npm - @umacloud/knowledge - Versions diffs - 1.0.1 - Mend

@umacloud/knowledge 1.0.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (418) hide show

package/00-governance/governance-capabilities.md +557 -0
package/00-governance/knowledge-map.md +39 -0
package/00-governance/maintenance-policy.md +76 -0
package/00-governance/review-checklist.md +81 -0
package/README.md +13 -0
package/ai/01-standards/agent-development-complete.md +691 -0
package/ai/01-standards/llm-application-complete.md +488 -0
package/ai/01-standards/mlops-complete.md +798 -0
package/ai/01-standards/prompt-engineering-complete.md +646 -0
package/ai/01-standards/rag-architecture-complete.md +649 -0
package/ai/02-playbooks/llm-evaluation-playbook.md +847 -0
package/ai/03-checklists/ai-project-checklist.md +215 -0
package/ai/04-antipatterns/ai-antipatterns.md +661 -0
package/ai/05-cases/case-rag-production.md +147 -0
package/ai/06-glossary/ai-glossary.md +162 -0
package/ai/agent-evaluation-benchmark.md +53 -0
package/ai/ai-agent-memory-context-management.md +41 -0
package/ai/ai-cost-capacity-optimization-playbook.md +42 -0
package/ai/ai-data-security-and-compliance-playbook.md +37 -0
package/ai/ai-domain-index-and-checklist.md +40 -0
package/ai/ai-governance-maturity-model.md +50 -0
package/ai/ai-model-selection-and-routing-strategy.md +47 -0
package/ai/ai-observability-and-oncall-runbook.md +52 -0
package/ai/ai-rag-engineering-playbook.md +42 -0
package/ai/ai-red-team-and-safety-evaluation.md +42 -0
package/ai/ai-release-readiness-and-rollback-gate.md +42 -0
package/ai/llm-agent-engineering-deep-dive.md +57 -0
package/ai/prompt-and-tool-guardrails.md +52 -0
package/api/01-standards/enterprise-api-standards.md +198 -0
package/api/01-standards/rest-api-design-guide.md +63 -0
package/api/02-playbooks/api-pagination-playbook.md +93 -0
package/api/02-playbooks/graphql-production-playbook.md +176 -0
package/api/03-checklists/api-review-checklist.md +55 -0
package/api/04-antipatterns/api-antipatterns.md +112 -0
package/architecture/01-standards/api-gateway-patterns.md +496 -0
package/architecture/01-standards/cloud-native-patterns.md +644 -0
package/architecture/01-standards/distributed-systems-patterns.md +591 -0
package/architecture/01-standards/event-driven-architecture.md +595 -0
package/architecture/01-standards/microservices-patterns-complete.md +968 -0
package/architecture/01-standards/microservices-patterns.md +495 -0
package/architecture/01-standards/system-design-interview.md +664 -0
package/architecture/02-playbooks/microservices-patterns-playbook.md +137 -0
package/architecture/02-playbooks/migration-playbook.md +780 -0
package/architecture/02-playbooks/system-design-playbook.md +779 -0
package/architecture/03-checklists/architecture-decision-checklist.md +297 -0
package/architecture/04-antipatterns/architecture-antipatterns.md +417 -0
package/architecture/05-cases/case-netflix-microservices.md +413 -0
package/architecture/06-glossary/architecture-glossary.md +164 -0
package/architecture/adr-template-and-examples.md +38 -0
package/architecture/api-gateway-deep-dive.md +1291 -0
package/architecture/configuration-management.md +1162 -0
package/architecture/distributed-transactions.md +1220 -0
package/architecture/microservices-complete.md +735 -0
package/architecture/resilience-and-disaster-patterns.md +37 -0
package/architecture/service-governance.md +1198 -0
package/architecture/system-architecture-deep-dive.md +37 -0
package/backend/01-standards/analytics-and-growth.md +65 -0
package/backend/01-standards/api-and-error-conventions.md +120 -0
package/backend/01-standards/application-layering-and-packaging.md +160 -0
package/backend/01-standards/auth-implementation.md +104 -0
package/backend/01-standards/backend-framework-idioms.md +74 -0
package/backend/01-standards/background-jobs-and-async.md +66 -0
package/backend/01-standards/caching-strategies-complete.md +390 -0
package/backend/01-standards/config-and-observability.md +77 -0
package/backend/01-standards/data-modeling-and-persistence.md +94 -0
package/backend/01-standards/django-complete.md +1765 -0
package/backend/01-standards/email-and-notifications.md +64 -0
package/backend/01-standards/fastapi-complete.md +925 -0
package/backend/01-standards/file-upload-and-storage.md +66 -0
package/backend/01-standards/graphql-api-complete.md +416 -0
package/backend/01-standards/llm-application-standard.md +78 -0
package/backend/01-standards/message-queue-patterns.md +379 -0
package/backend/01-standards/microservices-and-distributed.md +78 -0
package/backend/01-standards/nestjs-complete.md +2167 -0
package/backend/01-standards/payment-integration.md +80 -0
