacloud/knowledge - Versions diffs - 1.0.1 - Mend

@umacloud/knowledge 1.0.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (418) hide show

package/00-governance/governance-capabilities.md +557 -0
package/00-governance/knowledge-map.md +39 -0
package/00-governance/maintenance-policy.md +76 -0
package/00-governance/review-checklist.md +81 -0
package/README.md +13 -0
package/ai/01-standards/agent-development-complete.md +691 -0
package/ai/01-standards/llm-application-complete.md +488 -0
package/ai/01-standards/mlops-complete.md +798 -0
package/ai/01-standards/prompt-engineering-complete.md +646 -0
package/ai/01-standards/rag-architecture-complete.md +649 -0
package/ai/02-playbooks/llm-evaluation-playbook.md +847 -0
package/ai/03-checklists/ai-project-checklist.md +215 -0
package/ai/04-antipatterns/ai-antipatterns.md +661 -0
package/ai/05-cases/case-rag-production.md +147 -0
package/ai/06-glossary/ai-glossary.md +162 -0
package/ai/agent-evaluation-benchmark.md +53 -0
package/ai/ai-agent-memory-context-management.md +41 -0
package/ai/ai-cost-capacity-optimization-playbook.md +42 -0
package/ai/ai-data-security-and-compliance-playbook.md +37 -0
package/ai/ai-domain-index-and-checklist.md +40 -0
package/ai/ai-governance-maturity-model.md +50 -0
package/ai/ai-model-selection-and-routing-strategy.md +47 -0
package/ai/ai-observability-and-oncall-runbook.md +52 -0
package/ai/ai-rag-engineering-playbook.md +42 -0
package/ai/ai-red-team-and-safety-evaluation.md +42 -0
package/ai/ai-release-readiness-and-rollback-gate.md +42 -0
package/ai/llm-agent-engineering-deep-dive.md +57 -0
package/ai/prompt-and-tool-guardrails.md +52 -0
package/api/01-standards/enterprise-api-standards.md +198 -0
package/api/01-standards/rest-api-design-guide.md +63 -0
package/api/02-playbooks/api-pagination-playbook.md +93 -0
package/api/02-playbooks/graphql-production-playbook.md +176 -0
package/api/03-checklists/api-review-checklist.md +55 -0
package/api/04-antipatterns/api-antipatterns.md +112 -0
package/architecture/01-standards/api-gateway-patterns.md +496 -0
package/architecture/01-standards/cloud-native-patterns.md +644 -0
package/architecture/01-standards/distributed-systems-patterns.md +591 -0
package/architecture/01-standards/event-driven-architecture.md +595 -0
package/architecture/01-standards/microservices-patterns-complete.md +968 -0
package/architecture/01-standards/microservices-patterns.md +495 -0
package/architecture/01-standards/system-design-interview.md +664 -0
package/architecture/02-playbooks/microservices-patterns-playbook.md +137 -0
package/architecture/02-playbooks/migration-playbook.md +780 -0
package/architecture/02-playbooks/system-design-playbook.md +779 -0
package/architecture/03-checklists/architecture-decision-checklist.md +297 -0
package/architecture/04-antipatterns/architecture-antipatterns.md +417 -0
package/architecture/05-cases/case-netflix-microservices.md +413 -0
package/architecture/06-glossary/architecture-glossary.md +164 -0
package/architecture/adr-template-and-examples.md +38 -0
package/architecture/api-gateway-deep-dive.md +1291 -0
package/architecture/configuration-management.md +1162 -0
package/architecture/distributed-transactions.md +1220 -0
package/architecture/microservices-complete.md +735 -0
package/architecture/resilience-and-disaster-patterns.md +37 -0
package/architecture/service-governance.md +1198 -0
package/architecture/system-architecture-deep-dive.md +37 -0
package/backend/01-standards/analytics-and-growth.md +65 -0
package/backend/01-standards/api-and-error-conventions.md +120 -0
package/backend/01-standards/application-layering-and-packaging.md +160 -0
package/backend/01-standards/auth-implementation.md +104 -0
package/backend/01-standards/backend-framework-idioms.md +74 -0
package/backend/01-standards/background-jobs-and-async.md +66 -0
package/backend/01-standards/caching-strategies-complete.md +390 -0
package/backend/01-standards/config-and-observability.md +77 -0
package/backend/01-standards/data-modeling-and-persistence.md +94 -0
package/backend/01-standards/django-complete.md +1765 -0
package/backend/01-standards/email-and-notifications.md +64 -0
package/backend/01-standards/fastapi-complete.md +925 -0
package/backend/01-standards/file-upload-and-storage.md +66 -0
package/backend/01-standards/graphql-api-complete.md +416 -0
package/backend/01-standards/llm-application-standard.md +78 -0
package/backend/01-standards/message-queue-patterns.md +379 -0
package/backend/01-standards/microservices-and-distributed.md +78 -0
package/backend/01-standards/nestjs-complete.md +2167 -0
package/backend/01-standards/payment-integration.md +80 -0
package/backend/01-standards/rate-limiting-complete.md +451 -0
package/backend/01-standards/realtime-and-websocket.md +65 -0
package/backend/01-standards/search-and-filtering.md +64 -0
package/backend/01-standards/spring-boot-complete.md +445 -0
package/backend/02-playbooks/api-design-playbook.md +718 -0
package/backend/02-playbooks/email-send-playbook.md +130 -0
package/backend/02-playbooks/file-upload-s3-playbook.md +153 -0
package/backend/02-playbooks/typescript-enterprise-playbook.md +133 -0
