一键导入
arc-task-doc-progress-conventions
Current-state task docs; security/audit handoff to detailed subtasks with roles and caliber.
用 Codex 或 Claude 帮你安装 复制这段 Prompt,粘贴到 Codex、Claude 或其他助手里,让它检查 Skill 页面并帮你完成安装。
菜单
Current-state task docs; security/audit handoff to detailed subtasks with roles and caliber.
用 Codex 或 Claude 帮你安装 复制这段 Prompt,粘贴到 Codex、Claude 或其他助手里,让它检查 Skill 页面并帮你完成安装。
基于 SOC 职业分类
Use .ai-code-index for local search, symbols, profiles, files, stats, refresh, and diagnostics.
Read-only project/AppSec audit: assets, data map, vuln review; Lark risks via arc:docs.
Local SAST/SCA/secrets/DAST automation with data-value re-ranking and Arc handoffs.
Apply backend architecture, DIP, usecase result boundaries, zap logging, Go constants, and helper limits.
Add low-cost fmt/time or log.Printf timing probes to Go Gin SSR request paths.
Apply Chinese comment conventions; avoid noisy parameter/return boilerplate on obvious usecase contracts.
| name | arc:task-doc-progress-conventions |
| description | Current-state task docs; security/audit handoff to detailed subtasks with roles and caliber. |
Use this skill to turn large or multi-step work into persistent local docs before implementation. The docs must capture the latest repository state, so a later session can resume from docs/ without rediscovering the whole codebase.
Separate raw requirements from executable work:
docs/DD-需求.docs/DD-任务.For small one-shot fixes, do not create this structure unless the user asks for task docs.
Before changing production code for large or tracked work:
00-前置约束.md before implementation.[/] in both the progress table and the subtask file.Only discovery commands, code reading, and task-document edits are allowed before this gate is complete.
Task docs are stale if they are not updated immediately when project files, scope, assumptions, evidence, tests, or status change. They must be updated immediately when project files, scope, assumptions, or status change.
Assume the plan and subtasks may be handed to a low-intelligence or low-context model for implementation. Therefore every executable task document MUST over-specify the implementation intent enough that the next model does not need to infer missing design decisions.
Required detail:
The central progress table and subtask 状态:... are the authoritative local execution state for large or tracked work. 进度跟踪表.md and subtask 状态:... are the authoritative local execution state.
Hard rules:
进度跟踪表.md or the active subtask status is stale.When another Arc skill is active, use this skill as the local task-planning gate for large or tracked work:
arc:clarify first if scope, acceptance criteria, or user decisions are unclear.arc:build, arc:fix, arc:frontend, or arc:security changes project code for large, multi-step, cross-module, or tracked work.arc:project-architecture-conventions after this skill and before backend code edits.arc:frontend after this skill for frontend platform, UI state, token, and verification constraints.arc:security after this skill only when implementing multi-finding remediation or re-scanning fixed paths; use arc:security before this skill when the user still needs scanner evidence for the handoff package.arc:audit mode appsec before this skill when remediation must be driven by assets, data map, and finding cards rather than ad-hoc bug lists.arc:docs only for Lark synchronization when .lark.json exists or the user explicitly enables Lark. Local docs/ task state still needs to stay current.If this skill and another skill conflict, keep the stricter gate: do not start implementation until local task docs, status, and required upstream clarification are current.
When the work comes from arc:audit (appsec), arc:security, multi-finding vulnerability repair, or the user asks to “把审计/扫描结果拆成任务”:
references/security-audit-task-pipeline.md.R-task (任务作者): write docs only; do not implement production fixes in this role.00-前置约束.md:
## 项目定位 — product form, user roles, critical data, trust boundaries, why this engagement exists## 项目口径 — deploy shape, naming/storage rules, protected paths, env order, architecture limits, test authorization, secrets handling## 功能角色 — who is R-recon / R-scan / R-task / R-fix / R-verify for this engagement## 上游 Handoff — links to assets / data-map / findings / scan reports## Finding 索引 — every in-scope finding → subtask idfinding_id, files/symbols, permission class, data yield, step-by-step 执行清单, 不要做, and verify steps. Prefer one finding → one fix subtask (+ optional verify).likely / assumption findings before fix subtasks.R-fix to arc:fix / arc:build one subtask at a time; hand re-scan requests back to arc:security only with explicit scope.For non-security large work, the security pipeline sections are optional; the rest of this skill still applies.
