ccg-workflow 2.1.15 → 3.0.0

package/templates/engine/strategies/review-audit.md

@@ -0,0 +1,116 @@
+# Strategy: Review Audit — 代码审查
+
+> 适用于代码审查需求，双模型交叉验证，结果分级输出。
+
+## 适用条件
+- 用户请求代码审查
+- 任何复杂度级别
+- 自动检测 git diff 作为审查范围
+
+## 前置加载
+
+```
+Read("~/.claude/.ccg/engine/model-router.md")
+```
+
+---
+
+## 工作流状态机
+
+[phase-state:1-scope]
+当前阶段：确定审查范围
+📍 Next: 范围确定后启动双模型审查
+[/phase-state:1-scope]
+
+[phase-state:2-review]
+当前阶段：双模型审查
+Gate: 审查范围已确定 ✓
+📍 Next: 双模型审查返回后综合报告
+[/phase-state:2-review]
+
+[phase-state:3-report]
+当前阶段：综合报告
+Gate: 双模型审查已返回 ✓
+📍 Next: 报告输出后等待用户决定
+[/phase-state:3-report]
+
+---
+
+## 阶段详情
+
+### Phase 1: 确定审查范围 [required]
+
+1. 如果用户指定了文件/范围 → 使用指定范围
+2. 如果未指定 → 自动获取：
+   - `git diff HEAD` — 未提交的变更
+   - 如果无 diff → `git diff HEAD~1` — 最近一次提交
+   - 如果仍无 diff → 询问用户要审查什么
+3. 读取变更涉及的完整文件（不只是 diff，需要上下文）
+
+输出审查范围：
+```
+📋 审查范围
+  变更: [N] 文件，[+M/-K] 行
+  文件: [文件列表]
+```
+
+### Phase 2: 双模型审查 [required]
+
+**Gate check**: 审查范围已确定
+
+**并行调用**（`run_in_background: true`）：
+- **backend 模型**：reviewer 角色
+  ```
+  <TASK>
+  需求：审查以下代码变更
+  上下文：[git diff + 完整文件上下文]
+  </TASK>
+  OUTPUT: 审查发现（按严重度分级：Critical/Warning/Info，每条含：位置、问题、建议）
+  ```
+- **frontend 模型**：reviewer 角色（相同格式）
+
+等待双模型返回。
+
+### Phase 3: 综合报告 + 质量关卡
+
+**Gate check**: 双模型审查已返回
+
+#### 3a. 质量关卡
+
+**⛔ 必须逐个调用 Skill，不可跳过：**
+- 调用 Skill `verify-security` — 等待报告
+- 调用 Skill `verify-quality` — 等待报告
+
+#### 3b. 综合报告
+
+合并双模型发现 + 质量关卡结果，去重，按严重度分级：
+
+```
+📋 代码审查报告
+
+## Critical（必须修复）
+1. [file:line] — [问题描述]
+   建议: [具体修复建议]
+   来源: [backend/frontend/质量关卡]
+
+## Warning（建议修复）
+1. [file:line] — [问题描述]
+   建议: [具体修复建议]
+
+## Info（供参考）
+1. [file:line] — [观察/建议]
+
+---
+总计: [N] Critical, [M] Warning, [K] Info
+```
+
+如果有 Critical 发现，询问用户是否立即修复（可切换到 `direct-fix` 策略）。
+
+---
+
+## 铁律
+
+- **审查结果必须分级** — 不可笼统说"代码看起来没问题"
+- **双模型必须独立审查** — 交叉验证的价值在于独立性
+- **Critical 必须明确标出** — 不可淡化严重问题
+- **如无发现，明确说明** — "经双模型审查，未发现问题" 优于沉默

