npm - claude-code-workflow - Versions diffs - 6.3.22 → 6.3.24 - Mend

claude-code-workflow 6.3.22 → 6.3.24

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (42) hide show

package/.claude/skills/skill-generator/templates/skill-md.md CHANGED Viewed

@@ -36,6 +36,16 @@ allowed-tools: {{allowed_tools}}
 {{design_principles}}
+---
+## ⚠️ Mandatory Prerequisites (强制前置条件)
+> **⛔ 禁止跳过**: 在执行任何操作之前，**必须**完整阅读以下文档。未阅读规范直接执行将导致输出不符合质量标准。
+{{mandatory_prerequisites}}
+---
 ## Execution Flow
 {{execution_flow}}
@@ -71,9 +81,10 @@ Bash(\`mkdir -p "\${workDir}"\`);
 | `{{description}}` | string | config.description |
 | `{{triggers}}` | string | config.triggers.join(", ") |
 | `{{allowed_tools}}` | string | config.allowed_tools.join(", ") |
-| `{{architecture_diagram}}` | string | 根据 execution_mode 生成 |
+| `{{architecture_diagram}}` | string | 根据 execution_mode 生成 (包含 Phase 0) |
 | `{{design_principles}}` | string | 根据 execution_mode 生成 |
-| `{{execution_flow}}` | string | 根据 phases/actions 生成 |
+| `{{mandatory_prerequisites}}` | string | 强制前置阅读文档列表 (specs + templates) |
+| `{{execution_flow}}` | string | 根据 phases/actions 生成 (Phase 0 在最前) |
 | `{{output_location}}` | string | config.output.location |
 | `{{additional_dirs}}` | string | 根据 execution_mode 生成 |
 | `{{output_structure}}` | string | 根据配置生成 |
@@ -84,21 +95,48 @@ Bash(\`mkdir -p "\${workDir}"\`);
 ```javascript
 function generateSkillMd(config) {
   const template = Read('templates/skill-md.md');
   return template
     .replace(/\{\{skill_name\}\}/g, config.skill_name)
     .replace(/\{\{display_name\}\}/g, config.display_name)
     .replace(/\{\{description\}\}/g, config.description)
     .replace(/\{\{triggers\}\}/g, config.triggers.map(t => `"${t}"`).join(", "))
     .replace(/\{\{allowed_tools\}\}/g, config.allowed_tools.join(", "))
-    .replace(/\{\{architecture_diagram\}\}/g, generateArchitecture(config))
+    .replace(/\{\{architecture_diagram\}\}/g, generateArchitecture(config))  // 包含 Phase 0
     .replace(/\{\{design_principles\}\}/g, generatePrinciples(config))
-    .replace(/\{\{execution_flow\}\}/g, generateFlow(config))
+    .replace(/\{\{mandatory_prerequisites\}\}/g, generatePrerequisites(config))  // 强制前置条件
+    .replace(/\{\{execution_flow\}\}/g, generateFlow(config))  // Phase 0 在最前
     .replace(/\{\{output_location\}\}/g, config.output.location)
     .replace(/\{\{additional_dirs\}\}/g, generateAdditionalDirs(config))
     .replace(/\{\{output_structure\}\}/g, generateOutputStructure(config))
     .replace(/\{\{reference_table\}\}/g, generateReferenceTable(config));
 }
+// 生成强制前置条件表格
+function generatePrerequisites(config) {
+  const specs = config.specs || [];
+  const templates = config.templates || [];
+  let result = '### 规范文档 (必读)\n\n';
+  result += '| Document | Purpose | Priority |\n';
+  result += '|----------|---------|----------|\n';
+  specs.forEach((spec, index) => {
+    const priority = index === 0 ? '**P0 - 最高**' : 'P1';
+    result += `| [${spec.path}](${spec.path}) | ${spec.purpose} | ${priority} |\n`;
+  });
+  if (templates.length > 0) {
+    result += '\n### 模板文件 (生成前必读)\n\n';
+    result += '| Document | Purpose |\n';
+    result += '|----------|---------|\n';
+    templates.forEach(tmpl => {
+      result += `| [${tmpl.path}](${tmpl.path}) | ${tmpl.purpose} |\n`;
+    });
+  }
+  return result;
+}
 ```
 ## Sequential 模式示例
@@ -118,6 +156,9 @@ Generate API documentation from source code.
 \`\`\`
 ┌─────────────────────────────────────────────────────────────────┐
+│  ⚠️ Phase 0: Specification  → 阅读并理解设计规范 (强制前置)      │
+│              Study                                               │
+│           ↓                                                      │
 │  Phase 1: Scanning        → endpoints.json                      │
 │           ↓                                                      │
 │  Phase 2: Parsing         → schemas.json                        │
@@ -125,6 +166,22 @@ Generate API documentation from source code.
 │  Phase 3: Generation      → api-docs.md                         │
 └─────────────────────────────────────────────────────────────────┘
 \`\`\`
+## ⚠️ Mandatory Prerequisites (强制前置条件)
+> **⛔ 禁止跳过**: 在执行任何操作之前，**必须**完整阅读以下文档。
+### 规范文档 (必读)
+| Document | Purpose | Priority |
+|----------|---------|----------|
+| [specs/api-standards.md](specs/api-standards.md) | API 文档标准规范 | **P0 - 最高** |
+### 模板文件 (生成前必读)
+| Document | Purpose |
+|----------|---------|
+| [templates/endpoint-doc.md](templates/endpoint-doc.md) | 端点文档模板 |
 ```
 ## Autonomous 模式示例
@@ -144,6 +201,10 @@ Interactive task management with CRUD operations.
 \`\`\`
 ┌─────────────────────────────────────────────────────────────────┐
+│  ⚠️ Phase 0: Specification Study (强制前置)                       │
+└───────────────┬─────────────────────────────────────────────────┘
+                ↓
+┌─────────────────────────────────────────────────────────────────┐
 │           Orchestrator (状态驱动决策)                             │
 └───────────────┬─────────────────────────────────────────────────┘
                 │
@@ -153,4 +214,22 @@ Interactive task management with CRUD operations.
 │ List  │  │Create │  │ Edit  │  │Delete │
 └───────┘  └───────┘  └───────┘  └───────┘
 \`\`\`
+## ⚠️ Mandatory Prerequisites (强制前置条件)
+> **⛔ 禁止跳过**: 在执行任何操作之前，**必须**完整阅读以下文档。
+### 规范文档 (必读)
+| Document | Purpose | Priority |
+|----------|---------|----------|
+| [specs/task-schema.md](specs/task-schema.md) | 任务数据结构规范 | **P0 - 最高** |
+| [specs/action-catalog.md](specs/action-catalog.md) | 动作目录 | P1 |
+### 模板文件 (生成前必读)
+| Document | Purpose |
+|----------|---------|
+| [templates/orchestrator-base.md](templates/orchestrator-base.md) | 编排器模板 |
+| [templates/action-base.md](templates/action-base.md) | 动作模板 |
 ```

