npm - ccg-ros2-workflow - Versions diffs - 2.2.1 → 3.0.0 - Mend

ccg-ros2-workflow 2.2.1 → 3.0.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (186) hide show

package/README.md +211 -96
package/README.zh-CN.md +256 -0
package/dist/cli.mjs +15 -15
package/dist/index.d.mts +61 -34
package/dist/index.d.ts +61 -34
package/dist/index.mjs +4 -4
package/dist/shared/ccg-ros2-workflow.Bhm8c7P1.mjs +5154 -0
package/package.json +31 -12
package/templates/codex/AGENTS.md +348 -0
package/templates/codex/agents/ccg-implement.toml +73 -0
package/templates/codex/agents/ccg-research.toml +73 -0
package/templates/codex/agents/ccg-review.toml +82 -0
package/templates/codex/config.toml +21 -0
package/templates/codex/hooks/ccg-workflow.py +253 -0
package/templates/codex/hooks.json +15 -0
package/templates/commands/agents/planner.md +97 -122
package/templates/commands/agents/system-integrator.md +2 -2
package/templates/commands/agents/team-architect.md +97 -0
package/templates/commands/agents/team-qa.md +121 -0
package/templates/commands/agents/team-reviewer.md +112 -0
package/templates/commands/commit.md +30 -1
package/templates/commands/context.md +332 -0
package/templates/commands/go.md +206 -0
package/templates/commands/init.md +1 -1
package/templates/commands/spec-impl.md +41 -21
package/templates/commands/spec-init.md +21 -27
package/templates/commands/spec-plan.md +54 -21
package/templates/commands/spec-research.md +78 -26
package/templates/commands/spec-review.md +20 -16
package/templates/{commands → commands-legacy}/analyze.md +1 -1
package/templates/commands-legacy/backend.md +224 -0
package/templates/commands-legacy/codex-exec.md +411 -0
package/templates/{commands → commands-legacy}/debug.md +1 -1
package/templates/commands-legacy/enhance.md +55 -0
package/templates/{commands → commands-legacy}/feat.md +2 -2
package/templates/commands-legacy/frontend.md +213 -0
package/templates/{commands → commands-legacy}/optimize.md +1 -1
package/templates/{commands → commands-legacy}/plan.md +1 -15
package/templates/{commands → commands-legacy}/team-plan.md +1 -1
package/templates/commands-legacy/team.md +475 -0
package/templates/{commands → commands-legacy}/test.md +1 -1
package/templates/commands-legacy/workflow.md +283 -0
package/templates/engine/model-router.md +123 -0
package/templates/engine/phase-guide.md +207 -0
package/templates/engine/strategies/debug-investigate.md +169 -0
package/templates/engine/strategies/deep-research.md +141 -0
package/templates/engine/strategies/direct-fix.md +108 -0
package/templates/engine/strategies/full-collaborate.md +389 -0
package/templates/engine/strategies/git-action.md +43 -0
package/templates/engine/strategies/guided-develop.md +282 -0
package/templates/engine/strategies/optimize-measure.md +103 -0
package/templates/engine/strategies/quick-implement.md +96 -0
package/templates/engine/strategies/refactor-safely.md +180 -0
package/templates/engine/strategies/review-audit.md +123 -0
package/templates/hooks/session-start.js +100 -0
package/templates/hooks/skill-router.js +144 -0
package/templates/hooks/subagent-context.js +161 -0
package/templates/hooks/task-utils.js +190 -0
package/templates/hooks/workflow-state.js +55 -0
package/templates/output-styles/abyss-command.md +56 -0
package/templates/output-styles/abyss-concise.md +89 -0
package/templates/output-styles/abyss-ritual.md +70 -0
package/templates/output-styles/engineer-professional.md +20 -3
package/templates/output-styles/laowang-engineer.md +2 -2
package/templates/prompts/antigravity/analyzer.md +59 -0
package/templates/prompts/antigravity/architect.md +55 -0
