flowmind 1.0.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/LICENSE +21 -0
- package/README.md +855 -0
- package/README_CN.md +854 -0
- package/bin/flowmind.js +464 -0
- package/core/adapters/api-doc-adapter.js +71 -0
- package/core/adapters/base-adapter.js +80 -0
- package/core/adapters/database-manager-adapter.js +60 -0
- package/core/adapters/database-query-adapter.js +51 -0
- package/core/adapters/knowledge-base-adapter.js +75 -0
- package/core/adapters/log-service-adapter.js +41 -0
- package/core/adapters/mcp-adapter.js +65 -0
- package/core/adapters/report-adapter.js +60 -0
- package/core/adapters/workflow-adapter.js +62 -0
- package/core/component-registry.js +281 -0
- package/core/component-types.js +63 -0
- package/core/config-manager.js +360 -0
- package/core/index.js +223 -0
- package/core/learning-engine.js +588 -0
- package/core/mcp-compatibility.js +150 -0
- package/core/providers/aliyun/dms-adapter.js +98 -0
- package/core/providers/aliyun/redis-adapter.js +88 -0
- package/core/providers/aliyun/sls-adapter.js +86 -0
- package/core/providers/friday/flow-adapter.js +85 -0
- package/core/providers/friday/report-adapter.js +83 -0
- package/core/providers/yapi/yapi-adapter.js +79 -0
- package/core/providers/yuque/yuque-adapter.js +90 -0
- package/core/scene-matcher.js +326 -0
- package/core/skill-loader.js +291 -0
- package/package.json +67 -0
- package/scripts/migrate-config.js +153 -0
- package/skills/api-sync/SKILL.md +203 -0
- package/skills/archive-change/SKILL.md +172 -0
- package/skills/auto-flow/SKILL.md +277 -0
- package/skills/code-review/SKILL.md +206 -0
- package/skills/code-review-audit/SKILL.md +150 -0
- package/skills/data-logic-validation/SKILL.md +162 -0
- package/skills/data-validation/SKILL.md +210 -0
- package/skills/git-review/SKILL.md +190 -0
- package/skills/learning-engine/SKILL.md +352 -0
- package/skills/learning-feedback/SKILL.md +174 -0
- package/skills/log-audit/SKILL.md +226 -0
- package/skills/project-review/SKILL.md +196 -0
- package/skills/requirement-analyst/SKILL.md +275 -0
- package/skills/resource-bind/SKILL.md +222 -0
- package/skills/sls-log-audit/SKILL.md +223 -0
- package/skills/yapi-sync-interface/SKILL.md +145 -0
- package/skills/yuque-sync-design/SKILL.md +157 -0
|
@@ -0,0 +1,277 @@
|
|
|
1
|
+
---
|
|
2
|
+
name: auto-flow
|
|
3
|
+
description: Automated workflow orchestration skill for FlowMind. Define, execute, and manage complex multi-step workflows.
|
|
4
|
+
metadata:
|
|
5
|
+
version: "1.0.0"
|
|
6
|
+
author: flowmind
|
|
7
|
+
category: automation
|
|
8
|
+
---
|
|
9
|
+
|
|
10
|
+
# Auto Flow Skill
|
|
11
|
+
|
|
12
|
+
Define, execute, and manage complex multi-step workflows.
