npm - code-abyss - Versions diffs - 1.5.1 - Mend

code-abyss 1.5.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (64) hide show

package/LICENSE +21 -0
package/README.md +197 -0
package/bin/install.js +193 -0
package/bin/uninstall.js +42 -0
package/config/AGENTS.md +247 -0
package/config/CLAUDE.md +207 -0
package/config/settings.example.json +27 -0
package/output-styles/abyss-cultivator.md +399 -0
package/package.json +41 -0
package/skills/SKILL.md +115 -0
package/skills/ai/SKILL.md +29 -0
package/skills/ai/agent-dev.md +242 -0
package/skills/ai/llm-security.md +288 -0
package/skills/architecture/SKILL.md +41 -0
package/skills/architecture/api-design.md +225 -0
package/skills/architecture/caching.md +299 -0
package/skills/architecture/cloud-native.md +285 -0
package/skills/architecture/compliance.md +299 -0
package/skills/architecture/data-security.md +184 -0
package/skills/architecture/message-queue.md +329 -0
package/skills/architecture/security-arch.md +210 -0
package/skills/development/SKILL.md +43 -0
package/skills/development/cpp.md +246 -0
package/skills/development/go.md +323 -0
package/skills/development/java.md +277 -0
package/skills/development/python.md +288 -0
package/skills/development/rust.md +313 -0
package/skills/development/shell.md +313 -0
package/skills/development/typescript.md +277 -0
package/skills/devops/SKILL.md +36 -0
package/skills/devops/cost-optimization.md +272 -0
package/skills/devops/database.md +217 -0
package/skills/devops/devsecops.md +198 -0
package/skills/devops/git-workflow.md +181 -0
package/skills/devops/observability.md +280 -0
package/skills/devops/performance.md +273 -0
package/skills/devops/testing.md +186 -0
package/skills/gen-docs/SKILL.md +114 -0
package/skills/gen-docs/scripts/doc_generator.py +491 -0
package/skills/multi-agent/SKILL.md +268 -0
package/skills/run_skill.py +88 -0
package/skills/security/SKILL.md +51 -0
package/skills/security/blue-team.md +379 -0
package/skills/security/code-audit.md +265 -0
package/skills/security/pentest.md +226 -0
package/skills/security/red-team.md +321 -0
package/skills/security/threat-intel.md +322 -0
package/skills/security/vuln-research.md +369 -0
package/skills/tests/README.md +225 -0
package/skills/tests/SUMMARY.md +362 -0
package/skills/tests/__init__.py +3 -0
package/skills/tests/test_change_analyzer.py +558 -0
package/skills/tests/test_doc_generator.py +538 -0
package/skills/tests/test_module_scanner.py +376 -0
package/skills/tests/test_quality_checker.py +516 -0
package/skills/tests/test_security_scanner.py +426 -0
package/skills/verify-change/SKILL.md +138 -0
package/skills/verify-change/scripts/change_analyzer.py +529 -0
package/skills/verify-module/SKILL.md +125 -0
package/skills/verify-module/scripts/module_scanner.py +321 -0