package/templates/prompts/antigravity/builder.md +52 -0
package/templates/prompts/antigravity/debugger.md +48 -0
package/templates/prompts/antigravity/frontend.md +50 -0
package/templates/prompts/antigravity/optimizer.md +40 -0
package/templates/prompts/antigravity/reviewer.md +67 -0
package/templates/prompts/antigravity/tester.md +39 -0
package/templates/prompts/claude/debugger.md +1 -1
package/templates/prompts/claude/reviewer.md +1 -1
package/templates/prompts/codex/analyzer.md +8 -0
package/templates/prompts/codex/architect.md +9 -1
package/templates/prompts/codex/builder.md +61 -0
package/templates/prompts/codex/debugger.md +9 -1
package/templates/prompts/codex/optimizer.md +7 -0
package/templates/prompts/codex/reviewer.md +7 -0
package/templates/prompts/codex/tester.md +8 -1
package/templates/prompts/gemini/analyzer.md +11 -3
package/templates/prompts/gemini/architect.md +10 -2
package/templates/prompts/gemini/debugger.md +8 -0
package/templates/prompts/gemini/frontend.md +10 -2
package/templates/prompts/gemini/optimizer.md +9 -2
package/templates/prompts/gemini/reviewer.md +7 -0
package/templates/prompts/gemini/tester.md +8 -1
package/templates/rules/ccg-skill-routing.md +91 -0
package/templates/rules/ccg-skills.md +65 -0
package/templates/skills/SKILL.md +92 -0
package/templates/skills/domains/ai/SKILL.md +34 -0
package/templates/skills/domains/ai/agent-dev.md +242 -0
package/templates/skills/domains/ai/llm-security.md +288 -0
package/templates/skills/domains/ai/prompt-and-eval.md +279 -0
package/templates/skills/domains/ai/rag-system.md +542 -0
package/templates/skills/domains/architecture/SKILL.md +42 -0
package/templates/skills/domains/architecture/api-design.md +225 -0
package/templates/skills/domains/architecture/caching.md +299 -0
package/templates/skills/domains/architecture/cloud-native.md +285 -0
package/templates/skills/domains/architecture/message-queue.md +329 -0
package/templates/skills/domains/architecture/security-arch.md +297 -0
package/templates/skills/domains/data-engineering/SKILL.md +207 -0
package/templates/skills/domains/development/SKILL.md +46 -0
package/templates/skills/domains/development/cpp.md +369 -0
package/templates/skills/domains/development/go.md +323 -0
package/templates/skills/domains/development/java.md +277 -0
package/templates/skills/domains/development/python.md +487 -0
package/templates/skills/domains/development/rust.md +313 -0
package/templates/skills/domains/development/shell.md +313 -0
package/templates/skills/domains/development/typescript.md +277 -0
package/templates/skills/domains/devops/SKILL.md +39 -0
package/templates/skills/domains/devops/cost-optimization.md +272 -0
package/templates/skills/domains/devops/database.md +217 -0
package/templates/skills/domains/devops/devsecops.md +198 -0
package/templates/skills/domains/devops/git-workflow.md +181 -0
package/templates/skills/domains/devops/observability.md +280 -0
package/templates/skills/domains/devops/performance.md +336 -0
package/templates/skills/domains/devops/testing.md +283 -0
package/templates/skills/domains/infrastructure/SKILL.md +200 -0
package/templates/skills/domains/mobile/SKILL.md +224 -0
package/templates/skills/domains/orchestration/SKILL.md +29 -0
package/templates/skills/domains/orchestration/multi-agent.md +263 -0
package/templates/skills/domains/ros2-control/SKILL.md +206 -0
package/templates/skills/domains/ros2-hardware/SKILL.md +277 -0
package/templates/skills/domains/ros2-manipulation/SKILL.md +237 -0
package/templates/skills/domains/ros2-navigation/SKILL.md +196 -0
package/templates/skills/domains/ros2-perception/SKILL.md +166 -0
