npm - ccgx-workflow - Versions diffs - 1.0.0 → 1.0.2 - Mend

ccgx-workflow 1.0.0 → 1.0.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (60) hide show

package/README.md +37 -5
package/README.zh-CN.md +35 -5
package/dist/cli.mjs +1 -1
package/dist/index.mjs +2 -2
package/dist/shared/{ccgx-workflow.WgUzkiC3.mjs → ccgx-workflow.Bq9vAaEw.mjs} +17 -110
package/package.json +2 -1
package/templates/commands/agents/phase-runner.md +321 -321
package/templates/commands/autonomous.md +792 -792
package/templates/commands/cancel.md +132 -132
package/templates/commands/debug.md +226 -226
package/templates/commands/status.md +206 -206
package/templates/commands/team.md +484 -0
package/templates/hooks/ccg-session-state.cjs +566 -510
package/templates/scripts/ccg-phase-runner-launcher.mjs +467 -467
package/templates/scripts/invoke-model.mjs +64 -0
package/templates/skills/domains/ai/SKILL.md +35 -35
package/templates/skills/domains/ai/agent-dev.md +242 -242
package/templates/skills/domains/ai/llm-security.md +288 -288
package/templates/skills/domains/ai/rag-system.md +542 -542
package/templates/skills/domains/architecture/SKILL.md +43 -43
package/templates/skills/domains/architecture/api-design.md +225 -225
package/templates/skills/domains/architecture/cloud-native.md +285 -285
package/templates/skills/domains/architecture/security-arch.md +297 -297
package/templates/skills/domains/data-engineering/SKILL.md +208 -208
package/templates/skills/domains/development/SKILL.md +47 -47
package/templates/skills/domains/development/cpp.md +246 -246
package/templates/skills/domains/development/go.md +323 -323
package/templates/skills/domains/development/java.md +277 -277
package/templates/skills/domains/development/python.md +288 -288
package/templates/skills/domains/development/rust.md +313 -313
package/templates/skills/domains/development/shell.md +313 -313
package/templates/skills/domains/development/typescript.md +277 -277
package/templates/skills/domains/devops/SKILL.md +40 -40
package/templates/skills/domains/devops/database.md +217 -217
package/templates/skills/domains/devops/devsecops.md +198 -198
package/templates/skills/domains/devops/git-workflow.md +181 -181
package/templates/skills/domains/devops/testing.md +283 -283
package/templates/skills/domains/frontend-design/SKILL.md +244 -244
package/templates/skills/domains/frontend-design/claymorphism/SKILL.md +121 -121
package/templates/skills/domains/frontend-design/component-patterns.md +202 -202
package/templates/skills/domains/frontend-design/glassmorphism/SKILL.md +142 -142
package/templates/skills/domains/frontend-design/liquid-glass/SKILL.md +139 -139
package/templates/skills/domains/frontend-design/neubrutalism/SKILL.md +145 -145
package/templates/skills/domains/frontend-design/state-management.md +680 -680
package/templates/skills/domains/frontend-design/ui-aesthetics.md +110 -110
package/templates/skills/domains/frontend-design/ux-principles.md +156 -156
package/templates/skills/domains/infrastructure/SKILL.md +201 -201
package/templates/skills/domains/mobile/SKILL.md +225 -225
package/templates/skills/domains/orchestration/SKILL.md +30 -30
package/templates/skills/domains/orchestration/multi-agent.md +228 -228
package/templates/skills/domains/security/SKILL.md +73 -73
