claude-code-pilot 3.0.0 → 3.1.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +76 -97
- package/bin/install.js +13 -13
- package/manifest.json +1 -1
- package/package.json +1 -1
- package/src/agents/doc-updater.md +1 -1
- package/src/agents/gan-evaluator.md +209 -0
- package/src/agents/gan-generator.md +131 -0
- package/src/agents/gan-planner.md +99 -0
- package/src/agents/harness-optimizer.md +35 -0
- package/src/agents/loop-operator.md +36 -0
- package/src/agents/opensource-forker.md +198 -0
- package/src/agents/opensource-packager.md +249 -0
- package/src/agents/opensource-sanitizer.md +188 -0
- package/src/agents/performance-optimizer.md +446 -0
- package/src/available-rules/README.md +1 -1
- package/src/commands/{aside.md → ccp/aside.md} +14 -13
- package/src/commands/{build-fix.md → ccp/build-fix.md} +5 -0
- package/src/commands/{checkpoint.md → ccp/checkpoint.md} +12 -7
- package/src/commands/{code-review.md → ccp/code-review.md} +5 -0
- package/src/commands/{context-budget.md → ccp/context-budget.md} +2 -1
- package/src/commands/{cpp-build.md → ccp/cpp-build.md} +6 -5
- package/src/commands/{cpp-review.md → ccp/cpp-review.md} +7 -6
- package/src/commands/{cpp-test.md → ccp/cpp-test.md} +6 -5
- package/src/commands/ccp/docs-update.md +48 -0
- package/src/commands/{docs.md → ccp/docs.md} +4 -3
- package/src/commands/{e2e.md → ccp/e2e.md} +7 -6
- package/src/commands/{eval.md → ccp/eval.md} +10 -5
- package/src/commands/{evolve.md → ccp/evolve.md} +3 -3
- package/src/commands/{go-build.md → ccp/go-build.md} +6 -5
- package/src/commands/{go-review.md → ccp/go-review.md} +7 -6
- package/src/commands/{go-test.md → ccp/go-test.md} +6 -5
- package/src/commands/{gradle-build.md → ccp/gradle-build.md} +1 -0
- package/src/commands/{harness-audit.md → ccp/harness-audit.md} +6 -1
- package/src/commands/{kotlin-build.md → ccp/kotlin-build.md} +6 -5
- package/src/commands/{kotlin-review.md → ccp/kotlin-review.md} +7 -6
- package/src/commands/{kotlin-test.md → ccp/kotlin-test.md} +6 -5
- package/src/commands/{learn.md → ccp/learn.md} +7 -2
- package/src/commands/{model-route.md → ccp/model-route.md} +6 -1
- package/src/commands/{orchestrate.md → ccp/orchestrate.md} +4 -3
- package/src/commands/{plan.md → ccp/plan.md} +6 -5
- package/src/commands/ccp/profile-user.md +46 -0
- package/src/commands/{prompt-optimize.md → ccp/prompt-optimize.md} +3 -2
- package/src/commands/{prune.md → ccp/prune.md} +4 -4
- package/src/commands/{python-review.md → ccp/python-review.md} +7 -6
- package/src/commands/{quality-gate.md → ccp/quality-gate.md} +6 -1
- package/src/commands/{refactor-clean.md → ccp/refactor-clean.md} +5 -0
- package/src/commands/{resume-session.md → ccp/resume-session.md} +9 -8
- package/src/commands/ccp/review.md +37 -0
- package/src/commands/{rules-distill.md → ccp/rules-distill.md} +2 -1
- package/src/commands/{rust-build.md → ccp/rust-build.md} +6 -5
- package/src/commands/{rust-review.md → ccp/rust-review.md} +7 -6
- package/src/commands/{rust-test.md → ccp/rust-test.md} +6 -5
- package/src/commands/{save-session.md → ccp/save-session.md} +2 -1
- package/src/commands/ccp/secure-phase.md +35 -0
- package/src/commands/{sessions.md → ccp/sessions.md} +29 -24
- package/src/commands/{setup-pm.md → ccp/setup-pm.md} +1 -0
- package/src/commands/{setup-refresh.md → ccp/setup-refresh.md} +4 -3
