flowmind 1.0.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (47) hide show
  1. package/LICENSE +21 -0
  2. package/README.md +855 -0
  3. package/README_CN.md +854 -0
  4. package/bin/flowmind.js +464 -0
  5. package/core/adapters/api-doc-adapter.js +71 -0
  6. package/core/adapters/base-adapter.js +80 -0
  7. package/core/adapters/database-manager-adapter.js +60 -0
  8. package/core/adapters/database-query-adapter.js +51 -0
  9. package/core/adapters/knowledge-base-adapter.js +75 -0
  10. package/core/adapters/log-service-adapter.js +41 -0
  11. package/core/adapters/mcp-adapter.js +65 -0
  12. package/core/adapters/report-adapter.js +60 -0
  13. package/core/adapters/workflow-adapter.js +62 -0
  14. package/core/component-registry.js +281 -0
  15. package/core/component-types.js +63 -0
  16. package/core/config-manager.js +360 -0
  17. package/core/index.js +223 -0
  18. package/core/learning-engine.js +588 -0
  19. package/core/mcp-compatibility.js +150 -0
  20. package/core/providers/aliyun/dms-adapter.js +98 -0
  21. package/core/providers/aliyun/redis-adapter.js +88 -0
  22. package/core/providers/aliyun/sls-adapter.js +86 -0
  23. package/core/providers/friday/flow-adapter.js +85 -0
  24. package/core/providers/friday/report-adapter.js +83 -0
  25. package/core/providers/yapi/yapi-adapter.js +79 -0
  26. package/core/providers/yuque/yuque-adapter.js +90 -0
  27. package/core/scene-matcher.js +326 -0
  28. package/core/skill-loader.js +291 -0
  29. package/package.json +67 -0
  30. package/scripts/migrate-config.js +153 -0
  31. package/skills/api-sync/SKILL.md +203 -0
  32. package/skills/archive-change/SKILL.md +172 -0
  33. package/skills/auto-flow/SKILL.md +277 -0
  34. package/skills/code-review/SKILL.md +206 -0
  35. package/skills/code-review-audit/SKILL.md +150 -0
  36. package/skills/data-logic-validation/SKILL.md +162 -0
  37. package/skills/data-validation/SKILL.md +210 -0
  38. package/skills/git-review/SKILL.md +190 -0
  39. package/skills/learning-engine/SKILL.md +352 -0
  40. package/skills/learning-feedback/SKILL.md +174 -0
  41. package/skills/log-audit/SKILL.md +226 -0
  42. package/skills/project-review/SKILL.md +196 -0
  43. package/skills/requirement-analyst/SKILL.md +275 -0
  44. package/skills/resource-bind/SKILL.md +222 -0
  45. package/skills/sls-log-audit/SKILL.md +223 -0
  46. package/skills/yapi-sync-interface/SKILL.md +145 -0
  47. package/skills/yuque-sync-design/SKILL.md +157 -0
@@ -0,0 +1,277 @@
1
+ ---
2
+ name: auto-flow
3
+ description: Automated workflow orchestration skill for FlowMind. Define, execute, and manage complex multi-step workflows.
4
+ metadata:
5
+ version: "1.0.0"
6
+ author: flowmind
7
+ category: automation
8
+ ---
9
+
10
+ # Auto Flow Skill
11
+
12
+ Define, execute, and manage complex multi-step workflows.