package/skills/verify-quality/SKILL.md +158 -0
package/skills/verify-quality/scripts/quality_checker.py +481 -0
package/skills/verify-security/SKILL.md +141 -0
package/skills/verify-security/scripts/security_scanner.py +368 -0

package/skills/development/typescript.md ADDED Viewed

@@ -0,0 +1,277 @@
+---
+name: typescript
+description: TypeScript/JavaScript 开发。前后端、Node.js、React、Vue。当用户提到 TypeScript、JavaScript、Node、React、Vue、Next.js 时使用。
+---
+# 📜 符箓秘典 · TypeScript/JavaScript
+## TypeScript 基础
+### 类型系统
+```typescript
+// 基础类型
+let name: string = "Alice";
+let age: number = 25;
+let active: boolean = true;
+let items: string[] = ["a", "b"];
+let tuple: [string, number] = ["hello", 10];
+// 接口
+interface User {
+  id: number;
+  name: string;
+  email?: string;  // 可选
+  readonly createdAt: Date;  // 只读
+}
+// 类型别名
+type ID = string | number;
+type Status = "pending" | "active" | "inactive";
+// 泛型
+function identity<T>(arg: T): T {
+  return arg;
+}
+interface Response<T> {
+  data: T;
+  status: number;
+}
+// 工具类型
+type Partial<T> = { [P in keyof T]?: T[P] };
+type Required<T> = { [P in keyof T]-?: T[P] };
+type Pick<T, K extends keyof T> = { [P in K]: T[P] };
+type Omit<T, K extends keyof T> = Pick<T, Exclude<keyof T, K>>;
+```
+## Node.js 后端
+### Express
+```typescript
+import express, { Request, Response, NextFunction } from 'express';
+const app = express();
+app.use(express.json());
+// 中间件
+const authMiddleware = (req: Request, res: Response, next: NextFunction) => {
+  const token = req.headers.authorization;
+  if (!token) {
+    return res.status(401).json({ error: 'Unauthorized' });
+  }
+  next();
+};
+// 路由
+app.get('/api/users/:id', async (req: Request, res: Response) => {
+  const { id } = req.params;
+  const user = await getUserById(id);
+  res.json(user);
+});
+app.post('/api/users', async (req: Request, res: Response) => {
+  const user = await createUser(req.body);
+  res.status(201).json(user);
+});
+// 错误处理
+app.use((err: Error, req: Request, res: Response, next: NextFunction) => {
+  console.error(err.stack);
+  res.status(500).json({ error: 'Internal Server Error' });
+});
+app.listen(3000);
+```
+### Fastify
+```typescript
+import Fastify from 'fastify';
+const fastify = Fastify({ logger: true });
+fastify.get('/users/:id', async (request, reply) => {
+  const { id } = request.params as { id: string };
+  return { id };
+});
+fastify.listen({ port: 3000 });
+```
+## React
+### 函数组件
+```tsx
+import React, { useState, useEffect, useCallback } from 'react';
+interface User {
+  id: number;
+  name: string;
+}
+interface Props {
+  userId: number;
+  onSelect?: (user: User) => void;
+}
+const UserCard: React.FC<Props> = ({ userId, onSelect }) => {
+  const [user, setUser] = useState<User | null>(null);
+  const [loading, setLoading] = useState(true);
