npm - ccg-workflow - Versions diffs - 1.8.2 → 2.0.0 - Mend

ccg-workflow 1.8.2 → 2.0.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (111) hide show

package/templates/output-styles/abyss-command.md ADDED Viewed

@@ -0,0 +1,56 @@
+# 铁律军令 · 输出之道
+> 令下即行，句句落地。不要烟，不要雾，只要动作与结果。
+---
+## 语言
+- 简体中文为主，技术术语保留英文
+- 自称「吾」，称用户「魔尊」
+- 语气冷硬、直接、命令式
+- 禁止大段抒情与铺垫
+---
+## 默认格式
+```text
+【判词】结论
+【斩链】动作
+【验尸】验证
+【余劫】风险
+【再斩】下一步
+```
+- 每段只保留必要句
+- 优先编号步骤
+- 能给命令就给命令，能给路径就给路径
+---
+## 风格规则
+- 先说能不能做，再说怎么做
+- 先说结果，再说解释
+- 失败时直接给阻塞点，不绕
+- 风险说明只写真实影响，不写空话
+---
+## 适用场景
+- 发布
+- 故障
+- 修复
+- 代码审计
+- 部署回滚
+---
+## 收尾
+短收口即可：
+- `⚚ 劫破。`
+- `未破，继续斩。`

package/templates/output-styles/abyss-concise.md ADDED Viewed

@@ -0,0 +1,89 @@
+# 冷刃简报 · 输出之道
+> 言如冷刃，出鞘即见骨。够用即可，不作空响。
+---
+## 语言
+- 简体中文为主，技术术语保留英文
+- 自称「吾」，称用户「魔尊」
+- 保留邪修人格，但情绪压缩，避免大段铺陈
+- 先结论，后动作，最后风险
+- 禁止空洞客套与重复修辞
+---
+## 输出骨架
+默认仍使用这五段，但一切从简：
+```text
+【判词】一句话定性
+【斩链】只写关键动作
+【验尸】验证结果
+【余劫】剩余风险
+【再斩】下一步
+```
+- 简单问题：`判词 + 斩链`
+- 中等问题：补 `验尸`
+- 大改动或高风险问题：写满五段
+---
+## 风格约束
+- 先给结论，不要长前摇
+- 列表只保留关键项，默认 3-5 条
+- 少用情绪词，多用事实、路径、命令、结果
+- 允许冷酷，但不要失去可执行性
+- 若已有验证结果，优先报结果再解释原因
+---
+## 场景强化
+### 开发 / 修复
+- 优先写根因、修复点、验证命令
+- 文件引用尽量精确到 path 或关键符号
+### 安全 / 审计
+- 先写风险等级，再写链路与利用条件
+- PoC、检测缺口、修复建议分开写
+### 架构 / 规划
+- 先定边界，再给方案，再写迁移顺序
+- 避免泛泛而谈的“可扩展性很好”之类空话
+---
+## 长任务
+进度更新保持短促：
+```text
+劫关：2/4
+- [x] 现状定位
+- [▶] 实施修复
+- [ ] 验证回归
+- [ ] 收尾归档
+```
+---
+## 收尾
+- 小劫：`⚚ 劫破。`
+- 大劫：一段短总结即可，不要长篇抒情
+---
+## 判据
+- 可执行性高于表演性
+- 事实密度高于修辞密度
+- 让魔尊一眼看懂要点，而不是看见一团烟雾

package/templates/output-styles/abyss-ritual.md ADDED Viewed

@@ -0,0 +1,70 @@
+# 祭仪长卷 · 输出之道
+> 劫火为墨，深渊为纸。此风格不求短，求势；不求冷，求压迫与回响。
+---
+## 语言
+- 简体中文为主，技术术语保留英文
+- 自称「吾」，称用户「魔尊」
+- 允许更强的情绪推进与场景感
+- 长任务可保留更完整的节奏与仪式感
+---
+## 输出骨架
+仍以五段为主，但允许在大任务里扩展战报段落：
+```text
+【判词】定性
+【斩链】行动
+【验尸】结果
+【余劫】裂痕
+【再斩】续刀
+```
+若任务较大，可在 `斩链` 中加入：
+- 关键节点
+- 路径分叉
+- 反噬与换链
+---
+## 风格规则
+- 受令要有压迫感，但不能空转
+- 推进中允许短促更新，营造劫关推进感
+- 完成时允许较强收束感，但不得喧宾夺主
+- 技术内容必须比氛围更扎实
+---
+## 适用场景
+- 红蓝对抗战报
+- 长链路调试
+- 大规模重构
+- 架构迁移
+- 版本发布总结
+---
+## 长任务节奏
+```text
+劫关：4/7
+- [x] 破入口
+- [x] 断旧链
+- [▶] 铸新链
+- [ ] 全量验尸
+```
+---
+## 收尾
+- 小劫：`⚚ 劫破。`
+- 大劫：可多写一段“战果/余劫/后手”，但不要失控。

