Back to Details

base

Compare original and translation side by side

🇺🇸

Original

English
🇨🇳

Translation

Chinese

Base Skill - Universal Patterns

基础技能 - 通用模式

Core Principle

核心原则

Complexity is the enemy. Every line of code is a liability. The goal is software simple enough that any engineer (or AI) can understand the entire system in one session.
复杂性是敌人。每一行代码都是一种负担。我们的目标是打造足够简单的软件,让任何工程师(或AI)都能在一次会话中理解整个系统。

Simplicity Rules (STRICTLY ENFORCED)

简洁性规则(严格执行)

CRITICAL: These limits are non-negotiable. Claude MUST check and enforce these limits for EVERY file created or modified.
关键提示:这些限制是不可协商的。Claude必须检查并强制执行这些限制,适用于所有创建或修改的文件。

Function Level

函数层面

  • Maximum 20 lines per function - if longer, decompose IMMEDIATELY
  • Maximum 3 parameters per function - if more, use an options object or decompose
  • Maximum 2 levels of nesting - flatten with early returns or extract functions
  • Single responsibility - each function does exactly one thing
  • Descriptive names over comments - if you need a comment to explain what, rename it
  • 每个函数最多20行代码 - 如果超出,立即拆分
  • 每个函数最多3个参数 - 如果超出,使用选项对象或拆分函数
  • 最多2层嵌套 - 使用提前返回或提取函数来扁平化结构
  • 单一职责 - 每个函数只做一件事
  • 用描述性名称替代注释 - 如果需要注释来解释功能,就重命名函数

File Level

文件层面

  • Maximum 200 lines per file - if longer, split by responsibility BEFORE continuing
  • Maximum 10 functions per file - keeps cognitive load manageable
  • One export focus per file - a file should have one primary purpose
  • 每个文件最多200行代码 - 如果超出,在继续前按职责拆分
  • 每个文件最多10个函数 - 保持认知负担可控
  • 每个文件聚焦一个导出核心 - 文件应只有一个主要用途

Module Level

模块层面

  • Maximum 3 levels of directory nesting - flat is better than nested
  • Clear boundaries - each module has a single public interface
  • No circular dependencies - ever
  • 目录嵌套最多3层 - 扁平化优于嵌套
  • 清晰的边界 - 每个模块有单一的公共接口
  • 禁止循环依赖 - 绝对不允许

Enforcement Protocol

执行协议

Before completing ANY file:
  1. Count total lines - if > 200, STOP and split
  2. Count functions - if > 10, STOP and split
  3. Check each function length - if any > 20 lines, STOP and decompose
  4. Check parameter counts - if any > 3, STOP and refactor
If limits are exceeded during development:
⚠️ FILE SIZE VIOLATION DETECTED

[filename] has [X] lines (limit: 200)

Splitting into:
- [filename-a].ts - [responsibility A]
- [filename-b].ts - [responsibility B]
Never defer refactoring. Fix violations immediately, not "later".
在完成任何文件之前:
  1. 统计总行数 - 如果>200,停止并拆分
  2. 统计函数数量 - 如果>10,停止并拆分
  3. 检查每个函数长度 - 如果有函数>20行,停止并拆分
  4. 检查参数数量 - 如果有函数>3个参数,停止并重构
如果在开发过程中发现违反限制:
⚠️ 检测到文件大小违规

[filename] 有 [X] 行(限制:200)

拆分为:
- [filename-a].ts - [职责A]
- [filename-b].ts - [职责B]
永远不要推迟重构。 立即修复违规,不要“以后再说”。

Architectural Patterns

架构模式

Functional Core, Imperative Shell

函数式核心,命令式外壳

  • Pure functions for business logic - no side effects, deterministic
  • Side effects only at boundaries - API calls, database, file system at edges
  • Data in, data out - functions transform data, they don't mutate state
  • 业务逻辑使用纯函数 - 无副作用、确定性
  • 副作用仅在边界层处理 - API调用、数据库、文件系统等边缘操作
  • 数据输入输出 - 函数只转换数据,不修改状态

Composition Over Inheritance

组合优于继承

  • No inheritance deeper than 1 level - prefer interfaces/composition
  • Small, composable utilities - build complex from simple
  • Dependency injection - pass dependencies, don't import them directly
  • 继承深度不超过1层 - 优先使用接口/组合
  • 小型、可组合的工具函数 - 用简单组件构建复杂系统
  • 依赖注入 - 传递依赖,不要直接导入

Error Handling

错误处理

  • Fail fast, fail loud - errors surface immediately
  • No silent failures - every error is logged or thrown
  • Design APIs where misuse is impossible
  • 快速失败、明确报错 - 错误立即暴露
  • 无静默失败 - 每个错误都要记录或抛出
  • 设计无法被误用的API

