npm - @umacloud/knowledge - Versions diffs - 1.0.1 - Mend

@umacloud/knowledge 1.0.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (418) hide show

package/00-governance/governance-capabilities.md +557 -0
package/00-governance/knowledge-map.md +39 -0
package/00-governance/maintenance-policy.md +76 -0
package/00-governance/review-checklist.md +81 -0
package/README.md +13 -0
package/ai/01-standards/agent-development-complete.md +691 -0
package/ai/01-standards/llm-application-complete.md +488 -0
package/ai/01-standards/mlops-complete.md +798 -0
package/ai/01-standards/prompt-engineering-complete.md +646 -0
package/ai/01-standards/rag-architecture-complete.md +649 -0
package/ai/02-playbooks/llm-evaluation-playbook.md +847 -0
package/ai/03-checklists/ai-project-checklist.md +215 -0
package/ai/04-antipatterns/ai-antipatterns.md +661 -0
package/ai/05-cases/case-rag-production.md +147 -0
package/ai/06-glossary/ai-glossary.md +162 -0
package/ai/agent-evaluation-benchmark.md +53 -0
package/ai/ai-agent-memory-context-management.md +41 -0
package/ai/ai-cost-capacity-optimization-playbook.md +42 -0
package/ai/ai-data-security-and-compliance-playbook.md +37 -0
package/ai/ai-domain-index-and-checklist.md +40 -0
package/ai/ai-governance-maturity-model.md +50 -0
package/ai/ai-model-selection-and-routing-strategy.md +47 -0
package/ai/ai-observability-and-oncall-runbook.md +52 -0
package/ai/ai-rag-engineering-playbook.md +42 -0
package/ai/ai-red-team-and-safety-evaluation.md +42 -0
package/ai/ai-release-readiness-and-rollback-gate.md +42 -0
package/ai/llm-agent-engineering-deep-dive.md +57 -0
package/ai/prompt-and-tool-guardrails.md +52 -0
package/api/01-standards/enterprise-api-standards.md +198 -0
package/api/01-standards/rest-api-design-guide.md +63 -0
package/api/02-playbooks/api-pagination-playbook.md +93 -0
package/api/02-playbooks/graphql-production-playbook.md +176 -0
package/api/03-checklists/api-review-checklist.md +55 -0
package/api/04-antipatterns/api-antipatterns.md +112 -0
package/architecture/01-standards/api-gateway-patterns.md +496 -0
package/architecture/01-standards/cloud-native-patterns.md +644 -0
package/architecture/01-standards/distributed-systems-patterns.md +591 -0
package/architecture/01-standards/event-driven-architecture.md +595 -0
package/architecture/01-standards/microservices-patterns-complete.md +968 -0
package/architecture/01-standards/microservices-patterns.md +495 -0
package/architecture/01-standards/system-design-interview.md +664 -0
package/architecture/02-playbooks/microservices-patterns-playbook.md +137 -0
package/architecture/02-playbooks/migration-playbook.md +780 -0
package/architecture/02-playbooks/system-design-playbook.md +779 -0
package/architecture/03-checklists/architecture-decision-checklist.md +297 -0
package/architecture/04-antipatterns/architecture-antipatterns.md +417 -0
package/architecture/05-cases/case-netflix-microservices.md +413 -0
package/architecture/06-glossary/architecture-glossary.md +164 -0
package/architecture/adr-template-and-examples.md +38 -0
package/architecture/api-gateway-deep-dive.md +1291 -0
package/architecture/configuration-management.md +1162 -0
package/architecture/distributed-transactions.md +1220 -0
package/architecture/microservices-complete.md +735 -0
package/architecture/resilience-and-disaster-patterns.md +37 -0
package/architecture/service-governance.md +1198 -0
package/architecture/system-architecture-deep-dive.md +37 -0
package/backend/01-standards/analytics-and-growth.md +65 -0
package/backend/01-standards/api-and-error-conventions.md +120 -0
package/backend/01-standards/application-layering-and-packaging.md +160 -0
package/backend/01-standards/auth-implementation.md +104 -0
package/backend/01-standards/backend-framework-idioms.md +74 -0
package/backend/01-standards/background-jobs-and-async.md +66 -0
package/backend/01-standards/caching-strategies-complete.md +390 -0
package/backend/01-standards/config-and-observability.md +77 -0
package/backend/01-standards/data-modeling-and-persistence.md +94 -0
package/backend/01-standards/django-complete.md +1765 -0
package/backend/01-standards/email-and-notifications.md +64 -0
package/backend/01-standards/fastapi-complete.md +925 -0
package/backend/01-standards/file-upload-and-storage.md +66 -0
package/backend/01-standards/graphql-api-complete.md +416 -0
package/backend/01-standards/llm-application-standard.md +78 -0
package/backend/01-standards/message-queue-patterns.md +379 -0
package/backend/01-standards/microservices-and-distributed.md +78 -0
package/backend/01-standards/nestjs-complete.md +2167 -0
package/backend/01-standards/payment-integration.md +80 -0
package/backend/01-standards/rate-limiting-complete.md +451 -0
package/backend/01-standards/realtime-and-websocket.md +65 -0
package/backend/01-standards/search-and-filtering.md +64 -0
package/backend/01-standards/spring-boot-complete.md +445 -0
package/backend/02-playbooks/api-design-playbook.md +718 -0
package/backend/02-playbooks/email-send-playbook.md +130 -0
package/backend/02-playbooks/file-upload-s3-playbook.md +153 -0
package/backend/02-playbooks/typescript-enterprise-playbook.md +133 -0
package/backend/02-playbooks/websocket-realtime-playbook.md +154 -0
package/backend/03-checklists/api-launch-checklist.md +189 -0
package/backend/04-antipatterns/backend-antipatterns.md +1051 -0
package/blockchain/01-standards/blockchain-basics.md +557 -0
package/blockchain/01-standards/smart-contract-development.md +1315 -0
package/cicd/01-standards/deployment-and-delivery-standard.md +96 -0
package/cicd/01-standards/github-actions-complete.md +473 -0
package/cicd/01-standards/release-and-store-submission.md +75 -0
package/cicd/02-playbooks/cicd-pipeline-playbook.md +144 -0
