npm - ai-engineering-init - Versions diffs - 1.6.0 → 1.8.0 - Mend

ai-engineering-init 1.6.0 → 1.8.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (187) hide show

package/.claude/agents/code-reviewer.md +3 -130
package/.claude/hooks/skill-forced-eval.js +46 -60
package/.claude/hooks/stop.js +24 -1
package/.claude/settings.json +10 -1
package/.claude/skills/api-development/SKILL.md +179 -130
package/.claude/skills/architecture-design/SKILL.md +102 -212
package/.claude/skills/backend-annotations/SKILL.md +166 -220
package/.claude/skills/bug-detective/SKILL.md +225 -186
package/.claude/skills/code-patterns/SKILL.md +127 -244
package/.claude/skills/codex-code-review/SKILL.md +327 -0
package/.claude/skills/collaborating-with-codex/SKILL.md +96 -113
package/.claude/skills/crud-development/SKILL.md +226 -307
package/.claude/skills/data-permission/SKILL.md +131 -202
package/.claude/skills/database-ops/SKILL.md +158 -355
package/.claude/skills/error-handler/SKILL.md +224 -285
package/.claude/skills/file-oss-management/SKILL.md +174 -169
package/.claude/skills/git-workflow/SKILL.md +123 -341
package/.claude/skills/json-serialization/SKILL.md +121 -137
package/.claude/skills/leniu-report-customization/SKILL.md +82 -2
package/.claude/skills/leniu-report-standard-customization/SKILL.md +65 -2
package/.claude/skills/loki-log-query/SKILL.md +400 -0
package/.claude/skills/mysql-debug/SKILL.md +58 -22
package/.claude/skills/performance-doctor/SKILL.md +83 -89
package/.claude/skills/redis-cache/SKILL.md +134 -185
package/.claude/skills/scheduled-jobs/SKILL.md +187 -224
package/.claude/skills/security-guard/SKILL.md +168 -276
package/.claude/skills/sms-mail/SKILL.md +266 -228
package/.claude/skills/social-login/SKILL.md +257 -195
package/.claude/skills/sync-back-merge/SKILL.md +66 -0
package/.claude/skills/tenant-management/SKILL.md +172 -188
package/.claude/skills/utils-toolkit/SKILL.md +214 -222
package/.claude/skills/websocket-sse/SKILL.md +251 -172
package/.claude/skills/workflow-engine/SKILL.md +178 -250
package/.claude/skills/yunxiao-task-management/SKILL.md +489 -0
package/.codex/skills/api-development/SKILL.md +179 -130
package/.codex/skills/architecture-design/SKILL.md +102 -212
package/.codex/skills/backend-annotations/SKILL.md +166 -220
package/.codex/skills/bug-detective/SKILL.md +225 -186
package/.codex/skills/code-patterns/SKILL.md +127 -244
package/.codex/skills/collaborating-with-codex/SKILL.md +96 -113
package/.codex/skills/crud-development/SKILL.md +226 -307
package/.codex/skills/data-permission/SKILL.md +131 -202
package/.codex/skills/database-ops/SKILL.md +158 -355
package/.codex/skills/error-handler/SKILL.md +224 -285
package/.codex/skills/file-oss-management/SKILL.md +174 -169
package/.codex/skills/git-workflow/SKILL.md +123 -341
package/.codex/skills/json-serialization/SKILL.md +121 -137
package/.codex/skills/leniu-report-customization/SKILL.md +82 -2
package/.codex/skills/leniu-report-standard-customization/SKILL.md +65 -2
package/.codex/skills/loki-log-query/SKILL.md +400 -0
package/.codex/skills/loki-log-query/environments.json +45 -0
package/.codex/skills/mysql-debug/SKILL.md +58 -22
package/.codex/skills/performance-doctor/SKILL.md +83 -89
package/.codex/skills/redis-cache/SKILL.md +134 -185
package/.codex/skills/scheduled-jobs/SKILL.md +187 -224
package/.codex/skills/security-guard/SKILL.md +168 -276
package/.codex/skills/skill-creator/LICENSE.txt +202 -0
package/.codex/skills/skill-creator/SKILL.md +479 -0
package/.codex/skills/skill-creator/agents/analyzer.md +274 -0
