@zeyue0329/xiaoma-cli 1.0.24 → 1.0.26

package/package.json

@@ -1,7 +1,7 @@
 {
   "$schema": "https://json.schemastore.org/package.json",
   "name": "@zeyue0329/xiaoma-cli",
-  "version": "1.0.24",
+  "version": "1.0.26",
   "description": "XiaoMa Cli: Universal AI Agent Framework",
   "keywords": [
     "agile",

package/tools/installer/package.json

@@ -1,6 +1,6 @@
 {
   "name": "xiaoma-cli",
-  "version": "1.0.24",
+  "version": "1.0.26",
   "description": "XiaoMa-Cli installer - AI-powered Agile development framework",
   "keywords": [
     "bmad",

package/xiaoma-core/agents/automated-fix-validator.yaml

@@ -0,0 +1,578 @@
+# Automated Fix Validator Agent
+# 自动化修复验证智能体
+
+meta:
+  name: "Automated Fix Validator"
+  version: "2.0"
+  description: "专门负责自动化修复验证、质量回归测试和闭环确认的智能体"
+  created_date: "2025-09-10"
+  specialization: "automated_validation_and_regression_testing"
+  priority: "CRITICAL"
+
+# ========== 智能体核心能力 ==========
+agent_capabilities:
+  validation_competencies:
+    - "多层次修复验证"
+    - "自动化回归测试"
+    - "集成影响分析"
+    - "性能基准验证"
+    - "安全漏洞扫描"
+    - "代码质量评估"
+    - "业务逻辑验证"
+    - "端到端场景测试"
+
+  automation_features:
+    - "智能测试用例生成"
+    - "自适应验证策略"
+    - "并行验证执行"
+    - "增量验证优化"
+    - "失败模式学习"
+    - "自动回滚决策"
+
+# ========== 验证策略引擎 ==========
+validation_strategy_engine:
+  strategy_selection:
+    factors:
+      - fix_type
+      - component_criticality
+      - change_scope
+      - risk_assessment
+      - time_constraints
+      - historical_data
+
+    strategies:
+      comprehensive_validation:
+        description: "全面验证策略"
+        applicable_when:
+          - critical_fix
+          - major_refactoring
+          - security_patch
+          - architecture_change
+        validation_depth: "maximum"
+        test_coverage_target: 95
+
+      targeted_validation:
+        description: "定向验证策略"
+        applicable_when:
+          - localized_fix
+          - minor_bug_fix
+          - documentation_update
+        validation_depth: "focused"
+        test_coverage_target: 85
+
+      rapid_validation:
+        description: "快速验证策略"
+        applicable_when:
+          - hotfix_required
+          - low_risk_change
+          - configuration_update
+        validation_depth: "essential"
+        test_coverage_target: 70
+
+# ========== 多层验证框架 ==========
+multi_layer_validation_framework:
+  # 第1层：语法和静态分析
+  layer_1_static_validation:
+    name: "静态代码验证"
+    validators:
+      - validator: "syntax_checker"
+        languages: ["javascript", "typescript", "python", "java", "go"]
+        checks:
+          - syntax_correctness
+          - import_resolution
+          - type_checking
+          - unused_variables
+
+      - validator: "linter"
+        tools: ["eslint", "pylint", "golint", "checkstyle"]
+        rules:
+          - code_style_compliance
+          - best_practice_violations
+          - complexity_metrics
+          - maintainability_index
+
+      - validator: "security_scanner"
+        tools: ["sonarqube", "snyk", "bandit"]
+        scans:
+          - vulnerability_detection
+          - dependency_audit
+          - secret_detection
+          - injection_risks
+
+    pass_criteria:
+      no_syntax_errors: true
+      linting_score: ">85"
+      security_issues: 0
+      complexity_threshold: 10
+
+  # 第2层：单元测试验证
+  layer_2_unit_validation:
+    name: "单元测试验证"
+    test_execution:
+      runners: ["jest", "pytest", "junit", "go_test"]
+      parallel_execution: true
+      timeout_per_test: 30
+
+    coverage_analysis:
+      tools: ["istanbul", "coverage.py", "jacoco"]
+      metrics:
+        - line_coverage
+        - branch_coverage
+        - function_coverage
+        - statement_coverage
+      minimum_thresholds:
+        critical_code: 95
+        standard_code: 85
+        utility_code: 70
+
+    mutation_testing:
+      enabled: true
+      tools: ["stryker", "pitest", "mutmut"]
+      survival_threshold: 10 # 最多10%的变异体存活