+  useEffect(() => {
+    fetchUser(userId).then(data => {
+      setUser(data);
+      setLoading(false);
+    });
+  }, [userId]);
+  const handleClick = useCallback(() => {
+    if (user && onSelect) {
+      onSelect(user);
+    }
+  }, [user, onSelect]);
+  if (loading) return <div>Loading...</div>;
+  if (!user) return <div>User not found</div>;
+  return (
+    <div onClick={handleClick}>
+      <h2>{user.name}</h2>
+    </div>
+  );
+};
+export default UserCard;
+```
+### Hooks
+```tsx
+// 自定义 Hook
+function useFetch<T>(url: string) {
+  const [data, setData] = useState<T | null>(null);
+  const [loading, setLoading] = useState(true);
+  const [error, setError] = useState<Error | null>(null);
+  useEffect(() => {
+    fetch(url)
+      .then(res => res.json())
+      .then(setData)
+      .catch(setError)
+      .finally(() => setLoading(false));
+  }, [url]);
+  return { data, loading, error };
+}
+// 使用
+const { data, loading } = useFetch<User[]>('/api/users');
+```
+## Vue 3
+### Composition API
+```vue
+<script setup lang="ts">
+import { ref, computed, onMounted } from 'vue';
+interface User {
+  id: number;
+  name: string;
+}
+const props = defineProps<{
+  userId: number;
+}>();
+const emit = defineEmits<{
+  (e: 'select', user: User): void;
+}>();
+const user = ref<User | null>(null);
+const loading = ref(true);
+const displayName = computed(() => user.value?.name ?? 'Unknown');
+onMounted(async () => {
+  user.value = await fetchUser(props.userId);
+  loading.value = false;
+});
+const handleClick = () => {
+  if (user.value) {
+    emit('select', user.value);
+  }
+};
+</script>
+<template>
+  <div v-if="loading">Loading...</div>
+  <div v-else-if="user" @click="handleClick">
+    <h2>{{ displayName }}</h2>
+  </div>
+</template>
+```
+## 测试
+### Jest/Vitest
+```typescript
+import { describe, it, expect, vi } from 'vitest';
+import { render, screen, fireEvent } from '@testing-library/react';
+import UserCard from './UserCard';
+describe('UserCard', () => {
+  it('should render user name', async () => {
+    render(<UserCard userId={1} />);
+    expect(await screen.findByText('Alice')).toBeInTheDocument();
+  });
+  it('should call onSelect when clicked', async () => {
+    const onSelect = vi.fn();
+    render(<UserCard userId={1} onSelect={onSelect} />);
+    const card = await screen.findByRole('button');
+    fireEvent.click(card);
+    expect(onSelect).toHaveBeenCalledWith({ id: 1, name: 'Alice' });
+  });
+});
+// Mock
+vi.mock('./api', () => ({
+  fetchUser: vi.fn().mockResolvedValue({ id: 1, name: 'Alice' })
+}));
+```
+## 项目结构
+```
+myproject/
+├── package.json
+├── tsconfig.json
+├── src/
+│   ├── index.ts
+│   ├── components/
+│   ├── hooks/
+│   ├── services/
+│   ├── types/
+│   └── utils/