|
|
13
|
+
|
|
14
|
+
## Features
|
|
15
|
+
|
|
16
|
+
### ๐ Workflow Execution
|
|
17
|
+
- Sequential steps
|
|
18
|
+
- Parallel execution
|
|
19
|
+
- Conditional branching
|
|
20
|
+
- Error handling
|
|
21
|
+
|
|
22
|
+
### ๐ Workflow Templates
|
|
23
|
+
- Reusable workflows
|
|
24
|
+
- Parameterized steps
|
|
25
|
+
- Version control
|
|
26
|
+
- Team sharing
|
|
27
|
+
|
|
28
|
+
### ๐ Monitoring
|
|
29
|
+
- Step tracking
|
|
30
|
+
- Progress reporting
|
|
31
|
+
- Error logging
|
|
32
|
+
- Performance metrics
|
|
33
|
+
|
|
34
|
+
## Trigger Patterns
|
|
35
|
+
|
|
36
|
+
```
|
|
37
|
+
"่ชๅจๅ", "automation", "workflow"
|
|
38
|
+
"ๆต็จ", "process", "pipeline"
|
|
39
|
+
"ๆน้", "batch"
|
|
40
|
+
"ๅฎๆถ", "scheduled"
|
|
41
|
+
"ๅทฅไฝๆต", "work flow"
|
|
42
|
+
```
|
|
43
|
+
|
|
44
|
+
## Workflow Definition
|
|
45
|
+
|
|
46
|
+
### YAML Format
|
|
47
|
+
|
|
48
|
+
```yaml
|
|
49
|
+
name: deploy-pipeline
|
|
50
|
+
description: Deploy to production
|
|
51
|
+
|
|
52
|
+
steps:
|
|
53
|
+
- name: test
|
|
54
|
+
action: run-tests
|
|
55
|
+
params:
|
|
56
|
+
coverage: true
|
|
57
|
+
|
|
58
|
+
- name: build
|
|
59
|
+
action: build-artifact
|
|
60
|
+
depends_on: [test]
|
|
61
|
+
|
|
62
|
+
- name: deploy-staging
|
|
63
|
+
action: deploy
|
|
64
|
+
params:
|
|
65
|
+
environment: staging
|
|
66
|
+
depends_on: [build]
|
|
67
|
+
|
|
68
|
+
- name: integration-test
|
|
69
|
+
action: run-integration-tests
|
|
70
|
+
depends_on: [deploy-staging]
|
|
71
|
+
|
|
72
|
+
- name: deploy-prod
|
|
73
|
+
action: deploy
|
|
74
|
+
params:
|
|
75
|
+
environment: production
|
|
76
|
+
depends_on: [integration-test]
|
|
77
|
+
when: "{{branch}} == 'main'"
|
|
78
|
+
```
|
|
79
|
+
|
|
80
|
+
## Output Format
|
|
81
|
+
|
|
82
|
+
```
|
|
83
|
+
โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโ
|
|
84
|
+
โ Workflow Execution โ
|
|
85
|
+
โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโค
|
|
86
|
+
โ Workflow: {name} โ
|
|
87
|
+
โ Status: {status} โ
|
|
88
|
+
โ Progress: {progress}% โ
|
|
89
|
+
โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโค
|
|
90
|
+
โ Steps: โ
|
|
91
|
+
โ โ test (2m 30s) โ
|
|
92
|
+
โ โ build (1m 15s) โ
|
|
93
|
+
โ โ deploy-staging (45s) โ
|
|
94
|
+
โ โณ integration-test (running...) โ
|
|
95
|
+
โ โ deploy-prod (pending) โ
|
|
96
|
+
โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโค
|
|
97
|
+
โ Duration: 4m 30s โ
|
|
98
|
+
โ ETA: 2m 15s โ
|
|
99
|
+
โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโ
|
|
100
|
+
```
|
|
101
|
+
|
|
102
|
+
## Built-in Workflows
|
|
103
|
+
|
|
104
|
+
### Development Workflow
|
|
105
|
+
|
|
106
|
+
```yaml
|
