sumulige-claude 1.2.0 → 1.3.0

package/.claude/rag/skill-index.json

@@ -1,15 +1,154 @@
 {
+  "version": "2.0.0",
+  "last_updated": "2026-01-22",
+  "description": "Optimized skill index - merged 9 skills into 4 core skills",
   "skills": [
     {
-      "name": "api-tester",
-      "description": "TODO: Add description for api-tester",
-      "keywords": [
-        "api tester"
-      ],
-      "path": ".claude/skills/api-tester/SKILL.md"
+      "name": "frontend-design",
+      "keywords": ["frontend", "ui", "react", "vue", "svelte", "design", "interface", "component", "web", "styling", "tailwind", "css"],
+      "description": "Create distinctive, production-grade frontend interfaces with high design quality",
+      "trigger": "when user asks to build web components, pages, artifacts, posters, or applications"
+    },
+    {
+      "name": "docx",
+      "keywords": ["docx", "word", "document", "office", "microsoft", "doc", "editing", "tracked changes", "comments"],
+      "description": "Comprehensive document creation, editing, and analysis with support for tracked changes and comments",
+      "trigger": "when working with .docx files for creating, editing, or analyzing documents"
+    },
+    {
+      "name": "pdf",
+      "keywords": ["pdf", "form", "fill", "extract", "merge", "split", "acrobat", "fillable"],
+      "description": "Comprehensive PDF manipulation toolkit for extracting text, creating new PDFs, and handling forms",
+      "trigger": "when working with PDF forms, extraction, or programmatic processing"
+    },
+    {
+      "name": "pptx",
+      "keywords": ["pptx", "powerpoint", "slide", "presentation", "deck", "microsoft", "office"],
+      "description": "Presentation creation, editing, and analysis with layout support",
+      "trigger": "when working with presentations (.pptx files)"
+    },
+    {
+      "name": "xlsx",
+      "keywords": ["xlsx", "excel", "spreadsheet", "csv", "tsv", "formula", "chart", "data analysis"],
+      "description": "Comprehensive spreadsheet creation, editing, and analysis with formula support",
+      "trigger": "when working with spreadsheets for reading, analyzing, or creating data"
+    },
+    {
+      "name": "canvas-design",
+      "keywords": ["art", "design", "canvas", "poster", "visual", "creative", "generative", "algorithmic"],
+      "description": "Create beautiful visual art in .png and .pdf documents using design philosophy",
+      "trigger": "when user asks to create a poster, piece of art, design, or other static visual piece"
+    },
+    {
+      "name": "mcp-builder",
+      "keywords": ["mcp", "api", "server", "integration", "tool", "model context protocol", "external service"],
+      "description": "Guide for creating high-quality MCP servers that enable LLMs to interact with external services",
+      "trigger": "when building MCP servers to integrate external APIs or services"
+    },
+    {
+      "name": "webapp-testing",
+      "keywords": ["browser", "automation", "screenshot", "puppeteer", "scraping"],
+      "description": "Toolkit for interacting with and testing local web applications using Playwright",
+      "trigger": "when testing frontend functionality, debugging UI behavior, or capturing browser screenshots"
+    },
+    {
+      "name": "orchestration",
+      "keywords": ["agent", "multi-agent", "workflow", "coordination", "parallel", "distributed"],
+      "description": "Multi-agent orchestration with cc-mirror tasks and domain-specific workflows",
+      "trigger": "when coordinating multiple agents or workflows for complex tasks"
+    },
+    {
+      "name": "algorithmic-art",
+      "keywords": ["p5.js", "generative", "algorithmic", "art", "creative", "random", "flow field", "particle"],
+      "description": "Creating algorithmic art using p5.js with seeded randomness and interactive parameter exploration",
+      "trigger": "when user requests creating art using code, generative art, or algorithmic art"
+    },
+    {
+      "name": "slack-gif-creator",
+      "keywords": ["gif", "slack", "animated", "animation", "meme", "visual"],
+      "description": "Knowledge and utilities for creating animated GIFs optimized for Slack",
+      "trigger": "when user requests animated GIFs for Slack"
