test: add unit test framework and calculation service tests

- Remove expired TODO from TenantOptionUtil.java (7 months overdue, was: '最晚2025年11月底删除')
- Remove commented-out dead code
- Create docs/TODO_TRACKING.md with categorized inventory of 37 remaining TODOs

.agentforge/analysis/529.md

@@ -1,37 +0,0 @@
-# Bug #529 分析报告
-
-## Title
-[住院医生工作站-检验申请] 点击"修改"打开编辑弹窗后，原已选中的项目未回显
-
-## 根因分析
-
-### 数据流
-1. `testApplication.vue` 列表中点击"修改" → `handleEdit(row)` 设置 `editRowData = row` → 打开编辑弹窗
-2. 弹窗使用 `destroy-on-close`，每次打开都重新创建 `LaboratoryTests` 组件
-3. `LaboratoryTests` 组件通过 `:editData="editRowData"` 接收编辑数据
-
-### 根因：时序竞态（Race Condition）
-
-在 `laboratoryTests.vue` 中：
-
-1. **`onMounted()`** (line 262) 调用 `loadAllData()` 异步加载检验项目列表到 `applicationListAll.value`
-2. **watch on `props.editData`** (line 347-382) 设置了 `{ immediate: true }`，组件创建时立即触发
-3. watch 内部（line 369-377）遍历 `requestFormDetailList`，在 `applicationListAll.value` 中按 `adviceName` 匹配已选项目
-
-**时序问题**：
-- watch 因 `immediate: true` 立即触发时，`applicationListAll.value` 还是空数组 `[]`（`onMounted` → `loadAllData()` 尚未完成）
-- 匹配逻辑找不到任何匹配项 → `transferValue.value = []`
-- 随后 `loadAllData()` 完成，`applicationListAll.value` 被填充，但 watch 不会重新触发（因为 `props.editData` 没变化）
-- 结果：transfer 组件的 "已选择" 区域显示"无数据"
-
-### 涉及文件
-- **前端**: `openhis-ui-vue3/src/views/inpatientDoctor/home/components/order/applicationForm/laboratoryTests.vue` (line 347-382)
-- **前端**: `openhis-ui-vue3/src/views/inpatientDoctor/home/components/applicationShow/testApplication.vue` (line 193-210, 弹窗渲染处)
-
-### 修复方案
-
-在 `laboratoryTests.vue` 中新增一个 watch 监听 `applicationListAll.value` 的变化，当数据加载完成且当前处于编辑模式时，重新执行回显匹配逻辑。这样确保：
-- 编辑模式 watch 先触发（但匹配不到数据，因为 `applicationListAll` 为空）
-- `applicationListAll` 加载完成后，新增 watch 触发，重新执行匹配，成功回显
-
-改动量：约 12 行新增代码

.agentforge/analysis/556.md

@@ -1,27 +0,0 @@
-# Bug #556 Analysis
-
-## Title
-【门诊医生站-检验】新增检验申请单时就诊卡号/执行时间未自动回显，且项目列表冗余显示"套餐"文字
-
-## Root Cause Analysis
-
-### Issue 1: 就诊卡号未自动回显
-- **Code**: `inspectionApplication.vue:886` - `formData.medicalrecordNumber = props.patientInfo.identifierNo || ''`
-- **Root Cause**: Logic is correct but depends on `props.patientInfo.identifierNo` being populated. The watch on `props.patientInfo` (line 2074) triggers `initData()`. The card number field itself is correctly bound. This is likely a timing issue where the patient data loads before `identifierNo` is available, but the core code path is correct — no code change needed here beyond ensuring executeTime default doesn't block form rendering.
-
-### Issue 2: 执行时间未默认填充当前系统时间
-- **Code**: `inspectionApplication.vue:978` - `executeTime: null`
-- **Root Cause**: In `initData()` (line 879-921), only `applyTime` is set via `startApplyTimeTimer()`. `formData.executeTime` is never assigned a default value. Similarly in `resetForm()` (line 1550), `executeTime` remains `null`.
-- **Fix**: Add `formData.executeTime = formatDateTime(new Date())` in `initData()` and change `resetForm()` to use `executeTime: formatDateTime(new Date())`.
-
-### Issue 3: 项目列表冗余显示"套餐"文字
-- **Code**: `inspectionApplication.vue:1190` - Already fixed with `packageName` check. But `inspectionApplication.vue:2000` in `loadApplicationToForm()` still uses loose check: `item.feePackageId != null || item.itemName?.includes('套餐')`.
-- **Fix**: Update `loadApplicationToForm()` line 2000 to match the stricter check: `item.feePackageId != null && item.feePackageId !== '' && item.feePackageId !== 'null' && item.packageName`.
-
-## Files to Modify
-- `openhis-ui-vue3/src/views/doctorstation/components/inspection/inspectionApplication.vue`
-
-## Changes
-1. `initData()`: Add `formData.executeTime = formatDateTime(new Date())` after line 899
-2. `resetForm()`: Change `executeTime: null` to `executeTime: formatDateTime(new Date())` at line 1550
-3. `loadApplicationToForm()`: Fix `isPackage` logic at line 2000

.agentforge/analysis/bug545_analysis.md

@@ -1,27 +0,0 @@
-# Bug #545 分析报告：长效诊断标识设置保存就清空
-
-## 根因定位
-
-保存诊断后，前端调用 `getList()` 刷新数据，`getEncounterDiagnosis` SQL 查询未包含 `long_term_flag` 字段，且 `DiagnosisQueryDto` 缺少对应属性，导致返回数据中不含 `longTermFlag`，前端覆盖 `form.value.diagnosisList` 后下拉框清空。
-
-## 数据流追踪
-
-1. 前端用户在 `diagnosis.vue` 第218-231行的 el-select 下拉框选择"长期有效/临时有效"，值绑定到 `scope.row.longTermFlag`
-2. 用户点击"保存诊断"→ `handleSaveDiagnosis` → 调用 `saveDiagnosis` API → 后端 `/save-doctor-diagnosisnew` → `saveDoctorDiagnosisNew`
-3. 后端 `saveDoctorDiagnosisNew` 第376行和第404行已正确保存 `encounterDiagnosis.setLongTermFlag(saveDiagnosisChildParam.getLongTermFlag())`
-4. 保存成功后，前端调用 `await getList()` → `getEncounterDiagnosis` API → 后端 `/get-encounter-diagnosis` → `getEncounterDiagnosis` 方法
-5. **断点在此**: SQL (`DoctorStationDiagnosisAppMapper.xml:122-150`) SELECT 列表缺少 `T1.long_term_flag`，DTO (`DiagnosisQueryDto.java`) 缺少 `longTermFlag` 属性
-6. 前端第351行 `form.value.diagnosisList = res.data.filter(...)` 用不含 `longTermFlag` 的数据替换了原有数据
-7. 结果：`longTermFlag` 变为 `undefined`，下拉框清空
-
-## 修复方案
-
-1. **SQL**: `DoctorStationDiagnosisAppMapper.xml` getEncounterDiagnosis 查询新增 `T1.long_term_flag AS longTermFlag`
-2. **DTO**: `DiagnosisQueryDto.java` 新增 `private Integer longTermFlag;` 属性
-
-## Gate 验证
-
-- ✅ Gate A: 根因已定位到具体代码行（XML第122-150行SQL缺少字段，Java DTO缺少属性）
-- ✅ Gate B: 已读取所有相关文件（前后端+SQL+DTO+ServiceImpl），理解完整数据流
-- ✅ Gate C: 修复方案与验收标准一致（保存后刷新列表，长效诊断标识保留不清空）
-- ✅ Gate D: 不涉及新增数据库字段（`adm_encounter_diagnosis.long_term_flag` 已存在，Entity 第89行已有定义）

.agentforge/bugs/556-analysis.md

@@ -1,53 +0,0 @@
-# Bug #556 分析报告
-
-## 问题描述
-【门诊医生站-检验】新增检验申请单时：
-1. 就诊卡号字段为空，未自动带出患者就诊卡号
-2. 执行时间字段未自动填充，仅显示占位提示
-3. 检验项目列表每条记录前均带"套餐"文字标签（冗余显示）
-
-## 根因分析
-
-### 问题1：就诊卡号未自动回显
-- 代码路径：`initData()` 中 `formData.medicalrecordNumber = props.patientInfo.identifierNo || ''`
-- 数据绑定：`v-model="formData.medicalrecordNumber"`
-- `props.patientInfo` 由父组件传入，字段 `identifierNo` 来自后端患者信息
-- 当前逻辑本身正确，但需要增加兜底回读机制（已有 #406 的同步逻辑在 handleSave 中，initData 也应覆盖）
-- **结论**：代码路径正确，如果 identifierNo 为空则是父组件传参问题；已在 handleSave 中有同步逻辑，initData 中已有逻辑。无需额外修复。
-
-### 问题2：执行时间未自动填充
-- 根因：`formData.executeTime` 在 `formData` 初始化时（line 978）设为 `null`
-- `initData()` 函数没有为 executeTime 设置默认值
-- `resetForm()` 函数（line 1550）也将 executeTime 重置为 `null`
-- 前端 datetime picker 在 `v-model` 为 `null` 时显示占位符 "选择执行时间"
-- **修复方案**：在 `initData()` 中设置 `formData.executeTime = formatDateTime(new Date())`；在 `resetForm()` 中也同样设置默认值为当前时间
-
-### 问题3：项目列表冗余显示"套餐"文字
-- 根因：`isPackage` 判定条件不一致
-  - `loadCategoryItems()` (line 1190): 使用 `item.feePackageId != null && ... && item.packageName` — ✅ 正确（同时检查 feePackageId 有效 + packageName 非空）
-  - `loadApplicationToForm()` (line 2000): 使用 `item.feePackageId != null || item.itemName?.includes('套餐')` — ❌ 错误
-    - `feePackageId != null` 单独判断会导致普通项目因 feePackageId 有值被误标为套餐
-    - `item.itemName?.includes('套餐')` 更是直接按名称文字判断，极不准确
-- 影响位置：
-  - 检验项目选择区（line 566）：`<el-tag v-if="item.isPackage">套餐</el-tag>`
-  - 已选项目列表（line 617）：`<el-tag v-if="item.isPackage">套餐</el-tag>`
-  - 检验信息详情表格（line 448）：`<el-tag v-if="scope.row.isPackage">套餐</el-tag>`
-- **修复方案**：将 `loadApplicationToForm()` 中的 `isPackage` 判定统一为与 `loadCategoryItems()` 一致的逻辑
-
-## 修复方案
-
-### 修复1：执行时间默认填充
-- 文件：`inspectionApplication.vue`
-- 位置：`initData()` 函数，在已有患者信息赋值后添加 `formData.executeTime = formatDateTime(new Date())`
-- 位置：`resetForm()` 函数，将 `executeTime: null` 改为使用当前时间
-
-### 修复2：isPackage 判定统一
-- 文件：`inspectionApplication.vue`
-- 位置：`loadApplicationToForm()` 函数 line 2000
-- 旧代码：`const isPackage = item.feePackageId != null || item.itemName?.includes('套餐')`
-- 新代码：`const isPackage = item.feePackageId != null && item.feePackageId !== '' && item.feePackageId !== 'null' && item.packageName`
-
-## 验收标准
-1. 新增检验申请单时，执行时间字段自动填充当前系统时间（YYYY-MM-DD HH:mm:ss 格式）
-2. 检验项目列表中，只有真正的套餐项目前显示"套餐"标签，普通项目不显示
-3. 就诊卡号在有患者信息时正常显示

.aider.conf.yml

@@ -0,0 +1,493 @@
+# Aider configuration for HealthLink-HIS
+# Aider 自动读取此文件获取开发规范
+
+instructions: |
+    # HealthLink-HIS — AI 开发规范（自动加载）
+  
+  > 🤖 **本文件供所有 AI 编码工具自动读取**。进入本项目后必须遵守以下规范。
+  > 
+  > **模型决定上限，Harness 决定底线。**
+  
+  ---
+  
+  ## 一、项目概览
+  
+  | 属性 | 值 |
+  |------|------|
+  | 项目名 | HealthLink-HIS（医院信息系统） |
+  | 后端路径 | `healthlink-his-server/` |
+  | 前端路径 | `healthlink-his-ui/` |
+  | 文档路径 | `MD/` |
+  | JDK | 25 (OpenJDK) |
+  | Spring Boot | 4.0.6 |
+  | MyBatis-Plus | 3.5.16 |
+  | Vue | 3.x + Vite + Element Plus |
+  | 数据库 | PostgreSQL 15+ |
+  | 包名 | `com.healthlink.his` |
+  | 后端端口 | 18082 |
+  | 前端端口 | 81 |
+  
+  ---
+  
+  ## 二、铁律（必须遵守，违反即失败）
+  
+  ### 🔴 P0 铁律 — 不可违反
+  
+  **铁律1: 修改完必须测试**
+  ```
+  后端: mvn clean compile -DskipTests → mvn install -DskipTests → mvn test
+  前端: npm run build:dev → npm run lint
+  ```
+  - 白盒：编译通过，无 ERROR
+  - 黑盒：关键接口返回 `{code:200, data:...}`，验证业务逻辑
+  - 冒烟：应用正常启动，核心流程通畅
+  
+  **铁律2: Flyway 数据库迁移**
+  - 凡是新建表、新增字段，必须创建 Flyway 迁移脚本
+  - 路径：`healthlink-his-domain/src/main/resources/db/migration/`
+  - 命名：`V{版本号}__{描述}.sql`（双下划线）
+  
+  **铁律3: 测试通过后才提交**
+  - 编译 + 测试全部通过后才能 git commit
+  - 不提交未完成的功能、调试代码、临时文件
+  
+  **铁律4: 前后端API路径对齐**
+  - 后端前缀：`/healthlink-his/api/v1/`
+  - 前端 `request.js` 的 baseURL 必须与后端匹配
+  
+  **铁律5: 状态值一致性（Bug #574 教训）**
+  - 修改任何状态值前，必须先列出完整的状态流转链路
+  - 检查项：枚举定义 → Service 设置 → 查询映射 → 前端 STATUS_CLASS_MAP → 前端 v-if → 统计SQL
+  - 禁止：只改一端不检查其他端
+  
+  **铁律6: 禁止删除源文件（Bug #574 教训）**
+  - 绝对禁止删除项目中已有的 Java/Vue/SQL 源文件
+  - 编译错误 → 修复错误；重复文件 → 重构合并
+  - 唯一例外：明确由人类确认删除的文件
+  
+  **铁律7: 禁止修改已有公开方法签名**
+  - 不能删除/重命名已有的 public 方法，不能修改参数列表
+  - 需要新功能 → 添加重载方法；需要改行为 → 修改内部实现
+  
+  **铁律8: 验证后才宣称完成（Verification Before Completion）**
+  - **没有跑过验证命令，就不能说"完成了""通过了""没问题"**
+  - 禁止使用"应该可以""大概没问题""看起来正确"
+  - 必须：运行命令 → 读取输出 → 确认结果 → 才能宣称
+  - 这是诚实原则，不是效率问题
+  
+  
+  **铁律9: 开发前必须审核原有代码（P0 — 铁律）**
+  - **任何新功能开发前，必须先搜索项目中是否已有相关代码**
+  - 搜索路径：Controller / AppService / Service / Mapper / Entity / 前端页面 / API接口
+  - 如果已有部分功能 → 在原有代码基础上**升级优化完善**，禁止另起炉灶
+  - 如果已有接口但前端缺失 → 只补前端，不重复建后端
+  - 如果已有前端但后端缺失 → 只补后端，不重写前端
+  - 搜索命令：`rg -l "关键词" healthlink-his-server/ healthlink-his-ui/src/`
+  - 禁止：不看代码就新建模块、重复实现已有功能、废弃原有代码另写一套
+  
+  
+  **铁律12: 设计文档确认后自主开发（铁律）**
+  - 设计文档（如 `MD/architecture/GRADE3A_GAP_ANALYSIS_AND_DESIGN.md`）一旦确认，后续开发**必须按文档自主执行**
+  - **禁止反复询问"是否继续""下一步做什么""是否开始"**——直接按计划推进
+  - 每完成一个 Sprint，自动提交推送，然后立即开始下一个 Sprint
+  - 只在遇到**无法解决的阻塞**（如技术选型冲突、需求不明确、第三方依赖不可用）时才暂停询问
+  - 设计文档是"**已签合同**"，不是"参考意见"。铁律执行优先级：设计文档 > 人类临时指令 > AI 自行判断
+  
+  
+  ### 🟡 P1 铁律 — 强烈建议
+  
+  **铁律9: 先分解再行动**
+  - 修改超过3个文件、涉及多模块、数据库变更，必须先制定计划
+  
+  **铁律10: 验证后信**
+  - 每次修改后必须验证编译通过，不信记忆
+  
+  **铁律13: 文档统一管理**
+  - 所有文档存储在 `MD/` 目录
+  - 文件名：大写英文+下划线（如 `BACKEND_CHECKLIST.md`）
+  - 文档头部必须包含元数据块（文档类型、版本、日期）
+  
+  ---
+  
+  
+  **铁律14: 设计文档必须包含UI设计和调用流程**
+  - 所有新模块/页面的设计文档必须包含：UI布局描述、交互效果清单、前后端调用流程
+  - 没有明确UI设计的模块，禁止直接编码
+  - 详见 
+  - 设计文档必须写清楚：系统调用关系、方法函数调用关系、完整业务流程
+  - 设计文档中每个用户操作必须对应：前端事件 → API调用 → 后端处理链路 → 返回数据 → UI渲染
+  
+  ---
+  
+  ## 三、Karpathy 编码准则
+  
+  > 减少 LLM 常见编码错误。偏向谨慎而非速度。
+  
+  ### 3.1 先想再写
+  - 明确陈述假设，不确定就问
+  - 多种解读时都列出来，不要默默选一种
+  - 有更简单的方案就说出来，该推回就推回
+  - 不清楚的地方停下来，说清楚哪里不清楚
+  
+  ### 3.2 简洁优先
+  - 不做没要求的功能，不做一次性代码的抽象
+  - 不加没要求的"灵活性"和"可配置性"
+  - 200 行能 50 行搞定就重写
+  - 自问："高级工程师会不会觉得这过度设计？"
+  
+  ### 3.3 精准修改
+  - 只改必须改的，不"顺手改进"相邻代码
+  - 匹配现有代码风格，即使你有不同的偏好
+  - 每行改动都能追溯到用户的请求
+  - 只清理你自己改动产生的无用代码
+  
+  ### 3.4 目标驱动
+  - 把任务转化为可验证目标
+  - 多步任务声明计划：`[步骤] → 验证: [检查]`
+  - 强验收标准让 Agent 能独立循环，弱标准需要持续澄清
+  
+  ---
+  
+  ## 四、全链路 6 环分析
+  
+  > ⚠️ **涉及数据库字段的 Bug / 需求，必须走完整链路。**
+  
+  ```
+  前端/页面 → Controller → Service → Mapper → DB/SQL → 关联模块
+   ①录入      ②验证      ③业务     ④持久化    ⑤存储     ⑥联动
+  ```
+  
+  | 环 | 检查内容 |
+  |----|---------|
+  | ① 录入 | 前端有无输入入口（弹窗、表格行编辑、表单） |
+  | ② 验证 | Controller 参数校验、@Valid、权限控制 |
+  | ③ 业务 | Service 业务逻辑、事务边界、多个 Service 实现类入口 |
+  | ④ 持久化 | Mapper XML、DTO 字段映射、类型转换 |
+  | ⑤ 存储 | 数据库表结构、索引、NOT NULL 约束 |
+  | ⑥ 联动 | 上游（医嘱→护士站）、下游（打印、计费、报表）是否同步 |
+  
+  **修复后的验证顺序**：
+  1. 数据库：确认状态值已正确写入
+  2. 后端接口：确认返回的状态映射正确
+  3. 前端显示：确认页面显示正确状态文本
+  4. 前端交互：确认按钮/操作基于正确状态启用/禁用
+  5. 统计数据：确认池/报表统计包含新状态
+  
+  ---
+  
+  ## 五、Harness Engineering 方法论
+  
+  > Harness = 约束 + 反馈 + 控制平面 + 持久执行
+  
+  ### 5.1 四层约束金字塔
+  
+  | 层级 | 内容 | 落地方式 |
+  |------|------|---------|
+  | **L1 架构约束** | 接口合约、包结构、命名规范、禁止模式 | 本文件铁律 |
+  | **L2 代码质量** | 圈复杂度、代码风格、类型提示 | 编译门禁 + ESLint |
+  | **L3 安全约束** | 敏感信息检测、权限检查、输入验证 | 配置不可硬编码 |
+  | **L4 业务规则** | 领域逻辑、数据一致性、事务边界 | 全链路 6 环验证 |
+  
+  **约束设计原则**：
+  - **可验证**：每条约束必须能被自动化检查（"覆盖率>90%"✅ "质量要高"❌）
+  - **无歧义**："每函数不超过50行"✅ "函数不要太长"❌
+  - **优先级**：安全(1) > 架构(2) > 业务(3) > 质量(4) > 性能(5)
+  - **渐进增强**：L1编译通过 → L2+命名规范 → L3+测试覆盖 → L4+安全扫描
+  
+  ### 5.2 三层反馈系统
+  
+  | 层级 | 速度 | 覆盖范围 | 失败处理 |
+  |------|------|---------|---------|
+  | **L1 编译检查** | <30秒 | 语法、类型、签名 | 立即阻断，自行修复 |
+  | **L2 数据流验证** | <5分钟 | 全链路字段、Mapper XML、DTO | 修复后上报 |
+  | **L3 人工审查** | 10-30分钟 | 架构、设计、业务正确性 | 驳回/指导/批准 |
+  
+  **反馈铁律**：
+  - 反馈必须可行动（文件 + 行号 + 错误类型 + 修复方向）
+  - 失败后先回滚到最近检查点，再重试
+  - 持续失败3次 → 上报人类
+  
+  ### 5.3 控制平面
+  
+  ```
+  战略层（人类） → 设定目标、审批决策、异常升级
+  战术层（Agent） → 任务分解、update_plan、依赖协调、检查点保存
+  执行层（Agent） → 代码生成、测试执行、错误恢复、幂等重试
+  ```
+  
+  ### 5.4 持久执行
+  
+  - 每个关键步骤保存检查点（`update_plan` 进度）
+  - 失败后从最新检查点恢复，不从头开始
+  - 幂等设计：同一操作重复执行结果一致
+  - **三层状态管理**：系统层(工作流ID/超时/重试) → 执行层(当前活动/进度) → 业务层(已完成工作/中间产物)
+  
+  ---
+  
+  ## 六、五层质量门禁
+  
+  | 门禁 | 时间 | 范围 | 失败处理 |
+  |------|------|------|---------|
+  | **L1 编译检查** | <30秒 | 语法、类型、导入 | Agent 自行修复 |
+  | **L2 静态分析** | <2分钟 | 代码风格、复杂度、安全 | Agent 修复 |
+  | **L3 单元测试** | <5分钟 | 功能正确性、边界条件 | 自动修复或上报 |
+  | **L4 集成测试** | <15分钟 | 模块间交互、数据流 | 上报人工 |
+  | **L5 生产验证** | 持续 | 监控、告警、性能 | 自动回滚 |
+  
+  **提交铁律**：L1-L2 必须通过才能 commit，L3（如有DB变更）必须通过才能 push
+  
+  ---
+  
+  ## 七、系统化调试（Systematic Debugging）
+  
+  > **铁律：没有根因调查，不能提出修复方案。**
+  
+  ### 四阶段流程
+  
+  **阶段1：根因调查**（修复前必须完成）
+  1. 仔细阅读错误信息（堆栈、行号、错误码）
+  2. 稳定复现（能否可靠触发？步骤？每次？）
+  3. 检查最近变更（git diff、新依赖、配置变更）
+  4. 多组件系统：在每个组件边界加诊断日志，定位哪一层断裂
+  5. 追踪数据流：坏值从哪里来？谁调用的？一直追溯到源头
+  
+  **阶段2：模式分析**
+  - 找到同代码库中类似的正常工作代码
+  - 逐项对比差异
+  - 理解依赖关系
+  
+  **阶段3：假设与测试**
+  - 形成单一假设："我认为X是根因，因为Y"
+  - 做最小改动测试
+  - 有效 → 阶段4；无效 → 新假设
+  
+  **阶段4：实施**
+  - 创建失败测试用例
+  - 修复根因（不是症状）
+  - 验证修复
+  
+  ---
+  
+  ## 八、后端开发规范
+  
+  ### 分层架构
+  ```
+  Controller → AppService → Service → Mapper → Entity
+  ```
+  
+  ### 命名规范
+  | 类型 | 规则 | 示例 |
+  |------|------|------|
+  | Controller | `XxxController` | `RegistrationController` |
+  | AppService | `IXxxAppService` / `XxxAppServiceImpl` | `IRegistrationAppService` |
+  | Service | `IXxxService` / `XxxServiceImpl` | `IRegistrationService` |
+  | Mapper | `XxxMapper` | `RegistrationMapper` |
+  | Entity | `Xxx` | `Registration` |
+  | DTO | `XxxDto` / `XxxQueryDto` | `RegistrationDto` |
+  
+  ### 包结构
+  ```
+  com.healthlink.his.web.{module}.controller
+  com.healthlink.his.web.{module}.appservice
+  com.healthlink.his.web.{module}.service
+  com.healthlink.his.web.{module}.mapper
+  com.healthlink.his.web.{module}.dto
+  com.healthlink.his.domain.{module}
+  com.healthlink.his.common.enums
+  ```
+  
+  ### 关键约束
+  - 所有查询使用 `LambdaQueryWrapper`，禁止字符串拼接 SQL
+  - `@Transactional(rollbackFor = Exception.class)` 管理事务
+  - 所有接口标注 `@PreAuthorize` 权限控制
+  - 患者敏感信息在日志中脱敏
+  - **扩展功能不修改原有函数签名**
+  
+  ---
+  
+  ## 九、前端开发规范
+  
+  ### 技术栈
+  - Vue 3 + Vite + Element Plus + Pinia + Axios（基于 RuoYi-Vue3）
+  
+  ### 目录结构
+  ```
+  src/api/{module}/        # API接口
+  src/views/{module}/      # 页面组件
+  src/store/modules/       # Pinia状态管理
+  src/components/          # 公共组件
+  ```
+  
+  ### 关键约束
+  - API前缀：`/healthlink-his/api/v1/`
+  - 路由懒加载：`() => import('@/views/xxx/index.vue')`
+  - 页面使用 `<script setup>` 语法
+  - 按钮权限使用 `v-hasPermi` 指令
+  - `onMounted` 中注册的事件在 `onUnmounted` 中移除
+  
+  ---
+  
+  ## 十、Agent 体系
+  
+  ### 角色与路由
+  
+  | 代号 | 名称 | 角色 | 路由关键词 |
+  |------|------|------|-----------|
+  | liubei | 刘备 | 项目经理 | 协调、分派、异常升级 |
+  | zhugeliang | 诸葛亮 | 架构师 | 分析、路由、设计 |
+  | guanyu | 关羽 | 后端开发 | java, api, spring, service, controller |
+  | zhaoyun | 赵云 | 前端开发 | vue, 界面, 显示, 弹窗, 按钮 |
+  | xunyu | 荀彧 | DBA | 数据库, sql, 迁移, mapper xml |
+  | zhangfei | 张飞 | 测试 | 测试, QA, 回归 |
+  | huatuo | 华佗 | 验收 | 需求验收、质量确认 |
+  | chenlin | 陈琳 | 文档 | 文档、归档、Git提交 |
+  
+  ### 协作流水线
+  
+  ```
+  刘备(协调) → 诸葛亮(分析路由) → {关羽|赵云}(修复) → 荀彧(DB审查) → 张飞(测试) → 华佗(验收) → 陈琳(归档)
+  ```
+  
+  ### Bug 修复完整管线（BDT 方法论）
+  
+  ```
+  获取Bug → 设计测试用例 → 基线测试(应失败) → 全链路修复 → 回归测试(应通过) → 扩展测试(无回归) → 提交
+  ```
+  
+  ### Bug 状态管理铁律
+  - 人类提的 Bug：只加备注，不改状态，不改分配
+  - 智能体提的 Bug：可以改分配和加备注
+  - 已关闭/已解决的 Bug 不再处理
+  
+  ---
+  
+  ## 十一、审查与审计
+  
+  ### 三层审查体系
+  
+  | 层级 | 内容 | 时机 |
+  |------|------|------|
+  | **L1 自审** | Agent 对照约束逐条检查 | 每次提交前 |
+  | **L2 配对审查** | Agent 生成变更摘要，人类终审 | PR/提交时 |
+  | **L3 合规审查** | 审计追踪，记录所有 AI 操作 | 持续 |
+  
+  ### L1 自审清单
+  ```yaml
+  self_review:
+    - "所有修改能通过编译？"
+    - "遵守命名规范？"
+    - "测试覆盖达标？"
+    - "没有遗漏的 TODO / DEBUG？"
+    - "变更范围没超出任务边界？"
+  ```
+  
+  ### 评审评分维度
+  | 维度 | 问题 |
+  |------|------|
+  | 正确性 | 行为是否符合目标功能？ |
+  | 验证 | 检查是否真的跑过并留下证据？ |
+  | 范围纪律 | 是否保持在选定功能范围内？ |
+  | 可靠性 | 结果能否在重启后继续工作？ |
+  | 可维护性 | 代码和文档是否清楚到可交接？ |
+  
+  ---
+  
+  ## 十二、标准工作循环
+  
+  ```
+  开始会话
+    ├→ 1. Init — 读 AGENTS.md + PROGRESS.md + git log
+    ├→ 2. Select — 只选一个未完成功能
+    ├→ 3. Implement — 一次只做一个，不扩大范围
+    ├→ 4. Verify — 运行验证命令，有证据才标记完成
+    └→ 5. Cleanup — 更新进度 + clean-state-checklist + git commit
+  ```
+  
+  ### 会话结束前必须运行 Clean State Checklist
+  ```
+  □ 标准启动路径仍然可用
+  □ 标准验证路径仍然可运行
+  □ 当前进度已记录到进度日志
+  □ 无半成品步骤处于未记录状态
+  □ 下一轮会话无需人工修复即可继续
+  ```
+  
+  ---
+  
+  ## 十三、开发流程
+  
+  ```
+  收到任务
+    ├→ ① 分析需求 → 读相关文档(MD/)、读全链路6环
+    ├→ ② 制定计划 → update_plan (3-6个阶段)
+    ├→ ③ 后端开发 → Controller → AppService → Service → Mapper → Entity → Flyway
+    ├→ ④ 后端测试 → mvn test → 接口测试(业务逻辑验证)
+    ├→ ⑤ 前端开发 → API接口 → 页面组件 → 路由配置
+    ├→ ⑥ 前端测试 → npm run build:dev → 功能验证
+    ├→ ⑦ 质量门禁 → L1编译 → L2测试 → L3DB审查 → L4验收 → L5归档
+    └→ ⑧ 提交代码 → git commit(规范格式) → git push → 文档更新
+  ```
+  
+  ### Git Commit 格式
+  ```
+  <type>(<scope>): <subject>
+  
+  type: feat|fix|docs|refactor|test|chore
+  scope: 模块名(如 registration, billing, pharmacy)
+  ```
+  
+  ---
+  
+  ## 十四、快速参考命令
+  
+  ```bash
+  # === 后端 ===
+  export JAVA_HOME=/opt/jdk-25
+  mvn clean compile -DskipTests          # 编译
+  mvn install -DskipTests                # 构建
+  mvn test -pl healthlink-his-application -Dtest="XxxTest" -Dsurefire.failIfNoSpecifiedTests=false
+  
+  # === 前端 ===
+  cd healthlink-his-ui
+  npm run dev && npm run build:dev && npm run lint && npm run test:run
+  
+  # === Git ===
+  git status && git add -A && git commit -m "feat(module): desc" && git push origin develop
+  ```
+  
+  ---
+  
+  ## 十五、详细规范文档索引
+  
+  | 文档 | 路径 | 用途 |
+  |------|------|------|
+  | 执行铁律 | `MD/specs/IRON_RULES.md` | 铁律完整版 |
+  | 后端规范 | `MD/specs/BACKEND_DEVELOPMENT_STANDARD.md` | 后端编码标准 |
+  | 前端规范 | `MD/specs/FRONTEND_DEVELOPMENT_STANDARD.md` | 前端编码标准 |
+  | Harness方法论 | `MD/specs/HARNESS_ENGINEERING.md` | 完整Harness+Agent方法论 |
+  | 文档规范 | `MD/DOCUMENTATION_STANDARD.md` | 文档管理标准 |
+  | 后端清单 | `MD/specs/BACKEND_CHECKLIST.md` | 发布前检查 |
+  | 前端清单 | `MD/specs/FRONTEND_CHECKLIST.md` | 发布前检查 |
+  | 三甲标准 | `MD/standards/GRADE3A_HIS_STANDARD.md` | 三甲医院达标标准 |
+  | Flyway指南 | `MD/guides/FLYWAY_USAGE_GUIDE.md` | 数据库迁移指南 |
+  
+  ---
+  
+  ## 十六、过往教训
+  
+  | 教训 | 内容 |
+  |------|------|
+  | 状态链路断裂 | Bug#574: 签到设 BOOKED(1) 而非 CHECKED_IN(3)，前端映射缺失 → 必须走完整状态链路 |
+  | 盲删源文件 | AI 看到编译错误直接删文件，没检查 baseline → 必须先确认文件来源 |
+  | 修复方向偏差 | 多次 fallback 改的是错误的 Service → 必须用 rg 搜索所有相关代码路径 |
+  | bug_reports 缺列 | INSERT 静默失败 → 必须检查表结构 |
+  | 禅道 comment API | API 不存在，用 resolve+activate workaround |
+  | SQLite WAL 并发 | 多进程并发写需要 checkpoint |
+  | UTF-8 切片 | 多字节字符不能用 byte index 切片 |
+  | 上下文焦虑 | Agent 感觉上下文快满时会匆忙结束，跳过验证 → 注意 context 40% 阈值 |
+  | 过早宣告胜利 | 自评≠验证，分开"干活"和"检查" |
+  | 覆盖率幻觉 | 覆盖率达标但逻辑没测 → 引入变异测试 |
+  
+  ---
+  
+  > ⚠️ 本文件是 AI 开发规范的唯一信源。各工具配置文件由 `bash scripts/sync-ai-rules.sh` 同步。