|
107
|
+
name: dev-workflow
|
|
108
|
+
steps:
|
|
109
|
+
- name: code-review
|
|
110
|
+
skill: code-review
|
|
111
|
+
|
|
112
|
+
- name: test
|
|
113
|
+
skill: data-validation
|
|
114
|
+
|
|
115
|
+
- name: docs
|
|
116
|
+
skill: api-sync
|
|
117
|
+
|
|
118
|
+
- name: archive
|
|
119
|
+
skill: archive-change
|
|
120
|
+
```
|
|
121
|
+
|
|
122
|
+
### Deployment Workflow
|
|
123
|
+
|
|
124
|
+
```yaml
|
|
125
|
+
name: deploy-workflow
|
|
126
|
+
steps:
|
|
127
|
+
- name: validate
|
|
128
|
+
action: validate-config
|
|
129
|
+
|
|
130
|
+
- name: backup
|
|
131
|
+
action: backup-database
|
|
132
|
+
|
|
133
|
+
- name: deploy
|
|
134
|
+
action: deploy-application
|
|
135
|
+
|
|
136
|
+
- name: verify
|
|
137
|
+
action: health-check
|
|
138
|
+
|
|
139
|
+
- name: notify
|
|
140
|
+
action: send-notification
|
|
141
|
+
```
|
|
142
|
+
|
|
143
|
+
## Learning Integration
|
|
144
|
+
|
|
145
|
+
This skill supports FlowMind learning:
|
|
146
|
+
|
|
147
|
+
- **Workflow Preferences**: Learns common workflows
|
|
148
|
+
- **Step Order**: Learns preferred step sequence
|
|
149
|
+
- **Error Handling**: Learns recovery preferences
|
|
150
|
+
|
|
151
|
+
```
|
|
152
|
+
User: "้จ็ฝฒๅๅ
ๅคไปฝๆฐๆฎๅบ"
|
|
153
|
+
FlowMind: โ Learned: Backup before deploy
|
|
154
|
+
|
|
155
|
+
User: [Next deploy]
|
|
156
|
+
FlowMind: [Includes backup step automatically]
|
|
157
|
+
```
|
|
158
|
+
|
|
159
|
+
## Examples
|
|
160
|
+
|
|
161
|
+
### Example 1: Execute Workflow
|
|
162
|
+
|
|
163
|
+
```
|
|
164
|
+
User: ๆง่ก้จ็ฝฒๆต็จ
|
|
165
|
+
|
|
166
|
+
FlowMind:
|
|
167
|
+
โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโ
|
|
168
|
+
โ Workflow: deploy-production โ
|
|
169
|
+
โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโค
|
|
170
|
+
โ โ validate (5s) โ
|
|
171
|
+
โ โ backup (2m 15s) โ
|
|
172
|
+
โ โ deploy (3m 30s) โ
|
|
173
|
+
โ โ verify (30s) โ
|
|
174
|
+
โ โ notify (5s) โ
|
|
175
|
+
โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโค
|
|
176
|
+
โ Status: โ Completed โ
|
|
177
|
+
โ Duration: 6m 25s โ
|
|
178
|
+
โ Environment: production โ
|
|
179
|
+
โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโ
|
|
180
|
+
```
|
|
181
|
+
|
|
182
|
+
### Example 2: Custom Workflow
|
|
183
|
+
|
|
184
|
+
```
|
|
185
|
+
User: ๅๅปบไธไธชไปฃ็ ๆไบคๆต็จ
|
|
186
|
+
|
|
187
|
+
FlowMind:
|
|
188
|
+
โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโ
|
|
189
|
+
โ Workflow Created: code-commit โ
|
|
190
|
+
โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโค
|
|
191
|
+
โ Steps: โ
|
|
192
|
+
โ 1. lint - Run linter โ
|
|
193
|
+
โ 2. test - Run tests โ
|
|
194
|
+
โ 3. review - Code review โ
