@umacloud/knowledge 1.0.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (418) hide show
  1. package/00-governance/governance-capabilities.md +557 -0
  2. package/00-governance/knowledge-map.md +39 -0
  3. package/00-governance/maintenance-policy.md +76 -0
  4. package/00-governance/review-checklist.md +81 -0
  5. package/README.md +13 -0
  6. package/ai/01-standards/agent-development-complete.md +691 -0
  7. package/ai/01-standards/llm-application-complete.md +488 -0
  8. package/ai/01-standards/mlops-complete.md +798 -0
  9. package/ai/01-standards/prompt-engineering-complete.md +646 -0
  10. package/ai/01-standards/rag-architecture-complete.md +649 -0
  11. package/ai/02-playbooks/llm-evaluation-playbook.md +847 -0
  12. package/ai/03-checklists/ai-project-checklist.md +215 -0
  13. package/ai/04-antipatterns/ai-antipatterns.md +661 -0
  14. package/ai/05-cases/case-rag-production.md +147 -0
  15. package/ai/06-glossary/ai-glossary.md +162 -0
  16. package/ai/agent-evaluation-benchmark.md +53 -0
  17. package/ai/ai-agent-memory-context-management.md +41 -0
  18. package/ai/ai-cost-capacity-optimization-playbook.md +42 -0
  19. package/ai/ai-data-security-and-compliance-playbook.md +37 -0
  20. package/ai/ai-domain-index-and-checklist.md +40 -0
  21. package/ai/ai-governance-maturity-model.md +50 -0
  22. package/ai/ai-model-selection-and-routing-strategy.md +47 -0
  23. package/ai/ai-observability-and-oncall-runbook.md +52 -0
  24. package/ai/ai-rag-engineering-playbook.md +42 -0
  25. package/ai/ai-red-team-and-safety-evaluation.md +42 -0
  26. package/ai/ai-release-readiness-and-rollback-gate.md +42 -0
  27. package/ai/llm-agent-engineering-deep-dive.md +57 -0
  28. package/ai/prompt-and-tool-guardrails.md +52 -0
  29. package/api/01-standards/enterprise-api-standards.md +198 -0
  30. package/api/01-standards/rest-api-design-guide.md +63 -0
  31. package/api/02-playbooks/api-pagination-playbook.md +93 -0
  32. package/api/02-playbooks/graphql-production-playbook.md +176 -0
  33. package/api/03-checklists/api-review-checklist.md +55 -0
  34. package/api/04-antipatterns/api-antipatterns.md +112 -0
  35. package/architecture/01-standards/api-gateway-patterns.md +496 -0
  36. package/architecture/01-standards/cloud-native-patterns.md +644 -0
  37. package/architecture/01-standards/distributed-systems-patterns.md +591 -0
  38. package/architecture/01-standards/event-driven-architecture.md +595 -0
  39. package/architecture/01-standards/microservices-patterns-complete.md +968 -0
  40. package/architecture/01-standards/microservices-patterns.md +495 -0
  41. package/architecture/01-standards/system-design-interview.md +664 -0
  42. package/architecture/02-playbooks/microservices-patterns-playbook.md +137 -0
  43. package/architecture/02-playbooks/migration-playbook.md +780 -0
  44. package/architecture/02-playbooks/system-design-playbook.md +779 -0
  45. package/architecture/03-checklists/architecture-decision-checklist.md +297 -0
  46. package/architecture/04-antipatterns/architecture-antipatterns.md +417 -0
  47. package/architecture/05-cases/case-netflix-microservices.md +413 -0
  48. package/architecture/06-glossary/architecture-glossary.md +164 -0
  49. package/architecture/adr-template-and-examples.md +38 -0
  50. package/architecture/api-gateway-deep-dive.md +1291 -0
  51. package/architecture/configuration-management.md +1162 -0
  52. package/architecture/distributed-transactions.md +1220 -0
  53. package/architecture/microservices-complete.md +735 -0
  54. package/architecture/resilience-and-disaster-patterns.md +37 -0
  55. package/architecture/service-governance.md +1198 -0
  56. package/architecture/system-architecture-deep-dive.md +37 -0
  57. package/backend/01-standards/analytics-and-growth.md +65 -0
  58. package/backend/01-standards/api-and-error-conventions.md +120 -0
  59. package/backend/01-standards/application-layering-and-packaging.md +160 -0
  60. package/backend/01-standards/auth-implementation.md +104 -0
  61. package/backend/01-standards/backend-framework-idioms.md +74 -0
  62. package/backend/01-standards/background-jobs-and-async.md +66 -0
  63. package/backend/01-standards/caching-strategies-complete.md +390 -0
  64. package/backend/01-standards/config-and-observability.md +77 -0
  65. package/backend/01-standards/data-modeling-and-persistence.md +94 -0
  66. package/backend/01-standards/django-complete.md +1765 -0
  67. package/backend/01-standards/email-and-notifications.md +64 -0
  68. package/backend/01-standards/fastapi-complete.md +925 -0
  69. package/backend/01-standards/file-upload-and-storage.md +66 -0
  70. package/backend/01-standards/graphql-api-complete.md +416 -0
  71. package/backend/01-standards/llm-application-standard.md +78 -0
  72. package/backend/01-standards/message-queue-patterns.md +379 -0
  73. package/backend/01-standards/microservices-and-distributed.md +78 -0
  74. package/backend/01-standards/nestjs-complete.md +2167 -0
  75. package/backend/01-standards/payment-integration.md +80 -0
  76. package/backend/01-standards/rate-limiting-complete.md +451 -0
  77. package/backend/01-standards/realtime-and-websocket.md +65 -0
  78. package/backend/01-standards/search-and-filtering.md +64 -0
  79. package/backend/01-standards/spring-boot-complete.md +445 -0
  80. package/backend/02-playbooks/api-design-playbook.md +718 -0