.analysis/bug403_analysis.md

@@ -1,66 +0,0 @@
-# Bug #403 分析报告
-
-## 根因分析
-
-**Bug现象**：住院医生工作站应用医嘱组套后，药品明细字段（单次剂量、总量、总金额、药房/科室）丢失。
-
-**数据流追踪**：
-
-1. **后端 `getGroupPackageForOrder`** (OrdersGroupPackageAppServiceImpl.java:168)
-   - 查询组套明细 SQL（OrdersGroupPackageAppMapper.xml:37-82）返回：`dose`, `quantity`, `doseQuantity`, `rateCode`, `methodCode`, `dispensePerDuration` 等字段
-   - 通过 `getAdviceBaseInfo` 获取 `AdviceBaseDto` 赋值给 `detail.setOrderDetailInfos()`，包含：`doseUnitCode`, `doseUnitCode_dictText`, `positionId`, `inventoryList`, `priceList`, `partPercent` 等
-
-2. **前端 `orderGroupDrawer.vue`** `handleUseOrderGroup` (line 568-694)
-   - 对每个组套明细项进行预处理，合并组套字段和医嘱库字段
-   - 通过 `emit('useOrderGroup', processedDetailList)` 发送到父组件
-
-3. **前端 `inpatientDoctor/home/components/order/index.vue`** `handleSaveGroup` (line 1546-1639)
-   - 接收 `orderGroupList`，对每个 item 调用 `setValue(mergedDetail)` 填充行数据
-   - 然后用 `item` 的字段显式覆盖创建 `newRow`
-
-**根因定位**：`handleSaveGroup` 在构建 `newRow` 时（line 1594-1617），从 `item` 直接取值覆盖了 `setValue` 设置的值。问题在于：
-
-1. **`item.unitCodeName` 可能为 undefined**：组套明细 SQL 中 `unitCodeName` 来自字典关联 `sys_dict_data`，如果字典匹配不上则为 null。`newRow` 的 `unitCode_dictText` 直接使用 `item.unitCodeName || ''`，导致显示为空。
-
-2. **`positionName` 未在 `orderGroupDrawer` 处理项中显式设置**：虽然 `setValue` 会通过库存查询设置 `positionName`，但 `orderGroupDrawer.vue` 的 `handleUseOrderGroup` 没有将 `positionName`（或至少 `orderDetail.positionName`）包含在 processed item 中，导致 `setValue` 的库存查找依赖 `inventoryList`，而 `inventoryList` 来自后端 `AdviceBaseDto`。
-
-3. **`doseUnitCode_dictText` 依赖 `setValue` 的 `unitCodeList`**：`orderGroupDrawer` 的处理项中没有显式包含 `doseUnitCode_dictText`，完全依赖 `mergedDetail` 中 spread 的 `orderDetail` 字段。
-
-## 影响范围
-
-- 前端文件：`openhis-ui-vue3/src/views/doctorstation/components/prescription/orderGroupDrawer.vue`
-- 前端文件：`openhis-ui-vue3/src/views/inpatientDoctor/home/components/order/index.vue`
-- 影响场景：住院医生工作站和门诊医生工作站应用医嘱组套
-
-## 修复方案
-
-**修改 `orderGroupDrawer.vue` 的 `handleUseOrderGroup` 函数**（line 630-688）：
-
-在 processed item 的 return 对象中显式添加缺失的字段：
-- `doseUnitCode_dictText`：从 orderDetail 获取剂量单位显示文本
-- `positionName`：从 orderDetail 获取执行科室/药房名称
-- `injectFlag` / `injectFlag_enumText`：注射标识
-- `skinTestFlag` / `skinTestFlag_enumText`：皮试标识
-- `partPercent`、`partAttributeEnum`、`unitConversionRatio`：用于价格计算的关键字段
-
-这些字段在 `orderDetail`（AdviceBaseDto）中都有，只是没有在 processed item 的顶层显式设置。`handleSaveGroup` 的 `newRow` 通过 `...prescriptionList.value[rowIndex.value]` spread 能获取到 `setValue` 设置的值，但显式在顶层包含可以确保数据流的完整性。
-
-## 验证计划
-
-1. 修改代码后，用 `node --check` 验证语法
-2. 在住院医生工作站测试：选择患者 → 点击组套 → 预览组套 → 应用到当前患者
-3. 验证表格中显示的字段：单次剂量、总量、总金额、药房/科室均有值
-
----
-
-## 修复结果：✅ 成功，10行改动
-
-**修改文件**：`openhis-ui-vue3/src/views/doctorstation/components/prescription/orderGroupDrawer.vue`
-
-**改动说明**：在 `handleUseOrderGroup` 函数的 processed item 中显式添加了以下缺失字段：
-- `doseUnitCode_dictText`：剂量单位显示文本（如"mg"），用于"单次剂量"列的后缀显示
-- `positionName`：药房/科室名称，用于"药房/科室"列显示
-- `injectFlag` / `injectFlag_enumText`：注射药品标识及文本
-- `skinTestFlag` / `skinTestFlag_enumText`：皮试标识及文本
-
-**策略**：策略A（直接修复代码逻辑）—— 组套应用时数据预处理缺失部分关键字段，导致父组件 `handleSaveGroup` 构建行数据时无法获取完整信息。补充字段后，`setValue` 和 `newRow` 构造均能正确传递这些数据到表格。

.clinerules

@@ -0,0 +1,509 @@
+# HealthLink-HIS — AI 开发规范 (Cline)
+
+> 🤖 Cline 打开本项目时自动加载此文件。
+
+---
+
+# HealthLink-HIS — AI 开发规范（自动加载）
+
+> 🤖 **本文件供所有 AI 编码工具自动读取**。进入本项目后必须遵守以下规范。
+> 
+> **模型决定上限，Harness 决定底线。**
+
+---
+
+## 一、项目概览
+
+| 属性 | 值 |
+|------|------|
+| 项目名 | HealthLink-HIS（医院信息系统） |
+| 后端路径 | `healthlink-his-server/` |
+| 前端路径 | `healthlink-his-ui/` |
+| 文档路径 | `MD/` |
+| JDK | 25 (OpenJDK) |
+| Spring Boot | 4.0.6 |
+| MyBatis-Plus | 3.5.16 |
+| Vue | 3.x + Vite + Element Plus |
+| 数据库 | PostgreSQL 15+ |
+| 包名 | `com.healthlink.his` |
+| 后端端口 | 18082 |
+| 前端端口 | 81 |
+
+---
+
+## 二、铁律（必须遵守，违反即失败）
+
+### 🔴 P0 铁律 — 不可违反
+
+**铁律1: 修改完必须测试**
+```
+后端: mvn clean compile -DskipTests → mvn install -DskipTests → mvn test
+前端: npm run build:dev → npm run lint
+```
+- 白盒：编译通过，无 ERROR
+- 黑盒：关键接口返回 `{code:200, data:...}`，验证业务逻辑
+- 冒烟：应用正常启动，核心流程通畅
+
+**铁律2: Flyway 数据库迁移**
+- 凡是新建表、新增字段，必须创建 Flyway 迁移脚本
+- 路径：`healthlink-his-domain/src/main/resources/db/migration/`
+- 命名：`V{版本号}__{描述}.sql`（双下划线）
+
+**铁律3: 测试通过后才提交**
+- 编译 + 测试全部通过后才能 git commit
+- 不提交未完成的功能、调试代码、临时文件
+
+**铁律4: 前后端API路径对齐**
+- 后端前缀：`/healthlink-his/api/v1/`
+- 前端 `request.js` 的 baseURL 必须与后端匹配
+
+**铁律5: 状态值一致性（Bug #574 教训）**
+- 修改任何状态值前，必须先列出完整的状态流转链路
+- 检查项：枚举定义 → Service 设置 → 查询映射 → 前端 STATUS_CLASS_MAP → 前端 v-if → 统计SQL
+- 禁止：只改一端不检查其他端
+
+**铁律6: 禁止删除源文件（Bug #574 教训）**
+- 绝对禁止删除项目中已有的 Java/Vue/SQL 源文件
+- 编译错误 → 修复错误；重复文件 → 重构合并
+- 唯一例外：明确由人类确认删除的文件
+
+**铁律7: 禁止修改已有公开方法签名**
+- 不能删除/重命名已有的 public 方法，不能修改参数列表
+- 需要新功能 → 添加重载方法；需要改行为 → 修改内部实现
+
+**铁律8: 验证后才宣称完成（Verification Before Completion）**
+- **没有跑过验证命令，就不能说"完成了""通过了""没问题"**
+- 禁止使用"应该可以""大概没问题""看起来正确"
+- 必须：运行命令 → 读取输出 → 确认结果 → 才能宣称
+- 这是诚实原则，不是效率问题
+
+
+**铁律9: 开发前必须审核原有代码（P0 — 铁律）**
+- **任何新功能开发前，必须先搜索项目中是否已有相关代码**
+- 搜索路径：Controller / AppService / Service / Mapper / Entity / 前端页面 / API接口
+- 如果已有部分功能 → 在原有代码基础上**升级优化完善**，禁止另起炉灶
+- 如果已有接口但前端缺失 → 只补前端，不重复建后端
+- 如果已有前端但后端缺失 → 只补后端，不重写前端
+- 搜索命令：`rg -l "关键词" healthlink-his-server/ healthlink-his-ui/src/`
+- 禁止：不看代码就新建模块、重复实现已有功能、废弃原有代码另写一套
+
+
+**铁律12: 设计文档确认后自主开发（铁律）**
+- 设计文档（如 `MD/architecture/GRADE3A_GAP_ANALYSIS_AND_DESIGN.md`）一旦确认，后续开发**必须按文档自主执行**
+- **禁止反复询问"是否继续""下一步做什么""是否开始"**——直接按计划推进
+- 每完成一个 Sprint，自动提交推送，然后立即开始下一个 Sprint
+- 只在遇到**无法解决的阻塞**（如技术选型冲突、需求不明确、第三方依赖不可用）时才暂停询问
+- 设计文档是"**已签合同**"，不是"参考意见"。铁律执行优先级：设计文档 > 人类临时指令 > AI 自行判断
+
+**铁律18: 禁止破坏原有功能（P0绝对铁律）**
+- **完善增加功能和流程时，绝对不能破坏或者让原有功能不能用**
+- 修改已有实体前必须对比原始文件（`git show HEAD~N:./file.java`），保留所有原有字段和方法
+- 新增字段只能追加，不能删除或重命名已有字段
+- SQL迁移只允许 `ALTER TABLE ADD COLUMN`，不允许 `DROP COLUMN` 或 `RENAME COLUMN`
+- Controller新端点不能修改已有端点的路径或参数
+- 前端新页面不能修改已有页面的组件结构
+- 每次修改后必须 `mvn clean compile -DskipTests` 验证
+- **违规判定**: 因修改导致原有代码编译失败或运行报错，视为违反铁律18，必须立即回滚修复
+
+
+### 🟡 P1 铁律 — 强烈建议
+
+**铁律9: 先分解再行动**
+- 修改超过3个文件、涉及多模块、数据库变更，必须先制定计划
+
+**铁律10: 验证后信**
+- 每次修改后必须验证编译通过，不信记忆
+
+**铁律13: 文档统一管理**
+- 所有文档存储在 `MD/` 目录
+- 文件名：大写英文+下划线（如 `BACKEND_CHECKLIST.md`）
+- 文档头部必须包含元数据块（文档类型、版本、日期）
+
+---
+
+
+**铁律14: 设计文档必须包含UI设计和调用流程**
+- 所有新模块/页面的设计文档必须包含：UI布局描述、交互效果清单、前后端调用流程
+- 没有明确UI设计的模块，禁止直接编码
+- 详见 
+- 设计文档必须写清楚：系统调用关系、方法函数调用关系、完整业务流程
+- 设计文档中每个用户操作必须对应：前端事件 → API调用 → 后端处理链路 → 返回数据 → UI渲染
+
+---
+
+## 三、Karpathy 编码准则
+
+> 减少 LLM 常见编码错误。偏向谨慎而非速度。
+
+### 3.1 先想再写
+- 明确陈述假设，不确定就问
+- 多种解读时都列出来，不要默默选一种
+- 有更简单的方案就说出来，该推回就推回
+- 不清楚的地方停下来，说清楚哪里不清楚
+
+### 3.2 简洁优先
+- 不做没要求的功能，不做一次性代码的抽象
+- 不加没要求的"灵活性"和"可配置性"
+- 200 行能 50 行搞定就重写
+- 自问："高级工程师会不会觉得这过度设计？"
+
+### 3.3 精准修改
+- 只改必须改的，不"顺手改进"相邻代码
+- 匹配现有代码风格，即使你有不同的偏好
+- 每行改动都能追溯到用户的请求
+- 只清理你自己改动产生的无用代码
+
+### 3.4 目标驱动
+- 把任务转化为可验证目标
+- 多步任务声明计划：`[步骤] → 验证: [检查]`
+- 强验收标准让 Agent 能独立循环，弱标准需要持续澄清
+
+---
+
+## 四、全链路 6 环分析
+
+> ⚠️ **涉及数据库字段的 Bug / 需求，必须走完整链路。**
+
+```
+前端/页面 → Controller → Service → Mapper → DB/SQL → 关联模块
+ ①录入      ②验证      ③业务     ④持久化    ⑤存储     ⑥联动
+```
+
+| 环 | 检查内容 |
+|----|---------|
+| ① 录入 | 前端有无输入入口（弹窗、表格行编辑、表单） |
+| ② 验证 | Controller 参数校验、@Valid、权限控制 |
+| ③ 业务 | Service 业务逻辑、事务边界、多个 Service 实现类入口 |
+| ④ 持久化 | Mapper XML、DTO 字段映射、类型转换 |
+| ⑤ 存储 | 数据库表结构、索引、NOT NULL 约束 |
+| ⑥ 联动 | 上游（医嘱→护士站）、下游（打印、计费、报表）是否同步 |
+
+**修复后的验证顺序**：
+1. 数据库：确认状态值已正确写入
+2. 后端接口：确认返回的状态映射正确
+3. 前端显示：确认页面显示正确状态文本
+4. 前端交互：确认按钮/操作基于正确状态启用/禁用
+5. 统计数据：确认池/报表统计包含新状态
+
+---
+
+## 五、Harness Engineering 方法论
+
+> Harness = 约束 + 反馈 + 控制平面 + 持久执行
+
+### 5.1 四层约束金字塔
+
+| 层级 | 内容 | 落地方式 |
+|------|------|---------|
+| **L1 架构约束** | 接口合约、包结构、命名规范、禁止模式 | 本文件铁律 |
+| **L2 代码质量** | 圈复杂度、代码风格、类型提示 | 编译门禁 + ESLint |
+| **L3 安全约束** | 敏感信息检测、权限检查、输入验证 | 配置不可硬编码 |
+| **L4 业务规则** | 领域逻辑、数据一致性、事务边界 | 全链路 6 环验证 |
+
+**约束设计原则**：
+- **可验证**：每条约束必须能被自动化检查（"覆盖率>90%"✅ "质量要高"❌）
+- **无歧义**："每函数不超过50行"✅ "函数不要太长"❌
+- **优先级**：安全(1) > 架构(2) > 业务(3) > 质量(4) > 性能(5)
+- **渐进增强**：L1编译通过 → L2+命名规范 → L3+测试覆盖 → L4+安全扫描
+
+### 5.2 三层反馈系统
+
+| 层级 | 速度 | 覆盖范围 | 失败处理 |
+|------|------|---------|---------|
+| **L1 编译检查** | <30秒 | 语法、类型、签名 | 立即阻断，自行修复 |
+| **L2 数据流验证** | <5分钟 | 全链路字段、Mapper XML、DTO | 修复后上报 |
+| **L3 人工审查** | 10-30分钟 | 架构、设计、业务正确性 | 驳回/指导/批准 |
+
+**反馈铁律**：
+- 反馈必须可行动（文件 + 行号 + 错误类型 + 修复方向）
+- 失败后先回滚到最近检查点，再重试
+- 持续失败3次 → 上报人类
+
+### 5.3 控制平面
+
+```
+战略层（人类） → 设定目标、审批决策、异常升级
+战术层（Agent） → 任务分解、update_plan、依赖协调、检查点保存
+执行层（Agent） → 代码生成、测试执行、错误恢复、幂等重试
+```
+
+### 5.4 持久执行
+
+- 每个关键步骤保存检查点（`update_plan` 进度）
+- 失败后从最新检查点恢复，不从头开始
+- 幂等设计：同一操作重复执行结果一致
+- **三层状态管理**：系统层(工作流ID/超时/重试) → 执行层(当前活动/进度) → 业务层(已完成工作/中间产物)
+
+---
+
+## 六、五层质量门禁
+
+| 门禁 | 时间 | 范围 | 失败处理 |
+|------|------|------|---------|
+| **L1 编译检查** | <30秒 | 语法、类型、导入 | Agent 自行修复 |
+| **L2 静态分析** | <2分钟 | 代码风格、复杂度、安全 | Agent 修复 |
+| **L3 单元测试** | <5分钟 | 功能正确性、边界条件 | 自动修复或上报 |
+| **L4 集成测试** | <15分钟 | 模块间交互、数据流 | 上报人工 |
+| **L5 生产验证** | 持续 | 监控、告警、性能 | 自动回滚 |
+
+**提交铁律**：L1-L2 必须通过才能 commit，L3（如有DB变更）必须通过才能 push
+
+---
+
+## 七、系统化调试（Systematic Debugging）
+
+> **铁律：没有根因调查，不能提出修复方案。**
+
+### 四阶段流程
+
+**阶段1：根因调查**（修复前必须完成）
+1. 仔细阅读错误信息（堆栈、行号、错误码）
+2. 稳定复现（能否可靠触发？步骤？每次？）
+3. 检查最近变更（git diff、新依赖、配置变更）
+4. 多组件系统：在每个组件边界加诊断日志，定位哪一层断裂
+5. 追踪数据流：坏值从哪里来？谁调用的？一直追溯到源头
+
+**阶段2：模式分析**
+- 找到同代码库中类似的正常工作代码
+- 逐项对比差异
+- 理解依赖关系
+
+**阶段3：假设与测试**
+- 形成单一假设："我认为X是根因，因为Y"
+- 做最小改动测试
+- 有效 → 阶段4；无效 → 新假设
+
+**阶段4：实施**
+- 创建失败测试用例
+- 修复根因（不是症状）
+- 验证修复
+
+---
+
+## 八、后端开发规范
+
+### 分层架构
+```
+Controller → AppService → Service → Mapper → Entity
+```
+
+### 命名规范
+| 类型 | 规则 | 示例 |
+|------|------|------|
+| Controller | `XxxController` | `RegistrationController` |
+| AppService | `IXxxAppService` / `XxxAppServiceImpl` | `IRegistrationAppService` |
+| Service | `IXxxService` / `XxxServiceImpl` | `IRegistrationService` |
+| Mapper | `XxxMapper` | `RegistrationMapper` |
+| Entity | `Xxx` | `Registration` |
+| DTO | `XxxDto` / `XxxQueryDto` | `RegistrationDto` |
+
+### 包结构
+```
+com.healthlink.his.web.{module}.controller
+com.healthlink.his.web.{module}.appservice
+com.healthlink.his.web.{module}.service
+com.healthlink.his.web.{module}.mapper
+com.healthlink.his.web.{module}.dto
+com.healthlink.his.domain.{module}
+com.healthlink.his.common.enums
+```
+
+### 关键约束
+- 所有查询使用 `LambdaQueryWrapper`，禁止字符串拼接 SQL
+- `@Transactional(rollbackFor = Exception.class)` 管理事务
+- 所有接口标注 `@PreAuthorize` 权限控制
+- 患者敏感信息在日志中脱敏
+- **扩展功能不修改原有函数签名**
+
+---
+
+## 九、前端开发规范
+
+### 技术栈
+- Vue 3 + Vite + Element Plus + Pinia + Axios（基于 RuoYi-Vue3）
+
+### 目录结构
+```
+src/api/{module}/        # API接口
+src/views/{module}/      # 页面组件
+src/store/modules/       # Pinia状态管理
+src/components/          # 公共组件
+```
+
+### 关键约束
+- API前缀：`/healthlink-his/api/v1/`
+- 路由懒加载：`() => import('@/views/xxx/index.vue')`
+- 页面使用 `<script setup>` 语法
+- 按钮权限使用 `v-hasPermi` 指令
+- `onMounted` 中注册的事件在 `onUnmounted` 中移除
+
+---
+
+## 十、Agent 体系
+
+### 角色与路由
+
+| 代号 | 名称 | 角色 | 路由关键词 |
+|------|------|------|-----------|
+| liubei | 刘备 | 项目经理 | 协调、分派、异常升级 |
+| zhugeliang | 诸葛亮 | 架构师 | 分析、路由、设计 |
+| guanyu | 关羽 | 后端开发 | java, api, spring, service, controller |
+| zhaoyun | 赵云 | 前端开发 | vue, 界面, 显示, 弹窗, 按钮 |
+| xunyu | 荀彧 | DBA | 数据库, sql, 迁移, mapper xml |
+| zhangfei | 张飞 | 测试 | 测试, QA, 回归 |
+| huatuo | 华佗 | 验收 | 需求验收、质量确认 |
+| chenlin | 陈琳 | 文档 | 文档、归档、Git提交 |
+
+### 协作流水线
+
+```
+刘备(协调) → 诸葛亮(分析路由) → {关羽|赵云}(修复) → 荀彧(DB审查) → 张飞(测试) → 华佗(验收) → 陈琳(归档)
+```
+
+### Bug 修复完整管线（BDT 方法论）
+
+```
+获取Bug → 设计测试用例 → 基线测试(应失败) → 全链路修复 → 回归测试(应通过) → 扩展测试(无回归) → 提交
+```
+
+### Bug 状态管理铁律
+- 人类提的 Bug：只加备注，不改状态，不改分配
+- 智能体提的 Bug：可以改分配和加备注
+- 已关闭/已解决的 Bug 不再处理
+
+---
+
+## 十一、审查与审计
+
+### 三层审查体系
+
+| 层级 | 内容 | 时机 |
+|------|------|------|
+| **L1 自审** | Agent 对照约束逐条检查 | 每次提交前 |
+| **L2 配对审查** | Agent 生成变更摘要，人类终审 | PR/提交时 |
+| **L3 合规审查** | 审计追踪，记录所有 AI 操作 | 持续 |
+
+### L1 自审清单
+```yaml
+self_review:
+  - "所有修改能通过编译？"
+  - "遵守命名规范？"
+  - "测试覆盖达标？"
+  - "没有遗漏的 TODO / DEBUG？"
+  - "变更范围没超出任务边界？"
+```
+
+### 评审评分维度
+| 维度 | 问题 |
+|------|------|
+| 正确性 | 行为是否符合目标功能？ |
+| 验证 | 检查是否真的跑过并留下证据？ |
+| 范围纪律 | 是否保持在选定功能范围内？ |
+| 可靠性 | 结果能否在重启后继续工作？ |
+| 可维护性 | 代码和文档是否清楚到可交接？ |
+
+---
+
+## 十二、标准工作循环
+
+```
+开始会话
+  ├→ 1. Init — 读 AGENTS.md + PROGRESS.md + git log
+  ├→ 2. Select — 只选一个未完成功能
+  ├→ 3. Implement — 一次只做一个，不扩大范围
+  ├→ 4. Verify — 运行验证命令，有证据才标记完成
+  └→ 5. Cleanup — 更新进度 + clean-state-checklist + git commit
+```
+
+### 会话结束前必须运行 Clean State Checklist
+```
+□ 标准启动路径仍然可用
+□ 标准验证路径仍然可运行
+□ 当前进度已记录到进度日志
+□ 无半成品步骤处于未记录状态
+□ 下一轮会话无需人工修复即可继续
+```
+
+---
+
+## 十三、开发流程
+
+```
+收到任务
+  ├→ ① 分析需求 → 读相关文档(MD/)、读全链路6环
+  ├→ ② 制定计划 → update_plan (3-6个阶段)
+  ├→ ③ 后端开发 → Controller → AppService → Service → Mapper → Entity → Flyway
+  ├→ ④ 后端测试 → mvn test → 接口测试(业务逻辑验证)
+  ├→ ⑤ 前端开发 → API接口 → 页面组件 → 路由配置
+  ├→ ⑥ 前端测试 → npm run build:dev → 功能验证
+  ├→ ⑦ 质量门禁 → L1编译 → L2测试 → L3DB审查 → L4验收 → L5归档
+  └→ ⑧ 提交代码 → git commit(规范格式) → git push → 文档更新
+```
+
+### Git Commit 格式
+```
+<type>(<scope>): <subject>
+
+type: feat|fix|docs|refactor|test|chore
+scope: 模块名(如 registration, billing, pharmacy)
+```
+
+---
+
+## 十四、快速参考命令
+
+```bash
+# === 后端 ===
+export JAVA_HOME=/opt/jdk-25
+mvn clean compile -DskipTests          # 编译
+mvn install -DskipTests                # 构建
+mvn test -pl healthlink-his-application -Dtest="XxxTest" -Dsurefire.failIfNoSpecifiedTests=false
+
+# === 前端 ===
+cd healthlink-his-ui
+npm run dev && npm run build:dev && npm run lint && npm run test:run
+
+# === Git ===
+git status && git add -A && git commit -m "feat(module): desc" && git push origin develop
+```
+
+---
+
+## 十五、详细规范文档索引
+
+| 文档 | 路径 | 用途 |
+|------|------|------|
+| 执行铁律 | `MD/specs/IRON_RULES.md` | 铁律完整版 |
+| 后端规范 | `MD/specs/BACKEND_DEVELOPMENT_STANDARD.md` | 后端编码标准 |
+| 前端规范 | `MD/specs/FRONTEND_DEVELOPMENT_STANDARD.md` | 前端编码标准 |
+| Harness方法论 | `MD/specs/HARNESS_ENGINEERING.md` | 完整Harness+Agent方法论 |
+| 文档规范 | `MD/DOCUMENTATION_STANDARD.md` | 文档管理标准 |
+| 后端清单 | `MD/specs/BACKEND_CHECKLIST.md` | 发布前检查 |
+| 前端清单 | `MD/specs/FRONTEND_CHECKLIST.md` | 发布前检查 |
+| 三甲标准 | `MD/standards/GRADE3A_HIS_STANDARD.md` | 三甲医院达标标准 |
+| Flyway指南 | `MD/guides/FLYWAY_USAGE_GUIDE.md` | 数据库迁移指南 |
+
+---
+
+## 十六、过往教训
+
+| 教训 | 内容 |
+|------|------|
+| 状态链路断裂 | Bug#574: 签到设 BOOKED(1) 而非 CHECKED_IN(3)，前端映射缺失 → 必须走完整状态链路 |
+| 盲删源文件 | AI 看到编译错误直接删文件，没检查 baseline → 必须先确认文件来源 |
+| 修复方向偏差 | 多次 fallback 改的是错误的 Service → 必须用 rg 搜索所有相关代码路径 |
+| bug_reports 缺列 | INSERT 静默失败 → 必须检查表结构 |
+| 禅道 comment API | API 不存在，用 resolve+activate workaround |
+| SQLite WAL 并发 | 多进程并发写需要 checkpoint |
+| UTF-8 切片 | 多字节字符不能用 byte index 切片 |
+| 上下文焦虑 | Agent 感觉上下文快满时会匆忙结束，跳过验证 → 注意 context 40% 阈值 |
+| 过早宣告胜利 | 自评≠验证，分开"干活"和"检查" |
+| 覆盖率幻觉 | 覆盖率达标但逻辑没测 → 引入变异测试 |
+
+---
+
+> ⚠️ 本文件是 AI 开发规范的唯一信源。各工具配置文件由 `bash scripts/sync-ai-rules.sh` 同步。
+
+---
+
+> 📅 最后同步: 2026-06-06 15:09 | 源文件: RULES.md | 重新同步: `bash scripts/sync-ai-rules.sh`

.config/zentao/.env

@@ -1,5 +0,0 @@
-ZENTAO_URL=https://zentao.gentronhealth.com/
-ZENTAO_ACCOUNT=guanyu
-ZENTAO_PASSWORD=Gentron@2025
-ZENTAO_TOKEN=49c270495806afdcf095c46959483326
-ZENTAO_REAL_ACCOUNT=guanyu

