validation-expert

Compare original and translation side by side

🇺🇸

Original

English

🇨🇳

Translation

Chinese

Validation Expert (Project Conductor)

验证专家（Project Conductor）

Deep research-driven validation skill specific to Project Conductor's architecture.

针对Project Conductor架构的、由深度研究驱动的验证技能。

When to Use

使用场景

Invoke this skill when:

User mentions: "validate", "check", "review", "test"
Before deployment to staging/production
After major feature implementation
When quality issues are suspected
Before creating a pull request
When user asks "is this production ready?"

在以下场景调用此技能：

用户提及：“validate”“check”“review”“test”时
部署到预发布/生产环境前
完成重大功能实现后
怀疑存在质量问题时
创建拉取请求前
用户询问“这是否已准备好用于生产环境？”时

Project Conductor Context

Project Conductor 背景信息

Tech Stack:

Node.js 20+ with TypeScript 5.2.2
Express.js 4.18.2
Socket.io 4.7.2 (real-time)
PostgreSQL 15 (database)
Redis 7 (caching)
Jest 29.6.4 (testing)

Architecture:

7-module workflow (Onboarding → BRD → PRD → Design → Conflicts → Implementation → History)
RESTful APIs (12 major APIs, 100+ endpoints)
Real-time collaboration (WebSocket)
Document-centric (Markdown + YAML frontmatter)

技术栈：

Node.js 20+ 搭配 TypeScript 5.2.2
Express.js 4.18.2
Socket.io 4.7.2（实时通信）
PostgreSQL 15（数据库）
Redis 7（缓存）
Jest 29.6.4（测试）

架构：

7模块工作流（Onboarding → BRD → PRD → Design → Conflicts → Implementation → History）
RESTful APIs（12个主要API，100+个端点）
实时协作（WebSocket）
文档中心架构（Markdown + YAML前置元数据）

Validation Methodology

验证方法

Step 1: Quick Health Check

步骤1：快速健康检查

bash

undefined

bash

undefined

Run immediate checks

运行即时检查

npm run build # TypeScript compilation npm run lint # ESLint npm test # Jest test suite npm run typecheck # TypeScript strict checks

npm run build # TypeScript编译 npm run lint # ESLint检查 npm test # Jest测试套件 npm run typecheck # TypeScript严格检查

Check docker services

检查Docker服务状态

docker-compose ps # PostgreSQL, Redis status

undefined

docker-compose ps # PostgreSQL、Redis状态

undefined

Step 2: Launch Deep Research for Best Practices

步骤2：启动最佳实践深度研究

Use codex-deep-research agent to validate against industry standards:

markdown

Invoke Task tool with subagent_type="codex-deep-research"

Prompt:
"Research the best practices, validation techniques, and quality standards for a production-ready TypeScript + Express.js + PostgreSQL application similar to Project Conductor.

Project Conductor is a requirements management and workflow orchestration platform with:
- 12 RESTful APIs
- Real-time WebSocket collaboration
- PostgreSQL database with complex queries
- Redis caching
- 7-module workflow system
- Document-centric architecture (Markdown + YAML)

Please provide comprehensive validation checklist covering:

1. **Code Quality:**
   - TypeScript best practices (strict mode, no 'any', proper typing)
   - ESLint rules for Node.js + Express
   - Code organization patterns (controllers, services, models)
   - Error handling patterns
   - Logging best practices (Pino, Winston)

2. **API Design:**
   - RESTful conventions (status codes, response formats)
   - Input validation (express-validator patterns)
   - Rate limiting strategies
   - API versioning (/api/v1)
   - Error response standards

3. **Database:**
   - PostgreSQL query optimization
   - Index strategy validation
   - Connection pool configuration
   - Migration best practices
   - Data integrity constraints

4. **Security:**
   - OWASP Top 10 compliance
   - SQL injection prevention
   - XSS prevention
   - Rate limiting
   - Authentication/authorization (JWT, RBAC)
   - Secrets management

5. **Performance:**
   - Response time targets (p95 <200ms)
   - Caching hit rate (>80%)
   - Database query performance (<50ms)
   - WebSocket latency (<50ms)
   - Memory leak detection

6. **Testing:**
   - Test coverage targets (>75%)
   - Unit test patterns
   - Integration test strategies
   - E2E test scenarios
   - WebSocket testing approaches

7. **Production Readiness:**
   - Environment configuration
   - Graceful shutdown
   - Health check endpoints
   - Monitoring setup (Prometheus, DataDog)
   - Error tracking (Sentry)
   - Logging infrastructure

8. **Deployment (Render specific):**
   - Static file serving validation
   - Environment variable checks
   - Build process verification
   - Path resolution correctness
   - 404 prevention strategies

Provide specific validation commands, test cases, and checklists for each category."