- package/src/commands/{setup.md → ccp/setup.md} +24 -23
- package/src/commands/{skill-create.md → ccp/skill-create.md} +8 -8
- package/src/commands/{skill-health.md → ccp/skill-health.md} +5 -5
- package/src/commands/{tdd.md → ccp/tdd.md} +9 -8
- package/src/commands/{test-coverage.md → ccp/test-coverage.md} +5 -0
- package/src/commands/{tool-guide.md → ccp/tool-guide.md} +2 -1
- package/src/commands/{update-codemaps.md → ccp/update-codemaps.md} +5 -0
- package/src/commands/{update-docs.md → ccp/update-docs.md} +5 -0
- package/src/commands/{verify.md → ccp/verify.md} +5 -0
- package/src/commands/ccp/workstreams.md +68 -0
- package/src/examples/CLAUDE.md +4 -4
- package/src/examples/django-api-CLAUDE.md +5 -5
- package/src/examples/go-microservice-CLAUDE.md +6 -6
- package/src/examples/rust-api-CLAUDE.md +4 -4
- package/src/examples/saas-nextjs-CLAUDE.md +8 -8
- package/src/hooks/session-start.js +1 -1
- package/src/pilot/references/mcp-servers.json +1 -1
- package/src/pilot/workflows/docs-update.md +1165 -0
- package/src/pilot/workflows/help.md +48 -56
- package/src/pilot/workflows/profile-user.md +452 -0
- package/src/pilot/workflows/review.md +244 -0
- package/src/pilot/workflows/secure-phase.md +164 -0
- package/src/rules/common/code-review.md +124 -0
- package/src/rules/zh/README.md +108 -0
- package/src/rules/zh/agents.md +50 -0
- package/src/rules/zh/code-review.md +124 -0
- package/src/rules/zh/coding-style.md +48 -0
- package/src/rules/zh/development-workflow.md +44 -0
- package/src/rules/zh/git-workflow.md +24 -0
- package/src/rules/zh/hooks.md +30 -0
- package/src/rules/zh/patterns.md +31 -0
- package/src/rules/zh/performance.md +55 -0
- package/src/rules/zh/security.md +29 -0
- package/src/rules/zh/testing.md +29 -0
- package/src/skills/autonomous-agent-harness/SKILL.md +267 -0
- package/src/skills/autonomous-loops/SKILL.md +610 -0
- package/src/skills/bun-runtime/SKILL.md +84 -0
- package/src/skills/content-hash-cache-pattern/SKILL.md +161 -0
- package/src/skills/context-budget/SKILL.md +3 -3
- package/src/skills/continuous-learning-v2/SKILL.md +4 -4
- package/src/skills/continuous-learning-v2/agents/observer.md +1 -1
- package/src/skills/cost-aware-llm-pipeline/SKILL.md +183 -0
- package/src/skills/design-system/SKILL.md +82 -0
- package/src/skills/eval-harness/SKILL.md +270 -0
- package/src/skills/flutter-dart-code-review/SKILL.md +435 -0
- package/src/skills/gan-style-harness/SKILL.md +278 -0
- package/src/skills/git-workflow/SKILL.md +715 -0
- package/src/skills/hexagonal-architecture/SKILL.md +276 -0
- package/src/skills/iterative-retrieval/SKILL.md +211 -0
- package/src/skills/laravel-plugin-discovery/SKILL.md +229 -0
- package/src/skills/nextjs-turbopack/SKILL.md +44 -0
- package/src/skills/nuxt4-patterns/SKILL.md +100 -0
- package/src/skills/opensource-pipeline/SKILL.md +255 -0
- package/src/skills/perl-security/SKILL.md +503 -0
- package/src/skills/project-flow-ops/SKILL.md +111 -0
- package/src/skills/project-guidelines-example/SKILL.md +349 -0
- package/src/skills/prompt-optimizer/SKILL.md +38 -38
- package/src/skills/pytorch-patterns/SKILL.md +396 -0
- package/src/skills/regex-vs-llm-structured-text/SKILL.md +220 -0
- package/src/skills/repo-scan/SKILL.md +78 -0
- package/src/skills/rules-distill/SKILL.md +264 -0
- package/src/skills/rules-distill/scripts/scan-rules.sh +58 -0
