claude-code-workflow 6.3.22 → 6.3.24

package/.claude/skills/review-code/specs/rules/readability-rules.json

@@ -0,0 +1,60 @@
+{
+  "dimension": "readability",
+  "prefix": "READ",
+  "description": "Rules for detecting code readability issues including naming, complexity, and documentation",
+  "rules": [
+    {
+      "id": "long-function",
+      "category": "function-length",
+      "severity": "medium",
+      "pattern": "function\\s+\\w+\\s*\\([^)]*\\)\\s*\\{|=>\\s*\\{",
+      "patternType": "regex",
+      "lineThreshold": 50,
+      "description": "Functions longer than 50 lines are difficult to understand and maintain",
+      "recommendation": "Break down into smaller, focused functions. Each function should do one thing well",
+      "fixExample": "// Before - 100 line function\nfunction processData(data) {\n  // validation\n  // transformation\n  // calculation\n  // formatting\n  // output\n}\n\n// After - composed functions\nfunction processData(data) {\n  const validated = validateData(data);\n  const transformed = transformData(validated);\n  return formatOutput(calculateResults(transformed));\n}"
+    },
+    {
+      "id": "single-letter-variable",
+      "category": "naming",
+      "severity": "low",
+      "pattern": "(?:const|let|var)\\s+[a-z]\\s*=",
+      "patternType": "regex",
+      "negativePatterns": ["for\\s*\\(", "\\[\\w,\\s*\\w\\]", "catch\\s*\\(e\\)"],
+      "description": "Single letter variable names reduce code readability except in specific contexts (loop counters, catch)",
+      "recommendation": "Use descriptive names that convey the variable's purpose",
+      "fixExample": "// Before\nconst d = getData();\nconst r = d.map(x => x.value);\n\n// After\nconst userData = getData();\nconst userValues = userData.map(user => user.value);"
+    },
+    {
+      "id": "deep-nesting",
+      "category": "complexity",
+      "severity": "high",
+      "pattern": "\\{[^}]*\\{[^}]*\\{[^}]*\\{",
+      "patternType": "regex",
+      "description": "Deeply nested code (4+ levels) is hard to follow and maintain",
+      "recommendation": "Use early returns, extract functions, or flatten conditionals",
+      "fixExample": "// Before\nif (user) {\n  if (user.permissions) {\n    if (user.permissions.canEdit) {\n      if (document.isEditable) {\n        // do work\n      }\n    }\n  }\n}\n\n// After\nif (!user?.permissions?.canEdit) return;\nif (!document.isEditable) return;\n// do work"
+    },
+    {
+      "id": "magic-number",
+      "category": "magic-value",
+      "severity": "low",
+      "pattern": "[^\\d]\\d{2,}[^\\d]|setTimeout\\s*\\([^,]+,\\s*\\d{4,}\\)",
+      "patternType": "regex",
+      "negativePatterns": ["const", "let", "enum", "0x", "100", "1000"],
+      "description": "Magic numbers without explanation make code hard to understand",
+      "recommendation": "Extract magic numbers into named constants with descriptive names",
+      "fixExample": "// Before\nif (status === 403) { ... }\nsetTimeout(callback, 86400000);\n\n// After\nconst HTTP_FORBIDDEN = 403;\nconst ONE_DAY_MS = 24 * 60 * 60 * 1000;\nif (status === HTTP_FORBIDDEN) { ... }\nsetTimeout(callback, ONE_DAY_MS);"
+    },
+    {
+      "id": "commented-code",
+      "category": "dead-code",
+      "severity": "low",
+      "pattern": "//\\s*(const|let|var|function|if|for|while|return)\\s+",
+      "patternType": "regex",
+      "description": "Commented-out code adds noise and should be removed. Use version control for history",
+      "recommendation": "Remove commented code. If needed for reference, add a comment explaining why with a link to relevant commit/issue",
+      "fixExample": "// Before\n// function oldImplementation() { ... }\n// const legacyConfig = {...};\n\n// After\n// See PR #123 for previous implementation\n// removed 2024-01-01"
+    }
+  ]
+}