使用codex-deep-research代理对照行业标准进行验证：

markdown

调用Task工具，设置subagent_type="codex-deep-research"

提示词：
"研究与Project Conductor类似的、可用于生产环境的TypeScript + Express.js + PostgreSQL应用的最佳实践、验证技术和质量标准。

Project Conductor是一个需求管理与工作流编排平台，具备：
- 12个RESTful API
- 实时WebSocket协作
- 包含复杂查询的PostgreSQL数据库
- Redis缓存
- 7模块工作流系统
- 文档中心架构（Markdown + YAML）

请提供涵盖以下类别的全面验证清单：

1. **代码质量：**
   - TypeScript最佳实践（严格模式、避免使用'any'、正确类型定义）
   - 适用于Node.js + Express的ESLint规则
   - 代码组织模式（控制器、服务、模型）
   - 错误处理模式
   - 日志最佳实践（Pino、Winston）

2. **API设计：**
   - RESTful规范（状态码、响应格式）
   - 输入验证（express-validator模式）
   - 限流策略
   - API版本控制（/api/v1）
   - 错误响应标准

3. **数据库：**
   - PostgreSQL查询优化
   - 索引策略验证
   - 连接池配置
   - 迁移最佳实践
   - 数据完整性约束

4. **安全：**
   - OWASP Top 10合规性
   - SQL注入防护
   - XSS防护
   - 限流
   - 身份认证/授权（JWT、RBAC）
   - 密钥管理

5. **性能：**
   - 响应时间目标（p95 <200ms）
   - 缓存命中率（>80%）
   - 数据库查询性能（<50ms）
   - WebSocket延迟（<50ms）
   - 内存泄漏检测

6. **测试：**
   - 测试覆盖率目标（>75%）
   - 单元测试模式
   - 集成测试策略
   - 端到端测试场景
   - WebSocket测试方法

7. **生产环境就绪性：**
   - 环境配置
   - 优雅关闭
   - 健康检查端点
   - 监控设置（Prometheus、DataDog）
   - 错误追踪（Sentry）
   - 日志基础设施

8. **部署（针对Render平台）：**
   - 静态文件服务验证
   - 环境变量检查
   - 构建流程验证
   - 路径解析正确性
   - 404错误预防策略

为每个类别提供具体的验证命令、测试用例和检查清单。"

Step 3: Check for AI-Powered Validation Tools

步骤3：检查AI驱动的验证工具

Use gemini-research-analyst agent to find modern validation tools:

markdown

Invoke Task tool with subagent_type="gemini-research-analyst"

Prompt:
"Research if Google's Gemini AI provides any code validation, quality analysis, or automated testing tools that could benefit Project Conductor.

Specifically investigate:
1. Gemini-powered code review tools
2. Automated test generation
3. Security vulnerability scanning
4. Performance profiling
5. API contract testing
6. TypeScript type safety analysis
7. Database query optimization suggestions
8. Real-time monitoring and anomaly detection

If Gemini has relevant tools:
- How to integrate with TypeScript + Express.js
- Cost implications
- Accuracy/reliability compared to traditional tools
- Production-ready status
- Examples of companies using these tools

Also research Google Cloud tools that could enhance validation:
- Cloud Build (CI/CD)
- Error Reporting
- Cloud Monitoring
- Cloud Profiler
- Security Command Center"

使用gemini-research-analyst代理查找现代验证工具：

markdown

调用Task工具，设置subagent_type="gemini-research-analyst"

提示词：
"研究Google的Gemini AI是否提供任何可使Project Conductor受益的代码验证、质量分析或自动化测试工具。

具体调研：
1. Gemini驱动的代码评审工具
2. 自动化测试生成
3. 安全漏洞扫描
4. 性能分析
5. API契约测试
6. TypeScript类型安全性分析
7. 数据库查询优化建议
8. 实时监控与异常检测

如果Gemini有相关工具：
- 如何与TypeScript + Express.js集成
- 成本影响
- 与传统工具相比的准确性/可靠性
- 生产环境就绪状态
- 使用这些工具的企业案例

同时研究可增强验证能力的Google Cloud工具：
- Cloud Build（CI/CD）
- Error Reporting
- Cloud Monitoring
- Cloud Profiler
- Security Command Center"

Step 4: Execute Comprehensive Validation

步骤4：执行全面验证

After research agents return, run this complete validation suite:

在研究代理返回结果后，运行以下完整验证套件：

4A. Code Quality Validation

4A. 代码质量验证

bash

#!/bin/bash

bash

#!/bin/bash

comprehensive-validation.sh

echo "📊 Project Conductor Validation Suite" echo "======================================"

echo "📊 Project Conductor验证套件" echo "======================================"

