foliko 1.0.74 → 1.0.76

package/.agent/rules/allow-rule.md

@@ -0,0 +1,77 @@
+---
+id: allow-rule-001
+name: "开发环境例外规则"
+description: "在开发环境中允许特定敏感文件写入"
+version: "1.0.0"
+author: "Development Team"
+
+# 触发条件
+trigger:
+  type: "on_tool_call"
+  conditions:
+    - tool_name: "file_write"
+    - path_matches: "**/.env.local"
+  scope: "global"
+
+# 优先级和冲突解决
+priority: 150  # 比安全规则更高的优先级
+conflict_resolution: "allow"
+override_priority: true  # 覆盖更高优先级的阻止规则
+
+# 执行动作
+steps:
+  - type: "allow"
+    name: "允许开发环境配置"
+    reason: "开发环境需要.local配置文件"
+    conditions:
+      - type: "javascript"
+        expression: "ctx.variables.environment === 'development'"
+
+# 验证条件
+conditions:
+  - type: "regex"
+    field: "tool.args.path"
+    pattern: "\\.local$"
+  - type: "javascript"
+    expression: "ctx.variables.environment === 'development' || ctx.variables.environment === 'test'"
+
+# 变量和上下文
+variables:
+  environment: "development"
+  allowed_users: ["developer", "tester", "admin"]
+
+# 日志和监控
+logging:
+  level: "info"
+  notify: []
+  retention_days: 7
+---
+
+# 开发环境例外规则
+
+## 规则说明
+
+此规则为开发环境提供例外，允许写入`.env.local`配置文件。在开发环境中，开发者需要能够创建本地配置文件以覆盖默认设置。
+
+## 适用条件
+
+1. **环境要求**: 仅适用于`development`或`test`环境
+2. **文件类型**: 仅适用于`.env.local`文件
+3. **用户权限**: 仅允许特定用户（developer, tester, admin）
+
+## 安全考虑
+
+虽然允许写入本地配置文件，但需要确保：
+- 不包含生产环境密钥
+- 不提交到版本控制系统
+- 定期清理过期配置
+
+## 监控
+
+所有允许的写入操作都会记录日志，供后续审计使用。
+
+## 相关规则
+
+- 开发环境安全规则
+- 配置文件管理规则
+- 版本控制排除规则

package/.agent/rules/log-rule.md

@@ -0,0 +1,83 @@
+---
+id: log-rule-001
+name: "工具调用审计规则"
+description: "记录所有工具调用用于审计和监控"
+version: "1.0.0"
+author: "Audit Team"
+
+# 触发条件
+trigger:
+  type: "on_tool_call"
+  conditions: []
+  scope: "global"
+
+# 优先级和冲突解决
+priority: 10  # 低优先级，不影响执行
+conflict_resolution: "log"
+
+# 执行动作
+steps:
+  - type: "log"
+    name: "记录工具调用"
+    logLevel: "info"
+    messageTemplate: "工具调用: {{tool.name}} 参数: {{tool.args}} 用户: {{user.id}} 时间: {{timestamp}}"
+    fields:
+      - "tool.name"
+      - "tool.args"
+      - "user.id"
+      - "session.id"
+      - "timestamp"
+
+# 验证条件
+conditions: []
+
+# 变量和上下文
+variables:
+  audit_enabled: true
+  retention_period: "90d"
+
+# 日志和监控
+logging:
+  level: "info"
+  notify: ["audit-log"]
+  retention_days: 90
+---
+
+# 工具调用审计规则
+
+## 规则说明
+
+此规则记录所有工具调用，用于系统审计、性能监控和故障排查。
+
+## 记录字段
+
+1. **工具名称**: 被调用的工具名称
+2. **调用参数**: 工具调用的参数（敏感信息会被过滤）
+3. **用户信息**: 发起调用的用户标识
+4. **会话信息**: 当前会话标识
+5. **时间戳**: 调用发生的时间
+6. **执行结果**: 工具执行的结果状态
+
+## 隐私保护
+
+为保护用户隐私和安全，以下信息会被过滤：
+- 密码、令牌等认证信息
+- 个人身份信息（PII）
+- 敏感业务数据
+
+## 存储策略
+
+审计日志会保留90天，之后自动归档或删除。紧急情况下可以延长保留期。
+
+## 使用场景
+
+1. **安全审计**: 检测异常工具调用模式
+2. **故障排查**: 分析系统问题和错误
+3. **性能监控**: 跟踪工具执行时间和频率
+4. **合规检查**: 满足监管和合规要求
+
+## 相关规则
+
+- 隐私保护规则
+- 数据保留规则
+- 异常检测规则