|
|
195
|
+
โ 4. commit - Create commit โ
|
|
196
|
+
โ 5. push - Push to remote โ
|
|
197
|
+
โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโค
|
|
198
|
+
โ Usage: flowmind run code-commit โ
|
|
199
|
+
โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโ
|
|
200
|
+
```
|
|
201
|
+
|
|
202
|
+
## Configuration
|
|
203
|
+
|
|
204
|
+
```json
|
|
205
|
+
{
|
|
206
|
+
"auto-flow": {
|
|
207
|
+
"workflows": {
|
|
208
|
+
"path": "./workflows",
|
|
209
|
+
"autoDiscover": true
|
|
210
|
+
},
|
|
211
|
+
"execution": {
|
|
212
|
+
"parallel": true,
|
|
213
|
+
"maxConcurrent": 5,
|
|
214
|
+
"timeout": 3600
|
|
215
|
+
},
|
|
216
|
+
"notifications": {
|
|
217
|
+
"onComplete": true,
|
|
218
|
+
"onError": true
|
|
219
|
+
}
|
|
220
|
+
}
|
|
221
|
+
}
|
|
222
|
+
```
|
|
223
|
+
|
|
224
|
+
## Workflow Actions
|
|
225
|
+
|
|
226
|
+
### Built-in Actions
|
|
227
|
+
|
|
228
|
+
| Action | Description |
|
|
229
|
+
|--------|-------------|
|
|
230
|
+
| `run-command` | Execute shell command |
|
|
231
|
+
| `run-tests` | Run test suite |
|
|
232
|
+
| `deploy` | Deploy application |
|
|
233
|
+
| `notify` | Send notification |
|
|
234
|
+
| `wait` | Wait for condition |
|
|
235
|
+
| `approve` | Request approval |
|
|
236
|
+
|
|
237
|
+
### Custom Actions
|
|
238
|
+
|
|
239
|
+
```json
|
|
240
|
+
{
|
|
241
|
+
"auto-flow": {
|
|
242
|
+
"actions": {
|
|
243
|
+
"my-action": {
|
|
244
|
+
"command": "npm run my-script",
|
|
245
|
+
"timeout": 300
|
|
246
|
+
}
|
|
247
|
+
}
|
|
248
|
+
}
|
|
249
|
+
}
|
|
250
|
+
```
|
|
251
|
+
|
|
252
|
+
## Error Handling
|
|
253
|
+
|
|
254
|
+
### Retry Configuration
|
|
255
|
+
|
|
256
|
+
```yaml
|
|
257
|
+
steps:
|
|
258
|
+
- name: deploy
|
|
259
|
+
action: deploy
|
|
260
|
+
retry:
|
|
261
|
+
max: 3
|
|
262
|
+
delay: 5000
|
|
263
|
+
backoff: exponential
|
|
264
|
+
```
|
|
265
|
+
|
|
266
|
+
### Failure Actions
|
|
267
|
+
|
|
268
|
+
```yaml
|
|
269
|
+
steps:
|
|
270
|
+
- name: deploy
|
|
271
|
+
action: deploy
|
|
272
|
+
on_failure:
|
|
273
|
+
- action: rollback
|
|
274
|
+
- action: notify
|
|
275
|
+
params:
|
|
276
|
+
message: "Deploy failed!"
|
|
277
|
+
```
|
|
@@ -0,0 +1,206 @@
|
|
|
1
|
+
---
|
|
2
|
+
name: code-review
|
|
3
|
+
description: Code review and quality analysis skill for FlowMind. Analyze code for security vulnerabilities, style violations, and best practices.
|
|
4
|
+
metadata:
|
|
5
|
+
version: "1.0.0"
|
|
6
|
+
author: flowmind
|
|
7
|
+
category: quality
|
|
8
|
+
---
|
|
9
|
+
|
|
10
|
+
# Code Review Skill
|
|
11
|
+
|
|
12
|
+
Analyze code for security vulnerabilities, style violations, and best practices.