package/.codex/skills/skill-creator/agents/comparator.md +202 -0
package/.codex/skills/skill-creator/agents/grader.md +223 -0
package/.codex/skills/skill-creator/assets/eval_review.html +146 -0
package/.codex/skills/skill-creator/eval-viewer/generate_review.py +471 -0
package/.codex/skills/skill-creator/eval-viewer/viewer.html +1325 -0
package/.codex/skills/skill-creator/references/schemas.md +430 -0
package/.codex/skills/skill-creator/scripts/__init__.py +0 -0
package/.codex/skills/skill-creator/scripts/aggregate_benchmark.py +401 -0
package/.codex/skills/skill-creator/scripts/generate_report.py +326 -0
package/.codex/skills/skill-creator/scripts/improve_description.py +248 -0
package/.codex/skills/skill-creator/scripts/package_skill.py +136 -0
package/.codex/skills/skill-creator/scripts/quick_validate.py +103 -0
package/.codex/skills/skill-creator/scripts/run_eval.py +310 -0
package/.codex/skills/skill-creator/scripts/run_loop.py +332 -0
package/.codex/skills/skill-creator/scripts/utils.py +47 -0
package/.codex/skills/sms-mail/SKILL.md +266 -228
package/.codex/skills/social-login/SKILL.md +257 -195
package/.codex/skills/sync-back-merge/SKILL.md +66 -0
package/.codex/skills/tenant-management/SKILL.md +172 -188
package/.codex/skills/utils-toolkit/SKILL.md +214 -222
package/.codex/skills/websocket-sse/SKILL.md +251 -172
package/.codex/skills/workflow-engine/SKILL.md +178 -250
package/.codex/skills/yunxiao-task-management/SKILL.md +489 -0
package/.cursor/hooks/cursor-skill-eval.js +66 -6
package/.cursor/hooks/stop.js +23 -1
package/.cursor/skills/api-development/SKILL.md +179 -130
package/.cursor/skills/architecture-design/SKILL.md +102 -212
package/.cursor/skills/backend-annotations/SKILL.md +166 -220
package/.cursor/skills/bug-detective/SKILL.md +225 -186
package/.cursor/skills/code-patterns/SKILL.md +127 -244
package/.cursor/skills/collaborating-with-codex/SKILL.md +96 -113
package/.cursor/skills/crud-development/SKILL.md +226 -307
package/.cursor/skills/data-permission/SKILL.md +131 -202
package/.cursor/skills/database-ops/SKILL.md +158 -355
package/.cursor/skills/error-handler/SKILL.md +224 -285
package/.cursor/skills/file-oss-management/SKILL.md +174 -169
package/.cursor/skills/git-workflow/SKILL.md +123 -341
package/.cursor/skills/json-serialization/SKILL.md +121 -137
package/.cursor/skills/leniu-report-customization/SKILL.md +82 -2
package/.cursor/skills/leniu-report-standard-customization/SKILL.md +65 -2
package/.cursor/skills/loki-log-query/SKILL.md +400 -0
package/.cursor/skills/loki-log-query/environments.json +45 -0
package/.cursor/skills/mysql-debug/SKILL.md +58 -22
package/.cursor/skills/performance-doctor/SKILL.md +83 -89
package/.cursor/skills/redis-cache/SKILL.md +134 -185
package/.cursor/skills/scheduled-jobs/SKILL.md +187 -224
package/.cursor/skills/security-guard/SKILL.md +168 -276
package/.cursor/skills/skill-creator/LICENSE.txt +202 -0
package/.cursor/skills/skill-creator/SKILL.md +479 -0
package/.cursor/skills/skill-creator/agents/analyzer.md +274 -0
package/.cursor/skills/skill-creator/agents/comparator.md +202 -0
package/.cursor/skills/skill-creator/agents/grader.md +223 -0
package/.cursor/skills/skill-creator/assets/eval_review.html +146 -0
package/.cursor/skills/skill-creator/eval-viewer/generate_review.py +471 -0
package/.cursor/skills/skill-creator/eval-viewer/viewer.html +1325 -0
package/.cursor/skills/skill-creator/references/schemas.md +430 -0
package/.cursor/skills/skill-creator/scripts/__init__.py +0 -0