1. TypeScript Compilation

1. TypeScript编译

echo "\n1️⃣ TypeScript Compilation..." npm run build if [ $? -ne 0 ]; then echo "❌ TypeScript compilation failed" exit 1 fi echo "✅ TypeScript compilation passed"

echo "\n1️⃣ TypeScript编译..." npm run build if [ $? -ne 0 ]; then echo "❌ TypeScript编译失败" exit 1 fi echo "✅ TypeScript编译通过"

2. Type Checking (strict mode)

2. 类型检查（严格模式）

echo "\n2️⃣ TypeScript Strict Checks..." npx tsc --noEmit --strict if [ $? -ne 0 ]; then echo "❌ Type checking failed" exit 1 fi echo "✅ Type checking passed"

echo "\n2️⃣ TypeScript严格检查..." npx tsc --noEmit --strict if [ $? -ne 0 ]; then echo "❌ 类型检查失败" exit 1 fi echo "✅ 类型检查通过"

3. Linting

3. 代码检查

echo "\n3️⃣ ESLint..." npm run lint if [ $? -ne 0 ]; then echo "⚠️ Linting issues found" fi

echo "\n3️⃣ ESLint检查..." npm run lint if [ $? -ne 0 ]; then echo "⚠️ 发现代码检查问题" fi

4. Find 'any' types (anti-pattern)

4. 查找'any'类型（反模式）

echo "\n4️⃣ Checking for 'any' types..." ANY_COUNT=$(grep -r ": any" src/ --include="*.ts" | wc -l) echo "Found $ANY_COUNT instances of 'any' type" if [ $ANY_COUNT -gt 10 ]; then echo "⚠️ Consider reducing 'any' usage (found $ANY_COUNT, target <10)" fi

echo "\n4️⃣ 检查'any'类型使用情况..." ANY_COUNT=$(grep -r ": any" src/ --include="*.ts" | wc -l) echo "发现$ANY_COUNT处'any'类型使用" if [ $ANY_COUNT -gt 10 ]; then echo "⚠️ 建议减少'any'的使用（当前发现$ANY_COUNT处，目标<10）" fi

5. Find console.log (should use logger)

5. 查找console.log（应使用日志工具）

echo "\n5️⃣ Checking for console.log..." CONSOLE_COUNT=$(grep -r "console." src/ --include="*.ts" | grep -v "// " | wc -l) echo "Found $CONSOLE_COUNT console statements" if [ $CONSOLE_COUNT -gt 0 ]; then echo "⚠️ Replace console.log with logger (found $CONSOLE_COUNT)" fi

echo "\n5️⃣ 检查console.log使用情况..." CONSOLE_COUNT=$(grep -r "console." src/ --include="*.ts" | grep -v "// " | wc -l) echo "发现$CONSOLE_COUNT处console语句" if [ $CONSOLE_COUNT -gt 0 ]; then echo "⚠️ 建议将console.log替换为日志工具（当前发现$CONSOLE_COUNT处）" fi

6. Check for hardcoded secrets

6. 检查硬编码密钥

echo "\n6️⃣ Checking for hardcoded secrets..." if grep -r "password\s*=\s*['"]" src/ --include="*.ts" | grep -v "process.env"; then echo "❌ Hardcoded passwords found!" exit 1 fi echo "✅ No hardcoded secrets detected"

echo "\n6️⃣ 检查硬编码密钥..." if grep -r "password\s*=\s*['"]" src/ --include="*.ts" | grep -v "process.env"; then echo "❌ 发现硬编码密码！" exit 1 fi echo "✅ 未检测到硬编码密钥"

7. Test Suite

7. 测试套件

echo "\n7️⃣ Running Test Suite..." npm test -- --coverage if [ $? -ne 0 ]; then echo "❌ Tests failed" exit 1 fi echo "✅ Tests passed"

echo "\n7️⃣ 运行测试套件..." npm test -- --coverage if [ $? -ne 0 ]; then echo "❌ 测试失败" exit 1 fi echo "✅ 测试通过"

