autosnippet 2.1.0 → 2.5.0

package/lib/external/mcp/handlers/skill.js

@@ -15,7 +15,9 @@ import path from 'node:path';
 import { fileURLToPath } from 'node:url';
 
 const __dirname = path.dirname(fileURLToPath(import.meta.url));
-const SKILLS_DIR = path.resolve(__dirname, '../../../../skills');
+const PROJECT_ROOT = path.resolve(__dirname, '../../../..');
+const SKILLS_DIR = path.resolve(PROJECT_ROOT, 'skills');
+const PROJECT_SKILLS_DIR = path.resolve(PROJECT_ROOT, '.autosnippet', 'skills');
 
 /**
  * Skill 名称 → 摘要描述映射（用于 list_skills 返回）
@@ -23,10 +25,10 @@ const SKILLS_DIR = path.resolve(__dirname, '../../../../skills');
  * 从 SKILL.md 的 frontmatter description 提取。
  * 如果解析失败，返回 Skill 名称本身。
  */
-function _parseSkillSummary(skillName) {
+function _parseSkillSummary(skillName, baseDir = SKILLS_DIR) {
   try {
     const content = fs.readFileSync(
-      path.join(SKILLS_DIR, skillName, 'SKILL.md'), 'utf8',
+      path.join(baseDir, skillName, 'SKILL.md'), 'utf8',
     );
     // 提取 frontmatter 的 description 字段
     const descMatch = content.match(/^description:\s*(.+?)(?:\n|$)/m);
@@ -72,16 +74,25 @@ const SKILL_USE_CASES = {
  */
 export function listSkills() {
   try {
-    const dirs = fs.readdirSync(SKILLS_DIR, { withFileTypes: true })
-      .filter(d => d.isDirectory())
-      .map(d => d.name)
-      .sort();
+    const skillMap = new Map();
 
-    const skills = dirs.map(name => ({
-      name,
-      summary: _parseSkillSummary(name),
-      useCase: SKILL_USE_CASES[name] || null,
-    }));
+    // 内置 Skills
+    const builtinDirs = fs.readdirSync(SKILLS_DIR, { withFileTypes: true })
+      .filter(d => d.isDirectory()).map(d => d.name);
+    for (const name of builtinDirs) {
+      skillMap.set(name, { name, source: 'builtin', summary: _parseSkillSummary(name, SKILLS_DIR), useCase: SKILL_USE_CASES[name] || null });
+    }
+
+    // 项目级 Skills（覆盖同名内置）
+    try {
+      const projectDirs = fs.readdirSync(PROJECT_SKILLS_DIR, { withFileTypes: true })
+        .filter(d => d.isDirectory()).map(d => d.name);
+      for (const name of projectDirs) {
+        skillMap.set(name, { name, source: 'project', summary: _parseSkillSummary(name, PROJECT_SKILLS_DIR), useCase: SKILL_USE_CASES[name] || null });
+      }
+    } catch { /* no project skills */ }
+
+    const skills = [...skillMap.values()].sort((a, b) => a.name.localeCompare(b.name));
 
     return JSON.stringify({
       success: true,
@@ -120,7 +131,11 @@ export function loadSkill(_ctx, args) {
     });
   }
 
-  const skillPath = path.join(SKILLS_DIR, skillName, 'SKILL.md');
+  // 项目级 Skills 优先
+  const projectSkillPath = path.join(PROJECT_SKILLS_DIR, skillName, 'SKILL.md');
+  const builtinSkillPath = path.join(SKILLS_DIR, skillName, 'SKILL.md');
+  const skillPath = fs.existsSync(projectSkillPath) ? projectSkillPath : builtinSkillPath;
+  const source = skillPath === projectSkillPath ? 'project' : 'builtin';
 
   try {
     let content = fs.readFileSync(skillPath, 'utf8');
@@ -141,6 +156,7 @@ export function loadSkill(_ctx, args) {
       success: true,
       data: {
         skillName,
+        source,
         content,
         charCount: content.length,
         useCase: SKILL_USE_CASES[skillName] || null,
@@ -148,22 +164,174 @@ export function loadSkill(_ctx, args) {
       },
     });
   } catch {
-    // 列出可用 Skills 帮助 Agent 修正
-    const available = fs.readdirSync(SKILLS_DIR, { withFileTypes: true })
-      .filter(d => d.isDirectory())
-      .map(d => d.name);
+    // 列出所有可用 Skills
+    const available = new Set();
+    try { fs.readdirSync(SKILLS_DIR, { withFileTypes: true }).filter(d => d.isDirectory()).forEach(d => available.add(d.name)); } catch {}
+    try { fs.readdirSync(PROJECT_SKILLS_DIR, { withFileTypes: true }).filter(d => d.isDirectory()).forEach(d => available.add(d.name)); } catch {}
 