package/.cursor/skills/skill-creator/scripts/aggregate_benchmark.py +401 -0
package/.cursor/skills/skill-creator/scripts/generate_report.py +326 -0
package/.cursor/skills/skill-creator/scripts/improve_description.py +248 -0
package/.cursor/skills/skill-creator/scripts/package_skill.py +136 -0
package/.cursor/skills/skill-creator/scripts/quick_validate.py +103 -0
package/.cursor/skills/skill-creator/scripts/run_eval.py +310 -0
package/.cursor/skills/skill-creator/scripts/run_loop.py +332 -0
package/.cursor/skills/skill-creator/scripts/utils.py +47 -0
package/.cursor/skills/sms-mail/SKILL.md +266 -228
package/.cursor/skills/social-login/SKILL.md +257 -195
package/.cursor/skills/sync-back-merge/SKILL.md +66 -0
package/.cursor/skills/tenant-management/SKILL.md +172 -188
package/.cursor/skills/utils-toolkit/SKILL.md +214 -222
package/.cursor/skills/websocket-sse/SKILL.md +251 -172
package/.cursor/skills/workflow-engine/SKILL.md +178 -250
package/.cursor/skills/yunxiao-task-management/SKILL.md +489 -0
package/AGENTS.md +49 -540
package/CLAUDE.md +73 -119
package/README.md +37 -6
package/bin/index.js +611 -25
package/package.json +1 -1
package/src/platform-map.json +4 -0
package/src/skills/api-development/SKILL.md +179 -130
package/src/skills/architecture-design/SKILL.md +102 -212
package/src/skills/backend-annotations/SKILL.md +166 -220
package/src/skills/bug-detective/SKILL.md +225 -186
package/src/skills/code-patterns/SKILL.md +127 -244
package/src/skills/codex-code-review/SKILL.md +261 -69
package/src/skills/collaborating-with-codex/SKILL.md +96 -113
package/src/skills/crud-development/SKILL.md +226 -307
package/src/skills/data-permission/SKILL.md +131 -202
package/src/skills/database-ops/SKILL.md +158 -355
package/src/skills/error-handler/SKILL.md +224 -285
package/src/skills/file-oss-management/SKILL.md +174 -169
package/src/skills/git-workflow/SKILL.md +123 -341
package/src/skills/json-serialization/SKILL.md +121 -137
package/src/skills/leniu-report-customization/SKILL.md +82 -2
package/src/skills/leniu-report-standard-customization/SKILL.md +65 -2
package/src/skills/loki-log-query/SKILL.md +400 -0
package/src/skills/loki-log-query/environments.json +45 -0
package/src/skills/mysql-debug/SKILL.md +58 -22
package/src/skills/performance-doctor/SKILL.md +83 -89
package/src/skills/redis-cache/SKILL.md +134 -185
package/src/skills/scheduled-jobs/SKILL.md +187 -224
package/src/skills/security-guard/SKILL.md +168 -276
package/src/skills/skill-creator/LICENSE.txt +202 -0
package/src/skills/skill-creator/SKILL.md +479 -0
package/src/skills/skill-creator/agents/analyzer.md +274 -0
package/src/skills/skill-creator/agents/comparator.md +202 -0
package/src/skills/skill-creator/agents/grader.md +223 -0
package/src/skills/skill-creator/assets/eval_review.html +146 -0
package/src/skills/skill-creator/eval-viewer/generate_review.py +471 -0
package/src/skills/skill-creator/eval-viewer/viewer.html +1325 -0
package/src/skills/skill-creator/references/schemas.md +430 -0
package/src/skills/skill-creator/scripts/__init__.py +0 -0
package/src/skills/skill-creator/scripts/aggregate_benchmark.py +401 -0
package/src/skills/skill-creator/scripts/generate_report.py +326 -0
package/src/skills/skill-creator/scripts/improve_description.py +248 -0
package/src/skills/skill-creator/scripts/package_skill.py +136 -0
package/src/skills/skill-creator/scripts/quick_validate.py +103 -0
package/src/skills/skill-creator/scripts/run_eval.py +310 -0
package/src/skills/skill-creator/scripts/run_loop.py +332 -0
package/src/skills/skill-creator/scripts/utils.py +47 -0