package/cicd/02-playbooks/release-management-playbook.md +605 -0
package/cicd/03-checklists/pipeline-security-checklist.md +168 -0
package/cicd/04-antipatterns/cicd-antipatterns.md +589 -0
package/cicd/05-cases/case-deployment-automation.md +221 -0
package/cicd/05-cases/case-gitops-transformation.md +212 -0
package/cicd/06-glossary/cicd-glossary.md +114 -0
package/cicd/cicd-blueprint-deep-dive.md +38 -0
package/cicd/release-readiness-gate.md +37 -0
package/cloud-native/01-standards/container-security.md +741 -0
package/cloud-native/01-standards/kubernetes-complete.md +812 -0
package/cloud-native/02-playbooks/api-gateway-playbook.md +155 -0
package/cloud-native/02-playbooks/gitops-with-argocd.md +760 -0
package/cloud-native/02-playbooks/k8s-troubleshooting-playbook.md +1942 -0
package/cloud-native/02-playbooks/message-queue-playbook.md +129 -0
package/cloud-native/02-playbooks/multicloud-governance.md +726 -0
package/cloud-native/02-playbooks/serverless-patterns.md +788 -0
package/cloud-native/02-playbooks/service-mesh-playbook.md +612 -0
package/cloud-native/02-playbooks/terraform-iac-playbook.md +143 -0
package/cloud-native/03-checklists/container-security-checklist.md +431 -0
package/cloud-native/03-checklists/k8s-production-readiness-checklist.md +460 -0
package/cloud-native/04-antipatterns/container-antipatterns.md +660 -0
package/cloud-native/04-antipatterns/k8s-antipatterns.md +743 -0
package/cloud-native/05-cases/case-k8s-migration.md +478 -0
package/cloud-native/05-cases/case-k8s-scaling.md +642 -0
package/cloud-native/05-cases/case-k8s-security-incident.md +397 -0
package/cloud-native/06-glossary/cloud-native-glossary.md +337 -0
package/cross-platform/01-standards/cross-platform-frameworks.md +83 -0
package/cross-platform/01-standards/platform-selection-and-architecture.md +77 -0
package/data/01-standards/elasticsearch-complete.md +2098 -0
package/data/01-standards/postgresql-complete.md +1613 -0
package/data/01-standards/redis-complete.md +1527 -0
package/data/02-playbooks/database-optimization-playbook.md +403 -0
package/data/02-playbooks/elasticsearch-production-playbook.md +132 -0
package/data/03-checklists/database-launch-checklist.md +187 -0
package/data/04-antipatterns/database-antipatterns.md +873 -0
package/data/05-cases/case-database-migration.md +310 -0
package/data/06-glossary/database-glossary.md +440 -0
package/data/data-governance-and-modeling-deep-dive.md +39 -0
package/data-engineering/01-standards/airflow-complete.md +523 -0
package/data-engineering/01-standards/kafka-complete.md +1521 -0
package/data-engineering/02-playbooks/spark-etl-playbook.md +496 -0
package/data-engineering/03-checklists/pipeline-launch-checklist.md +194 -0
package/data-engineering/04-antipatterns/data-pipeline-antipatterns.md +684 -0
package/data-engineering/05-cases/case-real-time-pipeline.md +355 -0
package/data-engineering/06-glossary/data-engineering-glossary.md +429 -0
package/database/01-standards/database-schema-standards.md +147 -0
package/database/02-playbooks/postgresql-optimization-quick.md +52 -0
package/database/02-playbooks/postgresql-performance-optimization.md +58 -0
package/database/02-playbooks/postgresql-production-playbook.md +146 -0
package/database/02-playbooks/redis-caching-playbook.md +117 -0
package/database/03-checklists/database-review-checklist.md +50 -0
package/database/04-antipatterns/database-antipatterns.md +112 -0
package/design/01-standards/ui-design-system-complete.md +423 -0
package/design/02-playbooks/design-handoff-playbook.md +254 -0
package/design/02-playbooks/design-review-playbook.md +388 -0
package/design/03-checklists/design-review-checklist.md +246 -0
package/design/04-antipatterns/design-antipatterns.md +378 -0
package/design/05-cases/case-design-system-adoption.md +328 -0
package/design/06-glossary/design-glossary.md +329 -0
package/design/ui-full-lifecycle-cross-platform-playbook.md +571 -0
package/design/ux-system-deep-dive.md +38 -0
package/design-systems/00-craft-rules.md +71 -0
package/design-systems/aesthetic-families.md +43 -0
package/design-systems/anti-ai-slop.md +162 -0
package/design-systems/bold-geometric.md +120 -0
package/design-systems/brutalist-bold.md +103 -0
package/design-systems/editorial-clean.md +109 -0
package/design-systems/glass-aurora.md +108 -0
package/design-systems/modern-minimal.md +145 -0
package/design-systems/premium-luxury.md +106 -0
package/design-systems/product-type-design-map.md +48 -0
package/design-systems/soft-warm.md +123 -0
package/design-systems/tech-utility.md +113 -0
package/desktop/01-standards/desktop-app-standard.md +72 -0
package/desktop/01-standards/desktop-design.md +71 -0
package/development/00-governance/document-template.md +41 -0
package/development/01-standards/api-versioning-strategies.md +432 -0
package/development/01-standards/authentication-patterns-complete.md +479 -0
package/development/01-standards/css-architecture-complete.md +550 -0
package/development/01-standards/database-migration-strategies.md +484 -0
package/development/01-standards/elasticsearch-complete.md +347 -0
package/development/01-standards/git-complete.md +371 -0
package/development/01-standards/golang-complete.md +1565 -0
package/development/01-standards/graphql-complete.md +298 -0
package/development/01-standards/javascript-bundlers-complete.md +469 -0
package/development/01-standards/javascript-typescript-complete.md +528 -0
package/development/01-standards/jest-complete.md +275 -0
package/development/01-standards/linux-complete.md +234 -0
package/development/01-standards/logging-observability-complete.md +526 -0
package/development/01-standards/microservices-communication.md +502 -0
package/development/01-standards/mongodb-complete.md +406 -0
