site-launch-checklist
Compare original and translation side by side
🇺🇸
Original
English🇨🇳
Translation
ChineseSite Launch Checklist
网站上线检查清单
Pre-launch audit and setup workflow for shipping a new website. Opinionated for Cloudflare DNS + Vercel hosting + PostHog + Legal context.
新网站上线前的审计与配置工作流。针对Cloudflare DNS + Vercel托管 + PostHog + 法律场景提供针对性方案。
Interaction style (READ FIRST)
交互风格(请先阅读)
This skill is intentionally interactive. Use aggressively instead of assuming. Ask one question at a time with 2-4 tappable options. The user will tap, not type.
ask_user_input_v0Always ask these questions at the start of a run (one at a time, in this order):
- Site type: |
doc-site|marketing/lead-gen|SaaS-app|training/paid-coursepersonal-portfolio - Migration: |
greenfield-new-domain|migration-need-301-redirectsreplacing-existing-on-same-domain - Multilingual: |
single-locale|en|fr+enother-multi - PostHog setup: |
hogpost.samber.dev|set-up-new-proxyskip-PostHog - AI scraper policy: |
use-default-for-site-type|customize-per-botblock-all - Browser tool available: |
claude-chrome-extension|playwrightneither-skip-browser-checks
Ask again at every decision point throughout the phases, including:
- Whether to install Sentry / BetterStack / Crisp (depends on site type, ask explicitly)
- www vs apex canonical preference (most sites: apex; ask anyway)
- Which AI bots to allow if user chose
customize-per-bot - CSP tightness level: |
strict-default-src-none|balanced-allow-selfpermissive-for-marketing - Whether to skip a phase entirely (e.g., skip Phase 3 if non-FR site)
Never proceed past a decision point without explicit user input. Verbose checklists without checkpoints are not the goal.
Never install any MCP server or skill without explicit user confirmation. Always ask via before running , , or any equivalent install command — even when the skill selection workflow proposes a curated subset.
ask_user_input_v0npx skills addclaude mcp add本技能为交互式设计。请积极使用,而非自行假设。每次提出一个问题,并提供2-4个可点击选项。用户将通过点击而非输入来回应。
ask_user_input_v0在运行开始时必须依次提出以下问题(每次一个,按顺序):
- 网站类型:(文档站)|
doc-site(营销/获客站)|marketing/lead-gen(SaaS应用)|SaaS-app(培训/付费课程站)|training/paid-course(个人作品集)personal-portfolio - 迁移类型:(全新域名)|
greenfield-new-domain(需301重定向的迁移)|migration-need-301-redirects(同域名替换现有站点)replacing-existing-on-same-domain - 多语言支持:(单语言)|
single-locale(英文)|en(法英双语)|fr+en(其他多语言)other-multi - PostHog配置:|
hogpost.samber.dev(配置新代理)|set-up-new-proxy(跳过PostHog)skip-PostHog - AI爬虫政策:(使用对应网站类型的默认政策)|
use-default-for-site-type(针对每个爬虫自定义)|customize-per-bot(全部拦截)block-all - 可用浏览器工具:(Claude Chrome扩展)|
claude-chrome-extension|playwright(均不可用,跳过浏览器检查)neither-skip-browser-checks
在各阶段的每个决策点都需再次询问,包括:
- 是否安装Sentry / BetterStack / Crisp(取决于网站类型,需明确询问)
- www域名与 apex域名的规范偏好(多数站点推荐apex域名,但仍需询问)
- 若用户选择,需确认允许哪些AI爬虫
customize-per-bot - CSP严格程度:(最严格,默认禁止所有资源)|
strict-default-src-none(平衡模式,允许自有资源)|balanced-allow-self(宽松模式,适配营销需求)permissive-for-marketing - 是否完全跳过某个阶段(例如非法语站点可跳过阶段3)
未获得用户明确输入前,不得越过任何决策点。本技能的目标并非冗长的无交互检查清单。
未经用户明确确认,不得安装任何MCP服务器或技能。在运行、或任何等效安装命令前,必须通过询问用户——即使技能选择工作流推荐了精选子集。
npx skills addclaude mcp addask_user_input_v0How to use this skill
如何使用本技能
- Run the start-of-session questions above.
- Walk the user through phases 1-10 in order. For each phase: a. List items, ask if any should be skipped. b. For each remaining item, run the verification command (see "Verification tools" below). c. Report pass/fail. On fail, ask the user if they want to fix now or queue for later.
- End with a status report grouped by phase, with blockers, recommended fixes, and optional improvements clearly separated.
- 运行上述会话初始问题。
- 按顺序引导用户完成阶段1至阶段10。每个阶段需:a. 列出检查项,询问是否有需要跳过的项;b. 对剩余的每个检查项,运行验证命令(见下文“验证工具”);c. 报告通过/未通过结果。若未通过,询问用户是立即修复还是延后处理。
- 最后按阶段输出状态报告,明确区分阻塞项、推荐修复项和可选优化项。
Companion skills
配套技能
Six skill packs are useful for site launches. Never install full multi-skill packs. The actual subset to install is decided at invocation time based on the site type the user confirms.
有六个技能包适用于网站上线。不得安装完整的多技能包。需根据用户确认的网站类型,在调用时决定实际安装的子集。
Pack inventory
技能包清单
| Pack | What it covers | Typically useful for |
|---|---|---|
| SEO + GEO + schema + hreflang + sitemaps audits, parallel sub-agents | All site types |
| Lighthouse, Core Web Vitals, accessibility, performance, best practices | All site types |
| Security audit (OWASP, headers, dependencies) | All site types |
| 20 SEO+GEO skills, CORE-EEAT + CITE frameworks, | Content-heavy sites, competitive niches |
| ~30 marketing skills (CRO, copywriting, ads, popups, email, paywalls, etc.) | |
| 33 developer-marketing skills (persona, docs-as-marketing, technical tutorials, etc.) | |
| 技能包 | 覆盖范围 | 适用场景 |
|---|---|---|
| SEO + 地域化 + Schema + hreflang + 站点地图审计,并行子Agent | 所有网站类型 |
| Lighthouse、Core Web Vitals、无障碍、性能、最佳实践 | 所有网站类型 |
| 安全审计(OWASP、安全头、依赖项) | 所有网站类型 |
| 20项SEO+地域化技能,CORE-EEAT + CITE框架, | 内容密集型站点、竞争激烈的细分领域 |
| 约30项营销技能(转化率优化、文案、广告、弹窗、邮件、付费墙等) | |
| 33项开发者营销技能(用户画像、文档即营销、技术教程等) | |
Skill selection workflow (run at session start)
技能选择工作流(会话开始时运行)
After the user confirms site type, for each pack relevant to that site type:
- List available sub-skills:
npx skills add owner/repo --list - Propose a curated subset based on site type and the phases this skill will execute. Match each phase's needs to specific sub-skills the listing returns.