package/backend/01-standards/rate-limiting-complete.md +451 -0
package/backend/01-standards/realtime-and-websocket.md +65 -0
package/backend/01-standards/search-and-filtering.md +64 -0
package/backend/01-standards/spring-boot-complete.md +445 -0
package/backend/02-playbooks/api-design-playbook.md +718 -0
package/backend/02-playbooks/email-send-playbook.md +130 -0
package/backend/02-playbooks/file-upload-s3-playbook.md +153 -0
package/backend/02-playbooks/typescript-enterprise-playbook.md +133 -0
package/backend/02-playbooks/websocket-realtime-playbook.md +154 -0
package/backend/03-checklists/api-launch-checklist.md +189 -0
package/backend/04-antipatterns/backend-antipatterns.md +1051 -0
package/blockchain/01-standards/blockchain-basics.md +557 -0
package/blockchain/01-standards/smart-contract-development.md +1315 -0
package/cicd/01-standards/deployment-and-delivery-standard.md +96 -0
package/cicd/01-standards/github-actions-complete.md +473 -0
package/cicd/01-standards/release-and-store-submission.md +75 -0
package/cicd/02-playbooks/cicd-pipeline-playbook.md +144 -0
package/cicd/02-playbooks/release-management-playbook.md +605 -0
package/cicd/03-checklists/pipeline-security-checklist.md +168 -0
package/cicd/04-antipatterns/cicd-antipatterns.md +589 -0
package/cicd/05-cases/case-deployment-automation.md +221 -0
package/cicd/05-cases/case-gitops-transformation.md +212 -0
package/cicd/06-glossary/cicd-glossary.md +114 -0
package/cicd/cicd-blueprint-deep-dive.md +38 -0
package/cicd/release-readiness-gate.md +37 -0
package/cloud-native/01-standards/container-security.md +741 -0
package/cloud-native/01-standards/kubernetes-complete.md +812 -0
package/cloud-native/02-playbooks/api-gateway-playbook.md +155 -0
package/cloud-native/02-playbooks/gitops-with-argocd.md +760 -0
package/cloud-native/02-playbooks/k8s-troubleshooting-playbook.md +1942 -0
package/cloud-native/02-playbooks/message-queue-playbook.md +129 -0
package/cloud-native/02-playbooks/multicloud-governance.md +726 -0
package/cloud-native/02-playbooks/serverless-patterns.md +788 -0
package/cloud-native/02-playbooks/service-mesh-playbook.md +612 -0
package/cloud-native/02-playbooks/terraform-iac-playbook.md +143 -0
package/cloud-native/03-checklists/container-security-checklist.md +431 -0
package/cloud-native/03-checklists/k8s-production-readiness-checklist.md +460 -0
package/cloud-native/04-antipatterns/container-antipatterns.md +660 -0
package/cloud-native/04-antipatterns/k8s-antipatterns.md +743 -0
package/cloud-native/05-cases/case-k8s-migration.md +478 -0
package/cloud-native/05-cases/case-k8s-scaling.md +642 -0
package/cloud-native/05-cases/case-k8s-security-incident.md +397 -0
package/cloud-native/06-glossary/cloud-native-glossary.md +337 -0
package/cross-platform/01-standards/cross-platform-frameworks.md +83 -0
package/cross-platform/01-standards/platform-selection-and-architecture.md +77 -0
package/data/01-standards/elasticsearch-complete.md +2098 -0
package/data/01-standards/postgresql-complete.md +1613 -0
package/data/01-standards/redis-complete.md +1527 -0
package/data/02-playbooks/database-optimization-playbook.md +403 -0
package/data/02-playbooks/elasticsearch-production-playbook.md +132 -0
package/data/03-checklists/database-launch-checklist.md +187 -0
package/data/04-antipatterns/database-antipatterns.md +873 -0
package/data/05-cases/case-database-migration.md +310 -0
package/data/06-glossary/database-glossary.md +440 -0
package/data/data-governance-and-modeling-deep-dive.md +39 -0
package/data-engineering/01-standards/airflow-complete.md +523 -0
package/data-engineering/01-standards/kafka-complete.md +1521 -0
package/data-engineering/02-playbooks/spark-etl-playbook.md +496 -0
package/data-engineering/03-checklists/pipeline-launch-checklist.md +194 -0
package/data-engineering/04-antipatterns/data-pipeline-antipatterns.md +684 -0
package/data-engineering/05-cases/case-real-time-pipeline.md +355 -0
package/data-engineering/06-glossary/data-engineering-glossary.md +429 -0
package/database/01-standards/database-schema-standards.md +147 -0
package/database/02-playbooks/postgresql-optimization-quick.md +52 -0
package/database/02-playbooks/postgresql-performance-optimization.md +58 -0
package/database/02-playbooks/postgresql-production-playbook.md +146 -0
package/database/02-playbooks/redis-caching-playbook.md +117 -0
package/database/03-checklists/database-review-checklist.md +50 -0
package/database/04-antipatterns/database-antipatterns.md +112 -0
package/design/01-standards/ui-design-system-complete.md +423 -0
package/design/02-playbooks/design-handoff-playbook.md +254 -0
package/design/02-playbooks/design-review-playbook.md +388 -0
package/design/03-checklists/design-review-checklist.md +246 -0