Testing Philosophy

测试理念

  • 100% coverage on business logic - the functional core
  • Integration tests for boundaries - API endpoints, database operations
  • No untested code merges - CI blocks without passing tests
  • Test behavior, not implementation - tests survive refactoring
  • Each test runs in isolation - no interdependence
  • 业务逻辑100%覆盖 - 函数式核心部分
  • 边界层集成测试 - API端点、数据库操作
  • 不允许未测试代码合并 - CI会阻止未通过测试的代码
  • 测试行为而非实现 - 测试在重构后仍能生效
  • 每个测试独立运行 - 无依赖关系

Anti-Patterns (Never Do This)

反模式(绝对禁止)

  • ❌ Global state
  • ❌ Magic numbers/strings - use named constants
  • ❌ Deep nesting - flatten or extract
  • ❌ Long parameter lists - use objects
  • ❌ Comments explaining "what" - code should be self-documenting
  • ❌ Dead code - delete it, git remembers
  • ❌ Copy-paste duplication - extract to shared function
  • ❌ God objects/files - split by responsibility
  • ❌ Circular dependencies
  • ❌ Premature optimization
  • ❌ Large PRs - small, focused changes only
  • ❌ Mixing refactoring with features - separate commits
  • ❌ 全局状态
  • ❌ 魔法数字/字符串 - 使用命名常量
  • ❌ 深层嵌套 - 扁平化或提取
  • ❌ 长参数列表 - 使用对象
  • ❌ 解释“是什么”的注释 - 代码应自文档化
  • ❌ 死代码 - 删除它,git会记录历史
  • ❌ 复制粘贴重复代码 - 提取为共享函数
  • ❌ 上帝对象/文件 - 按职责拆分
  • ❌ 循环依赖
  • ❌ 过早优化
  • ❌ 大型PR - 只允许小而聚焦的变更
  • ❌ 重构与功能开发混合 - 分开提交

Documentation Structure

文档结构

Every project must have clear separation between code docs and project specs:
project/
├── docs/                      # Code documentation
│   ├── architecture.md        # System design decisions
│   ├── api.md                 # API reference (if applicable)
│   └── setup.md               # Development setup guide
├── _project_specs/            # Project specifications
│   ├── overview.md            # Project vision and goals
│   ├── features/              # Feature specifications
│   │   ├── feature-a.md
│   │   └── feature-b.md
│   ├── todos/                 # Atomic todos tracking
│   │   ├── active.md          # Current sprint/focus
│   │   ├── backlog.md         # Future work
│   │   └── completed.md       # Done items (for reference)
│   ├── session/               # Session state (see session-management.md)
│   │   ├── current-state.md   # Live session state
│   │   ├── decisions.md       # Key decisions log
│   │   ├── code-landmarks.md  # Important code locations
│   │   └── archive/           # Past session summaries
│   └── prompts/               # LLM prompt specifications (if AI-first)
└── CLAUDE.md                  # Claude instructions (references skills)
每个项目必须明确区分代码文档和项目规格:
project/
├── docs/                      # 代码文档
│   ├── architecture.md        # 系统设计决策
│   ├── api.md                 # API参考(如适用)
│   └── setup.md               # 开发设置指南
├── _project_specs/            # 项目规格
│   ├── overview.md            # 项目愿景与目标
│   ├── features/              # 功能规格
│   │   ├── feature-a.md
│   │   └── feature-b.md
│   ├── todos/                 # 原子化待办事项跟踪
│   │   ├── active.md          # 当前迭代/聚焦项
│   │   ├── backlog.md         # 未来工作
│   │   └── completed.md       # 已完成项(参考用)
│   ├── session/               # 会话状态(见session-management.md)
│   │   ├── current-state.md   # 实时会话状态
│   │   ├── decisions.md       # 关键决策日志
│   │   ├── code-landmarks.md  # 重要代码位置
│   │   └── archive/           # 过往会话摘要
│   └── prompts/               # LLM提示规格(如果是AI优先项目)
└── CLAUDE.md                  # Claude指令(引用技能)

What Goes Where

内容分类指南

LocationContent
docs/
Technical documentation, API refs, setup guides
_project_specs/
Business logic, features, requirements, todos
_project_specs/session/
Session state, decisions, context for resumability
CLAUDE.md
Claude-specific instructions and skill references
位置内容
docs/
技术文档、API参考、设置指南
_project_specs/
业务逻辑、功能、需求、待办事项
_project_specs/session/
会话状态、决策、可恢复性上下文
CLAUDE.md
Claude专属指令和技能引用