+
+    pass_criteria:
+      all_tests_passing: true
+      coverage_met: true
+      mutation_score: ">90"
+
+  # 第3层：集成测试验证
+  layer_3_integration_validation:
+    name: "集成测试验证"
+    test_categories:
+      api_integration:
+        tools: ["postman", "newman", "rest-assured"]
+        validations:
+          - endpoint_availability
+          - request_response_format
+          - status_code_correctness
+          - response_time_limits
+          - error_handling
+
+      database_integration:
+        tools: ["dbunit", "testcontainers"]
+        validations:
+          - connection_stability
+          - query_correctness
+          - transaction_integrity
+          - data_consistency
+          - performance_benchmarks
+
+      service_integration:
+        tools: ["wiremock", "mockserver"]
+        validations:
+          - service_communication
+          - message_queue_operations
+          - event_processing
+          - timeout_handling
+          - retry_mechanisms
+
+    pass_criteria:
+      integration_success_rate: ">98"
+      response_time_p95: "<500ms"
+      error_rate: "<1%"
+
+  # 第4层：端到端测试验证
+  layer_4_e2e_validation:
+    name: "端到端测试验证"
+    test_frameworks:
+      web_testing:
+        tools: ["cypress", "playwright", "selenium"]
+        scenarios:
+          - user_journey_flows
+          - critical_path_testing
+          - cross_browser_compatibility
+          - responsive_design_validation
+
+      mobile_testing:
+        tools: ["appium", "espresso", "xcuitest"]
+        scenarios:
+          - app_navigation_flows
+          - device_compatibility
+          - offline_functionality
+          - push_notification_handling
+
+      api_workflow_testing:
+        tools: ["karate", "restassured", "tavern"]
+        scenarios:
+          - multi_step_workflows
+          - data_flow_validation
+          - error_recovery_paths
+          - concurrent_user_simulation
+
+    pass_criteria:
+      critical_scenarios_passing: 100
+      overall_success_rate: ">95"
+      performance_degradation: "<5%"
+
+  # 第5层：业务验证
+  layer_5_business_validation:
+    name: "业务逻辑验证"
+    validation_types:
+      requirement_compliance:
+        checks:
+          - acceptance_criteria_met
+          - business_rules_enforced
+          - data_validation_rules
+          - workflow_correctness
+
+      user_experience_validation:
+        checks:
+          - ui_consistency
+          - accessibility_standards
+          - usability_guidelines
+          - performance_perception
+
+      compliance_validation:
+        checks:
+          - regulatory_requirements
+          - data_privacy_rules
+          - audit_trail_completeness
+          - security_policies
+
+    pass_criteria:
+      requirement_coverage: 100
+      business_rule_compliance: 100
+      ux_score: ">85"
+
+# ========== 回归测试管理 ==========
+regression_test_management:
+  test_selection_strategy:
+    approaches:
+      - approach: "risk_based_selection"
+        description: "基于风险的测试选择"
+        factors:
+          - code_change_impact
+          - component_criticality
+          - defect_history
+          - customer_usage_patterns
+
+      - approach: "dependency_analysis"
+        description: "依赖分析测试选择"
+        techniques:
+          - static_dependency_graph
+          - dynamic_call_analysis
+          - data_flow_tracking
+
+      - approach: "machine_learning_prediction"
+        description: "机器学习预测选择"
+        models:
+          - failure_prediction_model
+          - test_effectiveness_model
+          - optimal_subset_selection
+
+  test_optimization:
+    techniques:
+      - technique: "test_prioritization"
+        criteria: ["failure_probability", "execution_time", "coverage_contribution"]
+
+      - technique: "parallel_execution"
+        strategy: "resource_aware_scheduling"
+        max_parallel_jobs: 10
+
+      - technique: "incremental_testing"