package/backend/02-playbooks/websocket-realtime-playbook.md +154 -0
package/backend/03-checklists/api-launch-checklist.md +189 -0
package/backend/04-antipatterns/backend-antipatterns.md +1051 -0
package/blockchain/01-standards/blockchain-basics.md +557 -0
package/blockchain/01-standards/smart-contract-development.md +1315 -0
package/cicd/01-standards/deployment-and-delivery-standard.md +96 -0
package/cicd/01-standards/github-actions-complete.md +473 -0
package/cicd/01-standards/release-and-store-submission.md +75 -0
package/cicd/02-playbooks/cicd-pipeline-playbook.md +144 -0
package/cicd/02-playbooks/release-management-playbook.md +605 -0
package/cicd/03-checklists/pipeline-security-checklist.md +168 -0
package/cicd/04-antipatterns/cicd-antipatterns.md +589 -0
package/cicd/05-cases/case-deployment-automation.md +221 -0
package/cicd/05-cases/case-gitops-transformation.md +212 -0
package/cicd/06-glossary/cicd-glossary.md +114 -0
package/cicd/cicd-blueprint-deep-dive.md +38 -0
package/cicd/release-readiness-gate.md +37 -0
package/cloud-native/01-standards/container-security.md +741 -0
package/cloud-native/01-standards/kubernetes-complete.md +812 -0
package/cloud-native/02-playbooks/api-gateway-playbook.md +155 -0
package/cloud-native/02-playbooks/gitops-with-argocd.md +760 -0
package/cloud-native/02-playbooks/k8s-troubleshooting-playbook.md +1942 -0
package/cloud-native/02-playbooks/message-queue-playbook.md +129 -0
package/cloud-native/02-playbooks/multicloud-governance.md +726 -0
package/cloud-native/02-playbooks/serverless-patterns.md +788 -0
package/cloud-native/02-playbooks/service-mesh-playbook.md +612 -0
package/cloud-native/02-playbooks/terraform-iac-playbook.md +143 -0
package/cloud-native/03-checklists/container-security-checklist.md +431 -0
package/cloud-native/03-checklists/k8s-production-readiness-checklist.md +460 -0
package/cloud-native/04-antipatterns/container-antipatterns.md +660 -0
package/cloud-native/04-antipatterns/k8s-antipatterns.md +743 -0
package/cloud-native/05-cases/case-k8s-migration.md +478 -0
package/cloud-native/05-cases/case-k8s-scaling.md +642 -0
package/cloud-native/05-cases/case-k8s-security-incident.md +397 -0
package/cloud-native/06-glossary/cloud-native-glossary.md +337 -0
package/cross-platform/01-standards/cross-platform-frameworks.md +83 -0
package/cross-platform/01-standards/platform-selection-and-architecture.md +77 -0
package/data/01-standards/elasticsearch-complete.md +2098 -0
package/data/01-standards/postgresql-complete.md +1613 -0
package/data/01-standards/redis-complete.md +1527 -0
package/data/02-playbooks/database-optimization-playbook.md +403 -0
package/data/02-playbooks/elasticsearch-production-playbook.md +132 -0
package/data/03-checklists/database-launch-checklist.md +187 -0
package/data/04-antipatterns/database-antipatterns.md +873 -0
package/data/05-cases/case-database-migration.md +310 -0
package/data/06-glossary/database-glossary.md +440 -0
package/data/data-governance-and-modeling-deep-dive.md +39 -0
package/data-engineering/01-standards/airflow-complete.md +523 -0
package/data-engineering/01-standards/kafka-complete.md +1521 -0
package/data-engineering/02-playbooks/spark-etl-playbook.md +496 -0
package/data-engineering/03-checklists/pipeline-launch-checklist.md +194 -0
package/data-engineering/04-antipatterns/data-pipeline-antipatterns.md +684 -0
package/data-engineering/05-cases/case-real-time-pipeline.md +355 -0
package/data-engineering/06-glossary/data-engineering-glossary.md +429 -0
package/database/01-standards/database-schema-standards.md +147 -0
package/database/02-playbooks/postgresql-optimization-quick.md +52 -0
package/database/02-playbooks/postgresql-performance-optimization.md +58 -0
package/database/02-playbooks/postgresql-production-playbook.md +146 -0
package/database/02-playbooks/redis-caching-playbook.md +117 -0
package/database/03-checklists/database-review-checklist.md +50 -0
package/database/04-antipatterns/database-antipatterns.md +112 -0
package/design/01-standards/ui-design-system-complete.md +423 -0
package/design/02-playbooks/design-handoff-playbook.md +254 -0
package/design/02-playbooks/design-review-playbook.md +388 -0
package/design/03-checklists/design-review-checklist.md +246 -0
package/design/04-antipatterns/design-antipatterns.md +378 -0
package/design/05-cases/case-design-system-adoption.md +328 -0
package/design/06-glossary/design-glossary.md +329 -0
package/design/ui-full-lifecycle-cross-platform-playbook.md +571 -0
package/design/ux-system-deep-dive.md +38 -0
package/design-systems/00-craft-rules.md +71 -0
package/design-systems/aesthetic-families.md +43 -0
package/design-systems/anti-ai-slop.md +162 -0
package/design-systems/bold-geometric.md +120 -0
package/design-systems/brutalist-bold.md +103 -0
package/design-systems/editorial-clean.md +109 -0
package/design-systems/glass-aurora.md +108 -0
package/design-systems/modern-minimal.md +145 -0
package/design-systems/premium-luxury.md +106 -0
package/design-systems/product-type-design-map.md +48 -0
package/design-systems/soft-warm.md +123 -0
package/design-systems/tech-utility.md +113 -0
package/desktop/01-standards/desktop-app-standard.md +72 -0