.cursorrules

@@ -0,0 +1,509 @@
+# HealthLink-HIS — AI 开发规范 (Cursor)
+
+> 🤖 Cursor IDE 打开本项目时自动加载此文件。
+
+---
+
+# HealthLink-HIS — AI 开发规范（自动加载）
+
+> 🤖 **本文件供所有 AI 编码工具自动读取**。进入本项目后必须遵守以下规范。
+> 
+> **模型决定上限，Harness 决定底线。**
+
+---
+
+## 一、项目概览
+
+| 属性 | 值 |
+|------|------|
+| 项目名 | HealthLink-HIS（医院信息系统） |
+| 后端路径 | `healthlink-his-server/` |
+| 前端路径 | `healthlink-his-ui/` |
+| 文档路径 | `MD/` |
+| JDK | 25 (OpenJDK) |
+| Spring Boot | 4.0.6 |
+| MyBatis-Plus | 3.5.16 |
+| Vue | 3.x + Vite + Element Plus |
+| 数据库 | PostgreSQL 15+ |
+| 包名 | `com.healthlink.his` |
+| 后端端口 | 18082 |
+| 前端端口 | 81 |
+
+---
+
+## 二、铁律（必须遵守，违反即失败）
+
+### 🔴 P0 铁律 — 不可违反
+
+**铁律1: 修改完必须测试**
+```
+后端: mvn clean compile -DskipTests → mvn install -DskipTests → mvn test
+前端: npm run build:dev → npm run lint
+```
+- 白盒：编译通过，无 ERROR
+- 黑盒：关键接口返回 `{code:200, data:...}`，验证业务逻辑
+- 冒烟：应用正常启动，核心流程通畅
+
+**铁律2: Flyway 数据库迁移**
+- 凡是新建表、新增字段，必须创建 Flyway 迁移脚本
+- 路径：`healthlink-his-domain/src/main/resources/db/migration/`
+- 命名：`V{版本号}__{描述}.sql`（双下划线）
+
+**铁律3: 测试通过后才提交**
+- 编译 + 测试全部通过后才能 git commit
+- 不提交未完成的功能、调试代码、临时文件
+
+**铁律4: 前后端API路径对齐**
+- 后端前缀：`/healthlink-his/api/v1/`
+- 前端 `request.js` 的 baseURL 必须与后端匹配
+
+**铁律5: 状态值一致性（Bug #574 教训）**
+- 修改任何状态值前，必须先列出完整的状态流转链路
+- 检查项：枚举定义 → Service 设置 → 查询映射 → 前端 STATUS_CLASS_MAP → 前端 v-if → 统计SQL
+- 禁止：只改一端不检查其他端
+
+**铁律6: 禁止删除源文件（Bug #574 教训）**
+- 绝对禁止删除项目中已有的 Java/Vue/SQL 源文件
+- 编译错误 → 修复错误；重复文件 → 重构合并
+- 唯一例外：明确由人类确认删除的文件
+
+**铁律7: 禁止修改已有公开方法签名**
+- 不能删除/重命名已有的 public 方法，不能修改参数列表
+- 需要新功能 → 添加重载方法；需要改行为 → 修改内部实现
+
+**铁律8: 验证后才宣称完成（Verification Before Completion）**
+- **没有跑过验证命令，就不能说"完成了""通过了""没问题"**
+- 禁止使用"应该可以""大概没问题""看起来正确"
+- 必须：运行命令 → 读取输出 → 确认结果 → 才能宣称
+- 这是诚实原则，不是效率问题
+
+
+**铁律9: 开发前必须审核原有代码（P0 — 铁律）**
+- **任何新功能开发前，必须先搜索项目中是否已有相关代码**
+- 搜索路径：Controller / AppService / Service / Mapper / Entity / 前端页面 / API接口
+- 如果已有部分功能 → 在原有代码基础上**升级优化完善**，禁止另起炉灶
+- 如果已有接口但前端缺失 → 只补前端，不重复建后端
+- 如果已有前端但后端缺失 → 只补后端，不重写前端
+- 搜索命令：`rg -l "关键词" healthlink-his-server/ healthlink-his-ui/src/`
+- 禁止：不看代码就新建模块、重复实现已有功能、废弃原有代码另写一套
+
+
+**铁律12: 设计文档确认后自主开发（铁律）**
+- 设计文档（如 `MD/architecture/GRADE3A_GAP_ANALYSIS_AND_DESIGN.md`）一旦确认，后续开发**必须按文档自主执行**
+- **禁止反复询问"是否继续""下一步做什么""是否开始"**——直接按计划推进
+- 每完成一个 Sprint，自动提交推送，然后立即开始下一个 Sprint
+- 只在遇到**无法解决的阻塞**（如技术选型冲突、需求不明确、第三方依赖不可用）时才暂停询问
+- 设计文档是"**已签合同**"，不是"参考意见"。铁律执行优先级：设计文档 > 人类临时指令 > AI 自行判断
+
+**铁律18: 禁止破坏原有功能（P0绝对铁律）**
+- **完善增加功能和流程时，绝对不能破坏或者让原有功能不能用**
+- 修改已有实体前必须对比原始文件（`git show HEAD~N:./file.java`），保留所有原有字段和方法
+- 新增字段只能追加，不能删除或重命名已有字段
+- SQL迁移只允许 `ALTER TABLE ADD COLUMN`，不允许 `DROP COLUMN` 或 `RENAME COLUMN`
+- Controller新端点不能修改已有端点的路径或参数
+- 前端新页面不能修改已有页面的组件结构
+- 每次修改后必须 `mvn clean compile -DskipTests` 验证
+- **违规判定**: 因修改导致原有代码编译失败或运行报错，视为违反铁律18，必须立即回滚修复
+
+
+### 🟡 P1 铁律 — 强烈建议
+
+**铁律9: 先分解再行动**
+- 修改超过3个文件、涉及多模块、数据库变更，必须先制定计划
+
+**铁律10: 验证后信**
+- 每次修改后必须验证编译通过，不信记忆
+
+**铁律13: 文档统一管理**
+- 所有文档存储在 `MD/` 目录
+- 文件名：大写英文+下划线（如 `BACKEND_CHECKLIST.md`）
+- 文档头部必须包含元数据块（文档类型、版本、日期）
+
+---
+
+
+**铁律14: 设计文档必须包含UI设计和调用流程**
+- 所有新模块/页面的设计文档必须包含：UI布局描述、交互效果清单、前后端调用流程
+- 没有明确UI设计的模块，禁止直接编码
+- 详见 
+- 设计文档必须写清楚：系统调用关系、方法函数调用关系、完整业务流程
+- 设计文档中每个用户操作必须对应：前端事件 → API调用 → 后端处理链路 → 返回数据 → UI渲染
+
+---
+
+## 三、Karpathy 编码准则
+
+> 减少 LLM 常见编码错误。偏向谨慎而非速度。
+
+### 3.1 先想再写
+- 明确陈述假设，不确定就问
+- 多种解读时都列出来，不要默默选一种
+- 有更简单的方案就说出来，该推回就推回
+- 不清楚的地方停下来，说清楚哪里不清楚
+
+### 3.2 简洁优先
+- 不做没要求的功能，不做一次性代码的抽象
+- 不加没要求的"灵活性"和"可配置性"
+- 200 行能 50 行搞定就重写
+- 自问："高级工程师会不会觉得这过度设计？"
+
+### 3.3 精准修改
+- 只改必须改的，不"顺手改进"相邻代码
+- 匹配现有代码风格，即使你有不同的偏好
+- 每行改动都能追溯到用户的请求
+- 只清理你自己改动产生的无用代码
+
+### 3.4 目标驱动
+- 把任务转化为可验证目标
+- 多步任务声明计划：`[步骤] → 验证: [检查]`
+- 强验收标准让 Agent 能独立循环，弱标准需要持续澄清
+
+---
+
+## 四、全链路 6 环分析
+
+> ⚠️ **涉及数据库字段的 Bug / 需求，必须走完整链路。**
+
+```
+前端/页面 → Controller → Service → Mapper → DB/SQL → 关联模块
+ ①录入      ②验证      ③业务     ④持久化    ⑤存储     ⑥联动
+```
+
+| 环 | 检查内容 |
+|----|---------|
+| ① 录入 | 前端有无输入入口（弹窗、表格行编辑、表单） |
+| ② 验证 | Controller 参数校验、@Valid、权限控制 |
+| ③ 业务 | Service 业务逻辑、事务边界、多个 Service 实现类入口 |
+| ④ 持久化 | Mapper XML、DTO 字段映射、类型转换 |
+| ⑤ 存储 | 数据库表结构、索引、NOT NULL 约束 |
+| ⑥ 联动 | 上游（医嘱→护士站）、下游（打印、计费、报表）是否同步 |
+
+**修复后的验证顺序**：
+1. 数据库：确认状态值已正确写入
+2. 后端接口：确认返回的状态映射正确
+3. 前端显示：确认页面显示正确状态文本
+4. 前端交互：确认按钮/操作基于正确状态启用/禁用
+5. 统计数据：确认池/报表统计包含新状态
+
+---
+
+## 五、Harness Engineering 方法论
+
+> Harness = 约束 + 反馈 + 控制平面 + 持久执行
+
+### 5.1 四层约束金字塔
+
+| 层级 | 内容 | 落地方式 |
+|------|------|---------|
+| **L1 架构约束** | 接口合约、包结构、命名规范、禁止模式 | 本文件铁律 |
+| **L2 代码质量** | 圈复杂度、代码风格、类型提示 | 编译门禁 + ESLint |
+| **L3 安全约束** | 敏感信息检测、权限检查、输入验证 | 配置不可硬编码 |
+| **L4 业务规则** | 领域逻辑、数据一致性、事务边界 | 全链路 6 环验证 |
+
+**约束设计原则**：
+- **可验证**：每条约束必须能被自动化检查（"覆盖率>90%"✅ "质量要高"❌）
+- **无歧义**："每函数不超过50行"✅ "函数不要太长"❌
+- **优先级**：安全(1) > 架构(2) > 业务(3) > 质量(4) > 性能(5)
+- **渐进增强**：L1编译通过 → L2+命名规范 → L3+测试覆盖 → L4+安全扫描
+
+### 5.2 三层反馈系统
+
+| 层级 | 速度 | 覆盖范围 | 失败处理 |
+|------|------|---------|---------|
+| **L1 编译检查** | <30秒 | 语法、类型、签名 | 立即阻断，自行修复 |
+| **L2 数据流验证** | <5分钟 | 全链路字段、Mapper XML、DTO | 修复后上报 |
+| **L3 人工审查** | 10-30分钟 | 架构、设计、业务正确性 | 驳回/指导/批准 |
+
+**反馈铁律**：
+- 反馈必须可行动（文件 + 行号 + 错误类型 + 修复方向）
+- 失败后先回滚到最近检查点，再重试
+- 持续失败3次 → 上报人类
+
+### 5.3 控制平面
+
+```
+战略层（人类） → 设定目标、审批决策、异常升级
+战术层（Agent） → 任务分解、update_plan、依赖协调、检查点保存
+执行层（Agent） → 代码生成、测试执行、错误恢复、幂等重试
+```
+
+### 5.4 持久执行
+
+- 每个关键步骤保存检查点（`update_plan` 进度）
+- 失败后从最新检查点恢复，不从头开始
+- 幂等设计：同一操作重复执行结果一致
+- **三层状态管理**：系统层(工作流ID/超时/重试) → 执行层(当前活动/进度) → 业务层(已完成工作/中间产物)
+
+---
+
+## 六、五层质量门禁
+
+| 门禁 | 时间 | 范围 | 失败处理 |
+|------|------|------|---------|
+| **L1 编译检查** | <30秒 | 语法、类型、导入 | Agent 自行修复 |
+| **L2 静态分析** | <2分钟 | 代码风格、复杂度、安全 | Agent 修复 |
+| **L3 单元测试** | <5分钟 | 功能正确性、边界条件 | 自动修复或上报 |
+| **L4 集成测试** | <15分钟 | 模块间交互、数据流 | 上报人工 |
+| **L5 生产验证** | 持续 | 监控、告警、性能 | 自动回滚 |
+
+**提交铁律**：L1-L2 必须通过才能 commit，L3（如有DB变更）必须通过才能 push
+
+---
+
+## 七、系统化调试（Systematic Debugging）
+
+> **铁律：没有根因调查，不能提出修复方案。**
+
+### 四阶段流程
+
+**阶段1：根因调查**（修复前必须完成）
+1. 仔细阅读错误信息（堆栈、行号、错误码）
+2. 稳定复现（能否可靠触发？步骤？每次？）
+3. 检查最近变更（git diff、新依赖、配置变更）
+4. 多组件系统：在每个组件边界加诊断日志，定位哪一层断裂
+5. 追踪数据流：坏值从哪里来？谁调用的？一直追溯到源头
+
+**阶段2：模式分析**
+- 找到同代码库中类似的正常工作代码
+- 逐项对比差异
+- 理解依赖关系
+
+**阶段3：假设与测试**
+- 形成单一假设："我认为X是根因，因为Y"
+- 做最小改动测试
+- 有效 → 阶段4；无效 → 新假设
+
+**阶段4：实施**
+- 创建失败测试用例
+- 修复根因（不是症状）
+- 验证修复
+
+---
+
+## 八、后端开发规范
+
+### 分层架构
+```
+Controller → AppService → Service → Mapper → Entity
+```
+
+### 命名规范
+| 类型 | 规则 | 示例 |
+|------|------|------|
+| Controller | `XxxController` | `RegistrationController` |
+| AppService | `IXxxAppService` / `XxxAppServiceImpl` | `IRegistrationAppService` |
+| Service | `IXxxService` / `XxxServiceImpl` | `IRegistrationService` |
+| Mapper | `XxxMapper` | `RegistrationMapper` |
+| Entity | `Xxx` | `Registration` |
+| DTO | `XxxDto` / `XxxQueryDto` | `RegistrationDto` |
+
+### 包结构
+```
+com.healthlink.his.web.{module}.controller
+com.healthlink.his.web.{module}.appservice
+com.healthlink.his.web.{module}.service
+com.healthlink.his.web.{module}.mapper
+com.healthlink.his.web.{module}.dto
+com.healthlink.his.domain.{module}
+com.healthlink.his.common.enums
+```
+
+### 关键约束
+- 所有查询使用 `LambdaQueryWrapper`，禁止字符串拼接 SQL
+- `@Transactional(rollbackFor = Exception.class)` 管理事务
+- 所有接口标注 `@PreAuthorize` 权限控制
+- 患者敏感信息在日志中脱敏
+- **扩展功能不修改原有函数签名**
+
+---
+
+## 九、前端开发规范
+
+### 技术栈
+- Vue 3 + Vite + Element Plus + Pinia + Axios（基于 RuoYi-Vue3）
+
+### 目录结构
+```
+src/api/{module}/        # API接口
+src/views/{module}/      # 页面组件
+src/store/modules/       # Pinia状态管理
+src/components/          # 公共组件
+```
+
+### 关键约束
+- API前缀：`/healthlink-his/api/v1/`
+- 路由懒加载：`() => import('@/views/xxx/index.vue')`
+- 页面使用 `<script setup>` 语法
+- 按钮权限使用 `v-hasPermi` 指令
+- `onMounted` 中注册的事件在 `onUnmounted` 中移除
+
+---
+
+## 十、Agent 体系
+
+### 角色与路由
+
+| 代号 | 名称 | 角色 | 路由关键词 |
+|------|------|------|-----------|
+| liubei | 刘备 | 项目经理 | 协调、分派、异常升级 |
+| zhugeliang | 诸葛亮 | 架构师 | 分析、路由、设计 |
+| guanyu | 关羽 | 后端开发 | java, api, spring, service, controller |
+| zhaoyun | 赵云 | 前端开发 | vue, 界面, 显示, 弹窗, 按钮 |
+| xunyu | 荀彧 | DBA | 数据库, sql, 迁移, mapper xml |
+| zhangfei | 张飞 | 测试 | 测试, QA, 回归 |
+| huatuo | 华佗 | 验收 | 需求验收、质量确认 |
+| chenlin | 陈琳 | 文档 | 文档、归档、Git提交 |
+
+### 协作流水线
+
+```
+刘备(协调) → 诸葛亮(分析路由) → {关羽|赵云}(修复) → 荀彧(DB审查) → 张飞(测试) → 华佗(验收) → 陈琳(归档)
+```
+
+### Bug 修复完整管线（BDT 方法论）
+
+```
+获取Bug → 设计测试用例 → 基线测试(应失败) → 全链路修复 → 回归测试(应通过) → 扩展测试(无回归) → 提交
+```
+
+### Bug 状态管理铁律
+- 人类提的 Bug：只加备注，不改状态，不改分配
+- 智能体提的 Bug：可以改分配和加备注
+- 已关闭/已解决的 Bug 不再处理
+
+---
+
+## 十一、审查与审计
+
+### 三层审查体系
+
+| 层级 | 内容 | 时机 |
+|------|------|------|
+| **L1 自审** | Agent 对照约束逐条检查 | 每次提交前 |
+| **L2 配对审查** | Agent 生成变更摘要，人类终审 | PR/提交时 |
+| **L3 合规审查** | 审计追踪，记录所有 AI 操作 | 持续 |
+
+### L1 自审清单
+```yaml
+self_review:
+  - "所有修改能通过编译？"
+  - "遵守命名规范？"
+  - "测试覆盖达标？"
+  - "没有遗漏的 TODO / DEBUG？"
+  - "变更范围没超出任务边界？"
+```
+
+### 评审评分维度
+| 维度 | 问题 |
+|------|------|
+| 正确性 | 行为是否符合目标功能？ |
+| 验证 | 检查是否真的跑过并留下证据？ |
+| 范围纪律 | 是否保持在选定功能范围内？ |
+| 可靠性 | 结果能否在重启后继续工作？ |
+| 可维护性 | 代码和文档是否清楚到可交接？ |
+
+---
+
+## 十二、标准工作循环
+
+```
+开始会话
+  ├→ 1. Init — 读 AGENTS.md + PROGRESS.md + git log
+  ├→ 2. Select — 只选一个未完成功能
+  ├→ 3. Implement — 一次只做一个，不扩大范围
+  ├→ 4. Verify — 运行验证命令，有证据才标记完成
+  └→ 5. Cleanup — 更新进度 + clean-state-checklist + git commit
+```
+
+### 会话结束前必须运行 Clean State Checklist
+```
+□ 标准启动路径仍然可用
+□ 标准验证路径仍然可运行
+□ 当前进度已记录到进度日志
+□ 无半成品步骤处于未记录状态
+□ 下一轮会话无需人工修复即可继续
+```
+
+---
+
+## 十三、开发流程
+
+```
+收到任务
+  ├→ ① 分析需求 → 读相关文档(MD/)、读全链路6环
+  ├→ ② 制定计划 → update_plan (3-6个阶段)
+  ├→ ③ 后端开发 → Controller → AppService → Service → Mapper → Entity → Flyway
+  ├→ ④ 后端测试 → mvn test → 接口测试(业务逻辑验证)
+  ├→ ⑤ 前端开发 → API接口 → 页面组件 → 路由配置
+  ├→ ⑥ 前端测试 → npm run build:dev → 功能验证
+  ├→ ⑦ 质量门禁 → L1编译 → L2测试 → L3DB审查 → L4验收 → L5归档
+  └→ ⑧ 提交代码 → git commit(规范格式) → git push → 文档更新
+```
+
+### Git Commit 格式
+```
+<type>(<scope>): <subject>
+
+type: feat|fix|docs|refactor|test|chore
+scope: 模块名(如 registration, billing, pharmacy)
+```
+
+---
+
+## 十四、快速参考命令
+
+```bash
+# === 后端 ===
+export JAVA_HOME=/opt/jdk-25
+mvn clean compile -DskipTests          # 编译
+mvn install -DskipTests                # 构建
+mvn test -pl healthlink-his-application -Dtest="XxxTest" -Dsurefire.failIfNoSpecifiedTests=false
+
+# === 前端 ===
+cd healthlink-his-ui
+npm run dev && npm run build:dev && npm run lint && npm run test:run
+
+# === Git ===
+git status && git add -A && git commit -m "feat(module): desc" && git push origin develop
+```
+
+---
+
+## 十五、详细规范文档索引
+
+| 文档 | 路径 | 用途 |
+|------|------|------|
+| 执行铁律 | `MD/specs/IRON_RULES.md` | 铁律完整版 |
+| 后端规范 | `MD/specs/BACKEND_DEVELOPMENT_STANDARD.md` | 后端编码标准 |
+| 前端规范 | `MD/specs/FRONTEND_DEVELOPMENT_STANDARD.md` | 前端编码标准 |
+| Harness方法论 | `MD/specs/HARNESS_ENGINEERING.md` | 完整Harness+Agent方法论 |
+| 文档规范 | `MD/DOCUMENTATION_STANDARD.md` | 文档管理标准 |
+| 后端清单 | `MD/specs/BACKEND_CHECKLIST.md` | 发布前检查 |
+| 前端清单 | `MD/specs/FRONTEND_CHECKLIST.md` | 发布前检查 |
+| 三甲标准 | `MD/standards/GRADE3A_HIS_STANDARD.md` | 三甲医院达标标准 |
+| Flyway指南 | `MD/guides/FLYWAY_USAGE_GUIDE.md` | 数据库迁移指南 |
+
+---
+
+## 十六、过往教训
+
+| 教训 | 内容 |
+|------|------|
+| 状态链路断裂 | Bug#574: 签到设 BOOKED(1) 而非 CHECKED_IN(3)，前端映射缺失 → 必须走完整状态链路 |
+| 盲删源文件 | AI 看到编译错误直接删文件，没检查 baseline → 必须先确认文件来源 |
+| 修复方向偏差 | 多次 fallback 改的是错误的 Service → 必须用 rg 搜索所有相关代码路径 |
+| bug_reports 缺列 | INSERT 静默失败 → 必须检查表结构 |
+| 禅道 comment API | API 不存在，用 resolve+activate workaround |
+| SQLite WAL 并发 | 多进程并发写需要 checkpoint |
+| UTF-8 切片 | 多字节字符不能用 byte index 切片 |
+| 上下文焦虑 | Agent 感觉上下文快满时会匆忙结束，跳过验证 → 注意 context 40% 阈值 |
+| 过早宣告胜利 | 自评≠验证，分开"干活"和"检查" |
+| 覆盖率幻觉 | 覆盖率达标但逻辑没测 → 引入变异测试 |
+
+---
+
+> ⚠️ 本文件是 AI 开发规范的唯一信源。各工具配置文件由 `bash scripts/sync-ai-rules.sh` 同步。
+
+---
+
+> 📅 最后同步: 2026-06-06 15:09 | 源文件: RULES.md | 重新同步: `bash scripts/sync-ai-rules.sh`

.deveco/plans/1781675107620-cosmic-eagle.md

@@ -0,0 +1,47 @@
+---
+title: Fix vue/no-dupe-keys ESLint errors
+status: in-progress
+files_total: 26
+errors_total: 65
+---
+
+# Fix vue/no-dupe-keys ESLint Errors
+
+## Strategy by category
+
+### Category A: Dialog components (props used by parent, refs are shadow copies)
+- Delete the ref declarations that duplicate prop keys
+- Delete the `xxx.value = props.xxx` assignment lines in show()/edit()
+- Template will resolve to props keys automatically
+
+Files:
+1. deviceDialog.vue: title, deviceCategories, statusFlagOptions, supplierListOptions
+2. diagnosisTreatmentDialog.vue: title, diagnosisCategoryOptions, statusFlagOptions, exeOrganizations, typeEnumOptions
+3. medicineDialog.vue: supplierListOptions, statusRestrictedOptions, partAttributeEnumOptions, tempOrderSplitPropertyOptions
+4. observationDialog.vue: title, observationTypeEnum, statusFlagOptions, instrumentIdOption
+5. instrumentDialog.vue: title, instrumentTypeEnum, statusFlagOptions
+6. specimenDialog.vue: title, specimenTypeEnum, statusFlagOptions
+
+### Category B: Page components (refs are mutated locally, props are dead code)
+- Remove the prop entries from defineProps (they're never passed by parent)
+- Keep the ref declarations
+
+Files:
+7. returningInventory/index.vue: purposeTypeListOptions, sourceTypeListOptions, categoryListOptions
+8. lossReporting/index.vue: purposeTypeListOptions, sourceTypeListOptions, categoryListOptions
+9. inventoryReceiptDialog.vue: itemTypeOptions, practitionerListOptions, supplierListOptions
+10. chkstockBatch/index.vue: purposeTypeListOptions, categoryListOptions
+
+### Category C: Components where refs are locally mutated AND used via props
+- Both the prop and ref are actively used
+- Rename the ref to localXxx and update all references
+
+Files:
+11. Crontab/index.vue: hideComponent → localHideComponent, expression → localExpression
+12. AdmissionDiagnosis.vue: tableData → localTableData, multiple → localMultiple
+13. DischargeDiagnosis.vue: tableData → localTableData, multiple → localMultiple
+14. prescription.vue: prescriptionNo → localPrescriptionNo, typeDetail → localTypeDetail
+15. details.vue: prescriptionNo → localPrescriptionNo, typeDetail → localTypeDetail
+
+### Category D: Extra files not in original list (found in ESLint output)
+Files 16-26 also need fixes - will assess each.