|
|
13
|
+
|
|
14
|
+
## Features
|
|
15
|
+
|
|
16
|
+
### ๐ Security Analysis
|
|
17
|
+
- SQL injection detection
|
|
18
|
+
- XSS vulnerability scanning
|
|
19
|
+
- Authentication issues
|
|
20
|
+
- Sensitive data exposure
|
|
21
|
+
|
|
22
|
+
### ๐ Code Quality
|
|
23
|
+
- Style guide compliance
|
|
24
|
+
- Complexity analysis
|
|
25
|
+
- Code duplication detection
|
|
26
|
+
- Documentation completeness
|
|
27
|
+
|
|
28
|
+
### โ
Best Practices
|
|
29
|
+
- Design pattern adherence
|
|
30
|
+
- Error handling review
|
|
31
|
+
- Performance considerations
|
|
32
|
+
- Testing coverage
|
|
33
|
+
|
|
34
|
+
## Trigger Patterns
|
|
35
|
+
|
|
36
|
+
```
|
|
37
|
+
"ไปฃ็ ๅฎกๆฅ", "code review", "review"
|
|
38
|
+
"ๅฎๅ
จๆฃๆฅ", "security check"
|
|
39
|
+
"ไปฃ็ ่ดจ้", "code quality"
|
|
40
|
+
"PRๅฎกๆฅ", "PR review"
|
|
41
|
+
"ไปฃ็ ่ง่", "style guide"
|
|
42
|
+
```
|
|
43
|
+
|
|
44
|
+
## Output Format
|
|
45
|
+
|
|
46
|
+
```
|
|
47
|
+
โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโ
|
|
48
|
+
โ Code Review Report โ
|
|
49
|
+
โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโค
|
|
50
|
+
โ Files Analyzed: {count} โ
|
|
51
|
+
โ Lines of Code: {loc} โ
|
|
52
|
+
โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโค
|
|
53
|
+
โ Security Issues: {count} โ
|
|
54
|
+
โ โข [HIGH] {issue} at {file}:{line} โ
|
|
55
|
+
โ โข [MEDIUM] {issue} at {file}:{line} โ
|
|
56
|
+
โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโค
|
|
57
|
+
โ Quality Issues: {count} โ
|
|
58
|
+
โ โข {issue} at {file}:{line} โ
|
|
59
|
+
โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโค
|
|
60
|
+
โ Suggestions: โ
|
|
61
|
+
โ โข {suggestion} โ
|
|
62
|
+
โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโ
|
|
63
|
+
```
|
|
64
|
+
|
|
65
|
+
## Review Categories
|
|
66
|
+
|
|
67
|
+
### Security Checks
|
|
68
|
+
|
|
69
|
+
| Check | Severity | Description |
|
|
70
|
+
|-------|----------|-------------|
|
|
71
|
+
| SQL Injection | HIGH | Unsanitized user input in queries |
|
|
72
|
+
| XSS | HIGH | Unescaped output in templates |
|
|
73
|
+
| Hardcoded Secrets | HIGH | Credentials in source code |
|
|
74
|
+
| Weak Crypto | MEDIUM | Insecure encryption algorithms |
|
|
75
|
+
|
|
76
|
+
### Quality Checks
|
|
77
|
+
|
|
78
|
+
| Check | Severity | Description |
|
|
79
|
+
|-------|----------|-------------|
|
|
80
|
+
| Complexity | MEDIUM | Functions too complex |
|
|
81
|
+
| Duplication | LOW | Duplicated code blocks |
|
|
82
|
+
| Documentation | LOW | Missing documentation |
|
|
83
|
+
| Naming | LOW | Poor naming conventions |
|
|
84
|
+
|
|
85
|
+
## Learning Integration
|
|
86
|
+
|
|
87
|
+
This skill supports FlowMind learning:
|
|
88
|
+
|
|
89
|
+
- **Review Focus**: Learns which issues you care about most
|
|
90
|
+
- **Severity Levels**: Learns your severity preferences
|
|
91
|
+
- **Output Format**: Learns preferred report format
|
|
92
|
+
|
|
93
|
+
```
|
|
94
|
+
User: "ๅ
ๆฃๆฅๅฎๅ
จๆผๆด"
|
|
95
|
+
FlowMind: โ Learned: Security first for code review
|
|
96
|
+
|
|
97
|
+
User: [Next review]
|
|
98
|
+
FlowMind: [Prioritizes security issues]
|
|
99
|
+
```
|
|
100
|
+
|
|
101
|
+
## Examples
|
|
102
|
+
|
|
103
|
+
### Example 1: Security Review
|
|
104
|
+
|
|
105
|
+
```
|
|
106
|
+
User: ๆฃๆฅ่ฟไธชๆไปถ็ๅฎๅ
จๆผๆด
|
|
107
|
+
|
|