     return JSON.stringify({
       success: false,
       error: {
         code: 'SKILL_NOT_FOUND',
         message: `Skill "${skillName}" not found`,
-        availableSkills: available,
+        availableSkills: [...available],
       },
     });
   }
 }
 
+// ═══════════════════════════════════════════════════════════
+// Handler: createSkill
+// ═══════════════════════════════════════════════════════════
+
+/**
+ * 创建项目级 Skill — 写入 .autosnippet/skills/<name>/SKILL.md
+ * 创建后自动 regenerate 编辑器索引（.cursor/rules/autosnippet-skills.mdc）
+ *
+ * @param {object} _ctx  MCP context
+ * @param {object} args  { name, description, content, overwrite? }
+ * @returns {string} JSON envelope
+ */
+export function createSkill(_ctx, args) {
+  const { name, description, content, overwrite = false } = args || {};
+
+  // ── 参数校验 ──
+  if (!name || !description || !content) {
+    return JSON.stringify({
+      success: false,
+      error: { code: 'MISSING_PARAM', message: 'name, description, content are all required' },
+    });
+  }
+
+  // 名称格式校验：kebab-case（允许字母、数字、连字符）
+  if (!/^[a-z][a-z0-9-]*[a-z0-9]$/.test(name) || name.length < 3 || name.length > 64) {
+    return JSON.stringify({
+      success: false,
+      error: {
+        code: 'INVALID_NAME',
+        message: `Skill name must be kebab-case (a-z, 0-9, -), 3-64 chars. Got: "${name}"`,
+      },
+    });
+  }
+
+  // 不允许覆盖内置 Skill
+  const builtinSkillPath = path.join(SKILLS_DIR, name, 'SKILL.md');
+  if (fs.existsSync(builtinSkillPath)) {
+    return JSON.stringify({
+      success: false,
+      error: {
+        code: 'BUILTIN_CONFLICT',
+        message: `"${name}" is a built-in Skill and cannot be overwritten. Choose a different name.`,
+      },
+    });
+  }
+
+  // 检查同名项目级 Skill
+  const skillDir = path.join(PROJECT_SKILLS_DIR, name);
+  const skillPath = path.join(skillDir, 'SKILL.md');
+  if (fs.existsSync(skillPath) && !overwrite) {
+    return JSON.stringify({
+      success: false,
+      error: {
+        code: 'ALREADY_EXISTS',
+        message: `Project skill "${name}" already exists. Set overwrite=true to replace.`,
+      },
+    });
+  }
+
+  // ── 写入 SKILL.md ──
+  try {
+    fs.mkdirSync(skillDir, { recursive: true });
+
+    const frontmatter = [
+      '---',
+      `name: ${name}`,
+      `description: ${description}`,
+      '---',
+      '',
+    ].join('\n');
+
+    fs.writeFileSync(skillPath, frontmatter + content, 'utf8');
+  } catch (err) {
+    return JSON.stringify({
+      success: false,
+      error: { code: 'WRITE_ERROR', message: `Failed to write SKILL.md: ${err.message}` },
+    });
+  }
+
+  // ── regenerate 编辑器索引 ──
+  const indexResult = _regenerateEditorIndex();
+
+  return JSON.stringify({
+    success: true,
+    data: {
+      skillName: name,
+      path: skillPath,
+      overwritten: fs.existsSync(skillPath) && overwrite,
+      editorIndex: indexResult,
+      hint: `Skill "${name}" created. Use autosnippet_load_skill to verify content.`,
+    },
+  });
+}
+
+/**
+ * Regenerate .cursor/rules/autosnippet-skills.mdc 索引文件
+ * 扫描所有项目级 Skills，生成摘要索引供 External Agent 被动发现
+ *
+ * @returns {{ success: boolean, path?: string, skillCount?: number, error?: string }}
+ */
+function _regenerateEditorIndex() {
+  try {
+    // 扫描项目级 Skills
+    let projectSkills = [];
+    try {
+      const dirs = fs.readdirSync(PROJECT_SKILLS_DIR, { withFileTypes: true })
+        .filter(d => d.isDirectory())
+        .map(d => d.name);
+      for (const name of dirs) {
+        const summary = _parseSkillSummary(name, PROJECT_SKILLS_DIR);
+        projectSkills.push({ name, summary });
+      }
+    } catch { /* no project skills dir */ }
+
+    if (projectSkills.length === 0) {
+      // 没有项目级 Skills 时，删除索引文件（如果存在）
+      const indexPath = path.join(PROJECT_ROOT, '.cursor', 'rules', 'autosnippet-skills.mdc');
+      try { fs.unlinkSync(indexPath); } catch { /* not exists */ }
+      return { success: true, skillCount: 0 };
+    }
+
+    // 生成 .mdc 内容
+    const skillLines = projectSkills
+      .map(s => `- **${s.name}**: ${s.summary}`)
+      .join('\n');
+
+    const mdcContent = [
+      '---',
+      'description: AutoSnippet 项目级 Skills 索引（自动生成，请勿手动编辑）',
+      'alwaysApply: true',
+      '---',
+      '',
+      '# AutoSnippet Project Skills',
+      '',
+      `本项目已注册 ${projectSkills.length} 个自定义 Skill。使用 \`autosnippet_load_skill\` 工具加载完整内容。`,
+      '',
+      skillLines,
+      '',
+    ].join('\n');
+
+    // 写入 .cursor/rules/
+    const rulesDir = path.join(PROJECT_ROOT, '.cursor', 'rules');
+    fs.mkdirSync(rulesDir, { recursive: true });
+    const indexPath = path.join(rulesDir, 'autosnippet-skills.mdc');
+    fs.writeFileSync(indexPath, mdcContent, 'utf8');
+
+    return { success: true, path: indexPath, skillCount: projectSkills.length };
+  } catch (err) {
+    return { success: false, error: err.message };
+  }
+}
+
 /**
  * 推荐相关 Skills（基于静态映射）
  */