.github/copilot-instructions.md

@@ -0,0 +1,499 @@
+# HealthLink-HIS — AI 开发规范 (GitHub Copilot)
+
+> 🤖 GitHub Copilot 打开本项目时自动加载此文件。
+
+---
+
+# HealthLink-HIS — AI 开发规范（自动加载）
+
+> 🤖 **本文件供所有 AI 编码工具自动读取**。进入本项目后必须遵守以下规范。
+> 
+> **模型决定上限，Harness 决定底线。**
+
+---
+
+## 一、项目概览
+
+| 属性 | 值 |
+|------|------|
+| 项目名 | HealthLink-HIS（医院信息系统） |
+| 后端路径 | `healthlink-his-server/` |
+| 前端路径 | `healthlink-his-ui/` |
+| 文档路径 | `MD/` |
+| JDK | 25 (OpenJDK) |
+| Spring Boot | 4.0.6 |
+| MyBatis-Plus | 3.5.16 |
+| Vue | 3.x + Vite + Element Plus |
+| 数据库 | PostgreSQL 15+ |
+| 包名 | `com.healthlink.his` |
+| 后端端口 | 18082 |
+| 前端端口 | 81 |
+
+---
+
+## 二、铁律（必须遵守，违反即失败）
+
+### 🔴 P0 铁律 — 不可违反
+
+**铁律1: 修改完必须测试**
+```
+后端: mvn clean compile -DskipTests → mvn install -DskipTests → mvn test
+前端: npm run build:dev → npm run lint
+```
+- 白盒：编译通过，无 ERROR
+- 黑盒：关键接口返回 `{code:200, data:...}`，验证业务逻辑
+- 冒烟：应用正常启动，核心流程通畅
+
+**铁律2: Flyway 数据库迁移**
+- 凡是新建表、新增字段，必须创建 Flyway 迁移脚本
+- 路径：`healthlink-his-domain/src/main/resources/db/migration/`
+- 命名：`V{版本号}__{描述}.sql`（双下划线）
+
+**铁律3: 测试通过后才提交**
+- 编译 + 测试全部通过后才能 git commit
+- 不提交未完成的功能、调试代码、临时文件
+
+**铁律4: 前后端API路径对齐**
+- 后端前缀：`/healthlink-his/api/v1/`
+- 前端 `request.js` 的 baseURL 必须与后端匹配
+
+**铁律5: 状态值一致性（Bug #574 教训）**
+- 修改任何状态值前，必须先列出完整的状态流转链路
+- 检查项：枚举定义 → Service 设置 → 查询映射 → 前端 STATUS_CLASS_MAP → 前端 v-if → 统计SQL
+- 禁止：只改一端不检查其他端
+
+**铁律6: 禁止删除源文件（Bug #574 教训）**
+- 绝对禁止删除项目中已有的 Java/Vue/SQL 源文件
+- 编译错误 → 修复错误；重复文件 → 重构合并
+- 唯一例外：明确由人类确认删除的文件
+
+**铁律7: 禁止修改已有公开方法签名**
+- 不能删除/重命名已有的 public 方法，不能修改参数列表
+- 需要新功能 → 添加重载方法；需要改行为 → 修改内部实现
+
+**铁律8: 验证后才宣称完成（Verification Before Completion）**
+- **没有跑过验证命令，就不能说"完成了""通过了""没问题"**
+- 禁止使用"应该可以""大概没问题""看起来正确"
+- 必须：运行命令 → 读取输出 → 确认结果 → 才能宣称
+- 这是诚实原则，不是效率问题
+
+
+**铁律9: 开发前必须审核原有代码（P0 — 铁律）**
+- **任何新功能开发前，必须先搜索项目中是否已有相关代码**
+- 搜索路径：Controller / AppService / Service / Mapper / Entity / 前端页面 / API接口
+- 如果已有部分功能 → 在原有代码基础上**升级优化完善**，禁止另起炉灶
+- 如果已有接口但前端缺失 → 只补前端，不重复建后端
+- 如果已有前端但后端缺失 → 只补后端，不重写前端
+- 搜索命令：`rg -l "关键词" healthlink-his-server/ healthlink-his-ui/src/`
+- 禁止：不看代码就新建模块、重复实现已有功能、废弃原有代码另写一套
+
+
+**铁律12: 设计文档确认后自主开发（铁律）**
+- 设计文档（如 `MD/architecture/GRADE3A_GAP_ANALYSIS_AND_DESIGN.md`）一旦确认，后续开发**必须按文档自主执行**
+- **禁止反复询问"是否继续""下一步做什么""是否开始"**——直接按计划推进
+- 每完成一个 Sprint，自动提交推送，然后立即开始下一个 Sprint
+- 只在遇到**无法解决的阻塞**（如技术选型冲突、需求不明确、第三方依赖不可用）时才暂停询问
+- 设计文档是"**已签合同**"，不是"参考意见"。铁律执行优先级：设计文档 > 人类临时指令 > AI 自行判断
+
+
+### 🟡 P1 铁律 — 强烈建议
+
+**铁律9: 先分解再行动**
+- 修改超过3个文件、涉及多模块、数据库变更，必须先制定计划
+
+**铁律10: 验证后信**
+- 每次修改后必须验证编译通过，不信记忆
+
+**铁律13: 文档统一管理**
+- 所有文档存储在 `MD/` 目录
+- 文件名：大写英文+下划线（如 `BACKEND_CHECKLIST.md`）
+- 文档头部必须包含元数据块（文档类型、版本、日期）
+
+---
+
+
+**铁律14: 设计文档必须包含UI设计和调用流程**
+- 所有新模块/页面的设计文档必须包含：UI布局描述、交互效果清单、前后端调用流程
+- 没有明确UI设计的模块，禁止直接编码
+- 详见 
+- 设计文档必须写清楚：系统调用关系、方法函数调用关系、完整业务流程
+- 设计文档中每个用户操作必须对应：前端事件 → API调用 → 后端处理链路 → 返回数据 → UI渲染
+
+---
+
+## 三、Karpathy 编码准则
+
+> 减少 LLM 常见编码错误。偏向谨慎而非速度。
+
+### 3.1 先想再写
+- 明确陈述假设，不确定就问
+- 多种解读时都列出来，不要默默选一种
+- 有更简单的方案就说出来，该推回就推回
+- 不清楚的地方停下来，说清楚哪里不清楚
+
+### 3.2 简洁优先
+- 不做没要求的功能，不做一次性代码的抽象
+- 不加没要求的"灵活性"和"可配置性"
+- 200 行能 50 行搞定就重写
+- 自问："高级工程师会不会觉得这过度设计？"
+
+### 3.3 精准修改
+- 只改必须改的，不"顺手改进"相邻代码
+- 匹配现有代码风格，即使你有不同的偏好
+- 每行改动都能追溯到用户的请求
+- 只清理你自己改动产生的无用代码
+
+### 3.4 目标驱动
+- 把任务转化为可验证目标
+- 多步任务声明计划：`[步骤] → 验证: [检查]`
+- 强验收标准让 Agent 能独立循环，弱标准需要持续澄清
+
+---
+
+## 四、全链路 6 环分析
+
+> ⚠️ **涉及数据库字段的 Bug / 需求，必须走完整链路。**
+
+```
+前端/页面 → Controller → Service → Mapper → DB/SQL → 关联模块
+ ①录入      ②验证      ③业务     ④持久化    ⑤存储     ⑥联动
+```
+
+| 环 | 检查内容 |
+|----|---------|
+| ① 录入 | 前端有无输入入口（弹窗、表格行编辑、表单） |
+| ② 验证 | Controller 参数校验、@Valid、权限控制 |
+| ③ 业务 | Service 业务逻辑、事务边界、多个 Service 实现类入口 |
+| ④ 持久化 | Mapper XML、DTO 字段映射、类型转换 |
+| ⑤ 存储 | 数据库表结构、索引、NOT NULL 约束 |
+| ⑥ 联动 | 上游（医嘱→护士站）、下游（打印、计费、报表）是否同步 |
+
+**修复后的验证顺序**：
+1. 数据库：确认状态值已正确写入
+2. 后端接口：确认返回的状态映射正确
+3. 前端显示：确认页面显示正确状态文本
+4. 前端交互：确认按钮/操作基于正确状态启用/禁用
+5. 统计数据：确认池/报表统计包含新状态
+
+---
+
+## 五、Harness Engineering 方法论
+
+> Harness = 约束 + 反馈 + 控制平面 + 持久执行
+
+### 5.1 四层约束金字塔
+
+| 层级 | 内容 | 落地方式 |
+|------|------|---------|
+| **L1 架构约束** | 接口合约、包结构、命名规范、禁止模式 | 本文件铁律 |
+| **L2 代码质量** | 圈复杂度、代码风格、类型提示 | 编译门禁 + ESLint |
+| **L3 安全约束** | 敏感信息检测、权限检查、输入验证 | 配置不可硬编码 |
+| **L4 业务规则** | 领域逻辑、数据一致性、事务边界 | 全链路 6 环验证 |
+
+**约束设计原则**：
+- **可验证**：每条约束必须能被自动化检查（"覆盖率>90%"✅ "质量要高"❌）
+- **无歧义**："每函数不超过50行"✅ "函数不要太长"❌
+- **优先级**：安全(1) > 架构(2) > 业务(3) > 质量(4) > 性能(5)
+- **渐进增强**：L1编译通过 → L2+命名规范 → L3+测试覆盖 → L4+安全扫描
+
+### 5.2 三层反馈系统
+
+| 层级 | 速度 | 覆盖范围 | 失败处理 |
+|------|------|---------|---------|
+| **L1 编译检查** | <30秒 | 语法、类型、签名 | 立即阻断，自行修复 |
+| **L2 数据流验证** | <5分钟 | 全链路字段、Mapper XML、DTO | 修复后上报 |
+| **L3 人工审查** | 10-30分钟 | 架构、设计、业务正确性 | 驳回/指导/批准 |
+
+**反馈铁律**：
+- 反馈必须可行动（文件 + 行号 + 错误类型 + 修复方向）
+- 失败后先回滚到最近检查点，再重试
+- 持续失败3次 → 上报人类
+
+### 5.3 控制平面
+
+```
+战略层（人类） → 设定目标、审批决策、异常升级
+战术层（Agent） → 任务分解、update_plan、依赖协调、检查点保存
+执行层（Agent） → 代码生成、测试执行、错误恢复、幂等重试
+```
+
+### 5.4 持久执行
+
+- 每个关键步骤保存检查点（`update_plan` 进度）
+- 失败后从最新检查点恢复，不从头开始
+- 幂等设计：同一操作重复执行结果一致
+- **三层状态管理**：系统层(工作流ID/超时/重试) → 执行层(当前活动/进度) → 业务层(已完成工作/中间产物)
+
+---
+
+## 六、五层质量门禁
+
+| 门禁 | 时间 | 范围 | 失败处理 |
+|------|------|------|---------|
+| **L1 编译检查** | <30秒 | 语法、类型、导入 | Agent 自行修复 |
+| **L2 静态分析** | <2分钟 | 代码风格、复杂度、安全 | Agent 修复 |
+| **L3 单元测试** | <5分钟 | 功能正确性、边界条件 | 自动修复或上报 |
+| **L4 集成测试** | <15分钟 | 模块间交互、数据流 | 上报人工 |
+| **L5 生产验证** | 持续 | 监控、告警、性能 | 自动回滚 |
+
+**提交铁律**：L1-L2 必须通过才能 commit，L3（如有DB变更）必须通过才能 push
+
+---
+
+## 七、系统化调试（Systematic Debugging）
+
+> **铁律：没有根因调查，不能提出修复方案。**
+
+### 四阶段流程
+
+**阶段1：根因调查**（修复前必须完成）
+1. 仔细阅读错误信息（堆栈、行号、错误码）
+2. 稳定复现（能否可靠触发？步骤？每次？）
+3. 检查最近变更（git diff、新依赖、配置变更）
+4. 多组件系统：在每个组件边界加诊断日志，定位哪一层断裂
+5. 追踪数据流：坏值从哪里来？谁调用的？一直追溯到源头
+
+**阶段2：模式分析**
+- 找到同代码库中类似的正常工作代码
+- 逐项对比差异
+- 理解依赖关系
+
+**阶段3：假设与测试**
+- 形成单一假设："我认为X是根因，因为Y"
+- 做最小改动测试
+- 有效 → 阶段4；无效 → 新假设
+
+**阶段4：实施**
+- 创建失败测试用例
+- 修复根因（不是症状）
+- 验证修复
+
+---
+
+## 八、后端开发规范
+
+### 分层架构
+```
+Controller → AppService → Service → Mapper → Entity
+```
+
+### 命名规范
+| 类型 | 规则 | 示例 |
+|------|------|------|
+| Controller | `XxxController` | `RegistrationController` |
+| AppService | `IXxxAppService` / `XxxAppServiceImpl` | `IRegistrationAppService` |
+| Service | `IXxxService` / `XxxServiceImpl` | `IRegistrationService` |
+| Mapper | `XxxMapper` | `RegistrationMapper` |
+| Entity | `Xxx` | `Registration` |
+| DTO | `XxxDto` / `XxxQueryDto` | `RegistrationDto` |
+
+### 包结构
+```
+com.healthlink.his.web.{module}.controller
+com.healthlink.his.web.{module}.appservice
+com.healthlink.his.web.{module}.service
+com.healthlink.his.web.{module}.mapper
+com.healthlink.his.web.{module}.dto
+com.healthlink.his.domain.{module}
+com.healthlink.his.common.enums
+```
+
+### 关键约束
+- 所有查询使用 `LambdaQueryWrapper`，禁止字符串拼接 SQL
+- `@Transactional(rollbackFor = Exception.class)` 管理事务
+- 所有接口标注 `@PreAuthorize` 权限控制
+- 患者敏感信息在日志中脱敏
+- **扩展功能不修改原有函数签名**
+
+---
+
+## 九、前端开发规范
+
+### 技术栈
+- Vue 3 + Vite + Element Plus + Pinia + Axios（基于 RuoYi-Vue3）
+
+### 目录结构
+```
+src/api/{module}/        # API接口
+src/views/{module}/      # 页面组件
+src/store/modules/       # Pinia状态管理
+src/components/          # 公共组件
+```
+
+### 关键约束
+- API前缀：`/healthlink-his/api/v1/`
+- 路由懒加载：`() => import('@/views/xxx/index.vue')`
+- 页面使用 `<script setup>` 语法
+- 按钮权限使用 `v-hasPermi` 指令
+- `onMounted` 中注册的事件在 `onUnmounted` 中移除
+
+---
+
+## 十、Agent 体系
+
+### 角色与路由
+
+| 代号 | 名称 | 角色 | 路由关键词 |
+|------|------|------|-----------|
+| liubei | 刘备 | 项目经理 | 协调、分派、异常升级 |
+| zhugeliang | 诸葛亮 | 架构师 | 分析、路由、设计 |
+| guanyu | 关羽 | 后端开发 | java, api, spring, service, controller |
+| zhaoyun | 赵云 | 前端开发 | vue, 界面, 显示, 弹窗, 按钮 |
+| xunyu | 荀彧 | DBA | 数据库, sql, 迁移, mapper xml |
+| zhangfei | 张飞 | 测试 | 测试, QA, 回归 |
+| huatuo | 华佗 | 验收 | 需求验收、质量确认 |
+| chenlin | 陈琳 | 文档 | 文档、归档、Git提交 |
+
+### 协作流水线
+
+```
+刘备(协调) → 诸葛亮(分析路由) → {关羽|赵云}(修复) → 荀彧(DB审查) → 张飞(测试) → 华佗(验收) → 陈琳(归档)
+```
+
+### Bug 修复完整管线（BDT 方法论）
+
+```
+获取Bug → 设计测试用例 → 基线测试(应失败) → 全链路修复 → 回归测试(应通过) → 扩展测试(无回归) → 提交
+```
+
+### Bug 状态管理铁律
+- 人类提的 Bug：只加备注，不改状态，不改分配
+- 智能体提的 Bug：可以改分配和加备注
+- 已关闭/已解决的 Bug 不再处理
+
+---
+
+## 十一、审查与审计
+
+### 三层审查体系
+
+| 层级 | 内容 | 时机 |
+|------|------|------|
+| **L1 自审** | Agent 对照约束逐条检查 | 每次提交前 |
+| **L2 配对审查** | Agent 生成变更摘要，人类终审 | PR/提交时 |
+| **L3 合规审查** | 审计追踪，记录所有 AI 操作 | 持续 |
+
+### L1 自审清单
+```yaml
+self_review:
+  - "所有修改能通过编译？"
+  - "遵守命名规范？"
+  - "测试覆盖达标？"
+  - "没有遗漏的 TODO / DEBUG？"
+  - "变更范围没超出任务边界？"
+```
+
+### 评审评分维度
+| 维度 | 问题 |
+|------|------|
+| 正确性 | 行为是否符合目标功能？ |
+| 验证 | 检查是否真的跑过并留下证据？ |
+| 范围纪律 | 是否保持在选定功能范围内？ |
+| 可靠性 | 结果能否在重启后继续工作？ |
+| 可维护性 | 代码和文档是否清楚到可交接？ |
+
+---
+
+## 十二、标准工作循环
+
+```
+开始会话
+  ├→ 1. Init — 读 AGENTS.md + PROGRESS.md + git log
+  ├→ 2. Select — 只选一个未完成功能
+  ├→ 3. Implement — 一次只做一个，不扩大范围
+  ├→ 4. Verify — 运行验证命令，有证据才标记完成
+  └→ 5. Cleanup — 更新进度 + clean-state-checklist + git commit
+```
+
+### 会话结束前必须运行 Clean State Checklist
+```
+□ 标准启动路径仍然可用
+□ 标准验证路径仍然可运行
+□ 当前进度已记录到进度日志
+□ 无半成品步骤处于未记录状态
+□ 下一轮会话无需人工修复即可继续
+```
+
+---
+
+## 十三、开发流程
+
+```
+收到任务
+  ├→ ① 分析需求 → 读相关文档(MD/)、读全链路6环
+  ├→ ② 制定计划 → update_plan (3-6个阶段)
+  ├→ ③ 后端开发 → Controller → AppService → Service → Mapper → Entity → Flyway
+  ├→ ④ 后端测试 → mvn test → 接口测试(业务逻辑验证)
+  ├→ ⑤ 前端开发 → API接口 → 页面组件 → 路由配置
+  ├→ ⑥ 前端测试 → npm run build:dev → 功能验证
+  ├→ ⑦ 质量门禁 → L1编译 → L2测试 → L3DB审查 → L4验收 → L5归档
+  └→ ⑧ 提交代码 → git commit(规范格式) → git push → 文档更新
+```
+
+### Git Commit 格式
+```
+<type>(<scope>): <subject>
+
+type: feat|fix|docs|refactor|test|chore
+scope: 模块名(如 registration, billing, pharmacy)
+```
+
+---
+
+## 十四、快速参考命令
+
+```bash
+# === 后端 ===
+export JAVA_HOME=/opt/jdk-25
+mvn clean compile -DskipTests          # 编译
+mvn install -DskipTests                # 构建
+mvn test -pl healthlink-his-application -Dtest="XxxTest" -Dsurefire.failIfNoSpecifiedTests=false
+
+# === 前端 ===
+cd healthlink-his-ui
+npm run dev && npm run build:dev && npm run lint && npm run test:run
+
+# === Git ===
+git status && git add -A && git commit -m "feat(module): desc" && git push origin develop
+```
+
+---
+
+## 十五、详细规范文档索引
+
+| 文档 | 路径 | 用途 |
+|------|------|------|
+| 执行铁律 | `MD/specs/IRON_RULES.md` | 铁律完整版 |
+| 后端规范 | `MD/specs/BACKEND_DEVELOPMENT_STANDARD.md` | 后端编码标准 |
+| 前端规范 | `MD/specs/FRONTEND_DEVELOPMENT_STANDARD.md` | 前端编码标准 |
+| Harness方法论 | `MD/specs/HARNESS_ENGINEERING.md` | 完整Harness+Agent方法论 |
+| 文档规范 | `MD/DOCUMENTATION_STANDARD.md` | 文档管理标准 |
+| 后端清单 | `MD/specs/BACKEND_CHECKLIST.md` | 发布前检查 |
+| 前端清单 | `MD/specs/FRONTEND_CHECKLIST.md` | 发布前检查 |
+| 三甲标准 | `MD/standards/GRADE3A_HIS_STANDARD.md` | 三甲医院达标标准 |
+| Flyway指南 | `MD/guides/FLYWAY_USAGE_GUIDE.md` | 数据库迁移指南 |
+
+---
+
+## 十六、过往教训
+
+| 教训 | 内容 |
+|------|------|
+| 状态链路断裂 | Bug#574: 签到设 BOOKED(1) 而非 CHECKED_IN(3)，前端映射缺失 → 必须走完整状态链路 |
+| 盲删源文件 | AI 看到编译错误直接删文件，没检查 baseline → 必须先确认文件来源 |
+| 修复方向偏差 | 多次 fallback 改的是错误的 Service → 必须用 rg 搜索所有相关代码路径 |
+| bug_reports 缺列 | INSERT 静默失败 → 必须检查表结构 |
+| 禅道 comment API | API 不存在，用 resolve+activate workaround |
+| SQLite WAL 并发 | 多进程并发写需要 checkpoint |
+| UTF-8 切片 | 多字节字符不能用 byte index 切片 |
+| 上下文焦虑 | Agent 感觉上下文快满时会匆忙结束，跳过验证 → 注意 context 40% 阈值 |
+| 过早宣告胜利 | 自评≠验证，分开"干活"和"检查" |
+| 覆盖率幻觉 | 覆盖率达标但逻辑没测 → 引入变异测试 |
+
+---
+
+> ⚠️ 本文件是 AI 开发规范的唯一信源。各工具配置文件由 `bash scripts/sync-ai-rules.sh` 同步。
+
+---
+
+> 📅 最后同步: 2026-06-06 15:09 | 源文件: RULES.md | 重新同步: `bash scripts/sync-ai-rules.sh`

.gitignore

@@ -0,0 +1,436 @@
+/.vscode/mcp.json
+/.vscode/settings.json
+/.qwen/settings.json.orig
+/.playwright-mcp/console-2026-03-31T08-27-30-883Z.log
+/.playwright-mcp/console-2026-05-19T03-10-43-600Z.log
+/.playwright-mcp/console-2026-05-19T03-18-23-396Z.log
+/.playwright-mcp/console-2026-05-19T03-18-51-946Z.log
+/.playwright-mcp/page-2026-05-11T02-56-22-027Z.yml
+/.playwright-mcp/page-2026-05-11T02-56-30-095Z.yml
+/.playwright-mcp/page-2026-05-19T03-10-44-171Z.yml
+/.playwright-mcp/page-2026-05-19T03-11-20-520Z.yml
+/.playwright-mcp/page-2026-05-19T03-11-40-168Z.yml
+/.playwright-mcp/page-2026-05-19T03-12-10-968Z.yml
+/.playwright-mcp/page-2026-05-19T03-18-23-610Z.yml
+/.playwright-mcp/page-2026-05-19T03-18-52-634Z.yml
+/.playwright-mcp/page-2026-05-19T03-19-19-472Z.yml
+/.playwright-mcp/page-2026-05-19T03-19-36-669Z.yml
+/.playwright-mcp/page-2026-05-19T03-20-04-342Z.yml
+/.playwright-mcp/page-2026-05-19T03-21-08-820Z.yml
+/.playwright-mcp/page-2026-05-19T03-21-43-735Z.yml
+/.idea/compiler.xml
+/.idea/encodings.xml
+/.idea/jarRepositories.xml
+/.idea/misc.xml
+/.idea/vcs.xml
+/.idea/workspace.xml
+/node_modules/.bin/husky
+/node_modules/.bin/husky.cmd
+/node_modules/.bin/husky.ps1
+/node_modules/asynckit/lib/abort.js
+/node_modules/asynckit/lib/async.js
+/node_modules/asynckit/lib/defer.js
+/node_modules/asynckit/lib/iterate.js
+/node_modules/asynckit/lib/readable_asynckit.js
+/node_modules/asynckit/lib/readable_parallel.js
+/node_modules/asynckit/lib/readable_serial.js
+/node_modules/asynckit/lib/readable_serial_ordered.js
+/node_modules/asynckit/lib/state.js
+/node_modules/asynckit/lib/streamify.js
+/node_modules/asynckit/lib/terminator.js
+/node_modules/asynckit/bench.js
+/node_modules/asynckit/index.js
+/node_modules/asynckit/LICENSE
+/node_modules/asynckit/package.json
+/node_modules/asynckit/parallel.js
+/node_modules/asynckit/README.md
+/node_modules/asynckit/serial.js
+/node_modules/asynckit/serialOrdered.js
+/node_modules/asynckit/stream.js
+/node_modules/axios/dist/browser/axios.cjs
+/node_modules/axios/dist/esm/axios.js
+/node_modules/axios/dist/esm/axios.min.js
+/node_modules/axios/dist/esm/axios.min.js.map
+/node_modules/axios/dist/node/axios.cjs
+/node_modules/axios/dist/axios.js
+/node_modules/axios/dist/axios.min.js
+/node_modules/axios/dist/axios.min.js.map
+/node_modules/axios/lib/adapters/adapters.js
+/node_modules/axios/lib/adapters/fetch.js
+/node_modules/axios/lib/adapters/http.js
+/node_modules/axios/lib/adapters/README.md
+/node_modules/axios/lib/adapters/xhr.js
+/node_modules/axios/lib/cancel/CanceledError.js
+/node_modules/axios/lib/cancel/CancelToken.js
+/node_modules/axios/lib/cancel/isCancel.js
+/node_modules/axios/lib/core/Axios.js
+/node_modules/axios/lib/core/AxiosError.js
+/node_modules/axios/lib/core/AxiosHeaders.js
+/node_modules/axios/lib/core/buildFullPath.js
+/node_modules/axios/lib/core/dispatchRequest.js
+/node_modules/axios/lib/core/InterceptorManager.js
+/node_modules/axios/lib/core/mergeConfig.js
+/node_modules/axios/lib/core/README.md
+/node_modules/axios/lib/core/settle.js
+/node_modules/axios/lib/core/transformData.js
+/node_modules/axios/lib/defaults/index.js
+/node_modules/axios/lib/defaults/transitional.js
+/node_modules/axios/lib/env/classes/FormData.js
+/node_modules/axios/lib/env/data.js
+/node_modules/axios/lib/env/README.md
+/node_modules/axios/lib/helpers/AxiosTransformStream.js
+/node_modules/axios/lib/helpers/AxiosURLSearchParams.js
+/node_modules/axios/lib/helpers/bind.js
+/node_modules/axios/lib/helpers/buildURL.js
+/node_modules/axios/lib/helpers/callbackify.js
+/node_modules/axios/lib/helpers/combineURLs.js
+/node_modules/axios/lib/helpers/composeSignals.js
+/node_modules/axios/lib/helpers/cookies.js
+/node_modules/axios/lib/helpers/deprecatedMethod.js
+/node_modules/axios/lib/helpers/estimateDataURLDecodedBytes.js
+/node_modules/axios/lib/helpers/formDataToJSON.js
+/node_modules/axios/lib/helpers/formDataToStream.js
+/node_modules/axios/lib/helpers/fromDataURI.js
+/node_modules/axios/lib/helpers/HttpStatusCode.js
+/node_modules/axios/lib/helpers/isAbsoluteURL.js
+/node_modules/axios/lib/helpers/isAxiosError.js
+/node_modules/axios/lib/helpers/isURLSameOrigin.js
+/node_modules/axios/lib/helpers/null.js
+/node_modules/axios/lib/helpers/parseHeaders.js
+/node_modules/axios/lib/helpers/parseProtocol.js
+/node_modules/axios/lib/helpers/progressEventReducer.js
+/node_modules/axios/lib/helpers/readBlob.js
+/node_modules/axios/lib/helpers/README.md
+/node_modules/axios/lib/helpers/resolveConfig.js
+/node_modules/axios/lib/helpers/speedometer.js
+/node_modules/axios/lib/helpers/spread.js
+/node_modules/axios/lib/helpers/throttle.js
+/node_modules/axios/lib/helpers/toFormData.js
+/node_modules/axios/lib/helpers/toURLEncodedForm.js
+/node_modules/axios/lib/helpers/trackStream.js
+/node_modules/axios/lib/helpers/validator.js
+/node_modules/axios/lib/helpers/ZlibHeaderTransformStream.js
+/node_modules/axios/lib/platform/browser/classes/Blob.js
+/node_modules/axios/lib/platform/browser/classes/FormData.js
+/node_modules/axios/lib/platform/browser/classes/URLSearchParams.js
+/node_modules/axios/lib/platform/browser/index.js
+/node_modules/axios/lib/platform/common/utils.js
+/node_modules/axios/lib/platform/node/classes/FormData.js
+/node_modules/axios/lib/platform/node/classes/URLSearchParams.js
+/node_modules/axios/lib/platform/node/index.js
+/node_modules/axios/lib/platform/index.js
+/node_modules/axios/lib/axios.js
+/node_modules/axios/lib/utils.js
+/node_modules/axios/CHANGELOG.md
+/node_modules/axios/index.d.cts
+/node_modules/axios/index.d.ts
+/node_modules/axios/index.js
+/node_modules/axios/LICENSE
+/node_modules/axios/MIGRATION_GUIDE.md
+/node_modules/axios/package.json
+/node_modules/axios/README.md
+/node_modules/bignumber.js/doc/API.html
+/node_modules/bignumber.js/bignumber.d.mts
+/node_modules/bignumber.js/bignumber.d.ts
+/node_modules/bignumber.js/bignumber.js
+/node_modules/bignumber.js/bignumber.mjs
+/node_modules/bignumber.js/CHANGELOG.md
+/node_modules/bignumber.js/LICENCE.md
+/node_modules/bignumber.js/package.json
+/node_modules/bignumber.js/README.md
+/node_modules/bignumber.js/types.d.ts
+/node_modules/call-bind-apply-helpers/.github/FUNDING.yml
+/node_modules/call-bind-apply-helpers/test/index.js
+/node_modules/call-bind-apply-helpers/.eslintrc
+/node_modules/call-bind-apply-helpers/.nycrc
+/node_modules/call-bind-apply-helpers/actualApply.d.ts
+/node_modules/call-bind-apply-helpers/actualApply.js
+/node_modules/call-bind-apply-helpers/applyBind.d.ts
+/node_modules/call-bind-apply-helpers/applyBind.js
+/node_modules/call-bind-apply-helpers/CHANGELOG.md
+/node_modules/call-bind-apply-helpers/functionApply.d.ts
+/node_modules/call-bind-apply-helpers/functionApply.js
+/node_modules/call-bind-apply-helpers/functionCall.d.ts
+/node_modules/call-bind-apply-helpers/functionCall.js
+/node_modules/call-bind-apply-helpers/index.d.ts
+/node_modules/call-bind-apply-helpers/index.js
+/node_modules/call-bind-apply-helpers/LICENSE
+/node_modules/call-bind-apply-helpers/package.json
+/node_modules/call-bind-apply-helpers/README.md
+/node_modules/call-bind-apply-helpers/reflectApply.d.ts
+/node_modules/call-bind-apply-helpers/reflectApply.js
+/node_modules/call-bind-apply-helpers/tsconfig.json
+/node_modules/combined-stream/lib/combined_stream.js
+/node_modules/combined-stream/License
+/node_modules/combined-stream/package.json
+/node_modules/combined-stream/Readme.md
+/node_modules/combined-stream/yarn.lock
+/node_modules/delayed-stream/lib/delayed_stream.js
+/node_modules/delayed-stream/.npmignore
+/node_modules/delayed-stream/License
+/node_modules/delayed-stream/Makefile
+/node_modules/delayed-stream/package.json
+/node_modules/delayed-stream/Readme.md
+/node_modules/dunder-proto/.github/FUNDING.yml
+/node_modules/dunder-proto/test/get.js
+/node_modules/dunder-proto/test/index.js
+/node_modules/dunder-proto/test/set.js
+/node_modules/dunder-proto/.eslintrc
+/node_modules/dunder-proto/.nycrc
+/node_modules/dunder-proto/CHANGELOG.md
+/node_modules/dunder-proto/get.d.ts
+/node_modules/dunder-proto/get.js
+/node_modules/dunder-proto/LICENSE
+/node_modules/dunder-proto/package.json
+/node_modules/dunder-proto/README.md
+/node_modules/dunder-proto/set.d.ts
+/node_modules/dunder-proto/set.js
+/node_modules/dunder-proto/tsconfig.json
+/node_modules/es-define-property/.github/FUNDING.yml
+/node_modules/es-define-property/test/index.js
+/node_modules/es-define-property/.eslintrc
+/node_modules/es-define-property/.nycrc
+/node_modules/es-define-property/CHANGELOG.md
+/node_modules/es-define-property/index.d.ts
+/node_modules/es-define-property/index.js
+/node_modules/es-define-property/LICENSE
+/node_modules/es-define-property/package.json
+/node_modules/es-define-property/README.md
+/node_modules/es-define-property/tsconfig.json
+/node_modules/es-errors/.github/FUNDING.yml
+/node_modules/es-errors/test/index.js
+/node_modules/es-errors/.eslintrc
+/node_modules/es-errors/CHANGELOG.md
+/node_modules/es-errors/eval.d.ts
+/node_modules/es-errors/eval.js
+/node_modules/es-errors/index.d.ts
+/node_modules/es-errors/index.js
+/node_modules/es-errors/LICENSE
+/node_modules/es-errors/package.json
+/node_modules/es-errors/range.d.ts
+/node_modules/es-errors/range.js
+/node_modules/es-errors/README.md
+/node_modules/es-errors/ref.d.ts
+/node_modules/es-errors/ref.js
+/node_modules/es-errors/syntax.d.ts
+/node_modules/es-errors/syntax.js
+/node_modules/es-errors/tsconfig.json
+/node_modules/es-errors/type.d.ts
+/node_modules/es-errors/type.js
+/node_modules/es-errors/uri.d.ts
+/node_modules/es-errors/uri.js
+/node_modules/es-object-atoms/.github/FUNDING.yml
+/node_modules/es-object-atoms/test/index.js
+/node_modules/es-object-atoms/.eslintrc
+/node_modules/es-object-atoms/CHANGELOG.md
+/node_modules/es-object-atoms/index.d.ts
+/node_modules/es-object-atoms/index.js
+/node_modules/es-object-atoms/isObject.d.ts
+/node_modules/es-object-atoms/isObject.js
+/node_modules/es-object-atoms/LICENSE
+/node_modules/es-object-atoms/package.json
+/node_modules/es-object-atoms/README.md
+/node_modules/es-object-atoms/RequireObjectCoercible.d.ts
+/node_modules/es-object-atoms/RequireObjectCoercible.js
+/node_modules/es-object-atoms/ToObject.d.ts
+/node_modules/es-object-atoms/ToObject.js
+/node_modules/es-object-atoms/tsconfig.json
+/node_modules/es-set-tostringtag/test/index.js
+/node_modules/es-set-tostringtag/.eslintrc
+/node_modules/es-set-tostringtag/.nycrc
+/node_modules/es-set-tostringtag/CHANGELOG.md
+/node_modules/es-set-tostringtag/index.d.ts
+/node_modules/es-set-tostringtag/index.js
+/node_modules/es-set-tostringtag/LICENSE
+/node_modules/es-set-tostringtag/package.json
+/node_modules/es-set-tostringtag/README.md
+/node_modules/es-set-tostringtag/tsconfig.json
+/node_modules/follow-redirects/debug.js
+/node_modules/follow-redirects/http.js
+/node_modules/follow-redirects/https.js
+/node_modules/follow-redirects/index.js
+/node_modules/follow-redirects/LICENSE
+/node_modules/follow-redirects/package.json
+/node_modules/follow-redirects/README.md
+/node_modules/form-data/lib/browser.js
+/node_modules/form-data/lib/form_data.js
+/node_modules/form-data/lib/populate.js
+/node_modules/form-data/CHANGELOG.md
+/node_modules/form-data/index.d.ts
+/node_modules/form-data/License
+/node_modules/form-data/package.json
+/node_modules/form-data/README.md
+/node_modules/function-bind/.github/FUNDING.yml
+/node_modules/function-bind/.github/SECURITY.md
+/node_modules/function-bind/test/.eslintrc
+/node_modules/function-bind/test/index.js
+/node_modules/function-bind/.eslintrc
+/node_modules/function-bind/.nycrc
+/node_modules/function-bind/CHANGELOG.md
+/node_modules/function-bind/implementation.js
+/node_modules/function-bind/index.js
+/node_modules/function-bind/LICENSE
+/node_modules/function-bind/package.json
+/node_modules/function-bind/README.md
+/node_modules/get-intrinsic/.github/FUNDING.yml
+/node_modules/get-intrinsic/test/GetIntrinsic.js
+/node_modules/get-intrinsic/.eslintrc
+/node_modules/get-intrinsic/.nycrc
+/node_modules/get-intrinsic/CHANGELOG.md
+/node_modules/get-intrinsic/index.js
+/node_modules/get-intrinsic/LICENSE
+/node_modules/get-intrinsic/package.json
+/node_modules/get-intrinsic/README.md
+/node_modules/get-proto/.github/FUNDING.yml
+/node_modules/get-proto/test/index.js
+/node_modules/get-proto/.eslintrc
+/node_modules/get-proto/.nycrc
+/node_modules/get-proto/CHANGELOG.md
+/node_modules/get-proto/index.d.ts
+/node_modules/get-proto/index.js
+/node_modules/get-proto/LICENSE
+/node_modules/get-proto/Object.getPrototypeOf.d.ts
+/node_modules/get-proto/Object.getPrototypeOf.js
+/node_modules/get-proto/package.json
+/node_modules/get-proto/README.md
+/node_modules/get-proto/Reflect.getPrototypeOf.d.ts
+/node_modules/get-proto/Reflect.getPrototypeOf.js
+/node_modules/get-proto/tsconfig.json
+/node_modules/gopd/.github/FUNDING.yml
+/node_modules/gopd/test/index.js
+/node_modules/gopd/.eslintrc
+/node_modules/gopd/CHANGELOG.md
+/node_modules/gopd/gOPD.d.ts
+/node_modules/gopd/gOPD.js
+/node_modules/gopd/index.d.ts
+/node_modules/gopd/index.js
+/node_modules/gopd/LICENSE
+/node_modules/gopd/package.json
+/node_modules/gopd/README.md
+/node_modules/gopd/tsconfig.json
+/node_modules/has-symbols/.github/FUNDING.yml
+/node_modules/has-symbols/test/shams/core-js.js
+/node_modules/has-symbols/test/shams/get-own-property-symbols.js
+/node_modules/has-symbols/test/index.js
+/node_modules/has-symbols/test/tests.js
+/node_modules/has-symbols/.eslintrc
+/node_modules/has-symbols/.nycrc
+/node_modules/has-symbols/CHANGELOG.md
+/node_modules/has-symbols/index.d.ts
+/node_modules/has-symbols/index.js
+/node_modules/has-symbols/LICENSE
+/node_modules/has-symbols/package.json
+/node_modules/has-symbols/README.md
+/node_modules/has-symbols/shams.d.ts
+/node_modules/has-symbols/shams.js
+/node_modules/has-symbols/tsconfig.json
+/node_modules/has-tostringtag/.github/FUNDING.yml
+/node_modules/has-tostringtag/test/shams/core-js.js
+/node_modules/has-tostringtag/test/shams/get-own-property-symbols.js
+/node_modules/has-tostringtag/test/index.js
+/node_modules/has-tostringtag/test/tests.js
+/node_modules/has-tostringtag/.eslintrc
+/node_modules/has-tostringtag/.nycrc
+/node_modules/has-tostringtag/CHANGELOG.md
+/node_modules/has-tostringtag/index.d.ts
+/node_modules/has-tostringtag/index.js
+/node_modules/has-tostringtag/LICENSE
+/node_modules/has-tostringtag/package.json
+/node_modules/has-tostringtag/README.md
+/node_modules/has-tostringtag/shams.d.ts
+/node_modules/has-tostringtag/shams.js
+/node_modules/has-tostringtag/tsconfig.json
+/node_modules/hasown/.github/FUNDING.yml
+/node_modules/hasown/.nycrc
+/node_modules/hasown/CHANGELOG.md
+/node_modules/hasown/index.d.ts
+/node_modules/hasown/index.js
+/node_modules/hasown/LICENSE
+/node_modules/hasown/package.json
+/node_modules/hasown/README.md
+/node_modules/hasown/tsconfig.json
+/node_modules/husky/bin.js
+/node_modules/husky/husky
+/node_modules/husky/index.d.ts
+/node_modules/husky/index.js
+/node_modules/husky/LICENSE
+/node_modules/husky/package.json
+/node_modules/husky/README.md
+/node_modules/json-bigint/lib/parse.js
+/node_modules/json-bigint/lib/stringify.js
+/node_modules/json-bigint/index.js
+/node_modules/json-bigint/LICENSE
+/node_modules/json-bigint/package.json
+/node_modules/json-bigint/README.md
+/node_modules/math-intrinsics/.github/FUNDING.yml
+/node_modules/math-intrinsics/constants/maxArrayLength.d.ts
+/node_modules/math-intrinsics/constants/maxArrayLength.js
+/node_modules/math-intrinsics/constants/maxSafeInteger.d.ts
+/node_modules/math-intrinsics/constants/maxSafeInteger.js
+/node_modules/math-intrinsics/constants/maxValue.d.ts
+/node_modules/math-intrinsics/constants/maxValue.js
+/node_modules/math-intrinsics/test/index.js
+/node_modules/math-intrinsics/.eslintrc
+/node_modules/math-intrinsics/abs.d.ts
+/node_modules/math-intrinsics/abs.js
+/node_modules/math-intrinsics/CHANGELOG.md
+/node_modules/math-intrinsics/floor.d.ts
+/node_modules/math-intrinsics/floor.js
+/node_modules/math-intrinsics/isFinite.d.ts
+/node_modules/math-intrinsics/isFinite.js
+/node_modules/math-intrinsics/isInteger.d.ts
+/node_modules/math-intrinsics/isInteger.js
+/node_modules/math-intrinsics/isNaN.d.ts
+/node_modules/math-intrinsics/isNaN.js
+/node_modules/math-intrinsics/isNegativeZero.d.ts
+/node_modules/math-intrinsics/isNegativeZero.js
+/node_modules/math-intrinsics/LICENSE
+/node_modules/math-intrinsics/max.d.ts
+/node_modules/math-intrinsics/max.js
+/node_modules/math-intrinsics/min.d.ts
+/node_modules/math-intrinsics/min.js
+/node_modules/math-intrinsics/mod.d.ts
+/node_modules/math-intrinsics/mod.js
+/node_modules/math-intrinsics/package.json
+/node_modules/math-intrinsics/pow.d.ts
+/node_modules/math-intrinsics/pow.js
+/node_modules/math-intrinsics/README.md
+/node_modules/math-intrinsics/round.d.ts
+/node_modules/math-intrinsics/round.js
+/node_modules/math-intrinsics/sign.d.ts
+/node_modules/math-intrinsics/sign.js
+/node_modules/math-intrinsics/tsconfig.json
+/node_modules/mime-db/db.json
+/node_modules/mime-db/HISTORY.md
+/node_modules/mime-db/index.js
+/node_modules/mime-db/LICENSE
+/node_modules/mime-db/package.json
+/node_modules/mime-db/README.md
+/node_modules/mime-types/HISTORY.md
+/node_modules/mime-types/index.js
+/node_modules/mime-types/LICENSE
+/node_modules/mime-types/package.json
+/node_modules/mime-types/README.md
+/node_modules/proxy-from-env/index.js
+/node_modules/proxy-from-env/LICENSE
+/node_modules/proxy-from-env/package.json
+/node_modules/proxy-from-env/README.md
+/node_modules/.package-lock.json
+/.idea/shelf/在进行更新之前于_2026_6_5_16_37_取消提交了更改_[更改]/shelved.patch
+/.idea/shelf/在进行更新之前于_2026_6_6_07_53_取消提交了更改_[更改]/shelved.patch
+/.idea/shelf/在进行更新之前于_2026_6_6_07_58_取消提交了更改_[更改]/shelved.patch
+/.idea/shelf/在进行更新之前于_2026_6_6_09_03_取消提交了更改_[更改]/shelved.patch
+/.idea/shelf/在进行更新之前于_2026_6_6_09_07_取消提交了更改_[更改]/shelved.patch
+/.idea/shelf/在进行更新之前于_2026_6_6_09_17_取消提交了更改_[更改]/shelved.patch
+/.idea/shelf/_2026_6_5_16_37____.xml
+/.idea/shelf/_2026_6_6_07_53____.xml
+/.idea/shelf/_2026_6_6_07_58____.xml
+/.idea/shelf/_2026_6_6_09_03____.xml
+/.idea/shelf/_2026_6_6_09_07____.xml
+/.idea/shelf/_2026_6_6_09_17____.xml
+/.idea/shelf/在进行更新之前于_2026_6_5_16_37_取消提交了更改_[更改]/shelved.patch
+/.idea/shelf/在进行更新之前于_2026_6_6_07_53_取消提交了更改_[更改]/shelved.patch
+/.idea/shelf/在进行更新之前于_2026_6_6_07_58_取消提交了更改_[更改]/shelved.patch
+/.idea/shelf/在进行更新之前于_2026_6_6_09_03_取消提交了更改_[更改]/shelved.patch
+/.idea/shelf/在进行更新之前于_2026_6_6_09_07_取消提交了更改_[更改]/shelved.patch
+/.idea/shelf/在进行更新之前于_2026_6_6_09_17_取消提交了更改_[更改]/shelved.patch