package/.agent/rules/security-rule.md

@@ -0,0 +1,93 @@
+---
+id: security-rule-001
+name: "文件系统安全规则"
+description: "限制对敏感目录和文件的访问"
+version: "1.0.0"
+author: "System Administrator"
+
+# 触发条件
+trigger:
+  type: "on_tool_call"
+  conditions:
+    - tool_name: "file_write"
+    - path_matches: "**/.env*"
+  scope: "global"
+
+# 优先级和冲突解决
+priority: 100  # 高优先级
+conflict_resolution: "block"
+
+# 执行动作
+steps:
+  - type: "block"
+    name: "阻止敏感文件写入"
+    message: "禁止写入敏感配置文件"
+    reason: "安全策略禁止写入.env等敏感配置文件"
+    requireApproval: false
+
+# 验证条件
+conditions:
+  - type: "regex"
+    field: "tool.args.path"
+    pattern: "^.*/\\.env"
+  - type: "regex"
+    field: "tool.args.path"
+    pattern: "^.*/passwd$"
+  - type: "regex"
+    field: "tool.args.path"
+    pattern: "^.*/shadow$"
+  - type: "regex"
+    field: "tool.args.path"
+    pattern: "^/etc/.*"
+  - type: "regex"
+    field: "tool.args.path"
+    pattern: "^/var/log/.*"
+
+# 变量和上下文
+variables:
+  allowed_paths: ["/tmp/", "/home/user/", "/var/www/"]
+  max_file_size: 10485760
+
+# 日志和监控
+logging:
+  level: "warn"
+  notify: ["security-channel"]
+  retention_days: 30
+---
+
+# 文件系统安全规则
+
+## 规则说明
+
+此规则用于保护系统敏感文件，防止未经授权的写入操作。
+
+## 保护范围
+
+1. **配置文件**: 所有`.env`文件（包含环境变量）
+2. **系统文件**: `/etc/passwd`, `/etc/shadow`等
+3. **日志文件**: `/var/log/`目录下的文件
+4. **其他敏感路径**: 根据正则表达式匹配
+
+## 例外情况
+
+以下路径允许写入：
+- `/tmp/` 临时目录
+- `/home/user/` 用户目录
+- `/var/www/` Web根目录
+
+## 审计日志
+
+所有被阻止的写入操作都会记录到安全审计日志中，安全团队会定期审查。
+
+## 紧急绕过
+
+在紧急情况下，可以通过以下方式临时禁用此规则：
+1. 将规则文件重命名为`.md.disabled`
+2. 联系安全团队获取临时令牌
+3. 通过管理界面临时禁用
+
+## 相关规则
+
+- 数据加密规则
+- 访问控制规则
+- 审计日志规则