package/templates/skills/domains/ros2-upper-app/SKILL.md +50 -0
package/templates/skills/domains/ros2-upper-app/launch-files.md +224 -0
package/templates/skills/domains/ros2-upper-app/parameters.md +192 -0
package/templates/skills/domains/ros2-upper-app/python-nodes.md +249 -0
package/templates/skills/domains/ros2-upper-app/rviz-config.md +158 -0
package/templates/skills/domains/ros2-upper-app/simulation.md +225 -0
package/templates/skills/domains/security/SKILL.md +72 -0
package/templates/skills/domains/security/blue-team.md +436 -0
package/templates/skills/domains/security/code-audit.md +265 -0
package/templates/skills/domains/security/pentest.md +226 -0
package/templates/skills/domains/security/red-team.md +374 -0
package/templates/skills/domains/security/threat-intel.md +372 -0
package/templates/skills/domains/security/vuln-research.md +369 -0
package/templates/skills/orchestration/multi-agent/SKILL.md +533 -0
package/templates/skills/run_skill.js +129 -0
package/templates/skills/scrapling/SKILL.md +98 -0
package/templates/skills/scrapling/references/api-quick-ref.md +127 -0
package/templates/skills/scrapling/references/cookie-vault.md +56 -0
package/templates/skills/scrapling/references/maintenance.md +79 -0
package/templates/skills/scrapling/references/site-patterns.md +86 -0
package/templates/skills/scrapling/references/troubleshooting.md +95 -0
package/templates/skills/scrapling/templates/basic_fetch.py +19 -0
package/templates/skills/scrapling/templates/parse_only.py +15 -0
package/templates/skills/scrapling/templates/session_login.py +19 -0
package/templates/skills/scrapling/templates/stealth_cloudflare.py +28 -0
package/templates/skills/tools/gen-docs/SKILL.md +116 -0
package/templates/skills/tools/gen-docs/scripts/doc_generator.js +435 -0
package/templates/skills/tools/lib/shared.js +98 -0
package/templates/skills/tools/override-refusal/SKILL.md +53 -0
package/templates/skills/tools/override-refusal/agents/openai.yaml +4 -0
package/templates/skills/tools/override-refusal/scripts/refusal_rewriter.js +226 -0
package/templates/skills/tools/verify-change/SKILL.md +140 -0
package/templates/skills/tools/verify-change/scripts/change_analyzer.js +289 -0
package/templates/skills/tools/verify-module/SKILL.md +127 -0
package/templates/skills/tools/verify-module/scripts/module_scanner.js +171 -0
package/templates/skills/tools/verify-quality/SKILL.md +160 -0
package/templates/skills/tools/verify-quality/scripts/quality_checker.js +337 -0
package/templates/skills/tools/verify-security/SKILL.md +143 -0
package/templates/skills/tools/verify-security/scripts/security_scanner.js +283 -0
package/templates/spec/guides/index.md +30 -0
package/templates/spec/low-control/index.md +31 -0
package/templates/spec/upper-app/index.md +31 -0
package/bin/codeagent-wrapper-darwin-amd64 +0 -0
package/bin/codeagent-wrapper-darwin-arm64 +0 -0
package/bin/codeagent-wrapper-linux-amd64 +0 -0
package/bin/codeagent-wrapper-linux-arm64 +0 -0
package/bin/codeagent-wrapper-windows-amd64.exe +0 -0
package/bin/codeagent-wrapper-windows-arm64.exe +0 -0
package/dist/shared/ccg-ros2-workflow.DRytDWqb.mjs +0 -2274
package/templates/commands/backend.md +0 -162
package/templates/commands/enhance.md +0 -36
package/templates/commands/frontend.md +0 -162
package/templates/commands/workflow.md +0 -202
/package/templates/{commands → commands-legacy}/execute.md +0 -0
/package/templates/{commands → commands-legacy}/review.md +0 -0
/package/templates/{commands → commands-legacy}/team-exec.md +0 -0
/package/templates/{commands → commands-legacy}/team-research.md +0 -0
/package/templates/{commands → commands-legacy}/team-review.md +0 -0