  81. package/backend/02-playbooks/email-send-playbook.md +130 -0
  82. package/backend/02-playbooks/file-upload-s3-playbook.md +153 -0
  83. package/backend/02-playbooks/typescript-enterprise-playbook.md +133 -0
  84. package/backend/02-playbooks/websocket-realtime-playbook.md +154 -0
  85. package/backend/03-checklists/api-launch-checklist.md +189 -0
  86. package/backend/04-antipatterns/backend-antipatterns.md +1051 -0
  87. package/blockchain/01-standards/blockchain-basics.md +557 -0
  88. package/blockchain/01-standards/smart-contract-development.md +1315 -0
  89. package/cicd/01-standards/deployment-and-delivery-standard.md +96 -0
  90. package/cicd/01-standards/github-actions-complete.md +473 -0
  91. package/cicd/01-standards/release-and-store-submission.md +75 -0
  92. package/cicd/02-playbooks/cicd-pipeline-playbook.md +144 -0
  93. package/cicd/02-playbooks/release-management-playbook.md +605 -0
  94. package/cicd/03-checklists/pipeline-security-checklist.md +168 -0
  95. package/cicd/04-antipatterns/cicd-antipatterns.md +589 -0
  96. package/cicd/05-cases/case-deployment-automation.md +221 -0
  97. package/cicd/05-cases/case-gitops-transformation.md +212 -0
  98. package/cicd/06-glossary/cicd-glossary.md +114 -0
  99. package/cicd/cicd-blueprint-deep-dive.md +38 -0
  100. package/cicd/release-readiness-gate.md +37 -0
  101. package/cloud-native/01-standards/container-security.md +741 -0
  102. package/cloud-native/01-standards/kubernetes-complete.md +812 -0
  103. package/cloud-native/02-playbooks/api-gateway-playbook.md +155 -0
  104. package/cloud-native/02-playbooks/gitops-with-argocd.md +760 -0
  105. package/cloud-native/02-playbooks/k8s-troubleshooting-playbook.md +1942 -0
  106. package/cloud-native/02-playbooks/message-queue-playbook.md +129 -0
  107. package/cloud-native/02-playbooks/multicloud-governance.md +726 -0
  108. package/cloud-native/02-playbooks/serverless-patterns.md +788 -0
  109. package/cloud-native/02-playbooks/service-mesh-playbook.md +612 -0
  110. package/cloud-native/02-playbooks/terraform-iac-playbook.md +143 -0
  111. package/cloud-native/03-checklists/container-security-checklist.md +431 -0
  112. package/cloud-native/03-checklists/k8s-production-readiness-checklist.md +460 -0
  113. package/cloud-native/04-antipatterns/container-antipatterns.md +660 -0
  114. package/cloud-native/04-antipatterns/k8s-antipatterns.md +743 -0
  115. package/cloud-native/05-cases/case-k8s-migration.md +478 -0
  116. package/cloud-native/05-cases/case-k8s-scaling.md +642 -0
  117. package/cloud-native/05-cases/case-k8s-security-incident.md +397 -0
  118. package/cloud-native/06-glossary/cloud-native-glossary.md +337 -0
  119. package/cross-platform/01-standards/cross-platform-frameworks.md +83 -0
  120. package/cross-platform/01-standards/platform-selection-and-architecture.md +77 -0
  121. package/data/01-standards/elasticsearch-complete.md +2098 -0
  122. package/data/01-standards/postgresql-complete.md +1613 -0
  123. package/data/01-standards/redis-complete.md +1527 -0
  124. package/data/02-playbooks/database-optimization-playbook.md +403 -0
  125. package/data/02-playbooks/elasticsearch-production-playbook.md +132 -0
  126. package/data/03-checklists/database-launch-checklist.md +187 -0
  127. package/data/04-antipatterns/database-antipatterns.md +873 -0
  128. package/data/05-cases/case-database-migration.md +310 -0
  129. package/data/06-glossary/database-glossary.md +440 -0
  130. package/data/data-governance-and-modeling-deep-dive.md +39 -0
  131. package/data-engineering/01-standards/airflow-complete.md +523 -0
  132. package/data-engineering/01-standards/kafka-complete.md +1521 -0
  133. package/data-engineering/02-playbooks/spark-etl-playbook.md +496 -0
  134. package/data-engineering/03-checklists/pipeline-launch-checklist.md +194 -0
  135. package/data-engineering/04-antipatterns/data-pipeline-antipatterns.md +684 -0
  136. package/data-engineering/05-cases/case-real-time-pipeline.md +355 -0
  137. package/data-engineering/06-glossary/data-engineering-glossary.md +429 -0
  138. package/database/01-standards/database-schema-standards.md +147 -0
  139. package/database/02-playbooks/postgresql-optimization-quick.md +52 -0
  140. package/database/02-playbooks/postgresql-performance-optimization.md +58 -0
  141. package/database/02-playbooks/postgresql-production-playbook.md +146 -0
  142. package/database/02-playbooks/redis-caching-playbook.md +117 -0
  143. package/database/03-checklists/database-review-checklist.md +50 -0
  144. package/database/04-antipatterns/database-antipatterns.md +112 -0
  145. package/design/01-standards/ui-design-system-complete.md +423 -0
  146. package/design/02-playbooks/design-handoff-playbook.md +254 -0
  147. package/design/02-playbooks/design-review-playbook.md +388 -0
  148. package/design/03-checklists/design-review-checklist.md +246 -0
  149. package/design/04-antipatterns/design-antipatterns.md +378 -0
  150. package/design/05-cases/case-design-system-adoption.md +328 -0
  151. package/design/06-glossary/design-glossary.md +329 -0
  152. package/design/ui-full-lifecycle-cross-platform-playbook.md +571 -0
  153. package/design/ux-system-deep-dive.md +38 -0
  154. package/design-systems/00-craft-rules.md +71 -0
  155. package/design-systems/aesthetic-families.md +43 -0
  156. package/design-systems/anti-ai-slop.md +162 -0