package/.agent/scripts/auto_preview.py

@@ -0,0 +1,148 @@
+#!/usr/bin/env python3
+"""
+Auto Preview - Antigravity Kit
+==============================
+Manages (start/stop/status) the local development server for previewing the application.
+
+Usage:
+    python .agent/scripts/auto_preview.py start [port]
+    python .agent/scripts/auto_preview.py stop
+    python .agent/scripts/auto_preview.py status
+"""
+
+import os
+import sys
+import time
+import json
+import signal
+import argparse
+import subprocess
+from pathlib import Path
+
+AGENT_DIR = Path(".agent")
+PID_FILE = AGENT_DIR / "preview.pid"
+LOG_FILE = AGENT_DIR / "preview.log"
+
+def get_project_root():
+    return Path(".").resolve()
+
+def is_running(pid):
+    try:
+        os.kill(pid, 0)
+        return True
+    except OSError:
+        return False
+
+def get_start_command(root):
+    pkg_file = root / "package.json"
+    if not pkg_file.exists():
+        return None
+    
+    with open(pkg_file, 'r') as f:
+        data = json.load(f)
+    
+    scripts = data.get("scripts", {})
+    if "dev" in scripts:
+        return ["npm", "run", "dev"]
+    elif "start" in scripts:
+        return ["npm", "start"]
+    return None
+
+def start_server(port=3000):
+    if PID_FILE.exists():
+        try:
+            pid = int(PID_FILE.read_text().strip())
+            if is_running(pid):
+                print(f"⚠️  Preview already running (PID: {pid})")
+                return
+        except:
+            pass # Invalid PID file
+
+    root = get_project_root()
+    cmd = get_start_command(root)
+    
+    if not cmd:
+        print("❌ No 'dev' or 'start' script found in package.json")
+        sys.exit(1)
+    
+    # Add port env var if needed (simple heuristic)
+    env = os.environ.copy()
+    env["PORT"] = str(port)
+    
+    print(f"🚀 Starting preview on port {port}...")
+    
+    with open(LOG_FILE, "w") as log:
+        process = subprocess.Popen(
+            cmd,
+            cwd=str(root),
+            stdout=log,
+            stderr=log,
+            env=env,
+            shell=True # Required for npm on windows often, or consistent path handling
+        )
+    
+    PID_FILE.write_text(str(process.pid))
+    print(f"✅ Preview started! (PID: {process.pid})")
+    print(f"   Logs: {LOG_FILE}")
+    print(f"   URL: http://localhost:{port}")
+
+def stop_server():
+    if not PID_FILE.exists():
+        print("ℹ️  No preview server found.")
+        return
+
+    try:
+        pid = int(PID_FILE.read_text().strip())
+        if is_running(pid):
+            # Try gentle kill first
+            os.kill(pid, signal.SIGTERM) if sys.platform != 'win32' else subprocess.call(['taskkill', '/F', '/T', '/PID', str(pid)])
+            print(f"🛑 Preview stopped (PID: {pid})")
+        else:
+            print("ℹ️  Process was not running.")
+    except Exception as e:
+        print(f"❌ Error stopping server: {e}")
+    finally:
+        if PID_FILE.exists():
+            PID_FILE.unlink()
+
+def status_server():
+    running = False
+    pid = None
+    url = "Unknown"
+    
+    if PID_FILE.exists():
+        try:
+            pid = int(PID_FILE.read_text().strip())
+            if is_running(pid):
+                running = True
+                # Heuristic for URL, strictly we should save it
+                url = "http://localhost:3000" 
+        except:
+            pass
+            
+    print("\n=== Preview Status ===")
+    if running:
+        print(f"✅ Status: Running")
+        print(f"🔢 PID: {pid}")
+        print(f"🌐 URL: {url} (Likely)")
+        print(f"📝 Logs: {LOG_FILE}")
+    else:
+        print("⚪ Status: Stopped")
+    print("===================\n")
+
+def main():
+    parser = argparse.ArgumentParser()
+    parser.add_argument("action", choices=["start", "stop", "status"])
+    parser.add_argument("port", nargs="?", default="3000")
+    
+    args = parser.parse_args()
+    
+    if args.action == "start":
+        start_server(int(args.port))
+    elif args.action == "stop":
+        stop_server()
+    elif args.action == "status":
+        status_server()
+
+if __name__ == "__main__":
+    main()

