npm - @umacloud/knowledge - Versions diffs - 1.0.1 - Mend

@umacloud/knowledge 1.0.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (418) hide show

package/00-governance/governance-capabilities.md +557 -0
package/00-governance/knowledge-map.md +39 -0
package/00-governance/maintenance-policy.md +76 -0
package/00-governance/review-checklist.md +81 -0
package/README.md +13 -0
package/ai/01-standards/agent-development-complete.md +691 -0
package/ai/01-standards/llm-application-complete.md +488 -0
package/ai/01-standards/mlops-complete.md +798 -0
package/ai/01-standards/prompt-engineering-complete.md +646 -0
package/ai/01-standards/rag-architecture-complete.md +649 -0
package/ai/02-playbooks/llm-evaluation-playbook.md +847 -0
package/ai/03-checklists/ai-project-checklist.md +215 -0
package/ai/04-antipatterns/ai-antipatterns.md +661 -0
package/ai/05-cases/case-rag-production.md +147 -0
package/ai/06-glossary/ai-glossary.md +162 -0
package/ai/agent-evaluation-benchmark.md +53 -0
package/ai/ai-agent-memory-context-management.md +41 -0
package/ai/ai-cost-capacity-optimization-playbook.md +42 -0
package/ai/ai-data-security-and-compliance-playbook.md +37 -0
package/ai/ai-domain-index-and-checklist.md +40 -0
package/ai/ai-governance-maturity-model.md +50 -0
package/ai/ai-model-selection-and-routing-strategy.md +47 -0
package/ai/ai-observability-and-oncall-runbook.md +52 -0
package/ai/ai-rag-engineering-playbook.md +42 -0
package/ai/ai-red-team-and-safety-evaluation.md +42 -0
package/ai/ai-release-readiness-and-rollback-gate.md +42 -0
package/ai/llm-agent-engineering-deep-dive.md +57 -0
package/ai/prompt-and-tool-guardrails.md +52 -0
package/api/01-standards/enterprise-api-standards.md +198 -0
package/api/01-standards/rest-api-design-guide.md +63 -0
package/api/02-playbooks/api-pagination-playbook.md +93 -0
package/api/02-playbooks/graphql-production-playbook.md +176 -0
package/api/03-checklists/api-review-checklist.md +55 -0
package/api/04-antipatterns/api-antipatterns.md +112 -0
package/architecture/01-standards/api-gateway-patterns.md +496 -0
package/architecture/01-standards/cloud-native-patterns.md +644 -0
package/architecture/01-standards/distributed-systems-patterns.md +591 -0
package/architecture/01-standards/event-driven-architecture.md +595 -0
package/architecture/01-standards/microservices-patterns-complete.md +968 -0
package/architecture/01-standards/microservices-patterns.md +495 -0
package/architecture/01-standards/system-design-interview.md +664 -0
package/architecture/02-playbooks/microservices-patterns-playbook.md +137 -0
package/architecture/02-playbooks/migration-playbook.md +780 -0
package/architecture/02-playbooks/system-design-playbook.md +779 -0
package/architecture/03-checklists/architecture-decision-checklist.md +297 -0
package/architecture/04-antipatterns/architecture-antipatterns.md +417 -0
package/architecture/05-cases/case-netflix-microservices.md +413 -0
package/architecture/06-glossary/architecture-glossary.md +164 -0
package/architecture/adr-template-and-examples.md +38 -0
package/architecture/api-gateway-deep-dive.md +1291 -0
package/architecture/configuration-management.md +1162 -0
package/architecture/distributed-transactions.md +1220 -0
package/architecture/microservices-complete.md +735 -0
package/architecture/resilience-and-disaster-patterns.md +37 -0
package/architecture/service-governance.md +1198 -0
package/architecture/system-architecture-deep-dive.md +37 -0
package/backend/01-standards/analytics-and-growth.md +65 -0
package/backend/01-standards/api-and-error-conventions.md +120 -0
package/backend/01-standards/application-layering-and-packaging.md +160 -0
package/backend/01-standards/auth-implementation.md +104 -0
package/backend/01-standards/backend-framework-idioms.md +74 -0
package/backend/01-standards/background-jobs-and-async.md +66 -0
package/backend/01-standards/caching-strategies-complete.md +390 -0
package/backend/01-standards/config-and-observability.md +77 -0
package/backend/01-standards/data-modeling-and-persistence.md +94 -0
package/backend/01-standards/django-complete.md +1765 -0
package/backend/01-standards/email-and-notifications.md +64 -0
package/backend/01-standards/fastapi-complete.md +925 -0
package/backend/01-standards/file-upload-and-storage.md +66 -0
package/backend/01-standards/graphql-api-complete.md +416 -0
package/backend/01-standards/llm-application-standard.md +78 -0
package/backend/01-standards/message-queue-patterns.md +379 -0
package/backend/01-standards/microservices-and-distributed.md +78 -0
package/backend/01-standards/nestjs-complete.md +2167 -0
package/backend/01-standards/payment-integration.md +80 -0
package/backend/01-standards/rate-limiting-complete.md +451 -0
package/backend/01-standards/realtime-and-websocket.md +65 -0
package/backend/01-standards/search-and-filtering.md +64 -0
package/backend/01-standards/spring-boot-complete.md +445 -0
package/backend/02-playbooks/api-design-playbook.md +718 -0
package/backend/02-playbooks/email-send-playbook.md +130 -0
package/backend/02-playbooks/file-upload-s3-playbook.md +153 -0
package/backend/02-playbooks/typescript-enterprise-playbook.md +133 -0
package/backend/02-playbooks/websocket-realtime-playbook.md +154 -0
package/backend/03-checklists/api-launch-checklist.md +189 -0