13
+
14
+ ## Features
15
+
16
+ ### ๐Ÿ”„ Workflow Execution
17
+ - Sequential steps
18
+ - Parallel execution
19
+ - Conditional branching
20
+ - Error handling
21
+
22
+ ### ๐Ÿ“‹ Workflow Templates
23
+ - Reusable workflows
24
+ - Parameterized steps
25
+ - Version control
26
+ - Team sharing
27
+
28
+ ### ๐Ÿ“Š Monitoring
29
+ - Step tracking
30
+ - Progress reporting
31
+ - Error logging
32
+ - Performance metrics
33
+
34
+ ## Trigger Patterns
35
+
36
+ ```
37
+ "่‡ชๅŠจๅŒ–", "automation", "workflow"
38
+ "ๆต็จ‹", "process", "pipeline"
39
+ "ๆ‰น้‡", "batch"
40
+ "ๅฎšๆ—ถ", "scheduled"
41
+ "ๅทฅไฝœๆต", "work flow"
42
+ ```
43
+
44
+ ## Workflow Definition
45
+
46
+ ### YAML Format
47
+
48
+ ```yaml
49
+ name: deploy-pipeline
50
+ description: Deploy to production
51
+
52
+ steps:
53
+ - name: test
54
+ action: run-tests
55
+ params:
56
+ coverage: true
57
+
58
+ - name: build
59
+ action: build-artifact
60
+ depends_on: [test]
61
+
62
+ - name: deploy-staging
63
+ action: deploy
64
+ params:
65
+ environment: staging
66
+ depends_on: [build]
67
+
68
+ - name: integration-test
69
+ action: run-integration-tests
70
+ depends_on: [deploy-staging]
71
+
72
+ - name: deploy-prod
73
+ action: deploy
74
+ params:
75
+ environment: production
76
+ depends_on: [integration-test]
77
+ when: "{{branch}} == 'main'"
78
+ ```
79
+
80
+ ## Output Format
81
+
82
+ ```
83
+ โ”Œโ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”
84
+ โ”‚ Workflow Execution โ”‚
85
+ โ”œโ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”ค
86
+ โ”‚ Workflow: {name} โ”‚
87
+ โ”‚ Status: {status} โ”‚
88
+ โ”‚ Progress: {progress}% โ”‚
89
+ โ”œโ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”ค
90
+ โ”‚ Steps: โ”‚
91
+ โ”‚ โœ“ test (2m 30s) โ”‚
92
+ โ”‚ โœ“ build (1m 15s) โ”‚
93
+ โ”‚ โœ“ deploy-staging (45s) โ”‚
94
+ โ”‚ โณ integration-test (running...) โ”‚
95
+ โ”‚ โ—‹ deploy-prod (pending) โ”‚
96
+ โ”œโ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”ค
97
+ โ”‚ Duration: 4m 30s โ”‚
98
+ โ”‚ ETA: 2m 15s โ”‚
99
+ โ””โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”˜
100
+ ```
101
+
102
+ ## Built-in Workflows
103
+
104
+ ### Development Workflow
105
+
106
+ ```yaml
107
+ name: dev-workflow
108
+ steps:
109
+ - name: code-review
110
+ skill: code-review
111
+
112
+ - name: test
113
+ skill: data-validation
114
+
115
+ - name: docs
116
+ skill: api-sync
117
+
118
+ - name: archive
119
+ skill: archive-change
120
+ ```
121
+
122
+ ### Deployment Workflow
123
+
124
+ ```yaml
125
+ name: deploy-workflow
126
+ steps:
127
+ - name: validate
128
+ action: validate-config
129
+
130
+ - name: backup
131
+ action: backup-database
132
+
133
+ - name: deploy
134
+ action: deploy-application
135
+
136
+ - name: verify
137
+ action: health-check
138
+
139
+ - name: notify
140
+ action: send-notification
141
+ ```
142
+
143
+ ## Learning Integration
144
+
145
+ This skill supports FlowMind learning:
146
+
147
+ - **Workflow Preferences**: Learns common workflows
148
+ - **Step Order**: Learns preferred step sequence
149
+ - **Error Handling**: Learns recovery preferences
150
+
151
+ ```
152
+ User: "้ƒจ็ฝฒๅ‰ๅ…ˆๅค‡ไปฝๆ•ฐๆฎๅบ“"
153
+ FlowMind: โœ“ Learned: Backup before deploy
154
+
155
+ User: [Next deploy]
156
+ FlowMind: [Includes backup step automatically]