- package/src/skills/rules-distill/scripts/scan-skills.sh +129 -0
- package/src/skills/swift-concurrency-6-2/SKILL.md +216 -0
- package/src/skills/token-budget-advisor/SKILL.md +133 -0
- package/src/skills/verification-loop/SKILL.md +1 -1
- package/src/skills/workspace-surface-audit/SKILL.md +125 -0
|
@@ -0,0 +1,124 @@
|
|
|
1
|
+
# 代码审查标准
|
|
2
|
+
|
|
3
|
+
## 目的
|
|
4
|
+
|
|
5
|
+
代码审查确保代码合并前的质量、安全性和可维护性。此规则定义何时以及如何进行代码审查。
|
|
6
|
+
|
|
7
|
+
## 何时审查
|
|
8
|
+
|
|
9
|
+
**强制审查触发条件:**
|
|
10
|
+
|
|
11
|
+
- 编写或修改代码后
|
|
12
|
+
- 提交到共享分支之前
|
|
13
|
+
- 更改安全敏感代码时(认证、支付、用户数据)
|
|
14
|
+
- 进行架构更改时
|
|
15
|
+
- 合并 pull request 之前
|
|
16
|
+
|
|
17
|
+
**审查前要求:**
|
|
18
|
+
|
|
19
|
+
在请求审查之前,确保:
|
|
20
|
+
|
|
21
|
+
- 所有自动化检查(CI/CD)已通过
|
|
22
|
+
- 合并冲突已解决
|
|
23
|
+
- 分支已与目标分支同步
|
|
24
|
+
|
|
25
|
+
## 审查检查清单
|
|
26
|
+
|
|
27
|
+
在标记代码完成之前:
|
|
28
|
+
|
|
29
|
+
- [ ] 代码可读且命名良好
|
|
30
|
+
- [ ] 函数聚焦(<50 行)
|
|
31
|
+
- [ ] 文件内聚(<800 行)
|
|
32
|
+
- [ ] 无深层嵌套(>4 层)
|
|
33
|
+
- [ ] 错误显式处理
|
|
34
|
+
- [ ] 无硬编码密钥或凭据
|
|
35
|
+
- [ ] 无 console.log 或调试语句
|
|
36
|
+
- [ ] 新功能有测试
|
|
37
|
+
- [ ] 测试覆盖率满足 80% 最低要求
|
|
38
|
+
|
|
39
|
+
## 安全审查触发条件
|
|
40
|
+
|
|
41
|
+
**停止并使用 security-reviewer 代理当:**
|
|
42
|
+
|
|
43
|
+
- 认证或授权代码
|
|
44
|
+
- 用户输入处理
|
|
45
|
+
- 数据库查询
|
|
46
|
+
- 文件系统操作
|
|
47
|
+
- 外部 API 调用
|
|
48
|
+
- 加密操作
|
|
49
|
+
- 支付或金融代码
|
|
50
|
+
|
|
51
|
+
## 审查严重级别
|
|
52
|
+
|
|
53
|
+
| 级别 | 含义 | 行动 |
|
|
54
|
+
|-------|---------|--------|
|
|
55
|
+
| CRITICAL(关键) | 安全漏洞或数据丢失风险 | **阻止** - 合并前必须修复 |
|
|
56
|
+
| HIGH(高) | Bug 或重大质量问题 | **警告** - 合并前应修复 |
|
|
57
|
+
| MEDIUM(中) | 可维护性问题 | **信息** - 考虑修复 |
|
|
58
|
+
| LOW(低) | 风格或次要建议 | **注意** - 可选 |
|
|
59
|
+
|
|
60
|
+
## 代理使用
|
|
61
|
+
|
|
62
|
+
使用这些代理进行代码审查:
|
|
63
|
+
|
|
64
|
+
| 代理 | 用途 |
|
|
65
|
+
|-------|--------|
|
|
66
|
+
| **code-reviewer** | 通用代码质量、模式、最佳实践 |
|
|
67
|
+
| **security-reviewer** | 安全漏洞、OWASP Top 10 |
|
|
68
|
+
| **typescript-reviewer** | TypeScript/JavaScript 特定问题 |
|
|
69
|
+
| **python-reviewer** | Python 特定问题 |
|
|
70
|
+
| **go-reviewer** | Go 特定问题 |
|
|
71
|
+
| **rust-reviewer** | Rust 特定问题 |
|
|
72
|
+
|
|
73
|
+
## 审查工作流
|
|
74
|
+
|
|
75
|
+
```
|
|
76
|
+
1. 运行 git diff 了解更改
|
|
77
|
+
2. 先检查安全检查清单
|
|
78
|
+
3. 审查代码质量检查清单
|
|
79
|
+
4. 运行相关测试
|
|
80
|
+
5. 验证覆盖率 >= 80%
|
|
81
|
+
6. 使用适当的代理进行详细审查
|
|
82
|
+
```
|
|
83
|
+
|
|
84
|
+
## 常见问题捕获
|
|
85
|
+
|
|
86
|
+
### 安全
|
|
87
|
+
|
|
88
|
+
- 硬编码凭据(API 密钥、密码、令牌)
|
|
89
|
+
- SQL 注入(查询中的字符串拼接)
|
|
90
|
+
- XSS 漏洞(未转义的用户输入)
|
|
91
|
+
- 路径遍历(未净化的文件路径)
|
|
92
|
+
- CSRF 保护缺失
|
|
93
|
+
- 认证绕过
|
|
94
|
+
|
|
95
|
+
### 代码质量
|
|
96
|
+
|
|
97
|
+
- 大函数(>50 行)- 拆分为更小的
|
|
98
|
+
- 大文件(>800 行)- 提取模块
|
|
99
|
+
- 深层嵌套(>4 层)- 使用提前返回
|
|
100
|
+
- 缺少错误处理 - 显式处理
|
|
101
|
+
- 变更模式 - 优先使用不可变操作
|
|
102
|
+
- 缺少测试 - 添加测试覆盖
|
|
103
|
+
|
|
104
|
+
### 性能
|
|
105
|
+
|
|
106
|
+
- N+1 查询 - 使用 JOIN 或批处理
|
|
107
|
+
- 缺少分页 - 给查询添加 LIMIT
|
|
108
|
+
- 无界查询 - 添加约束
|
|
109
|
+
- 缺少缓存 - 缓存昂贵操作
|
|
110
|
+
|
|
111
|
+
## 批准标准
|
|
112
|
+
|
|
113
|
+
- **批准**:无关键或高优先级问题
|
|
114
|
+
- **警告**:仅有高优先级问题(谨慎合并)
|
|
115
|
+
- **阻止**:发现关键问题
|
|
116
|
+
|
|
117
|
+
## 与其他规则的集成
|
|
118
|
+
|
|
119
|
+
此规则与以下规则配合:
|
|
120
|
+
|
|
121
|
+
- [testing.md](testing.md) - 测试覆盖率要求
|
|
122
|
+
- [security.md](security.md) - 安全检查清单
|
|
123
|
+
- [git-workflow.md](git-workflow.md) - 提交标准