package/backend/04-antipatterns/backend-antipatterns.md +1051 -0
package/blockchain/01-standards/blockchain-basics.md +557 -0
package/blockchain/01-standards/smart-contract-development.md +1315 -0
package/cicd/01-standards/deployment-and-delivery-standard.md +96 -0
package/cicd/01-standards/github-actions-complete.md +473 -0
package/cicd/01-standards/release-and-store-submission.md +75 -0
package/cicd/02-playbooks/cicd-pipeline-playbook.md +144 -0
package/cicd/02-playbooks/release-management-playbook.md +605 -0
package/cicd/03-checklists/pipeline-security-checklist.md +168 -0
package/cicd/04-antipatterns/cicd-antipatterns.md +589 -0
package/cicd/05-cases/case-deployment-automation.md +221 -0
package/cicd/05-cases/case-gitops-transformation.md +212 -0
package/cicd/06-glossary/cicd-glossary.md +114 -0
package/cicd/cicd-blueprint-deep-dive.md +38 -0
package/cicd/release-readiness-gate.md +37 -0
package/cloud-native/01-standards/container-security.md +741 -0
package/cloud-native/01-standards/kubernetes-complete.md +812 -0
package/cloud-native/02-playbooks/api-gateway-playbook.md +155 -0
package/cloud-native/02-playbooks/gitops-with-argocd.md +760 -0
package/cloud-native/02-playbooks/k8s-troubleshooting-playbook.md +1942 -0
package/cloud-native/02-playbooks/message-queue-playbook.md +129 -0
package/cloud-native/02-playbooks/multicloud-governance.md +726 -0
package/cloud-native/02-playbooks/serverless-patterns.md +788 -0
package/cloud-native/02-playbooks/service-mesh-playbook.md +612 -0
package/cloud-native/02-playbooks/terraform-iac-playbook.md +143 -0
package/cloud-native/03-checklists/container-security-checklist.md +431 -0
package/cloud-native/03-checklists/k8s-production-readiness-checklist.md +460 -0
package/cloud-native/04-antipatterns/container-antipatterns.md +660 -0
package/cloud-native/04-antipatterns/k8s-antipatterns.md +743 -0
package/cloud-native/05-cases/case-k8s-migration.md +478 -0
package/cloud-native/05-cases/case-k8s-scaling.md +642 -0
package/cloud-native/05-cases/case-k8s-security-incident.md +397 -0
package/cloud-native/06-glossary/cloud-native-glossary.md +337 -0
package/cross-platform/01-standards/cross-platform-frameworks.md +83 -0
package/cross-platform/01-standards/platform-selection-and-architecture.md +77 -0
package/data/01-standards/elasticsearch-complete.md +2098 -0
package/data/01-standards/postgresql-complete.md +1613 -0
package/data/01-standards/redis-complete.md +1527 -0
package/data/02-playbooks/database-optimization-playbook.md +403 -0
package/data/02-playbooks/elasticsearch-production-playbook.md +132 -0
package/data/03-checklists/database-launch-checklist.md +187 -0
package/data/04-antipatterns/database-antipatterns.md +873 -0
package/data/05-cases/case-database-migration.md +310 -0
package/data/06-glossary/database-glossary.md +440 -0
package/data/data-governance-and-modeling-deep-dive.md +39 -0
package/data-engineering/01-standards/airflow-complete.md +523 -0
package/data-engineering/01-standards/kafka-complete.md +1521 -0
package/data-engineering/02-playbooks/spark-etl-playbook.md +496 -0
package/data-engineering/03-checklists/pipeline-launch-checklist.md +194 -0
package/data-engineering/04-antipatterns/data-pipeline-antipatterns.md +684 -0
package/data-engineering/05-cases/case-real-time-pipeline.md +355 -0
package/data-engineering/06-glossary/data-engineering-glossary.md +429 -0
package/database/01-standards/database-schema-standards.md +147 -0
package/database/02-playbooks/postgresql-optimization-quick.md +52 -0
package/database/02-playbooks/postgresql-performance-optimization.md +58 -0
package/database/02-playbooks/postgresql-production-playbook.md +146 -0
package/database/02-playbooks/redis-caching-playbook.md +117 -0
package/database/03-checklists/database-review-checklist.md +50 -0
package/database/04-antipatterns/database-antipatterns.md +112 -0
package/design/01-standards/ui-design-system-complete.md +423 -0
package/design/02-playbooks/design-handoff-playbook.md +254 -0
package/design/02-playbooks/design-review-playbook.md +388 -0
package/design/03-checklists/design-review-checklist.md +246 -0
package/design/04-antipatterns/design-antipatterns.md +378 -0
package/design/05-cases/case-design-system-adoption.md +328 -0
package/design/06-glossary/design-glossary.md +329 -0
package/design/ui-full-lifecycle-cross-platform-playbook.md +571 -0
package/design/ux-system-deep-dive.md +38 -0
package/design-systems/00-craft-rules.md +71 -0
package/design-systems/aesthetic-families.md +43 -0
package/design-systems/anti-ai-slop.md +162 -0
package/design-systems/bold-geometric.md +120 -0
package/design-systems/brutalist-bold.md +103 -0
package/design-systems/editorial-clean.md +109 -0
package/design-systems/glass-aurora.md +108 -0
package/design-systems/modern-minimal.md +145 -0
package/design-systems/premium-luxury.md +106 -0
package/design-systems/product-type-design-map.md +48 -0
package/design-systems/soft-warm.md +123 -0
package/design-systems/tech-utility.md +113 -0
package/desktop/01-standards/desktop-app-standard.md +72 -0
package/desktop/01-standards/desktop-design.md +71 -0
package/development/00-governance/document-template.md +41 -0
package/development/01-standards/api-versioning-strategies.md +432 -0
package/development/01-standards/authentication-patterns-complete.md +479 -0