package/development/01-standards/oauth2-complete.md +285 -0
package/development/01-standards/performance-optimization-complete.md +289 -0
package/development/01-standards/playwright-complete.md +247 -0
package/development/01-standards/postgresql-complete.md +456 -0
package/development/01-standards/pytest-complete.md +340 -0
package/development/01-standards/python-async-programming.md +902 -0
package/development/01-standards/python-complete.md +956 -0
package/development/01-standards/python-decorators-complete.md +799 -0
package/development/01-standards/python-design-patterns.md +2854 -0
package/development/01-standards/python-packaging-distribution.md +420 -0
package/development/01-standards/python-testing-strategies.md +607 -0
package/development/01-standards/python-web-frameworks-comparison.md +471 -0
package/development/01-standards/redis-complete.md +317 -0
package/development/01-standards/rest-api-complete.md +316 -0
package/development/01-standards/rust-complete.md +578 -0
package/development/01-standards/typescript-advanced-types.md +1513 -0
package/development/01-standards/web-security-complete.md +292 -0
package/development/02-playbooks/api-design-playbook.md +810 -0
package/development/02-playbooks/database-migration-playbook.md +580 -0
package/development/02-playbooks/debugging-playbook.md +692 -0
package/development/02-playbooks/feature-delivery-playbook.md +430 -0
package/development/02-playbooks/incident-hotfix-playbook.md +387 -0
package/development/02-playbooks/performance-optimization-playbook.md +531 -0
package/development/02-playbooks/performance-tuning-playbook.md +652 -0
package/development/02-playbooks/refactor-playbook.md +403 -0
package/development/02-playbooks/release-playbook.md +469 -0
package/development/03-checklists/architecture-review-checklist.md +168 -0
package/development/03-checklists/data-migration-checklist.md +157 -0
package/development/03-checklists/oncall-handover-checklist.md +173 -0
package/development/03-checklists/pr-checklist.md +158 -0
package/development/03-checklists/production-readiness-checklist.md +190 -0
package/development/03-checklists/release-readiness-checklist.md +154 -0
package/development/03-checklists/security-review-checklist.md +182 -0
package/development/04-antipatterns/api-antipatterns.md +657 -0
package/development/04-antipatterns/architecture-antipatterns.md +686 -0
package/development/04-antipatterns/backend-antipatterns.md +648 -0
package/development/04-antipatterns/cicd-antipatterns.md +540 -0
package/development/04-antipatterns/code-smell-antipatterns.md +571 -0
package/development/04-antipatterns/data-antipatterns.md +658 -0
package/development/04-antipatterns/database-antipatterns.md +578 -0
package/development/04-antipatterns/frontend-antipatterns.md +635 -0
package/development/04-antipatterns/reliability-antipatterns.md +700 -0
package/development/04-antipatterns/security-antipatterns.md +747 -0
package/development/05-cases/case-api-version-migration.md +428 -0
package/development/05-cases/case-authorization-hardening.md +383 -0
package/development/05-cases/case-bluegreen-rollback.md +466 -0
package/development/05-cases/case-cache-snowball-protection.md +485 -0
package/development/05-cases/case-ci-cd-pipeline.md +544 -0
package/development/05-cases/case-database-scaling.md +500 -0
package/development/05-cases/case-db-hotspot-optimization.md +487 -0
package/development/05-cases/case-incident-mttr-reduction.md +563 -0
package/development/05-cases/case-microservice-migration.md +375 -0
package/development/05-cases/case-performance-optimization.md +406 -0
package/development/05-cases/case-security-incident-response.md +345 -0
package/development/06-glossary/full-stack-glossary.md +166 -0
package/development/09-maturity/quarterly-audit-template.md +35 -0
package/development/11-ui-excellence/ui-aesthetic-system.md +41 -0
package/development/11-ui-excellence/ui-engineering-excellence.md +435 -0
package/development/12-scenarios/development-scenarios-guide.md +565 -0
package/development/13-implementation-assets/implementation-toolkit.md +282 -0
package/development/13-implementation-assets/knowledge-gates-execution.md +43 -0
package/development/14-full-lifecycle/software-lifecycle-gates.md +511 -0
package/development/15-lifecycle-templates/project-templates-collection.md +791 -0
package/development/api-contract-and-versioning-guide.md +36 -0
package/development/api-governance-complete.md +43 -0
package/development/backend-engineering-complete.md +43 -0
package/development/code-review-quality-complete.md +43 -0
package/development/concurrency-reliability-complete.md +43 -0
package/development/database-engineering-complete.md +43 -0
package/development/engineering-effectiveness-complete.md +43 -0
package/development/engineering-standards-deep-dive.md +38 -0
package/development/frontend-engineering-complete.md +43 -0
package/development/performance-capacity-complete.md +43 -0
package/development/refactor-migration-complete.md +42 -0
package/development/refactoring-and-techdebt-playbook.md +37 -0
package/development/security-in-development-complete.md +43 -0
package/devops/01-standards/cicd-pipeline-complete.md +262 -0
package/devops/01-standards/docker-complete.md +1490 -0
package/devops/01-standards/github-actions-complete.md +337 -0
package/devops/01-standards/kubernetes-complete.md +638 -0
package/devops/01-standards/terraform-complete.md +2117 -0
package/devops/02-playbooks/docker-compose-playbook.md +233 -0
package/devops/02-playbooks/docker-k8s-production-playbook.md +186 -0
package/devops/02-playbooks/docker-production-playbook.md +952 -0
package/edge-iot/01-standards/edge-iot-complete.md +473 -0
package/experts/architect/api-design.md +178 -0
package/experts/architect/methodology.md +124 -0