package/desktop/01-standards/desktop-design.md +71 -0
package/development/00-governance/document-template.md +41 -0
package/development/01-standards/api-versioning-strategies.md +432 -0
package/development/01-standards/authentication-patterns-complete.md +479 -0
package/development/01-standards/css-architecture-complete.md +550 -0
package/development/01-standards/database-migration-strategies.md +484 -0
package/development/01-standards/elasticsearch-complete.md +347 -0
package/development/01-standards/git-complete.md +371 -0
package/development/01-standards/golang-complete.md +1565 -0
package/development/01-standards/graphql-complete.md +298 -0
package/development/01-standards/javascript-bundlers-complete.md +469 -0
package/development/01-standards/javascript-typescript-complete.md +528 -0
package/development/01-standards/jest-complete.md +275 -0
package/development/01-standards/linux-complete.md +234 -0
package/development/01-standards/logging-observability-complete.md +526 -0
package/development/01-standards/microservices-communication.md +502 -0
package/development/01-standards/mongodb-complete.md +406 -0
package/development/01-standards/oauth2-complete.md +285 -0
package/development/01-standards/performance-optimization-complete.md +289 -0
package/development/01-standards/playwright-complete.md +247 -0
package/development/01-standards/postgresql-complete.md +456 -0
package/development/01-standards/pytest-complete.md +340 -0
package/development/01-standards/python-async-programming.md +902 -0
package/development/01-standards/python-complete.md +956 -0
package/development/01-standards/python-decorators-complete.md +799 -0
package/development/01-standards/python-design-patterns.md +2854 -0
package/development/01-standards/python-packaging-distribution.md +420 -0
package/development/01-standards/python-testing-strategies.md +607 -0
package/development/01-standards/python-web-frameworks-comparison.md +471 -0
package/development/01-standards/redis-complete.md +317 -0
package/development/01-standards/rest-api-complete.md +316 -0
package/development/01-standards/rust-complete.md +578 -0
package/development/01-standards/typescript-advanced-types.md +1513 -0
package/development/01-standards/web-security-complete.md +292 -0
package/development/02-playbooks/api-design-playbook.md +810 -0
package/development/02-playbooks/database-migration-playbook.md +580 -0
package/development/02-playbooks/debugging-playbook.md +692 -0
package/development/02-playbooks/feature-delivery-playbook.md +430 -0
package/development/02-playbooks/incident-hotfix-playbook.md +387 -0
package/development/02-playbooks/performance-optimization-playbook.md +531 -0
package/development/02-playbooks/performance-tuning-playbook.md +652 -0
package/development/02-playbooks/refactor-playbook.md +403 -0
package/development/02-playbooks/release-playbook.md +469 -0
package/development/03-checklists/architecture-review-checklist.md +168 -0
package/development/03-checklists/data-migration-checklist.md +157 -0
package/development/03-checklists/oncall-handover-checklist.md +173 -0
package/development/03-checklists/pr-checklist.md +158 -0
package/development/03-checklists/production-readiness-checklist.md +190 -0
package/development/03-checklists/release-readiness-checklist.md +154 -0
package/development/03-checklists/security-review-checklist.md +182 -0
package/development/04-antipatterns/api-antipatterns.md +657 -0
package/development/04-antipatterns/architecture-antipatterns.md +686 -0
package/development/04-antipatterns/backend-antipatterns.md +648 -0
package/development/04-antipatterns/cicd-antipatterns.md +540 -0
package/development/04-antipatterns/code-smell-antipatterns.md +571 -0
package/development/04-antipatterns/data-antipatterns.md +658 -0
package/development/04-antipatterns/database-antipatterns.md +578 -0
package/development/04-antipatterns/frontend-antipatterns.md +635 -0
package/development/04-antipatterns/reliability-antipatterns.md +700 -0
package/development/04-antipatterns/security-antipatterns.md +747 -0
package/development/05-cases/case-api-version-migration.md +428 -0
package/development/05-cases/case-authorization-hardening.md +383 -0
package/development/05-cases/case-bluegreen-rollback.md +466 -0
package/development/05-cases/case-cache-snowball-protection.md +485 -0
package/development/05-cases/case-ci-cd-pipeline.md +544 -0
package/development/05-cases/case-database-scaling.md +500 -0
package/development/05-cases/case-db-hotspot-optimization.md +487 -0
package/development/05-cases/case-incident-mttr-reduction.md +563 -0
package/development/05-cases/case-microservice-migration.md +375 -0
package/development/05-cases/case-performance-optimization.md +406 -0
package/development/05-cases/case-security-incident-response.md +345 -0
package/development/06-glossary/full-stack-glossary.md +166 -0
package/development/09-maturity/quarterly-audit-template.md +35 -0
package/development/11-ui-excellence/ui-aesthetic-system.md +41 -0
package/development/11-ui-excellence/ui-engineering-excellence.md +435 -0
package/development/12-scenarios/development-scenarios-guide.md +565 -0
package/development/13-implementation-assets/implementation-toolkit.md +282 -0