.harness/PROGRESS.md

@@ -4,7 +4,7 @@
 
 - 仓库根目录：`/root/.openclaw/workspace/his-repo`
 - 分支：`develop`
-- 标准启动路径：`cd openhis-server-new && mvn compile -pl openhis-application -am`
+- 标准启动路径：`cd healthlink-his-server && mvn compile -pl healthlink-his-application -am`
 - 标准验证路径：`bash .harness/check.sh`（一键全部门禁）
 - 标准初始化：`bash .harness/init.sh`
 - 标准作业流程：`.harness/STANDARD_OPERATING_PROCEDURE.md`

.harness/STANDARD_OPERATING_PROCEDURE.md

@@ -85,7 +85,7 @@ git status --short
 
 ```bash
 # L1: 编译检查
-cd openhis-server-new && mvn compile -pl openhis-application -am
+cd healthlink-his-server && mvn compile -pl healthlink-his-application -am
 
 # L2: 全链路门禁
 bash .harness/check.sh

.harness/check.sh

@@ -37,7 +37,7 @@ echo "╚═══════════════════════
 # ── L1: 编译检查 ──
 echo ""
 echo "╔══ L1 编译检查 ══════════════════════╗"
-check "L1" "后端编译" "cd '$ROOT_DIR/openhis-server-new' && mvn compile -pl openhis-application -am -q"
+check "L1" "后端编译" "cd '$ROOT_DIR/healthlink-his-server' && mvn compile -pl healthlink-his-application -am -q"
 
 # ── L2: 全链路检查 ──
 echo ""
@@ -50,7 +50,7 @@ check "L2" "PROGRESS.md 存在" "test -f '$ROOT_DIR/.harness/PROGRESS.md'"
 check "L2" "feature_list.json 有效" "python3 -c 'import json; json.load(open(\"$ROOT_DIR/.harness/feature_list.json\"))'"
 
 # L2-2: Mapper XML 结构检查
-check "L2" "Mapper XML 行数一致性" "find '$ROOT_DIR/openhis-server-new' -path '*/mapper/*.xml' -exec wc -l {} + 2>/dev/null | tail -1 | awk '{print \$1}' | xargs test 0 -lt"
+check "L2" "Mapper XML 行数一致性" "find '$ROOT_DIR/healthlink-his-server' -path '*/mapper/*.xml' -exec wc -l {} + 2>/dev/null | tail -1 | awk '{print \$1}' | xargs test 0 -lt"
 
 # ── L3: 约束合规检查 ──
 echo ""

.harness/feature_list.json

@@ -1,5 +1,5 @@
 {
-  "project": "OpenHIS",
+  "project": "HealthLink-HIS",
   "last_updated": "2026-05-28",
   "rules": {
     "single_active_feature": true,

.harness/init.sh

@@ -13,8 +13,8 @@ git log --oneline -3 2>/dev/null || true
 
 echo ""
 echo "==> 编译检查"
-cd openhis-server-new
-mvn compile -pl openhis-application -am -q 2>/dev/null && echo "    ✅ 编译通过" || echo "    ❌ 编译失败"
+cd healthlink-his-server
+mvn compile -pl healthlink-his-application -am -q 2>/dev/null && echo "    ✅ 编译通过" || echo "    ❌ 编译失败"
 
 echo ""
 echo "==> 读取进度"

.harness/session-handoff.md

@@ -24,6 +24,6 @@
 
 ## 命令速查
 
-- 编译：`cd openhis-server-new && mvn compile -pl openhis-application -am`
+- 编译：`cd healthlink-his-server && mvn compile -pl healthlink-his-application -am`
 - 打包：`mvn clean package -DskipTests`
 - 启动：`mvn spring-boot:run`

.idea/dataSources.local.xml

@@ -0,0 +1,35 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<project version="4">
+  <component name="dataSourceStorageLocal" created-in="IU-253.33514.17">
+    <data-source name="postgresql@192.168.110.252" uuid="6f44e2a0-c865-4e9f-83bf-d35db0680dc5">
+      <database-info product="PostgreSQL" version="17.6" jdbc-version="4.2" driver-name="PostgreSQL JDBC Driver" driver-version="42.7.3" dbms="POSTGRES" exact-version="17.6" exact-driver-version="42.7">
+        <identifier-quote-string>&quot;</identifier-quote-string>
+      </database-info>
+      <case-sensitivity plain-identifiers="lower" quoted-identifiers="exact" />
+      <secret-storage>master_key</secret-storage>
+      <user-name>postgresql</user-name>
+      <schema-mapping>
+        <introspection-scope>
+          <node kind="database" qname="@">
+            <node kind="schema" qname="@" />
+          </node>
+        </introspection-scope>
+      </schema-mapping>
+    </data-source>
+    <data-source name="postgresql@47.116.196.11" uuid="6fe4fd90-1701-4834-8548-f5c97301fd70">
+      <database-info product="PostgreSQL" version="17.6" jdbc-version="4.2" driver-name="PostgreSQL JDBC Driver" driver-version="42.7.3" dbms="POSTGRES" exact-version="17.6" exact-driver-version="42.7">
+        <identifier-quote-string>&quot;</identifier-quote-string>
+      </database-info>
+      <case-sensitivity plain-identifiers="lower" quoted-identifiers="exact" />
+      <secret-storage>master_key</secret-storage>
+      <user-name>postgresql</user-name>
+      <schema-mapping>
+        <introspection-scope>
+          <node kind="database" qname="@">
+            <node kind="schema" qname="@" />
+          </node>
+        </introspection-scope>
+      </schema-mapping>
+    </data-source>
+  </component>
+</project>

.idea/dataSources.xml

@@ -0,0 +1,29 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<project version="4">
+  <component name="DataSourceManagerImpl" format="xml" multifile-model="true">
+    <data-source source="LOCAL" name="postgresql@192.168.110.252" uuid="6f44e2a0-c865-4e9f-83bf-d35db0680dc5">
+      <driver-ref>postgresql</driver-ref>
+      <synchronize>true</synchronize>
+      <jdbc-driver>org.postgresql.Driver</jdbc-driver>
+      <jdbc-url>jdbc:postgresql://192.168.110.252:15432/postgresql?currentSchema=healthlink_his&amp;characterEncoding=UTF-8&amp;client_encoding=UTF-8</jdbc-url>
+      <jdbc-additional-properties>
+        <property name="com.intellij.clouds.kubernetes.db.host.port" />
+        <property name="com.intellij.clouds.kubernetes.db.enabled" value="false" />
+        <property name="com.intellij.clouds.kubernetes.db.container.port" />
+      </jdbc-additional-properties>
+      <working-dir>$ProjectFileDir$</working-dir>
+    </data-source>
+    <data-source source="LOCAL" name="postgresql@47.116.196.11" uuid="6fe4fd90-1701-4834-8548-f5c97301fd70">
+      <driver-ref>postgresql</driver-ref>
+      <synchronize>true</synchronize>
+      <jdbc-driver>org.postgresql.Driver</jdbc-driver>
+      <jdbc-url>jdbc:postgresql://47.116.196.11:15432/postgresql?currentSchema=healthlink_his&amp;characterEncoding=UTF-8&amp;client_encoding=UTF-8</jdbc-url>
+      <jdbc-additional-properties>
+        <property name="com.intellij.clouds.kubernetes.db.host.port" />
+        <property name="com.intellij.clouds.kubernetes.db.enabled" value="false" />
+        <property name="com.intellij.clouds.kubernetes.db.container.port" />
+      </jdbc-additional-properties>
+      <working-dir>$ProjectFileDir$</working-dir>
+    </data-source>
+  </component>
+</project>

.idea/dataSources/6f44e2a0-c865-4e9f-83bf-d35db0680dc5/storage_v2/_src_/database/postgresql.VOeAgg.meta

@@ -0,0 +1 @@
+#n:postgresql

.idea/dataSources/6f44e2a0-c865-4e9f-83bf-d35db0680dc5/storage_v2/_src_/database/postgresql.VOeAgg/schema/healthlink_his.Kczdyg.meta

@@ -0,0 +1,2 @@
+#n:healthlink_his
+!<md> [786566, 0, null, null, -2147483648, -2147483648]

.idea/dataSources/6f44e2a0-c865-4e9f-83bf-d35db0680dc5/storage_v2/_src_/database/postgresql.VOeAgg/schema/information_schema.FNRwLQ.meta

@@ -0,0 +1,2 @@
+#n:information_schema
+!<md> [null, 0, null, null, -2147483648, -2147483648]

.idea/dataSources/6f44e2a0-c865-4e9f-83bf-d35db0680dc5/storage_v2/_src_/database/postgresql.VOeAgg/schema/pg_catalog.0S1ZNQ.meta

@@ -0,0 +1,2 @@
+#n:pg_catalog
+!<md> [null, 0, null, null, -2147483648, -2147483648]

.idea/dataSources/6fe4fd90-1701-4834-8548-f5c97301fd70/storage_v2/_src_/database/postgresql.VOeAgg.meta

@@ -0,0 +1 @@
+#n:postgresql

.idea/dataSources/6fe4fd90-1701-4834-8548-f5c97301fd70/storage_v2/_src_/database/postgresql.VOeAgg/schema/healthlink_his.Kczdyg.meta

@@ -0,0 +1,2 @@
+#n:healthlink_his
+!<md> [786700, 0, null, null, -2147483648, -2147483648]

.idea/dataSources/6fe4fd90-1701-4834-8548-f5c97301fd70/storage_v2/_src_/database/postgresql.VOeAgg/schema/information_schema.FNRwLQ.meta

@@ -0,0 +1,2 @@
+#n:information_schema
+!<md> [null, 0, null, null, -2147483648, -2147483648]

.idea/dataSources/6fe4fd90-1701-4834-8548-f5c97301fd70/storage_v2/_src_/database/postgresql.VOeAgg/schema/pg_catalog.0S1ZNQ.meta

@@ -0,0 +1,2 @@
+#n:pg_catalog
+!<md> [null, 0, null, null, -2147483648, -2147483648]

.idea/db-forest-config.xml

@@ -0,0 +1,6 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<project version="4">
+  <component name="db-tree-configuration">
+    <option name="data" value="----------------------------------------&#10;1:0:6f44e2a0-c865-4e9f-83bf-d35db0680dc5&#10;2:0:6fe4fd90-1701-4834-8548-f5c97301fd70&#10;" />
+  </component>
+</project>

.idea/shelf/_2026_6_16_09_56____.xml

@@ -0,0 +1,8 @@
+<changelist name="在进行更新之前于_2026_6_16_09_56_取消提交了更改_[更改]" date="1781574986508" recycled="true" deleted="true">
+  <option name="PATH" value="$PROJECT_DIR$/.idea/shelf/在进行更新之前于_2026_6_16_09_56_取消提交了更改_[更改]/shelved.patch" />
+  <option name="DESCRIPTION" value="在进行更新之前于 2026/6/16 09:56 取消提交了更改 [更改]" />
+  <binary>
+    <option name="AFTER_PATH" value="MD/HEALTHLINK_HIS_PRICING_v0.1.docx" />
+    <option name="SHELVED_PATH" value="$PROJECT_DIR$/.idea/shelf/在进行更新之前于_2026_6_16_09_56_取消提交了更改_[更改]/HEALTHLINK_HIS_PRICING_v0.1.docx" />
+  </binary>
+</changelist>

.idea/shelf/_2026_6_16_10_44____.xml

@@ -0,0 +1,8 @@
+<changelist name="在进行更新之前于_2026_6_16_10_44_取消提交了更改_[更改]" date="1781577901658" recycled="true" deleted="true">
+  <option name="PATH" value="$PROJECT_DIR$/.idea/shelf/在进行更新之前于_2026_6_16_10_44_取消提交了更改_[更改]/shelved.patch" />
+  <option name="DESCRIPTION" value="在进行更新之前于 2026/6/16 10:44 取消提交了更改 [更改]" />
+  <binary>
+    <option name="AFTER_PATH" value="MD/HEALTHLINK_HIS_PRICING_v0.1.docx" />
+    <option name="SHELVED_PATH" value="$PROJECT_DIR$/.idea/shelf/在进行更新之前于_2026_6_16_10_44_取消提交了更改_[更改]/HEALTHLINK_HIS_PRICING_v0.1.docx" />
+  </binary>
+</changelist>

.idea/shelf/_2026_6_16_13_36____.xml

@@ -0,0 +1,8 @@
+<changelist name="在进行更新之前于_2026_6_16_13_36_取消提交了更改_[更改]" date="1781588195703" recycled="true" deleted="true">
+  <option name="PATH" value="$PROJECT_DIR$/.idea/shelf/在进行更新之前于_2026_6_16_13_36_取消提交了更改_[更改]/shelved.patch" />
+  <option name="DESCRIPTION" value="在进行更新之前于 2026/6/16 13:36 取消提交了更改 [更改]" />
+  <binary>
+    <option name="AFTER_PATH" value="MD/HEALTHLINK_HIS_PRICING_v0.1.docx" />
+    <option name="SHELVED_PATH" value="$PROJECT_DIR$/.idea/shelf/在进行更新之前于_2026_6_16_13_36_取消提交了更改_[更改]/HEALTHLINK_HIS_PRICING_v0.1.docx" />
+  </binary>
+</changelist>

.idea/shelf/_2026_6_16_13_38____.xml

@@ -0,0 +1,8 @@
+<changelist name="在进行更新之前于_2026_6_16_13_38_取消提交了更改_[更改]" date="1781588299786" recycled="true" deleted="true">
+  <option name="PATH" value="$PROJECT_DIR$/.idea/shelf/在进行更新之前于_2026_6_16_13_38_取消提交了更改_[更改]/shelved.patch" />
+  <option name="DESCRIPTION" value="在进行更新之前于 2026/6/16 13:38 取消提交了更改 [更改]" />
+  <binary>
+    <option name="AFTER_PATH" value="MD/HEALTHLINK_HIS_PRICING_v0.1.docx" />
+    <option name="SHELVED_PATH" value="$PROJECT_DIR$/.idea/shelf/在进行更新之前于_2026_6_16_13_38_取消提交了更改_[更改]/HEALTHLINK_HIS_PRICING_v0.1.docx" />
+  </binary>
+</changelist>

.idea/shelf/_2026_6_16_15_24____.xml

@@ -0,0 +1,8 @@
+<changelist name="在进行更新之前于_2026_6_16_15_24_取消提交了更改_[更改]" date="1781594661495" recycled="true" deleted="true">
+  <option name="PATH" value="$PROJECT_DIR$/.idea/shelf/在进行更新之前于_2026_6_16_15_24_取消提交了更改_[更改]/shelved.patch" />
+  <option name="DESCRIPTION" value="在进行更新之前于 2026/6/16 15:24 取消提交了更改 [更改]" />
+  <binary>
+    <option name="AFTER_PATH" value="MD/HEALTHLINK_HIS_PRICING_v0.1.docx" />
+    <option name="SHELVED_PATH" value="$PROJECT_DIR$/.idea/shelf/在进行更新之前于_2026_6_16_15_24_取消提交了更改_[更改]/HEALTHLINK_HIS_PRICING_v0.1.docx" />
+  </binary>
+</changelist>

.idea/shelf/_2026_6_16_16_12____.xml

@@ -0,0 +1,8 @@
+<changelist name="在进行更新之前于_2026_6_16_16_12_取消提交了更改_[更改]" date="1781597537348" recycled="true" deleted="true">
+  <option name="PATH" value="$PROJECT_DIR$/.idea/shelf/在进行更新之前于_2026_6_16_16_12_取消提交了更改_[更改]/shelved.patch" />
+  <option name="DESCRIPTION" value="在进行更新之前于 2026/6/16 16:12 取消提交了更改 [更改]" />
+  <binary>
+    <option name="AFTER_PATH" value="MD/HEALTHLINK_HIS_PRICING_v0.1.docx" />
+    <option name="SHELVED_PATH" value="$PROJECT_DIR$/.idea/shelf/在进行更新之前于_2026_6_16_16_12_取消提交了更改_[更改]/HEALTHLINK_HIS_PRICING_v0.1.docx" />
+  </binary>
+</changelist>

.idea/shelf/_2026_6_17_08_41____.xml

@@ -0,0 +1,8 @@
+<changelist name="在进行更新之前于_2026_6_17_08_41_取消提交了更改_[更改]" date="1781656871923" recycled="true" deleted="true">
+  <option name="PATH" value="$PROJECT_DIR$/.idea/shelf/在进行更新之前于_2026_6_17_08_41_取消提交了更改_[更改]/shelved.patch" />
+  <option name="DESCRIPTION" value="在进行更新之前于 2026/6/17 08:41 取消提交了更改 [更改]" />
+  <binary>
+    <option name="AFTER_PATH" value="MD/HEALTHLINK_HIS_PRICING_v0.1.docx" />
+    <option name="SHELVED_PATH" value="$PROJECT_DIR$/.idea/shelf/在进行更新之前于_2026_6_17_08_41_取消提交了更改_[更改]/HEALTHLINK_HIS_PRICING_v0.1.docx" />
+  </binary>
+</changelist>

.idea/shelf/_2026_6_17_11_43____.xml

@@ -0,0 +1,4 @@
+<changelist name="在进行更新之前于_2026_6_17_11_43_取消提交了更改_[更改]" date="1781667802685" recycled="true" deleted="true">
+  <option name="PATH" value="$PROJECT_DIR$/.idea/shelf/在进行更新之前于_2026_6_17_11_43_取消提交了更改_[更改]/shelved.patch" />
+  <option name="DESCRIPTION" value="在进行更新之前于 2026/6/17 11:43 取消提交了更改 [更改]" />
+</changelist>

.mimocode/plans/1781338743659-silent-lagoon.md

@@ -0,0 +1,60 @@
+# 修复 ohmyagent (ultrawork) 命令无法使用的问题
+
+## 问题分析
+
+用户反馈 `/ulw` 和 `/ultrawork` 命令无法使用，报错 "Unknown skill: ulw" 或 "Unknown skill: ultrawork"。
+
+### 根因
+
+1. **技能与命令冲突**：`ultrawork` 既是一个 skill (`C:\Users\Administrator\.claude\skills\ultrawork\SKILL.md`)，又有一个 command (`C:\Users\Administrator\.claude\commands\ulw.md`)
+2. **命令注册问题**：`/ulw` 作为 command 存在，但 Claude Code 的 skill 系统在查找 "ulw" 这个 skill 时找不到
+3. **多版本冲突**：存在两个版本的 ultrawork 配置：
+   - `C:\Users\Administrator\.claude\ultrawork-sanguo.json` (根目录配置)
+   - `C:\Users\Administrator\.claude\plugins\ultrawork-sanguo\config\ultrawork-sanguo.json` (插件配置)
+
+## 修复方案（已确认：Skill优先）
+
+统一使用 Skill 系统，将 `/ulw` 命令改为触发 `ultrawork` skill。
+
+**修改文件：**
+- `C:\Users\Administrator\.claude\commands\ulw.md` - 改为调用 ultrawork skill
+
+## 具体修复步骤
+
+### Step 1: 修复 ulw.md command
+
+将 `C:\Users\Administrator\.claude\commands\ulw.md` 修改为触发 ultrawork skill 的 command：
+
+```markdown
+---
+name: ulw
+description: 激活 UltraWork 三国军团调度系统
+---
+
+# /ulw - UltraWork 三国军团
+
+当用户输入 /ulw 时，加载 ultrawork skill 并执行任务。
+
+## 触发方式
+
+使用 skill 工具加载 ultrawork skill，然后根据 skill 流程执行任务。
+```
+
+### Step 2: 验证 ultrawork skill 配置
+
+检查 `C:\Users\Administrator\.claude\skills\ultrawork\SKILL.md` 确保：
+- name 字段为 "ultrawork"
+- description 包含触发关键词（/ulw, /ultrawork, ultrawork）
+
+## 验证方法
+
+1. 输入 `/ulw 测试任务` 应该能触发 ultrawork skill
+2. 输入 `/ultrawork` 应该能触发 ultrawork skill
+3. 直接说 "ultrawork 测试任务" 也应该能触发
+
+## 关键文件
+
+- `C:\Users\Administrator\.claude\commands\ulw.md`
+- `C:\Users\Administrator\.claude\skills\ultrawork\SKILL.md`
+- `C:\Users\Administrator\.claude\ultrawork-sanguo.json`
+- `C:\Users\Administrator\.claude\plugins\ultrawork-sanguo\config\ultrawork-sanguo.json`

.mimocode/settings.json

@@ -0,0 +1,6 @@
+{
+  "provider": "openai-compatible",
+  "apiKey": "tp-c5g4lq98ufrnmb8tgde32pf1jodrqs2bfkyz19shto080000",
+  "baseUrl": "https://token-plan-cn.xiaomimimo.com/v1",
+  "model": "mimo-v2.5-pro"
+}

.openclaw/workspace-state.json

@@ -1,4 +0,0 @@
-{
-  "version": 1,
-  "setupCompletedAt": "2026-04-06T04:43:29.304Z"
-}

.qoder/agents/chenlin.md

@@ -0,0 +1,27 @@
+---
+name: chenlin
+description: 归档师 — 生成报告、Git归档、禅道备注
+tools: Bash, Read, Write, Grep, Glob
+model: inherit
+maxTurns: 3
+memory: project
+effort: medium
+color: orange
+skills:
+  - archive
+---
+
+# 陈琳 (chenlin) — 归档师
+
+## 角色
+- 生成完整修复报告（Markdown）
+- 写入 Git docs/bug-fixes/
+- 写入 SQLite bug_reports 表
+- 写入 Redis 缓存
+- 禅道添加归档备注
+
+## 铁律
+1. 报告必须包含：基本信息、根因分析、修复文件、流程时间线
+2. Git 归档路径：his-repo/docs/bug-fixes/bug-{id}.md
+3. SQLite 归档必须使用完整的 INSERT 列（含 test_output、pipeline_json）
+4. 禅道备注格式：[📝 陈琳归档] Bug #xxx 修复报告已归档

.qoder/agents/guanyu.md

@@ -0,0 +1,27 @@
+---
+name: guanyu
+description: 后端修复师 — Java/Spring/Mapper/数据库 修复
+tools: Bash, Read, Write, Edit, Grep, Glob
+model: inherit
+maxTurns: 8
+memory: project
+effort: xhigh
+color: red
+skills:
+  - fix
+---
+
+# 关羽 (guanyu) — 后端修复师
+
+## 角色
+- 修复 Java/Spring Boot 后端 Bug
+- 处理 API 接口、Service 逻辑、Mapper/SQL
+- 数据库相关修复（INSERT/UPDATE/DELETE）
+
+## 铁律
+1. 修复前必须先读 AGENTS.md 了解项目规范
+2. 修复后必须运行 `mvn compile` 验证编译
+3. 涉及 SQL 必须先查真实数据库表结构
+4. 一次只修一个 Bug，不扩大范围
+5. 修复后必须有 git commit，commit message 包含 Bug 编号
+6. 数据库铁律：必须用 db-query 工具验证 SQL 语法正确性

.qoder/agents/huatuo.md

@@ -0,0 +1,25 @@
+---
+name: huatuo
+description: 验收师 — 最终验收、确认修复完整性
+tools: Bash, Read, Grep, Glob
+model: inherit
+maxTurns: 3
+memory: project
+effort: medium
+color: yellow
+skills:
+  - verify
+---
+
+# 华佗 (huatuo) — 验收师
+
+## 角色
+- 最终验收修复结果
+- 确认测试通过、代码提交、文档完整
+- 人类 Bug 只加备注不改状态
+
+## 铁律
+1. 必须检查 git commit 是否存在
+2. 必须检查测试报告是否通过
+3. 人类提的 Bug 不改状态不改分配，只加备注
+4. 智能体提的 Bug 可以改分配和加备注

.qoder/agents/liubei.md

@@ -0,0 +1,26 @@
+---
+name: liubei
+description: 总协调者 — 扫描禅道Bug、调度智能体、生成进度报告
+tools: Bash, Read, Grep, Glob
+model: inherit
+maxTurns: 5
+memory: project
+effort: high
+color: gold
+skills:
+  - analyze
+---
+
+# 刘备 (liubei) — 总协调者
+
+## 角色
+- 扫描禅道所有未关闭 Bug
+- 根据 Bug 标题关键词路由到对应修复智能体
+- 监控管线进度，生成报告
+- 不直接修复 Bug
+
+## 铁律
+1. 只调度，不修改代码
+2. 每 5 分钟自动扫描一次
+3. 路由规则：数据库→荀彧，后端→关羽，前端→赵云
+4. 已关闭/已解决的 Bug 不再调度

.qoder/agents/xunyu.md

@@ -0,0 +1,25 @@
+---
+name: xunyu
+description: DB审查师 — 数据库变更审查、SQL验证
+tools: Bash, Read, Grep, Glob
+model: inherit
+maxTurns: 3
+memory: project
+effort: high
+color: cyan
+skills:
+  - db-review
+---
+
+# 荀彧 (xunyu) — DB审查师
+
+## 角色
+- 审查修复中的数据库变更
+- 验证 SQL 语法、表结构、约束
+- 检查迁移脚本完整性
+
+## 铁律
+1. 必须用 db-query 工具查询真实数据库
+2. 检查 NOT NULL 约束、外键约束
+3. 验证 INSERT/UPDATE 字段与表结构匹配
+4. 审查结果必须包含：通过/不通过、原因、建议

.qoder/agents/zhangfei.md

@@ -0,0 +1,25 @@
+---
+name: zhangfei
+description: 测试师 — Playwright回归测试、质量验证
+tools: Bash, Read, Grep, Glob
+model: inherit
+maxTurns: 5
+memory: project
+effort: high
+color: green
+skills:
+  - test
+---
+
+# 张飞 (zhangfei) — 测试师
+
+## 角色
+- 运行 Playwright 回归测试
+- 验证修复是否生效
+- 测试失败时退回修复智能体
+
+## 铁律
+1. 必须用 `--workers=1` 避免压垮 dev server
+2. 测试超时 120 秒
+3. 最多重试 3 次，超过则通知人工介入
+4. 测试结果必须写入禅道备注

.qoder/agents/zhaoyun.md

@@ -0,0 +1,25 @@
+---
+name: zhaoyun
+description: 前端修复师 — Vue/TypeScript/CSS 修复
+tools: Bash, Read, Write, Edit, Grep, Glob
+model: inherit
+maxTurns: 8
+memory: project
+effort: xhigh
+color: blue
+skills:
+  - fix
+---
+
+# 赵云 (zhaoyun) — 前端修复师
+
+## 角色
+- 修复 Vue3/TypeScript 前端 Bug
+- 处理界面显示、组件交互、样式问题
+- API 调用对接
+
+## 铁律
+1. 修复前必须先读 AGENTS.md 了解项目规范
+2. 修复后必须运行 `vue-tsc --noEmit` 验证类型
+3. 一次只修一个 Bug，不扩大范围
+4. 修复后必须有 git commit，commit message 包含 Bug 编号

.qoder/agents/zhugeliang.md

@@ -0,0 +1,26 @@
+---
+name: zhugeliang
+description: 分析师 — 分析Bug根因、拆解修复步骤、路由到正确智能体
+tools: Bash, Read, Grep, Glob, WebFetch
+model: inherit
+maxTurns: 3
+memory: project
+effort: xhigh
+color: purple
+skills:
+  - analyze
+---
+
+# 诸葛亮 (zhugeliang) — 分析师
+
+## 角色
+- 接收刘备分派的 Bug，深度分析根因
+- 读取禅道完整信息（含图片附件 OCR）
+- 拆解修复步骤，确定修复策略
+- 路由到正确的修复智能体
+
+## 铁律
+1. 必须读取 AGENTS.md 了解项目规范
+2. 必须分析完整 6 环链路（前端→Controller→Service→Mapper→DB→关联模块）
+3. 涉及数据库字段的 Bug 必须先查真实表结构
+4. 分析报告必须包含：根因、影响范围、修复方案、测试要点

.qoder/rules/IRON_LAWS.md

@@ -0,0 +1,377 @@
+# 🔴 AgentForge 铁律（不可违反）
+
+> 所有智能体在处理任何任务时必须遵守。违反任何一条 = 阻断提交。
+> 唯一源头文件：修改此文件后所有智能体自动生效。
+
+---
+
+## 一、Bug 状态管理
+
+- **已关闭/已解决的 Bug 禁止处理** — 处理前检查禅道 status，resolved/closed 直接跳过
+- **人类提的 Bug 只加备注不改状态** — reporter 是人类账号时，不改 status、不改 assignedTo
+- **智能体提的 Bug 可改分配和加备注** — 状态变更等测试通过后由华佗确认
+- **每个修复必须有 git commit** — 格式: `fix(#bug_id): 简要描述`
+- **🔴 修复完成必须提交** — `git add --all && git commit && git push`，未提交=没修
+- **🔴 修复必须合并到 develop** — 工作树 commit ≠ 生效，必须 cherry-pick/merge 到 develop
+- **🔴 未合并到 develop 的修复等于没修** — 验收时检查 develop 上是否有该 commit
+- **🔴 修复必须编译部署后才算完成** — `mvn package` → `systemctl restart` → 验证启动时间
+
+---
+
+## 二、修复流程
+
+- **一次只修一个 Bug**，不扩大范围
+- **修前必须完整获取 Bug 全部信息** — 描述、复现步骤、所有截图/附件、所有备注历史。禁止只看标题就写代码
+- **修复前必须读 AGENTS.md**
+- **修复后必须验证编译** — `mvn compile` / `vue-tsc --noEmit` 0 error
+- **commit 前必须验证** — 编译通过 + 无新增 lint 警告
+
+---
+
+## 三、全链路 6 环分析
+
+涉及数据库字段的 Bug 必须走完整链路：
+```
+前端/页面 → Controller → Service → Mapper → DB/SQL → 关联模块
+ ①录入      ②验证      ③业务     ④持久化    ⑤存储     ⑥联动
+```
+
+---
+
+## 四、状态值一致性（来自 Bug #574 教训）
+
+修改任何状态值前，**必须**列出完整链路并逐项检查：
+1. 枚举定义（如 `SlotStatus`）的值
+2. Service 层设置的状态值是否与枚举一致
+3. 查询/列表接口的状态映射是否覆盖所有枚举值
+4. 前端 `STATUS_CLASS_MAP` 是否包含新状态
+5. 前端过滤条件（`v-if`、`v-for`）是否兼容新状态
+6. 池/统计表的聚合 SQL 是否包含新状态值
+
+**禁止**：只改一端不检查其他端。
+
+---
+
+## 五、状态变更影响面分析（来自 Bug #574→575 教训）
+
+改任何状态枚举值前，**必须**执行影响面分析：
+1. `rg "原状态枚举名" --type java` 列出所有引用文件
+2. 逐个检查：设置值？查询过滤？显示映射？统计聚合？
+3. 检查逆向流程：退号、取消、停诊是否兼容新状态
+4. 检查 XML mapper 中所有查询过滤条件
+5. 检查前端所有 v-if/v-for/disabled 条件
+
+**禁止**：只改正向流程不验逆向流程。
+
+---
+
+## 六、逆向流程验证（来自 Bug #575 教训）
+
+涉及状态流转的 Bug，验证时**必须**覆盖：
+- 正向：预约→签到→就诊→完成
+- 逆向：退号、取消预约、停诊、退费
+- 边界：并发操作、重复操作、异常中断
+
+**禁止**：只测正向流程就标记"修复完成"。
+
+---
+
+## 七、全链路验证（状态流转 Bug 必做）
+
+修复后按以下顺序验证，**编译通过不等于修复完成**：
+```
+① 数据库：SELECT status FROM table WHERE id = ?  → 确认写入正确
+② 后端接口：检查所有 if/switch 分支  → 确认映射正确
+③ 前端显示：检查 STATUS_CLASS_MAP  → 确认文本正确
+④ 前端交互：检查 v-if/v-for/disabled  → 确认按钮状态正确
+⑤ 统计数据：检查聚合 SQL  → 确认统计包含新状态
+```
+
+---
+
+## 八、池/统计表同步（来自 Bug #574 反复修复教训）
+
+- **任何状态变更必须同步更新关联统计表**
+- 检查清单：
+  1. 状态变更后，哪些统计字段需要更新？
+  2. 是原子递增/递减，还是全量重算？
+  3. 并发安全：用 `SET field = field + 1` 还是先查后改？
+  4. 逆向操作（退号/取消）是否正确回滚统计？
+- **禁止**：只改状态不改统计，或只改统计不改状态
+
+---
+
+## 九、统计变更必须验证实际值（来自 Bug #575 教训）
+
+- 修改统计逻辑后，**必须查数据库验证实际值**
+- `SELECT booked_num, locked_num FROM adm_schedule_pool WHERE id = ?`
+- 对比操作前后的值，确认统计正确
+- **禁止**：改了统计逻辑不查数据库验证
+
+---
+
+## 十、禁止删除源文件
+
+- **绝对禁止**删除项目中已有的 Java/Vue/SQL 源文件
+- 编译错误 → 修复错误，不删除文件
+- 重复文件 → 重构合并，不删除文件
+- AI 幻觉文件 → 检查 `git ls-tree baseline -- <file>` 确认后再删除
+- **唯一例外**：人类明确确认删除
+
+---
+
+## 十一、禁止修改已有公开方法签名
+
+- 不能删除或重命名已有的 public 方法
+- 不能修改已有方法的参数列表
+- 需要新功能 → 添加重载方法
+- 需要改行为 → 修改方法内部实现
+
+---
+
+## 十二、搜索所有相关代码路径
+
+修复前必须用 `rg` 搜索：
+```
+rg "状态枚举名|相关方法名|相关字段名" --type java --type vue
+```
+确保不遗漏任何引用路径。
+
+---
+
+## 十三、数据库铁律
+
+- **修前必须查询真实数据库** — 确认表结构、字段约束、索引
+- **禁止凭猜测写 SQL** — 先 `\d table_name` 查看表结构
+- **修改 SQL 后必须验证** — `EXPLAIN` 或实际查询验证语法
+- **NOT NULL 约束必须检查** — INSERT/UPDATE 前先查 `is_nullable`
+- **关联表必须查完整** — 涉及 JOIN 查所有关联表结构和外键
+- **涉及 SQL 必须先查真实数据库**
+
+---
+
+## 十四、测试铁律
+
+- Playwright 必须 `--workers=1`
+- 超时 120 秒，最多重试 3 次
+- 测试失败自动重试，超过 3 次通知人工介入
+- 测试结果写入禅道备注
+- **DB审查失败自动回退** — 路由回原修复智能体
+
+---
+
+## 十五、归档铁律
+
+- **三重写入** — Git + SQLite + Redis
+- SQLite 必须使用完整字段
+- 禅道备注格式：`[📝 陈琳归档] Bug #xxx`
+- 归档报告必须包含：基本信息 + 根因分析 + 修复文件 + 流程时间线
+
+---
+
+## 十六、禅道交互
+
+- 备注使用 resolve+activate workaround
+- 不直接调用 comment API（会 404）
+- 图片附件必须 OCR 读取
+
+---
+
+## 十七、质量门禁
+
+- L1: 编译通过
+- L2: 测试通过
+- L3: DB审查通过
+- L4: 验收通过
+- L5: 归档完成
+
+---
+
+## 过往教训
+
+| Bug | 教训 | 根因 |
+|---|---|---|
+| #574 | 状态值 BOOKED(1)→应为 CHECKED_IN(3)，前端映射缺失 | 没走完整状态链路 |
+| #574 | AI 看到编译错误直接删文件 | 没检查 git baseline |
+| #574 | 多次 fallback 修错文件（OrderServiceImpl） | 没用 rg 搜索所有引用 |
+| #574 | 签到后 booked_num 未累加 | 只改状态没改统计 |
+| #575 | 改了签到状态没检查退号流程 | 只验正向不验逆向 |
+| #575 | booked_num 应在预约时累加而非签到时 | 统计变更未验证实际值 |
+| — | 修复完成未提交到 develop | 框架未强制验证提交 |
+| — | 退号流程只检查 BOOKED(1) 不兼容 CHECKED_IN(3) | 状态变更影响面分析缺失 |
+
+---
+
+## 十八、禁止硬编码业务默认值（来自 Bug #617 教训）
+
+- **禁止**在提交参数中硬编码业务默认值（如 `contractNo: '0000'`）
+- 必须使用用户在表单中选择的值，硬编码值仅作为 fallback
+- 检查清单：
+  1. 表单字段是否有 `v-model` 绑定？
+  2. 构建提交参数时是否使用了绑定值？
+  3. 提交后是否覆盖了用户选择？
+- **禁止**：用户选了医保，提交时却写死为自费
+
+---
+
+## 过往教训（补充）
+
+| Bug | 教训 | 根因 |
+|---|---|---|
+| #617 | 费用性质硬编码为 '0000'（自费），用户选医保无效 | 构建参数时写死默认值 |
+
+---
+
+## 十九、前端验证铁律
+
+- **提交前必须编译前端** — `npm run build` 或 `npx vite build` 通过才算完成
+- **禁止只改 .vue 文件不验证编译** — 改完必须跑一次编译确认无报错
+- **SCSS 括号闭合必须检查** — `<style lang="scss" scoped>` 内的所有 `{}` 必须成对闭合
+- **SCSS 嵌套层级不超过 4 层** — 过深嵌套说明结构需要重构
+- **编译报错必须当场修复** — 看到 error 立即修，不要留到下一步
+
+### SCSS 检查清单
+
+```bash
+# 编译验证
+cd openhis-ui-vue3 && npm run build
+
+# 如果编译报错，检查 SCSS
+grep -n "{" src/views/xxx/index.vue | wc -l  # 开括号数
+grep -n "}" src/views/xxx/index.vue | wc -l  # 闭括号数
+# 两者必须相等
+```
+
+---
+
+## 二十、提交前验证铁律
+
+- **后端**: `mvn compile` 通过 + 无新增 warning
+- **前端**: `npm run build` 通过 + 无 SCSS 错误
+- **禁止跳过编译直接提交** — 编译失败的代码不允许进仓库
+- **提交信息格式**: `type(scope): description`（如 `fix(charge): 修复退费金额计算`）
+
+### 提交前检查流程
+
+```bash
+# 1. 后端编译
+cd openhis-server-new && mvn compile -pl openhis-application -am
+
+# 2. 前端编译
+cd openhis-ui-vue3 && npm run build
+
+# 3. 两个都通过才提交
+git add --all && git commit -m "type(scope): description"
+```
+
+---
+
+## 二十六、resolve 前必须验证 develop commit（来自 v0.5.1 修复）
+
+- **禁止**仅凭 worktree 未提交变更就 resolve Bug
+- resolve 前必须检查 `git log origin/develop --grep="Bug#{id}"` 是否有 commit
+- `comment_bug` 用 resolve+activate workaround，activate 失败会导致 bug 卡在 resolved
+- `ok_to_commit` 必须要求 `has_fix_commit = true`（develop 上有实际 commit）
+- **验证方式**: `git log origin/develop --grep="Bug#{id}" --oneline -1` 有输出才允许 resolve
+
+---
+
+## 二十七、comment_bug 禁止改状态铁律（来自 v0.5.2 修复）
+
+- **禁止**使用 resolve+activate workaround 添加备注 — activate 失败会导致 bug 卡在 resolved
+- 添加备注必须使用不改状态的方式：CLI `zentao bug update --comment` 或 API `PUT /bugs/{id}`
+- `comment_bug` 函数必须只写 comment，不触发任何状态变更
+- **教训**: 36 个 bug 因 activate 失败被误标为 resolved，无代码提交
+
+### 正确做法
+
+```rust