Resolve roots from the project. Resolve the task document root from the project. Do not hardcode paths if the repository already has a local convention.
Rules for docs/:
docs/ as numbered document categories when they match DD-分类名, for example 01-任务 and 02-需求.01-任务, 00-任务, or another clear equivalent of "任务".02-需求, 01-需求, or another clear equivalent of "需求".DD, such as docs/DD-任务 and docs/DD-需求.docs/ exists but has no task category, create DD-任务 using the next available two-digit category number under docs/.Task category rules:
README.md, index directories such as 00-任务索引/, local specs such as 00-任务文档与进度跟踪规范/, and numbered task directories..md files under the task category. Create or reuse a numbered task directory with a README.md entry.README.md, 00-任务索引/README.md, and existing numbered task directories before creating a new top-level task..md task entries may remain; update them only when they are the active local entry point.Requirement category rules:
docs/DD-需求.README.md as the requirement category index when present.docs/DD-任务 only after they are executable: goals, scope, boundaries, and acceptance criteria are known.Use a directory entry by default:
docs/DD-任务/
README.md
00-任务索引/
README.md
NN-具体任务名/
README.md
00-前置约束.md
进度跟踪表.md
tasks/
T01-任务组名称/
README.md
T01-01-子任务名称.md
T01-02-子任务名称.md
Local compatibility:
进度跟踪.md, 00-总进度看板.md, or direct TNN-任务组名称/ directories without tasks/, follow that existing structure.NN-具体任务名.md plus NN-具体任务名/, update both when they are active.进度跟踪.md and 进度跟踪表.md exist, update the one referenced by the task entry and do not create a second central table.Rules:
DD, task NN, TNN, and subtask MM; DD is the docs/ category sequence.NN by scanning existing task directories, loose legacy entries, and indexes.NN-具体任务名/README.md; include goal, scope, status, acceptance criteria, and the current state.Use these exact status markers:
| 状态 | 含义 | 使用时机 |
|---|---|---|
[ ] | 未开始 | 尚未分析或编码 |
[/] | 进行中 | 正在分析、编码或整理 |
[?] | 待验证 | 已完成改动,等待测试或人工确认 |
[x] | 已完成 | 已满足验收标准 |
[!] | 阻塞 | 需要用户输入、外部环境或前置任务 |
[-] | 暂缓 | 明确本阶段不做 |
Keep statuses synchronized:
状态:... near the top.NN-具体任务名/README.md is the preferred entry document. Include:
00-前置约束.md and the central progress table.Template:
# 具体任务名
本文是任务入口。具体任务和进度在当前目录。
## 使用方式
1. 先看 `00-前置约束.md` 和 `进度跟踪表.md`。
2. 再打开当前要做的任务组 README 和子任务文件。
3. 完成后同步更新进度表和子任务状态。
## 执行模型假设
本计划可能交给低智能或低上下文模型编码。任务文档必须把实现意图、影响文件、执行顺序、边界、反例和验证方式写清楚,不依赖执行者自行推断。
## 需求来源
1. [需求名称](../../02-需求/NN-需求名称.md)
## 设计边界
1. ...
## 任务索引
| 编号 | 任务组 | 优先级 |
| --- | --- | --- |
| T01 | [任务组名称](tasks/T01-任务组名称/README.md) | P0 |
00-前置约束.md is mandatory before coding. Include:
Template:
# 前置约束
## 目标
1. ...
## 不做范围
1. ...
## 边界约束
1. ...