108
|
+
FlowMind:
|
|
109
|
+
โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโ
|
|
110
|
+
โ Security Review โ
|
|
111
|
+
โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโค
|
|
112
|
+
โ File: src/api/users.js โ
|
|
113
|
+
โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโค
|
|
114
|
+
โ ๐ด HIGH: SQL Injection โ
|
|
115
|
+
โ Line 45: query(`SELECT * FROM users WHERE id=${id}`)โ
|
|
116
|
+
โ Fix: Use parameterized queries โ
|
|
117
|
+
โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโค
|
|
118
|
+
โ ๐ก MEDIUM: Hardcoded Secret โ
|
|
119
|
+
โ Line 12: const API_KEY = 'abc123' โ
|
|
120
|
+
โ Fix: Use environment variables โ
|
|
121
|
+
โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโ
|
|
122
|
+
```
|
|
123
|
+
|
|
124
|
+
### Example 2: Code Quality Review
|
|
125
|
+
|
|
126
|
+
```
|
|
127
|
+
User: ๅฎกๆฅ่ฟๆฎตไปฃ็ ็่ดจ้
|
|
128
|
+
|
|
129
|
+
FlowMind:
|
|
130
|
+
โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโ
|
|
131
|
+
โ Code Quality Review โ
|
|
132
|
+
โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโค
|
|
133
|
+
โ Function: processOrder โ
|
|
134
|
+
โ Lines: 85 โ
|
|
135
|
+
โ Complexity: 12 (HIGH) โ
|
|
136
|
+
โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโค
|
|
137
|
+
โ Issues: โ
|
|
138
|
+
โ โข Function too long (85 lines) โ
|
|
139
|
+
โ โข High cyclomatic complexity โ
|
|
140
|
+
โ โข Missing error handling โ
|
|
141
|
+
โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโค
|
|
142
|
+
โ Suggestions: โ
|
|
143
|
+
โ โข Split into smaller functions โ
|
|
144
|
+
โ โข Add try-catch blocks โ
|
|
145
|
+
โ โข Add unit tests โ
|
|
146
|
+
โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโ
|
|
147
|
+
```
|
|
148
|
+
|
|
149
|
+
## Configuration
|
|
150
|
+
|
|
151
|
+
```json
|
|
152
|
+
{
|
|
153
|
+
"code-review": {
|
|
154
|
+
"security": {
|
|
155
|
+
"enabled": true,
|
|
156
|
+
"severity": ["high", "medium", "low"]
|
|
157
|
+
},
|
|
158
|
+
"quality": {
|
|
159
|
+
"enabled": true,
|
|
160
|
+
"maxComplexity": 10,
|
|
161
|
+
"maxFunctionLength": 50
|
|
162
|
+
},
|
|
163
|
+
"style": {
|
|
164
|
+
"enabled": true,
|
|
165
|
+
"guide": "standard"
|
|
166
|
+
}
|
|
167
|
+
}
|
|
168
|
+
}
|
|
169
|
+
```
|
|
170
|
+
|
|
171
|
+
## Customization
|
|
172
|
+
|
|
173
|
+
### Custom Rules
|
|
174
|
+
|
|
175
|
+
Add custom review rules:
|
|
176
|
+
|
|
177
|
+
```json
|
|
178
|
+
{
|
|
179
|
+
"code-review": {
|
|
180
|
+
"customRules": [
|
|
181
|
+
{
|
|
182
|
+
"name": "no-console-log",
|
|
183
|
+
"pattern": "console\\.log",
|
|
184
|
+
"severity": "warning",
|
|
185
|
+
"message": "Remove console.log statements"
|
|
186
|
+
}
|
|
187
|
+
]
|
|
188
|
+
}
|
|
189
|
+
}
|
|
190
|
+
```
|
|
191
|
+
|
|
192
|
+
### Ignore Patterns
|
|
193
|
+
|
|
194
|
+
Exclude files from review:
|
|
195
|
+
|
|
196
|
+
```json
|
|
197
|
+
{
|
|
198
|
+
"code-review": {
|
|
199
|
+
"ignore": [
|
|
200
|
+
"**/test/**",
|
|
201
|
+
"**/*.test.js",
|
|
202
|
+
"**/node_modules/**"
|
|
203
|
+
]
|
|
204
|
+
}
|
|
205
|
+
}
|
|
206
|
+
```
|
|
@@ -0,0 +1,150 @@
|
|
|
1
|
+
---
|
|
2
|
+
name: code-review-audit
|
|
3
|
+
description: Code review and security audit skill for FlowMind. Three-dimensional review: security audit, design compliance check, and mandatory constraint validation before merge or test.