|
|
124
|
+
- [agents.md](agents.md) - 代理委托
|
|
@@ -0,0 +1,48 @@
|
|
|
1
|
+
# 编码风格
|
|
2
|
+
|
|
3
|
+
## 不可变性(关键)
|
|
4
|
+
|
|
5
|
+
始终创建新对象,永远不要修改现有对象:
|
|
6
|
+
|
|
7
|
+
```
|
|
8
|
+
// 伪代码
|
|
9
|
+
错误: modify(original, field, value) → 就地修改 original
|
|
10
|
+
正确: update(original, field, value) → 返回带有更改的新副本
|
|
11
|
+
```
|
|
12
|
+
|
|
13
|
+
原理:不可变数据防止隐藏的副作用,使调试更容易,并启用安全的并发。
|
|
14
|
+
|
|
15
|
+
## 文件组织
|
|
16
|
+
|
|
17
|
+
多个小文件 > 少量大文件:
|
|
18
|
+
- 高内聚,低耦合
|
|
19
|
+
- 典型 200-400 行,最多 800 行
|
|
20
|
+
- 从大模块中提取工具函数
|
|
21
|
+
- 按功能/领域组织,而非按类型
|
|
22
|
+
|
|
23
|
+
## 错误处理
|
|
24
|
+
|
|
25
|
+
始终全面处理错误:
|
|
26
|
+
- 在每一层显式处理错误
|
|
27
|
+
- 在面向 UI 的代码中提供用户友好的错误消息
|
|
28
|
+
- 在服务器端记录详细的错误上下文
|
|
29
|
+
- 永远不要静默吞掉错误
|
|
30
|
+
|
|
31
|
+
## 输入验证
|
|
32
|
+
|
|
33
|
+
始终在系统边界验证:
|
|
34
|
+
- 处理前验证所有用户输入
|
|
35
|
+
- 在可用的情况下使用基于模式的验证
|
|
36
|
+
- 快速失败并给出清晰的错误消息
|
|
37
|
+
- 永远不要信任外部数据(API 响应、用户输入、文件内容)
|
|
38
|
+
|
|
39
|
+
## 代码质量检查清单
|
|
40
|
+
|
|
41
|
+
在标记工作完成前:
|
|
42
|
+
- [ ] 代码可读且命名良好
|
|
43
|
+
- [ ] 函数很小(<50 行)
|
|
44
|
+
- [ ] 文件聚焦(<800 行)
|
|
45
|
+
- [ ] 没有深层嵌套(>4 层)
|
|
46
|
+
- [ ] 正确的错误处理
|
|
47
|
+
- [ ] 没有硬编码值(使用常量或配置)
|
|
48
|
+
- [ ] 没有变更(使用不可变模式)
|
|
@@ -0,0 +1,44 @@
|
|
|
1
|
+
# 开发工作流
|
|
2
|
+
|
|
3
|
+
> 此文件扩展 [common/git-workflow.md](./git-workflow.md),包含 git 操作之前的完整功能开发流程。
|
|
4
|
+
|
|
5
|
+
功能实现工作流描述了开发管道:研究、规划、TDD、代码审查,然后提交到 git。
|
|
6
|
+
|
|
7
|
+
## 功能实现工作流
|
|
8
|
+
|
|
9
|
+
0. **研究与重用** _(任何新实现前必需)_
|
|
10
|
+
- **GitHub 代码搜索优先:** 在编写任何新代码之前,运行 `gh search repos` 和 `gh search code` 查找现有实现、模板和模式。
|
|
11
|
+
- **库文档其次:** 使用 Context7 或主要供应商文档确认 API 行为、包使用和版本特定细节。
|
|
12
|
+
- **仅当前两者不足时使用 Exa:** 在 GitHub 搜索和主要文档之后,使用 Exa 进行更广泛的网络研究或发现。
|
|
13
|
+
- **检查包注册表:** 在编写工具代码之前搜索 npm、PyPI、crates.io 和其他注册表。首选久经考验的库而非手工编写的解决方案。
|
|
14
|
+
- **搜索可适配的实现:** 寻找解决问题 80%+ 且可以分支、移植或包装的开源项目。
|
|
15
|
+
- 当满足需求时,优先采用或移植经验证的方法而非从头编写新代码。
|
|
16
|
+
|
|
17
|
+
1. **先规划**
|
|
18
|
+
- 使用 **planner** 代理创建实现计划
|
|
19
|
+
- 编码前生成规划文档:PRD、架构、系统设计、技术文档、任务列表
|
|
20
|
+
- 识别依赖和风险
|
|
21
|
+
- 分解为阶段
|
|
22
|
+
|
|
23
|
+
2. **TDD 方法**
|
|
24
|
+
- 使用 **tdd-guide** 代理
|
|
25
|
+
- 先写测试(RED)
|
|
26
|
+
- 实现以通过测试(GREEN)
|
|
27
|
+
- 重构(IMPROVE)
|
|
28
|
+
- 验证 80%+ 覆盖率
|
|
29
|
+
|
|
30
|
+
3. **代码审查**
|
|
31
|
+
- 编写代码后立即使用 **code-reviewer** 代理
|
|
32
|
+
- 解决关键和高优先级问题
|
|
33
|
+
- 尽可能修复中优先级问题
|
|
34
|
+
|
|
35
|
+
4. **提交与推送**
|
|
36
|
+
- 详细的提交消息
|
|
37
|
+
- 遵循约定式提交格式
|
|
38
|
+
- 参见 [git-workflow.md](./git-workflow.md) 了解提交消息格式和 PR 流程
|
|
39
|
+
|
|
40
|
+
5. **审查前检查**
|
|
41
|
+
- 验证所有自动化检查(CI/CD)已通过
|
|
42
|
+
- 解决任何合并冲突
|
|
43
|
+
- 确保分支已与目标分支同步
|
|
44
|
+
- 仅在这些检查通过后请求审查
|
|
@@ -0,0 +1,24 @@
|
|
|
1
|
+
# Git 工作流
|
|
2
|
+
|
|
3
|
+
## 提交消息格式
|
|
4
|
+
```
|
|
5
|
+
<类型>: <描述>
|
|
6
|
+
|
|
7
|
+
<可选正文>
|
|
8
|
+
```
|
|
9
|
+
|
|
10
|
+
类型:feat, fix, refactor, docs, test, chore, perf, ci
|
|
11
|
+
|
|
12
|
+
注意:通过 ~/.claude/settings.json 全局禁用归属。
|
|
13
|
+
|
|
14
|
+
## Pull Request 工作流
|
|
15
|
+
|
|
16
|
+
创建 PR 时:
|
|
17
|
+
1. 分析完整提交历史(不仅是最新提交)
|
|
18
|
+
2. 使用 `git diff [base-branch]...HEAD` 查看所有更改
|
|
19
|
+
3. 起草全面的 PR 摘要
|
|
20
|
+
4. 包含带有 TODO 的测试计划
|
|
21
|
+
5. 如果是新分支,使用 `-u` 标志推送
|
|
22
|
+
|
|
23
|
+
> 对于 git 操作之前的完整开发流程(规划、TDD、代码审查),
|
|
24
|
+
> 参见 [development-workflow.md](./development-workflow.md)。
|
|
@@ -0,0 +1,30 @@
|
|
|
1
|
+
# 钩子系统
|
|
2
|
+
|
|
3
|
+