+    },
+    {
+      "name": "theme-factory",
+      "keywords": ["theme", "style", "color", "typography", "branding", "design system"],
+      "description": "Toolkit for styling artifacts with a theme - 10 pre-set themes with colors/fonts",
+      "trigger": "when applying consistent theming to documents, slides, or web pages"
+    },
+    {
+      "name": "skill-creator",
+      "keywords": ["skill", "create skill", "custom skill", "extend", "workflow"],
+      "description": "Guide for creating effective skills that extend Claude's capabilities",
+      "trigger": "when user wants to create a new skill or update an existing skill"
+    },
+    {
+      "name": "doc-coauthoring",
+      "keywords": ["documentation", "doc", "proposal", "spec", "technical spec", "decision doc", "writing"],
+      "description": "Guide users through structured workflow for co-authoring documentation",
+      "trigger": "when user wants to write documentation, proposals, technical specs, or decision docs"
+    },
+    {
+      "name": "brand-guidelines",
+      "keywords": ["brand", "anthropic", "color", "typography", "style", "guidelines"],
+      "description": "Applies Anthropic's official brand colors and typography to artifacts",
+      "trigger": "when brand colors or style guidelines apply to the artifact"
+    },
+    {
+      "name": "internal-comms",
+      "keywords": ["internal", "communication", "status report", "newsletter", "faq", "company", "update"],
+      "description": "Resources for writing internal communications in company-preferred formats",
+      "trigger": "when asked to write internal communications like status reports or newsletters"
+    },
+    {
+      "name": "web-artifacts-builder",
+      "keywords": ["artifact", "html", "react", "complex", "state", "routing", "shadcn"],
+      "description": "Tools for creating elaborate, multi-component HTML artifacts using modern frontend web technologies",
+      "trigger": "for complex artifacts requiring state management, routing, or shadcn/ui components"
+    },
+    {
+      "name": "quality-guard",
+      "keywords": ["review", "security", "quality", "lint", "code review", "vulnerability", "owasp", "dead code", "refactor", "cleanup"],
+      "description": "Code quality guardian - merged: code review + security check + dead code cleanup. Supports --security, --clean modes.",
+      "trigger": "when reviewing code, checking security, or cleaning up dead code",
+      "model": "sonnet"
+    },
+    {
+      "name": "test-master",
+      "keywords": ["test", "tdd", "e2e", "playwright", "coverage", "unit test", "jest", "vitest"],
+      "description": "Test master - merged: TDD workflow + E2E testing. Supports --tdd, --e2e, --coverage modes.",
+      "trigger": "when writing tests, doing TDD, running E2E tests, or checking coverage",
+      "model": "sonnet"
+    },
+    {
+      "name": "design-brain",
+      "keywords": ["plan", "design", "architecture", "system design", "technical decision", "strategy"],
+      "description": "Design brain - merged: planner + architect. Supports --quick (default) and --deep modes.",
+      "trigger": "when planning implementation or making architecture decisions",
+      "model": "opus"
+    },
+    {
+      "name": "quick-fix",
+      "keywords": ["fix", "build error", "compile error", "type error", "lint error", "tsc"],
+      "description": "Quick fixer - fast build/lint/type error resolution using haiku model for speed and cost efficiency.",
+      "trigger": "when build fails, type errors occur, or lint errors need fixing",
+      "model": "haiku"
     }
   ],
   "auto_load": {
-    "enabled": true
+    "enabled": true,
+    "confidence_threshold": 0.7,
+    "max_skills_per_task": 3
+  },
+  "fallback": {
+    "enabled": true,
+    "skill": "frontend-design"
+  },
+  "model_strategy": {
+    "description": "Cost-optimized model selection",
+    "rules": [
+      { "pattern": "quick-fix", "model": "haiku", "reason": "Fast, simple fixes" },
+      { "pattern": "quality-guard|test-master", "model": "sonnet", "reason": "Standard tasks" },
+      { "pattern": "design-brain", "model": "opus", "reason": "Complex architecture only" }
+    ]
   }
-}
+}

