Leo
6ee6fee8b9
credentials/ was a leftover duplicate — all credential routes already live in cypher-executor/src/routes/credentials.ts. Adds the SDD protocol, tech-stack, forbidden-list, component-architecture, and progress rules that guide Phase 1-6 refactors. Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
73 lines
3.1 KiB
Bash
Executable File
73 lines
3.1 KiB
Bash
Executable File
#!/bin/bash
|
||
# .claude/hooks/session-start-load-sdd.sh
|
||
# arcrun SessionStart hook
|
||
#
|
||
# 職責:session 啟動時注入當前進度、絕對禁令、SDD 位置,避免 CC 靠記憶猜測
|
||
# 輸出走 stdout,會注入到 CC 的 context
|
||
|
||
set -o pipefail
|
||
|
||
cat <<'EOF'
|
||
============================================================
|
||
🚨 arcrun 工作規範(SessionStart 注入)
|
||
============================================================
|
||
|
||
📌 絕對禁令(違反會被 pre-write / pre-bash hook 直接 block):
|
||
|
||
1. registry/components/ 下禁止 TypeScript 實作零件
|
||
→ 只能 TinyGo (main.go) 或 AssemblyScript,編譯成 .wasm
|
||
|
||
2. cypher-executor TS 裡禁止實作 credential/auth/JWT 業務邏輯
|
||
→ crypto.subtle.decrypt / sign 只准出現在 wasi-shim.ts 的 host function
|
||
→ {{secret.X}} template 展開屬於 WASM 零件職責
|
||
→ 禁止 hard-code gmail/telegram/sheets API endpoint
|
||
|
||
3. 禁止新增 Service Binding 綁零件
|
||
→ 零件串接走 HTTP URL(cypher binding = YAML 裡的 URL 清單)
|
||
→ Cypher binding 不是 Cloudflare 的 binding 機制
|
||
|
||
4. 每個 WASM 零件 = 獨立 Worker = 公開 URL
|
||
→ 不是從 R2 動態讀(平台零件已 bundle 進各自 Worker)
|
||
→ R2 只用於 Phase 5 的用戶自製零件(未啟用)
|
||
|
||
📋 任何 code 變動前,必須:
|
||
|
||
1. 讀 .agents/specs/arcrun/arcrun.md(總進度)
|
||
2. 讀對應 task 的 SDD(design.md + tasks.md)
|
||
3. 在回覆開頭宣告(格式見 .claude/rules/00-sdd-protocol.md):
|
||
📋 已讀 SDD:<檔案清單>
|
||
🎯 本次對應 task:<task 編號>
|
||
📐 本次 task 的 SDD 規範摘要:<重點>
|
||
🚧 執行範圍:修改/建立/刪除 <檔案>
|
||
4. 每完成一個 task,立刻更新 tasks.md 的 [x],不批次
|
||
|
||
🔥 當前進行中 Phase:Credential Primitives TS → WASM
|
||
|
||
SDD:.agents/specs/arcrun/credential-primitives-wasm/
|
||
已完成:Phase 0.1-0.5(核心合併 + u6u-core 刪除)
|
||
未完成硬前置:
|
||
- Phase 0.6 wasi-shim 加 host functions(kv_get / crypto_decrypt / crypto_sign_rs256)
|
||
- Phase 0.7 component-loader WASM runner 路徑
|
||
未完成主要任務:
|
||
- Phase 1 auth_static_key WASM 零件(TinyGo)
|
||
- Phase 2 auth_service_account WASM 零件
|
||
- Phase 3 刪除 cypher-executor 的三套違規 TS:
|
||
* src/actions/credential-injector.ts(整檔刪)
|
||
* src/lib/jwt-signer.ts(整檔刪)
|
||
* src/lib/component-loader.ts 的 BUILTIN_API_RECIPES + BUILTIN_CREDENTIALS_MAP(整段刪)
|
||
|
||
⛔ 封測狀態:推遲(richblack 2026-04-19 決定)
|
||
原因:違規 TS 未清,不封測。
|
||
|
||
📚 詳細規範:
|
||
.claude/rules/00-sdd-protocol.md — SDD 協議
|
||
.claude/rules/01-tech-stack.md — 技術棧硬限制
|
||
.claude/rules/02-forbidden.md — 禁止清單(hook 強制)
|
||
.claude/rules/03-component-architecture.md — 零件架構(R2/cypher binding/service binding 的正確定義)
|
||
.claude/rules/04-current-progress.md — 當前進度 + SDD 索引
|
||
|
||
============================================================
|
||
EOF
|
||
|
||
exit 0
|