package/experts/architect/security.md +75 -0
package/experts/backend-lead/methodology.md +216 -0
package/experts/devops/methodology.md +160 -0
package/experts/frontend-lead/methodology.md +178 -0
package/experts/product-manager/industry/ecommerce.md +43 -0
package/experts/product-manager/industry/saas.md +40 -0
package/experts/product-manager/methodology.md +97 -0
package/experts/qa-lead/methodology.md +123 -0
package/experts/qa-lead/test-strategy.md +128 -0
package/experts/uiux-designer/methodology.md +125 -0
package/frontend/01-standards/accessibility-complete.md +532 -0
package/frontend/01-standards/accessibility-standard.md +74 -0
package/frontend/01-standards/admin-dashboard-and-crud.md +72 -0
package/frontend/01-standards/design-tokens-complete.md +444 -0
package/frontend/01-standards/forms-and-validation.md +77 -0
package/frontend/01-standards/frontend-architecture-and-layering.md +119 -0
package/frontend/01-standards/i18n-and-localization.md +65 -0
package/frontend/01-standards/nextjs-complete.md +451 -0
package/frontend/01-standards/react-complete.md +713 -0
package/frontend/01-standards/react-hooks-complete-guide.md +1100 -0
package/frontend/01-standards/react-hooks-complete.md +1171 -0
package/frontend/01-standards/seo-and-web-vitals.md +77 -0
package/frontend/01-standards/state-management-complete.md +444 -0
package/frontend/01-standards/vue-complete.md +499 -0
package/frontend/01-standards/vue3-complete.md +2002 -0
package/frontend/01-standards/web-framework-best-practices.md +64 -0
package/frontend/01-standards/web-performance-complete.md +495 -0
package/frontend/02-playbooks/accessibility-a11y-playbook.md +161 -0
package/frontend/02-playbooks/frontend-performance-playbook.md +707 -0
package/frontend/02-playbooks/i18n-internationalization-playbook.md +120 -0
package/frontend/02-playbooks/performance-optimization-playbook.md +163 -0
package/frontend/02-playbooks/react-nextjs-production-playbook.md +167 -0
package/frontend/02-playbooks/react-state-management-playbook.md +173 -0
package/frontend/03-checklists/component-quality-checklist.md +166 -0
package/frontend/03-checklists/frontend-launch-checklist.md +299 -0
package/frontend/04-antipatterns/frontend-antipatterns.md +886 -0
package/frontend/05-cases/case-performance-optimization.md +274 -0
package/harmony/01-standards/harmonyos-arkts-standard.md +75 -0
package/harmony/01-standards/harmonyos-design.md +65 -0
package/high-quality-engineering-playbook.md +54 -0
package/incident/01-standards/incident-response-complete.md +303 -0
package/incident/02-playbooks/chaos-engineering-playbook.md +883 -0
package/incident/02-playbooks/postmortem-playbook.md +398 -0
package/incident/03-checklists/incident-readiness-checklist.md +181 -0
package/incident/04-antipatterns/incident-antipatterns.md +490 -0
package/incident/05-cases/case-cascade-failure.md +176 -0
package/incident/06-glossary/incident-glossary.md +114 -0
package/incident/postmortem-and-response-deep-dive.md +39 -0
package/industries/ecommerce/ecommerce-complete.md +631 -0
package/industries/education/education-complete.md +555 -0
package/industries/fintech/fintech-complete.md +501 -0
package/industries/gaming/gaming-complete.md +587 -0
package/industries/healthcare/healthcare-complete.md +452 -0
package/low-code/01-standards/low-code-complete.md +944 -0
package/miniprogram/01-standards/ai-common-mistakes.md +61 -0
package/miniprogram/01-standards/miniprogram-custom-navbar-capsule.md +77 -0
package/miniprogram/01-standards/miniprogram-design.md +61 -0
package/miniprogram/01-standards/miniprogram-standard.md +81 -0
package/mobile/01-standards/android-material-design.md +70 -0
package/mobile/01-standards/flutter-complete.md +384 -0
package/mobile/01-standards/ios-design-hig.md +78 -0
package/mobile/01-standards/mobile-app-standard.md +85 -0
package/mobile/01-standards/react-native-complete.md +352 -0
package/mobile/02-playbooks/mobile-cross-platform-playbook.md +175 -0
package/mobile/02-playbooks/mobile-performance.md +473 -0
package/mobile/03-checklists/mobile-release-checklist.md +234 -0
package/mobile/04-antipatterns/mobile-antipatterns.md +798 -0
package/mobile/05-cases/case-app-performance.md +500 -0
package/mobile/05-cases/case-app-startup-optimization.md +218 -0
package/mobile/06-glossary/mobile-glossary.md +484 -0
package/observability/01-standards/observability-standards.md +103 -0
package/observability/02-playbooks/prometheus-grafana-playbook.md +135 -0
package/observability/02-playbooks/structured-logging-playbook.md +73 -0
package/observability/03-checklists/observability-checklist.md +54 -0
package/observability/04-antipatterns/observability-antipatterns.md +106 -0
package/operations/01-standards/prometheus-monitoring-complete.md +1578 -0
package/operations/02-playbooks/capacity-planning-playbook.md +620 -0
package/operations/03-checklists/production-launch-checklist.md +365 -0
package/operations/04-antipatterns/operations-antipatterns.md +664 -0
package/operations/05-cases/case-sre-practices.md +581 -0
package/operations/06-glossary/operations-glossary.md +120 -0
package/operations/aiops-anomaly-detection.md +758 -0
package/operations/capacity-planning.md +1061 -0
package/operations/chaos-engineering.md +659 -0
package/operations/incident-command-system.md +38 -0
package/operations/observability-complete.md +442 -0
package/operations/slo-sli-playbook.md +517 -0
package/operations/sre-operations-deep-dive.md +39 -0
package/package.json +8 -0
package/performance/01-standards/performance-and-scalability.md +80 -0
package/performance/01-standards/performance-standards.md +156 -0
package/performance/02-playbooks/query-optimization-playbook.md +103 -0
package/performance/03-checklists/performance-checklist.md +56 -0