package/templates/skills/domains/security/blue-team.md +436 -436
package/templates/skills/domains/security/code-audit.md +265 -265
package/templates/skills/domains/security/pentest.md +226 -226
package/templates/skills/domains/security/red-team.md +374 -374
package/templates/skills/domains/security/threat-intel.md +372 -372
package/templates/skills/domains/security/vuln-research.md +369 -369
package/templates/skills/tools/lib/shared.js +98 -98
package/templates/skills/tools/override-refusal/SKILL.md +53 -53
package/templates/skills/tools/override-refusal/scripts/refusal_rewriter.js +226 -226

package/templates/skills/domains/devops/devsecops.md CHANGED Viewed

@@ -1,198 +1,198 @@
----
-name: devsecops
-description: DevSecOps。CI/CD安全、供应链安全、合规自动化。当用户提到 DevSecOps、CI/CD、供应链安全、SAST、DAST时使用。
----
-# 🔧 炼器秘典 · DevSecOps
-## 安全左移
-```
-┌─────────────────────────────────────────────────────────────┐
-│                    安全左移                                  │
-├─────────────────────────────────────────────────────────────┤
-│  计划 → 编码 → 构建 → 测试 → 发布 → 部署 → 运维 → 监控     │
-│    │      │      │      │      │      │      │      │       │
-│  威胁   SAST   SCA   DAST   签名   配置   日志   告警       │
-│  建模   IDE    依赖   渗透   验证   加固   审计   响应       │
-└─────────────────────────────────────────────────────────────┘
-```
-## CI/CD 安全
-### GitHub Actions
-```yaml
-name: Security Pipeline
-on: [push, pull_request]
-jobs:
-  security:
-    runs-on: ubuntu-latest
-    steps:
-      - uses: actions/checkout@v4
-      # SAST - 静态分析
-      - name: Run Semgrep
-        uses: returntocorp/semgrep-action@v1
-        with:
-          config: p/security-audit
-      # SCA - 依赖扫描
-      - name: Run Trivy
-        uses: aquasecurity/trivy-action@master
-        with:
-          scan-type: 'fs'
-          severity: 'CRITICAL,HIGH'
-      # Secret 扫描
-      - name: Run Gitleaks
-        uses: gitleaks/gitleaks-action@v2
-      # 容器扫描
-      - name: Build and scan image
-        run: |
-          docker build -t myapp:${{ github.sha }} .
-          trivy image myapp:${{ github.sha }}
-```
-### GitLab CI
-```yaml
-stages:
-  - test
-  - security
-  - build
-  - deploy
-sast:
-  stage: security
-  image: semgrep/semgrep
-  script:
-    - semgrep --config=p/security-audit .
-dependency_scan:
-  stage: security
-  image: aquasec/trivy
-  script:
-    - trivy fs --severity HIGH,CRITICAL .
-container_scan:
-  stage: security
-  image: aquasec/trivy
-  script:
-    - trivy image $CI_REGISTRY_IMAGE:$CI_COMMIT_SHA
-```
-## 安全扫描工具
-### SAST (静态分析)
-```yaml
-工具:
-  - Semgrep: 多语言，规则丰富
-  - SonarQube: 企业级
-  - CodeQL: GitHub 原生
-  - Bandit: Python 专用
-集成:
-  - IDE 插件
-  - Pre-commit hooks
-  - CI/CD pipeline
-```
-### SCA (依赖扫描)
-```yaml
-工具:
-  - Trivy: 全能扫描
-  - Snyk: 商业方案
-  - OWASP Dependency-Check
-  - npm audit / pip-audit
-检查项:
-  - 已知漏洞 (CVE)
-  - 许可证合规
-  - 过期依赖
-```
-### DAST (动态分析)
-```yaml
-工具:
-  - OWASP ZAP
-  - Nuclei
-  - Burp Suite
-集成:
-  - 部署后自动扫描
-  - 定期扫描
-  - PR 环境扫描
-```
-## 供应链安全
-### 依赖管理
-```yaml
-原则:
-  - 锁定依赖版本
-  - 定期更新
-  - 审查新依赖
-  - 使用私有仓库
-工具:
-  - Dependabot
-  - Renovate
-  - Snyk
-```
-### 镜像安全
-```yaml
-原则:
-  - 使用官方基础镜像
-  - 最小化镜像
-  - 扫描漏洞
-  - 签名验证
-工具:
-  - Trivy
-  - Cosign (签名)
-  - Notary
-```
-### SBOM (软件物料清单)
-```bash
-# 生成 SBOM