package/src/skills/sms-mail/SKILL.md +266 -228
package/src/skills/social-login/SKILL.md +257 -195
package/src/skills/sync-back-merge/SKILL.md +66 -0
package/src/skills/tenant-management/SKILL.md +172 -188
package/src/skills/utils-toolkit/SKILL.md +214 -222
package/src/skills/websocket-sse/SKILL.md +251 -172
package/src/skills/workflow-engine/SKILL.md +178 -250
package/src/skills/yunxiao-task-management/SKILL.md +489 -0

package/.claude/skills/codex-code-review/SKILL.md ADDED Viewed

@@ -0,0 +1,327 @@
+---
+name: codex-code-review
+description: |
+  代码审查工作流。分两阶段：先执行本地规范检查（Grep 即时完成）+ 代码逻辑审查（Read 逐文件），再可选调用 Codex CLI 深度审查。
+  触发场景：
+  - /dev 或 /crud 命令完成代码生成后
+  - Bug 修复完成后
+  - 用户说"审查代码"、"review"、"代码审查"、"检查代码"
+  - 用户说"检查一下刚写的代码"
+  - Stop Hook 提示后用户输入"review"
+  触发词：代码审查、review、审查代码、检查代码、code review、代码质量、codex审查、codex review
+---
+# 代码审查工作流
+> 两阶段审查：**本地检查**（规范 + 逻辑） + **Codex 深度审查**（可选）。
+## Phase 1: 收集变更范围
+```bash
+git diff --name-only HEAD
+git diff --cached --name-only
+```
+如果没有变更文件，提示"没有检测到代码变更"并终止。
+将变更文件按类型分组：
+- **Java 文件**：Controller / Business / Service / Mapper / Entity / VO / DTO
+- **XML 文件**：Mapper XML
+- **SQL 文件**：建表/变更脚本
+- **其他**：配置文件等
+---
+## Phase 2: 本地检查（必做）
+分两步执行：**Step A** 用 Grep 批量扫描规范问题（秒级），**Step B** 用 Read 逐文件审查代码逻辑。
+### Step A: 项目规范扫描（Grep 批量检查）
+#### 🔴 A1. 包名规范
+```bash
+Grep pattern: "package org\.dromara\." path: [目标目录] glob: "*.java"
+```
+- ❌ `package org.dromara.xxx` → ✅ `package net.xnzn.core.xxx`
+#### 🔴 A2. 禁止 RuoYi 工具类
+```bash
+Grep pattern: "MapstructUtils" path: [目标目录] glob: "*.java"
+Grep pattern: "ServiceException" path: [目标目录] glob: "*.java"
+Grep pattern: "import javax\.validation" path: [目标目录] glob: "*.java"
+```
+- ❌ `MapstructUtils` → ✅ `BeanUtil.copyProperties()`
+- ❌ `ServiceException` → ✅ `LeException`
+- ❌ `javax.validation.*` → ✅ `jakarta.validation.*`（JDK 21）
+#### 🔴 A3. 审计字段名称
+```bash
+Grep pattern: "private.*createBy|private.*updateBy|private.*createTime|private.*updateTime" path: [目标目录] glob: "*.java"
+```
+- ❌ `createBy/updateBy/createTime/updateTime` → ✅ `crby/upby/crtime/uptime`
+#### 🔴 A4. del_flag 值语义
+```bash
+Grep pattern: "delFlag.*=.*0|del_flag.*=.*0" path: [目标目录] glob: "*.java"
+```
+- ❌ `delFlag = 0`（RuoYi 正常值） → ✅ `delFlag = 2`（leniu 正常值，1=删除）
+#### 🔴 A5. Entity 不含 tenant_id
+```bash
+Grep pattern: "tenantId|tenant_id" path: [目标目录] glob: "*.java"
+```
+- ❌ 双库物理隔离，无需 `tenant_id` 字段
+#### 🔴 A6. 禁止 Map 传递业务数据
+```bash
+Grep pattern: "Map<String,\s*Object>" path: [目标目录] glob: "*.java"
+```
+- ❌ `Map<String, Object>` → ✅ 使用 VO/DTO 类
+#### 🟡 A7. 事务注解缺少 rollbackFor
+```bash
+Grep pattern: "@Transactional\b" path: [目标目录] glob: "*.java"
+# 对命中文件二次检查：是否缺少 rollbackFor
+Grep pattern: "@Transactional\((?!.*rollbackFor)" path: [命中文件]
+```
+- ❌ `@Transactional` → ✅ `@Transactional(rollbackFor = Exception.class)`
+#### 🟡 A8. 请求体封装
+```bash
+Grep pattern: "@RequestBody [^L]" path: [目标目录] glob: "*Controller.java"
+```
+- 建议 POST 请求使用 `@RequestBody LeRequest<T>` 封装
+#### 🟡 A9. 金额类型错误
+```bash
+Grep pattern: "Double|Float|double|float" path: [目标目录] glob: "*.java"
+# 在命中行中检查是否涉及金额字段（amount/price/money/fee/cost）
+```
+- ❌ `Double/Float` 处理金额 → ✅ `Long`（分）或 `BigDecimal`
+#### 🟡 A10. BigDecimal 比较错误
+```bash
+Grep pattern: "BigDecimal.*==|==.*BigDecimal" path: [目标目录] glob: "*.java"
+```
+- ❌ `bigDecimal1 == bigDecimal2` → ✅ `bigDecimal1.compareTo(bigDecimal2) == 0`
+#### 🟡 A11. SELECT * 查询
+```bash
+Grep pattern: "SELECT \*|select \*" path: [目标目录] glob: "*.xml"
+```
+- ❌ `SELECT *` → ✅ 明确列出需要的字段