package/development/13-implementation-assets/knowledge-gates-execution.md +43 -0
package/development/14-full-lifecycle/software-lifecycle-gates.md +511 -0
package/development/15-lifecycle-templates/project-templates-collection.md +791 -0
package/development/api-contract-and-versioning-guide.md +36 -0
package/development/api-governance-complete.md +43 -0
package/development/backend-engineering-complete.md +43 -0
package/development/code-review-quality-complete.md +43 -0
package/development/concurrency-reliability-complete.md +43 -0
package/development/database-engineering-complete.md +43 -0
package/development/engineering-effectiveness-complete.md +43 -0
package/development/engineering-standards-deep-dive.md +38 -0
package/development/frontend-engineering-complete.md +43 -0
package/development/performance-capacity-complete.md +43 -0
package/development/refactor-migration-complete.md +42 -0
package/development/refactoring-and-techdebt-playbook.md +37 -0
package/development/security-in-development-complete.md +43 -0
package/devops/01-standards/cicd-pipeline-complete.md +262 -0
package/devops/01-standards/docker-complete.md +1490 -0
package/devops/01-standards/github-actions-complete.md +337 -0
package/devops/01-standards/kubernetes-complete.md +638 -0
package/devops/01-standards/terraform-complete.md +2117 -0
package/devops/02-playbooks/docker-compose-playbook.md +233 -0
package/devops/02-playbooks/docker-k8s-production-playbook.md +186 -0
package/devops/02-playbooks/docker-production-playbook.md +952 -0
package/edge-iot/01-standards/edge-iot-complete.md +473 -0
package/experts/architect/api-design.md +178 -0
package/experts/architect/methodology.md +124 -0
package/experts/architect/security.md +75 -0
package/experts/backend-lead/methodology.md +216 -0
package/experts/devops/methodology.md +160 -0
package/experts/frontend-lead/methodology.md +178 -0
package/experts/product-manager/industry/ecommerce.md +43 -0
package/experts/product-manager/industry/saas.md +40 -0
package/experts/product-manager/methodology.md +97 -0
package/experts/qa-lead/methodology.md +123 -0
package/experts/qa-lead/test-strategy.md +128 -0
package/experts/uiux-designer/methodology.md +125 -0
package/frontend/01-standards/accessibility-complete.md +532 -0
package/frontend/01-standards/accessibility-standard.md +74 -0
package/frontend/01-standards/admin-dashboard-and-crud.md +72 -0
package/frontend/01-standards/design-tokens-complete.md +444 -0
package/frontend/01-standards/forms-and-validation.md +77 -0
package/frontend/01-standards/frontend-architecture-and-layering.md +119 -0
package/frontend/01-standards/i18n-and-localization.md +65 -0
package/frontend/01-standards/nextjs-complete.md +451 -0
package/frontend/01-standards/react-complete.md +713 -0
package/frontend/01-standards/react-hooks-complete-guide.md +1100 -0
package/frontend/01-standards/react-hooks-complete.md +1171 -0
package/frontend/01-standards/seo-and-web-vitals.md +77 -0
package/frontend/01-standards/state-management-complete.md +444 -0
package/frontend/01-standards/vue-complete.md +499 -0
package/frontend/01-standards/vue3-complete.md +2002 -0
package/frontend/01-standards/web-framework-best-practices.md +64 -0
package/frontend/01-standards/web-performance-complete.md +495 -0
package/frontend/02-playbooks/accessibility-a11y-playbook.md +161 -0
package/frontend/02-playbooks/frontend-performance-playbook.md +707 -0
package/frontend/02-playbooks/i18n-internationalization-playbook.md +120 -0
package/frontend/02-playbooks/performance-optimization-playbook.md +163 -0
package/frontend/02-playbooks/react-nextjs-production-playbook.md +167 -0
package/frontend/02-playbooks/react-state-management-playbook.md +173 -0
package/frontend/03-checklists/component-quality-checklist.md +166 -0
package/frontend/03-checklists/frontend-launch-checklist.md +299 -0
package/frontend/04-antipatterns/frontend-antipatterns.md +886 -0
package/frontend/05-cases/case-performance-optimization.md +274 -0
package/harmony/01-standards/harmonyos-arkts-standard.md +75 -0
package/harmony/01-standards/harmonyos-design.md +65 -0
package/high-quality-engineering-playbook.md +54 -0
package/incident/01-standards/incident-response-complete.md +303 -0
package/incident/02-playbooks/chaos-engineering-playbook.md +883 -0
package/incident/02-playbooks/postmortem-playbook.md +398 -0
package/incident/03-checklists/incident-readiness-checklist.md +181 -0
package/incident/04-antipatterns/incident-antipatterns.md +490 -0
package/incident/05-cases/case-cascade-failure.md +176 -0
package/incident/06-glossary/incident-glossary.md +114 -0
package/incident/postmortem-and-response-deep-dive.md +39 -0
package/industries/ecommerce/ecommerce-complete.md +631 -0
package/industries/education/education-complete.md +555 -0
package/industries/fintech/fintech-complete.md +501 -0
package/industries/gaming/gaming-complete.md +587 -0
package/industries/healthcare/healthcare-complete.md +452 -0
package/low-code/01-standards/low-code-complete.md +944 -0
package/miniprogram/01-standards/ai-common-mistakes.md +61 -0
package/miniprogram/01-standards/miniprogram-custom-navbar-capsule.md +77 -0