package/development/01-standards/css-architecture-complete.md +550 -0
package/development/01-standards/database-migration-strategies.md +484 -0
package/development/01-standards/elasticsearch-complete.md +347 -0
package/development/01-standards/git-complete.md +371 -0
package/development/01-standards/golang-complete.md +1565 -0
package/development/01-standards/graphql-complete.md +298 -0
package/development/01-standards/javascript-bundlers-complete.md +469 -0
package/development/01-standards/javascript-typescript-complete.md +528 -0
package/development/01-standards/jest-complete.md +275 -0
package/development/01-standards/linux-complete.md +234 -0
package/development/01-standards/logging-observability-complete.md +526 -0
package/development/01-standards/microservices-communication.md +502 -0
package/development/01-standards/mongodb-complete.md +406 -0
package/development/01-standards/oauth2-complete.md +285 -0
package/development/01-standards/performance-optimization-complete.md +289 -0
package/development/01-standards/playwright-complete.md +247 -0
package/development/01-standards/postgresql-complete.md +456 -0
package/development/01-standards/pytest-complete.md +340 -0
package/development/01-standards/python-async-programming.md +902 -0
package/development/01-standards/python-complete.md +956 -0
package/development/01-standards/python-decorators-complete.md +799 -0
package/development/01-standards/python-design-patterns.md +2854 -0
package/development/01-standards/python-packaging-distribution.md +420 -0
package/development/01-standards/python-testing-strategies.md +607 -0
package/development/01-standards/python-web-frameworks-comparison.md +471 -0
package/development/01-standards/redis-complete.md +317 -0
package/development/01-standards/rest-api-complete.md +316 -0
package/development/01-standards/rust-complete.md +578 -0
package/development/01-standards/typescript-advanced-types.md +1513 -0
package/development/01-standards/web-security-complete.md +292 -0
package/development/02-playbooks/api-design-playbook.md +810 -0
package/development/02-playbooks/database-migration-playbook.md +580 -0
package/development/02-playbooks/debugging-playbook.md +692 -0
package/development/02-playbooks/feature-delivery-playbook.md +430 -0
package/development/02-playbooks/incident-hotfix-playbook.md +387 -0
package/development/02-playbooks/performance-optimization-playbook.md +531 -0
package/development/02-playbooks/performance-tuning-playbook.md +652 -0
package/development/02-playbooks/refactor-playbook.md +403 -0
package/development/02-playbooks/release-playbook.md +469 -0
package/development/03-checklists/architecture-review-checklist.md +168 -0
package/development/03-checklists/data-migration-checklist.md +157 -0
package/development/03-checklists/oncall-handover-checklist.md +173 -0
package/development/03-checklists/pr-checklist.md +158 -0
package/development/03-checklists/production-readiness-checklist.md +190 -0
package/development/03-checklists/release-readiness-checklist.md +154 -0
package/development/03-checklists/security-review-checklist.md +182 -0
package/development/04-antipatterns/api-antipatterns.md +657 -0
package/development/04-antipatterns/architecture-antipatterns.md +686 -0
package/development/04-antipatterns/backend-antipatterns.md +648 -0
package/development/04-antipatterns/cicd-antipatterns.md +540 -0
package/development/04-antipatterns/code-smell-antipatterns.md +571 -0
package/development/04-antipatterns/data-antipatterns.md +658 -0
package/development/04-antipatterns/database-antipatterns.md +578 -0
package/development/04-antipatterns/frontend-antipatterns.md +635 -0
package/development/04-antipatterns/reliability-antipatterns.md +700 -0
package/development/04-antipatterns/security-antipatterns.md +747 -0
package/development/05-cases/case-api-version-migration.md +428 -0
package/development/05-cases/case-authorization-hardening.md +383 -0
package/development/05-cases/case-bluegreen-rollback.md +466 -0
package/development/05-cases/case-cache-snowball-protection.md +485 -0
package/development/05-cases/case-ci-cd-pipeline.md +544 -0
package/development/05-cases/case-database-scaling.md +500 -0
package/development/05-cases/case-db-hotspot-optimization.md +487 -0
package/development/05-cases/case-incident-mttr-reduction.md +563 -0
package/development/05-cases/case-microservice-migration.md +375 -0
package/development/05-cases/case-performance-optimization.md +406 -0
package/development/05-cases/case-security-incident-response.md +345 -0
package/development/06-glossary/full-stack-glossary.md +166 -0
package/development/09-maturity/quarterly-audit-template.md +35 -0
package/development/11-ui-excellence/ui-aesthetic-system.md +41 -0
package/development/11-ui-excellence/ui-engineering-excellence.md +435 -0
package/development/12-scenarios/development-scenarios-guide.md +565 -0
package/development/13-implementation-assets/implementation-toolkit.md +282 -0
package/development/13-implementation-assets/knowledge-gates-execution.md +43 -0
package/development/14-full-lifecycle/software-lifecycle-gates.md +511 -0
package/development/15-lifecycle-templates/project-templates-collection.md +791 -0
package/development/api-contract-and-versioning-guide.md +36 -0
package/development/api-governance-complete.md +43 -0