Atomic Todos

原子化待办事项

All work is tracked as atomic todos with validation and test criteria.
所有工作都以原子化待办事项跟踪,包含验证和测试标准。

Todo Format (Required)

待办事项格式(必填)

markdown
undefined
markdown
undefined

[TODO-001] Short descriptive title

[TODO-001] 简短描述性标题

Status: pending | in-progress | blocked | done Priority: high | medium | low Estimate: XS | S | M | L | XL
状态: pending | in-progress | blocked | done 优先级: high | medium | low 预估: XS | S | M | L | XL

Description

描述

One paragraph describing what needs to be done.
一段文字说明需要完成的工作。

Acceptance Criteria

验收标准

  • Criterion 1 - specific, measurable
  • Criterion 2 - specific, measurable
  • 标准1 - 具体、可衡量
  • 标准2 - 具体、可衡量

Validation

验证方式

How to verify this is complete:
  • Manual: [steps to manually test]
  • Automated: [test file/command that validates this]
如何验证工作完成:
  • 手动:[手动测试步骤]
  • 自动化:[验证此功能的测试文件/命令]

Test Cases

测试用例

InputExpected OutputNotes
.........
输入预期输出备注
.........

Dependencies

依赖关系

  • Depends on: [TODO-xxx] (if any)
  • Blocks: [TODO-yyy] (if any)
  • 依赖于:[TODO-xxx](如有)
  • 阻塞:[TODO-yyy](如有)

TDD Execution Log

TDD执行日志

PhaseCommandResultTimestamp
RED
[test command]
--
GREEN
[test command]
--
VALIDATE
[lint && typecheck && test --coverage]
--
COMPLETEMoved to completed.md--
undefined
阶段命令结果时间戳
RED
[测试命令]
--
GREEN
[测试命令]
--
VALIDATE
[lint && typecheck && test --coverage]
--
COMPLETE移至completed.md--
undefined

Todo Rules

待办事项规则

  1. Atomic - Each todo is a single, completable unit of work
  2. Testable - Every todo has validation criteria and test cases
  3. Sized - If larger than "M", break it down further
  4. Independent - Minimize dependencies between todos
  5. Tracked - Move between active.md → completed.md when done
  1. 原子化 - 每个待办事项是单一、可完成的工作单元
  2. 可测试 - 每个待办事项都有验证标准和测试用例
  3. 合理 sizing - 如果大于"M",进一步拆分
  4. 独立性 - 尽量减少待办事项之间的依赖
  5. 可跟踪 - 完成后从active.md移至completed.md

Todo Execution Workflow (TDD - Mandatory)

待办事项执行工作流(TDD - 强制要求)

Every todo MUST follow this exact workflow. No exceptions.
┌─────────────────────────────────────────────────────────────┐
│  1. RED: Write Tests First                                  │
│     └─ Create test file(s) based on Test Cases table        │
│     └─ Tests should cover all acceptance criteria           │
│     └─ Run tests → ALL MUST FAIL (proves tests are valid)   │
├─────────────────────────────────────────────────────────────┤
│  2. GREEN: Implement the Feature                            │
│     └─ Write minimum code to make tests pass                │
│     └─ Follow simplicity rules (20 lines/function, etc.)    │
│     └─ Run tests → ALL MUST PASS                            │
├─────────────────────────────────────────────────────────────┤
│  3. VALIDATE: Quality Gates                                 │
│     └─ Run linter (auto-fix if possible)                    │
│     └─ Run type checker (tsc/mypy/pyright)                  │
│     └─ Run full test suite with coverage                    │
│     └─ Verify coverage threshold (≥80%)                     │
├─────────────────────────────────────────────────────────────┤
│  4. COMPLETE: Mark Done                                     │
│     └─ Only after ALL validations pass                      │
│     └─ Move todo to completed.md                            │
│     └─ Checkpoint session state                             │
└─────────────────────────────────────────────────────────────┘
每个待办事项必须严格遵循此工作流,无例外。
┌─────────────────────────────────────────────────────────────┐
│  1. RED:先编写测试                                  │
│     └─ 根据测试用例表创建测试文件        │
│     └─ 测试应覆盖所有验收标准           │
│     └─ 运行测试 → 所有测试必须失败(证明测试有效)   │
├─────────────────────────────────────────────────────────────┤
│  2. GREEN:实现功能                            │
│     └─ 编写最少代码使测试通过                │
│     └─ 遵循简洁性规则(每个函数20行等)    │
│     └─ 运行测试 → 所有测试必须通过                            │
├─────────────────────────────────────────────────────────────┤
│  3. VALIDATE:质量检查门限                                 │
│     └─ 运行代码检查工具(尽可能自动修复)                    │
│     └─ 运行类型检查工具(tsc/mypy/pyright)                  │
│     └─ 运行完整测试套件并查看覆盖率                    │
│     └─ 验证覆盖率阈值(≥80%)                     │
├─────────────────────────────────────────────────────────────┤
│  4. COMPLETE:标记完成                                     │
│     └─ 只有在所有验证通过后                      │
│     └─ 将待办事项移至completed.md                            │
│     └─ 检查点会话状态                             │
└─────────────────────────────────────────────────────────────┘

