npm - soloforge - Versions diffs - 1.3.2 → 1.3.4 - Mend

soloforge 1.3.2 → 1.3.4

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (124) hide show

package/templates/knowledge/rules//346/225/217/346/204/237/344/277/241/346/201/257/346/227/245/345/277/227/350/247/204/345/210/231.md ADDED Viewed

@@ -0,0 +1,69 @@
+---
+name: 敏感信息日志规则
+scope:
+  - '*'
+products:
+  - '*'
+id: ka-hard-rule-敏感信息日志规则
+asset_kind: hard_rule
+lifecycle_status: active
+authority: canonical
+owner_mechanism_id: mc-code-maintainability-observability-contract
+routes:
+  - code_change
+  - artifact_generation
+primary_triggers:
+  - 日志
+  - 输出
+  - console
+  - print
+  - log
+secondary_triggers:
+  - 敏感信息
+  - 脱敏
+  - 隐私
+negative_triggers:
+  - 文案
+  - 样式
+priority: P0
+specificity: 5
+consumes:
+  - mc-code-maintainability-observability-contract
+hard_blocks:
+  - sensitive_log_leak
+  - plaintext_credential_in_output
+fallback: manual_required
+required_evidence:
+  - sensitive_log_scan_result
+  - review_findings
+version: 1.0.0
+last_reviewed: '2026-05-26'
+---
+## 敏感信息绝对禁止进入日志
+以下字段必须脱敏或禁止输出到任何日志通道：
+### P0 阻断（发现即 hard_fail）
+- password / passwd / pwd：禁止明文输出
+- token / api_key / access_key / secret_key / private_key：禁止明文输出
+- cookie / session_id / set_cookie：禁止输出完整值
+- 身份证号：禁止输出 15/18 位全量
+- 手机号：禁止输出 11 位全量
+- 银行卡号：禁止输出全量
+- 健康隐私信息（病历、诊断、处方）
+### 脱敏要求
+- 手机号：仅显示前 3 后 4（如 138****5678）
+- 身份证：仅显示前 3 后 4（如 310***********1234）
+- 银行卡：仅显示后 4 位（如 ****5678）
+- token/密钥：仅显示前 4 位或哈希值
+### 检查范围
+- 用户项目代码中的日志输出语句
+- 不检查测试文件中的 fixture 或 mock
+- 不检查 SoloForge 自身日志（已有独立治理）
+### 误判防范
+- 变量名含 password 但实际是布尔标志（如 requires_password）不误判
+- 仅检查实际输出到日志的值，不检查声明和赋值

package/templates/knowledge/rules//346/227/245/345/277/227/346/262/273/347/220/206/350/247/204/345/210/231.md ADDED Viewed

@@ -0,0 +1,49 @@
+---
+name: 日志治理规则
+scope:
+  - '*'
+products:
+  - '*'
+id: ka-hard-rule-日志治理规则
+asset_kind: hard_rule
+lifecycle_status: active
+authority: canonical
+owner_mechanism_id: mc-log-governance
+routes:
+  - verification
+  - operation
+primary_triggers:
+  - 日志治理
+  - 输出噪音
+  - json 输出
+secondary_triggers:
+  - user feedback
+  - logger
+negative_triggers:
+  - 用户项目业务日志
+priority: P1
+specificity: 4
+consumes:
+  - log_governance
+hard_blocks:
+  - raw_output_noise
+  - json_stdout_pollution
+  - direct_console_output
+fallback: manual_required
+required_evidence:
+  - log_governance_report
+version: 1.0.0
+last_reviewed: '2026-05-26'
+status: active
+---
+# 日志治理规则
+SoloForge 自身输出必须通过统一日志模块，用户可见输出不得混入内部治理噪音。
+## 硬规则
+- CLI 和 MCP 用户可见输出必须中文语义优先。
+- `--json` 模式 stdout 必须是纯 JSON。
+- 引擎内部 trace 默认不得输出。
+- 直接 `console` 输出只能存在于日志封装层。

package/templates/knowledge/rules//346/234/272/345/210/266/350/207/252/346/262/273/347/220/206/350/247/204/345/210/231.md ADDED Viewed