package/design/04-antipatterns/design-antipatterns.md +378 -0
package/design/05-cases/case-design-system-adoption.md +328 -0
package/design/06-glossary/design-glossary.md +329 -0
package/design/ui-full-lifecycle-cross-platform-playbook.md +571 -0
package/design/ux-system-deep-dive.md +38 -0
package/design-systems/00-craft-rules.md +71 -0
package/design-systems/aesthetic-families.md +43 -0
package/design-systems/anti-ai-slop.md +162 -0
package/design-systems/bold-geometric.md +120 -0
package/design-systems/brutalist-bold.md +103 -0
package/design-systems/editorial-clean.md +109 -0
package/design-systems/glass-aurora.md +108 -0
package/design-systems/modern-minimal.md +145 -0
package/design-systems/premium-luxury.md +106 -0
package/design-systems/product-type-design-map.md +48 -0
package/design-systems/soft-warm.md +123 -0
package/design-systems/tech-utility.md +113 -0
package/desktop/01-standards/desktop-app-standard.md +72 -0
package/desktop/01-standards/desktop-design.md +71 -0
package/development/00-governance/document-template.md +41 -0
package/development/01-standards/api-versioning-strategies.md +432 -0
package/development/01-standards/authentication-patterns-complete.md +479 -0
package/development/01-standards/css-architecture-complete.md +550 -0
package/development/01-standards/database-migration-strategies.md +484 -0
package/development/01-standards/elasticsearch-complete.md +347 -0
package/development/01-standards/git-complete.md +371 -0
package/development/01-standards/golang-complete.md +1565 -0
package/development/01-standards/graphql-complete.md +298 -0
package/development/01-standards/javascript-bundlers-complete.md +469 -0
package/development/01-standards/javascript-typescript-complete.md +528 -0
package/development/01-standards/jest-complete.md +275 -0
package/development/01-standards/linux-complete.md +234 -0
package/development/01-standards/logging-observability-complete.md +526 -0
package/development/01-standards/microservices-communication.md +502 -0
package/development/01-standards/mongodb-complete.md +406 -0
package/development/01-standards/oauth2-complete.md +285 -0
package/development/01-standards/performance-optimization-complete.md +289 -0
package/development/01-standards/playwright-complete.md +247 -0
package/development/01-standards/postgresql-complete.md +456 -0
package/development/01-standards/pytest-complete.md +340 -0
package/development/01-standards/python-async-programming.md +902 -0
package/development/01-standards/python-complete.md +956 -0
package/development/01-standards/python-decorators-complete.md +799 -0
package/development/01-standards/python-design-patterns.md +2854 -0
package/development/01-standards/python-packaging-distribution.md +420 -0
package/development/01-standards/python-testing-strategies.md +607 -0
package/development/01-standards/python-web-frameworks-comparison.md +471 -0
package/development/01-standards/redis-complete.md +317 -0
package/development/01-standards/rest-api-complete.md +316 -0
package/development/01-standards/rust-complete.md +578 -0
package/development/01-standards/typescript-advanced-types.md +1513 -0
package/development/01-standards/web-security-complete.md +292 -0
package/development/02-playbooks/api-design-playbook.md +810 -0
package/development/02-playbooks/database-migration-playbook.md +580 -0
package/development/02-playbooks/debugging-playbook.md +692 -0
package/development/02-playbooks/feature-delivery-playbook.md +430 -0
package/development/02-playbooks/incident-hotfix-playbook.md +387 -0
package/development/02-playbooks/performance-optimization-playbook.md +531 -0
package/development/02-playbooks/performance-tuning-playbook.md +652 -0
package/development/02-playbooks/refactor-playbook.md +403 -0
package/development/02-playbooks/release-playbook.md +469 -0
package/development/03-checklists/architecture-review-checklist.md +168 -0
package/development/03-checklists/data-migration-checklist.md +157 -0
package/development/03-checklists/oncall-handover-checklist.md +173 -0
package/development/03-checklists/pr-checklist.md +158 -0
package/development/03-checklists/production-readiness-checklist.md +190 -0
package/development/03-checklists/release-readiness-checklist.md +154 -0
package/development/03-checklists/security-review-checklist.md +182 -0
package/development/04-antipatterns/api-antipatterns.md +657 -0
package/development/04-antipatterns/architecture-antipatterns.md +686 -0
package/development/04-antipatterns/backend-antipatterns.md +648 -0
package/development/04-antipatterns/cicd-antipatterns.md +540 -0
package/development/04-antipatterns/code-smell-antipatterns.md +571 -0