- Confirm with the user via . Use multi-select when the proposed list has more than 3 items, single-select (
ask_user_input_v0|install-as-proposed|let-me-modify) otherwise.skip-this-pack - Bulk install the agreed subset:
npx skills add owner/repo --skill A B C
Rules:
- Sub-skill names live in the pack, not in this SKILL.md. Always query for the current state. Pack contents change.
--list - Never run without
npx skills add owner/repo(that installs everything).--skill - Site type → packs mapping (which packs to enumerate, sub-skills still selected per workflow):
- : claude-seo, web-quality-skills, trailofbits, seo-geo-claude-skills, devmarketing-skills
doc-site - : claude-seo, web-quality-skills, trailofbits, seo-geo-claude-skills, marketingskills
marketing/lead-gen - : all six
SaaS-app - : claude-seo, web-quality-skills, trailofbits, marketingskills
training/paid-course - : claude-seo, web-quality-skills, trailofbits, seo-geo-claude-skills (lightweight subset)
personal-portfolio
- If the user later requests a phase that needs a sub-skill not yet installed, run the workflow again for that single sub-skill rather than re-installing the whole subset.
This avoids importing 80+ skills the user does not need, avoids going stale on sub-skill names, and avoids overfitting to a single pack version.
When delegating during a phase, do not duplicate work this skill orchestrates. Call the specialist with a narrow scope (e.g., "run only the security headers sub-audit on URL X").
用户确认网站类型后,对每个与该网站类型相关的技能包执行以下步骤:
- 列出可用子技能:
npx skills add owner/repo --list - 根据网站类型和本技能将执行的阶段,推荐精选子集。将每个阶段的需求与技能列表返回的具体子技能匹配。
- 通过与用户确认。若推荐列表超过3项,使用多选;否则使用单选(
ask_user_input_v0(按推荐安装)|install-as-proposed(让我修改)|let-me-modify(跳过此技能包))。skip-this-pack - 批量安装协商后的子集:
npx skills add owner/repo --skill A B C
规则:
- 子技能名称属于技能包,不在本SKILL.md中。需始终通过查询当前状态,技能包内容会更新。
--list - 不得在未添加参数的情况下运行
--skill(这会安装所有子技能)。npx skills add owner/repo - 网站类型→技能包映射(需枚举的技能包,子技能仍按工作流选择):
- :claude-seo、web-quality-skills、trailofbits、seo-geo-claude-skills、devmarketing-skills
doc-site - :claude-seo、web-quality-skills、trailofbits、seo-geo-claude-skills、marketingskills
marketing/lead-gen - :全部六个技能包
SaaS-app - :claude-seo、web-quality-skills、trailofbits、marketingskills
training/paid-course - :claude-seo、web-quality-skills、trailofbits、seo-geo-claude-skills(轻量子集)
personal-portfolio
- 若用户后续请求的阶段需要尚未安装的子技能,仅针对该单个子技能重新运行工作流,而非重新安装整个子集。
此举可避免导入80+项用户不需要的技能,避免子技能名称过时,同时避免过度依赖单一技能包版本。
在阶段中委托任务时,不得重复本技能已统筹的工作。需向专业技能传递明确的窄范围需求(例如:“仅对URL X运行安全头子审计”)。
Copywriting voice and humanizer pass
文案风格与人工化处理
Every site has visible marketing copy (hero, features, CTAs, meta descriptions, OG descriptions, blog posts, 404 page text). Two layers of polish are mandatory before launch:
每个网站都有可见的营销文案(首页Hero区、功能介绍、CTA按钮、元描述、OG描述、博客文章、404页面文本)。上线前必须完成两层打磨:
1. Define TONE.md
once per site
TONE.md1. 为每个网站定义TONE.md
TONE.mdAsk the user (): "Does this site already have a ?" ( | | ).
ask_user_input_v0TONE.mdyes-already-existsno-create-from-templateskip-use-defaultIf creating: write it to or repo root . See (section "TONE.md template") for the structure.
.agents/TONE.mdTONE.mdreferences/templates.mdTONE.md specifies: voice (terse, contrarian, etc.), forbidden patterns (e.g., "delve", "crucial", em dashes, AI-sounding openers), sentence length preference, audience reading level, examples of good and bad sentences from the user's own writing.
询问用户():“该网站已有吗?”((已有)| (没有,从模板创建)| (跳过,使用默认))。
ask_user_input_v0TONE.mdyes-already-existsno-create-from-templateskip-use-default若创建:将其写入或仓库根目录的。结构参考中的“TONE.md模板”章节。
.agents/TONE.mdTONE.mdreferences/templates.mdTONE.md需明确:语气风格(简洁、逆向思维等)、禁用表述(例如“深入探讨”“至关重要”、破折号、AI风格的开头)、句子长度偏好、受众阅读水平、用户自身写作中的优劣示例。
2. Run a humanizer pass in the matching language
2. 使用对应语言进行人工化处理
After every drafting step (whether by a copywriting skill, by hand, or by Claude directly), run a humanizer to strip AI patterns.
Ask the user () for the site's primary audience language at the start of the session if not already known:
ask_user_input_v0- →
english-globalnpx skills add https://github.com/blader/humanizer --skill humanizer - → use
french(custom French humanizer) or equivalent French-tuned skillsamber/humaniseur-fr - → install matching humanizer if available; otherwise the skill writes a short language-specific anti-pattern checklist inline
other
Apply the humanizer to: hero copy, feature descriptions, CTA buttons, meta descriptions, OG/Twitter card descriptions, blog posts, email signup confirmations, 404 page text. Skip for legal pages (mentions légales, CGV) since they have rigid wording requirements.
每次起草完成后(无论是通过文案技能、手动编写还是Claude直接生成),需运行人工化处理以去除AI生成痕迹。
若尚未知晓网站的主要受众语言,在会话开始时询问用户():
ask_user_input_v0- (全球英文)→
english-globalnpx skills add https://github.com/blader/humanizer --skill humanizer - (法语)→ 使用
french(自定义法语人工化工具)或等效的法语适配技能samber/humaniseur-fr - (其他语言)→ 若有匹配的人工化工具则安装;否则技能会内联生成简短的语言特定反模式检查清单
other
人工化处理需覆盖:首页Hero文案、功能描述、CTA按钮、元描述、OG/Twitter卡片描述、博客文章、邮件注册确认、404页面文本。法律页面(mentions légales、CGV)因措辞严格可跳过。
3. Always reference TONE.md when invoking copywriting skills
3. 调用文案技能时始终参考TONE.md
When delegating to any copywriting or content-writing sub-skill (selected at invocation per the skill selection workflow), include in the prompt context. Pass voice constraints explicitly: "Follow . Avoid the listed patterns. Apply the humanizer after drafting."
TONE.md.agents/TONE.md委托任何文案或内容写作子技能时(根据技能选择工作流在调用时选定,通常来自SEO+地域化和营销技能包),需在提示上下文包含。明确传递语气约束:“遵循。避免列出的禁用模式。起草后应用人工化处理。”
TONE.md.agents/TONE.mdBrowser interaction preference
浏览器交互偏好
Many checks require a real browser (Lighthouse runs, securityheaders.com scan, opengraph.xyz validation, Twitter card validator, mobile viewport, screen reader smoke, Network tab inspection).