package/lib/external/mcp/tools.js

@@ -17,6 +17,7 @@ export const TOOL_GATEWAY_MAP = {
   autosnippet_enrich_candidates: { action: 'candidate:update', resource: 'candidates' },
   autosnippet_bootstrap_knowledge: { action: 'knowledge:bootstrap', resource: 'knowledge' },
   autosnippet_bootstrap_refine: { action: 'candidate:update', resource: 'candidates' },
+  autosnippet_create_skill: { action: 'create:skills', resource: 'skills' },
 };
 
 export const TOOLS = [
@@ -623,7 +624,45 @@ export const TOOLS = [
       required: ['skillName'],
     },
   },
-  // 35. ② 内容润色：Bootstrap 候选 AI 精炼（Phase 6）
+  // 35. 创建项目级 Skill
+  {
+    name: 'autosnippet_create_skill',
+    description:
+      '创建一个项目级 Skill 文档，写入 .autosnippet/skills/<name>/SKILL.md。\n' +
+      'Skill 是 Agent 的领域知识增强文档，帮助 Agent 正确执行特定任务。\n' +
+      '创建后自动更新编辑器索引（.cursor/rules/autosnippet-skills.mdc），使 Skill 被 AI Agent 被动发现。\n' +
+      '\n' +
+      '使用场景：\n' +
+      '  • 将反复出现的操作指南/架构决策/编码规范固化为 Skill\n' +
+      '  • 为特定 Target/模块创建定制化开发指南\n' +
+      '  • 记录项目私有的最佳实践（不适合放入通用知识库）\n' +
+      '\n' +
+      '⚠️ 注意：Skill 名称建议使用 kebab-case，如 my-auth-guide',
+    inputSchema: {
+      type: 'object',
+      properties: {
+        name: {
+          type: 'string',
+          description: 'Skill 名称（kebab-case，如 my-auth-guide）。将作为目录名。',
+        },
+        description: {
+          type: 'string',
+          description: 'Skill 一句话描述（写入 SKILL.md frontmatter）',
+        },
+        content: {
+          type: 'string',
+          description: 'Skill 正文内容（Markdown 格式，不含 frontmatter）',
+        },
+        overwrite: {
+          type: 'boolean',
+          default: false,
+          description: '如果同名 Skill 已存在，是否覆盖（默认 false）',
+        },
+      },
+      required: ['name', 'description', 'content'],
+    },
+  },
+  // 36. ② 内容润色：Bootstrap 候选 AI 精炼（Phase 6）
   {
     name: 'autosnippet_bootstrap_refine',
     description:

