create-vibe-workflow 0.1.0

package/dist/templates/hooks/check-deps.mjs

@@ -0,0 +1,65 @@
+#!/usr/bin/env node
+
+// 依赖检测 — Claude Code PreToolUse hook
+// 检查外部依赖组件是否已安装，缺失时打印中文安装指引
+
+import { existsSync } from 'node:fs';
+import { homedir } from 'node:os';
+import { join } from 'node:path';
+
+const homeDir = homedir();
+const skillsDir = join(homeDir, '.claude', 'skills');
+
+const REQUIRED = [
+  { name: 'gstack', dir: 'gstack', install: 'cd ~/.claude/skills && git clone https://github.com/garrytan/gstack.git gstack' },
+  { name: 'superpowers', dir: 'superpowers', install: 'https://github.com/anthropics/claude-code-superpowers' },
+];
+
+const OPTIONAL = [
+  { name: 'openspec', dir: 'openspec', install: 'npm install -g @anthropic/openspec' },
+];
+
+const missing = [];
+const missingOptional = [];
+
+for (const dep of REQUIRED) {
+  if (!existsSync(join(skillsDir, dep.dir))) {
+    missing.push(dep);
+  }
+}
+
+for (const dep of OPTIONAL) {
+  if (!existsSync(join(skillsDir, dep.dir))) {
+    missingOptional.push(dep);
+  }
+}
+
+if (missing.length === 0 && missingOptional.length === 0) {
+  process.exit(0);
+}
+
+console.log('');
+console.log('══════════════════════════════════════════');
+console.log('  ⚠️  工作流依赖检查');
+console.log('══════════════════════════════════════════');
+
+if (missing.length > 0) {
+  console.log('');
+  console.log('❌ 缺少必要组件（工作流核心功能将不可用）：');
+  for (const dep of missing) {
+    console.log(`  • ${dep.name} — 安装: ${dep.install}`);
+  }
+}
+
+if (missingOptional.length > 0) {
+  console.log('');
+  console.log('⚠️  缺少可选组件（部分高级功能不可用）：');
+  for (const dep of missingOptional) {
+    console.log(`  • ${dep.name} — 安装: ${dep.install}`);
+  }
+}
+
+console.log('');
+console.log('安装后可重启 Claude Code 以启用完整工作流。');
+console.log('══════════════════════════════════════════');
+console.log('');

package/dist/templates/hooks/post-commit-check.js

@@ -0,0 +1,31 @@
+#!/usr/bin/env node
+
+// Post-commit 文档反写检查
+// 通过 Claude Code PostToolUse hook 触发
+
+const input = process.argv[2] || '{}';
+let toolCall;
+try {
+  toolCall = JSON.parse(input);
+} catch {
+  process.exit(0);
+}
+
+if (toolCall.tool_name !== 'Bash') process.exit(0);
+
+const commandInput = typeof toolCall.input === 'string'
+  ? toolCall.input
+  : JSON.stringify(toolCall.input || '');
+
+if (!commandInput.includes('git commit')) process.exit(0);
+
+console.log('⚠️  【第⑧步 文档反写检查】commit 完成，请逐条检查：');
+console.log('  □ DB schema 变更?    → docs/database-schema.md');
+console.log('  □ API 端点变更?      → docs/api-design.md');
+console.log('  □ 权限变更?          → docs/security.md');
+console.log('  □ 新功能不在 PRD 中? → docs/PRD.md');
+console.log('  □ 新增/修改模块?     → docs/modules/{module}.md');
+console.log('  □ 模块依赖变化?      → docs/architecture.md');
+console.log('  □ 模块状态变化?      → CLAUDE.md + PROGRESS.md');
+console.log('  □ todolist 任务完成? → todolist.md 删除/勾选');
+console.log('  □ 里程碑完成?        → memory/MEMORY.md');