## 钩子类型
|
|
4
|
+
|
|
5
|
+
- **PreToolUse**:工具执行前(验证、参数修改)
|
|
6
|
+
- **PostToolUse**:工具执行后(自动格式化、检查)
|
|
7
|
+
- **Stop**:会话结束时(最终验证)
|
|
8
|
+
|
|
9
|
+
## 自动接受权限
|
|
10
|
+
|
|
11
|
+
谨慎使用:
|
|
12
|
+
- 为可信、定义明确的计划启用
|
|
13
|
+
- 探索性工作时禁用
|
|
14
|
+
- 永远不要使用 dangerously-skip-permissions 标志
|
|
15
|
+
- 改为在 `~/.claude.json` 中配置 `allowedTools`
|
|
16
|
+
|
|
17
|
+
## TodoWrite 最佳实践
|
|
18
|
+
|
|
19
|
+
使用 TodoWrite 工具:
|
|
20
|
+
- 跟踪多步骤任务的进度
|
|
21
|
+
- 验证对指令的理解
|
|
22
|
+
- 启用实时引导
|
|
23
|
+
- 显示细粒度的实现步骤
|
|
24
|
+
|
|
25
|
+
待办列表揭示:
|
|
26
|
+
- 顺序错误的步骤
|
|
27
|
+
- 缺失的项目
|
|
28
|
+
- 多余的不必要项目
|
|
29
|
+
- 错误的粒度
|
|
30
|
+
- 误解的需求
|
|
@@ -0,0 +1,31 @@
|
|
|
1
|
+
# 常用模式
|
|
2
|
+
|
|
3
|
+
## 骨架项目
|
|
4
|
+
|
|
5
|
+
实现新功能时:
|
|
6
|
+
1. 搜索久经考验的骨架项目
|
|
7
|
+
2. 使用并行代理评估选项:
|
|
8
|
+
- 安全性评估
|
|
9
|
+
- 可扩展性分析
|
|
10
|
+
- 相关性评分
|
|
11
|
+
- 实现规划
|
|
12
|
+
3. 克隆最佳匹配作为基础
|
|
13
|
+
4. 在经验证的结构内迭代
|
|
14
|
+
|
|
15
|
+
## 设计模式
|
|
16
|
+
|
|
17
|
+
### 仓储模式
|
|
18
|
+
|
|
19
|
+
将数据访问封装在一致的接口后面:
|
|
20
|
+
- 定义标准操作:findAll、findById、create、update、delete
|
|
21
|
+
- 具体实现处理存储细节(数据库、API、文件等)
|
|
22
|
+
- 业务逻辑依赖抽象接口,而非存储机制
|
|
23
|
+
- 便于轻松切换数据源,并简化使用模拟的测试
|
|
24
|
+
|
|
25
|
+
### API 响应格式
|
|
26
|
+
|
|
27
|
+
对所有 API 响应使用一致的信封:
|
|
28
|
+
- 包含成功/状态指示器
|
|
29
|
+
- 包含数据负载(错误时可为空)
|
|
30
|
+
- 包含错误消息字段(成功时可为空)
|
|
31
|
+
- 包含分页响应的元数据(total、page、limit)
|
|
@@ -0,0 +1,55 @@
|
|
|
1
|
+
# 性能优化
|
|
2
|
+
|
|
3
|
+
## 模型选择策略
|
|
4
|
+
|
|
5
|
+
**Haiku 4.5**(Sonnet 90% 的能力,3 倍成本节省):
|
|
6
|
+
- 频繁调用的轻量级代理
|
|
7
|
+
- 结对编程和代码生成
|
|
8
|
+
- 多代理系统中的工作者代理
|
|
9
|
+
|
|
10
|
+
**Sonnet 4.6**(最佳编码模型):
|
|
11
|
+
- 主要开发工作
|
|
12
|
+
- 编排多代理工作流
|
|
13
|
+
- 复杂编码任务
|
|
14
|
+
|
|
15
|
+
**Opus 4.5**(最深度推理):
|
|
16
|
+
- 复杂架构决策
|
|
17
|
+
- 最大推理需求
|
|
18
|
+
- 研究和分析任务
|
|
19
|
+
|
|
20
|
+
## 上下文窗口管理
|
|
21
|
+
|
|
22
|
+
避免在上下文窗口的最后 20% 进行以下操作:
|
|
23
|
+
- 大规模重构
|
|
24
|
+
- 跨多个文件的功能实现
|
|
25
|
+
- 调试复杂交互
|
|
26
|
+
|
|
27
|
+
上下文敏感度较低的任务:
|
|
28
|
+
- 单文件编辑
|
|
29
|
+
- 独立工具创建
|
|
30
|
+
- 文档更新
|
|
31
|
+
- 简单 bug 修复
|
|
32
|
+
|
|
33
|
+
## 扩展思考 + 规划模式
|
|
34
|
+
|
|
35
|
+
扩展思考默认启用,为内部推理保留最多 31,999 个 token。
|
|
36
|
+
|
|
37
|
+
通过以下方式控制扩展思考:
|
|
38
|
+
- **切换**:Option+T(macOS)/ Alt+T(Windows/Linux)
|
|
39
|
+
- **配置**:在 `~/.claude/settings.json` 中设置 `alwaysThinkingEnabled`
|
|
40
|
+
- **预算上限**:`export MAX_THINKING_TOKENS=10000`
|
|
41
|
+
- **详细模式**:Ctrl+O 查看思考输出
|
|
42
|
+
|
|
43
|
+
对于需要深度推理的复杂任务:
|
|
44
|
+
1. 确保扩展思考已启用(默认开启)
|
|
45
|
+
2. 启用**规划模式**进行结构化方法
|
|
46
|
+
3. 使用多轮审查进行彻底分析
|
|
47
|
+
4. 使用分角色子代理获得多样化视角
|
|
48
|
+
|
|
49
|
+
## 构建排查
|
|
50
|
+
|
|
51
|
+
如果构建失败:
|
|
52
|
+
1. 使用 **build-error-resolver** 代理
|
|
53
|
+
2. 分析错误消息
|
|
54
|
+
3. 增量修复
|
|
55
|
+
4. 每次修复后验证
|
|
@@ -0,0 +1,29 @@
|
|
|
1
|
+
# 安全指南
|
|
2
|
+
|
|
3
|
+
## 强制安全检查
|
|
4
|
+
|
|
5
|
+
在任何提交之前:
|
|
6
|
+
- [ ] 无硬编码密钥(API 密钥、密码、令牌)
|
|
7
|
+
- [ ] 所有用户输入已验证
|
|
8
|
+
- [ ] SQL 注入防护(参数化查询)
|
|
9
|
+
- [ ] XSS 防护(净化 HTML)
|
|
10
|
+
- [ ] CSRF 保护已启用
|
|
11
|
+
- [ ] 认证/授权已验证
|
|
12
|
+
- [ ] 所有端点启用速率限制
|
|
13
|
+
- [ ] 错误消息不泄露敏感数据
|
|
14
|
+
|
|
15
|
+
## 密钥管理
|
|
16
|
+
|
|
17
|
+
- 永远不要在源代码中硬编码密钥
|
|
18
|
+
- 始终使用环境变量或密钥管理器
|
|
19
|
+
- 启动时验证所需的密钥是否存在
|
|
20
|
+
- 轮换任何可能已暴露的密钥
|
|
21
|
+
|
|
22
|
+
## 安全响应协议
|
|
23
|
+
|
|
24
|
+
如果发现安全问题:
|
|
25
|
+
1. 立即停止
|
|
26
|
+
2. 使用 **security-reviewer** 代理
|
|
27
|
+
3. 在继续之前修复关键问题
