菜单
Fetch and normalize the exact upstream Chromium security patch for ArkWeb integration.
用 Codex 或 Claude 帮你安装 复制这段 Prompt,粘贴到 Codex、Claude 或其他助手里,让它检查 Skill 页面并帮你完成安装。
基于 SOC 职业分类
Expert assistant for ArkTS-JS Interoperability in ArkCompiler (ArkTS runtime). 触发场景:修改/调试 ArkCompiler 互操作层代码(static_core/plugins/ets/runtime/interop_js/)、实现 ArkTS 与 JS 跨语言调用、处理 ETS 和 JS 之间的值转换(js_convert/JSRefConvert)、分析 Interop 内存泄漏与 GC 安全点、以及进行相关代码规范审查。
Guide for adding and maintaining ArkTS <-> JS/TS interoperability tests in ArkCompiler. 触发场景:在 plugins/ets/tests/interop_js/tests/ 目录下创建新的 ArkTS 与 JS/TS 互操作(Interop)测试用例、调试/维护已有 Interop 测试、编写 C++ 运行器(GTest runner)或声明文件(.d.ets)时。
Use when an OpenHarmony C++ change must be checked for call-chain completeness, especially for data propagation, IPC/proxy/stub paths, virtual overrides, callbacks, or dlopen/dlsym boundaries. Produces evidence tables and modification coverage matrices; the helper script only discovers candidate edges.
Use when the user wants to download OpenHarmony daily build images or flash them to a real device (DAYU200/RK3568 or others). Triggers on daily build, DAYU200, RK3568, flashing, burning, hdc reboot, upgrading firmware.
为 C/C++ 项目生成 LLVM libFuzzer FUZZ 测试用例、执行 26 条安全规范审查、生成语义化种子数据。 兼容 OpenHarmony / Linux / Android 构建系统。 触发关键词:fuzz 测试、生成 fuzzer、创建 fuzz 用例、fuzz 规范检查、fuzz_test、LLVMFuzzerTestOneInput、种子数据/corpus
ETS-JavaScript interop Promise bridging system in ArkCompiler. Use this skill when working on cross-language Promise conversion between ETS (ArkTS) and JavaScript, including JSConvertPromise Wrap/Unwrap, EtsPromise proxy creation, EtsPromiseRef bridging, CreatePromiseLink, OnJsPromiseCompleted callbacks, connectPromise, SettleJsPromise, PromiseInteropResolve/Reject, EtsAwaitPromise/AwaitProxyPromise, callback queue management, or any code under js_convert.h (Promise section), js_job_queue, ets_promise, ets_promise_ref, std_core_Promise.cpp, or PromiseInterop.ets. Also use when debugging cross-VM Promise state synchronization, coroutine suspension/resumption during await, or napi_deferred lifecycle issues.
| name | arkweb-security-patch-fetch |
| description | Fetch and normalize the exact upstream Chromium security patch for ArkWeb integration. |
| metadata | {"descriptionZH":"ArkWeb 上游补丁抓取技能。只抓取明确目标修复 commit/CL,不补抓依赖 patch,不混入无关 PR。","tags":["ArkWeb","patch","Chromium","Gerrit"]} |
用于 arkweb-security-patch-fetcher。
Use this skill after vulnerability intake has selected upstream fix PRs/CLs. It fetches or locates the exact patch files and modified file list used by later ArkWeb impact and merge stages.
.ace-outputs/{runId}/{issue_id}/01_issue_analysis.md.ace-outputs/{runId}/{issue_id}/01_issue_analysis.jsonupstream_fix_prs[] 是唯一可信入口;不要重新从相似标题或相同目录扩展抓取范围。写入同一个 issue 目录:
.ace-outputs/{runId}/{issue_id}/02_patch_fetch.md.ace-outputs/{runId}/{issue_id}/02_patch_fetch.json.ace-outputs/{runId}/{issue_id}/patches/根目录不得写任何文件;不得生成 02_patch_fetch.index.md/json 或 .ace-outputs/{runId}/patches/。
Detailed output structure is in references/patch-fetch-output.md.
优先使用内置脚本抓取和校验 patch,不要在运行时重新生成临时 Python 脚本:
python3 skills/arkweb-security-patch-fetch/scripts/fetch_chromium_patch.py \
--project-root <context.codebase> \
--output-root <context.projectRoot>/.ace-outputs/<runId>
可选参数:
--issue-id <issue_id>:只处理单个 issue;--offline:不联网,只根据 upstream_fix_prs[] 生成可复现抓取命令和阻塞说明。脚本能力:
{issue_id}/01_issue_analysis.json;<context.projectRoot>/.ace-outputs/<runId>,不能写到 ACEHarness run 日志目录;真实 ArkWeb 源码根使用 context.codebase;upstream_fix_prs[] 的第一个主修复候选,后续候选写入 excluded_candidates[];{issue_id}/patches/,并生成 02_patch_fetch.md/json;裁决阶段可用独立校验脚本复查已有 patch_files[]:
python3 skills/arkweb-security-patch-fetch/scripts/validate_patch_files.py \
--project-root <context.codebase> \
--output-root <context.projectRoot>/.ace-outputs/<runId>
字段归属边界:
culprit、bisect、introduced by、caused by、regression range、first bad 等语义指向的 PR/CL 只能作为根因或版本范围证据,不得作为 patch 抓取对象。upstream_fix_prs[] 中的候选看起来是 bug-introducing PR/CL 而不是修复 PR/CL,必须在 excluded_candidates[] 记录并阻塞抓取,不得下载其 patch 当作修复。https://chromium-review.googlesource.com/changes/{project}~{cl}/revisions/current/files 获取文件列表,patch 可尝试 .../revisions/current/patch?download 或 Gerrit 下载链接;失败时记录 HTTP 状态和命令。.patch/.diff 必须包含标准 diff 信号之一:diff --git、Index:、--- a/ + +++ b/、或 mbox patch 的 From <hash> + Subject: + diff hunks;<!DOCTYPE html>、<html、HTTP 错误文本、Gerrit/Gitiles 错误页、)]}' JSON metadata,必须标记为 invalid patch;02_patch_fetch.md/json 中写为“patch 已归档/可进入后续阶段”。