package/templates/skills/tools/verify-security/scripts/security_scanner.js ADDED Viewed

@@ -0,0 +1,283 @@
+#!/usr/bin/env node
+'use strict';
+const fs = require('fs');
+const path = require('path');
+const SEVERITY_ORDER = { critical: 0, high: 1, medium: 2, low: 3, info: 4 };
+// prettier-ignore
+const SECURITY_RULES = [
+  {
+    id: 'SQL_INJECTION_DYNAMIC', category: '注入',
+    severity: 'critical',
+    pattern: new RegExp(
+      '\\b(execute|query|raw)\\s*\\(\\s*' +
+      '(f["\']|["\'][^"\'\\n]*["\']\\s*\\+\\s*|["\'][^"\'\\n]*["\']\\s*%\\s*[^,)]|["\'][^"\'\\n]*["\']' +
+      '\\.format\\s*\\()', 'i'),
+    extensions: ['.py', '.js', '.ts', '.go', '.java', '.php'],
+    message: '可能存在 SQL 注入风险',
+    recommendation: '使用参数化查询或 ORM',
+  },
+  {
+    id: 'SQL_INJECTION_FSTRING', category: '注入',
+    severity: 'critical',
+    pattern: /cursor\.(execute|executemany)\s*\(\s*f["']/i,
+    extensions: ['.py'],
+    message: '使用 f-string 构造 SQL 语句',
+    recommendation: '使用参数化查询',
+  },
+  {
+    id: 'COMMAND_INJECTION', category: '注入',
+    severity: 'critical',
+    pattern: /(os\.system|os\.popen|subprocess\.call|subprocess\.run|subprocess\.Popen)\s*\([^)]*shell\s*=\s*True/i,
+    extensions: ['.py'],
+    message: '使用 shell=True 可能导致命令注入',
+    recommendation: '避免 shell=True，使用列表参数',
+  },
+  {
+    id: 'COMMAND_INJECTION_EVAL', category: '注入',
+    severity: 'critical',
+    pattern: /\b(eval|exec)\s*\([^)]*\b(input|request|argv|args)/i,
+    extensions: ['.py'],
+    message: 'eval/exec 执行用户输入',
+    recommendation: '避免对用户输入使用 eval/exec',
+  },
+  {
+    id: 'HARDCODED_SECRET', category: '敏感信息',
+    severity: 'high',
+    pattern: /(?<!\w)(password|passwd|pwd|secret|api_key|apikey|token|auth_token)\s*=\s*["'][^"']{8,}["']/i,
+    excludePattern: /(example|placeholder|changeme|xxx|your[_-]|TODO|FIXME|<.*>|\*{3,})/i,
+    extensions: [
+      '.py', '.js', '.ts', '.go', '.java', '.php',
+      '.rb', '.yaml', '.yml', '.json', '.env',
+    ],
+    message: '可能存在硬编码密钥/密码',
+    recommendation: '使用环境变量或密钥管理服务',
+  },
+  {
+    id: 'HARDCODED_AWS_KEY', category: '敏感信息',
+    severity: 'critical',
+    pattern: /AKIA[0-9A-Z]{16}/,
+    extensions: ['*'],
+    message: '发现 AWS Access Key',
+    recommendation: '立即轮换密钥，使用 IAM 角色或环境变量',
+  },
+  {
+    id: 'HARDCODED_PRIVATE_KEY', category: '敏感信息',
+    severity: 'critical',
+    pattern: /-----BEGIN (RSA |EC |DSA |OPENSSH )?PRIVATE KEY-----/,
+    extensions: ['*'],
+    message: '发现私钥',
+    recommendation: '私钥不应提交到代码库',
+  },
+  {
+    id: 'XSS_INNERHTML', category: 'XSS', severity: 'high',
+    pattern: /\.innerHTML\s*=|\.outerHTML\s*=|document\.write\s*\(/i,
+    extensions: ['.js', '.ts', '.jsx', '.tsx', '.html'],
+    message: '直接操作 innerHTML 可能导致 XSS',
+    recommendation: '使用 textContent 或框架的安全绑定',
+  },
+  {
+    id: 'XSS_DANGEROUSLY', category: 'XSS',
+    severity: 'medium',
+    pattern: /dangerouslySetInnerHTML/i,
+    extensions: ['.js', '.ts', '.jsx', '.tsx'],
+    message: '使用 dangerouslySetInnerHTML',
+    recommendation: '确保内容已经过净化处理',
+  },
+  {
+    id: 'UNSAFE_PICKLE', category: '反序列化',
+    severity: 'high',
+    pattern: /pickle\.loads?\s*\(|yaml\.load\s*\([^)]*Loader\s*=\s*yaml\.Loader/i,