|
|
28
|
+
4. 轮换任何已暴露的密钥
|
|
29
|
+
5. 审查整个代码库中的类似问题
|
|
@@ -0,0 +1,29 @@
|
|
|
1
|
+
# 测试要求
|
|
2
|
+
|
|
3
|
+
## 最低测试覆盖率:80%
|
|
4
|
+
|
|
5
|
+
测试类型(全部必需):
|
|
6
|
+
1. **单元测试** - 单个函数、工具、组件
|
|
7
|
+
2. **集成测试** - API 端点、数据库操作
|
|
8
|
+
3. **E2E 测试** - 关键用户流程(框架根据语言选择)
|
|
9
|
+
|
|
10
|
+
## 测试驱动开发
|
|
11
|
+
|
|
12
|
+
强制工作流:
|
|
13
|
+
1. 先写测试(RED)
|
|
14
|
+
2. 运行测试 - 应该失败
|
|
15
|
+
3. 编写最小实现(GREEN)
|
|
16
|
+
4. 运行测试 - 应该通过
|
|
17
|
+
5. 重构(IMPROVE)
|
|
18
|
+
6. 验证覆盖率(80%+)
|
|
19
|
+
|
|
20
|
+
## 测试失败排查
|
|
21
|
+
|
|
22
|
+
1. 使用 **tdd-guide** 代理
|
|
23
|
+
2. 检查测试隔离
|
|
24
|
+
3. 验证模拟是否正确
|
|
25
|
+
4. 修复实现,而非测试(除非测试有误)
|
|
26
|
+
|
|
27
|
+
## 代理支持
|
|
28
|
+
|
|
29
|
+
- **tdd-guide** - 主动用于新功能,强制先写测试
|
|
@@ -0,0 +1,267 @@
|
|
|
1
|
+
---
|
|
2
|
+
name: autonomous-agent-harness
|
|
3
|
+
description: Transform Claude Code into a fully autonomous agent system with persistent memory, scheduled operations, computer use, and task queuing. Replaces standalone agent frameworks (Hermes, AutoGPT) by leveraging Claude Code's native crons, dispatch, MCP tools, and memory. Use when the user wants continuous autonomous operation, scheduled tasks, or a self-directing agent loop.
|
|
4
|
+
origin: ECC
|
|
5
|
+
---
|
|
6
|
+
|
|
7
|
+
# Autonomous Agent Harness
|
|
8
|
+
|
|
9
|
+
Turn Claude Code into a persistent, self-directing agent system using only native features and MCP servers.
|
|
10
|
+
|
|
11
|
+
## When to Activate
|
|
12
|
+
|
|
13
|
+
- User wants an agent that runs continuously or on a schedule
|
|
14
|
+
- Setting up automated workflows that trigger periodically
|
|
15
|
+
- Building a personal AI assistant that remembers context across sessions
|
|
16
|
+
- User says "run this every day", "check on this regularly", "keep monitoring"
|
|
17
|
+
- Wants to replicate functionality from Hermes, AutoGPT, or similar autonomous agent frameworks
|
|
18
|
+
- Needs computer use combined with scheduled execution
|
|
19
|
+
|
|
20
|
+
## Architecture
|
|
21
|
+
|
|
22
|
+
```
|
|
23
|
+
┌──────────────────────────────────────────────────────────────┐
|
|
24
|
+
│ Claude Code Runtime │
|
|
25
|
+
│ │
|
|
26
|
+
│ ┌──────────┐ ┌──────────┐ ┌──────────┐ ┌─────────────┐ │
|
|
27
|
+
│ │ Crons │ │ Dispatch │ │ Memory │ │ Computer │ │
|
|
28
|
+
│ │ Schedule │ │ Remote │ │ Store │ │ Use │ │
|
|
29
|
+
│ │ Tasks │ │ Agents │ │ │ │ │ │
|
|
30
|
+
│ └────┬─────┘ └────┬─────┘ └────┬─────┘ └──────┬──────┘ │
|
|
31
|
+
│ │ │ │ │ │
|
|
32
|
+
│ ▼ ▼ ▼ ▼ │
|
|
33
|
+
│ ┌──────────────────────────────────────────────────────┐ │
|
|
34
|
+
│ │ ECC Skill + Agent Layer │ │
|
|
35
|
+
│ │ │ │
|
|
36
|
+
│ │ skills/ agents/ commands/ hooks/ │ │
|
|
37
|
+
│ └──────────────────────────────────────────────────────┘ │
|
|
38
|
+
│ │ │ │ │ │
|
|
39
|
+
│ ▼ ▼ ▼ ▼ │
|
|
40
|
+
│ ┌──────────────────────────────────────────────────────┐ │
|
|
41
|
+
│ │ MCP Server Layer │ │
|
|
42
|
+
│ │ │ │
|
|
43
|
+
│ │ memory github exa supabase browser-use │ │
|
|
44
|
+
│ └──────────────────────────────────────────────────────┘ │
|
|
45
|
+
└──────────────────────────────────────────────────────────────┘
|
|
46
|
+
```
|
|
47
|
+
|
|
48
|
+
## Core Components
|
|
49
|
+
|
|
50
|
+
### 1. Persistent Memory
|
|
51
|
+
|
|
52
|
+
Use Claude Code's built-in memory system enhanced with MCP memory server for structured data.