package/development/04-antipatterns/data-antipatterns.md +658 -0
package/development/04-antipatterns/database-antipatterns.md +578 -0
package/development/04-antipatterns/frontend-antipatterns.md +635 -0
package/development/04-antipatterns/reliability-antipatterns.md +700 -0
package/development/04-antipatterns/security-antipatterns.md +747 -0
package/development/05-cases/case-api-version-migration.md +428 -0
package/development/05-cases/case-authorization-hardening.md +383 -0
package/development/05-cases/case-bluegreen-rollback.md +466 -0
package/development/05-cases/case-cache-snowball-protection.md +485 -0
package/development/05-cases/case-ci-cd-pipeline.md +544 -0
package/development/05-cases/case-database-scaling.md +500 -0
package/development/05-cases/case-db-hotspot-optimization.md +487 -0
package/development/05-cases/case-incident-mttr-reduction.md +563 -0
package/development/05-cases/case-microservice-migration.md +375 -0
package/development/05-cases/case-performance-optimization.md +406 -0
package/development/05-cases/case-security-incident-response.md +345 -0
package/development/06-glossary/full-stack-glossary.md +166 -0
package/development/09-maturity/quarterly-audit-template.md +35 -0
package/development/11-ui-excellence/ui-aesthetic-system.md +41 -0
package/development/11-ui-excellence/ui-engineering-excellence.md +435 -0
package/development/12-scenarios/development-scenarios-guide.md +565 -0
package/development/13-implementation-assets/implementation-toolkit.md +282 -0
package/development/13-implementation-assets/knowledge-gates-execution.md +43 -0
package/development/14-full-lifecycle/software-lifecycle-gates.md +511 -0
package/development/15-lifecycle-templates/project-templates-collection.md +791 -0
package/development/api-contract-and-versioning-guide.md +36 -0
package/development/api-governance-complete.md +43 -0
package/development/backend-engineering-complete.md +43 -0
package/development/code-review-quality-complete.md +43 -0
package/development/concurrency-reliability-complete.md +43 -0
package/development/database-engineering-complete.md +43 -0
package/development/engineering-effectiveness-complete.md +43 -0
package/development/engineering-standards-deep-dive.md +38 -0
package/development/frontend-engineering-complete.md +43 -0
package/development/performance-capacity-complete.md +43 -0
package/development/refactor-migration-complete.md +42 -0
package/development/refactoring-and-techdebt-playbook.md +37 -0
package/development/security-in-development-complete.md +43 -0
package/devops/01-standards/cicd-pipeline-complete.md +262 -0
package/devops/01-standards/docker-complete.md +1490 -0
package/devops/01-standards/github-actions-complete.md +337 -0
package/devops/01-standards/kubernetes-complete.md +638 -0
package/devops/01-standards/terraform-complete.md +2117 -0
package/devops/02-playbooks/docker-compose-playbook.md +233 -0
package/devops/02-playbooks/docker-k8s-production-playbook.md +186 -0
package/devops/02-playbooks/docker-production-playbook.md +952 -0
package/edge-iot/01-standards/edge-iot-complete.md +473 -0
package/experts/architect/api-design.md +178 -0
package/experts/architect/methodology.md +124 -0
package/experts/architect/security.md +75 -0
package/experts/backend-lead/methodology.md +216 -0
package/experts/devops/methodology.md +160 -0
package/experts/frontend-lead/methodology.md +178 -0
package/experts/product-manager/industry/ecommerce.md +43 -0
package/experts/product-manager/industry/saas.md +40 -0
package/experts/product-manager/methodology.md +97 -0
package/experts/qa-lead/methodology.md +123 -0
package/experts/qa-lead/test-strategy.md +128 -0
package/experts/uiux-designer/methodology.md +125 -0
package/frontend/01-standards/accessibility-complete.md +532 -0
package/frontend/01-standards/accessibility-standard.md +74 -0
package/frontend/01-standards/admin-dashboard-and-crud.md +72 -0
package/frontend/01-standards/design-tokens-complete.md +444 -0
package/frontend/01-standards/forms-and-validation.md +77 -0
package/frontend/01-standards/frontend-architecture-and-layering.md +119 -0
package/frontend/01-standards/i18n-and-localization.md +65 -0
package/frontend/01-standards/nextjs-complete.md +451 -0
package/frontend/01-standards/react-complete.md +713 -0
package/frontend/01-standards/react-hooks-complete-guide.md +1100 -0
package/frontend/01-standards/react-hooks-complete.md +1171 -0
package/frontend/01-standards/seo-and-web-vitals.md +77 -0
package/frontend/01-standards/state-management-complete.md +444 -0
package/frontend/01-standards/vue-complete.md +499 -0
package/frontend/01-standards/vue3-complete.md +2002 -0
package/frontend/01-standards/web-framework-best-practices.md +64 -0