Always prefer the Claude Chrome extension. Fall back to Playwright only if the Chrome extension is unavailable. If neither is available, ask the user () whether to skip browser checks entirely or wait until they enable one.
ask_user_input_v0许多检查需要真实浏览器(Lighthouse运行、securityheaders.com扫描、opengraph.xyz验证、Twitter卡片验证、移动端视口、屏幕阅读器快速测试、网络面板检查)。
优先使用Claude Chrome扩展。仅当Chrome扩展不可用时才 fallback到Playwright。若两者均不可用,询问用户()是完全跳过浏览器检查还是等待启用其中一个工具。
ask_user_input_v0Verification tools
验证工具
Most checks are doable from the command line without third-party services. Use these tools inline at every phase. Don't trust panels in Cloudflare/Vercel/Google dashboards alone, verify with curl.
DNS (Phase 1):
bash
dig +short A example.com # A record
dig +short AAAA example.com # AAAA (IPv6)
dig +short MX example.com # MX (mail)
dig +short TXT example.com # SPF + verification TXT
dig +short TXT _dmarc.example.com # DMARC
dig +short TXT default._domainkey.example.com # DKIM (selector varies)
dig +short CAA example.com # CAA
dig +dnssec example.com | grep RRSIG # DNSSEC activeTLS / HTTPS (Phase 1):
bash
curl -sIL https://example.com | head # follow redirects
curl -sI https://www.example.com # check www handling
openssl s_client -showcerts -connect example.com:443 < /dev/null 2>/dev/null | openssl x509 -noout -datesHeaders (Phase 4):
bash
curl -sI https://example.com | grep -iE 'content-security-policy|strict-transport-security|x-frame-options|x-content-type-options|referrer-policy|permissions-policy'大多数检查可通过命令行完成,无需第三方服务。在每个阶段内联使用这些工具。不要仅依赖Cloudflare/Vercel/Google控制台的面板,需用curl验证。
DNS(阶段1):
bash
dig +short A example.com # A记录
dig +short AAAA example.com # AAAA(IPv6)记录
dig +short MX example.com # MX(邮件)记录
dig +short TXT example.com # SPF及验证TXT记录
dig +short TXT _dmarc.example.com # DMARC记录
dig +short TXT default._domainkey.example.com # DKIM记录(选择器可能不同)
dig +short CAA example.com # CAA记录
dig +dnssec example.com | grep RRSIG # 验证DNSSEC是否激活TLS / HTTPS(阶段1):
bash
curl -sIL https://example.com | head # 跟随重定向
curl -sI https://www.example.com # 检查www域名处理
openssl s_client -showcerts -connect example.com:443 < /dev/null 2>/dev/null | openssl x509 -noout -dates安全头(阶段4):
bash
curl -sI https://example.com | grep -iE 'content-security-policy|strict-transport-security|x-frame-options|x-content-type-options|referrer-policy|permissions-policy'Full header dump:
完整头信息输出:
curl -sI https://example.com
curl -sI https://example.com
External graders:
外部评分工具:
curl -s "https://api.securityheaders.com/?q=https://example.com&followRedirects=on&hide=on" -I | grep -i 'x-grade'
**SEO files (Phase 5):**
```bash
curl -s https://example.com/robots.txt
curl -sI https://example.com/sitemap.xml
curl -s https://example.com/sitemap.xml | head -40
curl -s https://example.com/llms.txtcurl -s "https://api.securityheaders.com/?q=https://example.com&followRedirects=on&hide=on" -I | grep -i 'x-grade'
**SEO文件(阶段5):**
```bash
curl -s https://example.com/robots.txt
curl -sI https://example.com/sitemap.xml
curl -s https://example.com/sitemap.xml | head -40
curl -s https://example.com/llms.txtSchema (JSON-LD):
Schema(JSON-LD):
curl -s https://example.com/ | grep -A 50 'application/ld+json'
curl -s https://example.com/ | grep -A 50 'application/ld+json'
hreflang:
hreflang标签:
curl -s https://example.com/ | grep -i hreflang
**Open Graph & social (Phase 6):**
```bash
curl -s https://example.com/page | grep -iE 'og:|twitter:|<title|name="description"'Favicons & manifest (Phase 7):
bash
curl -sI https://example.com/favicon.ico
curl -sI https://example.com/favicon.svg
curl -sI https://example.com/apple-touch-icon.png
curl -s https://example.com/manifest.json | jq .404 / 500 / redirects:
bash
curl -sI https://example.com/this-does-not-exist
curl -sIL https://example.com/old-url # verify 301 chainAlways run the relevant command, paste the output to the user when reporting, then ask (via ) whether to fix immediately or queue.
ask_user_input_v0curl -s https://example.com/ | grep -i hreflang
**Open Graph & 社交预览(阶段6):**
```bash
curl -s https://example.com/page | grep -iE 'og:|twitter:|<title|name="description"'图标与Manifest(阶段7):
bash
curl -sI https://example.com/favicon.ico
curl -sI https://example.com/favicon.svg
curl -sI https://example.com/apple-touch-icon.png
curl -s https://example.com/manifest.json | jq .404 / 500 / 重定向:
bash
curl -sI https://example.com/this-does-not-exist
curl -sIL https://example.com/old-url # 验证301重定向链始终运行相关命令,报告时将输出粘贴给用户,然后通过询问用户是立即修复还是延后处理。
ask_user_input_v0Phase 1: Domain & Infrastructure
阶段1:域名与基础设施
Most of this is one-click via Cloudflare's dashboard if the domain is on Cloudflare.
Ask first: "Is the domain already on Cloudflare with the standard config from previous launches?" ( | | )
yes-standardyes-needs-reviewno-fresh-setupChecklist:
- Cloudflare: proxy ON for apex + www, TLS 1.3 minimum, "Always Use HTTPS" enabled, HSTS preload enabled in Cloudflare SSL/TLS settings
- DNS A/AAAA or CNAME pointing to Vercel (verify with )
dig +short A example.com - MX records for Google Workspace (verify with )
dig +short MX example.com - SPF, DKIM, DMARC records (verify all 3 with the dig commands above)
- CAA records restricting cert issuance (verify with )
dig +short CAA example.com - DNSSEC enabled at registrar level (verify with )
dig +dnssec - Vercel: project linked to repo, prod + preview env vars set, custom domain attached, prod and preview aliases correct
- Decide www vs apex canonical, configure 308 redirect for the non-canonical (verify with )
curl -sIL https://www.example.com - Custom 404 page renders (verify with )
curl -sI https://example.com/does-not-exist - Custom 500 page exists (cannot easily verify without forcing an error, ask user)
- If migration: 301 redirect map for every old URL (loop verification with per URL)
curl -sIL
若域名已在Cloudflare上,大部分配置可通过Cloudflare控制台一键完成。
首先询问:“域名是否已在Cloudflare上,且使用之前上线项目的标准配置?”((是,标准配置)| (是,需要评审)| (否,全新配置))
yes-standardyes-needs-reviewno-fresh-setup检查清单:
- Cloudflare:apex + www域名开启代理,最低TLS 1.3,启用“始终使用HTTPS”,在Cloudflare SSL/TLS设置中启用HSTS预加载
- DNS A/AAAA或CNAME记录指向Vercel(用验证)
dig +short A example.com - Google Workspace的MX记录(用验证)
dig +short MX example.com - SPF、DKIM、DMARC记录(用上述dig命令全部验证)
- 限制证书颁发的CAA记录(用验证)
dig +short CAA example.com - 在注册商层面启用DNSSEC(用验证)
dig +dnssec - Vercel:项目关联仓库,设置生产+预览环境变量,绑定自定义域名,生产和预览别名配置正确
- 确定www与apex域名的规范偏好,为非规范域名配置308重定向(用验证)
curl -sIL https://www.example.com - 自定义404页面可正常渲染(用验证)
curl -sI https://example.com/does-not-exist - 存在自定义500页面(无法轻易强制错误验证,询问用户)
- 若为迁移:为每个旧URL准备301重定向映射(用逐个URL验证)
curl -sIL
Backups
备份
If you don't configure backups at launch, you never will. Do it now.