package/performance/04-antipatterns/performance-antipatterns.md +146 -0
package/product/01-standards/product-management-complete.md +285 -0
package/product/02-playbooks/feature-launch-playbook.md +207 -0
package/product/02-playbooks/user-research-playbook.md +532 -0
package/product/03-checklists/feature-launch-checklist.md +275 -0
package/product/04-antipatterns/product-antipatterns.md +355 -0
package/product/05-cases/case-mvp-to-scale.md +384 -0
package/product/06-glossary/product-glossary.md +462 -0
package/product/feature-prioritization-framework.md +40 -0
package/product/kpi-and-metric-tree.md +37 -0
package/product/product-discovery-and-prd-deep-dive.md +41 -0
package/quantum/01-standards/quantum-complete.md +1186 -0
package/security/01-standards/api-security-complete.md +511 -0
package/security/01-standards/container-runtime-security.md +574 -0
package/security/01-standards/data-protection-gdpr.md +543 -0
package/security/01-standards/owasp-top10-complete.md +1890 -0
package/security/01-standards/secure-coding-baseline.md +90 -0
package/security/01-standards/supply-chain-security.md +441 -0
package/security/01-standards/web-security-checklist.md +108 -0
package/security/01-standards/zero-trust-architecture.md +521 -0
package/security/02-playbooks/auth-sso-playbook.md +166 -0
package/security/02-playbooks/incident-response-security-playbook.md +588 -0
package/security/02-playbooks/owasp-api-security-playbook.md +129 -0
package/security/02-playbooks/payment-integration-playbook.md +119 -0
package/security/02-playbooks/penetration-testing-playbook.md +517 -0
package/security/03-checklists/security-audit-checklist.md +356 -0
package/security/04-antipatterns/security-coding-antipatterns.md +580 -0
package/security/05-cases/case-log4shell-incident.md +537 -0
package/security/05-cases/case-major-breaches.md +468 -0
package/security/06-glossary/security-glossary.md +212 -0
package/security/compliance-automation.md +993 -0
package/security/container-security.md +680 -0
package/security/devsecops-complete.md +426 -0
package/security/sast-dast-sca.md +775 -0
package/security/secrets-management.md +594 -0
package/security/security-architecture-deep-dive.md +37 -0
package/security/threat-modeling-stride-playbook.md +40 -0
package/seed-templates/auth-system.md +59 -0
package/seed-templates/blog-content.md +94 -0
package/seed-templates/dashboard.md +89 -0
package/seed-templates/docs-site.md +73 -0
package/seed-templates/e-commerce.md +50 -0
package/seed-templates/saas-landing.md +92 -0
package/seed-templates/settings-page.md +51 -0
package/testing/01-standards/test-strategy-and-layering.md +83 -0
package/testing/01-standards/testing-strategy-complete.md +422 -0
package/testing/01-standards/unit-testing-best-practices.md +118 -0
package/testing/02-playbooks/e2e-testing-playbook.md +988 -0
package/testing/02-playbooks/testing-strategy-playbook.md +126 -0
package/testing/03-checklists/test-strategy-checklist.md +208 -0
package/testing/04-antipatterns/testing-antipatterns.md +718 -0
package/testing/05-cases/case-testing-transformation.md +300 -0
package/testing/06-glossary/testing-glossary.md +110 -0
package/testing/risk-based-test-matrix.md +36 -0
package/testing/testing-strategy-deep-dive.md +37 -0

package/devops/02-playbooks/docker-production-playbook.md ADDED Viewed

@@ -0,0 +1,952 @@
+---
+id: docker-production-playbook
+title: Docker 生产环境实战剧本
+domain: devops
+category: 02-playbooks
+difficulty: intermediate
+tags: [docker, containerization, devops, production]
+quality_score: 91
+maintainer: devops-team@umadev.com
+last_updated: 2026-03-29
+version: 2.0
+related_knowledge:
+  - kubernetes-patterns
+  - microservices-deployment
+  - ci-cd-best-practices
+prerequisites:
+  - docker-fundamentals
+  - linux-basics
+---
+# Docker 生产环境实战剧本
+## 概述
+本剧本提供在 Kubernetes 生产环境中部署和维护容器化应用的分步指南。涵盖从镜像构建到生产部署的完整流程,包括安全加固、性能优化、监控告警等关键环节。
+## 前置条件
+### 必需工具
+- Docker 24.0+
+- Docker Compose 2.0+ (可选)
+- Kubernetes 1.28+ (生产集群)
+- Helm 3.0+ (包管理器)
+- Container Registry (Docker Hub/GCR/ECR)
+### 权限要求
+- Docker daemon 访问权限
+- Kubernetes namespace admin 权限
+- Container registry push 权限
+## 场景 1: 遵循最佳实践的 Dockerfile 编写
+### 目标
+编写安全、高效、可维护的生产级 Dockerfile。
+### 步骤
+#### 1.1 使用多阶段构建
+```dockerfile
+# 构建阶段
+FROM node:20-alpine AS builder
+WORKDIR /app
+# 安装依赖
+COPY package*.json ./
+RUN npm ci --only=production
+# 复制源代码
+COPY . .
+# 构建应用
+RUN npm run build
+# 生产阶段
+FROM node:20-alpine AS production
+# 安全: 使用非 root 用户
+RUN addgroup -g 1001 -S nodejs && \
+    adduser -S nextjs -u 1001
+WORKDIR /app
+# 只复制构建产物
+COPY --from=builder /app/.next/standalone ./
+COPY --from=builder /app/.next/static ./.next/static
+COPY --from=builder /app/package.json ./
+# 设置所有权
+RUN chown -R nextjs:nodejs /app
+USER nextjs
+# 健康检查
+HEALTHCHECK --interval=30s --timeout=3s --start-period=40s --retries=3 \
+  CMD node healthcheck.js || exit 1
+EXPOSE 3000
+CMD ["node", "server.js"]
+```
+**关键点**:
+- ✅ 多阶段构建减小镜像体积
+- ✅ 使用特定版本标签 (node:20-alpine)
+- ✅ 非 root 用户运行
+- ✅ 健康检查配置
+#### 1.2 优化镜像层
+```dockerfile
+FROM python:3.11-slim
+# 安装系统依赖 (单独一层,便于缓存)
+RUN apt-get update && apt-get install -y \
+    gcc \
+    && rm -rf /var/lib/apt/lists/*
+WORKDIR /app
+# 复制依赖文件 (利用 Docker 缓存)
+COPY requirements.txt .
+# 安装 Python 依赖
+RUN pip install --no-cache-dir -r requirements.txt
+# 复制应用代码 (最后复制,变化最频繁)
+COPY . .
+CMD ["python", "app.py"]
+```
+**优化策略**:
+1. **最少化层数**: 合并相关命令
+2. **利用缓存**: 不变的层放在前面
+3. **清理缓存**: 删除包管理器缓存
+#### 1.3 安全加固
+```dockerfile
+FROM alpine:3.18
+# 安装安全更新
+RUN apk update && apk upgrade && \
+    apk add --no-cache dumb-init && \
+    rm -rf /var/cache/apk/*
+# 创建只读文件系统
+RUN mkdir -p /app /tmp && \
+    chmod 755 /app /tmp
+WORKDIR /app
+COPY --chown=1000:1000 app .