  157. package/design-systems/bold-geometric.md +120 -0
  158. package/design-systems/brutalist-bold.md +103 -0
  159. package/design-systems/editorial-clean.md +109 -0
  160. package/design-systems/glass-aurora.md +108 -0
  161. package/design-systems/modern-minimal.md +145 -0
  162. package/design-systems/premium-luxury.md +106 -0
  163. package/design-systems/product-type-design-map.md +48 -0
  164. package/design-systems/soft-warm.md +123 -0
  165. package/design-systems/tech-utility.md +113 -0
  166. package/desktop/01-standards/desktop-app-standard.md +72 -0
  167. package/desktop/01-standards/desktop-design.md +71 -0
  168. package/development/00-governance/document-template.md +41 -0
  169. package/development/01-standards/api-versioning-strategies.md +432 -0
  170. package/development/01-standards/authentication-patterns-complete.md +479 -0
  171. package/development/01-standards/css-architecture-complete.md +550 -0
  172. package/development/01-standards/database-migration-strategies.md +484 -0
  173. package/development/01-standards/elasticsearch-complete.md +347 -0
  174. package/development/01-standards/git-complete.md +371 -0
  175. package/development/01-standards/golang-complete.md +1565 -0
  176. package/development/01-standards/graphql-complete.md +298 -0
  177. package/development/01-standards/javascript-bundlers-complete.md +469 -0
  178. package/development/01-standards/javascript-typescript-complete.md +528 -0
  179. package/development/01-standards/jest-complete.md +275 -0
  180. package/development/01-standards/linux-complete.md +234 -0
  181. package/development/01-standards/logging-observability-complete.md +526 -0
  182. package/development/01-standards/microservices-communication.md +502 -0
  183. package/development/01-standards/mongodb-complete.md +406 -0
  184. package/development/01-standards/oauth2-complete.md +285 -0
  185. package/development/01-standards/performance-optimization-complete.md +289 -0
  186. package/development/01-standards/playwright-complete.md +247 -0
  187. package/development/01-standards/postgresql-complete.md +456 -0
  188. package/development/01-standards/pytest-complete.md +340 -0
  189. package/development/01-standards/python-async-programming.md +902 -0
  190. package/development/01-standards/python-complete.md +956 -0
  191. package/development/01-standards/python-decorators-complete.md +799 -0
  192. package/development/01-standards/python-design-patterns.md +2854 -0
  193. package/development/01-standards/python-packaging-distribution.md +420 -0
  194. package/development/01-standards/python-testing-strategies.md +607 -0
  195. package/development/01-standards/python-web-frameworks-comparison.md +471 -0
  196. package/development/01-standards/redis-complete.md +317 -0
  197. package/development/01-standards/rest-api-complete.md +316 -0
  198. package/development/01-standards/rust-complete.md +578 -0
  199. package/development/01-standards/typescript-advanced-types.md +1513 -0
  200. package/development/01-standards/web-security-complete.md +292 -0
  201. package/development/02-playbooks/api-design-playbook.md +810 -0
  202. package/development/02-playbooks/database-migration-playbook.md +580 -0
  203. package/development/02-playbooks/debugging-playbook.md +692 -0
  204. package/development/02-playbooks/feature-delivery-playbook.md +430 -0
  205. package/development/02-playbooks/incident-hotfix-playbook.md +387 -0
  206. package/development/02-playbooks/performance-optimization-playbook.md +531 -0
  207. package/development/02-playbooks/performance-tuning-playbook.md +652 -0
  208. package/development/02-playbooks/refactor-playbook.md +403 -0
  209. package/development/02-playbooks/release-playbook.md +469 -0
  210. package/development/03-checklists/architecture-review-checklist.md +168 -0
  211. package/development/03-checklists/data-migration-checklist.md +157 -0
  212. package/development/03-checklists/oncall-handover-checklist.md +173 -0
  213. package/development/03-checklists/pr-checklist.md +158 -0
  214. package/development/03-checklists/production-readiness-checklist.md +190 -0
  215. package/development/03-checklists/release-readiness-checklist.md +154 -0
  216. package/development/03-checklists/security-review-checklist.md +182 -0
  217. package/development/04-antipatterns/api-antipatterns.md +657 -0
  218. package/development/04-antipatterns/architecture-antipatterns.md +686 -0
  219. package/development/04-antipatterns/backend-antipatterns.md +648 -0
  220. package/development/04-antipatterns/cicd-antipatterns.md +540 -0
  221. package/development/04-antipatterns/code-smell-antipatterns.md +571 -0
  222. package/development/04-antipatterns/data-antipatterns.md +658 -0
  223. package/development/04-antipatterns/database-antipatterns.md +578 -0
  224. package/development/04-antipatterns/frontend-antipatterns.md +635 -0
  225. package/development/04-antipatterns/reliability-antipatterns.md +700 -0
  226. package/development/04-antipatterns/security-antipatterns.md +747 -0
  227. package/development/05-cases/case-api-version-migration.md +428 -0
  228. package/development/05-cases/case-authorization-hardening.md +383 -0
  229. package/development/05-cases/case-bluegreen-rollback.md +466 -0
  230. package/development/05-cases/case-cache-snowball-protection.md +485 -0
  231. package/development/05-cases/case-ci-cd-pipeline.md +544 -0