@@ -0,0 +1,48 @@
+---
+name: 机制自治理规则
+scope:
+  - '*'
+products:
+  - '*'
+id: ka-hard-rule-机制自治理规则
+asset_kind: hard_rule
+lifecycle_status: active
+authority: canonical
+owner_mechanism_id: mc-mechanism-health
+routes:
+  - verification
+  - operation
+primary_triggers:
+  - 机制健康
+  - 主链路消费
+  - 死代码
+secondary_triggers:
+  - lazy import
+  - mechanism id
+negative_triggers:
+  - 普通业务编码
+priority: P1
+specificity: 4
+consumes:
+  - mechanism_health_check
+hard_blocks:
+  - lazy_dead_import
+  - unconsumed_mechanism
+fallback: manual_required
+required_evidence:
+  - mechanism_health_report
+version: 1.0.0
+last_reviewed: '2026-05-26'
+status: active
+---
+# 机制自治理规则
+所有新增机制必须有真实生产消费路径，不能只停留在注册表、测试或文档。
+## 硬规则
+- 引擎模块导出的核心函数必须被 CLI、MCP handler 或 release gate 消费。
+- `lazy*` 声明必须在 handler 或治理入口中实际调用。
+- `mechanism_id` 必须在双层注册、机制合同和资产清单中保持一致。
+- 行为测试必须包含 must-fail 和 must-pass，不得只验证文件存在。

package/templates/knowledge/rules//346/240/207/345/207/206/350/265/204/344/272/247/350/246/206/347/233/226/350/247/204/345/210/231.md CHANGED Viewed

@@ -1,3 +1,46 @@
+---
+name: 标准资产覆盖规则
+scope:
+  - '*'
+products:
+  - '*'
+id: ka-hard-rule-标准资产覆盖规则
+asset_kind: hard_rule
+lifecycle_status: active
+authority: canonical
+owner_mechanism_id: mc-standard-asset-coverage
+routes:
+  - artifact_generation
+  - code_change
+  - operation
+primary_triggers:
+  - 标准资产覆盖
+  - 模板覆盖
+  - 资产契约
+secondary_triggers:
+  - templates
+  - asset coverage
+negative_triggers: []
+priority: P0
+specificity: 5
+consumes:
+  - template_asset_contract_registry
+  - explicit_asset_registry
+  - observed_consumption
+hard_blocks:
+  - unregistered_template_asset
+  - missing_runtime_consumer
+  - missing_revalidation_entrypoint
+fallback: manual_required
+required_evidence:
+  - asset_contract
+  - consumption_evidence
+  - validation_entrypoint
+version: 1.0.0
+last_reviewed: '2026-05-26'
+status: active
+---
 # 标准资产覆盖规则
 ## 覆盖范围

package/templates/knowledge/rules//346/250/241/346/235/277/350/265/204/344/272/247/345/217/257/350/247/201/346/200/247/350/247/204/345/210/231.md CHANGED Viewed

@@ -1,3 +1,47 @@
+---
+name: 模板资产可见性规则
+scope:
+  - '*'
+products:
+  - '*'
+id: ka-hard-rule-模板资产可见性规则
+asset_kind: hard_rule
+lifecycle_status: active
+authority: canonical
+owner_mechanism_id: mc-template-asset-visibility
+routes:
+  - operation
+  - code_change
+  - artifact_generation
+primary_triggers:
+  - 模板资产可见性
+  - 内部资产
+  - 知识同步
+secondary_triggers:
+  - sync-templates
+  - init
+  - visibility
+negative_triggers: []
+priority: P0
+specificity: 5
+consumes:
+  - template_asset_contract_registry
+  - template_init_sync
+  - knowledge_index_manager
+hard_blocks:
+  - internal_asset_leak
+  - cross_stack_injection
+  - unregistered_asset_sync
+fallback: manual_required
+required_evidence:
+  - visibility_contract
+  - sync_manifest
+  - runtime_consumption_trace
+version: 1.0.0
+last_reviewed: '2026-05-26'
+status: active
+---
 # 模板资产可见性规则
 ## 适用范围

package/templates/knowledge/rules//347/237/245/350/257/206/346/262/273/347/220/206/350/247/204/345/210/231.md ADDED Viewed