Ask the user (): "Which data stores does this app write to?" ( | | | ). If , skip this section.
ask_user_input_v0database-onlydatabase-plus-file-storagefile-storage-onlystateless-no-persistent-datastateless-no-persistent-dataDatabase:
- Automated daily backups enabled at the provider level (Neon, Supabase, PlanetScale, Railway, RDS — each has a one-click toggle). Verify by opening the backup panel and confirming the last backup timestamp is recent.
- Retention policy set to ≥30 days
- Point-in-time recovery (PITR) enabled if available (Neon, Supabase, RDS all support it)
- Off-site copy: if the provider stores backups in the same region as the primary, configure cross-region replication or a nightly export to a separate storage account (S3, R2, GCS)
- Restore drill performed before launch: pick a recent backup, restore to a staging database, verify row counts and a sample query. A backup you haven't tested is not a backup.
File storage (if applicable — S3, R2, GCS, Cloudflare Images):
- Versioning enabled on the primary bucket
- Cross-region replication or a scheduled sync to a secondary bucket. Backblaze B2 is a cheap, reliable option for off-site copies (significantly cheaper than S3/GCS egress). Use to sync from S3/R2/GCS → B2 on a daily cron.
rclone - Lifecycle rule: transition old versions to cheaper storage after 30 days, delete after 90 days (adjust to cost tolerance)
Secrets / environment variables:
- All env vars documented and stored in a secrets manager (1Password, Doppler, Vault, or equivalent). Not in a file on someone's laptop.
.env - Verify: if every engineer's machine burned tonight, could a new team member restore prod from scratch using only the secrets manager + git?
Monitoring:
- Set up an alert (email or Slack) if the daily backup job fails. Most providers support this natively; configure it before closing the backup panel.
若上线时不配置备份,后续可能永远不会配置。现在就完成这项工作。
询问用户():“此应用写入哪些数据存储?”((仅数据库)| (数据库+文件存储)| (仅文件存储)| (无状态,无持久化数据))。若为,跳过本节。
ask_user_input_v0database-onlydatabase-plus-file-storagefile-storage-onlystateless-no-persistent-datastateless-no-persistent-data数据库:
- 在服务商层面启用每日自动备份(Neon、Supabase、PlanetScale、Railway、RDS均有一键开关)。通过打开备份面板确认最近的备份时间戳为近期来验证。
- 保留策略设置为≥30天
- 若可用,启用点-in-time恢复(PITR)(Neon、Supabase、RDS均支持)
- 异地备份:若服务商将备份存储在与主实例同一区域,配置跨区域复制或每晚导出到独立存储账户(S3、R2、GCS)
- 上线前执行恢复演练:选择一个近期备份,恢复到 staging数据库,验证行数和样本查询。未测试过的备份不能算作有效备份。
文件存储(若适用——S3、R2、GCS、Cloudflare Images):
- 主存储桶启用版本控制
- 配置跨区域复制或定期同步到备用存储桶。Backblaze B2是低成本、可靠的异地备份选项(比S3/GCS的出站流量成本低得多)。使用每日通过cron任务将S3/R2/GCS同步到B2。
rclone - 生命周期规则:旧版本在30天后转换为低成本存储,90天后删除(可根据成本容忍度调整)
密钥/环境变量:
- 所有环境变量已记录并存储在密钥管理器中(1Password、Doppler、Vault或等效工具)。不得存储在个人电脑的文件中。
.env - 验证:若所有工程师的电脑损坏,新团队成员能否仅通过密钥管理器+git从头恢复生产环境?
监控:
- 设置每日备份任务失败时的告警(邮件或Slack)。大多数服务商原生支持此功能,在关闭备份面板前完成配置。
Phase 2: Analytics & Observability
阶段2:分析与可观测性
Most third-party integrations are one-click via Cloudflare or Vercel.
For the conditional tools (Crisp, Sentry, BetterStack), use to confirm per site type. See for the observability tier matrix.
ask_user_input_v0references/decisions.mdAlways-on:
- Google Analytics 4: property created, measurement ID embedded, gated behind CNIL consent
- PostHog: based on user's earlier answer:
- If : configure client with
hogpost.samber.devand verify CORS allows the new domain (test with browser console orapi_host: "https://hogpost.samber.dev")curl -H "Origin: https://newsite.com" -I https://hogpost.samber.dev/decide - If : add path rewrite in
set-up-new-proxytonext.config.jsandus.i.posthog.com, init client withus-assets.i.posthog.comapi_host: "/ingest" - If : skip
skip-PostHog
- If
- Google Search Console: site verified (DNS TXT or HTML file), sitemap submitted
- Bing Webmaster Tools: site verified, sitemap submitted, IndexNow key file at on root (verify with
/{key}.txt)curl -sI https://example.com/{key}.txt - Ahrefs: site added to dashboard for tracking
- Add the site to the internal stats spreadsheet (PostHog properties registry + GitHub Sponsors tracking sheet if applicable)
Brand monitoring (Google Alerts):
For each alert, use these settings: Frequency: once a day | Sources: Automatic | How many: All results | Region: Any region
Set up one alert per keyword via alerts.google.com:
- Domain name (e.g., )
example.com - Brand or product name (quoted if multi-word, e.g., )
"My Brand" - Key feature or library names if the site documents a project
- Competitor brand names (optional — ask user via :
ask_user_input_v0|yes-monitor-competitors)skip
Ask the user: "Which additional keywords to monitor?" ( | | | )
product-name-onlydomain-plus-brandfull-set-with-competitorscustom-listDeveloper community monitoring (F5bot) — for and targeting developers:
doc-siteSaaS-appF5bot (f5bot.com) monitors Reddit, Hacker News, and Lobste.rs for keyword mentions and sends email alerts. Free, no API required.