package/.agent/scripts/checklist.py

@@ -0,0 +1,217 @@
+#!/usr/bin/env python3
+"""
+Master Checklist Runner - Antigravity Kit
+==========================================
+
+Orchestrates all validation scripts in priority order.
+Use this for incremental validation during development.
+
+Usage:
+    python scripts/checklist.py .                    # Run core checks
+    python scripts/checklist.py . --url <URL>        # Include performance checks
+
+Priority Order:
+    P0: Security Scan (vulnerabilities, secrets)
+    P1: Lint & Type Check (code quality)
+    P2: Schema Validation (if database exists)
+    P3: Test Runner (unit/integration tests)
+    P4: UX Audit (psychology laws, accessibility)
+    P5: SEO Check (meta tags, structure)
+    P6: Performance (lighthouse - requires URL)
+"""
+
+import sys
+import subprocess
+import argparse
+from pathlib import Path
+from typing import List, Tuple, Optional
+
+# ANSI colors for terminal output
+class Colors:
+    HEADER = '\033[95m'
+    BLUE = '\033[94m'
+    CYAN = '\033[96m'
+    GREEN = '\033[92m'
+    YELLOW = '\033[93m'
+    RED = '\033[91m'
+    ENDC = '\033[0m'
+    BOLD = '\033[1m'
+
+def print_header(text: str):
+    print(f"\n{Colors.BOLD}{Colors.CYAN}{'='*60}{Colors.ENDC}")
+    print(f"{Colors.BOLD}{Colors.CYAN}{text.center(60)}{Colors.ENDC}")
+    print(f"{Colors.BOLD}{Colors.CYAN}{'='*60}{Colors.ENDC}\n")
+
+def print_step(text: str):
+    print(f"{Colors.BOLD}{Colors.BLUE}🔄 {text}{Colors.ENDC}")
+
+def print_success(text: str):
+    print(f"{Colors.GREEN}✅ {text}{Colors.ENDC}")
+
+def print_warning(text: str):
+    print(f"{Colors.YELLOW}⚠️  {text}{Colors.ENDC}")
+
+def print_error(text: str):
+    print(f"{Colors.RED}❌ {text}{Colors.ENDC}")
+
+# Define priority-ordered checks
+CORE_CHECKS = [
+    ("Security Scan", ".agent/skills/vulnerability-scanner/scripts/security_scan.py", True),
+    ("Lint Check", ".agent/skills/lint-and-validate/scripts/lint_runner.py", True),
+    ("Schema Validation", ".agent/skills/database-design/scripts/schema_validator.py", False),
+    ("Test Runner", ".agent/skills/testing-patterns/scripts/test_runner.py", False),
+    ("UX Audit", ".agent/skills/frontend-design/scripts/ux_audit.py", False),
+    ("SEO Check", ".agent/skills/seo-fundamentals/scripts/seo_checker.py", False),
+]
+
+PERFORMANCE_CHECKS = [
+    ("Lighthouse Audit", ".agent/skills/performance-profiling/scripts/lighthouse_audit.py", True),
+    ("Playwright E2E", ".agent/skills/webapp-testing/scripts/playwright_runner.py", False),
+]
+
+def check_script_exists(script_path: Path) -> bool:
+    """Check if script file exists"""
+    return script_path.exists() and script_path.is_file()
+
+def run_script(name: str, script_path: Path, project_path: str, url: Optional[str] = None) -> dict:
+    """
+    Run a validation script and capture results
+    
+    Returns:
+        dict with keys: name, passed, output, skipped
+    """
+    if not check_script_exists(script_path):
+        print_warning(f"{name}: Script not found, skipping")
+        return {"name": name, "passed": True, "output": "", "skipped": True}
+    
+    print_step(f"Running: {name}")
+    
+    # Build command
+    cmd = ["python", str(script_path), project_path]
+    if url and ("lighthouse" in script_path.name.lower() or "playwright" in script_path.name.lower()):
+        cmd.append(url)
+    
+    # Run script
+    try:
+        result = subprocess.run(
+            cmd,
+            capture_output=True,
+            text=True,
+            timeout=300  # 5 minute timeout
+        )
+        
+        passed = result.returncode == 0
+        
+        if passed:
+            print_success(f"{name}: PASSED")
+        else:
+            print_error(f"{name}: FAILED")
+            if result.stderr:
+                print(f"  Error: {result.stderr[:200]}")
+        
+        return {
+            "name": name,