+# 安全标签
+LABEL maintainer="devops@company.com"
+LABEL version="1.0.0"
+LABEL security="high"
+# 使用 dumb-init 作为 PID 1
+ENTRYPOINT ["dumb-init", "--"]
+# 只读根文件系统
+RUN chmod -R 555 /app
+USER 1000
+CMD ["./app"]
+```
+**安全措施**:
+- ✅ 只读文件系统
+- ✅ 最小化基础镜像
+- ✅ 非 root 用户
+- ✅ 使用 init 系统
+### 验证
+```bash
+# 构建镜像
+docker build -t myapp:v1.0.0 .
+# 检查镜像大小
+docker images myapp:v1.0.0
+# 扫描安全漏洞
+docker scout cves myapp:v1.0.0
+# 测试运行
+docker run --rm -p 3000:3000 myapp:v1.0.0
+```
+## 场景 2: 镜像优化和缓存策略
+### 目标
+优化镜像大小并配置有效的缓存策略。
+### 步骤
+#### 2.1 使用 .dockerignore
+```dockerignore
+# 依赖目录
+node_modules
+npm-debug.log
+yarn-error.log
+# 构建产物
+dist
+build
+.next
+out
+# Git
+.git
+.gitignore
+# IDE
+.vscode
+.idea
+*.swp
+*.swo
+# 测试
+coverage
+.nyc_output
+*.test.js
+*.spec.js
+# 文档
+README.md
+CHANGELOG.md
+docs/
+# 环境文件
+.env
+.env.*
+```
+#### 2.2 构建缓存优化
+```dockerfile
+# 利用 BuildKit 缓存
+# syntax=docker/dockerfile:1.4
+FROM golang:1.21-alpine AS builder
+WORKDIR /app
+# 先复制 go.mod 和 go.sum (缓存依赖下载)
+COPY go.mod go.sum ./
+RUN go mod download
+# 再复制源代码
+COPY . .
+# 构建时利用缓存
+RUN --mount=type=cache,target=/root/.cache/go-build \
+    CGO_ENABLED=0 GOOS=linux go build -a -installsuffix cgo -o main .
+FROM alpine:3.18
+RUN apk --no-cache add ca-certificates
+WORKDIR /root/
+COPY --from=builder /app/main .
+CMD ["./main"]
+```
+**BuildKit 特性**:
+- `--mount=type=cache`: 持久化缓存
+- 并行构建
+- 更高效的层缓存
+#### 2.3 压缩镜像层
+```bash
+# 导出并导入镜像 (合并层)
+docker save myapp:v1 | docker load
+# 使用 docker-squash 压缩层
+docker-squash myapp:v1 -t myapp:v1-squashed
+# 或使用多阶段构建 (推荐)
+# 已在步骤 1.1 中演示
+```
+### 验证
+```bash
+# 查看镜像层
+docker history myapp:v1.0.0
+# 检查镜像大小
+docker images myapp:v1.0.0
+# 分析镜像层
+dive myapp:v1.0.0
+```
+## 场景 3: 生产级 Docker Compose 配置
+### 目标
+配置高可用、可扩展的生产级 Docker Compose。
+### 步骤
+#### 3.1 基础 Compose 文件 (docker-compose.yml)
+```yaml
+version: '3.8'
+services:
+  app:
+    image: myapp:${VERSION:-latest}
+    container_name: myapp
+    restart: unless-stopped
+    environment:
+      - NODE_ENV=production
+      - DATABASE_URL=postgres://db:5432/mydb
+    secrets:
+      - db_password
+      - api_key
+    networks:
+      - frontend
+      - backend
+    deploy:
+      replicas: 3
+      update_config:
+        parallelism: 1
+        delay: 10s
+        failure_action: rollback
+      rollback_config:
+        parallelism: 0
+        order: stop-first
+      restart_policy:
+        condition: on-failure
+        delay: 5s
+        max_attempts: 3
+        window: 120s
+    healthcheck:
+      test: ["CMD", "curl", "-f", "http://localhost:3000/health"]
+      interval: 30s
+      timeout: 10s
+      retries: 3
+      start_period: 40s
+    logging:
+      driver: "json-file"
+      options:
+        max-size: "10m"
+        max-file: "3"
+        labels: "service,environment"
+  db:
+    image: postgres:15-alpine
+    container_name: myapp-db
+    volumes:
+      - postgres_data:/var/lib/postgresql/data
+      - ./init.sql:/docker-entrypoint-initdb.d/init.sql:ro
+    environment:
+      - POSTGRES_DB=mydb
+      - POSTGRES_USER=myuser
+      - POSTGRES_PASSWORD_FILE=/run/secrets/db_password
+    secrets:
+      - db_password
+    networks:
+      - backend
+    deploy:
+      placement:
+        constraints:
+          - node.role == manager
+    healthcheck:
+      test: ["CMD-SHELL", "pg_isready -U myuser"]
+      interval: 10s
+      timeout: 5s
+      retries: 5
+  nginx:
+    image: nginx:alpine
+    container_name: myapp-nginx
+    volumes:
+      - ./nginx.conf:/etc/nginx/nginx.conf:ro
+      - ./ssl:/etc/nginx/ssl:ro
+    ports:
+      - "80:80"
+      - "443:443"
+    networks:
+      - frontend
+    deploy:
+      replicas: 2
+    depends_on:
+      - app
+networks:
+  frontend:
+    driver: overlay
+    attachable: true
+  backend:
+    driver: overlay
+    internal: true
+volumes:
+  postgres_data:
+    driver: local
+secrets:
+  db_password:
+    external: true
+  api_key:
+    external: true
+```
+#### 3.2 覆盖配置 (docker-compose.prod.yml)
+```yaml
+version: '3.8'
+services:
+  app:
+    image: ${REGISTRY}/myapp:${VERSION}
+    deploy:
+      replicas: 5
+      resources:
+        limits:
+          cpus: '2'
+          memory: 2G
+        reservations:
+          cpus: '1'
+          memory: 1G
+    environment:
+      - NODE_ENV=production
+      - LOG_LEVEL=info
+      - METRICS_ENABLED=true
+    logging:
+      driver: "fluentd"
+      options:
+        fluentd-address: "fluentd:24224"
+        tag: "myapp.{{.ID}}"
+  db:
+    deploy:
+      resources:
+        limits:
+          cpus: '4'
+          memory: 8G