package/templates/hooks/session-start.js

@@ -0,0 +1,100 @@
+#!/usr/bin/env node
+// CCG Session Start Hook — SessionStart
+// Injects full project context when session starts, clears, or compacts.
+
+'use strict';
+
+try {
+  const path = require('path');
+  const fs = require('fs');
+  const {
+    findProjectRoot, getActiveTask, readFileSafe,
+    detectTechStack, getGitInfo, outputHook
+  } = require('./task-utils.js');
+
+  const cwd = process.env.CLAUDE_PROJECT_DIR || process.cwd();
+  const root = findProjectRoot(cwd);
+
+  if (!root) process.exit(0);
+
+  const sections = [];
+
+  // Project info
+  const techStack = detectTechStack(root);
+  const git = getGitInfo(root);
+  sections.push(`<project>
+Tech: ${techStack}
+Branch: ${git.branch}
+Dirty files: ${git.dirtyCount}
+Root: ${root}
+</project>`);
+
+  // Model routing config
+  const configPath = path.join(root, '.ccg', 'config.toml');
+  if (fs.existsSync(configPath)) {
+    const configRaw = readFileSafe(configPath);
+    if (configRaw) {
+      const frontendMatch = configRaw.match(/primary\s*=\s*"(\w+)"/);
+      const models = frontendMatch ? `Configured (see .ccg/config.toml)` : 'Default (frontend=gemini, backend=codex)';
+      sections.push(`<models>${models}</models>`);
+    }
+  } else {
+    sections.push('<models>Default (frontend=gemini, backend=codex)</models>');
+  }
+
+  // Active task
+  const task = getActiveTask(root);
+  if (task) {
+    const taskLines = [
+      `<active-task>`,
+      `Task: ${task.title || task.id} (${task.status})`,
+      `Strategy: ${task.strategy}`,
+      `Phase: ${task.currentPhase}`,
+    ];
+
+    if (task.gate) taskLines.push(`⛔ GATE: ${task.gate}`);
+    taskLines.push(`Next: ${task.nextAction || 'Continue'}`);
+    taskLines.push(`Dir: ${task.dir}`);
+
+    // Check for plan/prd
+    const planPath = path.join(task.dir, 'plan.md');
+    const prdPath = path.join(task.dir, 'requirements.md');
+    if (fs.existsSync(planPath)) taskLines.push(`Plan: ${planPath}`);
+    if (fs.existsSync(prdPath)) taskLines.push(`PRD: ${prdPath}`);
+
+    taskLines.push('</active-task>');
+    sections.push(taskLines.join('\n'));
+  } else {
+    sections.push('<active-task>No active task. Use /ccg:go to start.</active-task>');
+  }
+
+  // Spec availability
+  const specDir = path.join(root, '.ccg', 'spec');
+  if (fs.existsSync(specDir)) {
+    try {
+      const specPaths = [];
+      const walk = (dir, prefix) => {
+        for (const entry of fs.readdirSync(dir, { withFileTypes: true })) {
+          const rel = prefix ? `${prefix}/${entry.name}` : entry.name;
+          if (entry.isDirectory()) walk(path.join(dir, entry.name), rel);
+          else if (entry.name.endsWith('.md')) specPaths.push(rel);
+        }
+      };
+      walk(specDir, '');
+      if (specPaths.length > 0) {
+        sections.push(`<specs>\nAvailable specs in .ccg/spec/:\n${specPaths.map(p => `  - ${p}`).join('\n')}\n</specs>`);
+      }
+    } catch { /* silent */ }
+  }
+
+  // Available commands hint
+  sections.push(`<commands>
+Key commands: /ccg:go (smart entry), /ccg:commit, /ccg:review
+All /ccg:* commands available. Use /ccg:go for intelligent routing.
+</commands>`);
+
+  const context = `<ccg-session>\n${sections.join('\n\n')}\n</ccg-session>`;
+  outputHook('SessionStart', context);
+} catch {
+  process.exit(0);
+}