package/development/backend-engineering-complete.md +43 -0
package/development/code-review-quality-complete.md +43 -0
package/development/concurrency-reliability-complete.md +43 -0
package/development/database-engineering-complete.md +43 -0
package/development/engineering-effectiveness-complete.md +43 -0
package/development/engineering-standards-deep-dive.md +38 -0
package/development/frontend-engineering-complete.md +43 -0
package/development/performance-capacity-complete.md +43 -0
package/development/refactor-migration-complete.md +42 -0
package/development/refactoring-and-techdebt-playbook.md +37 -0
package/development/security-in-development-complete.md +43 -0
package/devops/01-standards/cicd-pipeline-complete.md +262 -0
package/devops/01-standards/docker-complete.md +1490 -0
package/devops/01-standards/github-actions-complete.md +337 -0
package/devops/01-standards/kubernetes-complete.md +638 -0
package/devops/01-standards/terraform-complete.md +2117 -0
package/devops/02-playbooks/docker-compose-playbook.md +233 -0
package/devops/02-playbooks/docker-k8s-production-playbook.md +186 -0
package/devops/02-playbooks/docker-production-playbook.md +952 -0
package/edge-iot/01-standards/edge-iot-complete.md +473 -0
package/experts/architect/api-design.md +178 -0
package/experts/architect/methodology.md +124 -0
package/experts/architect/security.md +75 -0
package/experts/backend-lead/methodology.md +216 -0
package/experts/devops/methodology.md +160 -0
package/experts/frontend-lead/methodology.md +178 -0
package/experts/product-manager/industry/ecommerce.md +43 -0
package/experts/product-manager/industry/saas.md +40 -0
package/experts/product-manager/methodology.md +97 -0
package/experts/qa-lead/methodology.md +123 -0
package/experts/qa-lead/test-strategy.md +128 -0
package/experts/uiux-designer/methodology.md +125 -0
package/frontend/01-standards/accessibility-complete.md +532 -0
package/frontend/01-standards/accessibility-standard.md +74 -0
package/frontend/01-standards/admin-dashboard-and-crud.md +72 -0
package/frontend/01-standards/design-tokens-complete.md +444 -0
package/frontend/01-standards/forms-and-validation.md +77 -0
package/frontend/01-standards/frontend-architecture-and-layering.md +119 -0
package/frontend/01-standards/i18n-and-localization.md +65 -0
package/frontend/01-standards/nextjs-complete.md +451 -0
package/frontend/01-standards/react-complete.md +713 -0
package/frontend/01-standards/react-hooks-complete-guide.md +1100 -0
package/frontend/01-standards/react-hooks-complete.md +1171 -0
package/frontend/01-standards/seo-and-web-vitals.md +77 -0
package/frontend/01-standards/state-management-complete.md +444 -0
package/frontend/01-standards/vue-complete.md +499 -0
package/frontend/01-standards/vue3-complete.md +2002 -0
package/frontend/01-standards/web-framework-best-practices.md +64 -0
package/frontend/01-standards/web-performance-complete.md +495 -0
package/frontend/02-playbooks/accessibility-a11y-playbook.md +161 -0
package/frontend/02-playbooks/frontend-performance-playbook.md +707 -0
package/frontend/02-playbooks/i18n-internationalization-playbook.md +120 -0
package/frontend/02-playbooks/performance-optimization-playbook.md +163 -0
package/frontend/02-playbooks/react-nextjs-production-playbook.md +167 -0
package/frontend/02-playbooks/react-state-management-playbook.md +173 -0
package/frontend/03-checklists/component-quality-checklist.md +166 -0
package/frontend/03-checklists/frontend-launch-checklist.md +299 -0
package/frontend/04-antipatterns/frontend-antipatterns.md +886 -0
package/frontend/05-cases/case-performance-optimization.md +274 -0
package/harmony/01-standards/harmonyos-arkts-standard.md +75 -0
package/harmony/01-standards/harmonyos-design.md +65 -0
package/high-quality-engineering-playbook.md +54 -0
package/incident/01-standards/incident-response-complete.md +303 -0
package/incident/02-playbooks/chaos-engineering-playbook.md +883 -0
package/incident/02-playbooks/postmortem-playbook.md +398 -0
package/incident/03-checklists/incident-readiness-checklist.md +181 -0
package/incident/04-antipatterns/incident-antipatterns.md +490 -0
package/incident/05-cases/case-cascade-failure.md +176 -0
package/incident/06-glossary/incident-glossary.md +114 -0
package/incident/postmortem-and-response-deep-dive.md +39 -0
package/industries/ecommerce/ecommerce-complete.md +631 -0
package/industries/education/education-complete.md +555 -0
package/industries/fintech/fintech-complete.md +501 -0
package/industries/gaming/gaming-complete.md +587 -0
package/industries/healthcare/healthcare-complete.md +452 -0
package/low-code/01-standards/low-code-complete.md +944 -0
package/miniprogram/01-standards/ai-common-mistakes.md +61 -0
package/miniprogram/01-standards/miniprogram-custom-navbar-capsule.md +77 -0
package/miniprogram/01-standards/miniprogram-design.md +61 -0
package/miniprogram/01-standards/miniprogram-standard.md +81 -0
package/mobile/01-standards/android-material-design.md +70 -0
package/mobile/01-standards/flutter-complete.md +384 -0
package/mobile/01-standards/ios-design-hig.md +78 -0
package/mobile/01-standards/mobile-app-standard.md +85 -0
package/mobile/01-standards/react-native-complete.md +352 -0
package/mobile/02-playbooks/mobile-cross-platform-playbook.md +175 -0
package/mobile/02-playbooks/mobile-performance.md +473 -0