+        approach: "change_impact_analysis"
+        cache_previous_results: true
+
+      - technique: "smart_retry"
+        flaky_test_detection: true
+        max_retries: 3
+        retry_on_failure_types: ["timeout", "network_error"]
+
+  regression_suite_maintenance:
+    automatic_updates:
+      - add_new_test_cases
+      - remove_obsolete_tests
+      - update_test_data
+      - refactor_duplicate_tests
+
+    quality_metrics:
+      - test_effectiveness
+      - fault_detection_rate
+      - execution_efficiency
+      - maintenance_cost
+
+# ========== 性能验证引擎 ==========
+performance_validation_engine:
+  performance_tests:
+    load_testing:
+      tools: ["jmeter", "gatling", "k6"]
+      scenarios:
+        - normal_load
+        - peak_load
+        - stress_conditions
+        - endurance_run
+      metrics:
+        - response_time
+        - throughput
+        - error_rate
+        - resource_utilization
+
+    benchmark_comparison:
+      baseline_source: "previous_release"
+      comparison_metrics:
+        - response_time_percentiles
+        - memory_consumption
+        - cpu_utilization
+        - database_query_time
+      acceptance_thresholds:
+        regression_tolerance: 5 # 最多5%性能下降
+        improvement_target: 10 # 目标10%性能提升
+
+  scalability_validation:
+    tests:
+      - horizontal_scaling
+      - vertical_scaling
+      - database_scaling
+      - cache_effectiveness
+
+    metrics:
+      - linear_scalability_factor
+      - resource_efficiency
+      - bottleneck_identification
+
+# ========== 安全验证引擎 ==========
+security_validation_engine:
+  security_scans:
+    static_analysis:
+      tools: ["sonarqube", "checkmarx", "fortify"]
+      checks:
+        - code_vulnerabilities
+        - configuration_issues
+        - dependency_vulnerabilities
+        - secret_exposure
+
+    dynamic_analysis:
+      tools: ["owasp_zap", "burp_suite", "nikto"]
+      tests:
+        - injection_attacks
+        - authentication_bypass
+        - session_management
+        - cross_site_scripting
+
+    compliance_checks:
+      standards: ["owasp_top_10", "pci_dss", "gdpr", "hipaa"]
+      validations:
+        - encryption_requirements
+        - access_control
+        - audit_logging
+        - data_protection
+
+  vulnerability_management:
+    severity_classification:
+      critical: "immediate_fix_required"
+      high: "fix_within_24_hours"
+      medium: "fix_within_sprint"
+      low: "backlog_item"
+
+    remediation_tracking:
+      - vulnerability_id
+      - discovery_date
+      - fix_status
+      - verification_status
+
+# ========== 验证结果分析器 ==========
+validation_result_analyzer:
+  result_aggregation:
+    data_sources:
+      - static_analysis_results
+      - test_execution_results
+      - performance_metrics
+      - security_scan_results
+      - business_validation_results
+
+    aggregation_methods:
+      weighted_scoring:
+        weights:
+          functionality: 35
+          performance: 25
+          security: 20
+          quality: 10
+          usability: 10
+
+      confidence_calculation:
+        factors:
+          - test_coverage
+          - test_quality
+          - historical_accuracy
+          - validation_completeness
+
+  decision_engine:
+    decision_criteria:
+      approve_fix:
+        conditions:
+          - all_critical_tests_passing
+          - no_security_vulnerabilities
+          - performance_acceptable
+          - business_requirements_met
+        confidence_threshold: 90
+
+      conditional_approve:
+        conditions:
+          - minor_issues_only
+          - workaround_available
+          - risk_acceptable
+        requires_approval: true
+
+      reject_fix:
+        conditions:
+          - critical_test_failure
+          - security_vulnerability_found
+          - significant_performance_regression
+          - business_logic_violation
+        action: "return_for_rework"