## 执行模型假设
1. 本计划可能交给低智能或低上下文模型编码,后续子任务必须写到可按步骤执行。
2. 不允许用模糊描述替代具体文件、调用点、数据契约、边界条件、错误处理和验证要求。
## 已知影响范围
1. `path/to/file`
## 最新项目状态
1. 调研时间:YYYY-MM-DD HH:MM。
2. 已确认文件/模块:`path/to/file`
3. 已确认测试/命令:`command`
4. 本次计划基于以上状态生成;项目变动后必须回写本文件和进度跟踪表。
## 待确认假设
1. ...
## 验证要求
1. ...
## 阻塞项
1. 无。
Each tasks/TNN-任务组名称/README.md or local equivalent must include:
Template:
# T01 任务组名称
## 目标
说明这个任务组要解决什么问题。
## 已知范围
1. `path/to/file`
## 子任务索引
| 状态 | 子任务 | 说明 |
| --- | --- | --- |
| `[ ]` | [T01-01 子任务名称](T01-01-子任务名称.md) | 子任务说明 |
## 验收标准
1. 标准一。
Each subtask must independently guide one implementation pass. Include:
Every concrete subtask must be specific to the current project. Do not write generic items such as "实现接口", "补充测试", or "优化代码" without naming the affected files, call sites, data contracts, expected behavior, and verification.
Template:
# T01-01 子任务名称
状态:`[ ]`
## 目标
一句话说明本子任务要完成什么。
## 输入
1. 输入文件或上游任务。
2. 最新项目状态依据:`path/to/file`、`command`、调用点或测试结果。
## 输出
1. 产出文件、清单或代码改动。
## 执行清单
- [ ] 第一步:说明要改哪个文件/符号、为什么这样改、不要改什么。
- [ ] 第二步:说明要处理的边界条件、错误路径或兼容行为。
## 下游编码注意
1. 本子任务可能由低智能或低上下文模型执行,必须按上面的文件、顺序和边界实现。
2. 不要引入兜底逻辑吞掉错误,不要用宽泛重构替代本任务目标,不要修改未列入范围的模块。
## 完成标准
1. 可验证标准。
2. 需要更新进度跟踪表。
Use one central progress table per task. Name it according to the local convention, usually 进度跟踪表.md or 进度跟踪.md.
Required columns:
| 字段 | 含义 |
|---|---|
| 状态 | Unified status marker |
| 编号 | Subtask ID, for example T01-01 |
| 优先级 | P0, P1, P2, P3, or P4 |
| 子任务 | Link to subtask file |
| 上级 | Task group ID |
| 下一步 | Next action for the current status |
| 完成说明 | Verification command, result, or reason not verified |
Priority rules:
| 优先级 | 含义 |
|---|---|
| P0 | Blocks the main flow, risks data correctness, or blocks task decomposition |
| P1 | Core functionality or high-value governance that clearly reduces follow-up maintenance cost |
| P2 | Normal implementation, tests, cleanup, documentation, or supplementary verification |
| P3 | Schedulable optimization, experience polish, auxiliary tooling, or investigation |
| P4 | Explicitly low-priority or convenience-only backlog |
Template:
# 进度跟踪表
| 状态 | 编号 | 优先级 | 子任务 | 上级 | 下一步 | 完成说明 |
| --- | --- | --- | --- | --- | --- | --- |
| `[ ]` | T01-01 | P0 | [子任务名称](tasks/T01-任务组名称/T01-01-子任务名称.md) | T01 | 下一步动作 | |
When creating or moving task/requirement docs:
README.md when it exists.00-任务索引/README.md when it exists.Before starting or resuming any subtask:
00-前置约束.md, the central progress table, and affected subtask files before implementation.[!] until clarified or rewrite the plan based on the latest state.When starting a subtask:
[/].状态: [/].When implementation is done but verification is not done:
[?].When verification is done:
[x].When blocked:
[!].When deferred:
[-].When the project changes during implementation:
[-] with the reason, or rewrite them if they remain valid under the new state.Before considering task-document setup complete, verify:
README.md unless local history requires a loose entry.00-前置约束.md exists and states boundaries before coding.状态:....references/security-audit-task-pipeline.md.