package/mobile/03-checklists/mobile-release-checklist.md +234 -0
package/mobile/04-antipatterns/mobile-antipatterns.md +798 -0
package/mobile/05-cases/case-app-performance.md +500 -0
package/mobile/05-cases/case-app-startup-optimization.md +218 -0
package/mobile/06-glossary/mobile-glossary.md +484 -0
package/observability/01-standards/observability-standards.md +103 -0
package/observability/02-playbooks/prometheus-grafana-playbook.md +135 -0
package/observability/02-playbooks/structured-logging-playbook.md +73 -0
package/observability/03-checklists/observability-checklist.md +54 -0
package/observability/04-antipatterns/observability-antipatterns.md +106 -0
package/operations/01-standards/prometheus-monitoring-complete.md +1578 -0
package/operations/02-playbooks/capacity-planning-playbook.md +620 -0
package/operations/03-checklists/production-launch-checklist.md +365 -0
package/operations/04-antipatterns/operations-antipatterns.md +664 -0
package/operations/05-cases/case-sre-practices.md +581 -0
package/operations/06-glossary/operations-glossary.md +120 -0
package/operations/aiops-anomaly-detection.md +758 -0
package/operations/capacity-planning.md +1061 -0
package/operations/chaos-engineering.md +659 -0
package/operations/incident-command-system.md +38 -0
package/operations/observability-complete.md +442 -0
package/operations/slo-sli-playbook.md +517 -0
package/operations/sre-operations-deep-dive.md +39 -0
package/package.json +8 -0
package/performance/01-standards/performance-and-scalability.md +80 -0
package/performance/01-standards/performance-standards.md +156 -0
package/performance/02-playbooks/query-optimization-playbook.md +103 -0
package/performance/03-checklists/performance-checklist.md +56 -0
package/performance/04-antipatterns/performance-antipatterns.md +146 -0
package/product/01-standards/product-management-complete.md +285 -0
package/product/02-playbooks/feature-launch-playbook.md +207 -0
package/product/02-playbooks/user-research-playbook.md +532 -0
package/product/03-checklists/feature-launch-checklist.md +275 -0
package/product/04-antipatterns/product-antipatterns.md +355 -0
package/product/05-cases/case-mvp-to-scale.md +384 -0
package/product/06-glossary/product-glossary.md +462 -0
package/product/feature-prioritization-framework.md +40 -0
package/product/kpi-and-metric-tree.md +37 -0
package/product/product-discovery-and-prd-deep-dive.md +41 -0
package/quantum/01-standards/quantum-complete.md +1186 -0
package/security/01-standards/api-security-complete.md +511 -0
package/security/01-standards/container-runtime-security.md +574 -0
package/security/01-standards/data-protection-gdpr.md +543 -0
package/security/01-standards/owasp-top10-complete.md +1890 -0
package/security/01-standards/secure-coding-baseline.md +90 -0
package/security/01-standards/supply-chain-security.md +441 -0
package/security/01-standards/web-security-checklist.md +108 -0
package/security/01-standards/zero-trust-architecture.md +521 -0
package/security/02-playbooks/auth-sso-playbook.md +166 -0
package/security/02-playbooks/incident-response-security-playbook.md +588 -0
package/security/02-playbooks/owasp-api-security-playbook.md +129 -0
package/security/02-playbooks/payment-integration-playbook.md +119 -0
package/security/02-playbooks/penetration-testing-playbook.md +517 -0
package/security/03-checklists/security-audit-checklist.md +356 -0
package/security/04-antipatterns/security-coding-antipatterns.md +580 -0
package/security/05-cases/case-log4shell-incident.md +537 -0
package/security/05-cases/case-major-breaches.md +468 -0
package/security/06-glossary/security-glossary.md +212 -0
package/security/compliance-automation.md +993 -0
package/security/container-security.md +680 -0
package/security/devsecops-complete.md +426 -0
package/security/sast-dast-sca.md +775 -0
package/security/secrets-management.md +594 -0
package/security/security-architecture-deep-dive.md +37 -0
package/security/threat-modeling-stride-playbook.md +40 -0
package/seed-templates/auth-system.md +59 -0
package/seed-templates/blog-content.md +94 -0
package/seed-templates/dashboard.md +89 -0
package/seed-templates/docs-site.md +73 -0
package/seed-templates/e-commerce.md +50 -0
package/seed-templates/saas-landing.md +92 -0
package/seed-templates/settings-page.md +51 -0
package/testing/01-standards/test-strategy-and-layering.md +83 -0
package/testing/01-standards/testing-strategy-complete.md +422 -0
package/testing/01-standards/unit-testing-best-practices.md +118 -0
package/testing/02-playbooks/e2e-testing-playbook.md +988 -0
package/testing/02-playbooks/testing-strategy-playbook.md +126 -0
package/testing/03-checklists/test-strategy-checklist.md +208 -0
package/testing/04-antipatterns/testing-antipatterns.md +718 -0
package/testing/05-cases/case-testing-transformation.md +300 -0
package/testing/06-glossary/testing-glossary.md +110 -0
package/testing/risk-based-test-matrix.md +36 -0
package/testing/testing-strategy-deep-dive.md +37 -0

package/security/secrets-management.md ADDED Viewed

@@ -0,0 +1,594 @@
+---
+id: secrets-management
+title: 密钥管理完整方案
+domain: security
+category: secrets-management.md
+difficulty: intermediate
+tags: [kubernetes, management, secrets, security, 中的使用, 密钥在, 密钥生命周期管理, 密钥管理]
+quality_score: 70
+last_updated: 2026-06-15