package/miniprogram/01-standards/miniprogram-design.md +61 -0
package/miniprogram/01-standards/miniprogram-standard.md +81 -0
package/mobile/01-standards/android-material-design.md +70 -0
package/mobile/01-standards/flutter-complete.md +384 -0
package/mobile/01-standards/ios-design-hig.md +78 -0
package/mobile/01-standards/mobile-app-standard.md +85 -0
package/mobile/01-standards/react-native-complete.md +352 -0
package/mobile/02-playbooks/mobile-cross-platform-playbook.md +175 -0
package/mobile/02-playbooks/mobile-performance.md +473 -0
package/mobile/03-checklists/mobile-release-checklist.md +234 -0
package/mobile/04-antipatterns/mobile-antipatterns.md +798 -0
package/mobile/05-cases/case-app-performance.md +500 -0
package/mobile/05-cases/case-app-startup-optimization.md +218 -0
package/mobile/06-glossary/mobile-glossary.md +484 -0
package/observability/01-standards/observability-standards.md +103 -0
package/observability/02-playbooks/prometheus-grafana-playbook.md +135 -0
package/observability/02-playbooks/structured-logging-playbook.md +73 -0
package/observability/03-checklists/observability-checklist.md +54 -0
package/observability/04-antipatterns/observability-antipatterns.md +106 -0
package/operations/01-standards/prometheus-monitoring-complete.md +1578 -0
package/operations/02-playbooks/capacity-planning-playbook.md +620 -0
package/operations/03-checklists/production-launch-checklist.md +365 -0
package/operations/04-antipatterns/operations-antipatterns.md +664 -0
package/operations/05-cases/case-sre-practices.md +581 -0
package/operations/06-glossary/operations-glossary.md +120 -0
package/operations/aiops-anomaly-detection.md +758 -0
package/operations/capacity-planning.md +1061 -0
package/operations/chaos-engineering.md +659 -0
package/operations/incident-command-system.md +38 -0
package/operations/observability-complete.md +442 -0
package/operations/slo-sli-playbook.md +517 -0
package/operations/sre-operations-deep-dive.md +39 -0
package/package.json +8 -0
package/performance/01-standards/performance-and-scalability.md +80 -0
package/performance/01-standards/performance-standards.md +156 -0
package/performance/02-playbooks/query-optimization-playbook.md +103 -0
package/performance/03-checklists/performance-checklist.md +56 -0
package/performance/04-antipatterns/performance-antipatterns.md +146 -0
package/product/01-standards/product-management-complete.md +285 -0
package/product/02-playbooks/feature-launch-playbook.md +207 -0
package/product/02-playbooks/user-research-playbook.md +532 -0
package/product/03-checklists/feature-launch-checklist.md +275 -0
package/product/04-antipatterns/product-antipatterns.md +355 -0
package/product/05-cases/case-mvp-to-scale.md +384 -0
package/product/06-glossary/product-glossary.md +462 -0
package/product/feature-prioritization-framework.md +40 -0
package/product/kpi-and-metric-tree.md +37 -0
package/product/product-discovery-and-prd-deep-dive.md +41 -0
package/quantum/01-standards/quantum-complete.md +1186 -0
package/security/01-standards/api-security-complete.md +511 -0
package/security/01-standards/container-runtime-security.md +574 -0
package/security/01-standards/data-protection-gdpr.md +543 -0
package/security/01-standards/owasp-top10-complete.md +1890 -0
package/security/01-standards/secure-coding-baseline.md +90 -0
package/security/01-standards/supply-chain-security.md +441 -0
package/security/01-standards/web-security-checklist.md +108 -0
package/security/01-standards/zero-trust-architecture.md +521 -0
package/security/02-playbooks/auth-sso-playbook.md +166 -0
package/security/02-playbooks/incident-response-security-playbook.md +588 -0
package/security/02-playbooks/owasp-api-security-playbook.md +129 -0
package/security/02-playbooks/payment-integration-playbook.md +119 -0
package/security/02-playbooks/penetration-testing-playbook.md +517 -0
package/security/03-checklists/security-audit-checklist.md +356 -0
package/security/04-antipatterns/security-coding-antipatterns.md +580 -0
package/security/05-cases/case-log4shell-incident.md +537 -0
package/security/05-cases/case-major-breaches.md +468 -0
package/security/06-glossary/security-glossary.md +212 -0
package/security/compliance-automation.md +993 -0
package/security/container-security.md +680 -0
package/security/devsecops-complete.md +426 -0
package/security/sast-dast-sca.md +775 -0
package/security/secrets-management.md +594 -0
package/security/security-architecture-deep-dive.md +37 -0
package/security/threat-modeling-stride-playbook.md +40 -0
package/seed-templates/auth-system.md +59 -0
package/seed-templates/blog-content.md +94 -0
package/seed-templates/dashboard.md +89 -0
package/seed-templates/docs-site.md +73 -0
package/seed-templates/e-commerce.md +50 -0
package/seed-templates/saas-landing.md +92 -0
package/seed-templates/settings-page.md +51 -0
package/testing/01-standards/test-strategy-and-layering.md +83 -0
package/testing/01-standards/testing-strategy-complete.md +422 -0
package/testing/01-standards/unit-testing-best-practices.md +118 -0
package/testing/02-playbooks/e2e-testing-playbook.md +988 -0
package/testing/02-playbooks/testing-strategy-playbook.md +126 -0