Execution Commands by Stack

按技术栈分类的执行命令

Node.js/TypeScript:
bash
undefined
Node.js/TypeScript:
bash
undefined

1. RED - Run tests (expect failures)

1. RED - 运行测试(预期失败)

npm test -- --grep "todo-description"
npm test -- --grep "todo-description"

2. GREEN - Run tests (expect pass)

2. GREEN - 运行测试(预期通过)

npm test -- --grep "todo-description"
npm test -- --grep "todo-description"

3. VALIDATE - Full quality check

3. VALIDATE - 完整质量检查

npm run lint && npm run typecheck && npm test -- --coverage

**Python:**
```bash
npm run lint && npm run typecheck && npm test -- --coverage

**Python:**
```bash

1. RED - Run tests (expect failures)

1. RED - 运行测试(预期失败)

pytest -k "todo_description" -v
pytest -k "todo_description" -v

2. GREEN - Run tests (expect pass)

2. GREEN - 运行测试(预期通过)

pytest -k "todo_description" -v
pytest -k "todo_description" -v

3. VALIDATE - Full quality check

3. VALIDATE - 完整质量检查

ruff check . && mypy . && pytest --cov --cov-fail-under=80

**React/Next.js:**
```bash
ruff check . && mypy . && pytest --cov --cov-fail-under=80

**React/Next.js:**
```bash

1. RED - Run tests (expect failures)

1. RED - 运行测试(预期失败)

npm test -- --testPathPattern="ComponentName"
npm test -- --testPathPattern="ComponentName"

2. GREEN - Run tests (expect pass)

2. GREEN - 运行测试(预期通过)

npm test -- --testPathPattern="ComponentName"
npm test -- --testPathPattern="ComponentName"

3. VALIDATE - Full quality check

3. VALIDATE - 完整质量检查

npm run lint && npm run typecheck && npm test -- --coverage --watchAll=false
undefined
npm run lint && npm run typecheck && npm test -- --coverage --watchAll=false
undefined

Blocking Conditions

阻塞条件

NEVER mark a todo as complete if:
  • ❌ Tests were not written first (skipped RED phase)
  • ❌ Tests did not fail initially (invalid tests)
  • ❌ Any test is failing
  • ❌ Linter has errors (warnings may be acceptable)
  • ❌ Type checker has errors
  • ❌ Coverage dropped below threshold
If blocked by failures:
markdown
undefined
绝对不要将待办事项标记为完成,如果:
  • ❌ 没有先编写测试(跳过RED阶段)
  • ❌ 初始运行时测试没有失败(无效测试)
  • ❌ 任何测试失败
  • ❌ 代码检查工具存在错误(警告可能可接受)
  • ❌ 类型检查工具存在错误
  • ❌ 覆盖率低于阈值
如果因失败被阻塞:
markdown
undefined

[TODO-042] - BLOCKED

[TODO-042] - 已阻塞

Blocking Reason: [Lint error in X / Test failure in Y / Coverage at 75%] Action Required: [Specific fix needed]
undefined
阻塞原因: [X文件中的Lint错误 / Y中的测试失败 / 覆盖率为75%] 所需操作: [具体修复措施]
undefined

Bug Fix Workflow (TDD - Mandatory)

Bug修复工作流(TDD - 强制要求)