157
+ ```
158
+
159
+ ## Examples
160
+
161
+ ### Example 1: Execute Workflow
162
+
163
+ ```
164
+ User: ๆ‰ง่กŒ้ƒจ็ฝฒๆต็จ‹
165
+
166
+ FlowMind:
167
+ โ”Œโ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”
168
+ โ”‚ Workflow: deploy-production โ”‚
169
+ โ”œโ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”ค
170
+ โ”‚ โœ“ validate (5s) โ”‚
171
+ โ”‚ โœ“ backup (2m 15s) โ”‚
172
+ โ”‚ โœ“ deploy (3m 30s) โ”‚
173
+ โ”‚ โœ“ verify (30s) โ”‚
174
+ โ”‚ โœ“ notify (5s) โ”‚
175
+ โ”œโ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”ค
176
+ โ”‚ Status: โœ“ Completed โ”‚
177
+ โ”‚ Duration: 6m 25s โ”‚
178
+ โ”‚ Environment: production โ”‚
179
+ โ””โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”˜
180
+ ```
181
+
182
+ ### Example 2: Custom Workflow
183
+
184
+ ```
185
+ User: ๅˆ›ๅปบไธ€ไธชไปฃ็ ๆไบคๆต็จ‹
186
+
187
+ FlowMind:
188
+ โ”Œโ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”
189
+ โ”‚ Workflow Created: code-commit โ”‚
190
+ โ”œโ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”ค
191
+ โ”‚ Steps: โ”‚
192
+ โ”‚ 1. lint - Run linter โ”‚
193
+ โ”‚ 2. test - Run tests โ”‚
194
+ โ”‚ 3. review - Code review โ”‚
195
+ โ”‚ 4. commit - Create commit โ”‚
196
+ โ”‚ 5. push - Push to remote โ”‚
197
+ โ”œโ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”ค
198
+ โ”‚ Usage: flowmind run code-commit โ”‚
199
+ โ””โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”˜
200
+ ```
201
+
202
+ ## Configuration
203
+
204
+ ```json
205
+ {
206
+ "auto-flow": {
207
+ "workflows": {
208
+ "path": "./workflows",
209
+ "autoDiscover": true
210
+ },
211
+ "execution": {
212
+ "parallel": true,
213
+ "maxConcurrent": 5,
214
+ "timeout": 3600
215
+ },
216
+ "notifications": {
217
+ "onComplete": true,
218
+ "onError": true
219
+ }
220
+ }
221
+ }
222
+ ```
223
+
224
+ ## Workflow Actions
225
+
226
+ ### Built-in Actions
227
+
228
+ | Action | Description |
229
+ |--------|-------------|
230
+ | `run-command` | Execute shell command |
231
+ | `run-tests` | Run test suite |
232
+ | `deploy` | Deploy application |
233
+ | `notify` | Send notification |
234
+ | `wait` | Wait for condition |
235
+ | `approve` | Request approval |
236
+
237
+ ### Custom Actions
238
+
239
+ ```json
240
+ {
241
+ "auto-flow": {
242
+ "actions": {
243
+ "my-action": {
244
+ "command": "npm run my-script",
245
+ "timeout": 300
246
+ }
247
+ }
248
+ }
249
+ }
250
+ ```
251
+
252
+ ## Error Handling
253
+
254
+ ### Retry Configuration
255
+
256
+ ```yaml
257
+ steps:
258
+ - name: deploy
259
+ action: deploy
260
+ retry:
261
+ max: 3
262
+ delay: 5000
263
+ backoff: exponential
264
+ ```
265
+
266
+ ### Failure Actions
267
+
268
+ ```yaml
269
+ steps:
270
+ - name: deploy
271
+ action: deploy
272
+ on_failure:
273
+ - action: rollback
274
+ - action: notify
275
+ params:
276
+ message: "Deploy failed!"
277
+ ```
@@ -0,0 +1,206 @@
1
+ ---
2
+ name: code-review
3
+ description: Code review and quality analysis skill for FlowMind. Analyze code for security vulnerabilities, style violations, and best practices.
4
+ metadata:
5
+ version: "1.0.0"
6
+ author: flowmind
7
+ category: quality
8
+ ---
9
+
10
+ # Code Review Skill
11
+
12
+ Analyze code for security vulnerabilities, style violations, and best practices.