|
|
4
|
+
metadata:
|
|
5
|
+
version: "1.0.0"
|
|
6
|
+
author: flowmind
|
|
7
|
+
category: quality
|
|
8
|
+
---
|
|
9
|
+
|
|
10
|
+
# Code Review & Security Audit Skill
|
|
11
|
+
|
|
12
|
+
Three-dimensional code review: security audit, design compliance, and constraint validation.
|
|
13
|
+
|
|
14
|
+
## Features
|
|
15
|
+
|
|
16
|
+
### Security Audit
|
|
17
|
+
- SQL injection detection
|
|
18
|
+
- Hardcoded secrets scanning
|
|
19
|
+
- Sensitive data exposure in logs
|
|
20
|
+
- Unauthorized access detection
|
|
21
|
+
- XSS vulnerability scanning
|
|
22
|
+
|
|
23
|
+
### Design Compliance
|
|
24
|
+
- Functional completeness check
|
|
25
|
+
- API consistency verification
|
|
26
|
+
- Database schema alignment
|
|
27
|
+
- Redis/Kafka design alignment
|
|
28
|
+
- Over-implementation detection
|
|
29
|
+
|
|
30
|
+
### Mandatory Constraints
|
|
31
|
+
- Code quality constraints (inner classes, field remarks, method docs, complexity)
|
|
32
|
+
- Naming conventions (error codes, Kafka topics, Redis keys)
|
|
33
|
+
- Layered architecture (Controller/Service/Repository separation)
|
|
34
|
+
- Performance constraints (batch operations, timeout, parallel calls)
|
|
35
|
+
- Test coverage requirements
|
|
36
|
+
|
|
37
|
+
## Trigger Patterns
|
|
38
|
+
|
|
39
|
+
```
|
|
40
|
+
"ๅๅนถๅฎกๆ ธ", "ๆต่ฏๅๅฎกๆ ธ"
|
|
41
|
+
"ไปฃ็ ๅฎกๆฅ", "code review", "review"
|
|
42
|
+
"MR ๅฎกๆ ธ", "PR review"
|
|
43
|
+
"ๅฎๅ
จๅฎกๆฅ", "security audit"
|
|
44
|
+
"่ฎพ่ฎกๅ่ง", "design compliance"
|
|
45
|
+
```
|
|
46
|
+
|
|
47
|
+
## Output Format
|
|
48
|
+
|
|
49
|
+
```
|
|
50
|
+
โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโ
|
|
51
|
+
โ Code Review Report โ
|
|
52
|
+
โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโค
|
|
53
|
+
โ Review Type: {merge/test} โ
|
|
54
|
+
โ Files Changed: {count} โ
|
|
55
|
+
โ Design Doc: {yes/no} โ
|
|
56
|
+
โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโค
|
|
57
|
+
โ Security: {issues} โ
|
|
58
|
+
โ Design Compliance: {status} โ
|
|
59
|
+
โ Constraints: {violations} โ
|
|
60
|
+
โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโค
|
|
61
|
+
โ Verdict: PASS / CONDITIONAL / FAIL โ
|
|
62
|
+
โ Must Fix: {list} โ
|
|
63
|
+
โ Suggestions: {list} โ
|
|
64
|
+
โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโ
|
|
65
|
+
```
|
|
66
|
+
|
|
67
|
+
## Review Levels
|
|
68
|
+
|
|
69
|
+
| Level | Condition | Scope |
|
|
70
|
+
|-------|-----------|-------|
|
|
71
|
+
| micro | โค3 files, bug fix/config | Security + basic quality |
|
|
72
|
+
| small | โค5 files, single module | + naming, layering, tests |
|
|
73
|
+
| medium | โค15 files, API/DB/Redis | + performance, caching, exceptions |
|
|
74
|
+