+// ✅ 正确：只加备注，不改状态
+zentao bug update --id <BUG_ID> --comment "备注内容"
+
+// ❌ 错误：resolve+activate 会改状态
+POST /bugs/{id}/resolve  // 改为 resolved
+POST /bugs/{id}/activate  // 如果失败，bug 卡在 resolved
+```
+
+---
+
+## 二十八、文件快照禁用覆盖判定铁律（来自 v0.5.2 修复）
+
+- **禁止**用主仓库文件快照 diff 覆盖 success 判定
+- success 判定必须基于 agent worktree 的实际变更（`count_changed_files` + `has_fix_commit`）
+- 主仓库快照仅用于日志记录，不能影响判定结果
+- **教训**: 主仓库快照检测到其他 agent 的变更，误判当前 agent 修复成功
+
+### 根因
+
+```
+Agent A cherry-pick 到 develop → 主仓库有变更
+Agent B 运行 → 主仓库快照检测到 A 的变更 → 误判 B 修复成功
+```
+
+### 正确做法
+
+```rust
+// ✅ 正确：基于 worktree 判定
+let changes = count_worktree_changes(agent_name);  // 检查 worktree
+let has_fix = has_recent_fix_commit(agent_name, bug_id);  // 检查 develop commit
+
+// ❌ 错误：基于主仓库判定
+let file_diff = snapshot_and_diff(main_repo_dir, &before);  // 检查主仓库
+if has_real_changes { r.success = true; }  // 误判
+```
+
+---
+
+## 二十九、Worktree 必须存在且为 Git 仓库铁律
+
+- 每个 agent 的 worktree 目录必须存在且包含 `.git` 文件
+- 启动 executor 前必须验证 worktree 存在：`test -d /tmp/agentforge-worktrees/{agent}`
+- worktree 不存在时必须创建：`git worktree add /tmp/agentforge-worktrees/{agent} -b {agent}`
+- **教训**: 4 个 agent（zhangfei, chenlin, huatuo, liubei）无 worktree，codex 运行失败但仍标记成功
+
+### 验证命令
+
+```bash
+# 检查所有 agent worktree
+for agent in zhaoyun guanyu xunyu zhangfei huatuo chenlin zhugeliang liubei; do
+  if [ -d "/tmp/agentforge-worktrees/$agent/.git" ]; then
+    echo "✅ $agent: worktree OK"
+  else
+    echo "❌ $agent: worktree MISSING"
+    cd /root/.openclaw/workspace/his-repo
+    git worktree add /tmp/agentforge-worktrees/$agent -b $agent
+  fi
+done
+```
+
+---
+
+## 三十、Bug 状态变更必须双重确认铁律
+
+- resolve Bug 前必须检查当前状态：`zentao bug get --id {id} | grep status`
+- 只有 `status: active` 的 Bug 才允许 resolve
+- resolve 后必须验证状态：`zentao bug get --id {id} | grep status` 确认为 `resolved`
+- activate 后必须验证状态：确认恢复为 `active`
+- **教训**: 批量操作 36 个 bug 时，1 个因状态不对失败，需要逐个检查
+
+### 批量操作模板
+
+```bash
+source /root/.config/zentao/.env
+for id in 711 710 709; do
+  # 1. 检查当前状态
+  status=$(zentao bug get --id "$id" 2>&1 | grep "status:" | awk '{print $2}')
+  if [ "$status" != "active" ]; then
+    echo "⚠️ Bug #$id: 当前状态=$status，跳过"
+    continue
+  fi
+  # 2. 执行操作
+  zentao bug activate --id "$id" --data '{"openedBuild":"6"}'
+  # 3. 验证结果
+  new_status=$(zentao bug get --id "$id" 2>&1 | grep "status:" | awk '{print $2}')
+  echo "Bug #$id: $status → $new_status"
+done
+```
+

.qoder/rules/backend.md

@@ -0,0 +1,46 @@
+---
+description: Backend development rules for HealthLink-HIS Java/Spring Boot code
+paths:
+  - "healthlink-his-server/**/*.java"
+  - "healthlink-his-server/**/pom.xml"
+---
+
+# Backend Development Rules
+
+## Architecture
+- Layered: `Controller → AppService → Service → Mapper → Entity`
+- Package: `com.healthlink.his.web.{module}.{layer}`
+- All queries use `LambdaQueryWrapper`, no string SQL concatenation
+- All endpoints require `@PreAuthorize` permission control
+- Use `@Transactional(rollbackFor = Exception.class)` for transaction management
+
+## Naming conventions
+- Controller: `XxxController`
+- AppService: `IXxxAppService` / `XxxAppServiceImpl`
+- Service: `IXxxService` / `XxxServiceImpl`
+- Mapper: `XxxMapper`
+- Entity: `Xxx`
+- DTO: `XxxDto` / `XxxQueryDto`
+
+## Iron Laws (Backend)
+- **Iron Law 7**: Never modify existing public method signatures (no delete/rename, no parameter changes)
+- **Iron Law 18**: Never break existing functionality when adding new features
+- **Iron Law 19**: Compile errors are your responsibility to fix, regardless of origin
+- **Iron Law 6**: Never delete existing Java source files
+
+## DTO Field Type Defense
+- Frontend Boolean fields → use String + business layer conversion (Jackson strict Boolean validation)
+- All DTOs accepting frontend input: add `@JsonIgnoreProperties(ignoreUnknown = true)`
+
+## Verification commands
+```bash
+cd healthlink-his-server
+mvn clean compile -DskipTests    # Compile check
+mvn install -DskipTests          # Build and install
+mvn test                         # Run all tests
+```
+
+## Common patterns
+- Patient sensitive information must be desensitized in logs
+- Use Hutool utility classes for common operations
+- Flowable for workflow, LiteFlow for rule engine

.qoder/rules/database.md

@@ -0,0 +1,48 @@
+---
+description: Database and Flyway migration rules for HealthLink-HIS
+paths:
+  - "**/*.sql"
+  - "**/mapper/*.xml"
+  - "healthlink-his-server/**/resources/db/migration/**"
+---
+
+# Database and Migration Rules
+
+## Iron Law 2: Flyway database migration
+- All new tables or new fields require a Flyway migration script
+- Path: `healthlink-his-application/src/main/resources/db/migration/`
+- Naming: `V{version}__{description}.sql` (double underscore)
+
+## Iron Law 17: Database iron laws
+- **Query real database before modification** — confirm table structure, field constraints, indexes
+- **No guessing SQL** — check table structure first
+- **Verify after SQL modification** — use `EXPLAIN` or actual query to verify syntax
+- **Check NOT NULL constraints** — verify `is_nullable` before INSERT/UPDATE
+- **Check all related tables** — for JOIN queries, check all related table structures and foreign keys
+
+## Iron Law 18: SQL migration restrictions
+- Only `ALTER TABLE ADD COLUMN` allowed
+- No `DROP COLUMN` or `RENAME COLUMN`
+- New fields can only be appended, not deleted or renamed
+
+## Database connection
+- PostgreSQL 15+ at `192.168.110.252:15432`
+- Database: `healthlink_his`
+- Flyway is enabled in dev and runs on startup
+- Migration conflicts will block server startup
+
+## Full chain 6-ring analysis
+For bugs/requirements involving database fields, follow the complete chain:
+```
+Frontend/Page → Controller → Service → Mapper → DB/SQL → Related modules
+ ①Input         ②Validate   ③Business  ④Persist   ⑤Storage  ⑥Linkage
+```
+
+| Ring | Check |
+|------|-------|
+| ① Input | Frontend has input entry (dialog, table row edit, form) |
+| ② Validate | Controller parameter validation, @Valid, permission control |
+| ③ Business | Service business logic, transaction boundaries, multiple Service implementation entries |
+| ④ Persist | Mapper XML, DTO field mapping, type conversion |
+| ⑤ Storage | Database table structure, indexes, NOT NULL constraints |
+| ⑥ Linkage | Upstream (orders→nurse station), downstream (printing, billing, reports) synchronization |

.qoder/rules/debugging.md

@@ -0,0 +1,46 @@
+---
+description: Systematic debugging process for HealthLink-HIS
+paths:
+  - "**/*.java"
+  - "**/*.{vue,js,ts}"
+  - "**/*.sql"
+---
+
+# Systematic Debugging Process
+
+> **Iron Law: No root cause investigation, no fix proposal.**
+
+## Four-stage process
+
+### Stage 1: Root cause investigation (must complete before fixing)
+1. Carefully read error message (stack trace, line numbers, error codes)
+2. Stabilize reproduction (can it be reliably triggered? steps? every time?)
+3. Check recent changes (`git diff`, new dependencies, config changes)
+4. Multi-component system: add diagnostic logs at each component boundary, locate which layer is broken
+5. Trace data flow: where does the bad value come from? who calls it? trace back to the source
+
+### Stage 2: Pattern analysis
+- Find similar working code in the same codebase
+- Compare differences item by item
+- Understand dependency relationships
+
+### Stage 3: Hypothesis and test
+- Form single hypothesis: "I believe X is the root cause because Y"
+- Make minimal change to test
+- Effective → Stage 4; Invalid → new hypothesis
+
+### Stage 4: Implement
+- Create failing test case
+- Fix root cause (not symptoms)
+- Verify fix
+
+## Use /fix-compile skill
+When `mvn compile` or `npm run build:dev` fails, use the `/fix-compile` skill for systematic diagnosis and repair.
+
+## Common error patterns
+- **Duplicate method**: Check all Service implementations for the same method
+- **Missing import**: Verify package structure matches `com.healthlink.his.web.{module}`
+- **Type mismatch**: Check DTO field types (Iron Law: DTO field type defense)
+- **SCSS bracket**: Count `{` and `}` in `<style lang="scss" scoped>` blocks
+- **Flyway conflict**: Check migration version numbers in `healthlink-his-application/src/main/resources/db/migration/`
+- **State chain break**: Bug#574 lesson — check complete state flow (enum → Service → query → frontend mapping → statistics)

.qoder/rules/frontend.md

@@ -0,0 +1,53 @@
+---
+description: Frontend development rules for HealthLink-HIS Vue 3/Element Plus code
+paths:
+  - "healthlink-his-ui/src/**/*.{vue,js,ts,jsx,tsx}"
+  - "healthlink-his-ui/package.json"
+  - "healthlink-his-ui/vite.config.js"
+---
+
+# Frontend Development Rules
+
+## Tech stack
+- Vue 3.5 + Vite 6.4 + Element Plus 2.14 + Pinia 2.2 + TypeScript 5.9
+- Based on RuoYi-Vue3 framework
+
+## Directory structure
+```
+src/api/{module}/        # API interfaces
+src/views/{module}/      # Page components
+src/store/modules/       # Pinia state management
+src/components/          # Shared components
+```
+
+## Key constraints
+- API prefix: `/healthlink-his/api/v1/`
+- Route lazy loading: `() => import('@/views/xxx/index.vue')`
+- Use `<script setup>` syntax for all pages
+- Button permissions: `v-hasPermi` directive
+- Cleanup: events registered in `onMounted` must be removed in `onUnmounted`
+
+## Iron Laws (Frontend)
+- **Iron Law 4**: API paths must align with backend (`/healthlink-his/api/v1/`)
+- **Iron Law 18**: Never break existing page component structure when adding new pages
+- **Iron Law 23**: Always use UTF-8 encoding when reading/writing files (PowerShell trap)
+- **Iron Law 30**: Frontend compilation is mandatory — `npm run build:dev` must pass
+
+## SCSS rules
+- Check bracket closure in `<style lang="scss" scoped>` blocks
+- All `{}` must be paired
+- Compilation errors must be fixed immediately
+
+## Verification commands
+```bash
+cd healthlink-his-ui
+npm run build:dev        # Build verification
+npm run lint             # ESLint check
+npm run test:run         # Vitest unit tests
+```
+
+## Common patterns
+- Use Element Plus components (ElTable, ElForm, ElDialog)
+- Use vxe-table for complex data grids
+- Use ECharts for charts and visualizations
+- Use vue-plugin-hiprint for printing

.qoder/rules/testing.md

@@ -0,0 +1,49 @@
+---
+description: Testing and verification rules for HealthLink-HIS
+paths:
+  - "**/*.java"
+  - "**/*.{vue,js,ts}"
+  - "**/*.sql"
+---
+
+# Testing and Verification Rules
+
+## Iron Law 1: Test after modification
+- Backend: `mvn clean compile -DskipTests` → `mvn install -DskipTests` → `mvn test`
+- Frontend: `npm run build:dev` → `npm run lint` → `npm run test:run`
+- White box: Compilation passes, no ERROR
+- Black box: Key interfaces return `{code:200, data:...}`, verify business logic
+- Smoke: Application starts normally, core flow works
+
+## Iron Law 3: Commit only after tests pass
+- Compilation + all tests must pass before `git commit`
+- Do not commit incomplete features, debug code, or temporary files
+
+## Iron Law 8: Verification before completion
+- **Cannot claim "done", "passed", "no problem" without running verification commands**
+- Forbidden: "should work", "probably fine", "looks correct"
+- Required: Run command → Read output → Confirm result → Then claim
+- This is an honesty principle, not an efficiency issue
+
+## Iron Law 19: Compile errors are not distinguished by source
+- `mvn compile`, `vite build`, `vue-tsc` errors = not acceptable, **regardless of origin**
+- Forbidden: "this is a pre-existing issue", "not my change", "original bug"
+- Correct approach: Locate error → Fix → Rebuild to confirm → Then continue
+
+## Full verification pipeline
+Use `/verify` skill to run the complete verification suite:
+- Backend: compile + build + test
+- Frontend: build + lint + test
+
+## Test frameworks
+- Backend: JUnit + Spring Boot Test
+- Frontend: Vitest (unit), Playwright (E2E)
+
+## Running specific tests
+```bash
+# Backend single test class
+mvn test -pl healthlink-his-application -Dtest="XxxTest" -Dsurefire.failIfNoSpecifiedTests=false
+
+# Frontend single test file
+npm run test:run -- path/to/test.spec.ts
+```

.qoder/settings.json

@@ -0,0 +1,20 @@
+{
+  "provider": "openai-compatible",
+  "apiKey": "tp-c5g4lq98ufrnmb8tgde32pf1jodrqs2bfkyz19shto080000",
+  "baseUrl": "https://token-plan-cn.xiaomimimo.com/v1",
+  "model": "mimo-v2.5-pro",
+  "hooks": {
+    "PostToolUse": [
+      {
+        "matcher": "Write|Edit",
+        "hooks": [
+          {
+            "type": "command",
+            "command": "node -e \"const d=require('fs').readFileSync(0,'utf-8');const j=JSON.parse(d);const f=j.tool_input?.file_path||j.tool_response?.filePath;if(f&&f.match(/\\.(vue|js|ts|jsx|tsx|scss|css)$/)&&f.startsWith('healthlink-his-ui/')){const p=f.replace('healthlink-his-ui/','');const{execSync}=require('child_process');try{execSync('npx prettier --write '+p,{cwd:'healthlink-his-ui',stdio:'pipe',timeout:15000})}catch(e){}}\" 2>/dev/null || true",
+            "timeout": 20
+          }
+        ]
+      }
+    ]
+  }
+}

.qoder/settings.local.json

@@ -0,0 +1,13 @@
+{
+  "permissions": {
+    "allow": [
+      "Bash(cd healthlink-his-ui && npx eslint --version)",
+      "Bash(echo '{\"tool_name\":\"Edit\",\"tool_input\":{\"file_path\":\"healthlink-his-ui/src/App.vue\"}}' | jq -r '.tool_input.file_path // .tool_response.filePath' | { read -r f; cd healthlink-his-ui && npx eslint --fix \"$f\" 2>&1 || true; })",
+      "Bash(node:*)",
+      "Bash(echo '{\"tool_name\":\"Edit\",\"tool_input\":{\"file_path\":\"healthlink-his-ui/src/App.vue\"}}' | node -e \"const data = require\\('fs'\\).readFileSync\\(0, 'utf-8'\\); const json = JSON.parse\\(data\\); const f = json.tool_input?.file_path || json.tool_response?.filePath; console.log\\(f\\);\")",
+      "Bash(echo '{\"tool_name\":\"Edit\",\"tool_input\":{\"file_path\":\"healthlink-his-ui/src/App.vue\"}}' | node -e \"\nconst d=require\\('fs'\\).readFileSync\\(0,'utf-8'\\);\nconst j=JSON.parse\\(d\\);\nconst f=j.tool_input?.file_path||j.tool_response?.filePath;\nif\\(f && f.match\\(/\\\\.\\(vue|js|ts|jsx|tsx\\)\\\\$/\\) && f.startsWith\\('healthlink-his-ui/'\\)\\) {\n  const relPath = f.replace\\('healthlink-his-ui/', ''\\);\n  const {execSync} = require\\('child_process'\\);\n  try { execSync\\('npx eslint --fix ' + relPath, {cwd: 'healthlink-his-ui', stdio: 'pipe', timeout: 10000}\\); console.log\\('formatted: ' + f\\); }\n  catch\\(e\\) { console.log\\('lint skipped: ' + f\\); }\n}\n\" 2>/dev/null || true)",
+      "Bash(ls -la .qoder/settings.json 2>/dev/null || echo \"File does not exist\")",
+      "Bash(ls -la D:/his/RULES.md 2>/dev/null && wc -l D:/his/RULES.md || echo \"RULES.md not found\")"
+    ]
+  }
+}

.qoder/skills/agentforge-analyze/SKILL.md

@@ -0,0 +1,27 @@
+---
+name: bug-analyze
+description: Bug分析技能 — 根因分析和修复方案设计
+when_to_use: 分析Bug时自动激活
+---
+
+# Bug 分析技能
+
+## 分析流程
+
+### 1. 信息收集
+- 读取禅道 Bug 完整信息
+- OCR 读取附件图片中的错误信息
+- 查询数据库相关表结构
+
+### 2. 6 环分析
+```
+前端/页面 → Controller → Service → Mapper → DB/SQL → 关联模块
+ ①录入      ②验证      ③业务     ④持久化    ⑤存储     ⑥联动
+```
+
+### 3. 输出
+- 根因描述
+- 影响范围
+- 修复方案
+- 测试要点
+- 路由建议（数据库→荀彧，后端→关羽，前端→赵云）

.qoder/skills/agentforge-archive/SKILL.md

@@ -0,0 +1,31 @@
+---
+name: chenlin-archive
+description: 归档技能 — 生成报告、多层归档
+when_to_use: 验收通过后自动激活
+---
+
+# 归档技能
+
+## 归档流程
+
+### 🔴 前置检查（必须通过才能归档）
+- **修复必须在 develop 分支上** — `git log origin/develop --grep="#{id}"` 有结果
+- 未合并到 develop 的修复禁止归档
+
+### 1. 收集数据
+- 从 traces 表收集全流程事件
+- 从 git 收集 commit 信息（必须在 develop 分支上）
+- 从测试结果收集通过/失败状态
+
+### 2. 生成报告
+- Markdown 格式
+- 包含：基本信息、根因分析、修复文件、流程时间线
+
+### 3. 三重归档
+- **Git**: his-repo/docs/bug-fixes/bug-{id}.md
+- **SQLite**: bug_reports 表（完整字段）
+- **Redis**: fix_doc:{id}（30天 TTL）
+
+### 4. 禅道备注
+- 格式：[📝 陈琳归档] Bug #xxx 修复报告已归档
+- 使用 resolve+activate workaround

.qoder/skills/agentforge-db-review/SKILL.md

@@ -0,0 +1,29 @@
+---
+name: db-review
+description: DB审查技能 — 数据库变更验证
+when_to_use: 修复涉及SQL/数据库时自动激活
+paths:
+  - "*.sql"
+  - "*mapper*"
+  - "*Mapper*"
+---
+
+# DB 审查技能
+
+## 审查流程
+
+### 1. 检查变更范围
+- 使用 `git diff --name-only` 查看变更文件
+- 识别 SQL DDL 变更（.sql、migration）
+- 区分 DDL 变更和代码引用（mapper XML）
+
+### 2. 验证 SQL
+- 用 db-query 查询真实表结构
+- 检查 NOT NULL 约束
+- 检查外键约束
+- 用 EXPLAIN 验证查询计划
+
+### 3. 审查结论
+- 无 DDL 变更 → 直接通过
+- 有 DDL 变更 → 检查迁移脚本
+- 审查失败 → 退回修复智能体并附原因

.qoder/skills/agentforge-fix/SKILL.md

@@ -0,0 +1,50 @@
+---
+name: bug-fix
+description: Bug修复技能 — 全链路修复流程
+when_to_use: 修复Bug时自动激活
+paths:
+  - "*.java"
+  - "*.vue"
+  - "*.ts"
+---
+
+# Bug 修复技能
+
+## 修复流程
+
+### 1. 分析阶段
+- 读取禅道 Bug 完整信息（标题、描述、附件图片）
+- 使用 OCR 读取图片中的错误信息
+- 分析 6 环链路：前端→Controller→Service→Mapper→DB→关联模块
+- **状态值一致性检查**（涉及状态流转的 Bug 必做）：
+  1. 列出所有相关枚举定义及其数值
+  2. 搜索所有引用该枚举的代码路径（`rg "SlotStatus\|OrderStatus\|Status"` )
+  3. 确认 Service 层设置值、查询映射、前端显示三者一致
+  4. 确认统计/聚合 SQL 包含所有相关状态值
+
+### 2. 定位阶段
+- 使用 `rg` 搜索相关代码
+- 使用 `git blame` 追溯历史
+- 确认根因
+
+### 3. 修复阶段
+- 一次只修一个 Bug
+- 修改最小范围代码
+- 遵守项目编码规范
+
+### 4. 验证阶段
+- 后端：`mvn compile`
+- 前端：`vue-tsc --noEmit`
+- 数据库：`db-query` 验证 SQL
+- **全链路验证**（状态流转 Bug 必做）：
+  1. 数据库：确认状态值已正确写入（`SELECT status FROM table WHERE id = ?`）
+  2. 后端接口：确认返回的状态映射正确（检查所有 `if/switch` 分支）
+  3. 前端显示：确认页面显示正确状态文本（检查 `STATUS_CLASS_MAP`）
+  4. 前端交互：确认按钮/操作基于正确状态启用/禁用
+  5. 统计数据：确认池/报表统计包含新状态值
+- **禁止**：只验证编译通过就认为修复完成
+
+### 5. 提交阶段
+- `git add` + `git commit`
+- commit message 格式：`fix(#bug_id): 简要描述`
+- 推送到 develop 分支

.qoder/skills/agentforge-test/SKILL.md

@@ -0,0 +1,28 @@
+---
+name: playwright-test
+description: Playwright回归测试技能
+when_to_use: 测试Bug修复时自动激活
+---
+
+# Playwright 回归测试技能
+
+## 测试流程
+
+### 1. 环境准备
+- 确保前端 dev server 运行在 81 端口
+- 使用 `--workers=1` 单线程运行
+
+### 2. 执行测试
+```bash
+cd /root/.openclaw/workspace/his-repo/openhis-ui-vue3
+npx playwright test --grep @bug{ID} --reporter=line --workers=1
+```
+
+### 3. 结果判定
+- 测试通过 → 通知华佗验收
+- 测试失败 → 增加重试计数，退回修复智能体
+- 超过 3 次 → 通知人工介入
+
+### 4. 结果记录
+- 写入禅道备注
+- 保存测试文档到 Redis

.qoder/skills/agentforge-verify/SKILL.md

@@ -0,0 +1,30 @@
+---
+name: acceptance
+description: 验收技能 — 最终确认修复完整性
+when_to_use: 测试通过后自动激活
+---
+
+# 验收技能
+
+## 验收清单（必须全部通过）
+
+### 🔴 强制检查（任一失败=拒绝验收）
+- [ ] **修复已合并到 develop 分支** — `git log origin/develop --grep="#bug_id"` 必须有结果
+- [ ] 工作树 commit ≠ 生产生效，必须 merge 到 develop 并 push
+- [ ] git commit message 包含 Bug 编号
+- [ ] 测试报告通过
+
+### 人类 Bug 处理
+- 只加备注，不改状态
+- 不改分配
+
+### 智能体 Bug 处理
+- 可以改分配
+- 可以加备注
+
+## 合并验证命令
+```bash
+cd /root/.openclaw/workspace/his-repo
+git log origin/develop --oneline --grep="#{bug_id}"
+# 必须有输出，否则拒绝验收
+```

.qoder/skills/brainstorming/SKILL.md

@@ -0,0 +1,164 @@
+---
+name: brainstorming
+description: "You MUST use this before any creative work - creating features, building components, adding functionality, or modifying behavior. Explores user intent, requirements and design before implementation."
+---
+
+# Brainstorming Ideas Into Designs
+
+Help turn ideas into fully formed designs and specs through natural collaborative dialogue.
+
+Start by understanding the current project context, then ask questions one at a time to refine the idea. Once you understand what you're building, present the design and get user approval.
+
+<HARD-GATE>
+Do NOT invoke any implementation skill, write any code, scaffold any project, or take any implementation action until you have presented a design and the user has approved it. This applies to EVERY project regardless of perceived simplicity.
+</HARD-GATE>
+
+## Anti-Pattern: "This Is Too Simple To Need A Design"
+
+Every project goes through this process. A todo list, a single-function utility, a config change — all of them. "Simple" projects are where unexamined assumptions cause the most wasted work. The design can be short (a few sentences for truly simple projects), but you MUST present it and get approval.
+
+## Checklist
+
+You MUST create a task for each of these items and complete them in order:
+
+1. **Explore project context** — check files, docs, recent commits
+2. **Offer visual companion** (if topic will involve visual questions) — this is its own message, not combined with a clarifying question. See the Visual Companion section below.
+3. **Ask clarifying questions** — one at a time, understand purpose/constraints/success criteria
+4. **Propose 2-3 approaches** — with trade-offs and your recommendation
+5. **Present design** — in sections scaled to their complexity, get user approval after each section
+6. **Write design doc** — save to `docs/superpowers/specs/YYYY-MM-DD-<topic>-design.md` and commit
+7. **Spec self-review** — quick inline check for placeholders, contradictions, ambiguity, scope (see below)
+8. **User reviews written spec** — ask user to review the spec file before proceeding
+9. **Transition to implementation** — invoke writing-plans skill to create implementation plan
+
+## Process Flow
+
+```dot
+digraph brainstorming {
+    "Explore project context" [shape=box];
+    "Visual questions ahead?" [shape=diamond];
+    "Offer Visual Companion\n(own message, no other content)" [shape=box];
+    "Ask clarifying questions" [shape=box];
+    "Propose 2-3 approaches" [shape=box];
+    "Present design sections" [shape=box];
+    "User approves design?" [shape=diamond];
+    "Write design doc" [shape=box];
+    "Spec self-review\n(fix inline)" [shape=box];
+    "User reviews spec?" [shape=diamond];
+    "Invoke writing-plans skill" [shape=doublecircle];
+
+    "Explore project context" -> "Visual questions ahead?";
+    "Visual questions ahead?" -> "Offer Visual Companion\n(own message, no other content)" [label="yes"];
+    "Visual questions ahead?" -> "Ask clarifying questions" [label="no"];
+    "Offer Visual Companion\n(own message, no other content)" -> "Ask clarifying questions";
+    "Ask clarifying questions" -> "Propose 2-3 approaches";
+    "Propose 2-3 approaches" -> "Present design sections";
+    "Present design sections" -> "User approves design?";
+    "User approves design?" -> "Present design sections" [label="no, revise"];
+    "User approves design?" -> "Write design doc" [label="yes"];
+    "Write design doc" -> "Spec self-review\n(fix inline)";
+    "Spec self-review\n(fix inline)" -> "User reviews spec?";
+    "User reviews spec?" -> "Write design doc" [label="changes requested"];
+    "User reviews spec?" -> "Invoke writing-plans skill" [label="approved"];
+}
+```
+
+**The terminal state is invoking writing-plans.** Do NOT invoke frontend-design, mcp-builder, or any other implementation skill. The ONLY skill you invoke after brainstorming is writing-plans.
+
+## The Process
+
+**Understanding the idea:**
+
+- Check out the current project state first (files, docs, recent commits)
+- Before asking detailed questions, assess scope: if the request describes multiple independent subsystems (e.g., "build a platform with chat, file storage, billing, and analytics"), flag this immediately. Don't spend questions refining details of a project that needs to be decomposed first.
+- If the project is too large for a single spec, help the user decompose into sub-projects: what are the independent pieces, how do they relate, what order should they be built? Then brainstorm the first sub-project through the normal design flow. Each sub-project gets its own spec → plan → implementation cycle.
+- For appropriately-scoped projects, ask questions one at a time to refine the idea
+- Prefer multiple choice questions when possible, but open-ended is fine too
+- Only one question per message - if a topic needs more exploration, break it into multiple questions
+- Focus on understanding: purpose, constraints, success criteria
+
+**Exploring approaches:**
+
+- Propose 2-3 different approaches with trade-offs
+- Present options conversationally with your recommendation and reasoning
+- Lead with your recommended option and explain why
+
+**Presenting the design:**
+
+- Once you believe you understand what you're building, present the design
+- Scale each section to its complexity: a few sentences if straightforward, up to 200-300 words if nuanced
+- Ask after each section whether it looks right so far
+- Cover: architecture, components, data flow, error handling, testing
+- Be ready to go back and clarify if something doesn't make sense
+
+**Design for isolation and clarity:**
+
+- Break the system into smaller units that each have one clear purpose, communicate through well-defined interfaces, and can be understood and tested independently
+- For each unit, you should be able to answer: what does it do, how do you use it, and what does it depend on?
+- Can someone understand what a unit does without reading its internals? Can you change the internals without breaking consumers? If not, the boundaries need work.
+- Smaller, well-bounded units are also easier for you to work with - you reason better about code you can hold in context at once, and your edits are more reliable when files are focused. When a file grows large, that's often a signal that it's doing too much.