package/.claude/skills/review-code/specs/rules/security-rules.json

@@ -0,0 +1,58 @@
+{
+  "dimension": "security",
+  "prefix": "SEC",
+  "description": "Rules for detecting security vulnerabilities including XSS, injection, and credential exposure",
+  "rules": [
+    {
+      "id": "xss-innerHTML",
+      "category": "xss-risk",
+      "severity": "critical",
+      "pattern": "innerHTML\\s*=|dangerouslySetInnerHTML",
+      "patternType": "includes",
+      "description": "Direct HTML injection via innerHTML or dangerouslySetInnerHTML can lead to XSS vulnerabilities",
+      "recommendation": "Use textContent for plain text, or sanitize HTML input using a library like DOMPurify before injection",
+      "fixExample": "// Before\nelement.innerHTML = userInput;\n<div dangerouslySetInnerHTML={{__html: data}} />\n\n// After\nelement.textContent = userInput;\n// or\nimport DOMPurify from 'dompurify';\nelement.innerHTML = DOMPurify.sanitize(userInput);"
+    },
+    {
+      "id": "hardcoded-secret",
+      "category": "hardcoded-secret",
+      "severity": "critical",
+      "pattern": "(?:password|secret|api[_-]?key|token|credential)\\s*[=:]\\s*['\"][^'\"]{8,}['\"]",
+      "patternType": "regex",
+      "caseInsensitive": true,
+      "description": "Hardcoded credentials detected in source code. This is a security risk if code is exposed",
+      "recommendation": "Use environment variables, secret management services, or configuration files excluded from version control",
+      "fixExample": "// Before\nconst apiKey = 'sk-1234567890abcdef';\n\n// After\nconst apiKey = process.env.API_KEY;\n// or\nconst apiKey = await getSecretFromVault('api-key');"
+    },
+    {
+      "id": "sql-injection",
+      "category": "injection",
+      "severity": "critical",
+      "pattern": "query\\s*\\(\\s*[`'\"].*\\$\\{|execute\\s*\\(\\s*[`'\"].*\\+",
+      "patternType": "regex",
+      "description": "String concatenation or template literals in SQL queries can lead to SQL injection",
+      "recommendation": "Use parameterized queries or prepared statements with placeholders",
+      "fixExample": "// Before\ndb.query(`SELECT * FROM users WHERE id = ${userId}`);\n\n// After\ndb.query('SELECT * FROM users WHERE id = ?', [userId]);\n// or\ndb.query('SELECT * FROM users WHERE id = $1', [userId]);"
+    },
+    {
+      "id": "command-injection",
+      "category": "injection",
+      "severity": "critical",
+      "pattern": "exec\\s*\\(|execSync\\s*\\(|spawn\\s*\\([^,]*\\+|child_process",
+      "patternType": "regex",
+      "description": "Command execution with user input can lead to command injection attacks",
+      "recommendation": "Validate and sanitize input, use parameterized commands, or avoid shell execution entirely",
+      "fixExample": "// Before\nexec(`ls ${userInput}`);\n\n// After\nexecFile('ls', [sanitizedInput], options);\n// or use spawn with {shell: false}"
+    },
+    {
+      "id": "insecure-random",
+      "category": "cryptography",
+      "severity": "high",
+      "pattern": "Math\\.random\\(\\)",
+      "patternType": "includes",
+      "description": "Math.random() is not cryptographically secure and should not be used for security-sensitive operations",
+      "recommendation": "Use crypto.randomBytes() or crypto.getRandomValues() for security-critical random generation",
+      "fixExample": "// Before\nconst token = Math.random().toString(36);\n\n// After\nimport crypto from 'crypto';\nconst token = crypto.randomBytes(32).toString('hex');"
+    }
+  ]
+}