package/.claude/rules/coding-style.md

@@ -0,0 +1,119 @@
+# Coding Style Rules
+
+> 代码风格规则 - 所有代码必须遵守
+
+## 不可变性 (CRITICAL)
+
+**始终创建新对象，永不变异：**
+
+```javascript
+// ❌ 错误：变异
+function updateUser(user, name) {
+  user.name = name  // 变异！
+  return user
+}
+
+// ✅ 正确：不可变
+function updateUser(user, name) {
+  return {
+    ...user,
+    name
+  }
+}
+```
+
+## 文件组织
+
+**多个小文件 > 少数大文件：**
+
+| 规则 | 阈值 |
+|------|------|
+| 典型文件 | 200-400 行 |
+| 最大文件 | 800 行 |
+| 组织方式 | 按功能/领域，而非按类型 |
+
+原则：高内聚，低耦合
+
+## 错误处理
+
+**始终全面处理错误：**
+
+```typescript
+try {
+  const result = await riskyOperation()
+  return result
+} catch (error) {
+  console.error('Operation failed:', error)
+  throw new Error('用户友好的详细错误信息')
+}
+```
+
+## 输入验证
+
+**始终验证用户输入：**
+
+```typescript
+import { z } from 'zod'
+
+const schema = z.object({
+  email: z.string().email(),
+  age: z.number().int().min(0).max(150)
+})
+
+const validated = schema.parse(input)
+```
+
+## 代码质量检查清单
+
+完成工作前确认：
+
+- [ ] 代码可读、命名良好
+- [ ] 函数小（< 50 行）
+- [ ] 文件聚焦（< 800 行）
+- [ ] 无深嵌套（> 4 层）
+- [ ] 适当的错误处理
+- [ ] 无 console.log 语句
+- [ ] 无硬编码值
+- [ ] 无变异（使用不可变模式）
+
+## 命名规范
+
+| 类型 | 规范 | 示例 |
+|------|------|------|
+| 变量 | camelCase | `userName`, `isActive` |
+| 常量 | SCREAMING_SNAKE | `MAX_RETRY`, `API_URL` |
+| 函数 | camelCase, 动词开头 | `getUserById`, `validateInput` |
+| 类/组件 | PascalCase | `UserProfile`, `DataService` |
+| 文件 | kebab-case 或 PascalCase | `user-service.ts`, `UserProfile.tsx` |
+
+## 禁止的模式
+
+```typescript
+// ❌ 魔法数字
+if (status === 200) { ... }
+
+// ✅ 使用常量
+const HTTP_OK = 200
+if (status === HTTP_OK) { ... }
+
+// ❌ 变量名不清晰
+const x = getUser()
+const tmp = process(data)
+
+// ✅ 描述性命名
+const currentUser = getUser()
+const processedData = process(data)
+
+// ❌ 直接变异数组
+arr.push(item)
+arr.sort()
+
+// ✅ 创建新数组
+const newArr = [...arr, item]
+const sortedArr = [...arr].sort()
+```
+
+## 相关命令
+
+- `/code-review` - 代码审查
+- `/refactor-clean` - 重构清理