package/templates/hooks/skill-router.js

@@ -0,0 +1,144 @@
+#!/usr/bin/env node
+// CCG Skill Router Hook — UserPromptSubmit
+// Detects domain keywords in user message and injects relevant skill content.
+// Fires alongside workflow-state.js on every user prompt.
+
+'use strict';
+
+try {
+  const fs = require('fs');
+  const path = require('path');
+  const { findProjectRoot, outputHook } = require('./task-utils.js');
+
+  // Read hook input (contains user's message)
+  let inputData = '';
+  if (!process.stdin.isTTY) {
+    inputData = fs.readFileSync(0, 'utf-8');
+  }
+
+  // Extract user message from hook input
+  let userMessage = '';
+  try {
+    const parsed = JSON.parse(inputData);
+    userMessage = parsed.message || parsed.content || parsed.prompt || '';
+    if (typeof userMessage === 'object') userMessage = JSON.stringify(userMessage);
+  } catch {
+    userMessage = inputData;
+  }
+
+  if (!userMessage || userMessage.length < 5) process.exit(0);
+
+  const msgLower = userMessage.toLowerCase();
+
+  // Keyword → skill file routing table
+  const ROUTES = [
+    { keywords: ['渗透', '红队', 'pentest', 'exploit', 'c2', '横向', '提权', 'bypass', 'red team'], skill: 'domains/security/red-team.md', name: '红队渗透' },
+    { keywords: ['蓝队', '告警', 'ioc', '应急', '取证', 'siem', 'edr', 'blue team', 'incident'], skill: 'domains/security/blue-team.md', name: '蓝队防御' },
+    { keywords: ['sqli', 'xss', 'ssrf', 'rce', 'injection', 'owasp', 'web渗透', 'api安全'], skill: 'domains/security/pentest.md', name: 'Web渗透' },
+    { keywords: ['代码审计', '污点分析', 'sink', 'source', '危险函数', 'code audit'], skill: 'domains/security/code-audit.md', name: '代码审计' },
+    { keywords: ['逆向', 'pwn', 'fuzzing', '栈溢出', '堆溢出', 'rop', 'binary', 'reversing'], skill: 'domains/security/vuln-research.md', name: '漏洞研究' },
+    { keywords: ['osint', '威胁情报', '威胁建模', 'att&ck', 'threat', 'threat hunting'], skill: 'domains/security/threat-intel.md', name: '威胁情报' },
+    { keywords: ['api设计', 'rest', 'graphql', 'grpc', 'endpoint', 'versioning', 'api design'], skill: 'domains/architecture/api-design.md', name: 'API设计' },
+    { keywords: ['缓存', 'redis', 'memcached', 'cache', 'cdn', 'invalidation'], skill: 'domains/architecture/caching.md', name: '缓存架构' },
+    { keywords: ['kubernetes', 'docker', 'k8s', '微服务', 'service mesh', 'cloud native'], skill: 'domains/architecture/cloud-native.md', name: '云原生' },
+    { keywords: ['kafka', 'rabbitmq', '消息队列', 'event driven', 'pub/sub', 'message queue'], skill: 'domains/architecture/message-queue.md', name: '消息队列' },
+    { keywords: ['rag', 'retrieval', '向量', 'embedding', 'chunking', 'vector'], skill: 'domains/ai/rag-system.md', name: 'RAG系统' },
+    { keywords: ['ai agent', 'tool use', 'function calling', 'agent框架', 'orchestration'], skill: 'domains/ai/agent-dev.md', name: 'Agent开发' },
+    { keywords: ['prompt injection', 'jailbreak', 'guardrail', 'llm安全'], skill: 'domains/ai/llm-security.md', name: 'LLM安全' },
+  ];
+
+  // Find matching skills
+  const matched = ROUTES.filter(route =>
+    route.keywords.some(kw => msgLower.includes(kw))
+  );
+
+  // ── Model action triggers ──
+  // Detect when user wants to use a specific model for a task
+  const MODEL_ACTIONS = [
+    { keywords: ['codex审查', 'codex 审查', 'codex review', '用codex看', '让codex检查', 'codex检查'], model: 'codex', role: 'reviewer', action: '审查当前代码变更（git diff）' },
+    { keywords: ['codex分析', 'codex 分析', 'codex analyze', '用codex分析'], model: 'codex', role: 'analyzer', action: '分析当前项目/代码' },
