reverse-engineer-rpi
Compare original and translation side by side
🇺🇸
Original
English🇨🇳
Translation
Chinese/reverse-engineer-rpi
/reverse-engineer-rpi
Reverse-engineer a product into a mechanically verifiable feature inventory + registry + spec set, with optional security-audit artifacts and validation gates.
将产品逆向工程为可机械验证的功能清单+注册表+规格集,可附带安全审计工件和验证关卡。
Hard Guardrails (MANDATORY)
硬性约束(强制执行)
- Only operate on code/binaries you own or have explicit written authorization to analyze.
- Do not provide steps to bypass protections/ToS or to extract proprietary source code/system prompts from third-party products.
- Do not output reconstructed proprietary source or embedded prompts from binaries (index only; redact in reports).
- Redact secrets/tokens/keys if encountered; run the secret-scan gate over outputs.
- Always separate: docs say vs code proves vs hosted/control-plane.
- 仅可对您拥有或获得明确书面授权的代码/二进制文件进行分析。
- 不得提供绕过保护措施/服务条款或从第三方产品中提取专有源代码/系统提示的步骤。
- 不得输出从二进制文件重构的专有源代码或嵌入提示(仅建立索引;在报告中进行脱敏)。
- 若遇到密钥/令牌/密钥需进行脱敏;对输出内容运行密钥扫描关卡。
- 始终区分:文档声称 vs 代码实际实现 vs 托管/控制平面。
One-Command Example
单命令示例
bash
python3 skills/reverse-engineer-rpi/scripts/reverse_engineer_rpi.py ao \
--authorized \
--mode=binary \
--binary-path="$(command -v ao)" \
--output-dir=".agents/research/ao/"If you do not have explicit written authorization to analyze that binary, do not run the above. Use the included demo fixture instead (see Self-Test below).
Repo-only example (no binary required):
bash
python3 skills/reverse-engineer-rpi/scripts/reverse_engineer_rpi.py cc-sdd \
--mode=repo \
--upstream-repo="https://github.com/gotalab/cc-sdd.git" \
--output-dir=".agents/research/cc-sdd/"bash
python3 skills/reverse-engineer-rpi/scripts/reverse_engineer_rpi.py ao \
--authorized \
--mode=binary \
--binary-path="$(command -v ao)" \
--output-dir=".agents/research/ao/"如果您没有分析该二进制文件的明确书面授权,请勿运行上述命令。请改用附带的演示测试用例(见下文的自我测试)。
仅仓库示例(无需二进制文件):
bash
python3 skills/reverse-engineer-rpi/scripts/reverse_engineer_rpi.py cc-sdd \
--mode=repo \
--upstream-repo="https://github.com/gotalab/cc-sdd.git" \
--output-dir=".agents/research/cc-sdd/"Invocation Contract
调用约定
Required:
product_name
Optional:
- (recommended when available; supports
--docs-sitemap-urlandhttps://...)file:///... - (default:
--docs-features-prefix)docs/features/ - (optional)
--upstream-repo - (default:
--local-clone-dir).tmp/<product_name> - (default:
--output-dir).agents/research/<product_name>/ - (default:
--mode; allowed:binary)repo|binary|both - (required if
--binary-pathincludes--mode)binary - (authorized-only; binary mode extracts embedded ZIPs by default; this disables extraction and keeps index-only)
--no-materialize-archives
Security audit flags (optional):
- (enables security artifacts + gates)
--security-audit - (generate SBOM + dependency risk report where possible; may no-op with a note)
--sbom - (only if a safe harness exists; timeboxed)
--fuzz
Mandatory guardrail flag:
- (required for binary mode; refuses to run binary analysis without it)
--authorized
必填项:
product_name
可选项:
- (如有可用则推荐;支持
--docs-sitemap-url和https://...)file:///... - (默认值:
--docs-features-prefix)docs/features/ - (可选)
--upstream-repo - (默认值:
--local-clone-dir).tmp/<product_name> - (默认值:
--output-dir).agents/research/<product_name>/ - (默认值:
--mode;允许值:binary)repo|binary|both - (若
--binary-path包含--mode则为必填项)binary - (仅授权用户可用;二进制模式默认提取嵌入的ZIP文件;此参数将禁用提取,仅保留索引)
--no-materialize-archives
安全审计标志(可选):
- (启用安全工件+关卡)
--security-audit - (尽可能生成SBOM+依赖风险报告;可能无操作并给出说明)
--sbom - (仅当存在安全测试harness时使用;限时运行)
--fuzz
强制约束标志:
- (二进制模式必填;无此标志将拒绝运行二进制分析)
--authorized
Script-Driven Workflow
脚本驱动的工作流
Run:
bash
python3 skills/reverse-engineer-rpi/scripts/reverse_engineer_rpi.py <product_name> --authorized [flags...]This generates the required outputs under and (when applicable) and .
output_dir/.agents/council/.agents/learnings/运行:
bash
python3 skills/reverse-engineer-rpi/scripts/reverse_engineer_rpi.py <product_name> --authorized [flags...]这会在下生成所需输出,适用时还会在和下生成。
output_dir/.agents/council/.agents/learnings/Outputs (MUST be generated)
输出内容(必须生成)
Core outputs under :
output_dir/feature-inventory.mdfeature-registry.yamlvalidate-feature-registry.pyfeature-catalog.mdspec-architecture.mdspec-code-map.md- (only if a CLI exists; otherwise a note is written to
spec-cli-surface.md)spec-code-map.md spec-clone-vs-use.md- (original MVP spec; do not copy from target)
spec-clone-mvp.md
Binary-mode extras:
- (best-effort summary)
binary-analysis.md - (index only; no dumps)
binary-embedded-archives.md
If , also create :
--security-auditoutput_dir/security/threat-model.mdattack-surface.mddataflow.mdcrypto-review.mdauthn-authz.mdfindings.mdreproducibility.mdvalidate-security-audit.sh
output_dir/feature-inventory.mdfeature-registry.yamlvalidate-feature-registry.pyfeature-catalog.mdspec-architecture.mdspec-code-map.md- (仅当存在CLI时生成;否则会在
spec-cli-surface.md中添加说明)spec-code-map.md spec-clone-vs-use.md- (原始MVP规格;请勿复制目标产品内容)
spec-clone-mvp.md
二进制模式额外输出:
- (尽最大努力生成的摘要)
binary-analysis.md - (仅索引;不转储内容)
binary-embedded-archives.md
若启用,还会创建目录:
--security-auditoutput_dir/security/threat-model.mdattack-surface.mddataflow.mdcrypto-review.mdauthn-authz.mdfindings.mdreproducibility.mdvalidate-security-audit.sh
Self-Test (Acceptance Criteria)
自我测试(验收标准)
End-to-end fixture (safe, owned demo binary with embedded ZIP):
bash
bash skills/reverse-engineer-rpi/scripts/self_test.shThis must show:
- feature inventory generated
- registry generated
- registry validator exits 0
- in security mode: exits 0 and secret scan passes
validate-security-audit.sh
端到端测试用例(安全、自有演示二进制文件,含嵌入ZIP):
bash
bash skills/reverse-engineer-rpi/scripts/self_test.sh测试必须显示:
- 已生成功能清单
- 已生成注册表
- 注册表验证器退出码为0
- 安全模式下:退出码为0且密钥扫描通过
validate-security-audit.sh