package/frontend/01-standards/web-performance-complete.md +495 -0
package/frontend/02-playbooks/accessibility-a11y-playbook.md +161 -0
package/frontend/02-playbooks/frontend-performance-playbook.md +707 -0
package/frontend/02-playbooks/i18n-internationalization-playbook.md +120 -0
package/frontend/02-playbooks/performance-optimization-playbook.md +163 -0
package/frontend/02-playbooks/react-nextjs-production-playbook.md +167 -0
package/frontend/02-playbooks/react-state-management-playbook.md +173 -0
package/frontend/03-checklists/component-quality-checklist.md +166 -0
package/frontend/03-checklists/frontend-launch-checklist.md +299 -0
package/frontend/04-antipatterns/frontend-antipatterns.md +886 -0
package/frontend/05-cases/case-performance-optimization.md +274 -0
package/harmony/01-standards/harmonyos-arkts-standard.md +75 -0
package/harmony/01-standards/harmonyos-design.md +65 -0
package/high-quality-engineering-playbook.md +54 -0
package/incident/01-standards/incident-response-complete.md +303 -0
package/incident/02-playbooks/chaos-engineering-playbook.md +883 -0
package/incident/02-playbooks/postmortem-playbook.md +398 -0
package/incident/03-checklists/incident-readiness-checklist.md +181 -0
package/incident/04-antipatterns/incident-antipatterns.md +490 -0
package/incident/05-cases/case-cascade-failure.md +176 -0
package/incident/06-glossary/incident-glossary.md +114 -0
package/incident/postmortem-and-response-deep-dive.md +39 -0
package/industries/ecommerce/ecommerce-complete.md +631 -0
package/industries/education/education-complete.md +555 -0
package/industries/fintech/fintech-complete.md +501 -0
package/industries/gaming/gaming-complete.md +587 -0
package/industries/healthcare/healthcare-complete.md +452 -0
package/low-code/01-standards/low-code-complete.md +944 -0
package/miniprogram/01-standards/ai-common-mistakes.md +61 -0
package/miniprogram/01-standards/miniprogram-custom-navbar-capsule.md +77 -0
package/miniprogram/01-standards/miniprogram-design.md +61 -0
package/miniprogram/01-standards/miniprogram-standard.md +81 -0
package/mobile/01-standards/android-material-design.md +70 -0
package/mobile/01-standards/flutter-complete.md +384 -0
package/mobile/01-standards/ios-design-hig.md +78 -0
package/mobile/01-standards/mobile-app-standard.md +85 -0
package/mobile/01-standards/react-native-complete.md +352 -0
package/mobile/02-playbooks/mobile-cross-platform-playbook.md +175 -0
package/mobile/02-playbooks/mobile-performance.md +473 -0
package/mobile/03-checklists/mobile-release-checklist.md +234 -0
package/mobile/04-antipatterns/mobile-antipatterns.md +798 -0
package/mobile/05-cases/case-app-performance.md +500 -0
package/mobile/05-cases/case-app-startup-optimization.md +218 -0
package/mobile/06-glossary/mobile-glossary.md +484 -0
package/observability/01-standards/observability-standards.md +103 -0
package/observability/02-playbooks/prometheus-grafana-playbook.md +135 -0
package/observability/02-playbooks/structured-logging-playbook.md +73 -0
package/observability/03-checklists/observability-checklist.md +54 -0
package/observability/04-antipatterns/observability-antipatterns.md +106 -0
package/operations/01-standards/prometheus-monitoring-complete.md +1578 -0
package/operations/02-playbooks/capacity-planning-playbook.md +620 -0
package/operations/03-checklists/production-launch-checklist.md +365 -0
package/operations/04-antipatterns/operations-antipatterns.md +664 -0
package/operations/05-cases/case-sre-practices.md +581 -0
package/operations/06-glossary/operations-glossary.md +120 -0
package/operations/aiops-anomaly-detection.md +758 -0
package/operations/capacity-planning.md +1061 -0
package/operations/chaos-engineering.md +659 -0
package/operations/incident-command-system.md +38 -0
package/operations/observability-complete.md +442 -0
package/operations/slo-sli-playbook.md +517 -0
package/operations/sre-operations-deep-dive.md +39 -0
package/package.json +8 -0
package/performance/01-standards/performance-and-scalability.md +80 -0
package/performance/01-standards/performance-standards.md +156 -0
package/performance/02-playbooks/query-optimization-playbook.md +103 -0
package/performance/03-checklists/performance-checklist.md +56 -0
package/performance/04-antipatterns/performance-antipatterns.md +146 -0
package/product/01-standards/product-management-complete.md +285 -0
package/product/02-playbooks/feature-launch-playbook.md +207 -0
package/product/02-playbooks/user-research-playbook.md +532 -0
package/product/03-checklists/feature-launch-checklist.md +275 -0
package/product/04-antipatterns/product-antipatterns.md +355 -0
package/product/05-cases/case-mvp-to-scale.md +384 -0