package/.claude/workflows/cli-templates/schemas/solution-schema.json CHANGED Viewed

@@ -7,9 +7,9 @@
   "properties": {
     "id": {
       "type": "string",
-      "description": "Unique solution identifier: SOL-{issue-id}-{seq}",
-      "pattern": "^SOL-.+-[0-9]+$",
-      "examples": ["SOL-GH-123-1", "SOL-ISS-20251229-1"]
+      "description": "Unique solution identifier: SOL-{issue-id}-{4-char-uid} where uid is 4 alphanumeric chars",
+      "pattern": "^SOL-.+-[a-z0-9]{4}$",
+      "examples": ["SOL-GH-123-a7x9", "SOL-ISS-20251229-001-b2k4"]
     },
     "description": {
       "type": "string",

package/ccw/src/templates/dashboard-js/views/issue-manager.js CHANGED Viewed

@@ -338,6 +338,14 @@ function renderIssueCard(issue) {
             ${t('issues.boundSolution') || 'Bound'}
           </span>
         ` : ''}
+        ${issue.github_url ? `
+          <a href="${issue.github_url}" target="_blank" rel="noopener noreferrer"
+             class="flex items-center gap-1 text-muted-foreground hover:text-foreground transition-colors"
+             onclick="event.stopPropagation()" title="View on GitHub">
+            <i data-lucide="github" class="w-3.5 h-3.5"></i>
+            ${issue.github_number ? `#${issue.github_number}` : 'GitHub'}
+          </a>
+        ` : ''}
       </div>
     </div>
   `;