package/testing/03-checklists/test-strategy-checklist.md +208 -0
package/testing/04-antipatterns/testing-antipatterns.md +718 -0
package/testing/05-cases/case-testing-transformation.md +300 -0
package/testing/06-glossary/testing-glossary.md +110 -0
package/testing/risk-based-test-matrix.md +36 -0
package/testing/testing-strategy-deep-dive.md +37 -0

package/development/04-antipatterns/database-antipatterns.md ADDED Viewed

@@ -0,0 +1,578 @@
+---
+id: database-antipatterns
+title: 数据库反模式指南
+domain: development
+category: 04-antipatterns
+difficulty: intermediate
+tags: [antipatterns, database, delete, development, index, pagination, problem, query]
+quality_score: 70
+last_updated: 2026-06-15
+---
+# 数据库反模式指南
+> 适用范围：PostgreSQL / MySQL / MongoDB / Redis
+> 约束级别：SHALL（必须在 Code Review 和 SQL Review 阶段拦截）
+---
+## 1. N+1 查询（N+1 Query Problem）
+### 描述
+先查询主表获得 N 条记录，然后对每条记录单独查询关联表，导致总共执行 N+1 次数据库查询。在列表页场景下，N 可能是数百甚至数千，直接导致接口响应时间线性增长。
+### 错误示例
+```python
+# Django ORM -- 典型 N+1
+def get_orders_with_user(request):
+    orders = Order.objects.all()[:100]  # 1 次查询
+    result = []
+    for order in orders:
+        # 每次循环触发 1 次查询，共 100 次
+        result.append({
+            "order_id": order.id,
+            "user_name": order.user.name,       # SELECT * FROM users WHERE id = ?
+            "user_email": order.user.email,
+        })
+    return JsonResponse(result, safe=False)
+```
+```javascript
+// Sequelize -- 典型 N+1
+async function getPostsWithComments() {
+  const posts = await Post.findAll({ limit: 50 }); // 1 次查询
+  for (const post of posts) {
+    // 每次循环触发 1 次查询，共 50 次
+    post.comments = await Comment.findAll({
+      where: { postId: post.id },
+    });
+  }
+  return posts;
+}
+```
+### 正确示例
+```python
+# Django -- 使用 select_related / prefetch_related
+def get_orders_with_user(request):
+    orders = Order.objects.select_related("user").all()[:100]  # 1 次 JOIN 查询
+    result = [
+        {
+            "order_id": order.id,
+            "user_name": order.user.name,
+            "user_email": order.user.email,
+        }
+        for order in orders
+    ]
+    return JsonResponse(result, safe=False)
+```
+```python
+# SQLAlchemy -- 使用 joinedload
+def get_orders_with_user(session: Session) -> list[Order]:
+    return (
+        session.query(Order)
+        .options(joinedload(Order.user))
+        .limit(100)
+        .all()
+    )
+```
+```javascript
+// Sequelize -- 使用 eager loading
+async function getPostsWithComments() {
+  return Post.findAll({
+    limit: 50,
+    include: [{ model: Comment, as: "comments" }],
+  });
+}
+```
+### 检测方法
+- Django Debug Toolbar 的 SQL 面板：单个请求查询数 > 10 即需警觉。
+- `nplusone` 库（Django/SQLAlchemy）：自动检测 N+1 并抛出异常。
+- 数据库慢查询日志：相同模板的 SQL 在短时间内执行多次。
+- APM 工具（Datadog / New Relic）：查看单个请求的 DB 调用次数。
+### 修复步骤
+1. 开启 ORM 的 SQL 日志，统计单次请求的查询数量。
+2. 对外键关联使用 `select_related`（一对一/多对一）或 `prefetch_related`（一对多/多对多）。
+3. 对于非 ORM 场景，使用 `WHERE id IN (...)` 批量查询替代循环单查。
+4. 添加集成测试断言查询次数（`assertNumQueries` in Django）。
+### Agent Checklist
+- [ ] 列表接口查询次数 <= 5
+- [ ] 所有外键访问使用 `select_related` 或 `prefetch_related`
+- [ ] 循环中无数据库查询
+- [ ] 集成测试包含查询次数断言
+---
+## 2. 缺少索引（Missing Index）
+### 描述
+WHERE、JOIN、ORDER BY 使用的列未建立索引，导致全表扫描。在数据量从千级增长到百万级时，查询时间从毫秒级劣化到秒级。
+### 错误示例
+```sql
+-- 表结构：无索引
+CREATE TABLE orders (
+    id SERIAL PRIMARY KEY,
+    user_id INTEGER,
+    status VARCHAR(20),
+    created_at TIMESTAMP,
+    total_amount DECIMAL(10, 2)
+);
+-- 以下查询全部触发全表扫描
+SELECT * FROM orders WHERE user_id = 12345;
+SELECT * FROM orders WHERE status = 'pending' ORDER BY created_at DESC;
+SELECT * FROM orders WHERE created_at BETWEEN '2024-01-01' AND '2024-01-31';
+```
+### 正确示例
+```sql
+-- 为高频查询模式建立索引
+CREATE INDEX idx_orders_user_id ON orders(user_id);
+CREATE INDEX idx_orders_status_created ON orders(status, created_at DESC);
+CREATE INDEX idx_orders_created_at ON orders(created_at);
+-- 使用覆盖索引避免回表
+CREATE INDEX idx_orders_user_summary ON orders(user_id)
+    INCLUDE (status, total_amount, created_at);
+-- 使用部分索引减少索引体积
+CREATE INDEX idx_orders_pending ON orders(created_at DESC)
+    WHERE status = 'pending';
+```
+### 检测方法
+- `EXPLAIN ANALYZE` 输出中出现 `Seq Scan` 且 `rows` > 1000。
+- PostgreSQL：`pg_stat_user_tables` 的 `seq_scan` 计数持续增长。
+- MySQL：`SHOW INDEX FROM table_name` 检查是否覆盖高频查询列。
+- 慢查询日志：执行时间 > 100ms 的 SQL 逐条分析执行计划。
+### 修复步骤
+1. 收集慢查询日志，列出 Top 20 慢 SQL。
+2. 对每条慢 SQL 执行 `EXPLAIN ANALYZE`，识别全表扫描。
+3. 根据查询模式创建合适的索引（单列 / 复合 / 部分 / 覆盖）。
+4. 创建索引后重新执行 `EXPLAIN ANALYZE` 确认已使用索引。
+5. 监控索引使用率，删除从未使用的冗余索引。
+### Agent Checklist
+- [ ] 所有 WHERE 条件列有索引（或复合索引的前缀）
+- [ ] JOIN 的外键列有索引
+- [ ] ORDER BY 列包含在索引中
+- [ ] 无未使用的冗余索引
+- [ ] 大表（> 100 万行）的高频查询使用覆盖索引
+---
+## 3. SELECT *（过度获取）
+### 描述
+查询时使用 `SELECT *` 获取所有列，即使只需要其中 2-3 列。导致网络传输量增大、内存占用增加、无法使用覆盖索引，且表结构变更时可能引入意外的列。
+### 错误示例
+```python
+# 只需要用户名和邮箱，却获取了所有列（包括大文本、二进制字段）
+def get_user_list():
+    cursor.execute("SELECT * FROM users")  # 包含 avatar_blob、bio_text 等大字段
+    return cursor.fetchall()
+# ORM 中同样的问题
+users = User.objects.all()  # 加载了所有字段
+names = [u.name for u in users]  # 只用了 name
+```
+### 正确示例
+```python
+# 明确指定所需列
+def get_user_list():
+    cursor.execute("SELECT id, name, email FROM users")
+    return cursor.fetchall()