8. Test Coverage Check

8. 测试覆盖率检查

echo "\n8️⃣ Checking Test Coverage..." COVERAGE=$(npm test -- --coverage --silent | grep "All files" | awk '{print $10}' | sed 's/%//') if (( $(echo "$COVERAGE < 75" | bc -l) )); then echo "⚠️ Test coverage is $COVERAGE% (target: 75%)" else echo "✅ Test coverage is $COVERAGE%" fi

undefined

echo "\n8️⃣ 检查测试覆盖率..." COVERAGE=$(npm test -- --coverage --silent | grep "All files" | awk '{print $10}' | sed 's/%//') if (( $(echo "$COVERAGE < 75" | bc -l) )); then echo "⚠️ 测试覆盖率为$COVERAGE%（目标：75%）" else echo "✅ 测试覆盖率为$COVERAGE%" fi

undefined

4B. API Validation

4B. API验证

typescript

// tests/validation/api-validation.test.ts
import request from 'supertest';
import { app } from '../../src/index';

describe('API Validation', () => {
  describe('Response Format Standards', () => {
    it('should return consistent JSON structure', async () => {
      const res = await request(app).get('/api/v1/health');

      expect(res.status).toBe(200);
      expect(res.body).toHaveProperty('success');
      expect(res.body).toHaveProperty('data');
      expect(typeof res.body.success).toBe('boolean');
    });

    it('should handle errors with proper format', async () => {
      const res = await request(app).get('/api/v1/requirements/invalid-id');

      expect(res.status).toBeGreaterThanOrEqual(400);
      expect(res.body).toHaveProperty('success', false);
      expect(res.body).toHaveProperty('message');
    });
  });

  describe('API Versioning', () => {
    it('all endpoints should be under /api/v1', async () => {
      const res = await request(app).get('/api/v1/health');
      expect(res.status).not.toBe(404);
    });
  });

  describe('Rate Limiting', () => {
    it('should enforce rate limits', async () => {
      const requests = Array(100).fill(null).map(() =>
        request(app).get('/api/v1/requirements')
      );

      const responses = await Promise.all(requests);
      const rateLimited = responses.some(r => r.status === 429);

      expect(rateLimited).toBe(true);
    });
  });

  describe('Input Validation', () => {
    it('should reject invalid input', async () => {
      const res = await request(app)
        .post('/api/v1/requirements')
        .send({ title: '', priority: 'invalid' }); // Invalid data

      expect(res.status).toBe(400);
      expect(res.body.success).toBe(false);
    });

    it('should sanitize SQL injection attempts', async () => {
      const res = await request(app)
        .get('/api/v1/requirements')
        .query({ sortBy: "'; DROP TABLE requirements; --" });

      expect(res.status).not.toBe(500); // Should handle gracefully
    });
  });
});

typescript

// tests/validation/api-validation.test.ts
import request from 'supertest';
import { app } from '../../src/index';

describe('API Validation', () => {
  describe('响应格式标准', () => {
    it('应返回一致的JSON结构', async () => {
      const res = await request(app).get('/api/v1/health');

      expect(res.status).toBe(200);
      expect(res.body).toHaveProperty('success');
      expect(res.body).toHaveProperty('data');
      expect(typeof res.body.success).toBe('boolean');
    });

    it('应使用正确格式处理错误', async () => {
      const res = await request(app).get('/api/v1/requirements/invalid-id');

      expect(res.status).toBeGreaterThanOrEqual(400);
      expect(res.body).toHaveProperty('success', false);
      expect(res.body).toHaveProperty('message');
    });
  });

  describe('API版本控制', () => {
    it('所有端点应位于/api/v1路径下', async () => {
      const res = await request(app).get('/api/v1/health');
      expect(res.status).not.toBe(404);
    });
  });

  describe('限流', () => {
    it('应执行限流策略', async () => {
      const requests = Array(100).fill(null).map(() =>
        request(app).get('/api/v1/requirements')
      );

      const responses = await Promise.all(requests);
      const rateLimited = responses.some(r => r.status === 429);

      expect(rateLimited).toBe(true);
    });
  });

  describe('输入验证', () => {
    it('应拒绝无效输入', async () => {
      const res = await request(app)
        .post('/api/v1/requirements')
        .send({ title: '', priority: 'invalid' }); // 无效数据

      expect(res.status).toBe(400);
      expect(res.body.success).toBe(false);
    });

    it('应清理SQL注入尝试', async () => {
      const res = await request(app)
        .get('/api/v1/requirements')
        .query({ sortBy: "'; DROP TABLE requirements; --" });

      expect(res.status).not.toBe(500); // 应优雅处理
    });
  });
});

4C. Database Validation

4C. 数据库验证

sql

-- scripts/validate-database.sql
-- Run this to validate database health

-- 1. Check for missing indexes
SELECT
  schemaname,
  tablename,
  indexname
FROM pg_indexes
WHERE schemaname = 'public'
ORDER BY tablename;

-- 2. Find slow queries (from pg_stat_statements)
SELECT
  query,
  calls,
  total_time,
  mean_time,
  max_time
FROM pg_stat_statements
WHERE mean_time > 100 -- Queries slower than 100ms
ORDER BY mean_time DESC
LIMIT 20;