Set up one keyword per line at f5bot.com/add:
- Brand or product name
- Domain name (catches link shares)
- Key feature or library names
- Common misspellings if applicable
Competitor analysis (, , only):
marketing/lead-genSaaS-apptraining/paid-courseBefore writing copy, setting up ads, or planning content, run a competitor analysis to understand what is already working in the market — positioning, messaging angles, CTA patterns, pricing presentation, and content strategy.
Use a deep research tool or a competitor analysis skill if one is available in the toolchain. Ask via :
ask_user_input_v0- "Do you already have competitor names/URLs to analyze?" (|
yes-provide-list|no-discover-for-me)skip - If : ask the user to paste 2-5 names or URLs (free text)
yes-provide-list - "What are we looking to extract?" (|
positioning-and-messaging|pricing-strategy|content-and-seo)full-spectrum
Feed the output into:
- Phase 5 keyword strategy (target queries they rank for but you can outrank or flank)
- voice calibration (deliberately differentiate from the dominant tone in the category)
TONE.md - Phase 6 OG copy and CTA language (borrow proven frames, don't clone verbatim)
- Copywriting sub-skills invoked later (pass the competitor snapshot as context)
Conditional (ask user, default per site type from ):
references/decisions.md- Crisp
- Sentry
- BetterStack
大多数第三方集成可通过Cloudflare或Vercel一键完成。
**对于条件工具(Crisp、Sentry、BetterStack),使用**根据网站类型确认。可观测性层级矩阵参考。
ask_user_input_v0references/decisions.md必选配置:
- Google Analytics 4:创建属性,嵌入测量ID,受CNIL同意机制管控
- PostHog:根据用户之前的回答:
- 若为:配置客户端
hogpost.samber.dev,验证CORS允许新域名(用浏览器控制台或api_host: "https://hogpost.samber.dev"测试)curl -H "Origin: https://newsite.com" -I https://hogpost.samber.dev/decide - 若为:在
set-up-new-proxy中添加路径重写到next.config.js和us.i.posthog.com,初始化客户端us-assets.i.posthog.comapi_host: "/ingest" - 若为:跳过
skip-PostHog
- 若为
- Google Search Console:验证站点(DNS TXT或HTML文件),提交站点地图
- Bing Webmaster Tools:验证站点,提交站点地图,在根目录放置IndexNow密钥文件(用
/{key}.txt验证)curl -sI https://example.com/{key}.txt - Ahrefs:将站点添加到仪表板进行跟踪
- 将站点添加到内部统计电子表格(若适用,包含PostHog属性注册表 + GitHub Sponsors跟踪表)
品牌监控(Google Alerts):
每个告警使用以下设置:频率:每日一次 | 来源:自动 | 数量:所有结果 | 地区:任意地区
通过alerts.google.com为每个关键词设置一个告警:
- 域名(例如)
example.com - 品牌或产品名称(多词需加引号,例如)
"My Brand" - 若站点记录某个项目,添加关键功能或库名称
- 竞争对手品牌名称(可选——通过询问用户:
ask_user_input_v0(是,监控竞争对手)|yes-monitor-competitors(跳过))skip
询问用户:“需要监控哪些额外关键词?”((仅产品名称)| (域名+品牌)| (完整包含竞争对手)| (自定义列表))
product-name-onlydomain-plus-brandfull-set-with-competitorscustom-list开发者社区监控(F5bot)——针对面向开发者的和:
doc-siteSaaS-appF5bot(f5bot.com)监控Reddit、Hacker News和Lobste.rs的关键词提及,并发送邮件告警。免费,无需API。
在f5bot.com/add中每行设置一个关键词:
- 品牌或产品名称
- 域名(捕获链接分享)
- 关键功能或库名称
- 若适用,常见拼写错误
竞争对手分析(仅、、适用):
marketing/lead-genSaaS-apptraining/paid-course在撰写文案、设置广告或规划内容前,需进行竞争对手分析,了解市场上已验证有效的策略——定位、 messaging角度、CTA模式、定价展示和内容策略。
若工具链中有深度研究工具或竞争对手分析技能,可使用。通过询问:
ask_user_input_v0- “你已有要分析的竞争对手名称/URL吗?”((是,提供列表)|
yes-provide-list(否,帮我发现)|no-discover-for-me(跳过))skip - 若为:请用户粘贴2-5个名称或URL(自由文本)
yes-provide-list - “我们需要提取哪些信息?”((定位与messaging)|
positioning-and-messaging(定价策略)|pricing-strategy(内容与SEO)|content-and-seo(全方位))full-spectrum
将输出用于:
- 阶段5的关键词策略(针对他们排名但你可以超越或侧翼竞争的查询)
- 语气校准(刻意与品类中的主流语气区分)
TONE.md - 阶段6的OG文案和CTA语言(借鉴已验证的框架,不要直接复制)
- 后续调用的文案子技能(传递竞争对手快照作为上下文)
条件配置(询问用户,默认值参考中的网站类型):
references/decisions.md- Crisp
- Sentry
- BetterStack
Phase 3: Legal & Compliance (FR)
阶段3:法律与合规(法国)
Ask first: "Is this site subject to French law?" ( | | ). If no, ask whether GDPR or equivalent applies and adjust.
yes-FR-operator-or-audienceno-EU-onlyno-non-EUFor FR sites:
- Mentions légales page (mandatory, fines up to 75k€ per omission)
- CGV (Conditions Générales de Vente) if commercial activity
- Privacy policy
- Terms of service
- CNIL-compliant cookie consent that gates GA4, PostHog, Crisp, Sentry script loading (not just a banner that always loads trackers). Use a CMP (Axeptio, Tarteaucitron, or custom). Verify with browser Network tab: no tracker fires before explicit consent.
首先询问:“此站点受法国法律约束吗?”((是,运营方或受众在法国)| (否,仅欧盟)| (否,非欧盟))。若否,询问是否适用GDPR或等效法规并调整。
yes-FR-operator-or-audienceno-EU-onlyno-non-EU针对法国站点:
- Mentions légales页面(必填,每项遗漏最高罚款75000欧元)
- 若涉及商业活动,需CGV(通用销售条款)
- 隐私政策
- 服务条款
- 符合CNIL要求的Cookie同意机制,管控GA4、PostHog、Crisp、Sentry脚本加载(并非仅显示横幅但始终加载跟踪器)。使用CMP(Axeptio、Tarteaucitron或自定义方案)。用浏览器网络面板验证:明确同意前无跟踪器加载。
Phase 4: Security
阶段4:安全
Delegate the deep audit to . The items below are the must-pass checklist.
trailofbits/skillsAsk first: CSP tightness level ( | | ). See for the CSP template per level.