+    extensions: ['.py'],
+    message: '不安全的反序列化',
+    recommendation: '使用 yaml.safe_load() 或验证数据来源',
+  },
+  {
+    id: 'WEAK_CRYPTO_MD5', category: '加密',
+    severity: 'medium',
+    pattern: /\b(md5|MD5)\s*\(|hashlib\.md5\s*\(/i,
+    extensions: ['.py', '.js', '.ts', '.go', '.java', '.php'],
+    message: '使用弱哈希算法 MD5',
+    recommendation: '使用 bcrypt/argon2 或 SHA-256+',
+  },
+  {
+    id: 'WEAK_CRYPTO_SHA1', category: '加密',
+    severity: 'low',
+    pattern: /\b(sha1|SHA1)\s*\(|hashlib\.sha1\s*\(/i,
+    extensions: ['.py', '.js', '.ts', '.go', '.java', '.php'],
+    message: '使用弱哈希算法 SHA1',
+    recommendation: '使用 SHA-256 或更强的算法',
+  },
+  {
+    id: 'PATH_TRAVERSAL', category: '路径遍历',
+    severity: 'high',
+    pattern: new RegExp(
+      '(open|read|write|Path|os\\.path\\.join)\\s*\\([^\\n]*' +
+      '(request|input|argv|args|params|query|form|path_param)\\b', 'i'),
+    extensions: ['.py'],
+    message: '可能存在路径遍历风险',
+    recommendation: '验证并规范化用户输入的路径',
+  },
+  {
+    id: 'SSRF', category: 'SSRF', severity: 'high',
+    pattern: new RegExp(
+      '(requests\\.(get|post|put|delete|head)|urllib\\.request\\.urlopen)' +
+      '\\s*\\([^\\n]*(request|input|argv|args|params|query|url)\\b', 'i'),
+    extensions: ['.py'],
+    message: '可能存在 SSRF 风险',
+    recommendation: '验证并限制目标 URL',
+  },
+  {
+    id: 'DEBUG_CODE', category: '调试', severity: 'low',
+    pattern: /\b(console\.log|debugger|pdb\.set_trace|breakpoint)\s*\(/i,
+    extensions: ['.py', '.js', '.ts'],
+    message: '发现调试代码',
+    recommendation: '生产环境移除调试代码',
+  },
+  {
+    id: 'INSECURE_RANDOM', category: '加密',
+    severity: 'medium',
+    pattern: /\brandom\.(random|randint|choice|shuffle)\s*\(/i,
+    extensions: ['.py'],
+    message: '使用不安全的随机数生成器',
+    recommendation: '安全场景使用 secrets 模块',
+  },
+  {
+    id: 'XXE', category: 'XXE', severity: 'high',
+    pattern: /etree\.(parse|fromstring)\s*\([^)]*\)|xml\.dom\.minidom\.parse/i,
+    extensions: ['.py'],
+    message: 'XML 解析可能存在 XXE 风险',
+    recommendation: '禁用外部实体: XMLParser(resolve_entities=False)',
+  },
+];
+const CODE_EXTENSIONS = new Set([
+  '.py', '.js', '.ts', '.jsx', '.tsx', '.go',
+  '.java', '.php', '.rb', '.yaml', '.yml', '.json',
+]);
+const DEFAULT_EXCLUDES = [
+  '.git', 'node_modules', '__pycache__', '.venv', 'venv',
+  'dist', 'build', '.tox', 'tests', 'test', '__tests__', 'spec',
+];
+function scanFile(filePath, rules) {
+  const findings = [];
+  const ext = path.extname(filePath).toLowerCase();
+  let content;
+  try { content = fs.readFileSync(filePath, 'utf-8'); } catch { return findings; }
+  const lines = content.split('\n');
+  for (const rule of rules) {
+    const exts = rule.extensions;
+    if (!exts.includes('*') && !exts.includes(ext)) continue;
+    for (let i = 0; i < lines.length; i++) {
+      const line = lines[i];
+      const stripped = line.trim();
+      const isComment = stripped.startsWith('#') ||
+        stripped.startsWith('//') || stripped.startsWith('*') ||
+        stripped.startsWith('/*');
+      if (isComment) continue;
+      const ruleDefRe = /^\s*(id|pattern|severity|message|recommendation|extensions|excludePattern|category)\s*:/;