package/product/06-glossary/product-glossary.md +462 -0
package/product/feature-prioritization-framework.md +40 -0
package/product/kpi-and-metric-tree.md +37 -0
package/product/product-discovery-and-prd-deep-dive.md +41 -0
package/quantum/01-standards/quantum-complete.md +1186 -0
package/security/01-standards/api-security-complete.md +511 -0
package/security/01-standards/container-runtime-security.md +574 -0
package/security/01-standards/data-protection-gdpr.md +543 -0
package/security/01-standards/owasp-top10-complete.md +1890 -0
package/security/01-standards/secure-coding-baseline.md +90 -0
package/security/01-standards/supply-chain-security.md +441 -0
package/security/01-standards/web-security-checklist.md +108 -0
package/security/01-standards/zero-trust-architecture.md +521 -0
package/security/02-playbooks/auth-sso-playbook.md +166 -0
package/security/02-playbooks/incident-response-security-playbook.md +588 -0
package/security/02-playbooks/owasp-api-security-playbook.md +129 -0
package/security/02-playbooks/payment-integration-playbook.md +119 -0
package/security/02-playbooks/penetration-testing-playbook.md +517 -0
package/security/03-checklists/security-audit-checklist.md +356 -0
package/security/04-antipatterns/security-coding-antipatterns.md +580 -0
package/security/05-cases/case-log4shell-incident.md +537 -0
package/security/05-cases/case-major-breaches.md +468 -0
package/security/06-glossary/security-glossary.md +212 -0
package/security/compliance-automation.md +993 -0
package/security/container-security.md +680 -0
package/security/devsecops-complete.md +426 -0
package/security/sast-dast-sca.md +775 -0
package/security/secrets-management.md +594 -0
package/security/security-architecture-deep-dive.md +37 -0
package/security/threat-modeling-stride-playbook.md +40 -0
package/seed-templates/auth-system.md +59 -0
package/seed-templates/blog-content.md +94 -0
package/seed-templates/dashboard.md +89 -0
package/seed-templates/docs-site.md +73 -0
package/seed-templates/e-commerce.md +50 -0
package/seed-templates/saas-landing.md +92 -0
package/seed-templates/settings-page.md +51 -0
package/testing/01-standards/test-strategy-and-layering.md +83 -0
package/testing/01-standards/testing-strategy-complete.md +422 -0
package/testing/01-standards/unit-testing-best-practices.md +118 -0
package/testing/02-playbooks/e2e-testing-playbook.md +988 -0
package/testing/02-playbooks/testing-strategy-playbook.md +126 -0
package/testing/03-checklists/test-strategy-checklist.md +208 -0
package/testing/04-antipatterns/testing-antipatterns.md +718 -0
package/testing/05-cases/case-testing-transformation.md +300 -0
package/testing/06-glossary/testing-glossary.md +110 -0
package/testing/risk-based-test-matrix.md +36 -0
package/testing/testing-strategy-deep-dive.md +37 -0

package/security/devsecops-complete.md ADDED Viewed

@@ -0,0 +1,426 @@
+---
+id: devsecops-complete
+title: DevSecOps 完整实践指南
+domain: security
+category: devsecops-complete.md
+difficulty: intermediate
+tags: [complete, devsecops, security, 安全工具链, 安全度量指标, 实施路径, 常见反模式, 最佳实践]
+quality_score: 70
+last_updated: 2026-06-15
+---
+# DevSecOps 完整实践指南
+## 概述
+DevSecOps 将安全性深度集成到 DevOps 流程中,实现安全左移(Shift Left),确保每个阶段都内置安全控制,而非事后补救。
+## 核心原则
+### 1. 安全左移(Shift Left Security)
+- **设计阶段**: 威胁建模、安全架构评审
+- **开发阶段**: 安全编码规范、SAST 扫描
+- **测试阶段**: DAST、依赖扫描、渗透测试
+- **部署阶段**: 容器安全、IaC 扫描、配置检查
+- **运行阶段**: RASP、CSPM、实时监控
+### 2. 安全即代码(Security as Code)
+- 策略定义代码化
+- 安全测试自动化
+- 配置管理版本化
+- 合规检查可追溯
+### 3. 人人负责安全
+- 开发者: 编写安全代码
+- 运维: 安全配置和部署
+- 安全团队: 提供工具和指导
+- 产品: 安全需求纳入规划
+## DevSecOps 流水线
+### Phase 1: 计划与设计(Plan & Design)
+#### 威胁建模
+```
+STRIDE 方法论:
+- Spoofing(欺骗): 认证机制
+- Tampering(篡改): 完整性保护
+- Repudiation(抵赖): 审计日志
+- Information Disclosure(信息泄露): 加密和访问控制
+- Denial of Service(拒绝服务): 限流和容错
+- Elevation of Privilege(权限提升): 授权检查
+```
+#### 安全需求
+- 业务功能安全需求
+- 合规性需求(GDPR, SOC2, PCI-DSS)
+- 安全基线要求
+- 隐私保护要求
+#### 安全架构评审
+- 认证授权方案
+- 数据流向和加密
+- 网络架构和隔离
+- 第三方依赖风险评估
+### Phase 2: 编码(Coding)
+#### 安全编码规范
+```
+通用原则:
+1. 输入验证: 白名单校验、参数化查询
+2. 输出编码: 防止 XSS、注入攻击
+3. 认证授权: 最小权限、会话管理
+4. 错误处理: 不泄露敏感信息
+5. 日志记录: 审计追踪、异常告警
+```
+#### SAST 工具集成
+```yaml
+# GitLab CI 示例
+sast:
+  stage: test
+  script:
+    - semgrep --config=auto --json > sast-report.json
+  artifacts:
+    reports:
+      sast: sast-report.json
+```
+#### 预提交检查
+```bash
+# Git Hooks 示例
+#!/bin/bash
+# 检测敏感信息
+git diff --cached --name-only | xargs grep -E "password|secret|api_key" && exit 1
+# 运行 lint 和静态分析
+npm run lint && npm run security-check
+```
+### Phase 3: 构建(Build)
+#### 依赖扫描(SCA)
+```yaml
+# 依赖扫描配置
+dependency_scanning:
+  stage: build
+  script:
+    - npm audit --json > npm-audit.json
+    - trivy fs --severity HIGH,CRITICAL .