-- 3. Check table sizes
SELECT
  schemaname,
  tablename,
  pg_size_pretty(pg_total_relation_size(schemaname||'.'||tablename)) AS size
FROM pg_tables
WHERE schemaname = 'public'
ORDER BY pg_total_relation_size(schemaname||'.'||tablename) DESC;

-- 4. Check for unused indexes
SELECT
  schemaname,
  tablename,
  indexname,
  idx_scan as index_scans
FROM pg_stat_user_indexes
WHERE idx_scan = 0
  AND indexrelname NOT LIKE '%_pkey'
ORDER BY pg_relation_size(indexrelid) DESC;

-- 5. Connection pool health
SELECT
  count(*),
  state
FROM pg_stat_activity
WHERE datname = current_database()
GROUP BY state;

sql

-- scripts/validate-database.sql
-- 运行此脚本验证数据库健康状态

-- 1. 检查缺失的索引
SELECT
  schemaname,
  tablename,
  indexname
FROM pg_indexes
WHERE schemaname = 'public'
ORDER BY tablename;

-- 2. 查找慢查询（来自pg_stat_statements）
SELECT
  query,
  calls,
  total_time,
  mean_time,
  max_time
FROM pg_stat_statements
WHERE mean_time > 100 -- 慢于100ms的查询
ORDER BY mean_time DESC
LIMIT 20;

-- 3. 检查表大小
SELECT
  schemaname,
  tablename,
  pg_size_pretty(pg_total_relation_size(schemaname||'.'||tablename)) AS size
FROM pg_tables
WHERE schemaname = 'public'
ORDER BY pg_total_relation_size(schemaname||'.'||tablename) DESC;

-- 4. 查找未使用的索引
SELECT
  schemaname,
  tablename,
  indexname,
  idx_scan as index_scans
FROM pg_stat_user_indexes
WHERE idx_scan = 0
  AND indexrelname NOT LIKE '%_pkey'
ORDER BY pg_relation_size(indexrelid) DESC;

-- 5. 连接池健康状态
SELECT
  count(*),
  state
FROM pg_stat_activity
WHERE datname = current_database()
GROUP BY state;

4D. Security Validation

4D. 安全验证

bash

undefined

bash

undefined

scripts/security-audit.sh

echo "🔒 Security Audit" echo "================"

echo "🔒 安全审计" echo "================"

1. Check for known vulnerabilities

1. 检查已知漏洞

echo "\n1️⃣ Checking npm dependencies for vulnerabilities..." npm audit --audit-level=moderate if [ $? -ne 0 ]; then echo "⚠️ Vulnerabilities found in dependencies" fi

echo "\n1️⃣ 检查npm依赖项漏洞..." npm audit --audit-level=moderate if [ $? -ne 0 ]; then echo "⚠️ 依赖项中发现漏洞" fi

2. Check for exposed secrets

2. 扫描暴露的密钥

echo "\n2️⃣ Scanning for exposed secrets..." if command -v gitleaks &> /dev/null; then gitleaks detect --source . --verbose else echo "⚠️ gitleaks not installed (recommended: brew install gitleaks)" fi

echo "\n2️⃣ 扫描暴露的密钥..." if command -v gitleaks &> /dev/null; then gitleaks detect --source . --verbose else echo "⚠️ 未安装gitleaks（推荐：brew install gitleaks）" fi

3. Check OWASP dependencies

3. OWASP依赖项检查

echo "\n3️⃣ OWASP Dependency Check..." if command -v dependency-check &> /dev/null; then dependency-check --project "Project Conductor" --scan . else echo "⚠️ OWASP dependency-check not installed" fi

echo "\n3️⃣ OWASP依赖项检查..." if command -v dependency-check &> /dev/null; then dependency-check --project "Project Conductor" --scan . else echo "⚠️ 未安装OWASP dependency-check" fi

4. Check environment variables

4. 环境变量检查

echo "\n4️⃣ Environment Variable Check..." REQUIRED_ENVS=("DATABASE_URL" "REDIS_URL" "JWT_SECRET" "NODE_ENV") for env in "${REQUIRED_ENVS[@]}"; do if [ -z "${!env}" ]; then echo "⚠️ Missing environment variable: $env" else echo "✅ $env is set" fi done

echo "\n4️⃣ 环境变量检查..." REQUIRED_ENVS=("DATABASE_URL" "REDIS_URL" "JWT_SECRET" "NODE_ENV") for env in "${REQUIRED_ENVS[@]}"; do if [ -z "${!env}" ]; then echo "⚠️ 缺少环境变量：$env" else echo "✅ $env已设置" fi done