13
+
14
+ ## Features
15
+
16
+ ### ๐Ÿ”’ Security Analysis
17
+ - SQL injection detection
18
+ - XSS vulnerability scanning
19
+ - Authentication issues
20
+ - Sensitive data exposure
21
+
22
+ ### ๐Ÿ“ Code Quality
23
+ - Style guide compliance
24
+ - Complexity analysis
25
+ - Code duplication detection
26
+ - Documentation completeness
27
+
28
+ ### โœ… Best Practices
29
+ - Design pattern adherence
30
+ - Error handling review
31
+ - Performance considerations
32
+ - Testing coverage
33
+
34
+ ## Trigger Patterns
35
+
36
+ ```
37
+ "ไปฃ็ ๅฎกๆŸฅ", "code review", "review"
38
+ "ๅฎ‰ๅ…จๆฃ€ๆŸฅ", "security check"
39
+ "ไปฃ็ ่ดจ้‡", "code quality"
40
+ "PRๅฎกๆŸฅ", "PR review"
41
+ "ไปฃ็ ่ง„่Œƒ", "style guide"
42
+ ```
43
+
44
+ ## Output Format
45
+
46
+ ```
47
+ โ”Œโ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”
48
+ โ”‚ Code Review Report โ”‚
49
+ โ”œโ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”ค
50
+ โ”‚ Files Analyzed: {count} โ”‚
51
+ โ”‚ Lines of Code: {loc} โ”‚
52
+ โ”œโ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”ค
53
+ โ”‚ Security Issues: {count} โ”‚
54
+ โ”‚ โ€ข [HIGH] {issue} at {file}:{line} โ”‚
55
+ โ”‚ โ€ข [MEDIUM] {issue} at {file}:{line} โ”‚
56
+ โ”œโ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”ค
57
+ โ”‚ Quality Issues: {count} โ”‚
58
+ โ”‚ โ€ข {issue} at {file}:{line} โ”‚
59
+ โ”œโ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”ค
60
+ โ”‚ Suggestions: โ”‚
61
+ โ”‚ โ€ข {suggestion} โ”‚
62
+ โ””โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”˜
63
+ ```
64
+
65
+ ## Review Categories
66
+
67
+ ### Security Checks
68
+
69
+ | Check | Severity | Description |
70
+ |-------|----------|-------------|
71
+ | SQL Injection | HIGH | Unsanitized user input in queries |
72
+ | XSS | HIGH | Unescaped output in templates |
73
+ | Hardcoded Secrets | HIGH | Credentials in source code |
74
+ | Weak Crypto | MEDIUM | Insecure encryption algorithms |
75
+
76
+ ### Quality Checks
77
+
78
+ | Check | Severity | Description |
79
+ |-------|----------|-------------|
80
+ | Complexity | MEDIUM | Functions too complex |
81
+ | Duplication | LOW | Duplicated code blocks |
82
+ | Documentation | LOW | Missing documentation |
83
+ | Naming | LOW | Poor naming conventions |
84
+
85
+ ## Learning Integration
86
+
87
+ This skill supports FlowMind learning:
88
+
89
+ - **Review Focus**: Learns which issues you care about most
90
+ - **Severity Levels**: Learns your severity preferences
91
+ - **Output Format**: Learns preferred report format
92
+
93
+ ```
94
+ User: "ๅ…ˆๆฃ€ๆŸฅๅฎ‰ๅ…จๆผๆดž"
95
+ FlowMind: โœ“ Learned: Security first for code review
96
+
97
+ User: [Next review]
98
+ FlowMind: [Prioritizes security issues]
99
+ ```
100
+
101
+ ## Examples
102
+
103
+ ### Example 1: Security Review
104
+
105
+ ```
106
+ User: ๆฃ€ๆŸฅ่ฟ™ไธชๆ–‡ไปถ็š„ๅฎ‰ๅ…จๆผๆดž
107
+
108
+ FlowMind:
109
+ โ”Œโ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”
110
+ โ”‚ Security Review โ”‚
111
+ โ”œโ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”ค
112
+ โ”‚ File: src/api/users.js โ”‚
113
+ โ”œโ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”ค
114
+ โ”‚ ๐Ÿ”ด HIGH: SQL Injection โ”‚
115
+ โ”‚ Line 45: query(`SELECT * FROM users WHERE id=${id}`)โ”‚
116
+ โ”‚ Fix: Use parameterized queries โ”‚
117
+ โ”œโ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”ค
118
+ โ”‚ ๐ŸŸก MEDIUM: Hardcoded Secret โ”‚
119
+ โ”‚ Line 12: const API_KEY = 'abc123' โ”‚
120
+ โ”‚ Fix: Use environment variables โ”‚