package/lib/http/HttpServer.js

@@ -26,6 +26,7 @@ import commandsRouter from './routes/commands.js';
 import spmRouter from './routes/spm.js';
 import violationsRouter from './routes/violations.js';
 import authRouter from './routes/auth.js';
+import skillsRouter from './routes/skills.js';
 import apiSpec from './api-spec.js';
 import { initRedisService } from '../infrastructure/cache/RedisService.js';
 import { initCacheAdapter } from '../infrastructure/cache/UnifiedCacheAdapter.js';
@@ -258,6 +259,9 @@ export class HttpServer {
     // 命令路由
     this.app.use(`${apiPrefix}/commands`, commandsRouter);
 
+    // Skills 路由
+    this.app.use(`${apiPrefix}/skills`, skillsRouter);
+
     // SPM 路由
     this.app.use(`${apiPrefix}/spm`, spmRouter);
 

package/lib/http/middleware/roleResolver.js

@@ -96,7 +96,7 @@ export function roleResolverMiddleware(options = {}) {
         }
       } else {
         // 无探针实例 → 本地开发默认 admin（向后兼容）
-        req.resolvedRole = 'developer_admin';
+        req.resolvedRole = 'developer';
         req.resolvedUser = 'local';
       }
 

package/lib/http/routes/auth.js

@@ -44,7 +44,7 @@ if (!process.env.ASD_AUTH_SECRET) {
 function createToken(username) {
   const payload = {
     sub: username,
-    role: 'developer_admin',
+    role: 'developer',
     iat: Date.now(),
     exp: Date.now() + TOKEN_TTL,
   };
@@ -107,7 +107,7 @@ router.post('/login', asyncHandler(async (req, res) => {
     success: true,
     data: {
       token,
-      user: { username, role: 'developer_admin' },
+      user: { username, role: 'developer' },
     },
   });
 }));

package/lib/http/routes/monitoring.js

@@ -160,12 +160,12 @@ router.get('/cache', (req, res) => {
 
 /**
  * POST /api/v1/monitoring/cache/clear
- * 清空缓存（仅限 developer_admin）
+ * 清空缓存（仅限 developer）
  */
 router.post('/cache/clear', async (req, res) => {
   // 角色检查：仅 admin 可操作
   const role = req.resolvedRole || 'visitor';
-  if (role !== 'developer_admin') {
+  if (role !== 'developer') {
     return res.status(403).json({
       success: false,
       error: { message: '仅管理员可清空缓存' },
@@ -285,7 +285,7 @@ router.get('/dashboard', async (req, res) => {
 
 /**
  * POST /api/v1/monitoring/reset
- * 重置监控统计（仅限开发环境 + developer_admin）
+ * 重置监控统计（仅限开发环境 + developer）
  */
 router.post('/reset', (req, res) => {
   if (process.env.NODE_ENV === 'production') {
@@ -297,7 +297,7 @@ router.post('/reset', (req, res) => {
 
   // 角色检查：仅 admin 可操作
   const role = req.resolvedRole || 'visitor';
-  if (role !== 'developer_admin') {
+  if (role !== 'developer') {
     return res.status(403).json({
       success: false,
       error: { message: '仅管理员可重置监控统计' },

package/lib/http/routes/search.js

@@ -214,23 +214,6 @@ router.get('/graph/stats', asyncHandler(async (req, res) => {
   res.json({ success: true, data: stats });
 }));
 
-/**
- * GET /api/v1/search/compliance
- * 合规评估报告
- */
-router.get('/compliance', asyncHandler(async (req, res) => {
-  const { period } = req.query;
-  const container = getServiceContainer();
-  const evaluator = container.get('complianceEvaluator');
-
-  if (!evaluator) {
-    return res.json({ success: true, data: { overallScore: 0, message: 'ComplianceEvaluator not available' } });
-  }
-
-  const report = evaluator.evaluate({ period });
-  res.json({ success: true, data: report });
-}));
-
 /**
  * POST /api/v1/search/trigger-from-code
  * Xcode trigger 搜索模拟 (stub — 功能未完整实现)