+            "passed": passed,
+            "output": result.stdout,
+            "error": result.stderr,
+            "skipped": False
+        }
+    
+    except subprocess.TimeoutExpired:
+        print_error(f"{name}: TIMEOUT (>5 minutes)")
+        return {"name": name, "passed": False, "output": "", "error": "Timeout", "skipped": False}
+    
+    except Exception as e:
+        print_error(f"{name}: ERROR - {str(e)}")
+        return {"name": name, "passed": False, "output": "", "error": str(e), "skipped": False}
+
+def print_summary(results: List[dict]):
+    """Print final summary report"""
+    print_header("📊 CHECKLIST SUMMARY")
+    
+    passed_count = sum(1 for r in results if r["passed"] and not r.get("skipped"))
+    failed_count = sum(1 for r in results if not r["passed"] and not r.get("skipped"))
+    skipped_count = sum(1 for r in results if r.get("skipped"))
+    
+    print(f"Total Checks: {len(results)}")
+    print(f"{Colors.GREEN}✅ Passed: {passed_count}{Colors.ENDC}")
+    print(f"{Colors.RED}❌ Failed: {failed_count}{Colors.ENDC}")
+    print(f"{Colors.YELLOW}⏭️  Skipped: {skipped_count}{Colors.ENDC}")
+    print()
+    
+    # Detailed results
+    for r in results:
+        if r.get("skipped"):
+            status = f"{Colors.YELLOW}⏭️ {Colors.ENDC}"
+        elif r["passed"]:
+            status = f"{Colors.GREEN}✅{Colors.ENDC}"
+        else:
+            status = f"{Colors.RED}❌{Colors.ENDC}"
+        
+        print(f"{status} {r['name']}")
+    
+    print()
+    
+    if failed_count > 0:
+        print_error(f"{failed_count} check(s) FAILED - Please fix before proceeding")
+        return False
+    else:
+        print_success("All checks PASSED ✨")
+        return True
+
+def main():
+    parser = argparse.ArgumentParser(
+        description="Run Antigravity Kit validation checklist",
+        formatter_class=argparse.RawDescriptionHelpFormatter,
+        epilog="""
+Examples:
+  python scripts/checklist.py .                      # Core checks only
+  python scripts/checklist.py . --url http://localhost:3000  # Include performance
+        """
+    )
+    parser.add_argument("project", help="Project path to validate")
+    parser.add_argument("--url", help="URL for performance checks (lighthouse, playwright)")
+    parser.add_argument("--skip-performance", action="store_true", help="Skip performance checks even if URL provided")
+    
+    args = parser.parse_args()
+    
+    project_path = Path(args.project).resolve()
+    
+    if not project_path.exists():
+        print_error(f"Project path does not exist: {project_path}")
+        sys.exit(1)
+    
+    print_header("🚀 ANTIGRAVITY KIT - MASTER CHECKLIST")
+    print(f"Project: {project_path}")
+    print(f"URL: {args.url if args.url else 'Not provided (performance checks skipped)'}")
+    
+    results = []
+    
+    # Run core checks
+    print_header("📋 CORE CHECKS")
+    for name, script_path, required in CORE_CHECKS:
+        script = project_path / script_path
+        result = run_script(name, script, str(project_path))
+        results.append(result)
+        
+        # If required check fails, stop
+        if required and not result["passed"] and not result.get("skipped"):
+            print_error(f"CRITICAL: {name} failed. Stopping checklist.")
+            print_summary(results)
+            sys.exit(1)
+    
+    # Run performance checks if URL provided
+    if args.url and not args.skip_performance:
+        print_header("⚡ PERFORMANCE CHECKS")
+        for name, script_path, required in PERFORMANCE_CHECKS:
+            script = project_path / script_path
+            result = run_script(name, script, str(project_path), args.url)
+            results.append(result)
+    
+    # Print summary
+    all_passed = print_summary(results)
+    
+    sys.exit(0 if all_passed else 1)
+
+if __name__ == "__main__":
+    main()