+        reservations:
+          cpus: '2'
+          memory: 4G
+```
+#### 3.3 部署命令
+```bash
+# 创建 secrets
+echo "my_secure_password" | docker secret create db_password -
+echo "my_api_key" | docker secret create api_key -
+# 初始化 swarm (如果尚未初始化)
+docker swarm init
+# 部署 stack
+docker stack deploy -c docker-compose.yml -c docker-compose.prod.yml myapp
+# 查看服务状态
+docker stack services myapp
+# 查看服务日志
+docker service logs -f myapp_app
+# 扩缩容
+docker service scale myapp_app=10
+# 更新服务
+docker service update --image ${REGISTRY}/myapp:${NEW_VERSION} myapp_app
+# 回滚
+docker service rollback myapp_app
+```
+### 验证
+```bash
+# 检查服务健康
+docker stack ps myapp
+# 测试负载均衡
+for i in {1..10}; do
+  curl -s http://localhost/api/health | jq .container_id
+done
+# 监控资源使用
+docker stats
+```
+## 场景 4: 镜像安全扫描和签名
+### 目标
+确保生产环境中只运行安全、可信的镜像。
+### 步骤
+#### 4.1 配置镜像扫描
+```bash
+# 使用 Docker Scout 扫描
+docker scout cves myapp:v1.0.0
+# 使用 Trivy 扫描
+trivy image myapp:v1.0.0
+# 使用 Grype 扫描
+grype myapp:v1.0.0
+# CI 集成示例 (GitLab CI)
+# .gitlab-ci.yml
+scan_image:
+  stage: security
+  image: aquasec/trivy:latest
+  script:
+    - trivy image --exit-code 1 --severity HIGH,CRITICAL myapp:$CI_COMMIT_SHA
+  only:
+    - main
+```
+#### 4.2 配置内容信任 (DCT)
+```bash
+# 启用 Docker Content Trust
+export DOCKER_CONTENT_TRUST=1
+# 生成密钥对
+docker trust key generate key.pem
+# 添加签名密钥
+docker trust signer add --key key.pem admin@company.com
+# 签名镜像
+docker trust sign myapp:v1.0.0
+# 验证签名
+docker trust inspect --pretty myapp:v1.0.0
+```
+#### 4.3 镜像策略 enforcement
+```yaml
+# Kubernetes OPA 策略: 只允许签名镜像
+apiVersion: ingresscontroller.opa.k8s.io/v1
+kind: Policy
+metadata:
+  name: signed-images-only
+spec:
+  modules:
+    signed_images:
+      |
+      | package signed_images
+      |
+      | import future.keywords.if
+      |
+      | deny[msg] {
+      |   input := {
+      |     "request": {
+      |       "kind": "kind",
+      |       "image": "image"
+      |     }
+      |   }
+      |
+      |   kind := input.request.kind
+      |   image := input.request.image
+      |
+      |   if kind == "Pod" {
+      |     not image_has_valid_signature(image)
+      |   }
+      | }
+      |
+      | image_has_valid_signature(image) {
+      |   # 检查镜像签名
+      |   true # 实际实现需要调用 DCT API
+      | }
+```
+### 验证
+```bash
+# 运行扫描
+docker scout cves myapp:v1.0.0
+# 查看签名信息
+docker trust inspect --pretty myapp:v1.0.0
+# 测试策略 enforcement
+kubectl apply -f pod-unsigned-image.yaml
+# 应该被拒绝
+```
+## 场景 5: 监控和日志收集
+### 目标
+配置全面的监控和日志收集系统。
+### 步骤
+#### 5.1 Prometheus 指标收集
+```yaml
+# docker-compose.monitoring.yml
+version: '3.8'
+services:
+  prometheus:
+    image: prom/prometheus:v2.45.0
+    container_name: prometheus
+    volumes:
+      - ./prometheus.yml:/etc/prometheus/prometheus.yml:ro
+      - prometheus_data:/prometheus
+    command:
+      - '--config.file=/etc/prometheus/prometheus.yml'
+      - '--storage.tsdb.path=/prometheus'
+      - '--web.console.libraries=/etc/prometheus/console_libraries'
+      - '--web.console.templates=/etc/prometheus/consoles'
+    ports:
+      - "9090:9090"
+    networks:
+      - monitoring
+  grafana:
+    image: grafana/grafana:10.0.0
+    container_name: grafana
+    environment:
+      - GF_SECURITY_ADMIN_USER=admin
+      - GF_SECURITY_ADMIN_PASSWORD=admin
+      - GF_INSTALL_PLUGINS=grafana-clock-panel
+    volumes:
+      - grafana_data:/var/lib/grafana
+      - ./grafana/dashboards:/etc/grafana/provisioning/dashboards
+    ports:
+      - "3001:3000"
+    networks:
+      - monitoring
+volumes:
+  prometheus_data:
+  grafana_data:
+networks:
+  monitoring:
+    driver: bridge
+```
+```yaml
+# prometheus.yml
+global:
+  scrape_interval: 15s
+  evaluation_interval: 15s
+scrape_configs:
+  - job_name: 'prometheus'
+    static_configs:
+      - targets: ['localhost:9090']
+  - job_name: 'myapp'
+    docker_sd_configs:
+      - host: unix:///var/run/docker.sock
+        refresh_interval: 5s
+        filters:
+          - name: label
+            values: ["com.docker.compose.service=myapp"]
+    relabel_configs:
+      - source_labels: [__meta_docker_container_label_com_docker_compose_service]
+        target_label: service
+```
+#### 5.2 应用指标暴露
+```python
+# Python 应用添加 Prometheus 指标
+from prometheus_client import Counter, Histogram, generate_latest
+from fastapi import Response
+# 定义指标
+request_count = Counter('http_requests_total', 'Total HTTP requests', ['method', 'endpoint'])
+request_latency = Histogram('http_request_duration_seconds', 'HTTP request latency', ['method', 'endpoint'])
+@app.middleware("http")