package/.claude/skills/review-code/specs/rules/testing-rules.json

@@ -0,0 +1,59 @@
+{
+  "dimension": "testing",
+  "prefix": "TEST",
+  "description": "Rules for detecting testing issues including coverage gaps, test quality, and mock usage",
+  "rules": [
+    {
+      "id": "missing-assertion",
+      "category": "test-quality",
+      "severity": "high",
+      "pattern": "(?:it|test)\\s*\\([^)]+,\\s*(?:async\\s*)?\\(\\)\\s*=>\\s*\\{[^}]*\\}\\s*\\)",
+      "patternType": "regex",
+      "negativePatterns": ["expect", "assert", "should", "toBe", "toEqual"],
+      "description": "Test case without assertions always passes and provides no value",
+      "recommendation": "Add assertions to verify expected behavior. Each test should have at least one meaningful assertion",
+      "fixExample": "// Before\nit('should process data', async () => {\n  await processData(input);\n});\n\n// After\nit('should process data', async () => {\n  const result = await processData(input);\n  expect(result.success).toBe(true);\n  expect(result.data).toHaveLength(3);\n});"
+    },
+    {
+      "id": "hardcoded-test-data",
+      "category": "test-maintainability",
+      "severity": "low",
+      "pattern": "expect\\s*\\([^)]+\\)\\.toBe\\s*\\(['\"][^'\"]{20,}['\"]\\)",
+      "patternType": "regex",
+      "description": "Long hardcoded strings in assertions are brittle and hard to maintain",
+      "recommendation": "Use snapshots for large outputs, or extract expected values to test fixtures",
+      "fixExample": "// Before\nexpect(result).toBe('very long expected string that is hard to maintain...');\n\n// After\nexpect(result).toMatchSnapshot();\n// or\nconst expected = loadFixture('expected-output.json');\nexpect(result).toEqual(expected);"
+    },
+    {
+      "id": "no-error-test",
+      "category": "coverage-gap",
+      "severity": "medium",
+      "pattern": "describe\\s*\\([^)]+",
+      "patternType": "regex",
+      "negativePatterns": ["throw", "reject", "error", "fail", "catch"],
+      "description": "Test suite may be missing error path testing. Error handling is critical for reliability",
+      "recommendation": "Add tests for error cases: invalid input, network failures, edge cases",
+      "fixExample": "// Add error path tests\nit('should throw on invalid input', () => {\n  expect(() => processData(null)).toThrow('Invalid input');\n});\n\nit('should handle network failure', async () => {\n  mockApi.mockRejectedValue(new Error('Network error'));\n  await expect(fetchData()).rejects.toThrow('Network error');\n});"
+    },
+    {
+      "id": "test-implementation-detail",
+      "category": "test-quality",
+      "severity": "medium",
+      "pattern": "toHaveBeenCalledWith|toHaveBeenCalledTimes",
+      "patternType": "includes",
+      "description": "Testing implementation details (call counts, exact parameters) makes tests brittle to refactoring",
+      "recommendation": "Prefer testing observable behavior and outcomes over internal implementation",
+      "fixExample": "// Before - brittle\nexpect(mockService.process).toHaveBeenCalledTimes(3);\nexpect(mockService.process).toHaveBeenCalledWith('exact-arg');\n\n// After - behavior-focused\nexpect(result.items).toHaveLength(3);\nexpect(result.processed).toBe(true);"
+    },
+    {
+      "id": "skip-test",
+      "category": "test-coverage",
+      "severity": "high",
+      "pattern": "it\\.skip|test\\.skip|xit|xdescribe|describe\\.skip",
+      "patternType": "regex",
+      "description": "Skipped tests indicate untested code paths or broken functionality",
+      "recommendation": "Fix or remove skipped tests. If temporarily skipped, add TODO comment with issue reference",
+      "fixExample": "// Before\nit.skip('should handle edge case', () => { ... });\n\n// After - either fix it\nit('should handle edge case', () => {\n  // fixed implementation\n});\n\n// Or document why skipped\n// TODO(#123): Re-enable after API migration\nit.skip('should handle edge case', () => { ... });"
+    }
+  ]
+}

