Use .ai-code-index for local search, symbols, profiles, files, stats, refresh, and diagnostics.
Read-only project/AppSec audit: assets, data map, vuln review; Lark risks via arc:docs.
Local SAST/SCA/secrets/DAST automation with data-value re-ranking and Arc handoffs.
Current-state task docs; security/audit handoff to detailed subtasks with roles and caliber.
Apply backend architecture, DIP, usecase result boundaries, zap logging, Go constants, and helper limits.
Add low-cost fmt/time or log.Printf timing probes to Go Gin SSR request paths.
Apply Chinese comment conventions; avoid noisy parameter/return boilerplate on obvious usecase contracts.
Code delivery with verification; hand active Lark task_base, progress, delivery, and lifecycle to arc:docs.