|
|
53
|
+
|
|
54
|
+
**Built-in memory** (`~/.claude/projects/*/memory/`):
|
|
55
|
+
- User preferences, feedback, project context
|
|
56
|
+
- Stored as markdown files with frontmatter
|
|
57
|
+
- Automatically loaded at session start
|
|
58
|
+
|
|
59
|
+
**MCP memory server** (structured knowledge graph):
|
|
60
|
+
- Entities, relations, observations
|
|
61
|
+
- Queryable graph structure
|
|
62
|
+
- Cross-session persistence
|
|
63
|
+
|
|
64
|
+
**Memory patterns:**
|
|
65
|
+
|
|
66
|
+
```
|
|
67
|
+
# Short-term: current session context
|
|
68
|
+
Use TodoWrite for in-session task tracking
|
|
69
|
+
|
|
70
|
+
# Medium-term: project memory files
|
|
71
|
+
Write to ~/.claude/projects/*/memory/ for cross-session recall
|
|
72
|
+
|
|
73
|
+
# Long-term: MCP knowledge graph
|
|
74
|
+
Use mcp__memory__create_entities for permanent structured data
|
|
75
|
+
Use mcp__memory__create_relations for relationship mapping
|
|
76
|
+
Use mcp__memory__add_observations for new facts about known entities
|
|
77
|
+
```
|
|
78
|
+
|
|
79
|
+
### 2. Scheduled Operations (Crons)
|
|
80
|
+
|
|
81
|
+
Use Claude Code's scheduled tasks to create recurring agent operations.
|
|
82
|
+
|
|
83
|
+
**Setting up a cron:**
|
|
84
|
+
|
|
85
|
+
```
|
|
86
|
+
# Via MCP tool
|
|
87
|
+
mcp__scheduled-tasks__create_scheduled_task({
|
|
88
|
+
name: "daily-pr-review",
|
|
89
|
+
schedule: "0 9 * * 1-5", # 9 AM weekdays
|
|
90
|
+
prompt: "Review all open PRs in owner/my-project. For each: check CI status, review changes, flag issues. Post summary to memory.",
|
|
91
|
+
project_dir: "/path/to/repo"
|
|
92
|
+
})
|
|
93
|
+
|
|
94
|
+
# Via claude -p (programmatic mode)
|
|
95
|
+
echo "Review open PRs and summarize" | claude -p --project /path/to/repo
|
|
96
|
+
```
|
|
97
|
+
|
|
98
|
+
**Useful cron patterns:**
|
|
99
|
+
|
|
100
|
+
| Pattern | Schedule | Use Case |
|
|
101
|
+
|---------|----------|----------|
|
|
102
|
+
| Daily standup | `0 9 * * 1-5` | Review PRs, issues, deploy status |
|
|
103
|
+
| Weekly review | `0 10 * * 1` | Code quality metrics, test coverage |
|
|
104
|
+
| Hourly monitor | `0 * * * *` | Production health, error rate checks |
|
|
105
|
+
| Nightly build | `0 2 * * *` | Run full test suite, security scan |
|
|
106
|
+
| Pre-meeting | `*/30 * * * *` | Prepare context for upcoming meetings |
|
|
107
|
+
|
|
108
|
+
### 3. Dispatch / Remote Agents
|
|
109
|
+
|
|
110
|
+
Trigger Claude Code agents remotely for event-driven workflows.
|
|
111
|
+
|
|
112
|
+
**Dispatch patterns:**
|
|
113
|
+
|
|
114
|
+
```bash
|
|
115
|
+
# Trigger from CI/CD
|
|
116
|
+
curl -X POST "https://api.anthropic.com/dispatch" \
|
|
117
|
+
-H "Authorization: Bearer $ANTHROPIC_API_KEY" \
|
|
118
|
+
-d '{"prompt": "Build failed on main. Diagnose and fix.", "project": "/repo"}'
|
|
119
|
+
|
|
120
|
+
# Trigger from webhook
|
|
121
|
+
# GitHub webhook → dispatch → Claude agent → fix → PR
|
|
122
|
+
|
|
123
|
+
# Trigger from another agent
|
|
124
|
+
claude -p "Analyze the output of the security scan and create issues for findings"
|
|
125
|
+
```
|
|
126
|
+
|
|
127
|
+
### 4. Computer Use
|
|
128
|
+
|
|
129
|
+
Leverage Claude's computer-use MCP for physical world interaction.
|
|
130
|
+
|
|
131
|
+
**Capabilities:**
|
|
132
|
+
- Browser automation (navigate, click, fill forms, screenshot)
|
|
133
|
+
- Desktop control (open apps, type, mouse control)
|
|
134
|
+
- File system operations beyond CLI
|
|
135
|
+
|
|
136
|
+
**Use cases within the harness:**
|
|
137
|
+
- Automated testing of web UIs
|
|
138
|
+
- Form filling and data entry
|
|
139
|
+
- Screenshot-based monitoring
|
|
140
|
+
- Multi-app workflows
|
|
141
|
+
|
|
142
|
+
### 5. Task Queue
|
|
143
|
+
|
|
144
|
+
Manage a persistent queue of tasks that survive session boundaries.