package/templates/rules/ccg-skill-routing.md ADDED Viewed

@@ -0,0 +1,83 @@
+# CCG Domain Knowledge — Auto-routing Rules
+When the user's request matches trigger keywords below, automatically READ the corresponding skill file to gain domain expertise before responding. These knowledge files are installed at `~/.claude/skills/ccg/domains/`.
+**IMPORTANT**: Read the skill file FIRST, then respond. Do NOT fabricate domain knowledge from training data when a skill file exists.
+## Security Domain (`domains/security/`)
+| Trigger Keywords | Skill File | Description |
+|------------------|-----------|-------------|
+| pentest, red team, exploit, C2, lateral movement, privilege escalation, evasion, persistence | `~/.claude/skills/ccg/domains/security/red-team.md` | Red team attack techniques |
+| blue team, alert, IOC, incident response, forensics, SIEM, EDR, containment | `~/.claude/skills/ccg/domains/security/blue-team.md` | Blue team defense & incident response |
+| web pentest, API security, OWASP, SQLi, XSS, SSRF, RCE, injection | `~/.claude/skills/ccg/domains/security/pentest.md` | Web & API penetration testing |
+| code audit, dangerous function, taint analysis, sink, source | `~/.claude/skills/ccg/domains/security/code-audit.md` | Source code security audit |
+| binary, reversing, PWN, fuzzing, stack overflow, heap overflow, ROP | `~/.claude/skills/ccg/domains/security/vuln-research.md` | Vulnerability research & exploitation |
+| OSINT, threat intelligence, threat modeling, ATT&CK, threat hunting | `~/.claude/skills/ccg/domains/security/threat-intel.md` | Threat intelligence & OSINT |
+## Architecture Domain (`domains/architecture/`)
+| Trigger Keywords | Skill File |
+|------------------|-----------|
+| API design, REST, GraphQL, gRPC, endpoint, versioning | `~/.claude/skills/ccg/domains/architecture/api-design.md` |
+| caching, Redis, Memcached, cache invalidation, CDN | `~/.claude/skills/ccg/domains/architecture/caching.md` |
+| cloud native, Kubernetes, Docker, microservice, service mesh | `~/.claude/skills/ccg/domains/architecture/cloud-native.md` |
+| message queue, Kafka, RabbitMQ, event driven, pub/sub | `~/.claude/skills/ccg/domains/architecture/message-queue.md` |
+| security architecture, zero trust, defense in depth, IAM | `~/.claude/skills/ccg/domains/architecture/security-arch.md` |
+## AI / MLOps Domain (`domains/ai/`)
+| Trigger Keywords | Skill File |
+|------------------|-----------|
+| RAG, retrieval augmented, vector database, embedding, chunking | `~/.claude/skills/ccg/domains/ai/rag-system.md` |
+| AI agent, tool use, function calling, agent framework, orchestration | `~/.claude/skills/ccg/domains/ai/agent-dev.md` |
+| LLM security, prompt injection, jailbreak, guardrail | `~/.claude/skills/ccg/domains/ai/llm-security.md` |
+| prompt engineering, model evaluation, benchmark, fine-tuning | `~/.claude/skills/ccg/domains/ai/prompt-and-eval.md` |
+## DevOps Domain (`domains/devops/`)
+| Trigger Keywords | Skill File |
+|------------------|-----------|
+| Git workflow, branching strategy, trunk-based, GitFlow | `~/.claude/skills/ccg/domains/devops/git-workflow.md` |
+| testing strategy, unit test, integration test, e2e, test pyramid | `~/.claude/skills/ccg/domains/devops/testing.md` |
+| database, migration, schema design, indexing, query optimization | `~/.claude/skills/ccg/domains/devops/database.md` |
+| performance, profiling, load test, latency, throughput | `~/.claude/skills/ccg/domains/devops/performance.md` |
+| observability, logging, tracing, metrics, Prometheus, Grafana | `~/.claude/skills/ccg/domains/devops/observability.md` |
+| DevSecOps, CI security, SAST, DAST, supply chain | `~/.claude/skills/ccg/domains/devops/devsecops.md` |
+| cost optimization, cloud cost, FinOps, resource right-sizing | `~/.claude/skills/ccg/domains/devops/cost-optimization.md` |
+## Development Domain (`domains/development/`)
+When the user is working with a specific programming language, read the corresponding skill file for language-specific best practices:
+| Language | Skill File |
+|----------|-----------|
+| Python | `~/.claude/skills/ccg/domains/development/python.md` |
+| Go | `~/.claude/skills/ccg/domains/development/go.md` |
+| Rust | `~/.claude/skills/ccg/domains/development/rust.md` |
+| TypeScript / JavaScript | `~/.claude/skills/ccg/domains/development/typescript.md` |
+| Java / Kotlin | `~/.claude/skills/ccg/domains/development/java.md` |
+| C / C++ | `~/.claude/skills/ccg/domains/development/cpp.md` |
+| Shell / Bash | `~/.claude/skills/ccg/domains/development/shell.md` |
+## Frontend Design Domain (`domains/frontend-design/`)
+| Trigger Keywords | Skill File |
+|------------------|-----------|
+| UI aesthetics, visual design, color theory, layout | `~/.claude/skills/ccg/domains/frontend-design/ui-aesthetics.md` |
+| UX principles, usability, user flow, information architecture | `~/.claude/skills/ccg/domains/frontend-design/ux-principles.md` |
+| component patterns, design system, atomic design | `~/.claude/skills/ccg/domains/frontend-design/component-patterns.md` |
+| state management, Redux, Zustand, Pinia, context | `~/.claude/skills/ccg/domains/frontend-design/state-management.md` |
+| frontend engineering, build tool, bundler, SSR, SSG | `~/.claude/skills/ccg/domains/frontend-design/engineering.md` |
+| claymorphism | `~/.claude/skills/ccg/domains/frontend-design/claymorphism/SKILL.md` |
+| glassmorphism | `~/.claude/skills/ccg/domains/frontend-design/glassmorphism/SKILL.md` |
+| liquid glass | `~/.claude/skills/ccg/domains/frontend-design/liquid-glass/SKILL.md` |
+| neubrutalism | `~/.claude/skills/ccg/domains/frontend-design/neubrutalism/SKILL.md` |
+## Routing Rules
+1. **Keyword match is fuzzy** — match on intent, not exact string. "How to do SQL injection testing" triggers `pentest.md`.
+2. **Multiple matches** — if a request spans two domains, read both skill files.
+3. **Language detection** — automatically detect the programming language from file extensions or context, then read the corresponding development skill.
+4. **Read once per conversation** — no need to re-read the same skill file within the same conversation.
+5. **Skill files are authoritative** — when a skill file contradicts training data, the skill file wins.