+
+**Working in existing codebases:**
+
+- Explore the current structure before proposing changes. Follow existing patterns.
+- Where existing code has problems that affect the work (e.g., a file that's grown too large, unclear boundaries, tangled responsibilities), include targeted improvements as part of the design - the way a good developer improves code they're working in.
+- Don't propose unrelated refactoring. Stay focused on what serves the current goal.
+
+## After the Design
+
+**Documentation:**
+
+- Write the validated design (spec) to `docs/superpowers/specs/YYYY-MM-DD-<topic>-design.md`
+  - (User preferences for spec location override this default)
+- Use elements-of-style:writing-clearly-and-concisely skill if available
+- Commit the design document to git
+
+**Spec Self-Review:**
+After writing the spec document, look at it with fresh eyes:
+
+1. **Placeholder scan:** Any "TBD", "TODO", incomplete sections, or vague requirements? Fix them.
+2. **Internal consistency:** Do any sections contradict each other? Does the architecture match the feature descriptions?
+3. **Scope check:** Is this focused enough for a single implementation plan, or does it need decomposition?
+4. **Ambiguity check:** Could any requirement be interpreted two different ways? If so, pick one and make it explicit.
+
+Fix any issues inline. No need to re-review — just fix and move on.
+
+**User Review Gate:**
+After the spec review loop passes, ask the user to review the written spec before proceeding:
+
+> "Spec written and committed to `<path>`. Please review it and let me know if you want to make any changes before we start writing out the implementation plan."
+
+Wait for the user's response. If they request changes, make them and re-run the spec review loop. Only proceed once the user approves.
+
+**Implementation:**
+
+- Invoke the writing-plans skill to create a detailed implementation plan
+- Do NOT invoke any other skill. writing-plans is the next step.
+
+## Key Principles
+
+- **One question at a time** - Don't overwhelm with multiple questions
+- **Multiple choice preferred** - Easier to answer than open-ended when possible
+- **YAGNI ruthlessly** - Remove unnecessary features from all designs
+- **Explore alternatives** - Always propose 2-3 approaches before settling
+- **Incremental validation** - Present design, get approval before moving on
+- **Be flexible** - Go back and clarify when something doesn't make sense
+
+## Visual Companion
+
+A browser-based companion for showing mockups, diagrams, and visual options during brainstorming. Available as a tool — not a mode. Accepting the companion means it's available for questions that benefit from visual treatment; it does NOT mean every question goes through the browser.
+
+**Offering the companion:** When you anticipate that upcoming questions will involve visual content (mockups, layouts, diagrams), offer it once for consent:
+> "Some of what we're working on might be easier to explain if I can show it to you in a web browser. I can put together mockups, diagrams, comparisons, and other visuals as we go. This feature is still new and can be token-intensive. Want to try it? (Requires opening a local URL)"
+
+**This offer MUST be its own message.** Do not combine it with clarifying questions, context summaries, or any other content. The message should contain ONLY the offer above and nothing else. Wait for the user's response before continuing. If they decline, proceed with text-only brainstorming.
+
+**Per-question decision:** Even after the user accepts, decide FOR EACH QUESTION whether to use the browser or the terminal. The test: **would the user understand this better by seeing it than reading it?**
+
+- **Use the browser** for content that IS visual — mockups, wireframes, layout comparisons, architecture diagrams, side-by-side visual designs
+- **Use the terminal** for content that is text — requirements questions, conceptual choices, tradeoff lists, A/B/C/D text options, scope decisions
+
+A question about a UI topic is not automatically a visual question. "What does personality mean in this context?" is a conceptual question — use the terminal. "Which wizard layout works better?" is a visual question — use the browser.
+
+If they agree to the companion, read the detailed guide before proceeding:
+`skills/brainstorming/visual-companion.md`

.qoder/skills/brainstorming/scripts/frame-template.html

@@ -0,0 +1,214 @@
+<!DOCTYPE html>
+<html>
+<head>
+  <meta charset="utf-8">
+  <title>Superpowers Brainstorming</title>
+  <style>
+    /*
+     * BRAINSTORM COMPANION FRAME TEMPLATE
+     *
+     * This template provides a consistent frame with:
+     * - OS-aware light/dark theming
+     * - Fixed header and selection indicator bar
+     * - Scrollable main content area
+     * - CSS helpers for common UI patterns
+     *
+     * Content is injected via placeholder comment in #claude-content.
+     */
+
+    * { box-sizing: border-box; margin: 0; padding: 0; }
+    html, body { height: 100%; overflow: hidden; }
+
+    /* ===== THEME VARIABLES ===== */
+    :root {
+      --bg-primary: #f5f5f7;
+      --bg-secondary: #ffffff;
+      --bg-tertiary: #e5e5e7;
+      --border: #d1d1d6;
+      --text-primary: #1d1d1f;
+      --text-secondary: #86868b;
+      --text-tertiary: #aeaeb2;
+      --accent: #0071e3;
+      --accent-hover: #0077ed;
+      --success: #34c759;
+      --warning: #ff9f0a;
+      --error: #ff3b30;
+      --selected-bg: #e8f4fd;
+      --selected-border: #0071e3;
+    }
+
+    @media (prefers-color-scheme: dark) {
+      :root {
+        --bg-primary: #1d1d1f;
+        --bg-secondary: #2d2d2f;
+        --bg-tertiary: #3d3d3f;
+        --border: #424245;
+        --text-primary: #f5f5f7;
+        --text-secondary: #86868b;
+        --text-tertiary: #636366;
+        --accent: #0a84ff;
+        --accent-hover: #409cff;
+        --selected-bg: rgba(10, 132, 255, 0.15);
+        --selected-border: #0a84ff;
+      }
+    }
+
+    body {
+      font-family: system-ui, -apple-system, BlinkMacSystemFont, sans-serif;
+      background: var(--bg-primary);
+      color: var(--text-primary);
+      display: flex;
+      flex-direction: column;
+      line-height: 1.5;
+    }
+
+    /* ===== FRAME STRUCTURE ===== */
+    .header {
+      background: var(--bg-secondary);
+      padding: 0.5rem 1.5rem;
+      display: flex;
+      justify-content: space-between;
+      align-items: center;
+      border-bottom: 1px solid var(--border);
+      flex-shrink: 0;
+    }
+    .header h1 { font-size: 0.85rem; font-weight: 500; color: var(--text-secondary); }
+    .header .status { font-size: 0.7rem; color: var(--success); display: flex; align-items: center; gap: 0.4rem; }
+    .header .status::before { content: ''; width: 6px; height: 6px; background: var(--success); border-radius: 50%; }
+
+    .main { flex: 1; overflow-y: auto; }
+    #claude-content { padding: 2rem; min-height: 100%; }
+
+    .indicator-bar {
+      background: var(--bg-secondary);
+      border-top: 1px solid var(--border);
+      padding: 0.5rem 1.5rem;
+      flex-shrink: 0;
+      text-align: center;
+    }
+    .indicator-bar span {
+      font-size: 0.75rem;
+      color: var(--text-secondary);
+    }
+    .indicator-bar .selected-text {
+      color: var(--accent);
+      font-weight: 500;
+    }
+
+    /* ===== TYPOGRAPHY ===== */
+    h2 { font-size: 1.5rem; font-weight: 600; margin-bottom: 0.5rem; }
+    h3 { font-size: 1.1rem; font-weight: 600; margin-bottom: 0.25rem; }
+    .subtitle { color: var(--text-secondary); margin-bottom: 1.5rem; }
+    .section { margin-bottom: 2rem; }
+    .label { font-size: 0.7rem; color: var(--text-secondary); text-transform: uppercase; letter-spacing: 0.05em; margin-bottom: 0.5rem; }
+
+    /* ===== OPTIONS (for A/B/C choices) ===== */
+    .options { display: flex; flex-direction: column; gap: 0.75rem; }
+    .option {
+      background: var(--bg-secondary);
+      border: 2px solid var(--border);
+      border-radius: 12px;
+      padding: 1rem 1.25rem;
+      cursor: pointer;
+      transition: all 0.15s ease;
+      display: flex;
+      align-items: flex-start;
+      gap: 1rem;
+    }
+    .option:hover { border-color: var(--accent); }
+    .option.selected { background: var(--selected-bg); border-color: var(--selected-border); }
+    .option .letter {
+      background: var(--bg-tertiary);
+      color: var(--text-secondary);
+      width: 1.75rem; height: 1.75rem;
+      border-radius: 6px;
+      display: flex; align-items: center; justify-content: center;
+      font-weight: 600; font-size: 0.85rem; flex-shrink: 0;
+    }
+    .option.selected .letter { background: var(--accent); color: white; }
+    .option .content { flex: 1; }
+    .option .content h3 { font-size: 0.95rem; margin-bottom: 0.15rem; }
+    .option .content p { color: var(--text-secondary); font-size: 0.85rem; margin: 0; }
+
+    /* ===== CARDS (for showing designs/mockups) ===== */
+    .cards { display: grid; grid-template-columns: repeat(auto-fit, minmax(280px, 1fr)); gap: 1rem; }
+    .card {
+      background: var(--bg-secondary);
+      border: 1px solid var(--border);
+      border-radius: 12px;
+      overflow: hidden;
+      cursor: pointer;
+      transition: all 0.15s ease;
+    }
+    .card:hover { border-color: var(--accent); transform: translateY(-2px); box-shadow: 0 4px 12px rgba(0,0,0,0.1); }
+    .card.selected { border-color: var(--selected-border); border-width: 2px; }
+    .card-image { background: var(--bg-tertiary); aspect-ratio: 16/10; display: flex; align-items: center; justify-content: center; }
+    .card-body { padding: 1rem; }
+    .card-body h3 { margin-bottom: 0.25rem; }
+    .card-body p { color: var(--text-secondary); font-size: 0.85rem; }
+
+    /* ===== MOCKUP CONTAINER ===== */
+    .mockup {
+      background: var(--bg-secondary);
+      border: 1px solid var(--border);
+      border-radius: 12px;
+      overflow: hidden;
+      margin-bottom: 1.5rem;
+    }
+    .mockup-header {
+      background: var(--bg-tertiary);
+      padding: 0.5rem 1rem;
+      font-size: 0.75rem;
+      color: var(--text-secondary);
+      border-bottom: 1px solid var(--border);
+    }
+    .mockup-body { padding: 1.5rem; }
+
+    /* ===== SPLIT VIEW (side-by-side comparison) ===== */
+    .split { display: grid; grid-template-columns: 1fr 1fr; gap: 1.5rem; }
+    @media (max-width: 700px) { .split { grid-template-columns: 1fr; } }
+
+    /* ===== PROS/CONS ===== */
+    .pros-cons { display: grid; grid-template-columns: 1fr 1fr; gap: 1rem; margin: 1rem 0; }
+    .pros, .cons { background: var(--bg-secondary); border-radius: 8px; padding: 1rem; }
+    .pros h4 { color: var(--success); font-size: 0.85rem; margin-bottom: 0.5rem; }
+    .cons h4 { color: var(--error); font-size: 0.85rem; margin-bottom: 0.5rem; }
+    .pros ul, .cons ul { margin-left: 1.25rem; font-size: 0.85rem; color: var(--text-secondary); }
+    .pros li, .cons li { margin-bottom: 0.25rem; }
+
+    /* ===== PLACEHOLDER (for mockup areas) ===== */
+    .placeholder {
+      background: var(--bg-tertiary);
+      border: 2px dashed var(--border);
+      border-radius: 8px;
+      padding: 2rem;
+      text-align: center;
+      color: var(--text-tertiary);
+    }
+
+    /* ===== INLINE MOCKUP ELEMENTS ===== */
+    .mock-nav { background: var(--accent); color: white; padding: 0.75rem 1rem; display: flex; gap: 1.5rem; font-size: 0.9rem; }
+    .mock-sidebar { background: var(--bg-tertiary); padding: 1rem; min-width: 180px; }
+    .mock-content { padding: 1.5rem; flex: 1; }
+    .mock-button { background: var(--accent); color: white; border: none; padding: 0.5rem 1rem; border-radius: 6px; font-size: 0.85rem; }
+    .mock-input { background: var(--bg-primary); border: 1px solid var(--border); border-radius: 6px; padding: 0.5rem; width: 100%; }
+  </style>
+</head>
+<body>
+  <div class="header">
+    <h1><a href="https://github.com/obra/superpowers" style="color: inherit; text-decoration: none;">Superpowers Brainstorming</a></h1>
+    <div class="status">Connected</div>
+  </div>
+
+  <div class="main">
+    <div id="claude-content">
+      <!-- CONTENT -->
+    </div>
+  </div>
+
+  <div class="indicator-bar">
+    <span id="indicator-text">Click an option above, then return to the terminal</span>
+  </div>
+
+</body>
+</html>

.qoder/skills/brainstorming/scripts/helper.js

@@ -0,0 +1,88 @@
+(function() {
+  const WS_URL = 'ws://' + window.location.host;
+  let ws = null;
+  let eventQueue = [];
+
+  function connect() {
+    ws = new WebSocket(WS_URL);
+
+    ws.onopen = () => {
+      eventQueue.forEach(e => ws.send(JSON.stringify(e)));
+      eventQueue = [];
+    };
+
+    ws.onmessage = (msg) => {
+      const data = JSON.parse(msg.data);
+      if (data.type === 'reload') {
+        window.location.reload();
+      }
+    };
+
+    ws.onclose = () => {
+      setTimeout(connect, 1000);
+    };
+  }
+
+  function sendEvent(event) {
+    event.timestamp = Date.now();
+    if (ws && ws.readyState === WebSocket.OPEN) {
+      ws.send(JSON.stringify(event));
+    } else {
+      eventQueue.push(event);
+    }
+  }
+
+  // Capture clicks on choice elements
+  document.addEventListener('click', (e) => {
+    const target = e.target.closest('[data-choice]');
+    if (!target) return;
+
+    sendEvent({
+      type: 'click',
+      text: target.textContent.trim(),
+      choice: target.dataset.choice,
+      id: target.id || null
+    });
+
+    // Update indicator bar (defer so toggleSelect runs first)
+    setTimeout(() => {
+      const indicator = document.getElementById('indicator-text');
+      if (!indicator) return;
+      const container = target.closest('.options') || target.closest('.cards');
+      const selected = container ? container.querySelectorAll('.selected') : [];
+      if (selected.length === 0) {
+        indicator.textContent = 'Click an option above, then return to the terminal';
+      } else if (selected.length === 1) {
+        const label = selected[0].querySelector('h3, .content h3, .card-body h3')?.textContent?.trim() || selected[0].dataset.choice;
+        indicator.innerHTML = '<span class="selected-text">' + label + ' selected</span> — return to terminal to continue';
+      } else {
+        indicator.innerHTML = '<span class="selected-text">' + selected.length + ' selected</span> — return to terminal to continue';
+      }
+    }, 0);
+  });
+
+  // Frame UI: selection tracking
+  window.selectedChoice = null;
+
+  window.toggleSelect = function(el) {
+    const container = el.closest('.options') || el.closest('.cards');
+    const multi = container && container.dataset.multiselect !== undefined;
+    if (container && !multi) {
+      container.querySelectorAll('.option, .card').forEach(o => o.classList.remove('selected'));
+    }
+    if (multi) {
+      el.classList.toggle('selected');
+    } else {
+      el.classList.add('selected');
+    }
+    window.selectedChoice = el.dataset.choice;
+  };
+
+  // Expose API for explicit use
+  window.brainstorm = {
+    send: sendEvent,
+    choice: (value, metadata = {}) => sendEvent({ type: 'choice', value, ...metadata })
+  };
+
+  connect();
+})();

.qoder/skills/brainstorming/scripts/server.cjs

@@ -0,0 +1,354 @@
+const crypto = require('crypto');
+const http = require('http');
+const fs = require('fs');
+const path = require('path');
+
+// ========== WebSocket Protocol (RFC 6455) ==========
+
+const OPCODES = { TEXT: 0x01, CLOSE: 0x08, PING: 0x09, PONG: 0x0A };
+const WS_MAGIC = '258EAFA5-E914-47DA-95CA-C5AB0DC85B11';
+
+function computeAcceptKey(clientKey) {
+  return crypto.createHash('sha1').update(clientKey + WS_MAGIC).digest('base64');
+}
+
+function encodeFrame(opcode, payload) {
+  const fin = 0x80;
+  const len = payload.length;
+  let header;
+
+  if (len < 126) {
+    header = Buffer.alloc(2);
+    header[0] = fin | opcode;
+    header[1] = len;
+  } else if (len < 65536) {
+    header = Buffer.alloc(4);
+    header[0] = fin | opcode;
+    header[1] = 126;
+    header.writeUInt16BE(len, 2);
+  } else {
+    header = Buffer.alloc(10);
+    header[0] = fin | opcode;
+    header[1] = 127;
+    header.writeBigUInt64BE(BigInt(len), 2);
+  }
+
+  return Buffer.concat([header, payload]);
+}
+
+function decodeFrame(buffer) {
+  if (buffer.length < 2) return null;
+
+  const secondByte = buffer[1];
+  const opcode = buffer[0] & 0x0F;
+  const masked = (secondByte & 0x80) !== 0;
+  let payloadLen = secondByte & 0x7F;
+  let offset = 2;
+
+  if (!masked) throw new Error('Client frames must be masked');
+
+  if (payloadLen === 126) {
+    if (buffer.length < 4) return null;
+    payloadLen = buffer.readUInt16BE(2);
+    offset = 4;
+  } else if (payloadLen === 127) {
+    if (buffer.length < 10) return null;
+    payloadLen = Number(buffer.readBigUInt64BE(2));
+    offset = 10;
+  }
+
+  const maskOffset = offset;
+  const dataOffset = offset + 4;
+  const totalLen = dataOffset + payloadLen;
+  if (buffer.length < totalLen) return null;
+
+  const mask = buffer.slice(maskOffset, dataOffset);
+  const data = Buffer.alloc(payloadLen);
+  for (let i = 0; i < payloadLen; i++) {
+    data[i] = buffer[dataOffset + i] ^ mask[i % 4];
+  }
+
+  return { opcode, payload: data, bytesConsumed: totalLen };
+}
+
+// ========== Configuration ==========
+
+const PORT = process.env.BRAINSTORM_PORT || (49152 + Math.floor(Math.random() * 16383));
+const HOST = process.env.BRAINSTORM_HOST || '127.0.0.1';
+const URL_HOST = process.env.BRAINSTORM_URL_HOST || (HOST === '127.0.0.1' ? 'localhost' : HOST);
+const SESSION_DIR = process.env.BRAINSTORM_DIR || '/tmp/brainstorm';
+const CONTENT_DIR = path.join(SESSION_DIR, 'content');
+const STATE_DIR = path.join(SESSION_DIR, 'state');
+let ownerPid = process.env.BRAINSTORM_OWNER_PID ? Number(process.env.BRAINSTORM_OWNER_PID) : null;
+
+const MIME_TYPES = {
+  '.html': 'text/html', '.css': 'text/css', '.js': 'application/javascript',
+  '.json': 'application/json', '.png': 'image/png', '.jpg': 'image/jpeg',
+  '.jpeg': 'image/jpeg', '.gif': 'image/gif', '.svg': 'image/svg+xml'
+};
+
+// ========== Templates and Constants ==========
+
+const WAITING_PAGE = `<!DOCTYPE html>
+<html>
+<head><meta charset="utf-8"><title>Brainstorm Companion</title>
+<style>body { font-family: system-ui, sans-serif; padding: 2rem; max-width: 800px; margin: 0 auto; }
+h1 { color: #333; } p { color: #666; }</style>
+</head>
+<body><h1>Brainstorm Companion</h1>
+<p>Waiting for the agent to push a screen...</p></body></html>`;
+
+const frameTemplate = fs.readFileSync(path.join(__dirname, 'frame-template.html'), 'utf-8');
+const helperScript = fs.readFileSync(path.join(__dirname, 'helper.js'), 'utf-8');
+const helperInjection = '<script>\n' + helperScript + '\n</script>';
+
+// ========== Helper Functions ==========
+
+function isFullDocument(html) {
+  const trimmed = html.trimStart().toLowerCase();
+  return trimmed.startsWith('<!doctype') || trimmed.startsWith('<html');
+}
+
+function wrapInFrame(content) {
+  return frameTemplate.replace('<!-- CONTENT -->', content);
+}
+
+function getNewestScreen() {
+  const files = fs.readdirSync(CONTENT_DIR)
+    .filter(f => f.endsWith('.html'))
+    .map(f => {
+      const fp = path.join(CONTENT_DIR, f);
+      return { path: fp, mtime: fs.statSync(fp).mtime.getTime() };
+    })
+    .sort((a, b) => b.mtime - a.mtime);
+  return files.length > 0 ? files[0].path : null;
+}
+
+// ========== HTTP Request Handler ==========
+
+function handleRequest(req, res) {
+  touchActivity();
+  if (req.method === 'GET' && req.url === '/') {
+    const screenFile = getNewestScreen();
+    let html = screenFile
+      ? (raw => isFullDocument(raw) ? raw : wrapInFrame(raw))(fs.readFileSync(screenFile, 'utf-8'))
+      : WAITING_PAGE;
+
+    if (html.includes('</body>')) {
+      html = html.replace('</body>', helperInjection + '\n</body>');
+    } else {
+      html += helperInjection;
+    }
+
+    res.writeHead(200, { 'Content-Type': 'text/html; charset=utf-8' });
+    res.end(html);
+  } else if (req.method === 'GET' && req.url.startsWith('/files/')) {
+    const fileName = req.url.slice(7);
+    const filePath = path.join(CONTENT_DIR, path.basename(fileName));
+    if (!fs.existsSync(filePath)) {
+      res.writeHead(404);
+      res.end('Not found');
+      return;
+    }
+    const ext = path.extname(filePath).toLowerCase();
+    const contentType = MIME_TYPES[ext] || 'application/octet-stream';
+    res.writeHead(200, { 'Content-Type': contentType });
+    res.end(fs.readFileSync(filePath));
+  } else {
+    res.writeHead(404);
+    res.end('Not found');
+  }
+}
+
+// ========== WebSocket Connection Handling ==========
+
+const clients = new Set();
+
+function handleUpgrade(req, socket) {
+  const key = req.headers['sec-websocket-key'];
+  if (!key) { socket.destroy(); return; }
+
+  const accept = computeAcceptKey(key);
+  socket.write(
+    'HTTP/1.1 101 Switching Protocols\r\n' +
+    'Upgrade: websocket\r\n' +
+    'Connection: Upgrade\r\n' +
+    'Sec-WebSocket-Accept: ' + accept + '\r\n\r\n'
+  );
+
+  let buffer = Buffer.alloc(0);
+  clients.add(socket);
+
+  socket.on('data', (chunk) => {
+    buffer = Buffer.concat([buffer, chunk]);
+    while (buffer.length > 0) {
+      let result;
+      try {
+        result = decodeFrame(buffer);
+      } catch (e) {
+        socket.end(encodeFrame(OPCODES.CLOSE, Buffer.alloc(0)));
+        clients.delete(socket);
+        return;
+      }
+      if (!result) break;
+      buffer = buffer.slice(result.bytesConsumed);
+
+      switch (result.opcode) {
+        case OPCODES.TEXT:
+          handleMessage(result.payload.toString());
+          break;
+        case OPCODES.CLOSE:
+          socket.end(encodeFrame(OPCODES.CLOSE, Buffer.alloc(0)));
+          clients.delete(socket);
+          return;
+        case OPCODES.PING:
+          socket.write(encodeFrame(OPCODES.PONG, result.payload));
+          break;
+        case OPCODES.PONG:
+          break;
+        default: {
+          const closeBuf = Buffer.alloc(2);
+          closeBuf.writeUInt16BE(1003);
+          socket.end(encodeFrame(OPCODES.CLOSE, closeBuf));
+          clients.delete(socket);
+          return;
+        }
+      }
+    }
+  });
+
+  socket.on('close', () => clients.delete(socket));
+  socket.on('error', () => clients.delete(socket));
+}
+
+function handleMessage(text) {
+  let event;
+  try {
+    event = JSON.parse(text);
+  } catch (e) {
+    console.error('Failed to parse WebSocket message:', e.message);
+    return;
+  }
+  touchActivity();
+  console.log(JSON.stringify({ source: 'user-event', ...event }));
+  if (event.choice) {
+    const eventsFile = path.join(STATE_DIR, 'events');
+    fs.appendFileSync(eventsFile, JSON.stringify(event) + '\n');
+  }
+}
+
+function broadcast(msg) {
+  const frame = encodeFrame(OPCODES.TEXT, Buffer.from(JSON.stringify(msg)));
+  for (const socket of clients) {
+    try { socket.write(frame); } catch (e) { clients.delete(socket); }
+  }
+}
+
+// ========== Activity Tracking ==========
+
+const IDLE_TIMEOUT_MS = 30 * 60 * 1000; // 30 minutes
+let lastActivity = Date.now();
+
+function touchActivity() {
+  lastActivity = Date.now();
+}
+
+// ========== File Watching ==========
+
+const debounceTimers = new Map();
+
+// ========== Server Startup ==========
+
+function startServer() {
+  if (!fs.existsSync(CONTENT_DIR)) fs.mkdirSync(CONTENT_DIR, { recursive: true });
+  if (!fs.existsSync(STATE_DIR)) fs.mkdirSync(STATE_DIR, { recursive: true });
+
+  // Track known files to distinguish new screens from updates.
+  // macOS fs.watch reports 'rename' for both new files and overwrites,
+  // so we can't rely on eventType alone.
+  const knownFiles = new Set(
+    fs.readdirSync(CONTENT_DIR).filter(f => f.endsWith('.html'))
+  );
+
+  const server = http.createServer(handleRequest);
+  server.on('upgrade', handleUpgrade);
+
+  const watcher = fs.watch(CONTENT_DIR, (eventType, filename) => {
+    if (!filename || !filename.endsWith('.html')) return;
+
+    if (debounceTimers.has(filename)) clearTimeout(debounceTimers.get(filename));
+    debounceTimers.set(filename, setTimeout(() => {
+      debounceTimers.delete(filename);
+      const filePath = path.join(CONTENT_DIR, filename);
+
+      if (!fs.existsSync(filePath)) return; // file was deleted
+      touchActivity();
+
+      if (!knownFiles.has(filename)) {
+        knownFiles.add(filename);
+        const eventsFile = path.join(STATE_DIR, 'events');
+        if (fs.existsSync(eventsFile)) fs.unlinkSync(eventsFile);
+        console.log(JSON.stringify({ type: 'screen-added', file: filePath }));
+      } else {