@@ -0,0 +1,50 @@
+---
+name: 知识治理规则
+scope:
+  - '*'
+products:
+  - '*'
+id: ka-hard-rule-知识治理规则
+asset_kind: hard_rule
+lifecycle_status: active
+authority: canonical
+owner_mechanism_id: mc-knowledge-governance
+routes:
+  - verification
+  - operation
+  - knowledge_update
+primary_triggers:
+  - 知识治理
+  - 知识演进
+  - 文档治理
+secondary_triggers:
+  - 中文语义
+  - language policy
+negative_triggers:
+  - 普通代码修改
+priority: P0
+specificity: 5
+consumes:
+  - knowledge_governance_gate
+hard_blocks:
+  - promotion_without_evidence
+  - unauthorized_design_doc_fact
+  - language_policy_missing
+fallback: manual_required
+required_evidence:
+  - knowledge_governance_report
+version: 1.0.0
+last_reviewed: '2026-05-26'
+status: active
+---
+# 知识治理规则
+知识资产从草稿、演进、同步到注入必须有统一治理入口。
+## 硬规则
+- 知识晋级必须有证据，不能由 AI 推理直接变成核心事实。
+- 中文优先项目的用户可见语义不得被英文默认模板污染。
+- 设计文档只能承载已验证事实，不能承载施工日志或未验证假设。
+- 多语言策略必须显式声明，不能用日志或 stderr 替代用户反馈。

package/templates/knowledge/rules//351/200/232/347/224/250/345/206/263/347/255/226/347/240/224/350/256/250/350/247/204/345/210/231.md CHANGED Viewed

@@ -1,3 +1,50 @@
+---
+name: 通用决策研讨规则
+scope:
+  - '*'
+products:
+  - '*'
+id: ka-hard-rule-通用决策研讨规则
+asset_kind: hard_rule
+lifecycle_status: active
+authority: canonical
+owner_mechanism_id: mc-decision-workshop
+routes:
+  - analysis
+  - artifact_generation
+  - code_change
+primary_triggers:
+  - 决策研讨
+  - 技术选型
+  - 数据迁移
+  - 安全策略
+secondary_triggers:
+  - 架构设计
+  - 部署
+  - 重构
+  - 第三方集成
+negative_triggers:
+  - 简单说明
+  - 低风险改字
+priority: P0
+specificity: 5
+consumes:
+  - decision_workshop
+  - architecture_decision_workshop
+hard_blocks:
+  - unconfirmed_decision_domain
+  - missing_candidate_options
+  - missing_user_confirmation
+fallback: manual_required
+required_evidence:
+  - decision_workshop
+  - user_confirmation_ref
+  - decision_domain_status
+version: 1.0.0
+last_reviewed: '2026-05-26'
+status: active
+---
 # 通用决策研讨规则
 ## 触发条件

package/templates/knowledge/rules//351/205/215/347/275/256/350/220/275/347/233/230/350/276/271/347/225/214/350/247/204/345/210/231.md ADDED Viewed

@@ -0,0 +1,47 @@
+---
+name: 配置落盘边界规则
+scope:
+  - '*'
+products:
+  - '*'
+id: ka-hard-rule-配置落盘边界规则
+asset_kind: hard_rule
+lifecycle_status: active
+authority: canonical
+owner_mechanism_id: mc-config-write-boundary
+routes:
+  - operation
+primary_triggers:
+  - init
+  - sync-templates
+  - 配置落盘
+secondary_triggers:
+  - config.yaml
+  - .soloforge
+negative_triggers:
+  - 只读验证
+priority: P1
+specificity: 4
+consumes:
+  - config_write_boundary
+hard_blocks:
+  - runtime_inference_persisted
+  - existing_project_write_without_confirm
+fallback: manual_required
+required_evidence:
+  - config_write_decision
+version: 1.0.0
+last_reviewed: '2026-05-26'
+status: active
+---
+# 配置落盘边界规则
+运行时推断、已有项目探测和空项目蓝图必须区分处理。
+## 硬规则
+- 运行时推断结果不得自动写入项目配置。
+- 已有项目写入 `.soloforge/`、`.mcp.json`、`CLAUDE.md` 或 adapter 配置时必须有用户确认。
+- 空项目初始化可以创建 SoloForge 管理文件。
+- 同步模板不得覆盖用户已修改资产。

package/templates/knowledge/rules//351/252/214/346/224/266/346/250/241/346/235/277/350/276/223/345/207/272/345/245/221/347/272/246/350/247/204/345/210/231.md CHANGED Viewed