package/.claude/skills/review-code/templates/issue-template.md

@@ -0,0 +1,186 @@
+# Issue Template
+
+问题记录模板。
+
+## Single Issue Template
+
+```markdown
+#### {{severity_emoji}} [{{id}}] {{category}}
+
+- **严重程度**: {{severity}}
+- **维度**: {{dimension}}
+- **文件**: `{{file}}`{{#if line}}:{{line}}{{/if}}
+- **描述**: {{description}}
+
+{{#if code_snippet}}
+**问题代码**:
+```{{language}}
+{{code_snippet}}
+```
+{{/if}}
+
+**建议**: {{recommendation}}
+
+{{#if fix_example}}
+**修复示例**:
+```{{language}}
+{{fix_example}}
+```
+{{/if}}
+
+{{#if references}}
+**参考资料**:
+{{#each references}}
+- {{this}}
+{{/each}}
+{{/if}}
+```
+
+## Issue Object Schema
+
+```typescript
+interface Issue {
+  id: string;           // e.g., "SEC-001"
+  severity: 'critical' | 'high' | 'medium' | 'low' | 'info';
+  dimension: string;    // e.g., "security"
+  category: string;     // e.g., "xss-risk"
+  file: string;         // e.g., "src/utils/render.ts"
+  line?: number;        // e.g., 42
+  column?: number;      // e.g., 15
+  code_snippet?: string;
+  description: string;
+  recommendation: string;
+  fix_example?: string;
+  references?: string[];
+}
+```
+
+## ID Generation
+
+```javascript
+function generateIssueId(dimension, counter) {
+  const prefixes = {
+    correctness: 'CORR',
+    readability: 'READ',
+    performance: 'PERF',
+    security: 'SEC',
+    testing: 'TEST',
+    architecture: 'ARCH'
+  };
+  
+  const prefix = prefixes[dimension] || 'MISC';
+  const number = String(counter).padStart(3, '0');
+  
+  return `${prefix}-${number}`;
+}
+```
+
+## Severity Emojis
+
+```javascript
+const SEVERITY_EMOJI = {
+  critical: '🔴',
+  high: '🟠',
+  medium: '🟡',
+  low: '🔵',
+  info: '⚪'
+};
+```
+
+## Issue Categories by Dimension
+
+### Correctness
+- `null-check` - 缺少空值检查
+- `boundary` - 边界条件未处理
+- `error-handling` - 错误处理不当
+- `type-safety` - 类型安全问题
+- `logic-error` - 逻辑错误
+- `resource-leak` - 资源泄漏
+
+### Security
+- `injection` - 注入风险
+- `xss` - 跨站脚本
+- `hardcoded-secret` - 硬编码密钥
+- `auth` - 认证授权
+- `sensitive-data` - 敏感数据
+
+### Performance
+- `complexity` - 复杂度问题
+- `n+1-query` - N+1 查询
+- `memory-leak` - 内存泄漏
+- `blocking-io` - 阻塞 I/O
+- `inefficient-algorithm` - 低效算法
+
+### Readability
+- `naming` - 命名问题
+- `function-length` - 函数过长
+- `nesting-depth` - 嵌套过深
+- `comments` - 注释问题
+- `duplication` - 代码重复
+
+### Testing
+- `coverage` - 覆盖不足
+- `boundary-test` - 缺少边界测试
+- `test-isolation` - 测试不独立
+- `flaky-test` - 不稳定测试
+
+### Architecture
+- `layer-violation` - 层次违规
+- `circular-dependency` - 循环依赖
+- `coupling` - 耦合过紧
+- `srp-violation` - 单一职责违规
+
+## Example Issues
+
+### Critical Security Issue
+
+```json
+{
+  "id": "SEC-001",
+  "severity": "critical",
+  "dimension": "security",
+  "category": "xss",
+  "file": "src/components/Comment.tsx",
+  "line": 25,
+  "code_snippet": "element.innerHTML = userComment;",
+  "description": "直接使用 innerHTML 插入用户输入，存在 XSS 攻击风险",
+  "recommendation": "使用 textContent 或对用户输入进行 HTML 转义",
+  "fix_example": "element.textContent = userComment;\n// 或\nelement.innerHTML = DOMPurify.sanitize(userComment);",
+  "references": [
+    "https://owasp.org/www-community/xss-filter-evasion-cheatsheet"
+  ]
+}
+```
+
+### High Correctness Issue
+
+```json
+{
+  "id": "CORR-003",
+  "severity": "high",
+  "dimension": "correctness",
+  "category": "error-handling",
+  "file": "src/services/api.ts",
+  "line": 42,
+  "code_snippet": "try {\n  await fetchData();\n} catch (e) {}",
+  "description": "空的 catch 块会静默吞掉错误，导致问题难以发现和调试",
+  "recommendation": "记录错误日志或重新抛出异常",
+  "fix_example": "try {\n  await fetchData();\n} catch (e) {\n  console.error('Failed to fetch data:', e);\n  throw e;\n}"
+}
+```
+
+### Medium Readability Issue
+
+```json
+{
+  "id": "READ-007",
+  "severity": "medium",
+  "dimension": "readability",
+  "category": "function-length",
+  "file": "src/utils/processor.ts",
+  "line": 15,
+  "description": "函数 processData 有 150 行，超过推荐的 50 行限制，难以理解和维护",
+  "recommendation": "将函数拆分为多个小函数，每个函数负责单一职责",
+  "fix_example": "// 拆分为:\nfunction validateInput(data) { ... }\nfunction transformData(data) { ... }\nfunction saveData(data) { ... }"
+}
+```