+#### 🟡 A12. SQL 注入风险
+```bash
+Grep pattern: '\$\{' path: [目标目录] glob: "*.xml"
+```
+- ❌ `${}` 拼接参数 → ✅ `#{}` 参数化查询（ORDER BY 等特殊场景除外）
+#### 🟡 A13. 国际化异常
+```bash
+Grep pattern: 'new LeException\("[^"]*[\u4e00-\u9fa5]' path: [目标目录] glob: "*.java"
+```
+- 建议使用 `I18n.getMessage()` 替代硬编码中文
+---
+### Step B: 代码逻辑审查（Read 逐文件检查）
+对每个变更的 Java 文件执行 Read，按以下清单逐项审查。
+#### Java 必检项（所有 Java 文件）
+| # | 检查项 | 检查要点 | 严重级 |
+|---|--------|---------|--------|
+| B1 | **空指针风险** | `selectOne`/`getOne`/`selectById` 返回值是否有 null 判断；Optional 是否正确处理 | 🔴 |
+| B2 | **参数校验** | 入参是否校验非空和合法性（`@NotNull`/`@NotEmpty`/`Objects.requireNonNull`/手动 if 判断） | 🔴 |
+| B3 | **并发安全** | 查询+新增/查询+更新的组合操作是否有竞态条件；是否需要分布式锁 | 🔴 |
+| B4 | **事务边界** | 多表写操作是否加了 `@Transactional(rollbackFor = Exception.class)` | 🔴 |
+| B5 | **资源关闭** | Stream/IO流/数据库连接是否用 try-with-resources 或 finally 关闭 | 🔴 |
+| B6 | **集合并发修改** | `forEach` 内是否有 remove/add 操作；应使用 `Iterator` 或 `removeIf` | 🔴 |
+| B7 | **分页泄漏** | `PageMethod.startPage()` 是否紧贴查询语句，中间不能有其他 SQL 查询 | 🔴 |
+#### Java 安全项
+| # | 检查项 | 检查要点 | 严重级 |
+|---|--------|---------|--------|
+| B8 | **租户隔离（仅定时任务）** | 定时任务中是否使用 `Executors.doInTenant()`/`doInAllTenant()` 切换到商户库；普通接口默认在商户库，无需额外处理 | 🔴 |
+| B9 | **SQL 注入** | 动态 SQL 是否使用参数化查询；拼接 SQL 是否转义 | 🔴 |
+| B10 | **越权访问** | 删除/修改操作是否校验数据归属（检查 where 条件是否包含归属字段） | 🔴 |
+| B11 | **敏感信息** | 日志中是否打印了密码、token、身份证、银行卡等敏感信息 | 🔴 |
+| B12 | **批量操作限制** | 批量删除/更新是否限制了最大数量，防止误操作全表 | 🟡 |
+#### Java 跨模块调用项
+| # | 检查项 | 检查要点 | 严重级 |
+|---|--------|---------|--------|
+| B13 | **返回值兜底** | 返回 `List`/`Map` 时是否有空集合兜底（`Collections.emptyList()`），避免调用方 NPE | 🟡 |
+| B14 | **集合参数防御** | 集合入参(`List`/`Set`)是否判空，空集合的 `IN()` 会导致 SQL 异常 | 🔴 |
+| B15 | **异常透传** | 是否吞掉异常不抛出（空 catch 块）；跨模块调用需要明确的异常传递 | 🔴 |
+| B16 | **日志追踪** | 关键操作或异常分支是否有日志（`log.info`/`log.error`），便于跨模块问题排查 | 🟡 |
+#### Java 代码规范项
+| # | 检查项 | 检查要点 | 严重级 |
+|---|--------|---------|--------|
+| B17 | **魔法值** | 是否存在未定义的常量（状态码 1/2/3 必须用枚举，字符串必须定义常量） | 🟡 |
+| B18 | **方法长度** | 方法是否过长（>50 行），需要拆分为子方法 | 🔵 |
+| B19 | **注释完整性** | 公共 API（Controller/Business 方法）是否有 JavaDoc 注释 | 🔵 |
+| B20 | **空 catch 块** | catch 块是否为空或仅打印日志而不处理/不抛出 | 🟡 |
+| B21 | **过时 API** | 是否使用了 `@Deprecated` 的方法或类 | 🔵 |
+| B22 | **返回值一致性** | Controller 层是否统一返回 `LeResponse<T>`，不能裸返回 | 🟡 |
+---
+#### MyBatis XML 检查（仅 XML 文件）
+| # | 检查项 | 检查要点 | 严重级 |
+|---|--------|---------|--------|
+| X1 | **SQL 注入** | 使用 `${}` 而非 `#{}` 进行参数拼接（ORDER BY 等场景需白名单校验） | 🔴 |
+| X2 | **IN 查询防护** | IN 查询是否用 `<foreach>` 且考虑集合为空的情况（空 IN 会 SQL 异常） | 🔴 |
+| X3 | **动态 SQL 语法** | `<if>`/`<where>`/`<choose>` 标签使用是否正确，是否会产生多余的 AND/OR | 🟡 |
+| X4 | **SELECT *** | 是否使用 `SELECT *`，应明确列出需要的字段 | 🟡 |
+| X5 | **缺少 WHERE** | UPDATE/DELETE 是否缺少 WHERE 条件（全表操作风险） | 🔴 |
+| X6 | **索引失效** | WHERE 条件是否对索引字段使用了函数（`DATE(crtime)`）或隐式类型转换 | 🟡 |
+| X7 | **LIKE 前模糊** | `LIKE '%xxx%'` 或 `LIKE CONCAT('%', #{}, '%')` 前模糊导致全表扫描 | 🟡 |
+| X8 | **大表无分页** | 大表查询是否遗漏分页，可能造成 OOM | 🟡 |
+| X9 | **namespace 匹配** | namespace 是否与 Mapper 接口全限定名完全匹配 | 🔴 |
+| X10 | **resultMap 映射** | 是否正确定义 resultMap，字段名和属性名是否对应 | 🟡 |
+---
+### 本地检查结果展示
+```
+# 代码审查报告
+审查范围: [变更文件列表]
+## 🔴 严重问题（X 项）
+1. [B1 空指针风险]
+   文件: OrderServiceImpl.java:42
+   问题: selectById 返回值未做 null 判断
+   修复: if (ObjectUtil.isNull(entity)) throw new LeException("数据不存在");
+2. [A2 禁止 RuoYi 工具类]
+   文件: UserServiceImpl.java:15
+   问题: 使用了 MapstructUtils
+   修复: 替换为 BeanUtil.copyProperties()
+## 🟡 警告问题（X 项）
+...
+## 🔵 建议（X 项）
+...
+## ✅ 通过项
+- [x] A1 包名规范 (net.xnzn.core.*)
+- [x] A3 审计字段正确 (crby/crtime/upby/uptime)
+- [x] A4 del_flag 语义正确 (2=正常)
+- [x] B8 租户隔离正确
+...