+# ORM 中使用 values / only
+users = User.objects.values("id", "name", "email")
+# SQLAlchemy 使用 load_only
+users = session.query(User).options(load_only(User.id, User.name, User.email)).all()
+# 对于大字段，使用 defer 延迟加载
+users = User.objects.defer("avatar_blob", "bio_text").all()
+```
+### 检测方法
+- SQL Review 中搜索 `SELECT *` 或 `SELECT table.*`。
+- ORM 查询日志中查找未使用 `only()` / `values()` / `load_only()` 的查询。
+- 使用 `sqlfluff` lint 工具自动检测 `SELECT *`。
+### 修复步骤
+1. 审查所有 `SELECT *` 查询，确定实际需要的列。
+2. 替换为明确的列名列表。
+3. 对包含 BLOB / TEXT 大字段的表，设置 ORM 默认 defer。
+4. 在 CI 中加入 `sqlfluff` 检查，禁止 `SELECT *` 进入主分支。
+### Agent Checklist
+- [ ] 无 `SELECT *` 查询
+- [ ] ORM 查询使用 `only()` / `values()` / `load_only()`
+- [ ] 大字段使用 `defer()` 延迟加载
+- [ ] CI 包含 SQL lint 规则
+---
+## 4. 过度范式化（Over-Normalization）
+### 描述
+将数据拆分到过多的表中以追求完美的范式化，导致简单的读取操作需要 JOIN 5-10 张表，查询复杂且性能低下。在读多写少的场景下，适度反范式化是合理的。
+### 错误示例
+```sql
+-- 过度拆分：一个用户资料需要 JOIN 6 张表
+SELECT u.id, un.first_name, un.last_name, ue.email,
+       up.phone, ua.street, ua.city, uc.country_name
+FROM users u
+JOIN user_names un ON u.name_id = un.id
+JOIN user_emails ue ON u.email_id = ue.id
+JOIN user_phones up ON u.phone_id = up.id
+JOIN user_addresses ua ON u.address_id = ua.id
+JOIN countries uc ON ua.country_id = uc.id;
+-- 甚至连状态都拆成了单独的表
+SELECT os.status_name
+FROM orders o
+JOIN order_statuses os ON o.status_id = os.id
+WHERE o.id = 123;
+```
+### 正确示例
+```sql
+-- 适度反范式化：将高频读取的字段内联
+CREATE TABLE users (
+    id SERIAL PRIMARY KEY,
+    first_name VARCHAR(50) NOT NULL,
+    last_name VARCHAR(50) NOT NULL,
+    email VARCHAR(255) NOT NULL UNIQUE,
+    phone VARCHAR(20),
+    street VARCHAR(200),
+    city VARCHAR(100),
+    country_code CHAR(2) NOT NULL  -- ISO 代码，不需要 JOIN 国家表
+);
+-- 使用枚举而非外键表
+CREATE TYPE order_status AS ENUM ('pending', 'paid', 'shipped', 'delivered', 'cancelled');
+CREATE TABLE orders (
+    id SERIAL PRIMARY KEY,
+    user_id INTEGER REFERENCES users(id),
+    status order_status NOT NULL DEFAULT 'pending'
+);
+-- 对于需要分析的场景，使用物化视图
+CREATE MATERIALIZED VIEW user_order_summary AS
+SELECT u.id, u.first_name, u.last_name, COUNT(o.id) AS order_count,
+       SUM(o.total) AS total_spent
+FROM users u LEFT JOIN orders o ON u.id = o.user_id
+GROUP BY u.id, u.first_name, u.last_name;
+```
+### 检测方法
+- 单个查询 JOIN 超过 3 张表。
+- 存在只包含 `id` + `name` 两列的"字典表"且数据量 < 100 条。
+- `EXPLAIN ANALYZE` 显示多层 Nested Loop Join 导致性能退化。
+### 修复步骤
+1. 分析查询日志，找出 JOIN 数量最多的 Top 10 查询。
+2. 评估哪些 JOIN 表是"字典表"（数据量小、变更频率低）。
+3. 将字典表的值内联为主表的枚举列或 VARCHAR 列。
+4. 对高频聚合查询使用物化视图。
+5. 使用数据库迁移脚本执行反范式化，确保数据一致性。
+### Agent Checklist
+- [ ] 单个查询 JOIN <= 3 张表
+- [ ] 数据量 < 100 的字典表考虑用枚举替代
+- [ ] 读多写少的场景允许适度冗余
+- [ ] 聚合查询使用物化视图或缓存
+---
+## 5. 不用事务（Missing Transactions）
+### 描述
+涉及多表写入的业务操作未使用事务，导致中途失败时数据处于不一致的中间状态。例如扣款成功但订单创建失败，用户余额减少但没有对应订单。
+### 错误示例
+```python
+def transfer_money(from_id, to_id, amount):
+    # 无事务：如果第二步失败，钱已经从 from 账户扣除但未到 to 账户
+    db.execute(
+        "UPDATE accounts SET balance = balance - %s WHERE id = %s",
+        (amount, from_id)
+    )
+    # 如果这里抛异常，钱就消失了
+    db.execute(
+        "UPDATE accounts SET balance = balance + %s WHERE id = %s",
+        (amount, to_id)
+    )
+    db.execute(
+        "INSERT INTO transfers (from_id, to_id, amount) VALUES (%s, %s, %s)",
+        (from_id, to_id, amount)
+    )
+```
+### 正确示例
+```python
+def transfer_money(from_id: int, to_id: int, amount: Decimal) -> Transfer:
+    with db.transaction() as tx:
+        # 加行锁防止并发问题
+        from_account = tx.execute(
+            "SELECT * FROM accounts WHERE id = %s FOR UPDATE", (from_id,)
+        ).fetchone()
+        if from_account["balance"] < amount:
+            raise InsufficientBalanceError(from_id, amount)
+        tx.execute(
+            "UPDATE accounts SET balance = balance - %s WHERE id = %s",
+            (amount, from_id),
+        )
+        tx.execute(
+            "UPDATE accounts SET balance = balance + %s WHERE id = %s",
+            (amount, to_id),
+        )
+        transfer = tx.execute(
+            "INSERT INTO transfers (from_id, to_id, amount, status) "
+            "VALUES (%s, %s, %s, 'completed') RETURNING *",
+            (from_id, to_id, amount),
+        ).fetchone()
+        return Transfer(**transfer)
+    # 事务自动 commit；异常时自动 rollback
+```
+```python
+# Django ORM
+from django.db import transaction
+@transaction.atomic
+def transfer_money(from_id: int, to_id: int, amount: Decimal) -> Transfer:
+    from_account = Account.objects.select_for_update().get(id=from_id)
+    to_account = Account.objects.select_for_update().get(id=to_id)
+    if from_account.balance < amount:
+        raise InsufficientBalanceError(from_id, amount)
+    from_account.balance -= amount
+    from_account.save()
+    to_account.balance += amount
+    to_account.save()
+    return Transfer.objects.create(
+        from_account=from_account, to_account=to_account, amount=amount
+    )
+```
+### 检测方法
+- 搜索代码中连续多条 `INSERT` / `UPDATE` / `DELETE` 且无事务包裹。
+- ORM 中连续多个 `.save()` 调用不在 `transaction.atomic` 内。
+- Code Review 中检查涉及资金、库存、状态流转的代码路径。
+### 修复步骤
+1. 梳理所有涉及多表写入的业务操作。
+2. 为每个操作添加事务包裹（`BEGIN ... COMMIT / ROLLBACK`）。
+3. 对需要防止并发写入的场景添加行锁（`SELECT ... FOR UPDATE`）。
+4. 编写测试模拟中途失败场景，验证事务回滚正确。