package/.claude/skills/review-code/templates/review-report.md

@@ -0,0 +1,173 @@
+# Review Report Template
+
+审查报告模板。
+
+## Template Structure
+
+```markdown
+# Code Review Report
+
+## 审查概览
+
+| 项目 | 值 |
+|------|------|
+| 目标路径 | `{{target_path}}` |
+| 文件数量 | {{file_count}} |
+| 代码行数 | {{total_lines}} |
+| 主要语言 | {{language}} |
+| 框架 | {{framework}} |
+| 审查时间 | {{review_duration}} |
+
+## 问题统计
+
+| 严重程度 | 数量 |
+|----------|------|
+| 🔴 Critical | {{critical_count}} |
+| 🟠 High | {{high_count}} |
+| 🟡 Medium | {{medium_count}} |
+| 🔵 Low | {{low_count}} |
+| ⚪ Info | {{info_count}} |
+| **总计** | **{{total_issues}}** |
+
+### 按维度统计
+
+| 维度 | 问题数 |
+|------|--------|
+| Correctness (正确性) | {{correctness_count}} |
+| Security (安全性) | {{security_count}} |
+| Performance (性能) | {{performance_count}} |
+| Readability (可读性) | {{readability_count}} |
+| Testing (测试) | {{testing_count}} |
+| Architecture (架构) | {{architecture_count}} |
+
+---
+
+## 高风险区域
+
+{{#if risk_areas}}
+| 文件 | 原因 | 优先级 |
+|------|------|--------|
+{{#each risk_areas}}
+| `{{this.file}}` | {{this.reason}} | {{this.priority}} |
+{{/each}}
+{{else}}
+未发现明显的高风险区域。
+{{/if}}
+
+---
+
+## 问题详情
+
+{{#each dimensions}}
+### {{this.name}}
+
+{{#each this.findings}}
+#### {{severity_emoji this.severity}} [{{this.id}}] {{this.category}}
+
+- **严重程度**: {{this.severity}}
+- **文件**: `{{this.file}}`{{#if this.line}}:{{this.line}}{{/if}}
+- **描述**: {{this.description}}
+
+{{#if this.code_snippet}}
+```
+{{this.code_snippet}}
+```
+{{/if}}
+
+**建议**: {{this.recommendation}}
+
+{{#if this.fix_example}}
+**修复示例**:
+```
+{{this.fix_example}}
+```
+{{/if}}
+
+---
+
+{{/each}}
+{{/each}}
+
+## 审查建议
+
+### 必须修复 (Must Fix)
+
+{{must_fix_summary}}
+
+### 建议改进 (Should Fix)
+
+{{should_fix_summary}}
+
+### 可选优化 (Nice to Have)
+
+{{nice_to_have_summary}}
+
+---
+
+*报告生成时间: {{generated_at}}*
+```
+
+## Variable Definitions
+
+| Variable | Type | Source |
+|----------|------|--------|
+| `{{target_path}}` | string | state.context.target_path |
+| `{{file_count}}` | number | state.context.file_count |
+| `{{total_lines}}` | number | state.context.total_lines |
+| `{{language}}` | string | state.context.language |
+| `{{framework}}` | string | state.context.framework |
+| `{{review_duration}}` | string | Formatted duration |
+| `{{critical_count}}` | number | Count of critical findings |
+| `{{high_count}}` | number | Count of high findings |
+| `{{medium_count}}` | number | Count of medium findings |
+| `{{low_count}}` | number | Count of low findings |
+| `{{info_count}}` | number | Count of info findings |
+| `{{total_issues}}` | number | Total findings |
+| `{{risk_areas}}` | array | state.scan_summary.risk_areas |
+| `{{dimensions}}` | array | Grouped findings by dimension |
+| `{{generated_at}}` | string | ISO timestamp |
+
+## Helper Functions
+
+```javascript
+function severity_emoji(severity) {
+  const emojis = {
+    critical: '🔴',
+    high: '🟠',
+    medium: '🟡',
+    low: '🔵',
+    info: '⚪'
+  };
+  return emojis[severity] || '⚪';
+}
+
+function formatDuration(ms) {
+  const minutes = Math.floor(ms / 60000);
+  const seconds = Math.floor((ms % 60000) / 1000);
+  return `${minutes}分${seconds}秒`;
+}
+
+function generateMustFixSummary(findings) {
+  const critical = findings.filter(f => f.severity === 'critical');
+  const high = findings.filter(f => f.severity === 'high');
+  
+  if (critical.length + high.length === 0) {
+    return '未发现必须立即修复的问题。';
+  }
+  
+  return `发现 ${critical.length} 个严重问题和 ${high.length} 个高优先级问题，建议在合并前修复。`;
+}
+```
+
+## Usage Example
+
+```javascript
+const report = generateReport({
+  context: state.context,
+  summary: state.summary,
+  findings: state.findings,
+  scanSummary: state.scan_summary
+});
+
+Write(`${workDir}/review-report.md`, report);
+```