package/dist/templates/rules/agents.md

@@ -0,0 +1,49 @@
+# Agent Orchestration
+
+## Available Agents
+
+Located in `~/.claude/agents/`:
+
+| Agent | Purpose | When to Use |
+|-------|---------|-------------|
+| planner | Implementation planning | Complex features, refactoring |
+| architect | System design | Architectural decisions |
+| tdd-guide | Test-driven development | New features, bug fixes |
+| code-reviewer | Code review | After writing code |
+| security-reviewer | Security analysis | Before commits |
+| build-error-resolver | Fix build errors | When build fails |
+| e2e-runner | E2E testing | Critical user flows |
+| refactor-cleaner | Dead code cleanup | Code maintenance |
+| doc-updater | Documentation | Updating docs |
+
+## Immediate Agent Usage
+
+No user prompt needed:
+1. Complex feature requests - Use **planner** agent
+2. Code just written/modified - Use **code-reviewer** agent
+3. Bug fix or new feature - Use **tdd-guide** agent
+4. Architectural decision - Use **architect** agent
+
+## Parallel Task Execution
+
+ALWAYS use parallel Task execution for independent operations:
+
+```markdown
+# GOOD: Parallel execution
+Launch 3 agents in parallel:
+1. Agent 1: Security analysis of auth module
+2. Agent 2: Performance review of cache system
+3. Agent 3: Type checking of utilities
+
+# BAD: Sequential when unnecessary
+First agent 1, then agent 2, then agent 3
+```
+
+## Multi-Perspective Analysis
+
+For complex problems, use split role sub-agents:
+- Factual reviewer
+- Senior engineer
+- Security expert
+- Consistency reviewer
+- Redundancy checker

package/dist/templates/rules/coding-style.md

@@ -0,0 +1,117 @@
+---
+paths:
+  - "**/*.ts"
+  - "**/*.tsx"
+  - "**/*.js"
+  - "**/*.jsx"
+---
+# TypeScript/JavaScript Coding Style
+
+> 本文件是 TypeScript/JavaScript 项目的代码风格规范。
+
+## Types and Interfaces
+
+Use types to make public APIs, shared models, and component props explicit, readable, and reusable.
+
+### Public APIs
+
+- Add parameter and return types to exported functions, shared utilities, and public class methods
+- Let TypeScript infer obvious local variable types
+- Extract repeated inline object shapes into named types or interfaces
+
+```typescript
+// WRONG: Exported function without explicit types
+export function formatUser(user) {
+  return `${user.firstName} ${user.lastName}`
+}
+
+// CORRECT: Explicit types on public APIs
+interface User {
+  firstName: string
+  lastName: string
+}
+
+export function formatUser(user: User): string {
+  return `${user.firstName} ${user.lastName}`
+}
+```
+
+### Interfaces vs. Type Aliases
+
+- Use `interface` for object shapes that may be extended or implemented
+- Use `type` for unions, intersections, tuples, mapped types, and utility types
+- Prefer string literal unions over `enum` unless an `enum` is required for interoperability
+
+### Avoid `any`
+
+- Avoid `any` in application code
+- Use `unknown` for external or untrusted input, then narrow it safely
+- Use generics when a value's type depends on the caller
+
+```typescript
+// WRONG: any removes type safety
+function getErrorMessage(error: any) {
+  return error.message
+}
+
+// CORRECT: unknown forces safe narrowing
+function getErrorMessage(error: unknown): string {
+  if (error instanceof Error) {
+    return error.message
+  }
+  return 'Unexpected error'
+}
+```
+
+## Immutability
+
+Use spread operator for immutable updates:
+
+```typescript
+// WRONG: Mutation
+function updateUser(user: User, name: string): User {
+  user.name = name // MUTATION!
+  return user
+}
+
+// CORRECT: Immutability
+function updateUser(user: Readonly<User>, name: string): User {
+  return { ...user, name }
+}
+```
+
+## Error Handling
+
+Use async/await with try-catch and narrow unknown errors safely:
+
+```typescript
+async function loadUser(userId: string): Promise<User> {
+  try {
+    return await riskyOperation(userId)
+  } catch (error: unknown) {
+    logger.error('Operation failed', error)
+    throw new Error(getErrorMessage(error))
+  }
+}
+```
+
+## Input Validation
+
+Use Zod for schema-based validation and infer types from the schema:
+
+```typescript
+import { z } from 'zod'
+
+const userSchema = z.object({
+  email: z.string().email(),
+  age: z.number().int().min(0).max(150)
+})
+
+type UserInput = z.infer<typeof userSchema>
+const validated: UserInput = userSchema.parse(input)
+```
+
+## Console.log
+
+- No `console.log` statements in production code
+- Use proper logging libraries instead