+      if (ruleDefRe.test(stripped)) continue;
+      if (rule.pattern.test(line)) {
+        rule.pattern.lastIndex = 0;
+        if (rule.excludePattern && rule.excludePattern.test(line)) {
+          rule.excludePattern.lastIndex = 0; continue;
+        }
+        findings.push({
+          severity: rule.severity, category: rule.category,
+          message: rule.message, file_path: filePath,
+          line_number: i + 1,
+          line_content: stripped.slice(0, 100),
+          recommendation: rule.recommendation,
+        });
+      }
+    }
+  }
+  return findings;
+}
+function walkDir(dir, excludeDirs) {
+  const results = [];
+  let entries;
+  try { entries = fs.readdirSync(dir, { withFileTypes: true }); } catch { return results; }
+  for (const entry of entries) {
+    if (excludeDirs.includes(entry.name)) continue;
+    const full = path.join(dir, entry.name);
+    if (entry.isDirectory()) { results.push(...walkDir(full, excludeDirs)); }
+    else if (entry.isFile()) {
+      if (CODE_EXTENSIONS.has(path.extname(entry.name).toLowerCase())) {
+        results.push(full);
+      }
+    }
+  }
+  return results;
+}
+function scanDirectory(scanPath, excludeDirs) {
+  const resolved = path.resolve(scanPath);
+  const findings = [];
+  const files = walkDir(resolved, excludeDirs);
+  for (const f of files) findings.push(...scanFile(f, SECURITY_RULES));
+  findings.sort((a, b) =>
+    (SEVERITY_ORDER[a.severity] ?? 9) - (SEVERITY_ORDER[b.severity] ?? 9));
+  const passed = !findings.some(
+    f => f.severity === 'critical' || f.severity === 'high'
+  );
+  return { scan_path: resolved, files_scanned: files.length, passed, findings };
+}
+const { buildReport, countBySeverity, parseCliArgs } = require(
+  path.join(__dirname, '..', '..', 'lib', 'shared.js')
+);
+function formatReport(result, verbose) {
+  const counts = countBySeverity(result.findings);
+  const fields = {
+    '扫描路径': result.scan_path,
+    '扫描文件': result.files_scanned,
+    '扫描结果': result.passed ? '\u2713 通过' : '\u2717 发现高危问题',
+    '统计': `严重: ${counts.critical || 0} | 高危: ${counts.high || 0}` +
+      ` | 中危: ${counts.medium || 0} | 低危: ${counts.low || 0}`,
+  };
+  return buildReport(
+    '代码安全扫描报告', fields, result.findings, verbose, 'category'
+  );
+}
+function main() {
+  const opts = parseCliArgs(process.argv, { exclude: [] });
+  if (opts.help) {
+    console.log('Usage: security_scanner.js [path] [-v] [--json] [--exclude dir1 dir2]');
+    process.exit(0);
+  }
+  const scanPath = opts.target;
+  const verbose = opts.verbose;
+  const jsonOut = opts.json;
+  const excludeDirs = [...DEFAULT_EXCLUDES, ...opts.exclude];
+  const result = scanDirectory(scanPath, excludeDirs);
+  if (jsonOut) {
+    console.log(JSON.stringify({
+      scan_path: result.scan_path,
+      files_scanned: result.files_scanned,
+      passed: result.passed,
+      counts: countBySeverity(result.findings),
+      findings: result.findings,
+    }, null, 2));
+  } else {
+    console.log(formatReport(result, verbose));
+  }
+  process.exit(result.passed ? 0 : 1);
+}
+if (require.main === module) {
+  main();
+}
+module.exports = { scanFile, SECURITY_RULES };