121
+ โ””โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”˜
122
+ ```
123
+
124
+ ### Example 2: Code Quality Review
125
+
126
+ ```
127
+ User: ๅฎกๆŸฅ่ฟ™ๆฎตไปฃ็ ็š„่ดจ้‡
128
+
129
+ FlowMind:
130
+ โ”Œโ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”
131
+ โ”‚ Code Quality Review โ”‚
132
+ โ”œโ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”ค
133
+ โ”‚ Function: processOrder โ”‚
134
+ โ”‚ Lines: 85 โ”‚
135
+ โ”‚ Complexity: 12 (HIGH) โ”‚
136
+ โ”œโ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”ค
137
+ โ”‚ Issues: โ”‚
138
+ โ”‚ โ€ข Function too long (85 lines) โ”‚
139
+ โ”‚ โ€ข High cyclomatic complexity โ”‚
140
+ โ”‚ โ€ข Missing error handling โ”‚
141
+ โ”œโ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”ค
142
+ โ”‚ Suggestions: โ”‚
143
+ โ”‚ โ€ข Split into smaller functions โ”‚
144
+ โ”‚ โ€ข Add try-catch blocks โ”‚
145
+ โ”‚ โ€ข Add unit tests โ”‚
146
+ โ””โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”˜
147
+ ```
148
+
149
+ ## Configuration
150
+
151
+ ```json
152
+ {
153
+ "code-review": {
154
+ "security": {
155
+ "enabled": true,
156
+ "severity": ["high", "medium", "low"]
157
+ },
158
+ "quality": {
159
+ "enabled": true,
160
+ "maxComplexity": 10,
161
+ "maxFunctionLength": 50
162
+ },
163
+ "style": {
164
+ "enabled": true,
165
+ "guide": "standard"
166
+ }
167
+ }
168
+ }
169
+ ```
170
+
171
+ ## Customization
172
+
173
+ ### Custom Rules
174
+
175
+ Add custom review rules:
176
+
177
+ ```json
178
+ {
179
+ "code-review": {
180
+ "customRules": [
181
+ {
182
+ "name": "no-console-log",
183
+ "pattern": "console\\.log",
184
+ "severity": "warning",
185
+ "message": "Remove console.log statements"
186
+ }
187
+ ]
188
+ }
189
+ }
190
+ ```
191
+
192
+ ### Ignore Patterns
193
+
194
+ Exclude files from review:
195
+
196
+ ```json
197
+ {
198
+ "code-review": {
199
+ "ignore": [
200
+ "**/test/**",
201
+ "**/*.test.js",
202
+ "**/node_modules/**"
203
+ ]
204
+ }
205
+ }
206
+ ```
@@ -0,0 +1,150 @@
1
+ ---
2
+ name: code-review-audit
3
+ description: Code review and security audit skill for FlowMind. Three-dimensional review: security audit, design compliance check, and mandatory constraint validation before merge or test.
4
+ metadata:
5
+ version: "1.0.0"
6
+ author: flowmind
7
+ category: quality
8
+ ---
9
+
10
+ # Code Review & Security Audit Skill
11
+
12
+ Three-dimensional code review: security audit, design compliance, and constraint validation.
13
+
14
+ ## Features
15
+
16
+ ### Security Audit
17
+ - SQL injection detection
18
+ - Hardcoded secrets scanning
19
+ - Sensitive data exposure in logs
20
+ - Unauthorized access detection
21
+ - XSS vulnerability scanning
22
+
23
+ ### Design Compliance
24
+ - Functional completeness check
25
+ - API consistency verification
26
+ - Database schema alignment
27
+ - Redis/Kafka design alignment
28
+ - Over-implementation detection
29
+
30
+ ### Mandatory Constraints
31
+ - Code quality constraints (inner classes, field remarks, method docs, complexity)
32
+ - Naming conventions (error codes, Kafka topics, Redis keys)
33
+ - Layered architecture (Controller/Service/Repository separation)
34
+ - Performance constraints (batch operations, timeout, parallel calls)
35
+ - Test coverage requirements
36
+
37
+ ## Trigger Patterns
38
+
39
+ ```
40
+ "ๅˆๅนถๅฎกๆ ธ", "ๆต‹่ฏ•ๅ‰ๅฎกๆ ธ"
41
+ "ไปฃ็ ๅฎกๆŸฅ", "code review", "review"
42
+ "MR ๅฎกๆ ธ", "PR review"
43
+ "ๅฎ‰ๅ…จๅฎกๆŸฅ", "security audit"
44
+ "่ฎพ่ฎกๅˆ่ง„", "design compliance"