+结论: ✅ 通过 / ⚠️ 需修复 X 项 / ❌ 不通过
+```
+如果全部通过 → 展示"本地检查通过"，询问是否需要 Codex 深度审查。
+如果有问题 → 先修复严重问题，修复后再询问是否需要 Codex 深度审查。
+---
+## Phase 3: Codex 深度审查（可选）
+> 依赖 `collaborating-with-codex` skill 的 `codex_bridge.py` 脚本。
+> Codex 擅长发现本地规则难以覆盖的**逻辑 Bug、复杂并发问题、架构缺陷**。
+Phase 2 完成后询问用户："是否需要 Codex 深度审查？"
+- 用户同意 → 执行以下流程
+- 用户拒绝 → 跳到 Phase 5
+```bash
+python3 .claude/skills/collaborating-with-codex/scripts/codex_bridge.py \
+  --cd . \
+  --sandbox read-only \
+  --PROMPT "Review the following changed files for code quality issues:
+FILES TO REVIEW:
+{变更文件列表，含相对路径}
+REVIEW FOCUS (beyond basic lint):
+1. Logic bugs: race conditions, off-by-one, incorrect state transitions, edge cases
+2. Security: privilege escalation, data leakage across tenants, missing auth checks
+3. Architecture: Controller calling Mapper directly, Business layer bypassed, circular dependencies
+4. Performance: N+1 queries, missing pagination on large tables, unnecessary DB calls in loops
+5. Concurrency: check-then-act without locking, shared mutable state, CompletableFuture error handling
+PROJECT CONTEXT:
+- Package: net.xnzn.core.* (NOT org.dromara.*)
+- 4-layer: Controller → Business → Service → Mapper
+- Dual-database: tenant DB is default (by MERCHANT-ID header); only scheduled tasks need Executors.doInTenant()/doInAllTenant() to switch; Executors.doInSystem() for system DB access
+- Audit fields: crby/crtime/upby/uptime
+- del_flag: 1=deleted, 2=normal
+- Exception: LeException (NOT ServiceException)
+- Object copy: BeanUtil.copyProperties() (NOT MapstructUtils)
+- Amount: stored as Long (fen/cents), NOT Double/Float
+- Pagination: PageMethod.startPage() must be immediately before query
+OUTPUT FORMAT:
+For each issue:
+- [SEVERITY] CRITICAL / WARNING / SUGGESTION
+- [FILE] filepath:line_number
+- [ISSUE] Description
+- [FIX] Recommended fix
+If no issues: ALL CLEAR
+IMPORTANT: All comments in Chinese, code/paths in English."
+```
+**关键约束**：
+- 始终使用 `--sandbox read-only`，Codex 不直接修改文件
+- 变更文件过多时（>10 个），按模块分批审查
+- 使用 `run_in_background` 避免阻塞
+---
+## Phase 4: 用户确认后修复
+合并 Phase 2 和 Phase 3 的所有问题，等待用户确认：
+- **全部修复**："修复所有问题" → 逐个修复所有 🔴 + 🟡
+- **选择性修复**："只修复严重问题" → 仅修复 🔴
+- **跳过**："不需要修复" → 终止
+修复时：
+1. 按文件逐个修复，使用 Edit 工具
+2. 每修复一个文件，简要说明改动
+3. 🔵 建议级别默认跳过，除非用户明确要求
+4. 修复完成后运行 `git diff` 展示所有变更
+---
+## Phase 5: 最终确认
+修复完成后询问："是否需要再次审查确认？"
+- 如果用户同意 → 回到 Phase 2 重新审查
+- 如果用户拒绝 → 输出最终结论并终止
+```
+结论: ✅ 通过 / ⚠️ 需修复 / ❌ 不通过
+```
+---
+## 前端审查（如涉及前端文件变更）
+前端项目路径：`/Users/xujiajun/Developer/frontProj/web`
+| # | 检查项 | 检查要点 |
+|---|--------|---------|
+| F1 | 响应码 | 成功码是 `10000`（不是 200） |
+| F2 | Token | `Admin-Token`（localStorage） |
+| F3 | 租户头 | `MERCHANT-ID`（请求头） |
+| F4 | 金额显示 | 后端返回分，前端用 `money()` 转元 |
+| F5 | 权限指令 | 按钮权限使用 `v-hasPerm` |
+| F6 | 加密 | 敏感字段使用 SM4 加密 |

package/.claude/skills/collaborating-with-codex/SKILL.md CHANGED Viewed

@@ -1,7 +1,8 @@
 ---
 name: collaborating-with-codex
 description: |
-  与 OpenAI Codex CLI 协同开发。将编码任务委托给 Codex 进行原型开发、调试分析和代码审查。
+  与 OpenAI Codex CLI 协同开发。支持 MCP 原生集成和桥接脚本两种模式。
+  默认模型：gpt-5.3-codex
   触发场景：
   - 需要算法实现或复杂逻辑分析
@@ -14,161 +15,143 @@ description: |
   前置要求：
   - 已安装 Codex CLI (npm install -g @openai/codex)
-  - 已配置 OpenAI API Key
+  - 已配置 OpenAI API Key (codex auth login)
 ---
 # 与 Codex CLI 协同开发
-> 通过 Python 桥接脚本调用 Codex CLI，获取算法实现和代码审查建议。
+> 两种调用方式：**MCP 原生集成**（推荐）和桥接脚本。默认模型 `gpt-5.3-codex`。
-## 快速开始
+---
-```bash
-# 相对路径（推荐，在项目根目录执行）
-python .claude/skills/collaborating-with-codex/scripts/codex_bridge.py --cd . --PROMPT "Your task"
+## 方式一：MCP 原生集成（推荐）
+已通过 `codex-mcp-server` 注册为 Claude Code 的 MCP 工具，可直接在对话中使用。
+### MCP 工具列表
+| 工具 | 用途 | 示例指令 |
+|------|------|---------|