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "claude-code-workflow",
-  "version": "6.3.22",
+  "version": "6.3.24",
   "description": "JSON-driven multi-agent development framework with intelligent CLI orchestration (Gemini/Qwen/Codex), context-first architecture, and automated workflow execution",
   "type": "module",
   "main": "ccw/src/index.js",

package/.claude/skills/code-reviewer/README.md DELETED Viewed

@@ -1,340 +0,0 @@
-# Code Reviewer Skill
-A comprehensive code review skill for identifying security vulnerabilities and best practices violations.
-## Overview
-The **code-reviewer** skill provides automated code review capabilities covering:
-- **Security Analysis**: OWASP Top 10, CWE Top 25, language-specific vulnerabilities
-- **Code Quality**: Naming conventions, complexity, duplication, dead code
-- **Performance**: N+1 queries, inefficient algorithms, memory leaks
-- **Maintainability**: Documentation, test coverage, dependency health
-## Quick Start
-### Basic Usage
-```bash
-# Review entire codebase
-/code-reviewer
-# Review specific directory
-/code-reviewer --scope src/auth
-# Focus on security only
-/code-reviewer --focus security
-# Focus on best practices only
-/code-reviewer --focus best-practices
-```
-### Advanced Options
-```bash
-# Review with custom severity threshold
-/code-reviewer --severity critical,high
-# Review specific file types
-/code-reviewer --languages typescript,python
-# Generate detailed report
-/code-reviewer --report-level detailed
-# Resume from previous session
-/code-reviewer --resume
-```
-## Features
-### Security Analysis
-✅ **OWASP Top 10 2021 Coverage**
-- Injection vulnerabilities (SQL, Command, XSS)
-- Authentication & authorization flaws
-- Sensitive data exposure
-- Security misconfiguration
-- And more...
-✅ **CWE Top 25 Coverage**
-- Cross-site scripting (CWE-79)
-- SQL injection (CWE-89)
-- Command injection (CWE-78)
-- Input validation (CWE-20)
-- And more...
-✅ **Language-Specific Checks**
-- JavaScript/TypeScript: prototype pollution, eval usage
-- Python: pickle vulnerabilities, command injection
-- Java: deserialization, XXE
-- Go: race conditions, memory leaks
-### Best Practices Review
-✅ **Code Quality**
-- Naming convention compliance
-- Cyclomatic complexity analysis
-- Code duplication detection
-- Dead code identification
-✅ **Performance**
-- N+1 query detection
-- Inefficient algorithm patterns
-- Memory leak detection
-- Resource cleanup verification
-✅ **Maintainability**
-- Documentation coverage
-- Test coverage analysis
-- Dependency health check
-- Error handling review
-## Output
-The skill generates comprehensive reports in `.code-review/` directory:
-```
-.code-review/
-├── inventory.json              # File inventory with metadata
-├── security-findings.json      # Security vulnerabilities
-├── best-practices-findings.json # Best practices violations
-├── summary.json                # Summary statistics
-├── REPORT.md                   # Comprehensive markdown report
-└── FIX-CHECKLIST.md           # Actionable fix checklist
-```
-### Report Contents
-**REPORT.md** includes:
-- Executive summary with risk assessment
-- Quality scores (Security, Code Quality, Performance, Maintainability)
-- Detailed findings organized by severity
-- Code examples with fix recommendations
-- Action plan prioritized by urgency
-- Compliance status (PCI DSS, HIPAA, GDPR, SOC 2)
-**FIX-CHECKLIST.md** provides:
-- Checklist format for tracking fixes
-- Organized by severity (Critical → Low)
-- Effort estimates for each issue
-- Priority assignments
-## Configuration
-Create `.code-reviewer.json` in project root:
-```json
-{
-  "scope": {
-    "include": ["src/**/*", "lib/**/*"],
-    "exclude": ["**/*.test.ts", "**/*.spec.ts", "**/node_modules/**"]
-  },
-  "security": {
-    "enabled": true,
-    "checks": ["owasp-top-10", "cwe-top-25"],
-    "severity_threshold": "medium"
-  },
-  "best_practices": {
-    "enabled": true,
-    "code_quality": true,
-    "performance": true,
-    "maintainability": true
-  },
-  "reporting": {
-    "format": "markdown",
-    "output_path": ".code-review/",
-    "include_snippets": true,
-    "include_fixes": true
-  }
-}
-```
-## Workflow
-### Phase 1: Code Discovery
-- Discover and categorize code files
-- Extract metadata (LOC, complexity, framework)