strict-default-src-nonebalanced-allow-selfpermissive-for-marketingreferences/templates.md- CSP: target chosen tightness level. No for scripts (use nonces). Verify with
'unsafe-inline'.curl -sI ... | grep -i content-security-policy - HSTS: . Submit to hstspreload.org. Verify with
max-age=31536000; includeSubDomains; preload.curl -sI ... | grep -i strict-transport - X-Frame-Options:
DENY - X-Content-Type-Options:
nosniff - Referrer-Policy:
strict-origin-when-cross-origin - Permissions-Policy: deny camera, microphone, geolocation, payment unless used
- Run all headers in one go:
curl -sI https://example.com | grep -iE 'content-security|strict-transport|x-frame|x-content-type|referrer-policy|permissions-policy' - securityheaders.com: target A+ (verify via Claude Chrome extension or and parse)
curl https://securityheaders.com/?q=URL - observatory.mozilla.org: target 90+ (via Chrome extension)
- Run security audit on the codebase
trailofbits/skills - Verify no leaked secrets in client bundle: open Chrome DevTools Network tab via Claude Chrome extension, grep response bodies for ,
sk_,pk_,AKIA,ghp_Bearer
将深度审计委托给。以下是必须通过的检查清单。
trailofbits/skills首先询问:CSP严格程度(||)。各严格程度的CSP模板参考。
strict-default-src-nonebalanced-allow-selfpermissive-for-marketingreferences/templates.md- CSP:达到选定的严格程度。脚本不得使用(使用nonce)。用
'unsafe-inline'验证。curl -sI ... | grep -i content-security-policy - HSTS:。提交到hstspreload.org。用
max-age=31536000; includeSubDomains; preload验证。curl -sI ... | grep -i strict-transport - X-Frame-Options:
DENY - X-Content-Type-Options:
nosniff - Referrer-Policy:
strict-origin-when-cross-origin - Permissions-Policy:除非必要,否则禁用摄像头、麦克风、地理位置、支付权限
- 一次性运行所有安全头检查:
curl -sI https://example.com | grep -iE 'content-security|strict-transport|x-frame|x-content-type|referrer-policy|permissions-policy' - securityheaders.com:目标等级A+(通过Claude Chrome扩展或解析验证)
curl https://securityheaders.com/?q=URL - observatory.mozilla.org:目标得分90+(通过Chrome扩展)
- 对代码库运行安全审计
trailofbits/skills - 验证客户端包中无泄露的密钥:通过Claude Chrome扩展打开Chrome DevTools网络面板,在响应体中搜索、
sk_、pk_、AKIA、ghp_Bearer
Phase 5: SEO & GEO
阶段5:SEO与地域化
Delegate the full audit to . The items below are the orchestration list.
AgriciDaniel/claude-seoSee for , , and templates. See for the AI scraper policy matrix by site type.
references/templates.mdrobots.txtllms.txtmanifest.jsonreferences/decisions.md- present, references sitemap (verify with
/robots.txt)curl -s https://example.com/robots.txt - present, valid (verify with
/sitemap.xml). Sitemap-index with per-language sitemaps if multilingual.curl -s https://example.com/sitemap.xml | head -40 - present (per llmstxt.org spec, verify with
/llms.txt)curl -s https://example.com/llms.txt - AI scraper policy encoded in . Apply the matrix from
robots.txtbased on site type, then ask user viareferences/decisions.mdto confirm each non-default decision.ask_user_input_v0 - Schema markup (JSON-LD): +
Organization+WebSitesite-wide; per-page types where applicable (BreadcrumbListfor lib homepages,SoftwareApplicationfor blog posts,Articlefor FAQs,FAQPagefor author bio). Verify withPerson. Validate structured data via Google Rich Results Test (https://search.google.com/test/rich-results) and Schema.org Validator (https://validator.schema.org) — Rich Results Test checks eligibility for rich snippets; Schema.org Validator catches spec violations that Google may silently ignore.curl -s URL | grep -A 50 'application/ld+json' - Meta tags per page: unique (50-60 chars), unique
<title>(150-160 chars),<meta description>,<link rel="canonical">if needed<meta name="robots"> - tags on every page if multilingual (every language version declares all alternates including self). Verify with
hreflang.curl -s URL | grep -i hreflang - Keyword analysis using both Google Trends and Ahrefs (they answer different questions, not interchangeable):
- Google Trends (trends.google.com): trajectory (rising vs declining), geographic distribution (especially FR vs international split), seasonal patterns, related queries breakout, head-to-head comparison of 2-5 candidate keywords. Use Trends to validate direction and timing of the SEO bet.
- Exploding Topics (explodingtopics.com): surfaces emerging trends weeks or months before they peak in Google Trends. Use to identify rising queries before competition solidifies and to validate that target keywords aren't already on the decline.
- Answer The Public (answerthepublic.com/en): maps search questions, comparisons, and related queries around a seed keyword. Use to uncover long-tail intent clusters, populate FAQ schema, and identify content gaps.
- Ahrefs Keywords Explorer: monthly volume, keyword difficulty, SERP analysis, CPC, parent topic, traffic potential. Use Ahrefs to size the opportunity in absolute terms.
- Combined output: a ranked shortlist of 3-5 target queries per page, with rationale (volume × difficulty × trajectory × intent match).
- Delegate to whichever keyword-research sub-skill was installed at session start (selected from the installed packs via the skill selection workflow; typical sources are the SEO+GEO and marketing packs).
- AI visibility audit via productrank.ai: open productrank.ai in a browser, submit multiple category or product searches, run the full AI SEO report. It audits how the site appears in AI-generated answers (ChatGPT, Perplexity, Gemini, Claude). Flag any zero-visibility categories and surface content gaps the AI graders identify.