+| `codex` | AI 编码助手，支持会话、模型选择 | "用 codex 分析这个函数" |
+| `review` | 代码审查（未提交代码、分支、提交） | "用 codex review 检查 main 分支差异" |
+| `listSessions` | 查看活跃会话 | "列出 codex 会话" |
+| `ping` | 测试连接 | "ping codex" |
+### MCP 使用示例
+**基础调用**：直接在 Claude Code 对话中说：
+- "用 codex 工具分析 OrderInfoService 的业务逻辑"
+- "用 codex review 检查当前未提交的代码变更"
+- "用 codex 生成这个方法的单元测试，模型用 gpt-5.3-codex"
+**多轮会话**：codex 工具支持 `sessionId` 参数，自动维持上下文。
+**模型指定**：调用时传入 `model: "gpt-5.3-codex"` 参数（已配置为默认）。
+### MCP 配置位置
+```
+~/.claude.json → projects → mcpServers → codex-cli
+~/.codex/config.toml → profiles（review/analyze/prototype）
 ```
-**输出**: JSON 格式，包含 `success`、`SESSION_ID`、`agent_messages` 和可选的 `error`。
+---
+## 方式二：桥接脚本
+适用于需要精细控制参数或后台批量执行的场景。
+### 快速开始
+```bash
+python .claude/skills/collaborating-with-codex/scripts/codex_bridge.py \
+  --cd . --model gpt-5.3-codex --PROMPT "Your task"
+```
-## 参数说明
+### 参数说明
 | 参数 | 类型 | 必填 | 默认值 | 说明 |
 |------|------|------|--------|------|
 | `--PROMPT` | str | ✅ | - | 发送给 Codex 的任务指令（使用英语） |
 | `--cd` | Path | ✅ | - | 工作目录根路径 |
-| `--sandbox` | Literal | ❌ | `read-only` | 沙箱策略：`read-only`/`workspace-write`/`danger-full-access` |
+| `--model` | str | ❌ | `gpt-5.3-codex` | 指定模型 |
+| `--sandbox` | Literal | ❌ | `read-only` | 沙箱策略 |
 | `--SESSION_ID` | UUID | ❌ | `None` | 会话 ID（继续之前的对话） |
-| `--skip-git-repo-check` | bool | ❌ | `True` | 允许在非 Git 仓库运行 |
+| `--profile` | str | ❌ | `None` | Codex profile（review/analyze/prototype） |
 | `--return-all-messages` | bool | ❌ | `False` | 返回完整推理信息 |
-| `--image` | List[Path] | ❌ | `None` | 附加图片文件到提示词 |
-| `--model` | str | ❌ | `None` | 指定模型（仅用户明确要求时使用） |
-| `--yolo` | bool | ❌ | `False` | 跳过所有审批与沙箱限制（危险） |
+| `--image` | List[Path] | ❌ | `None` | 附加图片 |
+| `--yolo` | bool | ❌ | `False` | 跳过审批（危险） |
-## 使用模式
-### 1. 基础调用（只读模式）
+### 使用示例
 ```bash
+# 代码分析（只读）
 python .claude/skills/collaborating-with-codex/scripts/codex_bridge.py \
-  --cd . \
-  --PROMPT "Analyze the authentication flow in the login module"
-```
-### 2. 多轮会话
+  --cd . --model gpt-5.3-codex --profile analyze \
+  --PROMPT "Analyze the four-layer architecture in OrderInfoWebController"
-**始终保存 SESSION_ID** 用于后续对话：
-```bash
-# 第一轮：分析代码
+# 代码审查
 python .claude/skills/collaborating-with-codex/scripts/codex_bridge.py \
-  --cd "/project" \
-  --PROMPT "Analyze the AdServiceImpl class"
+  --cd . --model gpt-5.3-codex --profile review \
+  --PROMPT "Review OrderWebBusiness.java for bugs. OUTPUT: Review with line numbers."
-# 后续轮次：使用 SESSION_ID 继续
+# 生成 Diff 补丁
 python .claude/skills/collaborating-with-codex/scripts/codex_bridge.py \
-  --cd "/project" \
-  --SESSION_ID "uuid-from-previous-response" \
-  --PROMPT "Now write unit tests for the add method"
-```
+  --cd . --model gpt-5.3-codex \
+  --PROMPT "Generate unified diff to add logging. OUTPUT: Unified Diff Patch ONLY."
-### 3. 获取 Unified Diff 补丁
-```bash
+# 多轮会话
 python .claude/skills/collaborating-with-codex/scripts/codex_bridge.py \
-  --cd "/project" \
-  --PROMPT "Generate a unified diff to add logging to AdServiceImpl. OUTPUT: Unified Diff Patch ONLY."
+  --cd . --model gpt-5.3-codex \
+  --SESSION_ID "uuid-from-previous" \
+  --PROMPT "Now write unit tests for the method we discussed"
 ```
-### 4. 调试模式（返回完整信息）
+---
-```bash
-python .claude/skills/collaborating-with-codex/scripts/codex_bridge.py \
-  --cd "/project" \
-  --PROMPT "Debug this error: NullPointerException in line 42" \
-  --return-all-messages
-```
+## Codex Profile 配置
-## 返回值结构
+已在 `~/.codex/config.toml` 中预设 3 个 profile：
-**成功时：**
-```json
-{
-  "success": true,
-  "SESSION_ID": "550e8400-e29b-41d4-a716-446655440000",
-  "agent_messages": "模型回复内容..."