+---
+# 密钥管理完整方案
+## 概述
+密钥管理(Secrets Management)是保护敏感信息(密码、API 密钥、证书等)的系统化方法,防止泄露和未授权访问。
+## 密钥类型
+### 1. 基础设施密钥
+- 数据库凭证
+- API 密钥
+- SSH 密钥
+- TLS/SSL 证书
+- 云服务访问密钥(AWS Access Key, GCP Service Account)
+### 2. 应用程序密钥
+- 加密密钥
+- 签名密钥
+- Session 密钥
+- OAuth Client Secret
+### 3. 业务敏感信息
+- 第三方服务凭证
+- 支付网关密钥
+- 监控和日志访问令牌
+## 密钥生命周期管理
+### 1. 生成(Generation)
+```bash
+# 强密码生成
+openssl rand -base64 32
+# RSA 密钥对
+openssl genrsa -out private.pem 2048
+openssl rsa -in private.pem -pubout -out public.pem
+# SSH 密钥
+ssh-keygen -t ed25519 -C "deploy@company.com" -f deploy_key
+# API 密钥
+uuidgen | tr -d '-' | lower
+```
+### 2. 存储(Storage)
+```yaml
+# HashiCorp Vault 示例
+vault kv put secret/myapp \
+  db_password="$(openssl rand -base64 32)" \
+  api_key="$(uuidgen)" \
+  tls_cert=@"cert.pem"
+```
+### 3. 分发(Distribution)
+```yaml
+# Kubernetes Secret
+apiVersion: v1
+kind: Secret
+metadata:
+  name: app-secrets
+type: Opaque
+data:
+  db_password: <base64-encoded>
+---
+# 从 Vault 注入
+apiVersion: apps/v1
+kind: Deployment
+spec:
+  template:
+    spec:
+      containers:
+      - name: app
+        env:
+        - name: DB_PASSWORD
+          valueFrom:
+            secretKeyRef:
+              name: vault-secret
+              key: db_password
+```
+### 4. 轮换(Rotation)
+```yaml
+# Vault 动态数据库凭证
+vault write database/config/myapp \
+  plugin_name=postgresql-database-plugin \
+  allowed_roles="myapp-role" \
+  connection_url="postgresql://{{username}}:{{password}}@db:5432/myapp"
+vault write database/roles/myapp-role \
+  db_name=myapp \
+  creation_statements="CREATE ROLE \"{{name}}\" WITH LOGIN PASSWORD '{{password}}' VALID UNTIL '{{expiration}}';" \
+  default_ttl="1h" \
+  max_ttl="24h"
+```
+### 5. 吊销(Revocation)
+```bash
+# 吊销 Vault 令牌
+vault token revoke <token>
+# 吊销 PKI 证书
+vault write pki/revoke serial_number=<serial>
+```
+## 密钥管理解决方案
+### 1. HashiCorp Vault
+#### 架构
+```
+Client -> Vault Agent -> Vault Server -> Storage Backend
+                                |
+                                -> Auth Method (AppRole, K8s, OIDC)
+                                -> Secrets Engine (KV, Database, PKI)
+```
+#### 核心功能
+```hcl
+# 启用审计日志
+audit {
+  type = "file"
+  options = {
+    file_path = "/var/log/vault/audit.log"
+  }
+}
+# AppRole 认证
+auth "approle" {
+  path = "approle"
+}
+# 数据库密钥引擎
+secrets "database" {
+  path = "database"
+}
+```
+#### 最佳实践
+```yaml
+# 1. 使用命名空间隔离
+vault namespace create team-a
+vault namespace create team-b
+# 2. 细粒度策略
+path "secret/data/team-a/*" {
+  capabilities = ["create", "read", "update", "delete", "list"]
+}
+path "secret/data/team-b/*" {
+  capabilities = ["deny"]
+}
+# 3. 响应包装
+vault kv get -wrap-ttl=60s secret/myapp
+```
+### 2. AWS Secrets Manager
+```python
+import boto3
+import json
+client = boto3.client('secretsmanager')
+# 存储密钥
+response = client.create_secret(
+    Name='myapp/db-password',
+    SecretString=json.dumps({
+        'username': 'admin',
+        'password': 'secure-password',
+        'host': 'db.example.com',
+        'port': 5432
+    }),
+    Tags=[
+        {'Key': 'Environment', 'Value': 'production'},
+        {'Key': 'Application', 'Value': 'myapp'}
+    ]
+)
+# 自动轮换
+response = client.rotate_secret(
+    SecretId='myapp/db-password',
+    RotationLambdaARN='arn:aws:lambda:region:account:function:rotate',
+    RotationRules={
+        'AutomaticallyAfterDays': 30
+    }
+)
+```
+### 3. Azure Key Vault
+```csharp
+// C# 示例
+using Azure.Identity;
+using Azure.Security.KeyVault.Secrets;
+var client = new SecretClient(
+    new Uri("https://myvault.vault.azure.net/"),
+    new DefaultAzureCredential()
+);
+// 存储密钥
+await client.SetSecretAsync("db-password", "secure-password");
+// 读取密钥
+KeyVaultSecret secret = await client.GetSecretAsync("db-password");
+string password = secret.Value;
+```
+### 4. Google Secret Manager
+```python
+from google.cloud import secretmanager
+client = secretmanager.SecretManagerServiceClient()
+# 创建密钥
+parent = f"projects/{project_id}"
+response = client.create_secret(
+    request={
+        "parent": parent,
+        "secret_id": "api-key",
+        "secret": {"replication": {"automatic": {}}}
+    }
+)
+# 添加版本
+response = client.add_secret_version(
+    request={
+        "parent": response.name,
+        "payload": {"data": b"my-secret-api-key"}
+    }
+)
+```
+## 密钥在 CI/CD 中的使用
+### GitLab CI
+```yaml
+# .gitlab-ci.yml
+variables:
+  # 从 Vault 获取
+  VAULT_ADDR: "https://vault.company.com"
+before_script:
+  # Vault 认证
+  - export VAULT_TOKEN=$(vault write -field=token auth/jwt/login jwt=$CI_JOB_JWT)
+deploy:
+  stage: deploy
+  script:
+    - export DB_PASSWORD=$(vault kv get -field=password secret/myapp/db)
+    - kubectl create secret generic app-secrets --from-literal=db-password=$DB_PASSWORD
+```
+### GitHub Actions
+```yaml
+name: Deploy
+on: [push]
+jobs:
+  deploy:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v3
+      - name: Import Secrets
+        uses: hashicorp/vault-action@v2
+        with:
+          url: https://vault.company.com
+          role: myapp
+          method: jwt
+          secrets: |
+            secret/data/myapp db_password | DB_PASSWORD
+            secret/data/myapp api_key | API_KEY
+      - name: Deploy
+        run: |
+          echo "Deploying with secrets..."