- Typo and grammar pass on all visible text content
- Backlink profile audit: run Ahrefs Backlink Checker and Moz Link Explorer to assess domain authority and surface toxic or broken inbound links before launch — especially critical on migrations to ensure old-domain equity transfers correctly
- Internal linking audit: every important page reachable in ≤3 clicks from the homepage
将完整审计委托给。以下是统筹清单。
AgriciDaniel/claude-seorobots.txtllms.txtmanifest.jsonreferences/templates.mdreferences/decisions.md- 存在,引用站点地图(用
/robots.txt验证)curl -s https://example.com/robots.txt - 存在且有效(用
/sitemap.xml验证)。若为多语言站点,需包含按语言划分的站点地图索引。curl -s https://example.com/sitemap.xml | head -40 - 存在(符合llmstxt.org规范,用
/llms.txt验证)curl -s https://example.com/llms.txt - 中包含AI爬虫政策。根据网站类型应用
robots.txt中的矩阵,然后通过references/decisions.md让用户确认每个非默认决策。ask_user_input_v0 - Schema标记(JSON-LD):全站配置+
Organization+WebSite;针对页面类型配置对应标记(库首页用BreadcrumbList,博客文章用SoftwareApplication,FAQ用Article,作者简介用FAQPage)。用Person验证。通过Google富媒体结果测试(https://search.google.com/test/rich-results)和Schema.org验证器(https://validator.schema.org)验证结构化数据——富媒体结果测试检查是否符合富媒体片段资格;Schema.org验证器捕获Google可能静默忽略的规范违规。curl -s URL | grep -A 50 'application/ld+json' - 每页元标签:唯一(50-60字符)、唯一
<title>(150-160字符)、<meta description>、必要时添加<link rel="canonical"><meta name="robots"> - 若为多语言站点,每页添加标签(每个语言版本需声明所有替代版本,包括自身)。用
hreflang验证。curl -s URL | grep -i hreflang - 结合Google Trends和Ahrefs进行关键词分析(两者作用不同,不可互换):
- Google Trends(trends.google.com):趋势走向(上升vs下降)、地域分布(尤其是法国vs国际占比)、季节性模式、相关查询爆发、2-5个候选关键词的直接对比。用Trends验证SEO方向和时机。
- Exploding Topics(explodingtopics.com):在Google Trends峰值前数周或数月发现新兴趋势。用于识别竞争尚未固化的上升查询,验证目标关键词是否已开始衰退。
- Answer The Public(answerthepublic.com/en):围绕种子关键词映射搜索问题、对比和相关查询。用于发现长尾意图集群、填充FAQ Schema、识别内容缺口。
- Ahrefs Keywords Explorer:月搜索量、关键词难度、SERP分析、CPC、父主题、流量潜力。用Ahrefs量化机会规模。
- 综合输出:每页3-5个目标查询的排名短名单,附理由(搜索量×难度×趋势×意图匹配)。
- 委托给会话开始时安装的关键词研究子技能(通过技能选择工作流从已安装技能包中选定;典型来源为SEO+地域化和营销技能包)。
- 通过productrank.ai进行AI可见性审计:在浏览器中打开productrank.ai,提交多个品类或产品搜索,运行完整AI SEO报告。审计站点在AI生成答案(ChatGPT、Perplexity、Gemini、Claude)中的呈现情况。标记零可见性品类,指出AI评分工具识别的内容缺口。
- 对所有可见文本内容进行拼写和语法检查
- 反向链接 profile审计:运行Ahrefs反向链接检查器和Moz Link Explorer评估域名权重,上线前发现有毒或失效的入站链接——迁移场景下尤为重要,确保旧域名权益正确转移
- 内部链接审计:每个重要页面可从首页在≤3次点击内到达
Phase 6: Open Graph & Social Preview
阶段6:Open Graph与社交预览
Verify all OG and Twitter tags with:
curl -s URL | grep -iE 'og:|twitter:'- ,
og:title,og:description,og:url,og:typeog:site_name - 1200×630px, absolute URL,
og:imageandog:image:widthdeclared,og:image:heightsetog:image:alt - Per-page , not one global. For doc sites: generate dynamically from page title. For blog posts: per-article custom image.
og:image - +
og:localefor each language if multilingualog:locale:alternate - Twitter Cards: ,
twitter:card=summary_large_image,twitter:title,twitter:description,twitter:image(handle)twitter:site - Validate with opengraph.xyz (covers FB, LinkedIn, Slack, Discord, WhatsApp previews) via Claude Chrome extension
- Validate with Twitter's card validator
- Manual check: paste URL in a LinkedIn DM, a Slack channel, a Discord, an iMessage. Preview must render correctly in all.
用验证所有OG和Twitter标签。
curl -s URL | grep -iE 'og:|twitter:'- 、
og:title、og:description、og:url、og:typeog:site_name - 尺寸1200×630px,绝对URL,声明
og:image和og:image:width,设置og:image:heightog:image:alt - 每页独立的,而非全局统一。文档站:根据页面标题动态生成。博客文章:使用单篇文章的自定义图片。
og:image - 若为多语言站点,添加+
og:locale对应每种语言og:locale:alternate - Twitter卡片:、
twitter:card=summary_large_image、twitter:title、twitter:description、twitter:image(账号)twitter:site - 通过Claude Chrome扩展使用opengraph.xyz验证(覆盖FB、LinkedIn、Slack、Discord、WhatsApp预览)
- 通过Twitter卡片验证器验证
- 手动检查:将URL粘贴到LinkedIn私信、Slack频道、Discord、iMessage。预览需在所有平台正确渲染。
Phase 7: Favicons & Web Manifest
阶段7:图标与Web Manifest
See for the template.
references/templates.mdmanifest.jsonGenerate from a single 1024×1024 source PNG using realfavicongenerator.net or favicon.io.
Minimum modern set:
- (multi-res 16/32/48). Verify with
/favicon.ico.curl -sI https://example.com/favicon.ico - with embedded
/favicon.svgfor dark mode. Verify with<style>@media (prefers-color-scheme: dark) { ... }</style>.curl -sI https://example.com/favicon.svg - (PNG fallback)
/favicon-96x96.png - 180×180px, no transparency, opaque background. Verify with
/apple-touch-icon.png.curl -sI - (Android PWA icon)
/web-app-manifest-192x192.png - (Android splash)
/web-app-manifest-512x512.png - referencing both PNGs, with
/manifest.json,theme_color,background_color,name,short_name. Verify withdisplay.curl -s https://example.com/manifest.json | jq .
Skip (deprecated):
- (Windows tiles)
mstile-*.png - (deprecated since macOS Big Sur)
safari-pinned-tab.svg - /
favicon-16x16.png(covered byfavicon-32x32.pngand.ico).svg
HTML head verification:
bash
curl -s https://example.com/ | grep -iE 'rel="icon"|rel="apple-touch-icon"|rel="manifest"'manifest.jsonreferences/templates.md使用单个1024×1024像素的PNG源文件,通过realfavicongenerator.net或favicon.io生成。
现代最小图标集:
- (多分辨率16/32/48)。用
/favicon.ico验证。curl -sI https://example.com/favicon.ico - ,嵌入
/favicon.svg适配深色模式。用<style>@media (prefers-color-scheme: dark) { ... }</style>验证。curl -sI https://example.com/favicon.svg - (PNG fallback)
/favicon-96x96.png - 尺寸180×180px,无透明区域,背景不透明。用
/apple-touch-icon.png验证。curl -sI - (Android PWA图标)
/web-app-manifest-192x192.png - (Android启动图)
/web-app-manifest-512x512.png - 引用上述两个PNG,包含
/manifest.json、theme_color、background_color、name、short_name。用display验证。curl -s https://example.com/manifest.json | jq .
可跳过(已废弃):
- (Windows磁贴)
mstile-*.png - (自macOS Big Sur起废弃)
safari-pinned-tab.svg - /
favicon-16x16.png(已被favicon-32x32.png和.ico覆盖).svg
HTML头部验证:
bash
curl -s https://example.com/ | grep -iE 'rel="icon"|rel="apple-touch-icon"|rel="manifest"'Phase 8: Quality Gates
阶段8:质量门禁
Delegate to . The skill covers 150+ Lighthouse audits across performance, accessibility, SEO, and best practices.
addyosmani/web-quality-skills- Unlighthouse site-wide crawl: — crawls all pages and runs Lighthouse on each. Surface pages below 90 on any axis before the per-URL checks.
npx unlighthouse --site {site} - Lighthouse all 4 axes, mobile mode: target ≥90 on each (perf, a11y, best practices, SEO)
- Lighthouse all 4 axes, desktop mode: target ≥95 on each
- Core Web Vitals field data (CrUX via PageSpeed Insights): LCP < 2.5s, INP < 200ms, CLS < 0.1, on both mobile and desktop
- Accessibility (WCAG 2.2 AA via ): keyboard nav works for every interactive element, focus rings visible, color contrast ≥4.5:1 for text, all images have
web-quality-skills, heading hierarchy is monotonic (H1 → H2 → H3), ARIA labels on icon-only buttonsalt - Real mobile device test (not just devtools emulator). Use Claude Chrome extension on mobile viewport on a real device or BrowserStack.