package/.claude/rules/hooks.md

@@ -0,0 +1,288 @@
+# Hooks 最佳实践
+
+> 自动化钩子使用指南 - 融合自 everything-claude-code
+
+## Hook 类型
+
+| 类型 | 触发时机 | 用途 |
+|------|---------|------|
+| PreToolUse | 工具执行前 | 验证、准备、确认 |
+| PostToolUse | 工具执行后 | 格式化、检查、通知 |
+| Stop | 会话结束时 | 总结、清理、保存 |
+
+## 推荐的 Hook 配置
+
+### PreToolUse Hooks
+
+**1. Git Push 审查**
+
+在 `git push` 前确认分支和状态：
+
+```javascript
+// hooks/git-push-review.cjs
+module.exports = {
+  event: 'PreToolUse',
+  condition: (input) => {
+    return input.tool === 'Bash' &&
+           input.input?.command?.includes('git push')
+  },
+  action: async (input, context) => {
+    // 获取当前分支
+    const branch = execSync('git branch --show-current').toString().trim()
+
+    // 检查是否推送到 main/master
+    if (branch === 'main' || branch === 'master') {
+      return {
+        decision: 'ask',
+        message: `即将推送到 ${branch} 分支，确认继续？`
+      }
+    }
+
+    return { decision: 'allow' }
+  }
+}
+```
+
+**2. 敏感文件保护**
+
+防止修改关键配置文件：
+
+```javascript
+// hooks/protect-sensitive.cjs
+const PROTECTED_PATTERNS = [
+  '.env',
+  'credentials',
+  'secrets',
+  '*.pem',
+  '*.key'
+]
+
+module.exports = {
+  event: 'PreToolUse',
+  condition: (input) => {
+    return ['Write', 'Edit'].includes(input.tool)
+  },
+  action: async (input, context) => {
+    const filePath = input.input?.file_path || ''
+
+    for (const pattern of PROTECTED_PATTERNS) {
+      if (filePath.includes(pattern) ||
+          filePath.endsWith(pattern.replace('*', ''))) {
+        return {
+          decision: 'ask',
+          message: `即将修改敏感文件 ${filePath}，确认继续？`
+        }
+      }
+    }
+
+    return { decision: 'allow' }
+  }
+}
+```
+
+### PostToolUse Hooks
+
+**1. 自动格式化**
+
+写入文件后自动运行 Prettier：
+
+```javascript
+// hooks/auto-format.cjs
+const { execSync } = require('child_process')
+
+const FORMATTABLE_EXTENSIONS = [
+  '.js', '.jsx', '.ts', '.tsx',
+  '.json', '.md', '.css', '.scss'
+]
+
+module.exports = {
+  event: 'PostToolUse',
+  condition: (input, output) => {
+    if (!['Write', 'Edit'].includes(input.tool)) return false
+
+    const filePath = input.input?.file_path || ''
+    return FORMATTABLE_EXTENSIONS.some(ext => filePath.endsWith(ext))
+  },
+  action: async (input, output, context) => {
+    const filePath = input.input?.file_path
+
+    try {
+      execSync(`npx prettier --write "${filePath}"`, {
+        stdio: 'pipe'
+      })
+      return { message: `已格式化: ${filePath}` }
+    } catch (error) {
+      // Prettier 未安装或格式化失败，静默处理
+      return null
+    }
+  }
+}
+```
+
+**2. TypeScript 类型检查**
+
+编辑 TS 文件后检查类型：
+
+```javascript
+// hooks/type-check.cjs
+const { execSync } = require('child_process')
+
+module.exports = {
+  event: 'PostToolUse',
+  condition: (input, output) => {
+    if (!['Write', 'Edit'].includes(input.tool)) return false
+
+    const filePath = input.input?.file_path || ''
+    return filePath.endsWith('.ts') || filePath.endsWith('.tsx')
+  },
+  action: async (input, output, context) => {
+    try {
+      execSync('npx tsc --noEmit', {
+        stdio: 'pipe',
+        timeout: 30000
+      })
+      return { message: '类型检查通过' }
+    } catch (error) {
+      const stderr = error.stderr?.toString() || ''
+      if (stderr.includes('error')) {
+        return {
+          message: `类型错误:\n${stderr.slice(0, 500)}`
+        }
+      }
+      return null
+    }
+  }
+}
+```
+
+**3. Console.log 警告**
+
+检测遗留的调试语句：
+
+```javascript
+// hooks/console-warning.cjs
+const fs = require('fs')
+
+module.exports = {
+  event: 'PostToolUse',
+  condition: (input, output) => {
+    if (!['Write', 'Edit'].includes(input.tool)) return false
+
+    const filePath = input.input?.file_path || ''
+    return filePath.endsWith('.ts') ||
+           filePath.endsWith('.tsx') ||
+           filePath.endsWith('.js') ||
+           filePath.endsWith('.jsx')
+  },
+  action: async (input, output, context) => {
+    const filePath = input.input?.file_path
+
+    try {
+      const content = fs.readFileSync(filePath, 'utf-8')
+      const consoleMatches = content.match(/console\.(log|debug|info)\(/g)
+
+      if (consoleMatches && consoleMatches.length > 0) {
+        return {
+          message: `警告: 文件中有 ${consoleMatches.length} 个 console 语句，提交前请移除`
+        }
+      }
+    } catch (error) {
+      // 文件读取失败，静默处理
+    }
+
+    return null
+  }
+}
+```
+
+### Stop Hooks
+
+**会话总结**
+
+会话结束时生成进度总结：
+
+```javascript
+// hooks/session-summary.cjs
+module.exports = {
+  event: 'Stop',
+  action: async (context) => {
+    const summary = {
+      timestamp: new Date().toISOString(),
+      filesModified: context.modifiedFiles || [],
+      tasksCompleted: context.completedTasks || [],
+      pendingTasks: context.pendingTasks || []
+    }
+
+    // 保存到会话日志
+    const logPath = '.claude/session-logs/latest.json'
+    fs.writeFileSync(logPath, JSON.stringify(summary, null, 2))
+
+    return {
+      message: `会话已保存，修改了 ${summary.filesModified.length} 个文件`
+    }
+  }
+}
+```
+
+## Hook 编写原则
+
+### 1. 快速执行
+
+```
+Hook 不应阻塞主流程超过 2 秒
+使用超时保护
+异步操作不要等待
+```
+
+### 2. 静默失败
+
+```
+Hook 失败不应中断主流程
+记录错误但继续执行
+提供有意义的错误信息
+```
+
+### 3. 最小权限
+
+```
+只请求必要的权限
+不修改不相关的文件
+不执行危险命令
+```
+
+### 4. 可配置
+
+```
+支持通过环境变量配置
+允许禁用特定 hook
+提供合理的默认值
+```
+
+## 现有 Hooks 清单
+
+当前项目 `.claude/hooks/` 已有：
+
+| Hook | 功能 |
+|------|------|
+| code-formatter.cjs | 代码格式化 |
+| multi-session.cjs | 多会话管理 |
+| project-kickoff.cjs | 项目初始化 |
+| rag-skill-loader.cjs | RAG 技能加载 |
+| session-restore.cjs | 会话恢复 |
+| session-save.cjs | 会话保存 |
+| todo-manager.cjs | TODO 管理 |
+| verify-work.cjs | 工作验证 |
+
+## 调试 Hooks
+
+```bash
+# 启用 hook 调试日志
+export CLAUDE_HOOK_DEBUG=true
+
+# 查看 hook 执行日志
+tail -f .claude/logs/hooks.log
+```
+
+---
+
+**记住**：Hooks 是强大的自动化工具，但要谨慎使用。过多的 hooks 会影响性能，过于激进的 hooks 会干扰正常工作流程。