  232. package/development/05-cases/case-database-scaling.md +500 -0
  233. package/development/05-cases/case-db-hotspot-optimization.md +487 -0
  234. package/development/05-cases/case-incident-mttr-reduction.md +563 -0
  235. package/development/05-cases/case-microservice-migration.md +375 -0
  236. package/development/05-cases/case-performance-optimization.md +406 -0
  237. package/development/05-cases/case-security-incident-response.md +345 -0
  238. package/development/06-glossary/full-stack-glossary.md +166 -0
  239. package/development/09-maturity/quarterly-audit-template.md +35 -0
  240. package/development/11-ui-excellence/ui-aesthetic-system.md +41 -0
  241. package/development/11-ui-excellence/ui-engineering-excellence.md +435 -0
  242. package/development/12-scenarios/development-scenarios-guide.md +565 -0
  243. package/development/13-implementation-assets/implementation-toolkit.md +282 -0
  244. package/development/13-implementation-assets/knowledge-gates-execution.md +43 -0
  245. package/development/14-full-lifecycle/software-lifecycle-gates.md +511 -0
  246. package/development/15-lifecycle-templates/project-templates-collection.md +791 -0
  247. package/development/api-contract-and-versioning-guide.md +36 -0
  248. package/development/api-governance-complete.md +43 -0
  249. package/development/backend-engineering-complete.md +43 -0
  250. package/development/code-review-quality-complete.md +43 -0
  251. package/development/concurrency-reliability-complete.md +43 -0
  252. package/development/database-engineering-complete.md +43 -0
  253. package/development/engineering-effectiveness-complete.md +43 -0
  254. package/development/engineering-standards-deep-dive.md +38 -0
  255. package/development/frontend-engineering-complete.md +43 -0
  256. package/development/performance-capacity-complete.md +43 -0
  257. package/development/refactor-migration-complete.md +42 -0
  258. package/development/refactoring-and-techdebt-playbook.md +37 -0
  259. package/development/security-in-development-complete.md +43 -0
  260. package/devops/01-standards/cicd-pipeline-complete.md +262 -0
  261. package/devops/01-standards/docker-complete.md +1490 -0
  262. package/devops/01-standards/github-actions-complete.md +337 -0
  263. package/devops/01-standards/kubernetes-complete.md +638 -0
  264. package/devops/01-standards/terraform-complete.md +2117 -0
  265. package/devops/02-playbooks/docker-compose-playbook.md +233 -0
  266. package/devops/02-playbooks/docker-k8s-production-playbook.md +186 -0
  267. package/devops/02-playbooks/docker-production-playbook.md +952 -0
  268. package/edge-iot/01-standards/edge-iot-complete.md +473 -0
  269. package/experts/architect/api-design.md +178 -0
  270. package/experts/architect/methodology.md +124 -0
  271. package/experts/architect/security.md +75 -0
  272. package/experts/backend-lead/methodology.md +216 -0
  273. package/experts/devops/methodology.md +160 -0
  274. package/experts/frontend-lead/methodology.md +178 -0
  275. package/experts/product-manager/industry/ecommerce.md +43 -0
  276. package/experts/product-manager/industry/saas.md +40 -0
  277. package/experts/product-manager/methodology.md +97 -0
  278. package/experts/qa-lead/methodology.md +123 -0
  279. package/experts/qa-lead/test-strategy.md +128 -0
  280. package/experts/uiux-designer/methodology.md +125 -0
  281. package/frontend/01-standards/accessibility-complete.md +532 -0
  282. package/frontend/01-standards/accessibility-standard.md +74 -0
  283. package/frontend/01-standards/admin-dashboard-and-crud.md +72 -0
  284. package/frontend/01-standards/design-tokens-complete.md +444 -0
  285. package/frontend/01-standards/forms-and-validation.md +77 -0
  286. package/frontend/01-standards/frontend-architecture-and-layering.md +119 -0
  287. package/frontend/01-standards/i18n-and-localization.md +65 -0
  288. package/frontend/01-standards/nextjs-complete.md +451 -0
  289. package/frontend/01-standards/react-complete.md +713 -0
  290. package/frontend/01-standards/react-hooks-complete-guide.md +1100 -0
  291. package/frontend/01-standards/react-hooks-complete.md +1171 -0
  292. package/frontend/01-standards/seo-and-web-vitals.md +77 -0
  293. package/frontend/01-standards/state-management-complete.md +444 -0
  294. package/frontend/01-standards/vue-complete.md +499 -0
  295. package/frontend/01-standards/vue3-complete.md +2002 -0
  296. package/frontend/01-standards/web-framework-best-practices.md +64 -0
  297. package/frontend/01-standards/web-performance-complete.md +495 -0
  298. package/frontend/02-playbooks/accessibility-a11y-playbook.md +161 -0
  299. package/frontend/02-playbooks/frontend-performance-playbook.md +707 -0
  300. package/frontend/02-playbooks/i18n-internationalization-playbook.md +120 -0
  301. package/frontend/02-playbooks/performance-optimization-playbook.md +163 -0
  302. package/frontend/02-playbooks/react-nextjs-production-playbook.md +167 -0
  303. package/frontend/02-playbooks/react-state-management-playbook.md +173 -0
  304. package/frontend/03-checklists/component-quality-checklist.md +166 -0
  305. package/frontend/03-checklists/frontend-launch-checklist.md +299 -0
  306. package/frontend/04-antipatterns/frontend-antipatterns.md +886 -0
  307. package/frontend/05-cases/case-performance-optimization.md +274 -0