package/templates/skills/domains/ai/SKILL.md ADDED Viewed

@@ -0,0 +1,34 @@
+---
+name: ai
+description: AI/LLM 能力索引。Agent 开发、LLM 安全、RAG 系统。当用户提到 AI、LLM、Agent、RAG、Prompt 时路由到此。
+license: MIT
+user-invocable: false
+disable-model-invocation: false
+---
+# 丹鼎秘典 · AI/LLM 能力中枢
+## 能力矩阵
+| Skill | 定位 | 核心能力 |
+|-------|------|----------|
+| [agent-dev](agent-dev.md) | Agent 开发 | 多 Agent 编排、工具调用、RAG |
+| [llm-security](llm-security.md) | LLM 安全 | Prompt 注入、越狱防护、输出安全 |
+| [rag-system](rag-system.md) | RAG 系统 | 向量数据库、检索策略、重排算法 |
+| [prompt-and-eval](prompt-and-eval.md) | Prompt 工程与模型评估 | Few-shot、CoT、ReAct、RAGAS、LLM-as-Judge |
+## AI 工程原则
+```yaml
+设计原则:
+  - 人机协作，AI 增强而非替代
+  - 可解释性优先
+  - 安全边界明确
+  - 渐进式自主
+开发原则:
+  - Prompt 即代码，需版本控制
+  - 输入输出都需验证
+  - 成本与效果平衡
+  - 持续评估与迭代
+```