@@ -1,3 +1,49 @@
+---
+name: 验收模板输出契约规则
+scope:
+  - '*'
+products:
+  - '*'
+id: ka-hard-rule-验收模板输出契约规则
+asset_kind: hard_rule
+lifecycle_status: active
+authority: canonical
+owner_mechanism_id: mc-standard-asset-contract
+routes:
+  - artifact_generation
+  - code_change
+  - verification
+primary_triggers:
+  - 验收模板
+  - 标准输出
+  - 设计产物
+secondary_triggers:
+  - API接口规格
+  - 数据库设计
+  - 架构设计
+negative_triggers:
+  - 普通解释
+  - 简单 bugfix
+priority: P0
+specificity: 5
+consumes:
+  - standard_asset_contract
+  - design_artifact_pack
+  - repair_reverify_directive
+hard_blocks:
+  - template_contract_violation
+  - draft_artifact_consumed
+  - missing_authoritative_asset
+fallback: manual_required
+required_evidence:
+  - template_contract_result
+  - authoritative_asset
+  - repair_reverify_result
+version: 1.0.0
+last_reviewed: '2026-05-26'
+status: active
+---
 # 验收模板输出契约规则
 ## 触发条件

package/templates/patterns/SOLID/350/256/276/350/256/241/350/247/204/350/214/203.md ADDED Viewed

@@ -0,0 +1,39 @@
+---
+name: solid-design-pattern
+when: 'SOLID, 面向对象设计, 职责划分, 依赖倒置, 接口隔离'
+scope:
+  - backend
+  - frontend
+products:
+  - '*'
+id: ka-pattern-solid-design
+asset_kind: pattern
+lifecycle_status: active
+authority: supporting
+owner_mechanism_id: mc-ood-solid-contract
+routes:
+  - code_change
+primary_triggers:
+  - SOLID
+  - 面向对象设计
+priority: P1
+specificity: 5
+version: 1.0.0
+last_reviewed: '2026-05-26'
+consumes:
+  - mc-ood-solid-contract
+emits: []
+secondary_triggers: []
+negative_triggers: []
+type: pattern
+status: active
+---
+## 规则
+- 一个类只承担一个清晰可验证的业务原因。
+- 新增行为优先扩展端口或策略，避免修改大量既有条件分支。
+- 子类型必须保持父契约的有效输入、输出和错误语义。
+- 接口按消费者需要拆分，禁止空实现和不支持异常。
+- 业务核心依赖抽象，基础设施实现由装配层注入。
+- 简单修改不建立无用抽象层，避免为原则之名过度设计。

package/templates/patterns//345/220/216/347/253/257/345/256/236/347/216/260/345/267/245/347/250/213/350/247/204/350/214/203.md ADDED Viewed

@@ -0,0 +1,39 @@
+---
+name: backend-implementation-engineering
+when: 'Controller, DTO, API实现, 事务, 幂等, 权限, 后端编码'
+scope:
+  - backend
+products:
+  - '*'
+id: ka-pattern-backend-implementation-engineering
+asset_kind: pattern
+lifecycle_status: active
+authority: supporting
+owner_mechanism_id: mc-backend-implementation-contract
+routes:
+  - code_change
+primary_triggers:
+  - 后端实现
+  - API实现
+priority: P1
+specificity: 5
+version: 1.0.0
+last_reviewed: '2026-05-26'
+consumes:
+  - mc-backend-implementation-contract
+emits: []
+secondary_triggers: []
+negative_triggers: []
+type: pattern
+status: active
+---
+## 工程规则
+- Controller 入参与出参按接口语义使用 DTO/VO，不暴露数据库实体。
+- 参数必须验证必填、长度、枚举、金额、日期区间和关联对象存在性。
+- 列表接口限制 page size 并对白名单排序；响应使用统一分页对象。
+- 写操作在 Service 定义清晰事务边界；外部调用不放在长事务内。
+- 支付、回调、创建与状态流转具备幂等键、并发控制和重复提交测试。
+- 敏感操作必须校验权限和租户，并产出可追踪审计记录。
+- OpenAPI、字段表、错误码和 migration 必须与实现同步复验。