+    { keywords: ['codex调试', 'codex 调试', 'codex debug', '用codex调试'], model: 'codex', role: 'debugger', action: '诊断问题' },
+    { keywords: ['codex测试', 'codex 测试', 'codex test', '用codex写测试'], model: 'codex', role: 'tester', action: '生成测试用例' },
+    { keywords: ['gemini审查', 'gemini 审查', 'gemini review', '用gemini看', '让gemini检查'], model: 'gemini', role: 'reviewer', action: '审查当前代码变更（git diff）' },
+    { keywords: ['gemini分析', 'gemini 分析', 'gemini analyze', '用gemini分析'], model: 'gemini', role: 'analyzer', action: '分析当前项目/代码' },
+    { keywords: ['gemini前端', 'gemini 前端', '用gemini做前端'], model: 'gemini', role: 'frontend', action: '前端开发分析' },
+    { keywords: ['双模型审查', '双模型 审查', '两个模型审查', 'dual review'], model: 'both', role: 'reviewer', action: '双模型交叉审查代码变更' },
+    { keywords: ['双模型分析', '双模型 分析', '两个模型分析', 'dual analyze'], model: 'both', role: 'analyzer', action: '双模型并行分析' },
+  ];
+
+  const modelAction = MODEL_ACTIONS.find(a => a.keywords.some(kw => msgLower.includes(kw)));
+  if (modelAction) {
+    const homeDir = process.env.HOME || process.env.USERPROFILE || '';
+    const wrapperPath = path.join(homeDir, '.claude', 'bin', 'codeagent-wrapper');
+
+    let actionInstructions;
+    if (modelAction.model === 'both') {
+      actionInstructions = `<ccg-model-action>
+用户请求双模型${modelAction.role === 'reviewer' ? '审查' : '分析'}。请立即执行：
+
+1. 获取工作目录: WORKDIR=$(pwd)
+2. 并行调用两个模型 (run_in_background: true):
+
+   Backend (codex):
+   ${wrapperPath} --progress --backend codex - "$WORKDIR" <<'EOF'
+   ROLE_FILE: ${path.join(homeDir, '.claude', '.ccg', 'prompts', 'codex', modelAction.role + '.md')}
+   <TASK>${modelAction.action}</TASK>
+   EOF
+
+   Frontend (gemini):
+   ${wrapperPath} --progress --backend gemini - "$WORKDIR" <<'EOF'
+   ROLE_FILE: ${path.join(homeDir, '.claude', '.ccg', 'prompts', 'gemini', modelAction.role + '.md')}
+   <TASK>${modelAction.action}</TASK>
+   EOF
+
+3. 等待结果，综合输出
+</ccg-model-action>`;
+    } else {
+      actionInstructions = `<ccg-model-action>
+用户请求使用 ${modelAction.model} 执行${modelAction.action}。请立即执行：
+
+1. 获取工作目录: WORKDIR=$(pwd)
+2. 调用模型:
+
+   ${wrapperPath} --progress --backend ${modelAction.model} - "$WORKDIR" <<'EOF'
+   ROLE_FILE: ${path.join(homeDir, '.claude', '.ccg', 'prompts', modelAction.model, modelAction.role + '.md')}
+   <TASK>${modelAction.action}</TASK>
+   EOF
+
+3. 等待结果并输出
+</ccg-model-action>`;
+    }
+
+    outputHook('UserPromptSubmit', actionInstructions);
+    process.exit(0);
+  }
+
+  // ── Domain knowledge injection ──
+  if (matched.length === 0) process.exit(0);
+
+  const cwd = process.env.CLAUDE_PROJECT_DIR || process.cwd();
+  const homeDir = process.env.HOME || process.env.USERPROFILE || '';
+  const skillsBase = path.join(homeDir, '.claude', 'skills', 'ccg');
+
+  if (!fs.existsSync(skillsBase)) process.exit(0);
+
+  const injections = [];
+  for (const match of matched.slice(0, 2)) {
+    const skillPath = path.join(skillsBase, match.skill);
+    if (!fs.existsSync(skillPath)) continue;
+
+    try {
+      const content = fs.readFileSync(skillPath, 'utf-8');
+      const lines = content.split('\n');
+      const excerpt = lines.slice(0, 120).join('\n');
+      injections.push(`## ${match.name} (auto-injected)\n${excerpt}${lines.length > 120 ? '\n...(truncated, full: ' + match.skill + ')' : ''}`);
+    } catch { /* silent */ }
+  }
+
+  if (injections.length === 0) process.exit(0);
+
+  const context = `<ccg-domain-knowledge>\n${injections.join('\n\n---\n\n')}\n</ccg-domain-knowledge>`;
+  outputHook('UserPromptSubmit', context);
+} catch {
+  process.exit(0);
+}