  308. package/harmony/01-standards/harmonyos-arkts-standard.md +75 -0
  309. package/harmony/01-standards/harmonyos-design.md +65 -0
  310. package/high-quality-engineering-playbook.md +54 -0
  311. package/incident/01-standards/incident-response-complete.md +303 -0
  312. package/incident/02-playbooks/chaos-engineering-playbook.md +883 -0
  313. package/incident/02-playbooks/postmortem-playbook.md +398 -0
  314. package/incident/03-checklists/incident-readiness-checklist.md +181 -0
  315. package/incident/04-antipatterns/incident-antipatterns.md +490 -0
  316. package/incident/05-cases/case-cascade-failure.md +176 -0
  317. package/incident/06-glossary/incident-glossary.md +114 -0
  318. package/incident/postmortem-and-response-deep-dive.md +39 -0
  319. package/industries/ecommerce/ecommerce-complete.md +631 -0
  320. package/industries/education/education-complete.md +555 -0
  321. package/industries/fintech/fintech-complete.md +501 -0
  322. package/industries/gaming/gaming-complete.md +587 -0
  323. package/industries/healthcare/healthcare-complete.md +452 -0
  324. package/low-code/01-standards/low-code-complete.md +944 -0
  325. package/miniprogram/01-standards/ai-common-mistakes.md +61 -0
  326. package/miniprogram/01-standards/miniprogram-custom-navbar-capsule.md +77 -0
  327. package/miniprogram/01-standards/miniprogram-design.md +61 -0
  328. package/miniprogram/01-standards/miniprogram-standard.md +81 -0
  329. package/mobile/01-standards/android-material-design.md +70 -0
  330. package/mobile/01-standards/flutter-complete.md +384 -0
  331. package/mobile/01-standards/ios-design-hig.md +78 -0
  332. package/mobile/01-standards/mobile-app-standard.md +85 -0
  333. package/mobile/01-standards/react-native-complete.md +352 -0
  334. package/mobile/02-playbooks/mobile-cross-platform-playbook.md +175 -0
  335. package/mobile/02-playbooks/mobile-performance.md +473 -0
  336. package/mobile/03-checklists/mobile-release-checklist.md +234 -0
  337. package/mobile/04-antipatterns/mobile-antipatterns.md +798 -0
  338. package/mobile/05-cases/case-app-performance.md +500 -0
  339. package/mobile/05-cases/case-app-startup-optimization.md +218 -0
  340. package/mobile/06-glossary/mobile-glossary.md +484 -0
  341. package/observability/01-standards/observability-standards.md +103 -0
  342. package/observability/02-playbooks/prometheus-grafana-playbook.md +135 -0
  343. package/observability/02-playbooks/structured-logging-playbook.md +73 -0
  344. package/observability/03-checklists/observability-checklist.md +54 -0
  345. package/observability/04-antipatterns/observability-antipatterns.md +106 -0
  346. package/operations/01-standards/prometheus-monitoring-complete.md +1578 -0
  347. package/operations/02-playbooks/capacity-planning-playbook.md +620 -0
  348. package/operations/03-checklists/production-launch-checklist.md +365 -0
  349. package/operations/04-antipatterns/operations-antipatterns.md +664 -0
  350. package/operations/05-cases/case-sre-practices.md +581 -0
  351. package/operations/06-glossary/operations-glossary.md +120 -0
  352. package/operations/aiops-anomaly-detection.md +758 -0
  353. package/operations/capacity-planning.md +1061 -0
  354. package/operations/chaos-engineering.md +659 -0
  355. package/operations/incident-command-system.md +38 -0
  356. package/operations/observability-complete.md +442 -0
  357. package/operations/slo-sli-playbook.md +517 -0
  358. package/operations/sre-operations-deep-dive.md +39 -0
  359. package/package.json +8 -0
  360. package/performance/01-standards/performance-and-scalability.md +80 -0
  361. package/performance/01-standards/performance-standards.md +156 -0
  362. package/performance/02-playbooks/query-optimization-playbook.md +103 -0
  363. package/performance/03-checklists/performance-checklist.md +56 -0
  364. package/performance/04-antipatterns/performance-antipatterns.md +146 -0
  365. package/product/01-standards/product-management-complete.md +285 -0
  366. package/product/02-playbooks/feature-launch-playbook.md +207 -0
  367. package/product/02-playbooks/user-research-playbook.md +532 -0
  368. package/product/03-checklists/feature-launch-checklist.md +275 -0
  369. package/product/04-antipatterns/product-antipatterns.md +355 -0
  370. package/product/05-cases/case-mvp-to-scale.md +384 -0
  371. package/product/06-glossary/product-glossary.md +462 -0
  372. package/product/feature-prioritization-framework.md +40 -0
  373. package/product/kpi-and-metric-tree.md +37 -0
  374. package/product/product-discovery-and-prd-deep-dive.md +41 -0
  375. package/quantum/01-standards/quantum-complete.md +1186 -0
  376. package/security/01-standards/api-security-complete.md +511 -0
  377. package/security/01-standards/container-runtime-security.md +574 -0
  378. package/security/01-standards/data-protection-gdpr.md +543 -0
  379. package/security/01-standards/owasp-top10-complete.md +1890 -0
  380. package/security/01-standards/secure-coding-baseline.md +90 -0
  381. package/security/01-standards/supply-chain-security.md +441 -0
  382. package/security/01-standards/web-security-checklist.md +108 -0
  383. package/security/01-standards/zero-trust-architecture.md +521 -0
  384. package/security/02-playbooks/auth-sso-playbook.md +166 -0
  385. package/security/02-playbooks/incident-response-security-playbook.md +588 -0
  386. package/security/02-playbooks/owasp-api-security-playbook.md +129 -0