package/dist/templates/rules/development-workflow.md

@@ -0,0 +1,122 @@
+# Development Workflow（9 环节完整流程）
+
+> 每个环节都必须执行（除非标注了跳过条件）。
+> 完成标志 = 该环节产出的可验证产物，没有产物 = 没做完。
+
+## 完整链路
+
+```
+① 需求澄清 ──── OpenSpec /opsx:propose
+② 计划拆分 ──── gstack /plan-ceo-review /plan-eng-review（可选）
+③ 研究复用
+④ TodoList编写
+⑤ TDD开发 ──── Superpowers 强制执行 TDD 纪律
+⑥ 代码审查 ──── code-reviewer agent（自动）
+⑦ 安全审查 ──── gstack /cso（可选）+ security-reviewer（自动）
+⑧ 文档反写
+⑨ 提交归档 ──── gstack /ship（跑测试+生成PR）→ OpenSpec /opsx:archive
+```
+
+> 工具说明详见 `CLAUDE.md` § AI 协作工具链
+
+---
+
+## 开发前必读文档
+
+| 顺序 | 文档 | 提取什么 |
+|------|------|----------|
+| 1 | `docs/PRD.md` | 用户故事 + 验收标准 + P0/P1 划分 |
+| 2 | `docs/database-schema.md` | 表结构 + FK + 枚举 + 约束（有数据库时） |
+| 3 | `docs/api-design.md` | 端点 + 请求/响应格式 + 权限（有 API 时） |
+| 4 | `docs/security.md` | 权限矩阵（有认证时） |
+| 5 | `docs/ui-ux-spec.md` | 页面线框图 + 组件规范（有前端时） |
+| 6 | 相邻已完成模块代码 | 复用实现模式 |
+
+缺少信息？先补设计文档，再写代码。
+
+---
+
+## 各环节
+
+### ① 需求澄清
+- 动作: 对照 PRD 确认功能边界和优先级
+- **新功能必须先用 OpenSpec**: `/opsx:propose 你的需求描述` → 生成结构化规格 + 任务清单
+- **复杂需求可选 gstack**: `/office-hours` 验证想法，`/plan-ceo-review` 挑战假设
+- ✅ 完成标志: OpenSpec 任务清单已生成 + 明确了做什么、不做什么、P0/P1 划分
+- 跳过条件: 纯技术任务（重构、升级依赖等）
+
+### ② 计划拆分
+- 动作: 拆分为可独立提交的子任务（每个 50-300 行）
+- 复杂功能使用 **planner** agent
+- **P0 优先策略**：新模块只先实现 P0，P1 完整列出放待开发区
+- ✅ 完成标志: 有明确的子任务列表，每个子任务对应一个 commit
+- 跳过条件: 单文件小修改（<50 行）
+
+### ③ 研究复用
+- 动作: GitHub code search → Context7 → npm → 相邻模块代码
+- ✅ 完成标志: 确认了实现模式（复用现有 or 新写）
+- 跳过条件: 已有明确模式可复用
+
+### ④ TodoList 编写
+- 动作: 将子任务写入 `todolist.md`
+- 粒度: 一个子任务 = 一个可独立 commit 的变更
+- ✅ 完成标志: `todolist.md` 已更新，包含所有 P0 + P1 任务
+- **不可跳过**
+
+### ⑤ TDD 开发
+- 动作: RED → GREEN → REFACTOR，覆盖率 ≥80%
+- **Superpowers 强制执行**: `tdd-workflow` skill 确保先写测试再写代码，禁止跳过
+- **按 OpenSpec 任务清单逐项实现**，每完成一项标记 done
+- ✅ 完成标志: 测试通过 + 编译通过
+- **不可跳过**
+
+### ⑥ 代码审查
+- 动作: 使用 **code-reviewer** agent
+- ✅ 完成标志: CRITICAL/HIGH 问题已修复
+- **不可跳过**（纯文档/配置变更除外）
+
+### ⑦ 安全审查
+- 动作: 使用 **security-reviewer** agent
+- ✅ 完成标志: 无 CRITICAL 安全问题
+- 触发: 仅 auth / finance / system 模块
+- 跳过条件: 非安全敏感模块
+
+### ⑧ 文档反写（每个 commit 后立即执行，不可跳过）
+
+> 这是最容易遗漏的环节。代码改了但文档没同步 = 技术债。
+> 小功能/临时需求可能不在 PRD 中，反写是唯一让文档跟上代码的机会。
+
+**逐条检查，改了哪个就同步哪个：**
+
+| 改了什么 | 必须同步到 |
+|----------|-----------|
+| DB schema（新表/改字段） | `docs/database-schema.md` |
+| API 端点（新增/修改） | `docs/api-design.md` |
+| 权限（新角色/新资源） | `docs/security.md` |
+| 新功能/新模块（不在 PRD 中） | `docs/PRD.md` |
+| 新增/修改模块 | `docs/modules/{module}.md` |
+| 模块间依赖变化 | `docs/architecture.md` |
+| 业务模块状态变化 | `CLAUDE.md` 业务模块表 |
+| 模块进度变化 | `PROGRESS.md` |
+| 完成了 todolist 中的子任务 | `todolist.md` 删除/勾选 |
+| 模块完成/里程碑 | `memory/MEMORY.md` |
+
+✅ 完成标志: `git diff` 中包含对应的文档文件变更
+
+### ⑨ 提交归档
+- 动作: `/ship` → 自动跑全量测试 + 检查覆盖率 + 生成 PR 描述 + push + 创建 PR
+- PR merge 后执行 `/opsx:archive` 将变更移至 archive
+- 小改动（<50行）可直接 `git commit`（遵循 `git-workflow.md` 格式和粒度规范）
+- ✅ 完成标志: PR 已创建（或 commit 成功）+ OpenSpec 已归档
+- **不可跳过**
+
+---
+
+## 经验反写触发规则
+
+| 触发条件 | 写入位置 |
+|----------|----------|
+| 遇到报错并解决 | `memory/troubleshooting.md` |
+| 发现项目特有模式 | `memory/dev-notes.md` |
+| 用户确认"功能正确了" | `.claude/skills/{project}-{topic}/SKILL.md` |
+| 技术决策变更 | `memory/MEMORY.md` 已决策事项 |