package/templates/hooks/subagent-context.js

@@ -0,0 +1,118 @@
+#!/usr/bin/env node
+// CCG SubAgent Context Hook — PreToolUse (Bash|Agent matcher)
+// Injects spec + task context when:
+//   1. codeagent-wrapper is about to be called (Bash)
+//   2. Agent Team member is about to be spawned (Agent)
+
+'use strict';
+
+try {
+  const path = require('path');
+  const fs = require('fs');
+  const {
+    findProjectRoot, getActiveTask, readFileSafe,
+    readContextJsonl, outputHook
+  } = require('./task-utils.js');
+
+  let inputData = '';
+  if (!process.stdin.isTTY) {
+    inputData = fs.readFileSync(0, 'utf-8');
+  }
+
+  let toolInput = {};
+  try {
+    const parsed = JSON.parse(inputData);
+    toolInput = parsed.tool_input || parsed.input || parsed;
+  } catch { /* not JSON */ }
+
+  // Determine trigger type
+  const command = toolInput.command || '';
+  const teamName = toolInput.team_name || '';
+  const agentPrompt = toolInput.prompt || '';
+
+  const isCodeagentCall = command.includes('codeagent-wrapper');
+  const isTeamSpawn = !!teamName;
+
+  // Only activate for codeagent-wrapper calls or Agent Team spawns
+  if (!isCodeagentCall && !isTeamSpawn) {
+    process.exit(0);
+  }
+
+  const cwd = process.env.CLAUDE_PROJECT_DIR || process.cwd();
+  const root = findProjectRoot(cwd);
+  if (!root) process.exit(0);
+
+  const task = getActiveTask(root);
+  if (!task) process.exit(0);
+
+  const contextParts = [];
+
+  // Inject active task info for team members
+  if (isTeamSpawn) {
+    contextParts.push(`<ccg-active-task>
+Active task: ${task.dir}
+Task: ${task.title || task.id} (${task.status})
+Strategy: ${task.strategy}
+Phase: ${task.currentPhase}
+</ccg-active-task>`);
+  }
+
+  // Read context.jsonl entries (specs + research refs)
+  const entries = readContextJsonl(task.dir);
+  if (entries.length > 0) {
+    const specContents = [];
+    for (const entry of entries) {
+      const filePath = path.isAbsolute(entry.file)
+        ? entry.file
+        : path.join(root, entry.file);
+      const content = readFileSafe(filePath);
+      if (content) {
+        specContents.push(`--- ${entry.file} (${entry.reason || 'context'}) ---\n${content}`);
+      }
+    }
+    if (specContents.length > 0) {
+      contextParts.push(`<ccg-specs>\n${specContents.join('\n\n')}\n</ccg-specs>`);
+    }
+  }
+
+  // Read PRD and plan
+  const prd = readFileSafe(path.join(task.dir, 'requirements.md'));
+  const plan = readFileSafe(path.join(task.dir, 'plan.md'));
+
+  if (prd || plan) {
+    const taskContext = ['<ccg-task-context>'];
+    if (prd) {
+      const prdSummary = prd.length > 2000 ? prd.substring(0, 2000) + '\n...(truncated)' : prd;
+      taskContext.push(`## Requirements\n${prdSummary}`);
+    }
+    if (plan) {
+      const planSummary = plan.length > 3000 ? plan.substring(0, 3000) + '\n...(truncated)' : plan;
+      taskContext.push(`## Plan\n${planSummary}`);
+    }
+    taskContext.push('</ccg-task-context>');
+    contextParts.push(taskContext.join('\n'));
+  }
+
+  // Read research files
+  const researchDir = path.join(task.dir, 'research');
+  if (fs.existsSync(researchDir)) {
+    try {
+      const researchFiles = fs.readdirSync(researchDir).filter(f => f.endsWith('.md'));
+      if (researchFiles.length > 0) {
+        const researchContents = researchFiles.map(f => {
+          const content = readFileSafe(path.join(researchDir, f));
+          return content ? `--- research/${f} ---\n${content.substring(0, 1500)}` : null;
+        }).filter(Boolean);
+        if (researchContents.length > 0) {
+          contextParts.push(`<ccg-research>\n${researchContents.join('\n\n')}\n</ccg-research>`);
+        }
+      }
+    } catch { /* silent */ }
+  }
+
+  if (contextParts.length === 0) process.exit(0);
+
+  outputHook('PreToolUse', contextParts.join('\n\n'));
+} catch {
+  process.exit(0);
+}