package/.claude/rules/performance.md

@@ -0,0 +1,78 @@
+# Performance Rules
+
+> 性能和资源管理规则
+
+## 模型选择策略
+
+根据任务复杂度选择合适的模型：
+
+| 模型 | 适用场景 | 成本 |
+|------|---------|------|
+| **Haiku** | 简单任务、高频调用、轻量 agent | 最低 |
+| **Sonnet** | 主要开发、代码生成、工作流编排 | 中等 |
+| **Opus** | 复杂架构决策、深度推理、研究分析 | 最高 |
+
+### 推荐配置
+
+```
+Conductor   → Sonnet (需要全局理解)
+Architect   → Opus (需要深度思考)
+Builder     → Sonnet (主要编码工作)
+Reviewer    → Opus (需要严谨分析)
+Librarian   → Haiku (文档整理)
+```
+
+## Context Window 管理
+
+**关键原则**：避免在 context 的最后 20% 进行复杂操作
+
+### 高 Context 敏感任务（避免在 context 末尾）
+- 大规模重构
+- 跨多文件的功能实现
+- 复杂交互调试
+
+### 低 Context 敏感任务（可在任何时候）
+- 单文件编辑
+- 独立工具创建
+- 文档更新
+- 简单 bug 修复
+
+## MCP 管理
+
+**关键**：不要同时启用所有 MCP
+
+- 200k context 可能被压缩到 70k
+- 建议配置 20-30 个 MCP
+- 每个项目启用不超过 10 个
+- 活跃工具保持在 80 个以下
+
+### 禁用不需要的 MCP
+
+在项目 `settings.json` 中：
+
+```json
+{
+  "disabledMcpServers": [
+    "unused-mcp-1",
+    "unused-mcp-2"
+  ]
+}
+```
+
+## 构建故障排除
+
+构建失败时：
+
+1. 使用 **build-error-resolver** skill
+2. 分析错误信息
+3. 增量修复
+4. 每次修复后验证
+
+## 复杂任务策略
+
+对于需要深度推理的任务：
+
+1. 使用 `ultrathink` 模式增强思考
+2. 启用 **Plan Mode** 进行结构化方案
+3. 多轮自我批判优化
+4. 使用分角色 sub-agents 进行多角度分析

package/.claude/rules/security.md

@@ -0,0 +1,56 @@
+# Security Rules
+
+> 安全规则 - 所有提交必须遵守
+
+## 提交前强制检查
+
+每次提交代码前必须确认：
+
+- [ ] **无硬编码密钥** - API keys, passwords, tokens 必须用环境变量
+- [ ] **输入验证** - 所有用户输入已验证和清理
+- [ ] **SQL 注入防护** - 使用参数化查询
+- [ ] **XSS 防护** - HTML 输出已转义
+- [ ] **CSRF 保护** - 表单提交有 token 验证
+- [ ] **认证授权** - 敏感操作有权限检查
+- [ ] **速率限制** - API 端点有请求限制
+- [ ] **错误信息** - 不泄露敏感数据
+
+## 密钥管理
+
+```typescript
+// ❌ 永远不要这样做
+const apiKey = "sk-proj-xxxxx"
+const password = "admin123"
+
+// ✅ 正确方式
+const apiKey = process.env.OPENAI_API_KEY
+if (!apiKey) {
+  throw new Error('OPENAI_API_KEY not configured')
+}
+```
+
+## 安全响应协议
+
+发现安全问题时：
+
+1. **立即停止** 当前工作
+2. **调用** security-reviewer skill
+3. **修复** CRITICAL 问题后才能继续
+4. **轮换** 任何已暴露的密钥
+5. **审查** 整个代码库是否有类似问题
+
+## 敏感文件
+
+以下文件永远不应提交：
+
+```
+.env
+.env.local
+.env.production
+*.pem
+*.key
+credentials.json
+secrets.yaml
+```
+
+确保 `.gitignore` 包含这些模式。