package/.claude/skills/skill-generator/SKILL.md

@@ -15,6 +15,9 @@ Meta-skill for creating new Claude Code skills with configurable execution modes
 │  Skill Generator Architecture                                    │
 ├─────────────────────────────────────────────────────────────────┤
 │                                                                  │
+│  ⚠️ Phase 0: Specification  → 阅读并理解设计规范 (强制前置)      │
+│              Study              SKILL-DESIGN-SPEC.md + 模板     │
+│           ↓                                                      │
 │  Phase 1: Requirements    → skill-config.json                   │
 │           Discovery           (name, type, mode, agents)        │
 │           ↓                                                      │
@@ -82,10 +85,63 @@ Phase 01 → Phase 02 → Phase 03 → ... → Phase N
 3. **规范遵循**: 严格遵循 `_shared/SKILL-DESIGN-SPEC.md`
 4. **可扩展性**: 生成的 Skill 易于扩展和修改
 
+---
+
+## ⚠️ Mandatory Prerequisites (强制前置条件)
+
+> **⛔ 禁止跳过**: 在执行任何生成操作之前，**必须**完整阅读以下文档。未阅读规范直接生成将导致输出不符合质量标准。
+
+### 核心规范 (必读)
+
+| Document | Purpose | Priority |
+|----------|---------|----------|
+| [../_shared/SKILL-DESIGN-SPEC.md](../_shared/SKILL-DESIGN-SPEC.md) | 通用设计规范 - 定义所有 Skill 的结构、命名、质量标准 | **P0 - 最高** |
+
+### 模板文件 (生成前必读)
+
+| Document | Purpose |
+|----------|---------|
+| [templates/skill-md.md](templates/skill-md.md) | SKILL.md 入口文件模板 |
+| [templates/sequential-phase.md](templates/sequential-phase.md) | Sequential Phase 模板 |
+| [templates/autonomous-orchestrator.md](templates/autonomous-orchestrator.md) | Autonomous 编排器模板 |
+| [templates/autonomous-action.md](templates/autonomous-action.md) | Autonomous Action 模板 |
+| [templates/code-analysis-action.md](templates/code-analysis-action.md) | 代码分析 Action 模板 |
+| [templates/llm-action.md](templates/llm-action.md) | LLM Action 模板 |
+| [templates/script-bash.md](templates/script-bash.md) | Bash 脚本模板 |
+| [templates/script-python.md](templates/script-python.md) | Python 脚本模板 |
+
+### 规范文档 (按需阅读)
+
+| Document | Purpose |
+|----------|---------|
+| [specs/execution-modes.md](specs/execution-modes.md) | 执行模式规范 |
+| [specs/skill-requirements.md](specs/skill-requirements.md) | Skill 需求规范 |
+| [specs/cli-integration.md](specs/cli-integration.md) | CLI 集成规范 |
+| [specs/scripting-integration.md](specs/scripting-integration.md) | 脚本集成规范 |
+
+### Phase 执行指南 (执行时参考)
+
+| Document | Purpose |
+|----------|---------|
+| [phases/01-requirements-discovery.md](phases/01-requirements-discovery.md) | 收集 Skill 需求 |
+| [phases/02-structure-generation.md](phases/02-structure-generation.md) | 生成目录结构 |
+| [phases/03-phase-generation.md](phases/03-phase-generation.md) | 生成 Phase 文件 |
+| [phases/04-specs-templates.md](phases/04-specs-templates.md) | 生成规范和模板 |