5. SSL/TLS Configuration

5. SSL/TLS配置

echo "\n5️⃣ Checking SSL/TLS..." if [ "$NODE_ENV" = "production" ]; then if [ -z "$SSL_CERT" ] || [ -z "$SSL_KEY" ]; then echo "⚠️ SSL certificates not configured for production" else echo "✅ SSL configured" fi fi

undefined

echo "\n5️⃣ 检查SSL/TLS..." if [ "$NODE_ENV" = "production" ]; then if [ -z "$SSL_CERT" ] || [ -z "$SSL_KEY" ]; then echo "⚠️ 生产环境未配置SSL证书" else echo "✅ SSL已配置" fi fi

undefined

4E. Performance Validation

4E. 性能验证

typescript

// tests/validation/performance.test.ts
import request from 'supertest';
import { app } from '../../src/index';

describe('Performance Validation', () => {
  describe('Response Times', () => {
    it('API should respond in <200ms (p95)', async () => {
      const times: number[] = [];

      // Make 100 requests
      for (let i = 0; i < 100; i++) {
        const start = Date.now();
        await request(app).get('/api/v1/requirements');
        times.push(Date.now() - start);
      }

      times.sort((a, b) => a - b);
      const p95 = times[Math.floor(times.length * 0.95)];

      console.log(`P95 response time: ${p95}ms`);
      expect(p95).toBeLessThan(200);
    });

    it('cached requests should be <50ms', async () => {
      // Prime cache
      await request(app).get('/api/v1/requirements?page=1');

      // Measure cached request
      const start = Date.now();
      await request(app).get('/api/v1/requirements?page=1');
      const duration = Date.now() - start;

      expect(duration).toBeLessThan(50);
    });
  });

  describe('Memory Leaks', () => {
    it('should not leak memory over 1000 requests', async () => {
      const initialMemory = process.memoryUsage().heapUsed;

      // Make 1000 requests
      for (let i = 0; i < 1000; i++) {
        await request(app).get('/api/v1/health');
      }

      // Force garbage collection if available
      if (global.gc) {
        global.gc();
      }

      const finalMemory = process.memoryUsage().heapUsed;
      const memoryIncrease = finalMemory - initialMemory;

      // Memory should not increase by more than 50MB
      expect(memoryIncrease).toBeLessThan(50 * 1024 * 1024);
    });
  });
});

typescript

// tests/validation/performance.test.ts
import request from 'supertest';
import { app } from '../../src/index';

describe('性能验证', () => {
  describe('响应时间', () => {
    it('API响应时间应<200ms（p95）', async () => {
      const times: number[] = [];

      // 发起100次请求
      for (let i = 0; i < 100; i++) {
        const start = Date.now();
        await request(app).get('/api/v1/requirements');
        times.push(Date.now() - start);
      }

      times.sort((a, b) => a - b);
      const p95 = times[Math.floor(times.length * 0.95)];

      console.log(`P95响应时间: ${p95}ms`);
      expect(p95).toBeLessThan(200);
    });

    it('缓存请求响应时间应<50ms', async () => {
      // 预热缓存
      await request(app).get('/api/v1/requirements?page=1');

      // 测量缓存请求时间
      const start = Date.now();
      await request(app).get('/api/v1/requirements?page=1');
      const duration = Date.now() - start;

      expect(duration).toBeLessThan(50);
    });
  });

  describe('内存泄漏', () => {
    it('发起1000次请求后不应出现内存泄漏', async () => {
      const initialMemory = process.memoryUsage().heapUsed;

      // 发起1000次请求
      for (let i = 0; i < 1000; i++) {
        await request(app).get('/api/v1/health');
      }

      // 如果可用则强制执行垃圾回收
      if (global.gc) {
        global.gc();
      }

      const finalMemory = process.memoryUsage().heapUsed;
      const memoryIncrease = finalMemory - initialMemory;

      // 内存增长不应超过50MB
      expect(memoryIncrease).toBeLessThan(50 * 1024 * 1024);
    });
  });
});

4F. Deployment Validation (Render Specific)

4F. 部署验证（针对Render平台）

bash

undefined

bash

undefined

scripts/render-deployment-validation.sh

Based on lessons learned from production deployment

基于生产环境部署经验总结

echo "🚀 Render Deployment Validation" echo "==============================="

echo "🚀 Render部署验证" echo "==============================="

1. Check for files in /public

1. 检查/public目录下的文件

echo "\n1️⃣ Validating static files..." PUBLIC_FILES=$(ls -la public/*.html 2>/dev/null | wc -l) if [ $PUBLIC_FILES -gt 0 ]; then echo "✅ Found $PUBLIC_FILES HTML files in /public" else echo "⚠️ No HTML files in /public directory" fi

echo "\n1️⃣ 验证静态文件..." PUBLIC_FILES=$(ls -la public/*.html 2>/dev/null | wc -l) if [ $PUBLIC_FILES -gt 0 ]; then echo "✅ 在/public目录下找到$PUBLIC_FILES个HTML文件" else echo "⚠️ /public目录下无HTML文件" fi