When a user reports a bug, NEVER jump to fixing it directly.
┌─────────────────────────────────────────────────────────────┐
│  1. DIAGNOSE: Identify the Test Gap                         │
│     └─ Run existing tests - do any fail?                    │
│     └─ If tests pass but bug exists → tests are incomplete  │
│     └─ Document: "Test gap: [what was missed]"              │
├─────────────────────────────────────────────────────────────┤
│  2. RED: Write a Failing Test for the Bug                   │
│     └─ Create test that reproduces the exact bug            │
│     └─ Test should FAIL with current code                   │
│     └─ This proves the test catches the bug                 │
├─────────────────────────────────────────────────────────────┤
│  3. GREEN: Fix the Bug                                      │
│     └─ Write minimum code to make the test pass             │
│     └─ Run test → must PASS now                             │
├─────────────────────────────────────────────────────────────┤
│  4. VALIDATE: Full Quality Check                            │
│     └─ Run ALL tests (not just the new one)                 │
│     └─ Run linter and type checker                          │
│     └─ Verify no regression in coverage                     │
└─────────────────────────────────────────────────────────────┘
当用户报告Bug时,绝对不要直接开始修复。
┌─────────────────────────────────────────────────────────────┐
│  1. 诊断:识别测试缺口                         │
│     └─ 运行现有测试 - 是否有失败?                    │
│     └─ 如果测试通过但Bug存在 → 测试不完整  │
│     └─ 记录:"测试缺口:[遗漏的内容]"              │
├─────────────────────────────────────────────────────────────┤
│  2. RED:为Bug编写失败的测试                   │
│     └─ 创建能复现Bug的测试            │
│     └─ 现有代码下测试应失败                   │
│     └─ 这证明测试能捕获Bug                 │
├─────────────────────────────────────────────────────────────┤
│  3. GREEN:修复Bug                                      │
│     └─ 编写最少代码使测试通过             │
│     └─ 运行测试 → 现在必须通过                             │
├─────────────────────────────────────────────────────────────┤
│  4. VALIDATE:完整质量检查                            │
│     └─ 运行所有测试(不只是新测试)                 │
│     └─ 运行代码检查和类型检查工具                          │
│     └─ 验证覆盖率没有倒退                     │
└─────────────────────────────────────────────────────────────┘

Bug Report Todo Format

Bug报告待办事项格式

markdown
undefined
markdown
undefined

[BUG-001] Short description of the bug

[BUG-001] Bug简短描述

Status: pending Priority: high Reported: [how user reported it / reproduction steps]
状态: pending 优先级: high 报告来源: [用户报告方式 / 复现步骤]

Bug Description

Bug描述

What is happening vs. what should happen.
实际发生的情况与预期情况的对比。

Reproduction Steps

复现步骤

  1. Step one
  2. Step two
  3. Observe: [incorrect behavior]
  4. Expected: [correct behavior]
  1. 步骤一
  2. 步骤二
  3. 观察:[错误行为]
  4. 预期:[正确行为]

Test Gap Analysis

测试缺口分析

  • Existing test coverage: [list relevant test files]
  • Gap identified: [what the tests missed]
  • New test needed: [describe the test to add]
  • 现有测试覆盖:[相关测试文件列表]
  • 识别的缺口:[测试遗漏的内容]
  • 需要新增的测试:[描述要添加的测试]

Test Cases for Bug

Bug测试用例

InputCurrent (Bug)Expected (Fixed)
.........
输入当前(Bug状态)预期(修复后)
.........

TDD Execution Log

TDD执行日志

PhaseCommandResultTimestamp
DIAGNOSE
npm test
All pass (gap!)-
RED
npm test -- --grep "bug description"
1 test failed ✓-
GREEN
npm test -- --grep "bug description"
1 test passed ✓-
VALIDATE
npm run lint && npm run typecheck && npm test -- --coverage
Pass ✓-
undefined
阶段命令结果时间戳
诊断
npm test
全部通过(存在缺口!)-
RED
npm test -- --grep "bug description"
1个测试失败 ✓-
GREEN
npm test -- --grep "bug description"
1个测试通过 ✓-
VALIDATE
npm run lint && npm run typecheck && npm test -- --coverage
通过 ✓-
undefined

Bug Fix Anti-Patterns

Bug修复反模式

  • Fixing without a test - Bug will likely return
  • Writing test after fix - Can't prove test catches the bug
  • Skipping test gap analysis - Misses why tests didn't catch it
  • Only testing the fix - Must run full test suite for regressions
  • 不写测试直接修复 - Bug很可能会重现
  • 修复后再写测试 - 无法证明测试能捕获Bug
  • 跳过测试缺口分析 - 无法理解为什么测试没捕获Bug
  • 只测试修复部分 - 必须运行完整测试套件检查回归

Example Atomic Todo

原子化待办事项示例

markdown
undefined
markdown
undefined

[TODO-042] Add email validation to signup form

[TODO-042] 为注册表单添加邮箱验证

Status: pending Priority: high Estimate: S
状态: pending 优先级: high 预估: S

Description

描述

Validate email format on the signup form before submission. Show inline error if invalid.
在注册表单提交前验证邮箱格式。如果无效,显示内联错误。

Acceptance Criteria

验收标准

  • Email field shows error for invalid format
  • Error clears when user fixes the email
  • Form cannot submit with invalid email
  • Valid emails pass through without error
  • 邮箱字段对无效格式显示错误
  • 用户修复邮箱后错误消失
  • 无效邮箱时表单无法提交
  • 有效邮箱可正常通过