-}
-```
+| Profile | 模型 | 沙箱 | 推理强度 | 适用场景 |
+|---------|------|------|---------|---------|
+| `review` | gpt-5.3-codex | read-only | medium | 快速代码审查 |
+| `analyze` | gpt-5.3-codex | read-only | high | 深度逻辑分析 |
+| `prototype` | gpt-5.3-codex | workspace-write | high | 原型生成 |
-**失败时：**
-```json
-{
-  "success": false,
-  "error": "错误信息描述"
-}
-```
-## 协作工作流
+---
-### 推荐场景
+## 协作分工原则
-| 场景 | 说明 |
-|------|------|
-| **后端逻辑分析** | Codex 擅长复杂算法和后端逻辑 |
-| **代码审查** | 获取代码质量和潜在问题的反馈 |
-| **Debug 分析** | 利用其强大的调试能力定位问题 |
-| **原型设计** | 快速获取实现思路（返回 Diff 而非直接修改） |
+| 角色 | Claude Code 负责 | Codex 负责 |
+|------|-----------------|-----------|
+| **架构** | 设计、决策、审校 | 分析现有代码 |
+| **开发** | 规范重构、最终代码 | 原型生成（Diff） |
+| **审查** | 规范检查、最终判定 | 逐文件审查、安全扫描 |
+| **调试** | 日志分析、定位 | 深度代码分析、补丁 |
 ### 重要约束
-1. **只读模式**: 始终使用 `--sandbox read-only`，禁止 Codex 直接修改文件
-2. **英语交互**: 与 Codex 交互时使用英语，获得更好效果
-3. **中文输出强制**: Codex 倾向于输出英文，必须在每次 PROMPT 末尾追加以下约束：
+1. **只读优先**: 默认 `read-only`，仅原型生成用 `workspace-write`
+2. **英语 Prompt**: 与 Codex 交互用英语
+3. **中文强制**: 每次 PROMPT 末尾追加：
    ```
    IMPORTANT LANGUAGE RULES:
-   - All SQL COMMENT values MUST be in Chinese (e.g., COMMENT '用户名' NOT COMMENT 'username')
-   - All Java/code comments (Javadoc, inline //, block /* */) MUST be in Chinese
-   - All field descriptions, table descriptions MUST be in Chinese
-   - Variable names and class names remain in English (camelCase/PascalCase)
+   - All SQL COMMENT values MUST be in Chinese
+   - All Java/code comments MUST be in Chinese
+   - Variable names and class names remain in English
    ```
-4. **Diff 输出**: 在 PROMPT 中明确要求 `OUTPUT: Unified Diff Patch ONLY`
-5. **重构代码**: 将 Codex 的输出视为"脏原型"，由 Claude 重构为生产代码（**特别检查注释和 COMMENT 是否为中文，不是则修正**）
-6. **后台运行**: 对于长时间任务，使用 `Run in the background`
-## 与本项目的集成
-### 典型用例：后端模块分析
-```bash
-# 分析 Service 层实现
-python .claude/skills/collaborating-with-codex/scripts/codex_bridge.py \
-  --cd . \
-  --PROMPT "Analyze the three-layer architecture (Controller -> Service -> Mapper) in ruoyi-modules/ruoyi-system. Focus on how buildQueryWrapper is implemented in Service layer."
-```
-### 典型用例：代码审查
+4. **脏原型思维**: Codex 输出视为草稿，Claude 按项目规范重构
+5. **后台运行**: 长时间任务用 subagent `run_in_background`
-```bash
-# 审查新增的业务模块
-python .claude/skills/collaborating-with-codex/scripts/codex_bridge.py \
-  --cd "/project" \
-  --PROMPT "Review the XxxServiceImpl.java for potential bugs, security issues, and adherence to the project's three-layer architecture pattern (Controller -> Service -> Mapper, NO DAO layer). OUTPUT: Review comments with specific line numbers."
-```
-## 安装前置
-```bash
-# 安装 Codex CLI
-npm install -g @openai/codex
-# 配置 API Key（可选，如果未设置环境变量）
-codex auth login
-```
+---
 ## 故障排除
 | 问题 | 解决方案 |
 |------|---------|
-| `codex: command not found` | 确保已安装并添加到 PATH |
-| `SESSION_ID` 获取失败 | 检查网络连接和 API Key |
-| 输出被截断 | 使用 `--return-all-messages` 获取完整信息 |
-| Windows 路径问题 | 使用正斜杠 `/` 或双反斜杠 `\\` |
+| MCP 工具未出现 | 重启 Claude Code 会话，检查 `~/.claude.json` |
+| `codex: command not found` | `npm i -g @openai/codex` 并确认 PATH |
+| 模型不对 | 调用时显式传 `model: "gpt-5.3-codex"` |
+| MCP 连接超时 | `npx -y codex-mcp-server` 手动测试 |
+| 桥接脚本 SESSION_ID 失败 | 检查网络和 API Key |