package/templates/hooks/task-utils.js

@@ -0,0 +1,113 @@
+#!/usr/bin/env node
+// CCG Hook Shared Utilities
+// Pure Node.js, zero external dependencies
+
+const fs = require('fs');
+const path = require('path');
+
+function findProjectRoot(startDir) {
+  let dir = startDir || process.cwd();
+  for (let i = 0; i < 20; i++) {
+    if (fs.existsSync(path.join(dir, '.ccg', 'tasks'))) return dir;
+    if (fs.existsSync(path.join(dir, '.ccg'))) return dir;
+    if (fs.existsSync(path.join(dir, '.git'))) return dir;
+    const parent = path.dirname(dir);
+    if (parent === dir) break;
+    dir = parent;
+  }
+  return null;
+}
+
+function getActiveTask(projectRoot) {
+  const tasksDir = path.join(projectRoot, '.ccg', 'tasks');
+  if (!fs.existsSync(tasksDir)) return null;
+
+  try {
+    const dirs = fs.readdirSync(tasksDir)
+      .filter(d => {
+        try {
+          return fs.statSync(path.join(tasksDir, d)).isDirectory()
+            && fs.existsSync(path.join(tasksDir, d, 'task.json'));
+        } catch { return false; }
+      })
+      .sort()
+      .reverse();
+
+    for (const dir of dirs) {
+      try {
+        const raw = fs.readFileSync(path.join(tasksDir, dir, 'task.json'), 'utf-8');
+        const task = JSON.parse(raw);
+        if (task.status !== 'completed' && task.status !== 'archived') {
+          return { dir: path.join(tasksDir, dir), ...task };
+        }
+      } catch { /* skip malformed */ }
+    }
+  } catch { /* silent */ }
+  return null;
+}
+
+function readFileSafe(filePath) {
+  try { return fs.readFileSync(filePath, 'utf-8'); } catch { return null; }
+}
+
+function readJsonSafe(filePath) {
+  try { return JSON.parse(fs.readFileSync(filePath, 'utf-8')); } catch { return null; }
+}
+
+function readContextJsonl(taskDir) {
+  const jsonlPath = path.join(taskDir, 'context.jsonl');
+  if (!fs.existsSync(jsonlPath)) return [];
+  try {
+    return fs.readFileSync(jsonlPath, 'utf-8')
+      .split('\n')
+      .filter(line => line.trim())
+      .map(line => { try { return JSON.parse(line); } catch { return null; } })
+      .filter(entry => entry && entry.file);
+  } catch { return []; }
+}
+
+function detectTechStack(projectRoot) {
+  const indicators = [
+    { file: 'package.json', stack: 'Node.js' },
+    { file: 'go.mod', stack: 'Go' },
+    { file: 'pyproject.toml', stack: 'Python' },
+    { file: 'Cargo.toml', stack: 'Rust' },
+    { file: 'pom.xml', stack: 'Java' },
+    { file: 'build.gradle', stack: 'Java/Kotlin' },
+  ];
+  const found = [];
+  for (const { file, stack } of indicators) {
+    if (fs.existsSync(path.join(projectRoot, file))) found.push(stack);
+  }
+  return found.length > 0 ? found.join(' + ') : 'Unknown';
+}
+
+function getGitInfo(projectRoot) {
+  try {
+    const { execSync } = require('child_process');
+    const branch = execSync('git rev-parse --abbrev-ref HEAD', { cwd: projectRoot, stdio: 'pipe' }).toString().trim();
+    const status = execSync('git status --porcelain', { cwd: projectRoot, stdio: 'pipe' }).toString().trim();
+    const dirtyCount = status ? status.split('\n').length : 0;
+    return { branch, dirtyCount };
+  } catch { return { branch: 'unknown', dirtyCount: 0 }; }
+}
+
+function outputHook(eventName, additionalContext) {
+  console.log(JSON.stringify({
+    hookSpecificOutput: {
+      hookEventName: eventName,
+      additionalContext
+    }
+  }));
+}
+
+module.exports = {
+  findProjectRoot,
+  getActiveTask,
+  readFileSafe,
+  readJsonSafe,
+  readContextJsonl,
+  detectTechStack,
+  getGitInfo,
+  outputHook
+};