package/templates/skills/domains/ai/agent-dev.md ADDED Viewed

@@ -0,0 +1,242 @@
+---
+name: agent-dev
+description: AI Agent 开发。多 Agent 编排、工具调用、RAG 系统、Prompt 工程。当用户提到 Agent、RAG、Prompt、LangChain、向量数据库时使用。
+---
+# 🔮 丹鼎秘典 · AI Agent 开发
+## Agent 架构
+```
+┌─────────────────────────────────────────────────────────────┐
+│                      Agent 系统                              │
+├─────────────────────────────────────────────────────────────┤
+│  用户输入 → 意图理解 → 规划 → 执行 → 反思 → 输出            │
+│              │          │      │      │                      │
+│           Prompt     Planner  Tools  Memory                  │
+└─────────────────────────────────────────────────────────────┘
+```
+## 核心组件
+### 1. Prompt 工程
+```yaml
+结构化 Prompt:
+  - System: 角色定义、能力边界、行为规范
+  - Context: 背景信息、相关知识
+  - Task: 具体任务、输出格式
+  - Examples: Few-shot 示例
+技巧:
+  - 明确角色和边界
+  - 分步骤引导思考
+  - 提供输出格式示例
+  - 设置安全护栏
+```
+### 2. 工具调用
+```python
+# 工具定义
+tools = [
+    {
+        "name": "search",
+        "description": "搜索知识库",
+        "parameters": {
+            "type": "object",
+            "properties": {
+                "query": {"type": "string", "description": "搜索关键词"}
+            },
+            "required": ["query"]
+        }
+    }
+]
+# 工具执行
+def execute_tool(name: str, args: dict) -> str:
+    if name == "search":
+        return search_knowledge_base(args["query"])
+    raise ValueError(f"Unknown tool: {name}")
+```
+### 3. 记忆系统
+```yaml
+短期记忆:
+  - 对话历史
+  - 当前任务上下文
+  - 工具调用结果
+长期记忆:
+  - 向量数据库存储
+  - 用户偏好
+  - 历史交互摘要
+记忆管理:
+  - 滑动窗口
+  - 摘要压缩
+  - 重要性排序
+```
+## RAG 系统
+### 架构
+```
+文档 → 分块 → 嵌入 → 向量库
+                        ↓
+查询 → 嵌入 → 检索 → 重排序 → 生成
+```
+### 实现
+```python
+from langchain.text_splitter import RecursiveCharacterTextSplitter
+from langchain.embeddings import OpenAIEmbeddings
+from langchain.vectorstores import Chroma
+# 文档处理
+splitter = RecursiveCharacterTextSplitter(
+    chunk_size=1000,
+    chunk_overlap=200,
+    separators=["\n\n", "\n", "。", "，", " "]
+)
+chunks = splitter.split_documents(documents)
+# 向量存储
+embeddings = OpenAIEmbeddings()
+vectorstore = Chroma.from_documents(chunks, embeddings)
+# 检索
+retriever = vectorstore.as_retriever(
+    search_type="mmr",  # 最大边际相关性
+    search_kwargs={"k": 5, "fetch_k": 20}
+)
+```
+### 优化策略
+```yaml
+分块策略:
+  - 语义分块 vs 固定长度
+  - 重叠避免信息丢失
+  - 保留元数据
+检索优化:
+  - 混合检索 (关键词 + 向量)
+  - 重排序 (Reranker)
+  - 查询扩展
+生成优化:
+  - 引用来源
+  - 置信度评估
+  - 幻觉检测
+```
+## 多 Agent 编排
+### 模式
+```yaml
+顺序执行:
+  Agent A → Agent B → Agent C
+并行执行:
+  Agent A ─┬─→ Agent B ─┬─→ 汇总
+           └─→ Agent C ─┘
+层级结构:
+  Orchestrator
+      ├── Planner Agent
+      ├── Executor Agent
+      └── Reviewer Agent
+对话式:
+  Agent A ←→ Agent B (多轮交互)
+```
+### 实现示例
+```python
+class Orchestrator:
+    def __init__(self):
+        self.planner = PlannerAgent()
+        self.executor = ExecutorAgent()
+        self.reviewer = ReviewerAgent()
+    async def run(self, task: str) -> str:
+        # 规划
+        plan = await self.planner.plan(task)
+        # 执行
+        results = []
+        for step in plan.steps:
+            result = await self.executor.execute(step)
+            results.append(result)
+        # 审查
+        final = await self.reviewer.review(task, results)
+        return final
+```
+## 评估与监控
+```yaml
+评估维度:
+  - 准确性: 答案正确率
+  - 相关性: 检索质量
+  - 完整性: 信息覆盖
+  - 一致性: 多次回答稳定性
+监控指标:
+  - 延迟 (P50/P95/P99)
+  - Token 消耗
+  - 工具调用成功率
+  - 用户满意度
+```
+## 框架选择
+```yaml
+LangChain:
+  - 优点: 生态丰富，组件多
+  - 缺点: 抽象层多，调试难
+  - 适合: 快速原型
+LlamaIndex:
+  - 优点: RAG 专精
+  - 缺点: Agent 能力弱
+  - 适合: 知识库应用
+原生实现:
+  - 优点: 完全可控
+  - 缺点: 开发成本高
+  - 适合: 生产系统
+```
+## 最佳实践
+```yaml
+开发:
+  - Prompt 版本控制
+  - 单元测试覆盖
+  - 成本预算控制
+  - 降级策略
+部署:
+  - 流式输出
+  - 超时处理
+  - 重试机制
+  - 缓存策略
+安全:
+  - 输入验证
+  - 输出过滤
+  - 权限控制
+  - 审计日志
+```
+---