-- Prioritize files (Critical, High, Medium, Low)
-### Phase 2: Security Analysis
-- Scan for OWASP Top 10 vulnerabilities
-- Check CWE Top 25 weaknesses
-- Apply language-specific security patterns
-- Generate security findings
-### Phase 3: Best Practices Review
-- Analyze code quality issues
-- Detect performance problems
-- Assess maintainability concerns
-- Generate best practices findings
-### Phase 4: Report Generation
-- Consolidate all findings
-- Calculate quality scores
-- Generate comprehensive reports
-- Create actionable checklists
-## Integration
-### Pre-commit Hook
-Block commits with critical/high issues:
-```bash
-#!/bin/bash
-# .git/hooks/pre-commit
-staged_files=$(git diff --cached --name-only --diff-filter=ACMR)
-ccw run code-reviewer --scope "$staged_files" --severity critical,high
-if [ $? -ne 0 ]; then
-  echo "❌ Code review found critical/high issues. Commit aborted."
-  exit 1
-fi
-```
-### CI/CD Integration
-```yaml
-# .github/workflows/code-review.yml
-name: Code Review
-on: [pull_request]
-jobs:
-  review:
-    runs-on: ubuntu-latest
-    steps:
-      - uses: actions/checkout@v3
-      - name: Run Code Review
-        run: |
-          ccw run code-reviewer --report-level detailed
-          ccw report upload .code-review/report.md
-```
-## Examples
-### Example 1: Security-Focused Review
-```bash
-# Review authentication module for security issues
-/code-reviewer --scope src/auth --focus security --severity critical,high
-```
-**Output**: Security findings with OWASP/CWE mappings and fix recommendations
-### Example 2: Performance Review
-```bash
-# Review API endpoints for performance issues
-/code-reviewer --scope src/api --focus best-practices --check performance
-```
-**Output**: N+1 queries, inefficient algorithms, memory leak detections
-### Example 3: Full Project Audit
-```bash
-# Comprehensive review of entire codebase
-/code-reviewer --report-level detailed --output .code-review/audit-2024-01.md
-```
-**Output**: Complete audit with all findings, scores, and action plan
-## Compliance Support
-The skill maps findings to compliance requirements:
-- **PCI DSS**: Requirement 6.5 (Common coding vulnerabilities)
-- **HIPAA**: Technical safeguards and access controls
-- **GDPR**: Article 32 (Security of processing)
-- **SOC 2**: Security controls and monitoring
-## Architecture
-### Execution Mode
-**Sequential** - Fixed phase order for systematic review:
-1. Code Discovery → 2. Security Analysis → 3. Best Practices → 4. Report Generation
-### Tools Used
-- `mcp__ace-tool__search_context` - Semantic code search
-- `mcp__ccw-tools__smart_search` - Pattern matching
-- `Read` - File content access
-- `Write` - Report generation
-## Quality Standards
-### Scoring System
-```
-Overall Score = (
-  Security Score × 0.4 +
-  Code Quality Score × 0.25 +
-  Performance Score × 0.2 +
-  Maintainability Score × 0.15
-)
-```
-### Score Ranges
-- **A (90-100)**: Excellent - Production ready
-- **B (80-89)**: Good - Minor improvements needed
-- **C (70-79)**: Acceptable - Some issues to address
-- **D (60-69)**: Poor - Significant improvements required
-- **F (0-59)**: Failing - Major issues, not production ready
-## Troubleshooting
-### Large Codebase
-If review takes too long:
-```bash
-# Review in batches
-/code-reviewer --scope src/module-1
-/code-reviewer --scope src/module-2 --resume
-# Or use parallel execution
-/code-reviewer --parallel 4
-```
-### False Positives
-Configure suppressions in `.code-reviewer.json`:
-```json
-{
-  "suppressions": {
-    "security": {
-      "sql-injection": {
-        "paths": ["src/legacy/**/*"],
-        "reason": "Legacy code, scheduled for refactor"
-      }
-    }
-  }
-}
-```
-## File Structure
-```
-.claude/skills/code-reviewer/
-├── SKILL.md                    # Main skill documentation
-├── README.md                   # This file
-├── phases/
-│   ├── 01-code-discovery.md
-│   ├── 02-security-analysis.md
-│   ├── 03-best-practices-review.md
-│   └── 04-report-generation.md
-├── specs/
-│   ├── security-requirements.md
-│   ├── best-practices-requirements.md
-│   └── quality-standards.md
-└── templates/
-    ├── security-finding.md
-    ├── best-practice-finding.md
-    └── report-template.md
-```
-## Version
-**v1.0.0** - Initial release
-## License
-MIT License