| full | >15 files, cross-module | All constraints |
|
|
75
|
+
|
|
76
|
+
## Learning Integration
|
|
77
|
+
|
|
78
|
+
This skill supports FlowMind learning:
|
|
79
|
+
|
|
80
|
+
- **Review Focus**: Learns which issues you care about most
|
|
81
|
+
- **Severity Levels**: Learns your severity preferences
|
|
82
|
+
- **Constraint Priority**: Learns which constraints to prioritize
|
|
83
|
+
|
|
84
|
+
## Examples
|
|
85
|
+
|
|
86
|
+
### Example 1: Merge Review
|
|
87
|
+
|
|
88
|
+
```
|
|
89
|
+
User: ๅๅนถๅฎกๆ ธ
|
|
90
|
+
|
|
91
|
+
FlowMind:
|
|
92
|
+
โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโ
|
|
93
|
+
โ Code Review Report โ
|
|
94
|
+
โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโค
|
|
95
|
+
โ Review Type: Merge Review โ
|
|
96
|
+
โ Files Changed: 5 โ
|
|
97
|
+
โ Design Doc: openspec/changes/xxx/DESIGN.md โ
|
|
98
|
+
โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโค
|
|
99
|
+
โ Security: 1 HIGH (SQL injection at line 45) โ
|
|
100
|
+
โ Design Compliance: 2 features missing โ
|
|
101
|
+
โ Constraints: 3 violations โ
|
|
102
|
+
โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโค
|
|
103
|
+
โ Verdict: โ FAIL โ
|
|
104
|
+
โ Must Fix: โ
|
|
105
|
+
โ โข SQL injection at UserService.java:45 โ
|
|
106
|
+
โ โข Missing Redis caching for store data โ
|
|
107
|
+
โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโ
|
|
108
|
+
```
|
|
109
|
+
|
|
110
|
+
### Example 2: Security Review
|
|
111
|
+
|
|
112
|
+
```
|
|
113
|
+
User: ๅฎๅ
จๅฎกๆฅ่ฟไธชๆฅๅฃ
|
|
114
|
+
|
|
115
|
+
FlowMind:
|
|
116
|
+
โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโ
|
|
117
|
+
โ Security Audit โ
|
|
118
|
+
โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโค
|
|
119
|
+
โ ๐ด HIGH: Hardcoded API key at Config.java:12 โ
|
|
120
|
+
โ Fix: Use environment variables โ
|
|
121
|
+
โ ๐ก MEDIUM: Exception stack exposed to client โ
|
|
122
|
+
โ Fix: Return generic error message โ
|
|
123
|
+
โ ๐ข LOW: DEBUG level logging in production โ
|
|
124
|
+
โ Fix: Set appropriate log level โ
|
|
125
|
+
โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโ
|
|
126
|
+
```
|
|
127
|
+
|
|
128
|
+
## Configuration
|
|
129
|
+
|
|
130
|
+
```json
|
|
131
|
+
{
|
|
132
|
+
"code-review-audit": {
|
|
133
|
+
"security": {
|
|
134
|
+
"enabled": true,
|
|
135
|
+
"severity": ["high", "medium", "low"]
|
|
136
|
+
},
|
|
137
|
+
"designCompliance": {
|
|
138
|
+
"enabled": true,
|
|
139
|
+
"checkOverImplementation": true
|
|
140
|
+
},
|
|
141
|
+
"constraints": {
|
|
142
|
+
"codeQuality": true,
|
|
143
|
+
"naming": true,
|
|
144
|
+
"layering": true,
|
|
145
|
+
"performance": true,
|
|
146
|
+
"testing": true
|
|
147
|
+
}
|
|
148
|
+
}
|
|
149
|
+
}
|
|
150
|
+
```
|