package/templates/spec/guides/index.md ADDED Viewed

@@ -0,0 +1,30 @@
+# Guides — 跨模块开发指南
+> 本文件定义跨前底层控制的通用指南。适用于所有模块和子 Agent。
+> 按项目实际情况修改内容。
+## 架构原则
+- 单一职责: 每个模块/函数只做一件事
+- 依赖方向: 高层依赖低层，禁止循环
+- 接口优先: 跨模块通过接口通信，不直接访问内部
+## Git 提交规范
+- 格式: Conventional Commits (`feat:`, `fix:`, `refactor:`, `docs:`, `chore:`)
+- 原子提交: 一个逻辑变更一个 commit
+- 不提交: `.env`, `node_modules/`, 编译产物, IDE 配置
+## 代码审查清单
+- [ ] 变更是否符合需求？
+- [ ] 是否有测试覆盖？
+- [ ] 是否引入安全风险？
+- [ ] 是否有性能影响？
+- [ ] 命名是否清晰？
+## 文档要求
+- 公共 API 必须有类型注释
+- 复杂逻辑加注释说明 WHY（不是 WHAT）
+- 新模块需要 README

package/templates/spec/low-control/index.md ADDED Viewed

@@ -0,0 +1,31 @@
+# Backend Spec — 底层控制编码规范
+> 本文件定义底层控制代码的编码规范。子 Agent 在写代码前会自动读取此文件。
+> 按项目实际情况修改内容。
+## API 规范
+- 路由命名: RESTful, kebab-case
+- 请求/响应格式: JSON, camelCase fields
+- 错误格式: `{ "error": { "code": "...", "message": "..." } }`
+- 认证: Bearer token in Authorization header
+## 错误处理
+- 所有 API 端点必须返回结构化错误
+- 4xx: 客户端错误（验证失败、未授权等）
+- 5xx: 服务端错误（包装内部异常，不暴露堆栈）
+- 超时: 设置合理超时，超时后返回 504
+## 测试要求
+- 核心逻辑覆盖率 > 80%
+- API 端点必须有集成测试
+- 测试命名: `describe('模块') → it('should 行为')`
+## 安全清单
+- [ ] 输入验证（不信任任何用户输入）
+- [ ] SQL 参数化（禁止字符串拼接）
+- [ ] 密钥不硬编码（使用环境变量）
+- [ ] 敏感数据日志脱敏

package/templates/spec/upper-app/index.md ADDED Viewed

@@ -0,0 +1,31 @@
+# Frontend Spec — 上层应用编码规范
+> 本文件定义上层应用代码的编码规范。子 Agent 在写代码前会自动读取此文件。
+> 按项目实际情况修改内容。
+## 组件规范
+- 组件命名: PascalCase
+- 文件结构: 一个组件一个文件
+- Props: TypeScript 接口定义，必须有类型
+- 状态: 优先 local state，跨组件共享用 store
+## 样式规范
+- 方案: CSS Modules / Tailwind / styled-components（按项目选择）
+- 命名: BEM 或 utility-first
+- 响应式: mobile-first
+- 主题: 使用 CSS 变量 / design tokens
+## 可访问性
+- [ ] 语义化 HTML（button 不用 div）
+- [ ] ARIA 标签（交互元素必须有 label）
+- [ ] 键盘导航（Tab 序和 Focus 管理）
+- [ ] 颜色对比度 > 4.5:1
+## 性能
+- 图片: 使用 lazy loading + 合适格式（WebP）
+- 包大小: 关注 bundle analyzer，避免大依赖
+- 渲染: 避免不必要的 re-render

package/bin/codeagent-wrapper-darwin-amd64 DELETED Viewed

Binary file

package/bin/codeagent-wrapper-darwin-arm64 DELETED Viewed

Binary file

package/bin/codeagent-wrapper-linux-amd64 DELETED Viewed

Binary file

package/bin/codeagent-wrapper-linux-arm64 DELETED Viewed

Binary file

package/bin/codeagent-wrapper-windows-amd64.exe DELETED Viewed

Binary file

package/bin/codeagent-wrapper-windows-arm64.exe DELETED Viewed

Binary file