+          kubectl apply -f k8s/
+```
+### Jenkins Pipeline
+```groovy
+pipeline {
+  agent any
+  stages {
+    stage('Deploy') {
+      steps {
+        script {
+          // 从 Vault 读取
+          withVault(
+            vaultBaseUrl: 'https://vault.company.com',
+            credentialId: 'vault-approle',
+            secrets: [
+              [path: 'secret/myapp', secretValues: [
+                [envVar: 'DB_PASSWORD', vaultKey: 'db_password']
+              ]]
+            ]
+          ) {
+            sh 'kubectl create secret generic app-secrets --from-literal=db-password=$DB_PASSWORD'
+          }
+        }
+      }
+    }
+  }
+}
+```
+## Kubernetes 密钥管理
+### 1. 原生 Secret
+```yaml
+apiVersion: v1
+kind: Secret
+metadata:
+  name: app-secrets
+type: Opaque
+stringData:
+  db_password: "secure-password"  # 自动 base64 编码
+```
+### 2. External Secrets Operator
+```yaml
+apiVersion: external-secrets.io/v1beta1
+kind: ExternalSecret
+metadata:
+  name: app-secrets
+spec:
+  refreshInterval: 1h
+  secretStoreRef:
+    name: vault-backend
+    kind: ClusterSecretStore
+  target:
+    name: app-secrets
+  data:
+    - secretKey: db_password
+      remoteRef:
+        key: secret/myapp
+        property: db_password
+```
+### 3. Sealed Secrets
+```bash
+# 加密 Secret
+kubeseal --format=yaml < secret.yaml > sealed-secret.yaml
+# 部署加密后的 Secret
+kubectl apply -f sealed-secret.yaml
+```
+## 密钥泄露防护
+### 1. 预提交检测
+```bash
+# git-secrets
+git secrets --register-aws
+git secrets --scan
+# Gitleaks
+gitleaks detect --source . --config gitleaks.toml
+# TruffleHog
+trufflehog git file://. --only-verified
+```
+### 2. 运行时检测
+```python
+# 密钥泄露检测规则
+patterns = [
+    r'(?i)aws_access_key_id\s*=\s*[A-Z0-9]{20}',
+    r'(?i)aws_secret_access_key\s*=\s*[A-Za-z0-9/+=]{40}',
+    r'(?i)password\s*=\s*["\'][^"\']+["\']',
+    r'(?i)api_key\s*=\s*["\'][^"\']+["\']',
+    r'-----BEGIN (?:RSA |)PRIVATE KEY-----'
+]
+def scan_for_secrets(content):
+    for pattern in patterns:
+        if re.search(pattern, content):
+            alert_security_team(pattern)
+```
+### 3. Git 历史清理
+```bash
+# BFG Repo-Cleaner
+bfg --replace-text passwords.txt my-repo.git
+# git-filter-repo
+git filter-repo --invert-paths --path secrets.env
+```
+## 密钥轮换策略
+### 1. 自动轮换
+```yaml
+# Vault 数据库轮换
+vault write database/roles/app \
+  db_name=postgres \
+  creation_statements="CREATE ROLE \"{{name}}\" WITH LOGIN PASSWORD '{{password}}' VALID UNTIL '{{expiration}}';" \
+  revocation_statements="DROP ROLE \"{{name}}\";" \
+  default_ttl="1h" \
+  max_ttl="24h"
+```
+### 2. 零停机轮换
+```yaml
+# 蓝绿密钥策略
+apiVersion: v1
+kind: Secret
+metadata:
+  name: app-secrets-blue
+data:
+  db_password: <current-password>
+---
+apiVersion: v1
+kind: Secret
+metadata:
+  name: app-secrets-green
+data:
+  db_password: <new-password>
+```
+### 3. 渐进式轮换
+```python
+def rotate_secret(secret_name):
+    # 1. 生成新密钥
+    new_secret = generate_secret()
+    # 2. 写入新版本
+    add_secret_version(secret_name, new_secret)
+    # 3. 监控应用健康
+    if not health_check():
+        # 回滚到旧版本
+        rollback_secret(secret_name)
+        return
+    # 4. 标记旧版本为过期
+    expire_old_versions(secret_name, keep_last=2)
+```
+## 审计和合规
+### 1. 审计日志
+```json
+{
+  "timestamp": "2025-03-20T10:00:00Z",
+  "action": "read",
+  "secret_path": "secret/myapp/db",
+  "actor": "app-service",
+  "ip_address": "10.0.1.100",
+  "user_agent": "vault-client/1.0",
+  "success": true,
+  "response_code": 200
+}
+```
+### 2. 访问控制
+```hcl
+# Vault 策略示例
+# 开发者只读访问开发环境
+path "secret/data/dev/*" {
+  capabilities = ["read", "list"]
+}
+# 运维完全访问生产环境
+path "secret/data/prod/*" {