package/lib/http/routes/skills.js

@@ -0,0 +1,73 @@
+/**
+ * Skills API 路由
+ * 管理 Agent Skills 的查询、加载和创建（项目级）
+ */
+
+import express from 'express';
+import { asyncHandler } from '../middleware/errorHandler.js';
+import { listSkills, loadSkill, createSkill } from '../../external/mcp/handlers/skill.js';
+import { ValidationError } from '../../shared/errors/index.js';
+
+const router = express.Router();
+
+/**
+ * GET /api/v1/skills
+ * 列出所有可用 Skills（内置 + 项目级）
+ */
+router.get('/', asyncHandler(async (_req, res) => {
+  const raw = listSkills();
+  const parsed = JSON.parse(raw);
+
+  if (!parsed.success) {
+    return res.status(500).json(parsed);
+  }
+
+  res.json({ success: true, data: parsed.data });
+}));
+
+/**
+ * GET /api/v1/skills/:name
+ * 加载指定 Skill 的完整文档
+ * Query: ?section=xxx 可只返回指定章节
+ */
+router.get('/:name', asyncHandler(async (req, res) => {
+  const { name } = req.params;
+  const { section } = req.query;
+
+  const raw = loadSkill(null, { skillName: name, section });
+  const parsed = JSON.parse(raw);
+
+  if (!parsed.success) {
+    const status = parsed.error?.code === 'SKILL_NOT_FOUND' ? 404 : 400;
+    return res.status(status).json(parsed);
+  }
+
+  res.json({ success: true, data: parsed.data });
+}));
+
+/**
+ * POST /api/v1/skills
+ * 创建项目级 Skill
+ * Body: { name, description, content, overwrite? }
+ */
+router.post('/', asyncHandler(async (req, res) => {
+  const { name, description, content, overwrite } = req.body;
+
+  if (!name || !description || !content) {
+    throw new ValidationError('name, description, content are all required');
+  }
+
+  const raw = createSkill(null, { name, description, content, overwrite });
+  const parsed = JSON.parse(raw);
+
+  if (!parsed.success) {
+    const status = parsed.error?.code === 'BUILTIN_CONFLICT' ? 409
+      : parsed.error?.code === 'ALREADY_EXISTS' ? 409
+        : parsed.error?.code === 'INVALID_NAME' ? 400 : 500;
+    return res.status(status).json(parsed);
+  }
+
+  res.status(201).json({ success: true, data: parsed.data });
+}));
+
+export default router;

package/lib/injection/ServiceContainer.js

@@ -49,10 +49,10 @@ import { AutomationOrchestrator } from '../service/automation/AutomationOrchestr
 import { ToolRegistry } from '../service/chat/ToolRegistry.js';
 import { ChatAgent } from '../service/chat/ChatAgent.js';
 import { ALL_TOOLS } from '../service/chat/tools.js';
+import { SkillHooks } from '../service/skills/SkillHooks.js';
 
 // ─── P3: Infrastructure ──────────────────────────────
-import { EventBus } from '../infrastructure/event/EventBus.js';
-import { PluginManager } from '../infrastructure/plugin/PluginManager.js';
+// EventBus / PluginManager imports removed — source files retained for future use
 
 /**
  * DependencyInjection 容器
@@ -88,18 +88,10 @@ export class ServiceContainer {
       if (bootstrapComponents.gateway) {
         this.singletons.gateway = bootstrapComponents.gateway;
       }
-      if (bootstrapComponents.reasoningLogger) {
-        this.singletons.reasoningLogger = bootstrapComponents.reasoningLogger;
-      }
-      if (bootstrapComponents.roleDriftMonitor) {
-        this.singletons.roleDriftMonitor = bootstrapComponents.roleDriftMonitor;
-      }
-      if (bootstrapComponents.complianceEvaluator) {
-        this.singletons.complianceEvaluator = bootstrapComponents.complianceEvaluator;
-      }
-      if (bootstrapComponents.sessionManager) {
-        this.singletons.sessionManager = bootstrapComponents.sessionManager;
+      if (bootstrapComponents.constitution) {
+        this.singletons.constitution = bootstrapComponents.constitution;
       }
+
       if (bootstrapComponents.projectRoot) {
         this.singletons._projectRoot = bootstrapComponents.projectRoot;
       }
@@ -209,17 +201,7 @@ export class ServiceContainer {
       return this.singletons.gateway;
     });
 