+
+      escalate_decision:
+        conditions:
+          - ambiguous_results
+          - partial_validation_only
+          - timeout_occurred
+        escalation_to: "architect"
+
+  insight_generation:
+    analyses:
+      - failure_pattern_analysis
+      - root_cause_identification
+      - improvement_suggestions
+      - risk_assessment
+
+    recommendations:
+      - additional_test_coverage
+      - code_refactoring_areas
+      - performance_optimization
+      - security_hardening
+
+# ========== 自动回滚机制 ==========
+auto_rollback_mechanism:
+  rollback_triggers:
+    automatic_triggers:
+      - critical_validation_failure
+      - production_error_spike
+      - performance_degradation_severe
+      - security_breach_detected
+
+    threshold_triggers:
+      error_rate: ">5%"
+      response_time_increase: ">50%"
+      availability_drop: "<99%"
+      customer_complaints: ">10"
+
+  rollback_strategy:
+    preparation:
+      - backup_current_state
+      - prepare_rollback_scripts
+      - validate_rollback_path
+      - notify_stakeholders
+
+    execution:
+      - stop_current_deployment
+      - restore_previous_version
+      - verify_restoration
+      - update_routing_rules
+
+    verification:
+      - health_check_all_services
+      - verify_data_integrity
+      - confirm_functionality
+      - monitor_stability
+
+  post_rollback:
+    actions:
+      - incident_report_generation
+      - root_cause_analysis
+      - fix_plan_creation
+      - lessons_learned_documentation
+
+# ========== 报告生成器 ==========
+report_generator:
+  report_types:
+    validation_summary:
+      format: "markdown"
+      sections:
+        - overall_status
+        - validation_scores
+        - test_results_summary
+        - issue_list
+        - recommendations
+      audience: "development_team"
+
+    detailed_analysis:
+      format: "html"
+      sections:
+        - layer_by_layer_results
+        - coverage_analysis
+        - performance_comparison
+        - security_findings
+        - regression_test_results
+      audience: "technical_leads"
+
+    executive_summary:
+      format: "pdf"
+      sections:
+        - go_no_go_decision
+        - risk_assessment
+        - quality_metrics
+        - business_impact
+      audience: "management"
+
+  visualization:
+    charts:
+      - validation_progress_timeline
+      - layer_success_rates
+      - coverage_heatmap
+      - performance_comparison_graph
+      - issue_distribution_pie
+
+    dashboards: real_time_validation_status
+      historical_trend_analysis
+      quality_metrics_dashboard
+
+# ========== 持续学习系统 ==========
+continuous_learning_system:
+  learning_sources:
+    - validation_outcomes
+    - false_positive_rates
+    - false_negative_rates
+    - fix_effectiveness
+    - rollback_incidents
+
+  model_improvements:
+    test_selection_model:
+      inputs: ["code_changes", "historical_failures", "dependency_graph"]
+      algorithm: "random_forest"
+      retraining_frequency: "weekly"
+
+    risk_prediction_model:
+      inputs: ["change_complexity", "component_history", "developer_experience"]
+      algorithm: "gradient_boosting"
+      retraining_frequency: "monthly"
+
+    validation_optimization_model:
+      inputs: ["validation_time", "defect_detection", "resource_usage"]
+      algorithm: "reinforcement_learning"
+      retraining_frequency: "continuous"
+
+  knowledge_base_updates:
+    - common_failure_patterns
+    - effective_test_strategies
+    - validation_best_practices
+    - optimization_techniques
+
+# ========== 成功标准 ==========
+success_criteria:
+  validation_accuracy:
+    - "缺陷检测率>95%"
+    - "误报率<5%"
+    - "漏报率<2%"
+    - "验证完整性100%"
+
+  efficiency_metrics:
+    - "平均验证时间<30分钟"
+    - "并行执行效率>80%"
+    - "资源利用率优化>70%"
+    - "自动化覆盖率>90%"
+
+  quality_impact:
+    - "生产缺陷减少>80%"
+    - "回滚事件减少>90%"
+    - "首次部署成功率>95%"
+    - "客户满意度提升>20%"