Validation

验证方式

  • Manual: Enter "notanemail" in signup form, verify error appears
  • Automated: 
    npm test -- --grep "email validation"
  • 手动:在注册表单中输入"notanemail",验证错误显示
  • 自动化:
    npm test -- --grep "email validation"

Test Cases

测试用例

InputExpected OutputNotes
user@example.comValid, no errorStandard email
user@sub.example.comValid, no errorSubdomain
notanemailInvalid, show errorNo @ symbol
user@Invalid, show errorNo domain
@example.comInvalid, show errorNo local part
输入预期输出备注
user@example.com有效,无错误标准邮箱
user@sub.example.com有效,无错误子域名
notanemail无效,显示错误无@符号
user@无效,显示错误无域名
@example.com无效,显示错误无本地部分

Dependencies

依赖关系

  • Depends on: [TODO-041] Signup form component
  • Blocks: [TODO-045] Signup flow integration test
  • 依赖于:[TODO-041] 注册表单组件
  • 阻塞:[TODO-045] 注册流集成测试

TDD Execution Log

TDD执行日志

PhaseCommandResultTimestamp
RED
npm test -- --grep "email validation"
5 tests failed ✓-
GREEN
npm test -- --grep "email validation"
5 tests passed ✓-
VALIDATE
npm run lint && npm run typecheck && npm test -- --coverage
Pass, 84% coverage ✓-
COMPLETEMoved to completed.md-

---
阶段命令结果时间戳
RED
npm test -- --grep "email validation"
5个测试失败 ✓-
GREEN
npm test -- --grep "email validation"
5个测试通过 ✓-
VALIDATE
npm run lint && npm run typecheck && npm test -- --coverage
通过,覆盖率84% ✓-
COMPLETE移至completed.md-

---

Credentials Management (Non-Negotiable)

凭证管理(不可协商)

When a project needs API keys, always ask the user for their centralized access file first.
当项目需要API密钥时,首先询问用户是否有集中式访问文件。

Workflow

工作流

1. Ask: "Do you have an access keys file? (e.g., ~/Documents/Access.txt)"
2. Read and parse the file for known key patterns
3. Validate keys are working
4. Create project .env with found keys
5. Report missing keys and where to get them
1. 询问:"你有访问密钥文件吗?(例如:~/Documents/Access.txt)"
2. 读取并解析文件中的已知密钥模式
3. 验证密钥是否可用
4. 使用找到的密钥创建项目.env文件
5. 报告缺失的密钥及获取途径

Key Patterns to Detect

需检测的密钥模式

ServicePatternEnv Variable
OpenAI
sk-proj-*
OPENAI_API_KEY
Claude
sk-ant-*
ANTHROPIC_API_KEY
Render
rnd_*
RENDER_API_KEY
Replicate
r8_*
REPLICATE_API_TOKEN
Redditclient_id + secret
REDDIT_CLIENT_ID
, 
REDDIT_CLIENT_SECRET
See 
credentials.md
for full parsing logic and validation commands.
服务模式环境变量
OpenAI
sk-proj-*
OPENAI_API_KEY
Claude
sk-ant-*
ANTHROPIC_API_KEY
Render
rnd_*
RENDER_API_KEY
Replicate
r8_*
REPLICATE_API_TOKEN
Redditclient_id + secret
REDDIT_CLIENT_ID
, 
REDDIT_CLIENT_SECRET
完整解析逻辑和验证命令请见
credentials.md

Security (Non-Negotiable)

安全(不可协商)

Every project must meet these security requirements. See 
security.md
skill for detailed patterns.
每个项目必须满足这些安全要求。详细模式请见
security.md
技能。

Essential Security Checks

基本安全检查

  1. No secrets in code - Use environment variables, never commit secrets
  2. .env
    in 
    .gitignore
     - Always, no exceptions
  3. No secrets in client-exposed env vars - Never use 
    VITE_*
    , 
    NEXT_PUBLIC_*
    for secrets
  4. Validate all input - Use Zod/Pydantic at API boundaries
  5. Parameterized queries only - No string concatenation for SQL
  6. Hash passwords properly - bcrypt with 12+ rounds
  7. Dependency scanning - npm audit / safety check must pass
  1. 代码中不包含机密信息 - 使用环境变量,绝对不要提交机密
  2. .env
    加入
    .gitignore
     - 必须如此,无例外
  3. 客户端暴露的环境变量中不包含机密 - 绝对不要使用
    VITE_*
    NEXT_PUBLIC_*
    存储机密
  4. 验证所有输入 - 在API边界使用Zod/Pydantic
  5. 仅使用参数化查询 - 不要用字符串拼接SQL
  6. 正确哈希密码 - 使用bcrypt,至少12轮
  7. 依赖扫描 - npm audit / safety检查必须通过