+async def monitor_requests(request, call_next):
+    request_count.labels(method=request.method, endpoint=request.url.path).inc()
+    with request_latency.labels(method=request.method, endpoint=request.url.path).time():
+        response = await call_next(request)
+    return response
+@app.get("/metrics")
+async def metrics():
+    return Response(content=generate_latest(), media_type="text/plain")
+```
+#### 5.3 日志收集 (ELK Stack)
+```yaml
+# docker-compose.logging.yml
+version: '3.8'
+services:
+  elasticsearch:
+    image: docker.elastic.co/elasticsearch/elasticsearch:8.10.0
+    container_name: elasticsearch
+    environment:
+      - discovery.type=single-node
+      - ES_JAVA_OPTS=-Xms512m -Xmx512m
+      - xpack.security.enabled=false
+    volumes:
+      - elasticsearch_data:/usr/share/elasticsearch/data
+    ports:
+      - "9200:9200"
+    networks:
+      - logging
+  logstash:
+    image: docker.elastic.co/logstash/logstash:8.10.0
+    container_name: logstash
+    volumes:
+      - ./logstash.conf:/usr/share/logstash/pipeline/logstash.conf:ro
+    ports:
+      - "5044:5044"
+    networks:
+      - logging
+    depends_on:
+      - elasticsearch
+  kibana:
+    image: docker.elastic.co/kibana/kibana:8.10.0
+    container_name: kibana
+    environment:
+      - ELASTICSEARCH_HOSTS=http://elasticsearch:9200
+    ports:
+      - "5601:5601"
+    networks:
+      - logging
+    depends_on:
+      - elasticsearch
+volumes:
+  elasticsearch_data:
+networks:
+  logging:
+    driver: bridge
+```
+```
+# logstash.conf
+input {
+  tcp {
+    port => 5044
+    codec => json_lines
+  }
+}
+filter {
+  if [type] == "application" {
+    grok {
+      match => { "message" => "%{TIMESTAMP_ISO8601:timestamp} %{LOGLEVEL:level} %{GREEDYDATA:log}" }
+    }
+    date {
+      match => [ "timestamp", "ISO8601" ]
+    }
+  }
+}
+output {
+  elasticsearch {
+    hosts => ["elasticsearch:9200"]
+    index => "myapp-logs-%{+YYYY.MM.dd}"
+  }
+}
+```
+### 验证
+```bash
+# 部署监控 stack
+docker stack deploy -c docker-compose.monitoring.yml monitoring
+# 检查 Prometheus targets
+curl http://localhost:9090/api/v1/targets
+# 访问 Grafana
+open http://localhost:3001
+# 测试日志收集
+curl -X POST -H "Content-Type: application/json" \
+  -d '{"type":"application","message":"Test log"}' \
+  logstash:5044
+# 在 Kibana 中查看日志
+open http://localhost:5601
+```
+## 故障排查
+### 问题 1: 镜像拉取失败
+**症状**:
+```
+Error: image myapp:v1.0.0 not found
+```
+**解决方案**:
+```bash
+# 1. 检查镜像是否存在
+docker images | grep myapp
+# 2. 检查 registry 认证
+docker login registry.example.com
+# 3. 检查镜像标签
+docker tag myapp:v1.0.0 registry.example.com/myapp:v1.0.0
+docker push registry.example.com/myapp:v1.0.0
+# 4. 验证 push 成功
+docker pull registry.example.com/myapp:v1.0.0
+```
+### 问题 2: 容器频繁重启
+**症状**:
+```
+docker ps -a
+CONTAINER ID   STATUS
+abc123         Restarting (1) 5 seconds ago
+```
+**解决方案**:
+```bash
+# 1. 查看容器日志
+docker logs abc123
+# 2. 查看退出代码
+docker inspect abc123 | jq .[0].State.ExitCode
+# 3. 检查健康检查
+docker inspect abc123 | jq .[0].Config.Healthcheck
+# 4. 资源限制检查
+docker stats --no-stream
+# 5. 进入容器调试
+docker exec -it abc123 sh
+```
+### 问题 3: 网络连接失败
+**症状**:
+```
+curl: (7) Failed to connect to db port 5432: Connection refused
+```
+**解决方案**:
+```bash
+# 1. 检查网络
+docker network ls
+docker network inspect myapp_backend
+# 2. 检查 DNS 解析
+docker exec myapp ping db
+# 3. 检查端口
+docker exec myapp netstat -tulpn | grep 5432
+# 4. 检查防火墙规则
+iptables -L -n
+# 5. 测试连接
+docker run --rm -it --network myapp_backend postgres:15-alpine \
+  psql -h db -U myuser -d mydb
+```
+## 验收清单
+- [ ] Dockerfile 遵循最佳实践
+- [ ] 镜像大小 < 100MB
+- [ ] 无高危漏洞 (docker scout cves)
+- [ ] 非 root 用户运行
+- [ ] 健康检查配置
+- [ ] 日志配置正确
+- [ ] 资源限制设置
+- [ ] Secrets 管理安全
+- [ ] 网络隔离配置
+- [ ] 监控指标暴露
+- [ ] 备份和恢复测试
+- [ ] 更新和回滚测试
+## 参考资料
+### 官方文档
+- [Docker Documentation](https://docs.docker.com/)
+- [Dockerfile Best Practices](https://docs.docker.com/develop/develop-images/dockerfile_best-practices/)
+- [Docker Security](https://docs.docker.com/engine/security/)
+### 工具
+- [Dive - Image Layer Analysis](https://github.com/wagoodman/dive)
+- [Trivy - Vulnerability Scanner](https://github.com/aquasecurity/trivy)
+- [Docker Scout](https://docs.docker.com/scout/)
+### 最佳实践
+- [Docker Production Checklist](https://github.com/docker/docker.github.io/blob/master/production.md)
+- [Container Security Best Practices](https://snyk.io/blog/10-docker-image-security-best-practices/)
+---
+**知识ID**: `docker-production-playbook`
+**领域**: devops
+**类型**: playbooks
+**难度**: intermediate
+**质量分**: 91
+**维护者**: devops-team@umadev.com
+**最后更新**: 2026-03-29