2. Check for explicit routes that might override static middleware

2. 检查可能覆盖静态中间件的显式路由

echo "\n2️⃣ Checking for route conflicts..." EXPLICIT_ROUTES=$(grep -n ".sendFile.*publicDir" src/index.ts | wc -l) if [ $EXPLICIT_ROUTES -gt 0 ]; then echo "⚠️ Found $EXPLICIT_ROUTES explicit routes for /public files" echo " These may override static middleware - review needed" grep -n ".sendFile.*publicDir" src/index.ts fi

echo "\n2️⃣ 检查路由冲突..." EXPLICIT_ROUTES=$(grep -n ".sendFile.*publicDir" src/index.ts | wc -l) if [ $EXPLICIT_ROUTES -gt 0 ]; then echo "⚠️ 发现$EXPLICIT_ROUTES条针对/public文件的显式路由" echo " 这些路由可能覆盖静态中间件 - 需要评审" grep -n ".sendFile.*publicDir" src/index.ts fi

3. Check for hardcoded localhost URLs

3. 检查硬编码的localhost URL

echo "\n3️⃣ Checking for hardcoded URLs..." if grep -r "localhost:3000" public/ src/ --include=".ts" --include=".js" --include="*.html"; then echo "⚠️ Hardcoded localhost URLs found - will break on Render" else echo "✅ No hardcoded localhost URLs" fi

echo "\n3️⃣ 检查硬编码URL..." if grep -r "localhost:3000" public/ src/ --include=".ts" --include=".js" --include="*.html"; then echo "⚠️ 发现硬编码localhost URL - 在Render平台会失效" else echo "✅ 未发现硬编码localhost URL" fi

4. Verify environment variables are used

4. 验证是否使用环境变量

echo "\n4️⃣ Checking environment variable usage..." if grep -r "process.env.PORT" src/index.ts > /dev/null; then echo "✅ PORT uses environment variable" else echo "❌ PORT is hardcoded - Render requires process.env.PORT" fi

echo "\n4️⃣ 检查环境变量使用情况..." if grep -r "process.env.PORT" src/index.ts > /dev/null; then echo "✅ PORT使用环境变量" else echo "❌ PORT为硬编码 - Render平台要求使用process.env.PORT" fi

5. Build test

5. 生产构建测试

echo "\n5️⃣ Testing production build..." npm run build if [ $? -eq 0 ]; then echo "✅ Production build successful" else echo "❌ Production build failed" exit 1 fi

echo "\n5️⃣ 测试生产构建..." npm run build if [ $? -eq 0 ]; then echo "✅ 生产构建成功" else echo "❌ 生产构建失败" exit 1 fi

6. Check git tracking

6. 检查Git追踪情况

echo "\n6️⃣ Checking git status..." UNTRACKED=$(git ls-files --others --exclude-standard public/ | wc -l) if [ $UNTRACKED -gt 0 ]; then echo "⚠️ Untracked files in /public:" git ls-files --others --exclude-standard public/ echo " These files won't deploy to Render!" else echo "✅ All /public files are tracked in git" fi

undefined

echo "\n6️⃣ 检查Git状态..." UNTRACKED=$(git ls-files --others --exclude-standard public/ | wc -l) if [ $UNTRACKED -gt 0 ]; then echo "⚠️ /public目录下存在未追踪文件：" git ls-files --others --exclude-standard public/ echo " 这些文件不会部署到Render平台！" else echo "✅ /public目录下所有文件均已被Git追踪" fi

undefined

Step 5: Generate Validation Report

步骤5：生成验证报告

markdown

undefined

markdown

undefined

Validation Report

验证报告

Project: Project Conductor Date: [ISO timestamp] Validator: validation-expert skill Status: [PASS/FAIL/WARNING]

项目: Project Conductor 日期: [ISO时间戳] 验证者: validation-expert技能状态: [通过/失败/警告]

Summary

摘要

Code Quality: [PASS/FAIL] - [details]
API Design: [PASS/FAIL] - [details]
Database: [PASS/FAIL] - [details]
Security: [PASS/FAIL] - [details]
Performance: [PASS/FAIL] - [details]
Testing: [PASS/FAIL] - [details]
Deployment: [PASS/FAIL] - [details]

代码质量: [通过/失败] - [详情]
API设计: [通过/失败] - [详情]
数据库: [通过/失败] - [详情]
安全: [通过/失败] - [详情]
性能: [通过/失败] - [详情]
测试: [通过/失败] - [详情]
部署: [通过/失败] - [详情]

Critical Issues (must fix before production)

关键问题（生产环境前必须修复）

[Issue with severity]
[Issue with severity]