package/dist/templates/rules/git-workflow.md

@@ -0,0 +1,47 @@
+# Git Workflow
+
+## Commit Message Format
+```
+<type>: <description>
+
+<optional body>
+```
+
+Types: feat, fix, refactor, docs, test, chore, perf, ci
+
+## Commit 粒度规范
+
+一个 commit = todolist.md 中的一个子任务，满足：
+- 代码可编译通过
+- 相关测试通过
+- 变更文件 1-8 个，行数 50-300 行
+- 超过 500 行应继续拆分
+
+### 典型 commit 序列（后端模块）
+
+```
+feat: 添加{模块}Zod schema          # shared schema
+feat: 实现 {Module}Service           # service 层
+test: 添加 {Module}Service 单元测试   # 测试
+feat: 实现 {Module}Controller        # controller
+feat: 注册 {Module}Module            # module
+docs: 同步{模块}治理文档              # 文档反写
+```
+
+### 典型 commit 序列（前端页面）
+
+```
+feat: 实现{模块}列表页    # 列表
+feat: 实现{模块}详情页    # 详情
+feat: 实现{模块}表单      # 表单
+docs: 同步{模块}治理文档   # 文档反写
+```
+
+## Pull Request Workflow
+
+When creating PRs:
+1. Analyze full commit history (not just latest commit)
+2. Use `git diff [base-branch]...HEAD` to see all changes
+3. Draft comprehensive PR summary
+4. Include test plan with TODOs
+5. Push with `-u` flag if new branch