  387. package/security/02-playbooks/payment-integration-playbook.md +119 -0
  388. package/security/02-playbooks/penetration-testing-playbook.md +517 -0
  389. package/security/03-checklists/security-audit-checklist.md +356 -0
  390. package/security/04-antipatterns/security-coding-antipatterns.md +580 -0
  391. package/security/05-cases/case-log4shell-incident.md +537 -0
  392. package/security/05-cases/case-major-breaches.md +468 -0
  393. package/security/06-glossary/security-glossary.md +212 -0
  394. package/security/compliance-automation.md +993 -0
  395. package/security/container-security.md +680 -0
  396. package/security/devsecops-complete.md +426 -0
  397. package/security/sast-dast-sca.md +775 -0
  398. package/security/secrets-management.md +594 -0
  399. package/security/security-architecture-deep-dive.md +37 -0
  400. package/security/threat-modeling-stride-playbook.md +40 -0
  401. package/seed-templates/auth-system.md +59 -0
  402. package/seed-templates/blog-content.md +94 -0
  403. package/seed-templates/dashboard.md +89 -0
  404. package/seed-templates/docs-site.md +73 -0
  405. package/seed-templates/e-commerce.md +50 -0
  406. package/seed-templates/saas-landing.md +92 -0
  407. package/seed-templates/settings-page.md +51 -0
  408. package/testing/01-standards/test-strategy-and-layering.md +83 -0
  409. package/testing/01-standards/testing-strategy-complete.md +422 -0
  410. package/testing/01-standards/unit-testing-best-practices.md +118 -0
  411. package/testing/02-playbooks/e2e-testing-playbook.md +988 -0
  412. package/testing/02-playbooks/testing-strategy-playbook.md +126 -0
  413. package/testing/03-checklists/test-strategy-checklist.md +208 -0
  414. package/testing/04-antipatterns/testing-antipatterns.md +718 -0
  415. package/testing/05-cases/case-testing-transformation.md +300 -0
  416. package/testing/06-glossary/testing-glossary.md +110 -0
  417. package/testing/risk-based-test-matrix.md +36 -0
  418. package/testing/testing-strategy-deep-dive.md +37 -0
package/testing/02-playbooks/testing-strategy-playbook.md ADDED
@@ -0,0 +1,126 @@
1
+ ---
2
+ id: testing-strategy-playbook
3
+ title: 测试策略实战手册(金字塔模型 + 现代实践)
4
+ domain: testing
5
+ category: 02-playbooks
6
+ difficulty: advanced
7
+ tags: [testing, unit, integration, e2e, test-pyramid, coverage, mocking, tdd, bdd, playwright, jest, enterprise]
8
+ quality_score: 93
9
+ maintainer: qa-team@umadev.com
10
+ last_updated: 2026-06-15
11
+ ---
12
+
13
+ # 测试策略实战手册
14
+
15
+ > 基于 [TestRail Testing Pyramid](https://www.testrail.com/blog/testing-pyramid/) + [CircleCI Strategy](https://circleci.com/blog/testing-pyramid/) + [Bunnyshell E2E 2025](https://www.bunnyshell.com/blog/best-practices-for-end-to-end-testing-in-2025/)
16
+
17
+ ## 测试金字塔
18
+
19
+ ```
20
+ /\
21
+ /E2E\ 少量(关键路径,< 5%)
22
+ /------\
23
+ /Integra-\ 适量(服务边界,~25%)
24
+ / tion \
25
+ /------------\
26
+ / Unit \ 大量(业务逻辑,~70%)
27
+ /----------------\
28
+ ```
29
+
30
+ ### Unit Tests(单元测试)
31
+ - 测什么:纯函数、业务逻辑、数据转换
32
+ - 工具:Jest/Vitest(JS), pytest(Python), `#[test]`(Rust)
33
+ - 速度:< 100ms/测试
34
+ - Mock:外部依赖(DB/API)全部 mock
35
+ ```typescript
36
+ // ✅ 纯函数测试(快、确定、无副作用)
37
+ describe('calculateTotal', () => {
38
+ it('sums line items with tax', () => {
39
+ const items = [{ price: 100, qty: 2 }, { price: 50, qty: 1 }];
40
+ expect(calculateTotal(items, 0.1)).toBe(275);
41
+ });
42
+ });
43
+ ```
44
+
45
+ ### Integration Tests(集成测试)
46
+ - 测什么:模块间交互、API 端点、DB 查询
47
+ - 工具:Supertest(API), Testcontainers(DB)
48
+ - 速度:< 2s/测试
49
+ - 用真实 DB(测试容器)而非 mock
50
+ ```typescript
51
+ // ✅ API 端点集成测试(真实 DB container)
52
+ describe('POST /api/orders', () => {
53
+ it('creates an order and returns 201', async () => {
54
+ const res = await request(app)
55
+ .post('/api/orders')
56
+ .set('Authorization', `Bearer ${token}`)
57
+ .send({ productId: 'p1', quantity: 2 });
58
+ expect(res.status).toBe(201);
59
+ expect(res.body.id).toBeDefined();
60
+ // 验证 DB 确实写入了
61
+ const order = await db.query(Order).findById(res.body.id);
62
+ expect(order).toBeTruthy();
63
+ });
64
+ });
65
+ ```
66
+
67
+ ### E2E Tests(端到端测试)
68
+ - 测什么:完整用户流程(注册→下单→支付)
69
+ - 工具:Playwright/Cypress
70
+ - 速度:< 30s/测试
71
+ - 少而精——只测关键业务路径
72
+ ```typescript
73
+ // ✅ Playwright E2E(真实浏览器)
74
+ test('user can place an order', async ({ page }) => {
75
+ await page.goto('/login');
76
+ await page.fill('[name=email]', 'test@example.com');
77
+ await page.fill('[name=password]', 'password');
78
+ await page.click('button[type=submit]');
79
+ await page.click('text=Products');
80
+ await page.click('text=Add to Cart');
81
+ await page.click('text=Checkout');
82
+ await expect(page.locator('text=Order confirmed')).toBeVisible();
83
+ });
84
+ ```
85
+
86
+ ## 测试原则
87
+
88
+ 1. **Arrange-Act-Assert** — 每个测试三段式
89
+ 2. **一个测试一个断言重点** — 失败时立刻知道哪里错
90
+ 3. **测试独立** — 不依赖其他测试的执行顺序
91
+ 4. **确定性** — 同样输入永远同样结果(不依赖时间/随机/网络)
92
+ 5. **Fast feedback** — Unit 全量 < 10s,CI 全量 < 5min
93
+
94
+ ## Mock 策略
95
+
96
+ ```typescript
97
+ // ✅ Mock 边界(外部依赖),不 mock 内部逻辑
98
+ // Mock 的:数据库、HTTP API、文件系统、时间
99
+ // 不 Mock 的:被测函数本身、纯业务逻辑
100
+
101
+ // ❌ 过度 mock(测了 mock 不是代码)
102
+ it('creates order', async () => {
103
+ db.insert = jest.fn().mockReturnValue({ id: 1 }); // mock 了 DB
104
+ const result = await createOrder({ productId: 'p1' });
105
+ expect(result.id).toBe(1); // 这只测了 mock 返回什么...