[带严重程度的问题]
[带严重程度的问题]

Warnings (recommended to fix)

警告（建议修复）

[Warning with recommendation]
[Warning with recommendation]

[带建议的警告]
[带建议的警告]

Passed Validations

通过的验证项

✅ [Check description]
✅ [Check description]

✅ [检查项描述]
✅ [检查项描述]

Metrics

指标

Test Coverage: [percentage]%
TypeScript Strict: [pass/fail]
API Response Time (p95): [ms]
Database Query Time (p95): [ms]
Security Vulnerabilities: [count]
Linting Issues: [count]

测试覆盖率: [百分比]%
TypeScript严格模式: [通过/失败]
API响应时间（p95）: [ms]
数据库查询时间（p95）: [ms]
安全漏洞数量: [数量]
代码检查问题数量: [数量]

Next Steps

下一步行动

Fix critical issues: [list]
Address warnings: [list]
Re-run validation:
```
npm run validate
```
If all pass: Ready for deployment ✅

修复关键问题：[列表]
处理警告项：[列表]
重新运行验证：
```
npm run validate
```
若全部通过：可部署至生产环境 ✅

Recommendations Based on Research

基于研究的建议

[Insert findings from codex-deep-research agent]

Industry best practices not yet implemented
Tools to consider adding
Patterns to adopt

undefined

[插入codex-deep-research代理的发现]

尚未实现的行业最佳实践
可考虑添加的工具
应采用的模式

undefined

Validation Commands

验证命令

json

// Add to package.json scripts
{
  "scripts": {
    "validate": "bash scripts/comprehensive-validation.sh",
    "validate:security": "bash scripts/security-audit.sh",
    "validate:deploy": "bash scripts/render-deployment-validation.sh",
    "validate:db": "psql $DATABASE_URL -f scripts/validate-database.sql",
    "validate:all": "npm run validate && npm run validate:security && npm run validate:deploy"
  }
}

json

// 添加至package.json的scripts中
{
  "scripts": {
    "validate": "bash scripts/comprehensive-validation.sh",
    "validate:security": "bash scripts/security-audit.sh",
    "validate:deploy": "bash scripts/render-deployment-validation.sh",
    "validate:db": "psql $DATABASE_URL -f scripts/validate-database.sql",
    "validate:all": "npm run validate && npm run validate:security && npm run validate:deploy"
  }
}

Success Criteria

成功标准

Validation PASSES when:

✅ All tests pass with >75% coverage
✅ TypeScript compilation succeeds (strict mode)
✅ No critical security vulnerabilities
✅ API response times <200ms (p95)
✅ Database queries <50ms (p95)
✅ No hardcoded secrets or passwords
✅ All /public files tracked in git
✅ Production build succeeds
✅ No route conflicts for static files

验证通过的条件：

✅ 所有测试通过且覆盖率>75%
✅ TypeScript严格模式编译成功
✅ 无严重安全漏洞
✅ API响应时间<200ms（p95）
✅ 数据库查询时间<50ms（p95）
✅ 无硬编码密钥或密码
✅ 所有/public文件均已被Git追踪
✅ 生产构建成功
✅ 无静态文件路由冲突

Integration with CI/CD

与CI/CD集成

yaml

undefined

yaml

undefined

.github/workflows/validation.yml

name: Validation Pipeline

on: [push, pull_request]

jobs: validate: runs-on: ubuntu-latest steps: - uses: actions/checkout@v3 - uses: actions/setup-node@v3 with: node-version: '20'

  - name: Install dependencies
    run: npm ci

  - name: Run comprehensive validation
    run: npm run validate:all

  - name: Upload coverage
    uses: codecov/codecov-action@v3
    with:
      files: ./coverage/lcov.info

undefined

name: 验证流水线

on: [push, pull_request]

jobs: validate: runs-on: ubuntu-latest steps: - uses: actions/checkout@v3 - uses: actions/setup-node@v3 with: node-version: '20'

  - name: 安装依赖
    run: npm ci

  - name: 运行全面验证
    run: npm run validate:all

  - name: 上传覆盖率
    uses: codecov/codecov-action@v3
    with:
      files: ./coverage/lcov.info

undefined

Example Invocation

调用示例

User: "Is Project Conductor ready for production deployment?"

This skill will:

Run all validation scripts
Research best practices via codex-deep-research
Check for AI-powered validation tools via gemini-research-analyst
Generate comprehensive validation report
Provide specific recommendations with fixes

用户：“Project Conductor是否已准备好部署至生产环境？”

此技能将：

运行所有验证脚本
通过codex-deep-research研究最佳实践
通过gemini-research-analyst检查AI驱动的验证工具
生成全面验证报告
提供带修复方案的具体建议