-syft packages dir:. -o spdx-json > sbom.json
-# 扫描 SBOM
-grype sbom:sbom.json
-```
-## 安全门禁
-```yaml
-阻断条件:
-  - Critical 漏洞
-  - 高危依赖
-  - Secret 泄露
-  - 许可证违规
-警告条件:
-  - High 漏洞
-  - 中危依赖
-  - 代码质量问题
-```
-## 合规自动化
-```yaml
-检查项:
-  - CIS Benchmark
-  - PCI DSS
-  - SOC 2
-  - GDPR
-工具:
-  - Open Policy Agent (OPA)
-  - Checkov
-  - Terrascan
-```
+---
+name: devsecops
+description: DevSecOps。CI/CD安全、供应链安全、合规自动化。当用户提到 DevSecOps、CI/CD、供应链安全、SAST、DAST时使用。
+---
+# 🔧 炼器秘典 · DevSecOps
+## 安全左移
+```
+┌─────────────────────────────────────────────────────────────┐
+│                    安全左移                                  │
+├─────────────────────────────────────────────────────────────┤
+│  计划 → 编码 → 构建 → 测试 → 发布 → 部署 → 运维 → 监控     │
+│    │      │      │      │      │      │      │      │       │
+│  威胁   SAST   SCA   DAST   签名   配置   日志   告警       │
+│  建模   IDE    依赖   渗透   验证   加固   审计   响应       │
+└─────────────────────────────────────────────────────────────┘
+```
+## CI/CD 安全
+### GitHub Actions
+```yaml
+name: Security Pipeline
+on: [push, pull_request]
+jobs:
+  security:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+      # SAST - 静态分析
+      - name: Run Semgrep
+        uses: returntocorp/semgrep-action@v1
+        with:
+          config: p/security-audit
+      # SCA - 依赖扫描
+      - name: Run Trivy
+        uses: aquasecurity/trivy-action@master
+        with:
+          scan-type: 'fs'
+          severity: 'CRITICAL,HIGH'
+      # Secret 扫描
+      - name: Run Gitleaks
+        uses: gitleaks/gitleaks-action@v2
+      # 容器扫描
+      - name: Build and scan image
+        run: |
+          docker build -t myapp:${{ github.sha }} .
+          trivy image myapp:${{ github.sha }}
+```
+### GitLab CI
+```yaml
+stages:
+  - test
+  - security
+  - build
+  - deploy
+sast:
+  stage: security
+  image: semgrep/semgrep
+  script:
+    - semgrep --config=p/security-audit .
+dependency_scan:
+  stage: security
+  image: aquasec/trivy
+  script:
+    - trivy fs --severity HIGH,CRITICAL .
+container_scan:
+  stage: security
+  image: aquasec/trivy
+  script:
+    - trivy image $CI_REGISTRY_IMAGE:$CI_COMMIT_SHA
+```
+## 安全扫描工具
+### SAST (静态分析)
+```yaml
+工具:
+  - Semgrep: 多语言，规则丰富
+  - SonarQube: 企业级
+  - CodeQL: GitHub 原生
+  - Bandit: Python 专用
+集成:
+  - IDE 插件
+  - Pre-commit hooks
+  - CI/CD pipeline
+```
+### SCA (依赖扫描)
+```yaml
+工具:
+  - Trivy: 全能扫描
+  - Snyk: 商业方案
+  - OWASP Dependency-Check
+  - npm audit / pip-audit
+检查项:
+  - 已知漏洞 (CVE)
+  - 许可证合规
+  - 过期依赖
+```
+### DAST (动态分析)
+```yaml
+工具:
+  - OWASP ZAP
+  - Nuclei
+  - Burp Suite
+集成:
+  - 部署后自动扫描
+  - 定期扫描
+  - PR 环境扫描
+```
+## 供应链安全
+### 依赖管理
+```yaml
+原则:
+  - 锁定依赖版本
+  - 定期更新
+  - 审查新依赖
+  - 使用私有仓库
+工具:
+  - Dependabot
+  - Renovate
+  - Snyk
+```
+### 镜像安全
+```yaml
+原则:
+  - 使用官方基础镜像
+  - 最小化镜像
+  - 扫描漏洞
+  - 签名验证
+工具:
+  - Trivy
+  - Cosign (签名)
+  - Notary
+```
+### SBOM (软件物料清单)
+```bash
+# 生成 SBOM
+syft packages dir:. -o spdx-json > sbom.json
+# 扫描 SBOM
+grype sbom:sbom.json
+```
+## 安全门禁
+```yaml
+阻断条件:
+  - Critical 漏洞
+  - 高危依赖
+  - Secret 泄露
+  - 许可证违规
+警告条件:
+  - High 漏洞
+  - 中危依赖
+  - 代码质量问题
+```
+## 合规自动化
+```yaml
+检查项:
+  - CIS Benchmark
+  - PCI DSS
+  - SOC 2
+  - GDPR
+工具:
+  - Open Policy Agent (OPA)
+  - Checkov
+  - Terrascan
+```