package/templates/hooks/workflow-state.js

@@ -0,0 +1,39 @@
+#!/usr/bin/env node
+// CCG Workflow State Hook — UserPromptSubmit
+// Injects per-turn breadcrumb based on active task state.
+// Runs on EVERY user message. Must be fast (<1s) and never crash.
+
+'use strict';
+
+try {
+  const { findProjectRoot, getActiveTask, outputHook } = require('./task-utils.js');
+
+  const cwd = process.env.CLAUDE_PROJECT_DIR || process.cwd();
+  const root = findProjectRoot(cwd);
+
+  if (!root) process.exit(0);
+
+  const task = getActiveTask(root);
+
+  if (!task) {
+    process.exit(0);
+  }
+
+  const lines = [
+    '<ccg-state>',
+    `Task: ${task.title || task.id} (${task.status})`,
+    `Strategy: ${task.strategy}`,
+    `Phase: ${task.currentPhase}`,
+  ];
+
+  if (task.gate) {
+    lines.push(`⛔ GATE: ${task.gate}`);
+  }
+
+  lines.push(`Next: ${task.nextAction || 'Continue current phase'}`);
+  lines.push('</ccg-state>');
+
+  outputHook('UserPromptSubmit', lines.join('\n'));
+} catch {
+  process.exit(0);
+}

package/templates/spec/backend/index.md

@@ -0,0 +1,31 @@
+# Backend Spec — 后端编码规范
+
+> 本文件定义后端代码的编码规范。子 Agent 在写代码前会自动读取此文件。
+> 按项目实际情况修改内容。
+
+## API 规范
+
+- 路由命名: RESTful, kebab-case
+- 请求/响应格式: JSON, camelCase fields
+- 错误格式: `{ "error": { "code": "...", "message": "..." } }`
+- 认证: Bearer token in Authorization header
+
+## 错误处理
+
+- 所有 API 端点必须返回结构化错误
+- 4xx: 客户端错误（验证失败、未授权等）
+- 5xx: 服务端错误（包装内部异常，不暴露堆栈）
+- 超时: 设置合理超时，超时后返回 504
+
+## 测试要求
+
+- 核心逻辑覆盖率 > 80%
+- API 端点必须有集成测试
+- 测试命名: `describe('模块') → it('should 行为')`
+
+## 安全清单
+
+- [ ] 输入验证（不信任任何用户输入）
+- [ ] SQL 参数化（禁止字符串拼接）
+- [ ] 密钥不硬编码（使用环境变量）
+- [ ] 敏感数据日志脱敏