+  artifacts:
+    reports:
+      dependency_scanning: npm-audit.json
+```
+#### 软件物料清单(SBOM)
+```bash
+# 生成 SBOM
+syft packages dir:. -o spdx-json > sbom.spdx.json
+grype sbom:sbom.spdx.json --fail-on high
+```
+#### 构建安全
+- 使用可信基础镜像
+- 最小化镜像层数
+- 不在镜像中存储密钥
+- 签名验证构建产物
+### Phase 4: 测试(Testing)
+#### DAST 动态扫描
+```yaml
+# OWASP ZAP 集成
+dast:
+  stage: test
+  script:
+    - zap-baseline.py -t $TARGET_URL -r dast-report.html
+  artifacts:
+    reports:
+      dast: dast-report.html
+```
+#### 容器安全扫描
+```bash
+# Trivy 容器扫描
+trivy image --severity HIGH,CRITICAL \
+  --ignore-unfixed \
+  --exit-code 1 \
+  myapp:latest
+```
+#### IaC 安全扫描
+```bash
+# Terraform 安全检查
+checkov -d terraform/ --check CKV_AWS_*,CKV_GCP_*
+# Kubernetes 清单检查
+kubeconftest --policy opa/ kubernetes/
+```
+#### 渗透测试
+- 认证绕过测试
+- 权限提升测试
+- 注入攻击测试
+- 业务逻辑漏洞测试
+### Phase 5: 部署(Deploy)
+#### 密钥管理
+```yaml
+# HashiCorp Vault 集成
+vault:
+  stage: deploy
+  script:
+    - vault kv get -field=password secret/myapp > /dev/null
+    - export DB_PASSWORD=$(vault kv get -field=db_password secret/myapp)
+```
+#### 部署门禁
+```yaml
+# 质量门禁检查
+deploy_gate:
+  stage: deploy
+  script:
+    - |
+      if [ "$(jq '.vulnerabilities | length' sast-report.json)" -gt 0 ]; then
+        echo "存在 SAST 漏洞,禁止部署"
+        exit 1
+      fi
+    - |
+      if [ "$(jq '.vulnerabilities | length' dast-report.json)" -gt 0 ]; then
+        echo "存在 DAST 漏洞,禁止部署"
+        exit 1
+      fi
+```
+#### 运行时配置检查
+```yaml
+# Kubernetes 安全策略
+apiVersion: policy/v1beta1
+kind: PodSecurityPolicy
+metadata:
+  name: restricted
+spec:
+  privileged: false
+  runAsUser:
+    rule: MustRunAsNonRoot
+  seLinux:
+    rule: RunAsAny
+  fsGroup:
+    rule: RunAsAny
+```
+### Phase 6: 运行(Runtime)
+#### RASP 运行时保护
+```java
+// OpenRASP 示例
+rasp:
+  plugin:
+    - name: sql_injection
+      enable: true
+      action: block
+    - name: xss_filter
+      enable: true
+      action: block
+```
+#### 安全监控
+```yaml
+# Falco 运行时安全
+- rule: Unexpected TCP Connection
+  desc: 检测异常 TCP 连接
+  condition: >
+    fd.typechar = 4 and proc.name != "nginx"
+  output: >
+    异常网络连接 (user=%user.name command=%proc.cmdline)
+  priority: WARNING
+```
+#### CSPM 云安全态势管理
+```bash
+# Prowler AWS 安全检查
+prowler aws --checks-groups extras --severity high critical
+```
+## 安全工具链
+### SAST 工具
+| 工具 | 语言 | 特点 |
+|------|------|------|
+| Semgrep | 多语言 | 自定义规则、快速 |
+| SonarQube | 多语言 | 集成度高、质量门禁 |
+| Bandit | Python | 轻量级、专注 Python |
+| ESLint Security | JavaScript | 前端安全检查 |
+### DAST 工具