106
+ });
107
+
108
+ // ✅ 合理 mock(只 mock 外部边界)
109
+ it('creates order with valid data', async () => {
110
+ // 用 testcontainer 真实 DB
111
+ const result = await createOrder({ productId: 'p1', quantity: 2 });
112
+ expect(result.id).toBeDefined();
113
+ expect(result.status).toBe('pending');
114
+ });
115
+ ```
116
+
117
+ ## 覆盖率目标
118
+
119
+ | 层级 | 目标 | 说明 |
120
+ |------|------|------|
121
+ | 行覆盖率 | ≥ 80% | 每行代码至少被测一次 |
122
+ | 分支覆盖率 | ≥ 70% | 每个 if/else 分支 |
123
+ | 关键路径 | 100% | 支付/认证/权限 |
124
+ | 工具类 | ≥ 90% | 纯函数工具 |
125
+
126
+ **覆盖率不是目的**——80% 覆盖率但测试都是无意义的 `expect(true)` 毫无价值。测**关键行为**比追求数字重要。
package/testing/03-checklists/test-strategy-checklist.md ADDED
@@ -0,0 +1,208 @@
1
+ ---
2
+ id: test-strategy-checklist
3
+ title: 测试策略检查清单
4
+ domain: testing
5
+ category: 03-checklists
6
+ difficulty: intermediate
7
+ tags: [agent, checklist, management, strategy, test, testing, 概述, 测试策略评估矩阵]
8
+ quality_score: 70
9
+ last_updated: 2026-06-15
10
+ ---
11
+ # 测试策略检查清单
12
+
13
+ ## 概述
14
+
15
+ 本清单为项目测试策略的完整审查框架,涵盖单元测试、集成测试、端到端测试、性能测试、安全测试和覆盖率管理六大维度。适用于团队建立或评估测试体系时逐项确认,确保测试投入与质量产出的最优平衡。
16
+
17
+ 测试金字塔原则:单元测试(70%)> 集成测试(20%)> E2E 测试(10%)。
18
+
19
+ ---
20
+
21
+ ## 1. 单元测试(Unit Testing)
22
+
23
+ ### 基础设施
24
+
25
+ - [ ] 测试框架已选定并统一(Jest / pytest / Go testing / JUnit)
26
+ - [ ] 测试运行器集成到 CI pipeline,每次提交自动触发
27
+ - [ ] Mock/Stub 工具已集成(jest.mock / unittest.mock / gomock)
28
+ - [ ] 测试数据工厂已建立(Factory Boy / Faker / Fishery)
29
+ - [ ] 测试执行时间 < 5 分钟(超过需拆分或并行化)
30
+
31
+ ### 质量标准
32
+
33
+ - [ ] 每个公共函数/方法至少 1 个正向测试 + 1 个异常测试
34
+ - [ ] 纯函数测试覆盖所有边界条件(空值、零值、极大值、特殊字符)
35
+ - [ ] 测试命名清晰:`test_<被测行为>_when_<条件>_should_<期望结果>`
36
+ - [ ] 测试之间无顺序依赖,可独立运行
37
+ - [ ] 不测试私有方法(通过公共接口间接覆盖)
38
+ - [ ] 不测试框架本身的功能(如 ORM 的 CRUD)
39
+ - [ ] 每个测试只验证一个行为(Single Assertion Principle)
40
+ - [ ] 测试代码同样遵循代码规范(无重复、有清晰结构)
41
+
42
+ ### 反模式检查
43
+
44
+ - [ ] 无 sleep/delay 等时间依赖(使用 fake timer)
45
+ - [ ] 无真实网络调用(全部 mock)
46
+ - [ ] 无真实数据库操作(使用内存数据库或 mock)
47
+ - [ ] 无硬编码的文件路径(使用临时目录)
48
+ - [ ] 无测试间共享的可变状态
49
+
50
+ ## 2. 集成测试(Integration Testing)
51
+
52
+ ### 基础设施
53
+
54
+ - [ ] 测试数据库使用独立实例(Docker Compose / Testcontainers)
55
+ - [ ] 测试环境配置与生产环境一致(同类型数据库、同版本中间件)
56
+ - [ ] 每个测试套件前后有清理机制(事务回滚 / truncate)
57
+ - [ ] 外部服务使用 Contract Testing 或 WireMock 模拟
58
+
59
+ ### 质量标准
60
+
61
+ - [ ] API 端点测试覆盖:正常请求 + 认证失败 + 参数错误 + 权限不足
62
+ - [ ] 数据库操作测试覆盖:CRUD + 事务 + 并发 + 约束违反
63
+ - [ ] 消息队列测试覆盖:发送 + 消费 + 重试 + 死信
64
+ - [ ] 缓存测试覆盖:命中 + 未命中 + 过期 + 失效
65
+ - [ ] 服务间调用测试覆盖:正常 + 超时 + 降级 + 重试
66
+ - [ ] 数据一致性验证:写入后立即读取确认数据正确
67
+ - [ ] 测试数据不依赖生产数据(使用 seed 数据或 factory)
68
+
69
+ ### 反模式检查
70
+
71
+ - [ ] 无测试调用真实第三方服务(支付、短信、邮件等)
72
+ - [ ] 无测试修改共享状态导致其他测试失败
73
+ - [ ] 无测试因环境差异(时区、编码、OS)而不稳定
74
+
75
+ ## 3. 端到端测试(E2E Testing)
76
+
77
+ ### 基础设施
78
+
79
+ - [ ] E2E 测试框架已选定(Playwright / Cypress / Selenium)
80
+ - [ ] 测试环境独立部署,不与开发/staging 共用
81
+ - [ ] 测试数据有独立的 seed 脚本,可重复执行
82
+ - [ ] 截图/录屏功能已启用,失败时自动保存证据
83
+ - [ ] 并行执行能力已配置,减少总运行时间
84
+
85
+ ### 质量标准
86
+
87
+ - [ ] 覆盖核心业务流程(关键路径 / Happy Path)
88
+ - [ ] 用户注册 → 登录 → 核心操作 → 退出的完整流程
89
+ - [ ] 支付/订单等关键转化路径 100% 覆盖
90
+ - [ ] 跨浏览器测试:Chrome + Firefox + Safari(至少 2 种)
91
+ - [ ] 移动端视口测试(375px / 768px / 1024px)
92
+ - [ ] 测试步骤使用 Page Object Model 封装,减少维护成本