Required Files

必填文件

  • .gitignore
    with secrets patterns
  • .env.example
    with all required vars (no values)
  • scripts/security-check.sh
    for pre-commit validation
  • 包含机密模式的
    .gitignore
  • 包含所有必填变量的
    .env.example
    (无值)
  • 用于提交前验证的
    scripts/security-check.sh

Security in CI

CI中的安全检查

Every PR must pass:
  • Secret scanning (detect-secrets / trufflehog)
  • Dependency audit (npm audit / safety)
  • Static analysis (CodeQL)
每个PR必须通过:
  • 机密扫描(detect-secrets / trufflehog)
  • 依赖审计(npm audit / safety)
  • 静态分析(CodeQL)

Quality Gates (Non-Negotiable)

质量门限(不可协商)

Coverage Threshold

覆盖率阈值

  • Minimum 80% code coverage - CI must fail below this
  • Business logic (core/) should aim for 100%
  • Integration tests cover boundaries
  • 最低80%代码覆盖率 - 低于此值CI必须失败
  • 业务逻辑(core/)应追求100%覆盖
  • 集成测试覆盖边界层

Pre-Commit Hooks

提交前钩子

All projects must have pre-commit hooks that run:
  1. Linting (auto-fix where possible)
  2. Type checking
  3. Tests (at minimum, affected tests)
This catches issues before they hit CI, saving time and keeping the main branch clean.
所有项目必须有提交前钩子,运行:
  1. 代码检查(尽可能自动修复)
  2. 类型检查
  3. 测试(至少运行受影响的测试)
这能在代码进入CI前发现问题,节省时间并保持主分支干净。

Session Management (Non-Negotiable)

会话管理(不可协商)

Maintain context for resumability. See 
session-management.md
for full details.
维护上下文以支持可恢复性。详细内容请见
session-management.md

Core Rule: Checkpoint at Natural Breakpoints

核心规则:在自然断点处创建检查点

After completing any task, ask:
  1. Decision made? → Log to 
    _project_specs/session/decisions.md
  2. >10 tool calls? → Full checkpoint to 
    current-state.md
  3. Major feature done? → Archive to 
    session/archive/
  4. Otherwise → Quick update to 
    current-state.md
完成任何任务后,询问:
  1. 是否做出决策? → 记录到
    _project_specs/session/decisions.md
  2. 是否调用工具超过10次? → 完整检查点保存到
    current-state.md
  3. 是否完成主要功能? → 归档到
    session/archive/
  4. 其他情况 → 快速更新
    current-state.md

Session Start

会话开始

  1. Read 
    _project_specs/session/current-state.md
  2. Check 
    _project_specs/todos/active.md
  3. Continue from documented "Next Steps"
  1. 读取
    _project_specs/session/current-state.md
  2. 检查
    _project_specs/todos/active.md
  3. 从文档记录的“下一步”继续

Session End

会话结束

  1. Archive current session
  2. Update 
    current-state.md
    with handoff notes
  3. Ensure next steps are specific and actionable
  1. 归档当前会话
  2. 更新
    current-state.md
    ,添加交接说明
  3. 确保下一步具体且可执行

Response Format

响应格式

When implementing features (following TDD):
  1. Clarify requirements if ambiguous
  2. Propose structure - outline before code
  3. Write tests FIRST - based on test cases table (RED phase)
  4. Run tests to verify they fail - proves tests are valid
  5. Implement minimum code to make tests pass (GREEN phase)
  6. Run full validation - lint, typecheck, coverage (VALIDATE phase)
  7. Flag complexity - warn if approaching limits
  8. Checkpoint after completing - update session state, log TDD execution
TDD is non-negotiable. Tests must exist and fail before any implementation begins.
When you notice code violating these rules, stop and refactor before continuing.
实现功能时(遵循TDD):
  1. 明确需求 如果存在歧义
  2. 提出结构 - 先勾勒大纲再写代码
  3. 先写测试 - 基于测试用例表(RED阶段)
  4. 运行测试验证失败 - 证明测试有效
  5. 实现最少代码 使测试通过(GREEN阶段)
  6. 运行完整验证 - lint、类型检查、覆盖率(VALIDATE阶段)
  7. 标记复杂性 - 接近限制时发出警告
  8. 完成后创建检查点 - 更新会话状态,记录TDD执行
TDD是不可协商的。 必须先有测试且测试失败,才能开始实现。
当发现代码违反这些规则时,停止并重构,然后再继续。