+| [phases/05-validation.md](phases/05-validation.md) | 验证和文档 |
+
+---
+
 ## Execution Flow
 
 ```
 ┌─────────────────────────────────────────────────────────────────┐
+│  ⚠️ Phase 0: Specification Study (强制前置 - 禁止跳过)           │
+│  → Read: ../_shared/SKILL-DESIGN-SPEC.md (通用设计规范)         │
+│  → Read: templates/*.md (所有相关模板文件)                       │
+│  → 理解: Skill 结构规范、命名约定、质量标准                      │
+│  → Output: 内化规范要求，确保后续生成符合标准                    │
+│  ⛔ 未完成 Phase 0 禁止进入 Phase 1                              │
+├─────────────────────────────────────────────────────────────────┤
 │  Phase 1: Requirements Discovery                                 │
 │  → AskUserQuestion: Skill 名称、目标、执行模式                   │
 │  → Output: skill-config.json                                    │
@@ -168,20 +224,3 @@ if (config.execution_mode === 'autonomous') {
     ├── orchestrator-base.md     # 编排器模板
     └── action-base.md           # 动作模板
 ```
-
-## Reference Documents
-
-| Document | Purpose |
-|----------|---------|
-| [phases/01-requirements-discovery.md](phases/01-requirements-discovery.md) | 收集 Skill 需求 |
-| [phases/02-structure-generation.md](phases/02-structure-generation.md) | 生成目录结构 |
-| [phases/03-phase-generation.md](phases/03-phase-generation.md) | 生成 Phase 文件 |
-| [phases/04-specs-templates.md](phases/04-specs-templates.md) | 生成规范和模板 |
-| [phases/05-validation.md](phases/05-validation.md) | 验证和文档 |
-| [specs/execution-modes.md](specs/execution-modes.md) | 执行模式规范 |
-| [specs/skill-requirements.md](specs/skill-requirements.md) | Skill 需求规范 |
-| [templates/skill-md.md](templates/skill-md.md) | SKILL.md 模板 |
-| [templates/sequential-phase.md](templates/sequential-phase.md) | Sequential Phase 模板 |
-| [templates/autonomous-orchestrator.md](templates/autonomous-orchestrator.md) | Autonomous 编排器模板 |
-| [templates/autonomous-action.md](templates/autonomous-action.md) | Autonomous Action 模板 |
-| [../_shared/SKILL-DESIGN-SPEC.md](../_shared/SKILL-DESIGN-SPEC.md) | 通用设计规范 |

package/.claude/skills/skill-generator/templates/autonomous-orchestrator.md

@@ -2,6 +2,16 @@
 
 自主模式编排器的模板。
 
+## ⚠️ 重要提示
+
+> **Phase 0 是强制前置阶段**：在 Orchestrator 启动执行循环之前，必须先完成 Phase 0 的规范研读。
+>
+> 生成 Orchestrator 时，需要确保：
+> 1. SKILL.md 中已包含 Phase 0 规范研读步骤
+> 2. Orchestrator 启动前验证规范已阅读
+> 3. 所有 Action 文件都引用相关的规范文档
+> 4. Architecture Overview 中 Phase 0 位于 Orchestrator 之前
+
 ## 模板结构
 
 ```markdown

package/.claude/skills/skill-generator/templates/sequential-phase.md

@@ -2,6 +2,15 @@
 
 顺序模式 Phase 文件的模板。
 
+## ⚠️ 重要提示
+
+> **Phase 0 是强制前置阶段**：在实现任何 Phase (1, 2, 3...) 之前，必须先完成 Phase 0 的规范研读。
+>
+> 生成 Sequential Phase 时，需要确保：
+> 1. SKILL.md 中已包含 Phase 0 规范研读步骤
+> 2. 每个 Phase 文件都引用相关的规范文档
+> 3. 执行流程明确标注 Phase 0 为禁止跳过的前置步骤
+
 ## 模板结构
 
 ```markdown