93
+ - [ ] 等待策略使用显式等待(wait for element),不使用 sleep
94
+
95
+ ### 反模式检查
96
+
97
+ - [ ] E2E 测试数量不超过总测试的 10%(避免过度依赖 E2E)
98
+ - [ ] 不将 E2E 测试用于验证业务逻辑细节(那是单元测试的职责)
99
+ - [ ] 不因 E2E 测试不稳定而频繁跳过(修复而非忽略)
100
+ - [ ] 不在 E2E 测试中直接操作数据库(通过 API 准备数据)
101
+
102
+ ## 4. 性能测试(Performance Testing)
103
+
104
+ ### 基础设施
105
+
106
+ - [ ] 性能测试工具已选定(k6 / JMeter / Gatling / Locust)
107
+ - [ ] 测试环境硬件配置与生产环境等比(至少 1:2)
108
+ - [ ] 性能基线已建立(当前 QPS、P95 延迟、错误率)
109
+ - [ ] 测试数据量模拟生产规模(至少 80% 数据量)
110
+
111
+ ### 质量标准
112
+
113
+ - [ ] 负载测试:验证系统在预期并发下的表现(如 500 QPS)
114
+ - [ ] 压力测试:找到系统的瓶颈点(逐步加压直到错误率 > 1%)
115
+ - [ ] 浸泡测试:长时间(≥ 4 小时)稳定负载,检测内存泄漏
116
+ - [ ] 峰值测试:模拟突发流量(如秒杀场景,瞬时 10x 正常流量)
117
+ - [ ] 关键 API 的 P95 响应时间 < SLA 要求
118
+ - [ ] 数据库慢查询 < 全部查询的 0.1%
119
+ - [ ] 内存使用在长时间运行后无持续增长趋势
120
+ - [ ] 连接池、线程池使用率在高负载时 < 80%
121
+
122
+ ### 反模式检查
123
+
124
+ - [ ] 不在开发环境跑性能测试然后推断生产表现
125
+ - [ ] 不忽略测试中的错误率(即使 QPS 达标)
126
+ - [ ] 不仅测试单接口(需测试混合场景模拟真实流量模型)
127
+
128
+ ## 5. 安全测试(Security Testing)
129
+
130
+ ### 基础设施
131
+
132
+ - [ ] SAST(静态扫描)工具集成到 CI(SonarQube / Semgrep / CodeQL)
133
+ - [ ] DAST(动态扫描)工具定期运行(OWASP ZAP / Burp Suite)
134
+ - [ ] 依赖漏洞扫描自动化(npm audit / pip-audit / Trivy)
135
+ - [ ] Secret 扫描集成到 pre-commit hook(git-secrets / trufflehog)
136
+
137
+ ### 质量标准
138
+
139
+ - [ ] OWASP Top 10 全部覆盖测试
140
+ - [ ] SQL 注入测试:所有用户输入参数
141
+ - [ ] XSS 测试:所有输出到页面的用户数据
142
+ - [ ] CSRF 测试:所有状态变更操作
143
+ - [ ] 认证绕过测试:修改 Token / 过期 Token / 无 Token
144
+ - [ ] 越权测试:用户 A 访问用户 B 的数据
145
+ - [ ] 文件上传测试:恶意文件类型、超大文件、路径穿越
146
+ - [ ] 敏感数据暴露测试:API 响应不包含密码哈希、内部 ID 等
147
+ - [ ] HTTPS 强制:HTTP 请求 301 到 HTTPS
148
+ - [ ] 安全响应头:HSTS、X-Content-Type-Options、X-Frame-Options
149
+
150
+ ### 反模式检查
151
+
152
+ - [ ] 不将安全测试仅放在上线前执行(应持续集成)
153
+ - [ ] 不忽略中低危漏洞(定期清理漏洞列表)
154
+ - [ ] 不使用过时的加密算法(MD5、SHA1 用于密码哈希)
155
+
156
+ ## 6. 覆盖率管理(Coverage Management)
157
+
158
+ ### 目标设定
159
+
160
+ - [ ] 项目整体行覆盖率目标 ≥ 80%
161
+ - [ ] 核心业务模块行覆盖率目标 ≥ 90%
162
+ - [ ] 分支覆盖率目标 ≥ 70%
163
+ - [ ] 新增代码覆盖率 ≥ 85%(增量覆盖率)
164
+ - [ ] CI 中覆盖率低于阈值阻止合并
165
+
166
+ ### 执行标准
167
+
168
+ - [ ] 覆盖率报告自动生成并发布(Codecov / Coveralls)
169
+ - [ ] 覆盖率趋势可视化,可追溯历史变化
170
+ - [ ] 排除生成代码、配置文件、类型定义文件的覆盖率计算
171
+ - [ ] 定期审查低覆盖率模块,制定补充计划
172
+ - [ ] 不为提升覆盖率而写无意义的测试(如仅调用不断言)
173
+
174
+ ### 反模式检查
175
+
176
+ - [ ] 覆盖率 100% 不等于零 bug(关注测试质量而非数字)
177
+ - [ ] 不使用 `istanbul ignore` / `pragma: no cover` 绕过覆盖率
178
+ - [ ] 不因为是 "简单代码" 就跳过测试
179
+
180
+ ---
181
+
182
+ ## 测试策略评估矩阵
183
+
184
+ | 维度 | 权重 | 达标标准 | 当前状态 |
185
+ |------|------|---------|---------|
186
+ | 单元测试 | 30% | 覆盖率 ≥ 80%,CI 集成 | [ ] |
187
+ | 集成测试 | 25% | API 100% 覆盖,数据层验证 | [ ] |
188
+ | E2E 测试 | 15% | 核心路径覆盖,跨浏览器 | [ ] |
189
+ | 性能测试 | 15% | 基线建立,满足 SLA | [ ] |
190
+ | 安全测试 | 10% | OWASP Top 10 覆盖 | [ ] |
191
+ | 覆盖率管理 | 5% | CI 卡点,趋势监控 | [ ] |
192
+
193
+ ---
194
+
195
+ ## Agent Checklist
196
+
197
+ 以下为 AI Agent 在评估或建立测试策略时必须验证的硬约束:
198
+
199
+ - [ ] 确认测试框架已安装且 `npm test` / `pytest` 可正常运行
200
+ - [ ] 确认 CI 配置中包含测试执行步骤
201
+ - [ ] 确认覆盖率工具已集成并有阈值卡点
202
+ - [ ] 确认核心业务模块有对应的测试文件
203
+ - [ ] 确认测试数据使用 factory/fixture 而非硬编码
204
+ - [ ] 确认无测试直接调用外部真实服务
205
+ - [ ] 确认 E2E 测试使用 Page Object Model 或等效封装
206
+ - [ ] 确认安全扫描工具已集成到 CI
207
+ - [ ] 确认性能基线数据已记录
208
+ - [ ] 生成测试策略评估报告,标注各维度达标情况