-    // ReasoningLogger
-    this.register('reasoningLogger', () => this.singletons.reasoningLogger || null);
 
-    // RoleDriftMonitor
-    this.register('roleDriftMonitor', () => this.singletons.roleDriftMonitor || null);
-
-    // ComplianceEvaluator
-    this.register('complianceEvaluator', () => this.singletons.complianceEvaluator || null);
-
-    // SessionManager
-    this.register('sessionManager', () => this.singletons.sessionManager || null);
   }
 
   /**
@@ -257,11 +239,12 @@ export class ServiceContainer {
         const gateway = this.get('gateway');
         const projectRoot = this.singletons._projectRoot || process.cwd();
         const candidateFileWriter = new CandidateFileWriter(projectRoot);
+        const skillHooks = this.get('skillHooks');
         this.singletons.candidateService = new CandidateService(
           candidateRepository,
           auditLogger,
           gateway,
-          { fileWriter: candidateFileWriter }
+          { fileWriter: candidateFileWriter, skillHooks }
         );
       }
       return this.singletons.candidateService;
@@ -276,12 +259,13 @@ export class ServiceContainer {
         const knowledgeGraphService = this.get('knowledgeGraphService');
         const projectRoot = this.singletons._projectRoot || process.cwd();
         const fileWriter = new RecipeFileWriter(projectRoot);
+        const skillHooks = this.get('skillHooks');
         this.singletons.recipeService = new RecipeService(
           recipeRepository,
           auditLogger,
           gateway,
           knowledgeGraphService,
-          { fileWriter }
+          { fileWriter, skillHooks }
         );
       }
       return this.singletons.recipeService;
@@ -332,23 +316,12 @@ export class ServiceContainer {
       return this.singletons.guardCheckEngine;
     });
 
-    // ─── 新迁移的服务 ────────────────────────────────────
+    // ─── Constitution ────────────────────────────────────
+    this.register('constitution', () => this.singletons.constitution || null);
 
-    // EventBus
-    this.register('eventBus', () => {
-      if (!this.singletons.eventBus) {
-        this.singletons.eventBus = new EventBus();
-      }
-      return this.singletons.eventBus;
-    });
+    // ─── 新迁移的服务 ────────────────────────────────────
 
-    // PluginManager
-    this.register('pluginManager', () => {
-      if (!this.singletons.pluginManager) {
-        this.singletons.pluginManager = new PluginManager();
-      }
-      return this.singletons.pluginManager;
-    });
+    // EventBus / PluginManager — 已移除注册（源文件保留，未来可恢复）
 
     // RetrievalFunnel (Advanced Search)
     this.register('retrievalFunnel', () => {
@@ -518,6 +491,14 @@ export class ServiceContainer {
       }
       return this.singletons.chatAgent;
     });
+
+    // SkillHooks (Skill 生命周期钩子 — 加载 skills/*/hooks.js)
+    this.register('skillHooks', () => {
+      if (!this.singletons.skillHooks) {
+        this.singletons.skillHooks = new SkillHooks();
+      }
+      return this.singletons.skillHooks;
+    });
   }
 
   /**

package/lib/service/candidate/CandidateService.js

@@ -11,11 +11,12 @@ import { v4 as uuidv4 } from 'uuid';
  * 包括创建、批准、驳回和应用到 Recipe 的业务逻辑
  */
 export class CandidateService {
-  constructor(candidateRepository, auditLogger, gateway, { fileWriter } = {}) {
+  constructor(candidateRepository, auditLogger, gateway, { fileWriter, skillHooks } = {}) {
     this.candidateRepository = candidateRepository;
     this.auditLogger = auditLogger;
     this.gateway = gateway;
     this.fileWriter = fileWriter || null;
+    this.skillHooks = skillHooks || null;
     this.logger = Logger.getInstance();
   }
 
@@ -52,6 +53,16 @@ export class CandidateService {
         throw new ValidationError('Invalid candidate data');
       }
 
+      // ── SkillHooks: onCandidateSubmit ──
+      if (this.skillHooks) {
+        const hookResult = await this.skillHooks.run('onCandidateSubmit', candidate, {
+          userId: context.userId,
+        });
+        if (hookResult?.block) {
+          throw new ValidationError(`SkillHook blocked: ${hookResult.reason || 'unknown'}`);
+        }
+      }
+
       // 保存到数据库
       const created = await this.candidateRepository.create(candidate);