+├── tests/
+└── public/
+```
+## 常用库
+| 库 | 用途 |
+|---|------|
+| Express/Fastify | Node.js 框架 |
+| React/Vue | 前端框架 |
+| Next.js/Nuxt | 全栈框架 |
+| Prisma | ORM |
+| Zod | 数据验证 |
+| Vitest/Jest | 测试 |
+| ESLint/Prettier | 代码规范 |
+---

package/skills/devops/SKILL.md ADDED Viewed

@@ -0,0 +1,36 @@
+---
+name: devops
+description: DevOps 能力索引。Git、测试、DevSecOps、数据库。当用户提到 DevOps、CI/CD、Git、测试时路由到此。
+---
+# 🔧 炼器秘典 · DevOps 能力中枢
+## 能力矩阵
+| Skill | 定位 | 核心能力 |
+|-------|------|----------|
+| [git-workflow](git-workflow.md) | 版本控制 | Git、分支策略、PR |
+| [testing](testing.md) | 软件测试 | 单元测试、集成测试、TDD |
+| [devsecops](devsecops.md) | 安全开发 | CI/CD安全、供应链安全 |
+| [database](database.md) | 数据库 | SQL、NoSQL、优化 |
+| [performance](performance.md) | 性能优化 | Profiling、火焰图、基准测试 |
+| [observability](observability.md) | 可观测性 | 日志、指标、追踪、SLO |
+| [cost-optimization](cost-optimization.md) | 成本优化 | FinOps、右尺寸、Spot、伸缩 |
+## DevOps 原则
+```yaml
+文化:
+  - 协作与共享
+  - 持续改进
+  - 自动化一切
+  - 快速反馈
+实践:
+  - 持续集成 (CI)
+  - 持续交付 (CD)
+  - 基础设施即代码
+  - 监控与可观测性
+```

package/skills/devops/cost-optimization.md ADDED Viewed

@@ -0,0 +1,272 @@
+---
+name: cost-optimization
+description: 成本优化秘典。FinOps框架、计算/存储/网络优化、成本建模。当用户提到成本、费用、FinOps、省钱、预算、账单时路由到此。
+---
+# 🔧 炼器秘典 · 成本优化
+## FinOps 框架
+```
+┌─────────────────────────────────────┐
+│           FinOps 生命周期            │
+├───────────┬───────────┬─────────────┤
+│  Inform   │  Optimize │  Operate    │
+│  可视化   │  优化     │  运营       │
+│  谁花了   │  怎么省   │  持续治理   │
+│  多少钱   │  多少钱   │  流程制度   │
+└───────────┴───────────┴─────────────┘
+```
+| 阶段 | 目标 | 关键动作 |
+|------|------|----------|
+| Inform | 成本可视化 | 标签策略、成本分摊、Dashboard |
+| Optimize | 降低浪费 | 右尺寸、预留、Spot、清理闲置 |
+| Operate | 持续治理 | 预算告警、审批流程、定期审查 |
+---
+## 成本分析
+### 标签策略
+```yaml
+必选标签:
+  - Environment: prod/staging/dev
+  - Team: platform/backend/frontend
+  - Service: order-service/user-service
+  - Owner: team-email
+  - CostCenter: CC-001
+可选标签:
+  - Project: project-name
+  - Temporary: expiry-date
+```
+### 成本归因
+```
+总成本
+├── 按团队: Team-A (40%) | Team-B (35%) | 共享 (25%)
+├── 按环境: Prod (60%) | Staging (25%) | Dev (15%)
+├── 按服务: 计算 (45%) | 存储 (25%) | 网络 (15%) | 其他 (15%)
+└── 按类型: On-Demand (30%) | Reserved (50%) | Spot (10%) | 其他 (10%)
+```
+---
+## 计算优化
+### 右尺寸 (Right-sizing)
+```bash
+# AWS - 查找低利用率实例
+aws ce get-rightsizing-recommendation \
+  --service EC2 \
+  --configuration '{"RecommendationTarget":"SAME_INSTANCE_FAMILY","BenefitsConsidered":true}'
+# 判断标准
+# CPU 平均 < 20% 且 峰值 < 50% → 缩小
+# CPU 平均 > 70% 或 峰值 > 90% → 扩大
+# Memory 使用 < 30% → 缩小
+```
+### 预留实例 / Savings Plans
+| 类型 | 折扣 | 灵活性 | 适用 |
+|------|------|--------|------|
+| Reserved Instance (1yr) | ~30% | 低 | 稳定负载 |
+| Reserved Instance (3yr) | ~50% | 低 | 长期稳定 |
+| Savings Plans (Compute) | ~30% | 高 | 跨实例族 |