|
|
145
|
+
|
|
146
|
+
**Implementation:**
|
|
147
|
+
|
|
148
|
+
```
|
|
149
|
+
# Task persistence via memory
|
|
150
|
+
Write task queue to ~/.claude/projects/*/memory/task-queue.md
|
|
151
|
+
|
|
152
|
+
# Task format
|
|
153
|
+
---
|
|
154
|
+
name: task-queue
|
|
155
|
+
type: project
|
|
156
|
+
description: Persistent task queue for autonomous operation
|
|
157
|
+
---
|
|
158
|
+
|
|
159
|
+
## Active Tasks
|
|
160
|
+
- [ ] PR #123: Review and approve if CI green
|
|
161
|
+
- [ ] Monitor deploy: check /health every 30 min for 2 hours
|
|
162
|
+
- [ ] Research: Find 5 leads in AI tooling space
|
|
163
|
+
|
|
164
|
+
## Completed
|
|
165
|
+
- [x] Daily standup: reviewed 3 PRs, 2 issues
|
|
166
|
+
```
|
|
167
|
+
|
|
168
|
+
## Replacing Hermes
|
|
169
|
+
|
|
170
|
+
| Hermes Component | ECC Equivalent | How |
|
|
171
|
+
|------------------|---------------|-----|
|
|
172
|
+
| Gateway/Router | Claude Code dispatch + crons | Scheduled tasks trigger agent sessions |
|
|
173
|
+
| Memory System | Claude memory + MCP memory server | Built-in persistence + knowledge graph |
|
|
174
|
+
| Tool Registry | MCP servers | Dynamically loaded tool providers |
|
|
175
|
+
| Orchestration | ECC skills + agents | Skill definitions direct agent behavior |
|
|
176
|
+
| Computer Use | computer-use MCP | Native browser and desktop control |
|
|
177
|
+
| Context Manager | Session management + memory | ECC 2.0 session lifecycle |
|
|
178
|
+
| Task Queue | Memory-persisted task list | TodoWrite + memory files |
|
|
179
|
+
|
|
180
|
+
## Setup Guide
|
|
181
|
+
|
|
182
|
+
### Step 1: Configure MCP Servers
|
|
183
|
+
|
|
184
|
+
Ensure these are in `~/.claude.json`:
|
|
185
|
+
|
|
186
|
+
```json
|
|
187
|
+
{
|
|
188
|
+
"mcpServers": {
|
|
189
|
+
"memory": {
|
|
190
|
+
"command": "npx",
|
|
191
|
+
"args": ["-y", "@anthropic/memory-mcp-server"]
|
|
192
|
+
},
|
|
193
|
+
"scheduled-tasks": {
|
|
194
|
+
"command": "npx",
|
|
195
|
+
"args": ["-y", "@anthropic/scheduled-tasks-mcp-server"]
|
|
196
|
+
},
|
|
197
|
+
"computer-use": {
|
|
198
|
+
"command": "npx",
|
|
199
|
+
"args": ["-y", "@anthropic/computer-use-mcp-server"]
|
|
200
|
+
}
|
|
201
|
+
}
|
|
202
|
+
}
|
|
203
|
+
```
|
|
204
|
+
|
|
205
|
+
### Step 2: Create Base Crons
|
|
206
|
+
|
|
207
|
+
```bash
|
|
208
|
+
# Daily morning briefing
|
|
209
|
+
claude -p "Create a scheduled task: every weekday at 9am, review my GitHub notifications, open PRs, and calendar. Write a morning briefing to memory."
|
|
210
|
+
|
|
211
|
+
# Continuous learning
|
|
212
|
+
claude -p "Create a scheduled task: every Sunday at 8pm, extract patterns from this week's sessions and update the learned skills."
|
|
213
|
+
```
|
|
214
|
+
|
|
215
|
+
### Step 3: Initialize Memory Graph
|
|
216
|
+
|
|
217
|
+
```bash
|
|
218
|
+
# Bootstrap your identity and context
|
|
219
|
+
claude -p "Create memory entities for: me (user profile), my projects, my key contacts. Add observations about current priorities."
|
|
220
|
+
```
|
|
221
|
+
|
|
222
|
+
### Step 4: Enable Computer Use (Optional)
|
|
223
|
+
|
|
224
|
+
Grant computer-use MCP the necessary permissions for browser and desktop control.
|
|
225
|
+
|
|
226
|
+
## Example Workflows
|
|
227
|
+
|
|
228
|
+
### Autonomous PR Reviewer
|
|
229
|
+
```
|
|
230
|
+
Cron: every 30 min during work hours
|
|
231
|
+
1. Check for new PRs on watched repos
|
|
232
|
+
2. For each new PR:
|
|
233
|
+
- Pull branch locally
|
|
234
|
+
- Run tests
|
|
235
|
+
- Review changes with code-reviewer agent
|
|
236
|
+
- Post review comments via GitHub MCP
|
|
237
|
+
3. Update memory with review status
|
|
238
|
+
```
|
|
239
|
+
|
|
240
|
+
### Personal Research Agent
|
|
241
|
+
```
|
|
242
|
+
Cron: daily at 6 AM
|
|
243
|
+
1. Check saved search queries in memory
|
|
244
|
+
2. Run Exa searches for each query
|
|
245
|
+
3. Summarize new findings
|
|
246
|
+
4. Compare against yesterday's results
|
|
247
|
+
5. Write digest to memory
|
|
248
|
+
6. Flag high-priority items for morning review
|
|
249
|
+
```
|
|
250
|
+
|
|
251
|
+
### Meeting Prep Agent
|
|
252
|
+
```
|
|
253
|
+
Trigger: 30 min before each calendar event
|
|
254
|
+
1. Read calendar event details
|
|
255
|
+
2. Search memory for context on attendees
|
|
256
|
+
3. Pull recent email/Slack threads with attendees
|
|
257
|
+
4. Prepare talking points and agenda suggestions
|
|
258
|
+
5. Write prep doc to memory
|
|
259
|
+
```
|
|
260
|
+
|
|
261
|
+
## Constraints
|
|
262
|
+
|
|
263
|
+
- Cron tasks run in isolated sessions — they don't share context with interactive sessions unless through memory.
|
|
264
|
+
- Computer use requires explicit permission grants. Don't assume access.
|
|
265
|
+
- Remote dispatch may have rate limits. Design crons with appropriate intervals.
|
|
266
|
+
- Memory files should be kept concise. Archive old data rather than letting files grow unbounded.
|
|
267
|
+
- Always verify that scheduled tasks completed successfully. Add error handling to cron prompts.
|