+  capabilities = ["create", "read", "update", "delete", "list"]
+}
+# 审计员只读访问所有
+path "sys/audit" {
+  capabilities = ["read", "list"]
+}
+```
+### 3. 合规检查
+```yaml
+# 密钥合规规则
+policies:
+  - name: ensure-secrets-encrypted
+    resource: aws.secretsmanager
+    filters:
+      - type: value
+        key: KmsKeyId
+        value: absent
+  - name: ensure-rotation-enabled
+    resource: aws.secretsmanager
+    filters:
+      - type: value
+        key: RotationEnabled
+        value: false
+  - name: no-secrets-in-env
+    resource: k8s.deployment
+    filters:
+      - type: env-var
+        key: PASSWORD
+        value: not-null
+```
+## 灾难恢复
+### 1. 备份策略
+```bash
+# Vault 备份
+vault operator raft snapshot save backup.snap
+# 恢复
+vault operator raft snapshot restore backup.snap
+```
+### 2. 多区域复制
+```hcl
+# Vault 复制配置
+replication {
+  mode = "primary"
+  primary_cluster_addr = "https://primary.vault:8201"
+  performance_replication {
+    paths = ["secret/data/global/*"]
+  }
+}
+```
+### 3. 密钥托管
+```yaml
+# Shamir Secret Sharing
+recovery_shares: 5
+recovery_threshold: 3
+# 5 人持有密钥分片,至少 3 人才能恢复
+```
+## 安全最佳实践
+### 1. 最小权限
+- 应用仅获取所需密钥
+- 使用细粒度策略
+- 定期审查权限
+### 2. 加密传输和存储
+- TLS 传输加密
+- 密钥静态加密
+- 信封加密
+### 3. 审计追踪
+- 记录所有访问
+- 实时告警异常
+- 定期审计日志
+### 4. 高可用
+- 多副本部署
+- 自动故障转移
+- 定期演练恢复
+### 5. 密钥隔离
+- 按环境隔离(Dev/Staging/Prod)
+- 按团队隔离
+- 按应用隔离
+## 实施检查清单
+- [ ] 选择密钥管理方案(Vault/云原生)
+- [ ] 建立命名规范
+- [ ] 配置访问控制策略
+- [ ] 实现自动轮换
+- [ ] 集成 CI/CD 流水线
+- [ ] 部署密钥泄露检测
+- [ ] 启用审计日志
+- [ ] 配置告警通知
+- [ ] 定期备份
+- [ ] 制定灾难恢复计划
+- [ ] 安全培训
+- [ ] 定期安全审计
+## 参考资料
+- [HashiCorp Vault Documentation](https://www.vaultproject.io/docs)
+- [AWS Secrets Manager Best Practices](https://docs.aws.amazon.com/secretsmanager/latest/userguide/best-practices.html)
+- [OWASP Secrets Management Cheat Sheet](https://cheatsheetseries.owasp.org/cheatsheets/Secrets_Management_Cheat_Sheet.html)
+- [Kubernetes Secrets Management](https://kubernetes.io/docs/concepts/configuration/secret/)

package/security/security-architecture-deep-dive.md ADDED Viewed

@@ -0,0 +1,37 @@
+---
+id: security-architecture-deep-dive
+title: security-architecture-deep-dive
+domain: security
+category: security-architecture-deep-dive.md
+difficulty: intermediate
+tags: [architecture, deep, dive, security, 安全环节深度知识库]
+quality_score: 70
+last_updated: 2026-06-15
+---
+# 开发：Excellent（11964948@qq.com）
+## 安全环节深度知识库
+### 目标
+- 形成从设计到运行期的全链路安全防护体系。
+### 安全基线
+- 认证授权：最小权限、资源归属校验、租户隔离。
+- 输入输出：参数白名单、长度限制、类型校验、敏感字段脱敏。
+- 数据保护：传输加密、存储加密、密钥轮换、访问审计。
+- 依赖治理：漏洞扫描、版本锁定、风险依赖替换策略。
+### 威胁建模
+- 识别资产：账号、交易、隐私、配置、日志。
+- 识别攻击面：接口、回调、文件上传、第三方依赖。
+- 评估影响：数据泄露、权限提升、服务中断、合规风险。
+- 防护方案：预防、检测、响应、恢复四层闭环。
+### 响应机制
+- 高危事件必须立即隔离与止损。
+- 保留完整证据链，支持事后审计与合规核查。
+- 事件关闭后必须输出改进项并进入门禁检查。
+### 常见失败模式
+- 只做身份认证，不做授权粒度控制。
+- 有安全工具但没有漏洞整改闭环。

package/security/threat-modeling-stride-playbook.md ADDED Viewed

@@ -0,0 +1,40 @@
+---
+id: threat-modeling-stride-playbook
+title: threat-modeling-stride-playbook
+domain: security
+category: threat-modeling-stride-playbook.md
+difficulty: intermediate
+tags: [modeling, playbook, security, stride, threat, 威胁建模手册]
+quality_score: 70
+last_updated: 2026-06-15
+---
+# 开发：Excellent（11964948@qq.com）
+## STRIDE 威胁建模手册
+### 目标
+- 在需求与设计阶段提前识别安全风险，降低上线后高危漏洞暴露概率。
+### STRIDE 维度
+- S：身份伪造（Spoofing）
+- T：篡改（Tampering）
+- R：抵赖（Repudiation）
+- I：信息泄露（Information Disclosure）
+- D：拒绝服务（Denial of Service）
+- E：权限提升（Elevation of Privilege）
+### 建模步骤
+- 列出核心资产与数据流。
+- 为每条数据流逐项评估 STRIDE 风险。
+- 为每个高风险点定义检测与防护措施。
+- 确定验证方式并纳入测试计划。
+### 必做检查项
+- 鉴权接口必须验证主体、租户、资源归属。
+- 敏感数据接口必须有审计日志与脱敏策略。
+- 外部输入点必须有参数白名单与长度限制。
+- 高风险操作必须定义速率限制与告警规则。
+### 常见失败模式
+- 只做一次建模，不随架构演进更新。
+- 识别风险后没有落地到门禁和测试。