package/dist/templates/rules/patterns.md

@@ -0,0 +1,48 @@
+---
+paths:
+  - "**/*.ts"
+  - "**/*.tsx"
+  - "**/*.js"
+  - "**/*.jsx"
+---
+# TypeScript/JavaScript Patterns
+
+## API Response Format
+
+```typescript
+interface ApiResponse<T> {
+  success: boolean
+  data?: T
+  error?: string
+  meta?: {
+    total: number
+    page: number
+    limit: number
+  }
+}
+```
+
+## Custom Hooks Pattern
+
+```typescript
+export function useDebounce<T>(value: T, delay: number): T {
+  const [debouncedValue, setDebouncedValue] = useState<T>(value)
+  useEffect(() => {
+    const handler = setTimeout(() => setDebouncedValue(value), delay)
+    return () => clearTimeout(handler)
+  }, [value, delay])
+  return debouncedValue
+}
+```
+
+## Repository Pattern
+
+```typescript
+interface Repository<T> {
+  findAll(filters?: Filters): Promise<T[]>
+  findById(id: string): Promise<T | null>
+  create(data: CreateDto): Promise<T>
+  update(id: string, data: UpdateDto): Promise<T>
+  delete(id: string): Promise<void>
+}
+```

package/dist/templates/rules/security.md

@@ -0,0 +1,37 @@
+---
+paths:
+  - "**/*.ts"
+  - "**/*.tsx"
+  - "**/*.js"
+  - "**/*.jsx"
+---
+# TypeScript/JavaScript Security
+
+## Secret Management
+
+```typescript
+// NEVER: Hardcoded secrets
+const apiKey = "sk-proj-xxxxx"
+
+// ALWAYS: Environment variables
+const apiKey = process.env.OPENAI_API_KEY
+if (!apiKey) {
+  throw new Error('OPENAI_API_KEY not configured')
+}
+```
+
+## Mandatory Security Checks
+
+Before ANY commit:
+- [ ] No hardcoded secrets (API keys, passwords, tokens)
+- [ ] All user inputs validated
+- [ ] SQL injection prevention (parameterized queries)
+- [ ] XSS prevention (sanitized HTML)
+- [ ] CSRF protection enabled
+- [ ] Authentication/authorization verified
+- [ ] Rate limiting on all endpoints
+- [ ] Error messages don't leak sensitive data
+
+## Agent Support
+
+- Use **security-reviewer** agent for comprehensive security audits

package/dist/templates/rules/testing.md

@@ -0,0 +1,30 @@
+---
+paths:
+  - "**/*.ts"
+  - "**/*.tsx"
+  - "**/*.js"
+  - "**/*.jsx"
+---
+# TypeScript/JavaScript Testing
+
+## Minimum Test Coverage: 80%
+
+Test Types (ALL required):
+1. **Unit Tests** — Individual functions, utilities, components
+2. **Integration Tests** — API endpoints, database operations
+3. **E2E Tests** — Critical user flows (Playwright recommended)
+
+## Test-Driven Development
+
+MANDATORY workflow:
+1. Write test first (RED)
+2. Run test — it should FAIL
+3. Write minimal implementation (GREEN)
+4. Run test — it should PASS
+5. Refactor (IMPROVE)
+6. Verify coverage (80%+)
+
+## Agent Support
+
+- **e2e-runner** — Playwright E2E testing specialist
+- **tdd-guide** — TDD workflow enforcement