45
+ ```
46
+
47
+ ## Output Format
48
+
49
+ ```
50
+ โ”Œโ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”
51
+ โ”‚ Code Review Report โ”‚
52
+ โ”œโ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”ค
53
+ โ”‚ Review Type: {merge/test} โ”‚
54
+ โ”‚ Files Changed: {count} โ”‚
55
+ โ”‚ Design Doc: {yes/no} โ”‚
56
+ โ”œโ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”ค
57
+ โ”‚ Security: {issues} โ”‚
58
+ โ”‚ Design Compliance: {status} โ”‚
59
+ โ”‚ Constraints: {violations} โ”‚
60
+ โ”œโ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”ค
61
+ โ”‚ Verdict: PASS / CONDITIONAL / FAIL โ”‚
62
+ โ”‚ Must Fix: {list} โ”‚
63
+ โ”‚ Suggestions: {list} โ”‚
64
+ โ””โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”˜
65
+ ```
66
+
67
+ ## Review Levels
68
+
69
+ | Level | Condition | Scope |
70
+ |-------|-----------|-------|
71
+ | micro | โ‰ค3 files, bug fix/config | Security + basic quality |
72
+ | small | โ‰ค5 files, single module | + naming, layering, tests |
73
+ | medium | โ‰ค15 files, API/DB/Redis | + performance, caching, exceptions |
74
+ | full | >15 files, cross-module | All constraints |
75
+
76
+ ## Learning Integration
77
+
78
+ This skill supports FlowMind learning:
79
+
80
+ - **Review Focus**: Learns which issues you care about most
81
+ - **Severity Levels**: Learns your severity preferences
82
+ - **Constraint Priority**: Learns which constraints to prioritize
83
+
84
+ ## Examples
85
+
86
+ ### Example 1: Merge Review
87
+
88
+ ```
89
+ User: ๅˆๅนถๅฎกๆ ธ
90
+
91
+ FlowMind:
92
+ โ”Œโ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”
93
+ โ”‚ Code Review Report โ”‚
94
+ โ”œโ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”ค
95
+ โ”‚ Review Type: Merge Review โ”‚
96
+ โ”‚ Files Changed: 5 โ”‚
97
+ โ”‚ Design Doc: openspec/changes/xxx/DESIGN.md โ”‚
98
+ โ”œโ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”ค
99
+ โ”‚ Security: 1 HIGH (SQL injection at line 45) โ”‚
100
+ โ”‚ Design Compliance: 2 features missing โ”‚
101
+ โ”‚ Constraints: 3 violations โ”‚
102
+ โ”œโ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”ค
103
+ โ”‚ Verdict: โŒ FAIL โ”‚
104
+ โ”‚ Must Fix: โ”‚
105
+ โ”‚ โ€ข SQL injection at UserService.java:45 โ”‚
106
+ โ”‚ โ€ข Missing Redis caching for store data โ”‚
107
+ โ””โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”˜
108
+ ```
109
+
110
+ ### Example 2: Security Review
111
+
112
+ ```
113
+ User: ๅฎ‰ๅ…จๅฎกๆŸฅ่ฟ™ไธชๆŽฅๅฃ
114
+
115
+ FlowMind:
116
+ โ”Œโ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”
117
+ โ”‚ Security Audit โ”‚
118
+ โ”œโ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”ค
119
+ โ”‚ ๐Ÿ”ด HIGH: Hardcoded API key at Config.java:12 โ”‚
120
+ โ”‚ Fix: Use environment variables โ”‚
121
+ โ”‚ ๐ŸŸก MEDIUM: Exception stack exposed to client โ”‚
122
+ โ”‚ Fix: Return generic error message โ”‚
123
+ โ”‚ ๐ŸŸข LOW: DEBUG level logging in production โ”‚
124
+ โ”‚ Fix: Set appropriate log level โ”‚
125
+ โ””โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”˜
126
+ ```
127
+
128
+ ## Configuration
129
+
130
+ ```json
131
+ {
132
+ "code-review-audit": {
133
+ "security": {
134
+ "enabled": true,
135
+ "severity": ["high", "medium", "low"]
136
+ },
137
+ "designCompliance": {
138
+ "enabled": true,
139
+ "checkOverImplementation": true
140
+ },
141
+ "constraints": {
142
+ "codeQuality": true,
143
+ "naming": true,
144
+ "layering": true,
145
+ "performance": true,
146
+ "testing": true
147
+ }
148
+ }
149
+ }
150
+ ```