+### Agent Checklist
+- [ ] 多表写入操作包裹在事务中
+- [ ] 资金/库存操作使用 `SELECT ... FOR UPDATE` 行锁
+- [ ] 事务异常时自动 rollback
+- [ ] 有中途失败场景的回滚测试
+---
+## 6. 硬删除（Hard Delete）
+### 描述
+直接使用 `DELETE` 物理删除数据，导致无法审计、无法恢复误删数据、外键约束可能级联删除关联数据。在合规场景下（金融、医疗），硬删除可能违反法规要求。
+### 错误示例
+```python
+def delete_user(user_id):
+    # 物理删除：数据永久丢失，关联数据可能级联删除
+    db.execute("DELETE FROM user_addresses WHERE user_id = %s", (user_id,))
+    db.execute("DELETE FROM user_orders WHERE user_id = %s", (user_id,))
+    db.execute("DELETE FROM users WHERE id = %s", (user_id,))
+# ORM 中同样的问题
+user = User.objects.get(id=user_id)
+user.delete()  # 级联删除所有关联数据
+```
+### 正确示例
+```python
+# 软删除模型
+class SoftDeleteMixin:
+    deleted_at = Column(DateTime, nullable=True, index=True)
+    deleted_by = Column(Integer, nullable=True)
+    @hybrid_property
+    def is_deleted(self):
+        return self.deleted_at is not None
+class User(Base, SoftDeleteMixin):
+    __tablename__ = "users"
+    id = Column(Integer, primary_key=True)
+    name = Column(String(100))
+    email = Column(String(255))
+# 软删除操作
+def soft_delete_user(user_id: int, operator_id: int) -> None:
+    with db.transaction() as tx:
+        tx.execute(
+            "UPDATE users SET deleted_at = NOW(), deleted_by = %s WHERE id = %s",
+            (operator_id, user_id),
+        )
+        # 记录审计日志
+        tx.execute(
+            "INSERT INTO audit_log (entity, entity_id, action, operator_id) "
+            "VALUES ('user', %s, 'soft_delete', %s)",
+            (user_id, operator_id),
+        )
+# 查询时自动过滤已删除数据
+def get_active_users():
+    return db.execute("SELECT * FROM users WHERE deleted_at IS NULL").fetchall()
+# Django 软删除 Manager
+class ActiveManager(models.Manager):
+    def get_queryset(self):
+        return super().get_queryset().filter(deleted_at__isnull=True)
+```
+### 检测方法
+- 搜索代码中的 `DELETE FROM` 和 `.delete()` 调用。
+- 检查表结构是否包含 `deleted_at` / `is_deleted` 列。
+- 数据库审计日志中是否记录了删除操作。
+### 修复步骤
+1. 为需要软删除的表添加 `deleted_at`、`deleted_by` 列。
+2. 创建软删除 Mixin / 基类，统一软删除逻辑。
+3. 修改所有查询，添加 `WHERE deleted_at IS NULL` 条件（或使用自定义 Manager）。
+4. 将 `DELETE` 语句改为 `UPDATE ... SET deleted_at = NOW()`。
+5. 添加定期清理任务，对超过保留期的软删除数据进行物理删除。
+### Agent Checklist
+- [ ] 业务表使用软删除（`deleted_at` 列）
+- [ ] 无直接 `DELETE FROM` 语句（除定期清理任务）
+- [ ] 查询默认过滤已删除数据
+- [ ] 删除操作记录审计日志
+---
+## 7. 无分页（Missing Pagination）
+### 描述
+查询接口不限制返回数量，一次性返回全部数据。在数据量增长后导致内存溢出、响应超时、网络带宽耗尽。
+### 错误示例
+```python
+# 返回所有订单 -- 数据量增长后直接 OOM
+@app.get("/orders")
+def list_orders():
+    orders = Order.objects.all()  # 可能有几百万条
+    return {"orders": [serialize(o) for o in orders]}
+# API 无分页参数
+@app.get("/users")
+def list_users(status: str = None):
+    query = "SELECT * FROM users"
+    if status:
+        query += f" WHERE status = '{status}'"  # 还有 SQL 注入风险
+    return db.execute(query).fetchall()
+```
+### 正确示例
+```python
+from fastapi import Query
+@app.get("/orders")
+def list_orders(
+    page: int = Query(1, ge=1, description="页码"),
+    page_size: int = Query(20, ge=1, le=100, description="每页数量"),
+    status: str | None = Query(None, description="订单状态过滤"),
+):
+    query = Order.objects.all()
+    if status:
+        query = query.filter(status=status)
+    total = query.count()
+    offset = (page - 1) * page_size
+    orders = query.order_by("-created_at")[offset : offset + page_size]
+    return {
+        "data": [serialize(o) for o in orders],
+        "pagination": {
+            "page": page,
+            "page_size": page_size,
+            "total": total,
+            "total_pages": (total + page_size - 1) // page_size,
+        },
+    }
+# 对于大数据量，使用游标分页（keyset pagination）
+@app.get("/orders/cursor")
+def list_orders_cursor(
+    after: str | None = Query(None, description="上一页最后一条的游标"),
+    limit: int = Query(20, ge=1, le=100),
+):
+    query = Order.objects.all().order_by("-created_at")
+    if after:
+        cursor_date = decode_cursor(after)
+        query = query.filter(created_at__lt=cursor_date)
+    orders = list(query[:limit + 1])
+    has_next = len(orders) > limit
+    orders = orders[:limit]
+    next_cursor = encode_cursor(orders[-1].created_at) if has_next else None
+    return {
+        "data": [serialize(o) for o in orders],
+        "next_cursor": next_cursor,
+        "has_next": has_next,
+    }
+```
+### 检测方法
+- API 接口无 `page` / `limit` / `cursor` 参数。
+- ORM 查询无 `LIMIT` 子句。
+- 响应 JSON 中无分页元数据（`total`、`page`、`next_cursor`）。
+- 负载测试：随数据量增长，响应时间线性增加。
+### 修复步骤
+1. 为所有列表接口添加分页参数（`page` + `page_size` 或 `cursor` + `limit`）。
+2. 设置 `page_size` 上限（通常 100），防止客户端请求过大。
+3. 返回分页元数据（总数、总页数、下一页游标）。
+4. 对超过 10 万条数据的表，使用游标分页替代偏移量分页。
+5. 添加集成测试验证分页逻辑正确性。
+### Agent Checklist
+- [ ] 所有列表接口包含分页参数
+- [ ] `page_size` 有上限（<= 100）
+- [ ] 响应包含分页元数据
+- [ ] 大数据量场景使用游标分页
+- [ ] ORM 查询包含 `LIMIT` 子句
+---
+## 全局 Agent Checklist
+| 检查项 | 阈值 | 工具 |
+|--------|------|------|
+| 列表接口查询次数 | <= 5 | Django Debug Toolbar / APM |
+| N+1 查询 | 0 个 | `nplusone` / SQL 日志 |
+| 缺失索引 | 0 个 | `EXPLAIN ANALYZE` / `pg_stat` |
+| `SELECT *` 使用 | 0 处 | `sqlfluff` / Code Review |
+| 单查询 JOIN 数 | <= 3 | `EXPLAIN ANALYZE` |
+| 无事务多表写入 | 0 处 | Code Review |
+| 硬删除语句 | 0 条 | Code Review / `grep DELETE` |
+| 无分页列表接口 | 0 个 | API 文档审查 |