+| 工具 | 特点 | 适用场景 |
+|------|------|----------|
+| OWASP ZAP | 开源免费、功能全面 | Web 应用 |
+| Burp Suite | 专业级、功能强大 | 渗透测试 |
+| Nuclei | 快速扫描、模板化 | 漏洞验证 |
+| SQLMap | SQL 注入专用 | 数据库安全 |
+### SCA 工具
+| 工具 | 特点 | 数据库 |
+|------|------|--------|
+| Dependabot | GitHub 原生、自动化 | GitHub Advisory |
+| Snyk | 实时更新、修复建议 | Snyk Intel |
+| Trivy | 全栈扫描、快速 | 多源数据库 |
+| Grype | 容器优先、SBOM 支持 | Anchore DB |
+### 容器安全
+| 工具 | 特点 | 用途 |
+|------|------|------|
+| Trivy | 全面扫描、CI 友好 | 镜像扫描 |
+| Clair | API 驱动、可扩展 | 镜像仓库集成 |
+| Anchore | 策略引擎、合规检查 | 企业级扫描 |
+| Falco | 运行时监控、规则灵活 | 运行时保护 |
+## 实施路径
+### Level 1: 基础建设(1-3 个月)
+- [ ] 建立 CI/CD 流水线
+- [ ] 集成 SAST 工具
+- [ ] 依赖扫描自动化
+- [ ] 基础镜像管理
+- [ ] 密钥管理方案
+### Level 2: 深化集成(3-6 个月)
+- [ ] DAST 自动化扫描
+- [ ] 容器安全扫描
+- [ ] IaC 安全检查
+- [ ] 威胁建模流程
+- [ ] 安全门禁机制
+### Level 3: 持续优化(6-12 个月)
+- [ ] RASP 部署
+- [ ] CSPM 监控
+- [ ] 安全编排(SOAR)
+- [ ] 红蓝对抗演练
+- [ ] 安全度量体系
+## 安全度量指标
+### 开发阶段
+- SAST 覆盖率: >= 95%
+- 代码扫描频率: 每次提交
+- 高危漏洞修复时间: <= 7 天
+- 安全编码培训完成率: 100%
+### 测试阶段
+- DAST 覆盖率: >= 80%
+- 依赖扫描覆盖率: 100%
+- 渗透测试频率: 每季度
+- 漏洞修复验证率: 100%
+### 部署阶段
+- 部署门禁覆盖率: 100%
+- 密钥轮换频率: <= 90 天
+- 容器镜像扫描率: 100%
+- IaC 扫描覆盖率: 100%
+### 运行阶段
+- RASP 部署覆盖率: >= 80%
+- 安全事件响应时间: <= 1 小时
+- CSPM 合规评分: >= 90 分
+- 安全审计频率: 每月
+## 常见反模式
+### 1. 安全瓶颈
+**问题**: 安全团队成为瓶颈,延迟发布
+**解决**:
+- 自动化安全测试
+- 赋能开发团队
+- 并行化安全检查
+- 风险分级处理
+### 2. 扫描疲劳
+**问题**: 大量误报,团队忽视漏洞
+**解决**:
+- 优化规则精度
+- 建立白名单机制
+- 优先级排序
+- 定期校准工具
+### 3. 工具孤岛
+**问题**: 工具分散,缺乏集成
+**解决**:
+- 统一安全平台
+- 标准化报告格式
+- 集成到 DevOps 平台
+- 单一视图仪表板
+### 4. 一次性检查
+**问题**: 只在上线前扫描,无持续监控
+**解决**:
+- 持续扫描机制
+- 运行时保护
+- 定期重新评估
+- 监控和告警
+## 最佳实践
+### 1. 渐进式实施
+- 优先集成高价值工具
+- 从阻塞型门禁开始
+- 逐步提升覆盖范围
+- 持续优化流程
+### 2. 开发者友好
+- 快速反馈(< 10 分钟)
+- 清晰的修复指引
+- IDE 集成插件
+- 自助式修复工具
+### 3. 自动化优先
+- 减少人工干预
+- 策略即代码
+- 自动修复建议
+- 自愈能力
+### 4. 可视化度量
+- 实时安全仪表板
+- 趋势分析
+- 对比报告
+- 合规证据
+## 企业级实施案例
+### 金融行业
+```yaml
+要求:
+  - PCI-DSS 合规
+  - 数据加密传输存储
+  - 严格的访问控制
+  - 审计日志保留 7 年
+实施:
+  1. 数据库加密(TDE)
+  2. 密钥管理(Vault)
+  3. 网络隔离(VPC)
+  4. WAF 防护
+  5. 定期渗透测试
+```
+### SaaS 平台
+```yaml
+要求:
+  - SOC2 Type II 认证
+  - 多租户隔离
+  - 数据主权
+  - 高可用性
+实施:
+  1. 租户数据隔离
+  2. 细粒度权限控制
+  3. 数据备份和恢复
+  4. 灾难恢复方案
+  5. 安全审计和报告
+```
+## 参考资料
+- [OWASP DevSecOps Guideline](https://owasp.org/www-project-devsecops-guideline/)
+- [NIST Secure Software Development Framework](https://csrc.nist.gov/publications/detail/sp/800-218/final)
+- [CIS Docker Benchmark](https://www.cisecurity.org/benchmark/docker)
+- [Kubernetes Security Best Practices](https://kubernetes.io/docs/concepts/security/)