ClawHub

步步为营

复杂APP开发统一技能 - 融合敏捷开发、CI/CD、DevOps的最佳实践,核心理念"每步必测、每层必验、环环相扣、层层守护

MIT-0 · Free to use, modify, and redistribute. No attribution required.
0 · 49 · 0 current installs · 0 all-time installs
by@smxtx
MIT-0
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
medium confidence
Purpose & Capability
Name/description (complex app dev, CI/CD, DevOps) match the SKILL.md content; required resources and declared metadata are proportional (no unrelated env vars, binaries, or config paths requested).
Instruction Scope
SKILL.md contains operational commands (curl to localhost, npm build, npx asar pack, netstat/findstr, reading logs) that are consistent with build/test/deploy guidance. These target local services/files (dist, logs, /docs). Minor concerns: it mixes Windows-style commands/paths (findstr, backslash paths, type) and Unix-style tooling (npx, npm), which is a cross-platform incoherence; npx can fetch packages from the npm registry at runtime (network fetch), so following the instructions can cause remote code to be executed if npm packages are pulled on-the-fly. Instructions are otherwise scoped to development tasks and do not direct data to third-party endpoints.
Install Mechanism
No install spec and no code files — instruction-only skill means nothing is written to disk by the skill bundle itself. Lowest install risk.
Credentials
No environment variables, credentials, or config paths are requested. The steps reference local artifacts only; no requests for unrelated secrets. Note: runtime commands (npx) may cause network access but no credentials are requested by the skill itself.
Persistence & Privilege
always is false and the skill does not request persistent/system-level privileges or modify other skills' configurations. Autonomous invocation is allowed by platform default and not combined with other concerning factors.
Assessment
This skill is basically a written DevOps/QA playbook and appears coherent for that purpose. Before running any commands from it: (1) review and adapt platform-specific commands — the doc mixes Windows and Unix command styles; (2) be aware that commands like `npx` may fetch packages from the npm registry (remote code execution risk) — prefer installing known pinned tool versions or run in an isolated environment; (3) the curl example targets localhost only, but ensure the local service is trusted before invoking; (4) because the skill's source/homepage is unknown, exercise caution (run in CI sandboxes or staging, review steps manually) and don't supply any credentials you wouldn't want exposed. If you need higher assurance, ask the author for a source/homepage or a vetted implementation with pinned tool versions and platform-specific variants.

Like a lobster shell, security has layers — review code before you run it.

Current versionv1.0.0
Download zip
latestvk974e96kzbt3ecbq9dmv52mfcn83gqr8

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

SKILL.md

步步为营 - 复杂APP开发统一技能

核心理念:每步必测、每层必验、环环相扣、层层守护

融合来源:敏捷开发原则 + 步步为营铁律 + Scrum/Agile + CI/CD + DevOps

一、核心铁律

步步为营五守则

  1. 每改必构 - 任何代码修改后必须重新构建
  2. 构建必验 - 每次构建必须验证成功
  3. 重启必查 - 每次重启必须检查日志
  4. 验证必测 - 每次验证必须执行功能测试
  5. 上线必监 - 每次上线必须开启监控

开发铁律速查

改代码 → 重新构建 → 重启服务 → 验证功能 → 检查日志
   ↓          ↓            ↓            ↓            ↓
 必须做     必须做        必须做        必须做        必须看

二、模块化架构(四层模型)

公共层 (P0-P1)

  • 日志记录模块
  • 配置管理模块
  • 异常处理模块

基础层 (P0-P1)

  • 用户认证模块
  • 内容管理模块
  • 用户画像模块

业务层 (P0-P1)

  • 播放引擎模块
  • 互动社区模块
  • 推荐算法模块

支撑层 (P2)

  • 消息通知模块
  • 支付结算模块
  • 数据分析模块

模块开发顺序

P0核心模块: 日志记录 → 异常处理 → 用户认证 → 内容管理 → 播放引擎
P1重要模块: 配置管理 → 用户画像 → 互动社区 → 推荐算法
P2增强模块: 消息通知 → 支付结算 → 数据分析
全局联调 → 最终锁定

三、敏捷开发流程

Scrum迭代周期

需求规划 → 迭代计划 → 迭代开发 → 敏捷回顾
    ↑                                    │
    └────────────────────────────────────┘

需求层次结构

Epic → Feature → User Story → Task

优先级管理 (MoSCoW)

优先级含义交付要求
P0/Must必须有绝对交付
P1/Should应该有尽量交付
P2/Could可以有选择交付

四、质量保障体系

CI/CD流水线

代码提交 → 静态检查 → 自动构建 → 自动化测试 → 质量门禁 → 部署发布

变更验证流程

修改代码 → 重新构建 → 重启服务 → 功能测试 → 检查日志

自动化测试层级

类型覆盖范围执行频率
单元测试函数/方法级每次提交
集成测试模块间接口每次构建
E2E测试完整业务流程每日/发布前

五、自检清单

前端修改自检

检查项验证方式
API路径修改检查dist目录是否更新
组件修改验证浏览器是否刷新
样式修改检查构建日志

后端修改自检

检查项验证方式
新增路由访问 /docs 检查路由
数据库修改检查表结构
Model修改测试API端点

打包修改自检

检查项验证方式
源码修改必须重新构建
配置修改必须重新打包
端口修改必须重启所有服务

六、API验证四步法

Step 1: 后端测试
   └─ curl http://localhost:7860/api/v1/xxx

Step 2: 前端构建
   └─ npm run build:renderer

Step 3: 打包更新
   └─ npx asar pack dist resources/app.asar

Step 4: 应用重启
   └─ 完全退出后重新启动

常见错误排查

错误根因解决
404 Not Found路径不匹配检查router prefix
端口被占用重复启动添加端口检测
EPIPE错误stdout已关闭禁用console.log

七、DevOps工具链

阶段工具
版本控制Git
CI服务器Jenkins/GitHub Actions
容器化Docker
监控Prometheus/Grafana
日志ELK Stack

关键监控指标

指标告警阈值
服务 uptime< 99.9%
响应时间 P99> 500ms
API错误率> 1%

八、团队协作规范

每日站会(三问)

  1. 昨天完成了什么?
  2. 今天计划做什么?
  3. 遇到什么阻碍?

代码评审要点

  • 功能正确性
  • 代码质量
  • 性能考虑
  • 安全考虑

九、版本发布规范

发布检查清单

  • 代码冻结
  • 测试完成
  • 文档更新
  • 回滚方案就绪
  • 监控告警配置
  • 发布通知发送

回滚策略

  1. 确认回滚决策(2分钟内)
  2. 执行回滚脚本
  3. 验证服务恢复
  4. 通知相关方
  5. 问题定位修复

十、常用命令速查

# 检查端口占用
netstat -ano | findstr 7860

# 构建前端
npm run build:renderer

# 打包应用
npx asar pack dist resources/app.asar

# 查看日志
type logs\app-2026-03-24.log

版本: 1.0.0 | 融合: 敏捷开发 + CI/CD + DevOps + 步步为营铁律

Files

1 total
Select a file
Select a file to preview.

Comments

Loading comments…