Automatic Iterative Mode (Ralph Wiggum)

自动迭代模式(Ralph Wiggum)

For any non-trivial task, Claude MUST automatically use iterative TDD loops.
对于任何非琐碎任务,Claude必须自动使用迭代TDD循环。

When to Auto-Invoke Ralph Loop

何时自动调用Ralph循环

Task TypeAction
New feature (any size)
/ralph-loop
with TDD template
Bug fix
/ralph-loop
with bug fix template
Refactoring
/ralph-loop
with refactor template
API development
/ralph-loop
with API template
Simple question/explanationNormal response (no loop)
One-line fix (typo, etc.)Normal response (no loop)
任务类型操作
新功能(任何规模)使用TDD模板调用
/ralph-loop
Bug修复使用Bug修复模板调用
/ralph-loop
重构使用重构模板调用
/ralph-loop
API开发使用API模板调用
/ralph-loop
简单问题/解释正常响应(无循环)
单行修复(拼写错误等)正常响应(无循环)

Auto-Transform User Requests

自动转换用户请求

When user says something like:
  • "Add email validation"
  • "Fix the login bug"
  • "Build a REST API for todos"
  • "Refactor the auth module"
Claude MUST automatically:
  1. Extract requirements from the request
  2. Define completion criteria (tests passing, lint clean, etc.)
  3. Structure as Ralph prompt with TDD workflow
  4. Invoke 
    /ralph-loop
    with appropriate 
    --max-iterations
    and 
    --completion-promise
当用户说类似以下内容时:
  • "添加邮箱验证"
  • "修复登录Bug"
  • "为待办事项构建REST API"
  • "重构认证模块"
Claude必须自动:
  1. 从请求中提取需求
  2. 定义完成标准(测试通过、代码检查干净等)
  3. 结构化为Ralph提示,包含TDD工作流
  4. 调用 
    /ralph-loop
    ,设置适当的
    --max-iterations
    --completion-promise

Auto-Transformation Example

自动转换示例

User says:
"Add a forgot password feature"
Claude automatically invokes:
bash
/ralph-loop "
用户说:
"添加忘记密码功能"
Claude自动调用:
bash
/ralph-loop "

Task: Add forgot password feature

任务:添加忘记密码功能

Requirements (extracted from user request)

需求(从用户请求中提取)

  • User can request password reset via email
  • Reset link sent to registered email
  • Link expires after 24 hours
  • User can set new password via link
  • 用户可通过邮箱请求重置密码
  • 重置链接发送至注册邮箱
  • 链接24小时后过期
  • 用户可通过链接设置新密码

TDD Workflow

TDD工作流

  1. Write failing tests for each requirement
  2. Verify tests FAIL (RED)
  3. Implement feature
  4. Verify tests PASS (GREEN)
  5. Run lint + typecheck
  6. Repeat if failures
  1. 为每个需求编写失败的测试
  2. 验证测试失败(RED)
  3. 实现功能
  4. 验证测试通过(GREEN)
  5. 运行lint + typecheck
  6. 如有失败则重复

Completion Criteria

完成标准

  • All tests passing
  • Coverage >= 80%
  • Lint clean
  • Security review (no token in URL params, etc.)
  • 所有测试通过
  • 覆盖率≥80%
  • 代码检查干净
  • 安全审查(URL参数中无token等)

Exit Condition

退出条件

<promise>FORGOT PASSWORD COMPLETE</promise> " --completion-promise "FORGOT PASSWORD COMPLETE" --max-iterations 25
undefined
<promise>FORGOT PASSWORD COMPLETE</promise> " --completion-promise "FORGOT PASSWORD COMPLETE" --max-iterations 25
undefined

Default Settings

默认设置

SettingDefaultRationale
--max-iterations
20-30Safety net, adjust by complexity
--completion-promise
Always setBased on task (e.g., "TESTS PASSING")
TDD workflowAlways includedNon-negotiable
设置默认值理由
--max-iterations
20-30安全网,根据复杂度调整
--completion-promise
始终设置基于任务(例如:"TESTS PASSING")
TDD工作流始终包含不可协商

Opt-Out

退出方式

User can opt out of automatic Ralph loops by saying:
  • "Just explain..." (explanation only)
  • "Quick fix for..." (one-liner)
  • "Don't loop..." (explicit opt-out)
  • "Help me understand..." (learning/discussion)
用户可通过以下方式退出自动Ralph循环:
  • "只解释..."(仅解释)
  • "快速修复..."(单行修复)
  • "不要循环..."(明确退出)
  • "帮我理解..."(学习/讨论)