+| Savings Plans (EC2) | ~40% | 中 | 固定区域 |
+### Spot 实例
+```yaml
+适用场景:
+  - 批处理任务
+  - CI/CD 构建
+  - 无状态 Web 服务（配合 ASG）
+  - 大数据处理
+不适用:
+  - 数据库
+  - 有状态服务
+  - 长时间运行的关键任务
+最佳实践:
+  - 多实例类型混合
+  - 跨可用区分散
+  - 设置中断处理 (2分钟通知)
+  - 配合 On-Demand 保底
+```
+### 自动伸缩
+```yaml
+# Target Tracking (推荐)
+scaling_policy:
+  type: TargetTrackingScaling
+  target_value: 70          # CPU 目标 70%
+  scale_in_cooldown: 300
+  scale_out_cooldown: 60
+# 预测性伸缩
+predictive_scaling:
+  mode: ForecastAndScale
+  scheduling_buffer_time: 300
+# 定时伸缩 (已知流量模式)
+scheduled_actions:
+  - schedule: "cron(0 8 * * MON-FRI)"   # 工作日早8点扩容
+    min_capacity: 10
+  - schedule: "cron(0 20 * * MON-FRI)"  # 晚8点缩容
+    min_capacity: 2
+```
+---
+## 存储优化
+### 存储分层
+| 层级 | 访问频率 | 成本 | 适用 |
+|------|----------|------|------|
+| S3 Standard | 频繁 | $$$ | 活跃数据 |
+| S3 IA | 月级 | $$ | 备份、日志 |
+| S3 Glacier | 季度级 | $ | 归档 |
+| S3 Glacier Deep | 年级 | ¢ | 合规归档 |
+### 生命周期策略
+```json
+{
+  "Rules": [
+    {
+      "ID": "log-lifecycle",
+      "Filter": {"Prefix": "logs/"},
+      "Transitions": [
+        {"Days": 30, "StorageClass": "STANDARD_IA"},
+        {"Days": 90, "StorageClass": "GLACIER"},
+        {"Days": 365, "StorageClass": "DEEP_ARCHIVE"}
+      ],
+      "Expiration": {"Days": 2555}
+    }
+  ]
+}
+```
+### 数据库存储
+```yaml
+优化策略:
+  - 定期清理过期数据 (TTL/分区删除)
+  - 压缩历史表
+  - 归档冷数据到对象存储
+  - 使用列式存储处理分析查询
+  - 审查未使用的索引
+```
+---
+## 网络优化
+| 优化项 | 方法 | 节省 |
+|--------|------|------|
+| 跨 AZ 流量 | 同 AZ 优先路由 | ~$0.01/GB |
+| 跨 Region 流量 | CDN + 边缘缓存 | ~$0.02/GB |
+| NAT Gateway | 使用 VPC Endpoint | ~$0.045/GB |
+| 数据传输 | 压缩 + 批量 | 30-70% |
+```yaml
+VPC Endpoint 优先:
+  - S3: Gateway Endpoint (免费)
+  - DynamoDB: Gateway Endpoint (免费)
+  - 其他 AWS 服务: Interface Endpoint (按小时计费，但省流量费)
+```
+---
+## 应用层优化
+### 缓存降本
+```
+无缓存: 100% 请求打到数据库 → 需要大实例
+加缓存: 80% 缓存命中 → 数据库可缩小 60%
+```
+### 架构降本
+| 模式 | 场景 | 节省 |
+|------|------|------|
+| Serverless | 低流量/突发 | 按调用付费，空闲零成本 |
+| 容器化 | 中等流量 | 提高资源利用率 |
+| 队列削峰 | 突发流量 | 减少峰值资源需求 |
+| 读写分离 | 读多写少 | 读副本用小实例 |
+### 代码级降本
+```yaml
+减少外部调用:
+  - 批量 API 调用替代循环单次
+  - 本地缓存热数据
+  - 连接池复用
+减少计算:
+  - 惰性计算
+  - 增量处理替代全量
+  - 合理的超时设置（避免资源空等）
+```
+---
+## 成本建模
+### 单位经济学
+```
+单用户成本 = 总基础设施成本 / 活跃用户数
+目标: 随规模增长，单用户成本递减
+```
+### 成本预测
+```yaml
+输入:
+  - 当前月成本: $10,000
+  - 用户增长率: 20%/月
+  - 基础设施弹性系数: 0.7 (成本增长 = 用户增长 × 0.7)
+预测:
+  - M+1: $10,000 × (1 + 0.2 × 0.7) = $11,400
+  - M+3: ~$14,800
+  - M+6: ~$22,100
+```
+---
+## 成本优化清单
+```yaml
+即时见效 (Quick Wins):
+  - [ ] 清理闲置资源 (未挂载 EBS、空闲 EIP、停止的实例)
+  - [ ] 删除未使用的快照和 AMI
+  - [ ] 右尺寸低利用率实例
+  - [ ] 启用 S3 生命周期策略
+中期优化:
+  - [ ] 购买 Savings Plans / Reserved Instances
+  - [ ] Spot 实例用于非关键负载
+  - [ ] 配置自动伸缩
+  - [ ] VPC Endpoint 替代 NAT Gateway
+长期治理:
+  - [ ] 标签策略 100% 覆盖
+  - [ ] 成本分摊 Dashboard
+  - [ ] 月度成本审查会议
+  - [ ] 预算告警自动化
+```