- Cross-browser smoke test: Chrome, Safari, Firefox latest stable
- Print stylesheet sanity (Cmd+P should not break layout)
委托给。该技能覆盖150+项Lighthouse审计,包括性能、无障碍、SEO和最佳实践。
addyosmani/web-quality-skills- Unlighthouse全站爬取:——爬取所有页面并对每个页面运行Lighthouse。在单URL检查前,先找出任何维度得分低于90的页面。
npx unlighthouse --site {site} - Lighthouse四项维度,移动端模式:每项目标得分≥90(性能、无障碍、最佳实践、SEO)
- Lighthouse四项维度,桌面端模式:每项目标得分≥95
- Core Web Vitals真实用户数据(通过PageSpeed Insights获取CrUX数据):LCP < 2.5秒,INP < 200毫秒,CLS < 0.1,移动端和桌面端均需达标
- 无障碍(通过验证WCAG 2.2 AA):所有交互元素支持键盘导航,焦点环可见,文本颜色对比度≥4.5:1,所有图片有
web-quality-skills属性,标题层级单调递增(H1 → H2 → H3),纯图标按钮有ARIA标签alt - 真实移动设备测试(不仅是开发者工具模拟器)。在真实设备上使用Claude Chrome扩展的移动端视口,或使用BrowserStack。
- 跨浏览器冒烟测试:Chrome、Safari、Firefox最新稳定版
- 打印样式表检查(Cmd+P不应破坏布局)
Phase 9: Ecosystem Cross-linking
阶段9:生态系统交叉链接
Internal cross-linking between owned properties. High-leverage SEO action for any multi-domain owner.
Ask the user: "List the other domains in your ecosystem that are topically relevant to this new site." Then for each one:
- Add a link from the existing site (footer / nav / "other projects" section) to the new site, where topically relevant
- Add a link to the new site in the README of the matching GitHub repo, if it documents a library
- Verify reciprocal links: every link added points back where appropriate
- If the new site documents a Go lib, link from related lib docs
Do not over-link. Only cross-link where topically relevant. A doc site for a logging lib should not link to a personal blog about cycling.
自有属性之间的内部交叉链接。对于拥有多域名的主体,这是高ROI的SEO操作。
询问用户:“列出与该新站点主题相关的其他自有域名。”然后对每个域名执行:
- 在现有站点的相关位置(页脚/导航/“其他项目”板块)添加指向新站点的链接
- 若对应GitHub仓库记录某个库,在README中添加指向新站点的链接
- 验证双向链接:添加的每个链接在合适的情况下都有反向链接
- 若新站点记录Go库,从相关库文档添加链接
不要过度链接。仅在主题相关时交叉链接。日志库的文档站不应链接到关于骑行的个人博客。
Phase 10: Set up weekly SEO maintenance sub-agent
阶段10:配置每周SEO维护子Agent
After launch, set up a Hermes agent or Claude Cowork agent that runs weekly to monitor SEO health and surface action items.
See for the full agent definition. Copy it into in the site's repo (or a dedicated ops repo). The agent uses these MCP connectors:
references/weekly-seo-agent.md.claude/agents/weekly-seo.md- Ahrefs MCP (backlinks, rankings, keywords)
- PostHog MCP (analytics correlation, AI bot traffic)
- Web search (SERP monitoring, competitor checks)
- Google Search Console (via community MCP or with service account credentials)
curl
Ask the user via : "Set up the weekly SEO agent now?" ( | | ).
ask_user_input_v0yes-create-agent-fileyes-but-deferskip-for-nowWhen MCP are not available, use Claude for Chrome extension.
上线后,配置Hermes Agent或Claude Cowork Agent,每周运行一次以监控SEO健康状况并提出行动项。
完整Agent定义参考。将其复制到站点仓库(或专用运维仓库)的中。该Agent使用以下MCP连接器:
references/weekly-seo-agent.md.claude/agents/weekly-seo.md- Ahrefs MCP(反向链接、排名、关键词)
- PostHog MCP(分析关联、AI爬虫流量)
- 网络搜索(SERP监控、竞争对手检查)
- Google Search Console(通过社区MCP或带服务账号凭证的)
curl
通过询问用户:“现在配置每周SEO Agent吗?”((是,创建Agent文件)| (是,但延后)| (暂时跳过))。
ask_user_input_v0yes-create-agent-fileyes-but-deferskip-for-now若MCP不可用,使用Claude Chrome扩展。
Output format
输出格式
At the end of a full run, output a status report grouped by phase:
Phase 1: Domain & Infrastructure [9/10 pass]
✓ Cloudflare proxy on
✓ DNS records configured
...
✗ DMARC missing. Fix: add TXT record at _dmarc.example.com with policy v=DMARC1; p=quarantine;...
Phase 2: Analytics & Observability [6/7 pass]
...Followed by three lists, in order:
- Blockers (must fix before launch)
- Recommended fixes (should fix before announcing)
- Optional improvements (post-launch)
End by asking via : "Which list do you want to tackle next?" ( | | | ).
ask_user_input_v0blockersrecommendedoptionaldone-for-now完整运行结束后,按阶段输出状态报告:
阶段1:域名与基础设施 [9/10 通过]
✓ Cloudflare代理已开启
✓ DNS记录已配置
...
✗ 缺少DMARC记录。修复方案:在_dmarc.example.com添加TXT记录,内容为v=DMARC1; p=quarantine;...
阶段2:分析与可观测性 [6/7 通过]
...随后按顺序列出三个清单:
- 阻塞项(上线前必须修复)
- 推荐修复项(上线前应修复)
- 可选优化项(上线后处理)
最后通过询问:“你想优先处理哪个清单?”((阻塞项)| (推荐修复项)| (可选优化项)| (暂时结束))。
ask_user_input_v0blockersrecommendedoptionaldone-for-nowReferences
参考文档
- : AI scraper policy matrix by site type, observability tier matrix
references/decisions.md - : robots.txt, llms.txt, manifest.json, CSP templates per tightness level, security headers reference
references/templates.md - : Full definition of the weekly SEO maintenance sub-agent (MCPs, tasks, output format)
references/weekly-seo-agent.md
- :按网站类型划分的AI爬虫政策矩阵、可观测性层级矩阵
references/decisions.md - :robots.txt、llms.txt、manifest.json、各严格程度的CSP模板、安全头参考
references/templates.md - :每周SEO维护子Agent的完整定义(MCP、任务、输出格式)
references/weekly-seo-agent.md