package/dist/templates/settings/settings.template.json

@@ -0,0 +1,14 @@
+{
+  "meta": {
+    "generatedBy": "create-vibe-workflow@0.1.0",
+    "generatedAt": "<%= GENERATED_AT %>"
+  },
+  "dependencies": {
+    "required": ["gstack", "superpowers"],
+    "optional": ["openspec"]
+  },
+  "workflow": {
+    "version": "9-step-v1",
+    "language": "<%= LANGUAGE %>"
+  }
+}

package/package.json

@@ -0,0 +1,49 @@
+{
+  "name": "create-vibe-workflow",
+  "version": "0.1.0",
+  "description": "一键安装 Claude Code 开发工作流 — 面向非专业编程人员的 Vibe Coding 编排插件",
+  "type": "module",
+  "keywords": [
+    "claude-code",
+    "vibe-coding",
+    "workflow",
+    "ai-assisted-development",
+    "chinese"
+  ],
+  "license": "MIT",
+  "author": "VictorStacker",
+  "bin": {
+    "create-vibe-workflow": "dist/cli.js"
+  },
+  "files": [
+    "dist/",
+    "templates/"
+  ],
+  "scripts": {
+    "build": "tsc && node scripts/copy-assets.js",
+    "dev": "tsx src/cli.ts",
+    "test": "vitest run",
+    "test:watch": "vitest",
+    "prepublishOnly": "npm run build"
+  },
+  "dependencies": {
+    "chalk": "^5.4.1",
+    "ejs": "^3.1.10",
+    "inquirer": "^12.5.0"
+  },
+  "devDependencies": {
+    "@types/ejs": "^3.1.5",
+    "@types/inquirer": "^9.0.7",
+    "@types/node": "^22.13.0",
+    "tsx": "^4.19.0",
+    "typescript": "^5.7.0",
+    "vitest": "^4.1.0"
+  },
+  "engines": {
+    "node": ">=18.0.0"
+  },
+  "repository": {
+    "type": "git",
+    "url": "https://github.com/VictorStacker/create-vibe-workflow"
+  }
+}

package/templates/claude-md/CLAUDE.zh-CN.md

@@ -0,0 +1,46 @@
+<!-- WORKFLOW-START -->
+<!-- 此区域由 create-vibe-workflow 自动生成，重跑 CLI 时会更新 -->
+
+## AI 协作工具链
+
+本项目使用多层 AI 工具协作体系：
+
+```
+你的业务需求
+  ↓
+① OpenSpec ─── 把想法变成结构化的需求规格和任务清单
+  ↓
+② gstack ───── 虚拟团队角色审查（CEO审查/设计审查/工程审查）
+  ↓
+③ Superpowers ─ 强制执行正确的开发流程（TDD/系统调试/验证）
+```
+
+### 标准开发流程
+
+```
+① 需求澄清（OpenSpec）→ ② 计划拆分 → ③ 研究复用
+→ ④ TodoList编写 → ⑤ TDD开发 → ⑥ 代码审查
+→ ⑦ 安全审查 → ⑧ 文档反写 → ⑨ 提交归档
+```
+
+### 常用命令
+
+| 场景 | 命令 |
+|------|------|
+| 开发新功能 | `/opsx:propose` 开始 |
+| 修 Bug | 自动触发 `systematic-debugging` |
+| 审查代码 | `/review` |
+| 验收功能 | `/qa` |
+| 准备发布 | `/ship` |
+| 安全审查 | `/cso` |
+
+## 技术栈
+
+- 语言: TypeScript 5.x (strict mode)
+- 前端: Next.js 15 (App Router) + shadcn/ui + Tailwind CSS
+- 后端: NestJS 11 (REST API)
+- 数据库: PostgreSQL 16+ + Drizzle ORM
+- 校验: Zod（前后端共享 schema）
+- 测试: Vitest (单元) + Playwright (E2E)
+
+<!-- WORKFLOW-END -->