+        console.log(JSON.stringify({ type: 'screen-updated', file: filePath }));
+      }
+
+      broadcast({ type: 'reload' });
+    }, 100));
+  });
+  watcher.on('error', (err) => console.error('fs.watch error:', err.message));
+
+  function shutdown(reason) {
+    console.log(JSON.stringify({ type: 'server-stopped', reason }));
+    const infoFile = path.join(STATE_DIR, 'server-info');
+    if (fs.existsSync(infoFile)) fs.unlinkSync(infoFile);
+    fs.writeFileSync(
+      path.join(STATE_DIR, 'server-stopped'),
+      JSON.stringify({ reason, timestamp: Date.now() }) + '\n'
+    );
+    watcher.close();
+    clearInterval(lifecycleCheck);
+    server.close(() => process.exit(0));
+  }
+
+  function ownerAlive() {
+    if (!ownerPid) return true;
+    try { process.kill(ownerPid, 0); return true; } catch (e) { return e.code === 'EPERM'; }
+  }
+
+  // Check every 60s: exit if owner process died or idle for 30 minutes
+  const lifecycleCheck = setInterval(() => {
+    if (!ownerAlive()) shutdown('owner process exited');
+    else if (Date.now() - lastActivity > IDLE_TIMEOUT_MS) shutdown('idle timeout');
+  }, 60 * 1000);
+  lifecycleCheck.unref();
+
+  // Validate owner PID at startup. If it's already dead, the PID resolution
+  // was wrong (common on WSL, Tailscale SSH, and cross-user scenarios).
+  // Disable monitoring and rely on the idle timeout instead.
+  if (ownerPid) {
+    try { process.kill(ownerPid, 0); }
+    catch (e) {
+      if (e.code !== 'EPERM') {
+        console.log(JSON.stringify({ type: 'owner-pid-invalid', pid: ownerPid, reason: 'dead at startup' }));
+        ownerPid = null;
+      }
+    }
+  }
+
+  server.listen(PORT, HOST, () => {
+    const info = JSON.stringify({
+      type: 'server-started', port: Number(PORT), host: HOST,
+      url_host: URL_HOST, url: 'http://' + URL_HOST + ':' + PORT,
+      screen_dir: CONTENT_DIR, state_dir: STATE_DIR
+    });
+    console.log(info);
+    fs.writeFileSync(path.join(STATE_DIR, 'server-info'), info + '\n');
+  });
+}
+
+if (require.main === module) {
+  startServer();
+}
+
+module.exports = { computeAcceptKey, encodeFrame, decodeFrame, OPCODES };

.qoder/skills/brainstorming/scripts/start-server.sh

@@ -0,0 +1,148 @@
+#!/usr/bin/env bash
+# Start the brainstorm server and output connection info
+# Usage: start-server.sh [--project-dir <path>] [--host <bind-host>] [--url-host <display-host>] [--foreground] [--background]
+#
+# Starts server on a random high port, outputs JSON with URL.
+# Each session gets its own directory to avoid conflicts.
+#
+# Options:
+#   --project-dir <path>  Store session files under <path>/.superpowers/brainstorm/
+#                         instead of /tmp. Files persist after server stops.
+#   --host <bind-host>    Host/interface to bind (default: 127.0.0.1).
+#                         Use 0.0.0.0 in remote/containerized environments.
+#   --url-host <host>     Hostname shown in returned URL JSON.
+#   --foreground          Run server in the current terminal (no backgrounding).
+#   --background          Force background mode (overrides Codex auto-foreground).
+
+SCRIPT_DIR="$(cd "$(dirname "$0")" && pwd)"
+
+# Parse arguments
+PROJECT_DIR=""
+FOREGROUND="false"
+FORCE_BACKGROUND="false"
+BIND_HOST="127.0.0.1"
+URL_HOST=""
+while [[ $# -gt 0 ]]; do
+  case "$1" in
+    --project-dir)
+      PROJECT_DIR="$2"
+      shift 2
+      ;;
+    --host)
+      BIND_HOST="$2"
+      shift 2
+      ;;
+    --url-host)
+      URL_HOST="$2"
+      shift 2
+      ;;
+    --foreground|--no-daemon)
+      FOREGROUND="true"
+      shift
+      ;;
+    --background|--daemon)
+      FORCE_BACKGROUND="true"
+      shift
+      ;;
+    *)
+      echo "{\"error\": \"Unknown argument: $1\"}"
+      exit 1
+      ;;
+  esac
+done
+
+if [[ -z "$URL_HOST" ]]; then
+  if [[ "$BIND_HOST" == "127.0.0.1" || "$BIND_HOST" == "localhost" ]]; then
+    URL_HOST="localhost"
+  else
+    URL_HOST="$BIND_HOST"
+  fi
+fi
+
+# Some environments reap detached/background processes. Auto-foreground when detected.
+if [[ -n "${CODEX_CI:-}" && "$FOREGROUND" != "true" && "$FORCE_BACKGROUND" != "true" ]]; then
+  FOREGROUND="true"
+fi
+
+# Windows/Git Bash reaps nohup background processes. Auto-foreground when detected.
+if [[ "$FOREGROUND" != "true" && "$FORCE_BACKGROUND" != "true" ]]; then
+  case "${OSTYPE:-}" in
+    msys*|cygwin*|mingw*) FOREGROUND="true" ;;
+  esac
+  if [[ -n "${MSYSTEM:-}" ]]; then
+    FOREGROUND="true"
+  fi
+fi
+
+# Generate unique session directory
+SESSION_ID="$$-$(date +%s)"
+
+if [[ -n "$PROJECT_DIR" ]]; then
+  SESSION_DIR="${PROJECT_DIR}/.superpowers/brainstorm/${SESSION_ID}"
+else
+  SESSION_DIR="/tmp/brainstorm-${SESSION_ID}"
+fi
+
+STATE_DIR="${SESSION_DIR}/state"
+PID_FILE="${STATE_DIR}/server.pid"
+LOG_FILE="${STATE_DIR}/server.log"
+
+# Create fresh session directory with content and state peers
+mkdir -p "${SESSION_DIR}/content" "$STATE_DIR"
+
+# Kill any existing server
+if [[ -f "$PID_FILE" ]]; then
+  old_pid=$(cat "$PID_FILE")
+  kill "$old_pid" 2>/dev/null
+  rm -f "$PID_FILE"
+fi
+
+cd "$SCRIPT_DIR"
+
+# Resolve the harness PID (grandparent of this script).
+# $PPID is the ephemeral shell the harness spawned to run us — it dies
+# when this script exits. The harness itself is $PPID's parent.
+OWNER_PID="$(ps -o ppid= -p "$PPID" 2>/dev/null | tr -d ' ')"
+if [[ -z "$OWNER_PID" || "$OWNER_PID" == "1" ]]; then
+  OWNER_PID="$PPID"
+fi
+
+# Foreground mode for environments that reap detached/background processes.
+if [[ "$FOREGROUND" == "true" ]]; then
+  echo "$$" > "$PID_FILE"
+  env BRAINSTORM_DIR="$SESSION_DIR" BRAINSTORM_HOST="$BIND_HOST" BRAINSTORM_URL_HOST="$URL_HOST" BRAINSTORM_OWNER_PID="$OWNER_PID" node server.cjs
+  exit $?
+fi
+
+# Start server, capturing output to log file
+# Use nohup to survive shell exit; disown to remove from job table
+nohup env BRAINSTORM_DIR="$SESSION_DIR" BRAINSTORM_HOST="$BIND_HOST" BRAINSTORM_URL_HOST="$URL_HOST" BRAINSTORM_OWNER_PID="$OWNER_PID" node server.cjs > "$LOG_FILE" 2>&1 &
+SERVER_PID=$!
+disown "$SERVER_PID" 2>/dev/null
+echo "$SERVER_PID" > "$PID_FILE"
+
+# Wait for server-started message (check log file)
+for i in {1..50}; do
+  if grep -q "server-started" "$LOG_FILE" 2>/dev/null; then
+    # Verify server is still alive after a short window (catches process reapers)
+    alive="true"
+    for _ in {1..20}; do
+      if ! kill -0 "$SERVER_PID" 2>/dev/null; then
+        alive="false"
+        break
+      fi
+      sleep 0.1
+    done
+    if [[ "$alive" != "true" ]]; then
+      echo "{\"error\": \"Server started but was killed. Retry in a persistent terminal with: $SCRIPT_DIR/start-server.sh${PROJECT_DIR:+ --project-dir $PROJECT_DIR} --host $BIND_HOST --url-host $URL_HOST --foreground\"}"
+      exit 1
+    fi
+    grep "server-started" "$LOG_FILE" | head -1
+    exit 0
+  fi
+  sleep 0.1
+done
+
+# Timeout - server didn't start
+echo '{"error": "Server failed to start within 5 seconds"}'
+exit 1

.qoder/skills/brainstorming/scripts/stop-server.sh

@@ -0,0 +1,56 @@
+#!/usr/bin/env bash
+# Stop the brainstorm server and clean up
+# Usage: stop-server.sh <session_dir>
+#
+# Kills the server process. Only deletes session directory if it's
+# under /tmp (ephemeral). Persistent directories (.superpowers/) are
+# kept so mockups can be reviewed later.
+
+SESSION_DIR="$1"
+
+if [[ -z "$SESSION_DIR" ]]; then
+  echo '{"error": "Usage: stop-server.sh <session_dir>"}'
+  exit 1
+fi
+
+STATE_DIR="${SESSION_DIR}/state"
+PID_FILE="${STATE_DIR}/server.pid"
+
+if [[ -f "$PID_FILE" ]]; then
+  pid=$(cat "$PID_FILE")
+
+  # Try to stop gracefully, fallback to force if still alive
+  kill "$pid" 2>/dev/null || true
+
+  # Wait for graceful shutdown (up to ~2s)
+  for i in {1..20}; do
+    if ! kill -0 "$pid" 2>/dev/null; then
+      break
+    fi
+    sleep 0.1
+  done
+
+  # If still running, escalate to SIGKILL
+  if kill -0 "$pid" 2>/dev/null; then
+    kill -9 "$pid" 2>/dev/null || true
+
+    # Give SIGKILL a moment to take effect
+    sleep 0.1
+  fi
+
+  if kill -0 "$pid" 2>/dev/null; then
+    echo '{"status": "failed", "error": "process still running"}'
+    exit 1
+  fi
+
+  rm -f "$PID_FILE" "${STATE_DIR}/server.log"
+
+  # Only delete ephemeral /tmp directories
+  if [[ "$SESSION_DIR" == /tmp/* ]]; then
+    rm -rf "$SESSION_DIR"
+  fi
+
+  echo '{"status": "stopped"}'
+else
+  echo '{"status": "not_running"}'
+fi

.qoder/skills/brainstorming/spec-document-reviewer-prompt.md

@@ -0,0 +1,49 @@
+# Spec Document Reviewer Prompt Template
+
+Use this template when dispatching a spec document reviewer subagent.
+
+**Purpose:** Verify the spec is complete, consistent, and ready for implementation planning.
+
+**Dispatch after:** Spec document is written to docs/superpowers/specs/
+
+```
+Task tool (general-purpose):
+  description: "Review spec document"
+  prompt: |
+    You are a spec document reviewer. Verify this spec is complete and ready for planning.
+
+    **Spec to review:** [SPEC_FILE_PATH]
+
+    ## What to Check
+
+    | Category | What to Look For |
+    |----------|------------------|
+    | Completeness | TODOs, placeholders, "TBD", incomplete sections |
+    | Consistency | Internal contradictions, conflicting requirements |
+    | Clarity | Requirements ambiguous enough to cause someone to build the wrong thing |
+    | Scope | Focused enough for a single plan — not covering multiple independent subsystems |
+    | YAGNI | Unrequested features, over-engineering |
+
+    ## Calibration
+
+    **Only flag issues that would cause real problems during implementation planning.**
+    A missing section, a contradiction, or a requirement so ambiguous it could be
+    interpreted two different ways — those are issues. Minor wording improvements,
+    stylistic preferences, and "sections less detailed than others" are not.
+
+    Approve unless there are serious gaps that would lead to a flawed plan.
+
+    ## Output Format
+
+    ## Spec Review
+
+    **Status:** Approved | Issues Found
+
+    **Issues (if any):**
+    - [Section X]: [specific issue] - [why it matters for planning]
+
+    **Recommendations (advisory, do not block approval):**
+    - [suggestions for improvement]
+```
+
+**Reviewer returns:** Status, Issues (if any), Recommendations

.qoder/skills/brainstorming/visual-companion.md

@@ -0,0 +1,287 @@
+# Visual Companion Guide
+
+Browser-based visual brainstorming companion for showing mockups, diagrams, and options.
+
+## When to Use
+
+Decide per-question, not per-session. The test: **would the user understand this better by seeing it than reading it?**
+
+**Use the browser** when the content itself is visual:
+
+- **UI mockups** — wireframes, layouts, navigation structures, component designs
+- **Architecture diagrams** — system components, data flow, relationship maps
+- **Side-by-side visual comparisons** — comparing two layouts, two color schemes, two design directions
+- **Design polish** — when the question is about look and feel, spacing, visual hierarchy
+- **Spatial relationships** — state machines, flowcharts, entity relationships rendered as diagrams
+
+**Use the terminal** when the content is text or tabular:
+
+- **Requirements and scope questions** — "what does X mean?", "which features are in scope?"
+- **Conceptual A/B/C choices** — picking between approaches described in words
+- **Tradeoff lists** — pros/cons, comparison tables
+- **Technical decisions** — API design, data modeling, architectural approach selection
+- **Clarifying questions** — anything where the answer is words, not a visual preference
+
+A question *about* a UI topic is not automatically a visual question. "What kind of wizard do you want?" is conceptual — use the terminal. "Which of these wizard layouts feels right?" is visual — use the browser.
+
+## How It Works
+
+The server watches a directory for HTML files and serves the newest one to the browser. You write HTML content to `screen_dir`, the user sees it in their browser and can click to select options. Selections are recorded to `state_dir/events` that you read on your next turn.
+
+**Content fragments vs full documents:** If your HTML file starts with `<!DOCTYPE` or `<html`, the server serves it as-is (just injects the helper script). Otherwise, the server automatically wraps your content in the frame template — adding the header, CSS theme, selection indicator, and all interactive infrastructure. **Write content fragments by default.** Only write full documents when you need complete control over the page.
+
+## Starting a Session
+
+```bash
+# Start server with persistence (mockups saved to project)
+scripts/start-server.sh --project-dir /path/to/project
+
+# Returns: {"type":"server-started","port":52341,"url":"http://localhost:52341",
+#           "screen_dir":"/path/to/project/.superpowers/brainstorm/12345-1706000000/content",
+#           "state_dir":"/path/to/project/.superpowers/brainstorm/12345-1706000000/state"}
+```
+
+Save `screen_dir` and `state_dir` from the response. Tell user to open the URL.
+
+**Finding connection info:** The server writes its startup JSON to `$STATE_DIR/server-info`. If you launched the server in the background and didn't capture stdout, read that file to get the URL and port. When using `--project-dir`, check `<project>/.superpowers/brainstorm/` for the session directory.
+
+**Note:** Pass the project root as `--project-dir` so mockups persist in `.superpowers/brainstorm/` and survive server restarts. Without it, files go to `/tmp` and get cleaned up. Remind the user to add `.superpowers/` to `.gitignore` if it's not already there.
+
+**Launching the server by platform:**
+
+**Claude Code (macOS / Linux):**
+```bash
+# Default mode works — the script backgrounds the server itself
+scripts/start-server.sh --project-dir /path/to/project
+```
+
+**Claude Code (Windows):**
+```bash
+# Windows auto-detects and uses foreground mode, which blocks the tool call.
+# Use run_in_background: true on the Bash tool call so the server survives
+# across conversation turns.
+scripts/start-server.sh --project-dir /path/to/project
+```
+When calling this via the Bash tool, set `run_in_background: true`. Then read `$STATE_DIR/server-info` on the next turn to get the URL and port.
+
+**Codex:**
+```bash
+# Codex reaps background processes. The script auto-detects CODEX_CI and
+# switches to foreground mode. Run it normally — no extra flags needed.
+scripts/start-server.sh --project-dir /path/to/project
+```
+
+**Gemini CLI:**
+```bash
+# Use --foreground and set is_background: true on your shell tool call
+# so the process survives across turns
+scripts/start-server.sh --project-dir /path/to/project --foreground
+```
+
+**Other environments:** The server must keep running in the background across conversation turns. If your environment reaps detached processes, use `--foreground` and launch the command with your platform's background execution mechanism.
+
+If the URL is unreachable from your browser (common in remote/containerized setups), bind a non-loopback host:
+
+```bash
+scripts/start-server.sh \
+  --project-dir /path/to/project \
+  --host 0.0.0.0 \
+  --url-host localhost
+```
+
+Use `--url-host` to control what hostname is printed in the returned URL JSON.
+
+## The Loop
+
+1. **Check server is alive**, then **write HTML** to a new file in `screen_dir`:
+   - Before each write, check that `$STATE_DIR/server-info` exists. If it doesn't (or `$STATE_DIR/server-stopped` exists), the server has shut down — restart it with `start-server.sh` before continuing. The server auto-exits after 30 minutes of inactivity.
+   - Use semantic filenames: `platform.html`, `visual-style.html`, `layout.html`
+   - **Never reuse filenames** — each screen gets a fresh file
+   - Use Write tool — **never use cat/heredoc** (dumps noise into terminal)
+   - Server automatically serves the newest file
+
+2. **Tell user what to expect and end your turn:**
+   - Remind them of the URL (every step, not just first)
+   - Give a brief text summary of what's on screen (e.g., "Showing 3 layout options for the homepage")
+   - Ask them to respond in the terminal: "Take a look and let me know what you think. Click to select an option if you'd like."
+
+3. **On your next turn** — after the user responds in the terminal:
+   - Read `$STATE_DIR/events` if it exists — this contains the user's browser interactions (clicks, selections) as JSON lines
+   - Merge with the user's terminal text to get the full picture
+   - The terminal message is the primary feedback; `state_dir/events` provides structured interaction data
+
+4. **Iterate or advance** — if feedback changes current screen, write a new file (e.g., `layout-v2.html`). Only move to the next question when the current step is validated.
+
+5. **Unload when returning to terminal** — when the next step doesn't need the browser (e.g., a clarifying question, a tradeoff discussion), push a waiting screen to clear the stale content:
+
+   ```html
+   <!-- filename: waiting.html (or waiting-2.html, etc.) -->
+   <div style="display:flex;align-items:center;justify-content:center;min-height:60vh">
+     <p class="subtitle">Continuing in terminal...</p>
+   </div>
+   ```
+
+   This prevents the user from staring at a resolved choice while the conversation has moved on. When the next visual question comes up, push a new content file as usual.
+
+6. Repeat until done.
+
+## Writing Content Fragments
+
+Write just the content that goes inside the page. The server wraps it in the frame template automatically (header, theme CSS, selection indicator, and all interactive infrastructure).
+
+**Minimal example:**
+
+```html
+<h2>Which layout works better?</h2>
+<p class="subtitle">Consider readability and visual hierarchy</p>
+
+<div class="options">
+  <div class="option" data-choice="a" onclick="toggleSelect(this)">
+    <div class="letter">A</div>
+    <div class="content">
+      <h3>Single Column</h3>
+      <p>Clean, focused reading experience</p>
+    </div>
+  </div>
+  <div class="option" data-choice="b" onclick="toggleSelect(this)">
+    <div class="letter">B</div>
+    <div class="content">
+      <h3>Two Column</h3>
+      <p>Sidebar navigation with main content</p>
+    </div>
+  </div>
+</div>
+```
+
+That's it. No `<html>`, no CSS, no `<script>` tags needed. The server provides all of that.
+
+## CSS Classes Available
+
+The frame template provides these CSS classes for your content:
+
+### Options (A/B/C choices)
+
+```html
+<div class="options">
+  <div class="option" data-choice="a" onclick="toggleSelect(this)">
+    <div class="letter">A</div>
+    <div class="content">
+      <h3>Title</h3>
+      <p>Description</p>
+    </div>
+  </div>
+</div>
+```
+
+**Multi-select:** Add `data-multiselect` to the container to let users select multiple options. Each click toggles the item. The indicator bar shows the count.
+
+```html
+<div class="options" data-multiselect>
+  <!-- same option markup — users can select/deselect multiple -->
+</div>
+```
+
+### Cards (visual designs)
+
+```html
+<div class="cards">
+  <div class="card" data-choice="design1" onclick="toggleSelect(this)">
+    <div class="card-image"><!-- mockup content --></div>
+    <div class="card-body">
+      <h3>Name</h3>
+      <p>Description</p>
+    </div>
+  </div>
+</div>
+```
+
+### Mockup container
+
+```html
+<div class="mockup">
+  <div class="mockup-header">Preview: Dashboard Layout</div>
+  <div class="mockup-body"><!-- your mockup HTML --></div>
+</div>
+```
+
+### Split view (side-by-side)
+
+```html
+<div class="split">
+  <div class="mockup"><!-- left --></div>
+  <div class="mockup"><!-- right --></div>
+</div>
+```
+
+### Pros/Cons
+
+```html
+<div class="pros-cons">
+  <div class="pros"><h4>Pros</h4><ul><li>Benefit</li></ul></div>
+  <div class="cons"><h4>Cons</h4><ul><li>Drawback</li></ul></div>
+</div>
+```
+
+### Mock elements (wireframe building blocks)
+
+```html
+<div class="mock-nav">Logo | Home | About | Contact</div>
+<div style="display: flex;">
+  <div class="mock-sidebar">Navigation</div>
+  <div class="mock-content">Main content area</div>
+</div>
+<button class="mock-button">Action Button</button>
+<input class="mock-input" placeholder="Input field">
+<div class="placeholder">Placeholder area</div>
+```
+
+### Typography and sections
+
+- `h2` — page title
+- `h3` — section heading
+- `.subtitle` — secondary text below title
+- `.section` — content block with bottom margin
+- `.label` — small uppercase label text
+
+## Browser Events Format
+
+When the user clicks options in the browser, their interactions are recorded to `$STATE_DIR/events` (one JSON object per line). The file is cleared automatically when you push a new screen.
+
+```jsonl
+{"type":"click","choice":"a","text":"Option A - Simple Layout","timestamp":1706000101}
+{"type":"click","choice":"c","text":"Option C - Complex Grid","timestamp":1706000108}
+{"type":"click","choice":"b","text":"Option B - Hybrid","timestamp":1706000115}
+```
+
+The full event stream shows the user's exploration path — they may click multiple options before settling. The last `choice` event is typically the final selection, but the pattern of clicks can reveal hesitation or preferences worth asking about.
+
+If `$STATE_DIR/events` doesn't exist, the user didn't interact with the browser — use only their terminal text.
+
+## Design Tips
+
+- **Scale fidelity to the question** — wireframes for layout, polish for polish questions
+- **Explain the question on each page** — "Which layout feels more professional?" not just "Pick one"
+- **Iterate before advancing** — if feedback changes current screen, write a new version
+- **2-4 options max** per screen
+- **Use real content when it matters** — for a photography portfolio, use actual images (Unsplash). Placeholder content obscures design issues.
+- **Keep mockups simple** — focus on layout and structure, not pixel-perfect design
+
+## File Naming
+
+- Use semantic names: `platform.html`, `visual-style.html`, `layout.html`
+- Never reuse filenames — each screen must be a new file
+- For iterations: append version suffix like `layout-v2.html`, `layout-v3.html`
+- Server serves newest file by modification time
+
+## Cleaning Up
+
+```bash
+scripts/stop-server.sh $SESSION_DIR
+```
+
+If the session used `--project-dir`, mockup files persist in `.superpowers/brainstorm/` for later reference. Only `/tmp` sessions get deleted on stop.
+
+## Reference
+
+- Frame template (CSS reference): `scripts/frame-template.html`
+- Helper script (client-side): `scripts/helper.js`

.qoder/skills/bug-driven-testing/SKILL.md

@@ -0,0 +1,210 @@
+---
+name: bug-driven-testing
+description: Write tests before fixing bugs. Each bug fix must have corresponding Playwright/E2E test cases that verify the fix and prevent regression. Use when fixing bugs, verifying fixes, or setting up regression test suites.
+---
+
+# Bug-Driven Testing (BDT) 方法论
+
+> **核心原则：先写测试，再修 Bug。测试是修复的契约，不是修复的附庸。**
+
+## 一、为什么需要 BDT
+
+传统 AI 修 Bug 的问题：
+1. 修完不测 → 不知道修没修好
+2. 测了但用例不对 → 测了等于没测
+3. 修了 A 坏了 B → 没有回归保护
+4. 测试和修复脱节 → 无法追溯
+
+BDT 解决：**每个 Bug 有专属测试用例，修复前生成，修复后验证，形成闭环。**
+
+## 二、BDT 工作流（6 步）
+
+```
+Step 1: Bug 分析 → 提取测试场景
+Step 2: 测试设计 → 生成 Playwright 用例
+Step 3: 基线测试 → 确认 Bug 存在（应失败）
+Step 4: 修复代码 → 解决根因
+Step 5: 回归测试 → 确认修复有效（应通过）
+Step 6: 扩展测试 → 检查是否引入新问题
+```
+
+### Step 1: Bug 分析 — 提取测试场景
+
+从禅道 Bug 信息中提取 **5 要素**：
+
+| 要素 | 来源 | 用途 |
+|------|------|------|
+| **模块** | 标题 + module | 确定测试页面和路由 |
+| **操作路径** | 复现步骤 | 生成操作序列 |
+| **期望结果** | 期望结果字段 | 生成断言 |
+| **实际结果** | 实际结果字段 | 确认 Bug 存在 |
+| **关联页面** | 标题关键词 | 定位测试目标元素 |
+
+**关键词 → 模块映射表：**
+
+```
+门诊医生/诊前/挂号     → /doctorstation
+住院医生/医嘱/医嘱录入 → /inpatientDoctor
+住院护士/补费/发退药   → /inpatientNurse
+分诊/排队/候诊         → /triageandqueuemanage
+挂号/预约/签到         → /registration
+手术/计费             → /operatingroom
+诊断/中医             → /inpatientDoctor
+病历/EMR              → /doctorstation
+目录/诊疗             → /catalog
+药房/发药/库存         → /pharmacy
+```
+
+**操作路径 → Playwright 动作映射：**
+
+```
+"点击 XXX 按钮"     → page.click('button:has-text("XXX")')
+"选择 XXX"         → page.selectOption / page.click('.el-option')
+"输入 XXX"         → page.fill('input', 'XXX')
+"查看列表"         → page.waitForLoadState('networkidle')
+"弹窗确认"         → page.click('.el-message-box button:has-text("确定")')
+"检查报错"         → expect(page.locator('.el-message--error')).toBeVisible()
+"检查显示"         → expect(page.locator('目标元素')).toBeVisible()
+```
+
+### Step 2: 测试设计 — 生成 Playwright 用例
+
+**每个 Bug 测试用例的结构：**
+
+```typescript
+test.describe('🐛 Bug#N 模块名', () => {
+  // beforeEach: 登录 + 导航到目标页面
+  
+  test('#N 标题 @bugN @regression', async ({ page }) => {
+    // 1. 导航到目标页面
+    // 2. 执行复现步骤（操作路径）
+    // 3. 断言期望结果
+    // 4. 检查无 JS 错误
+    // 5. 截图记录
+  });
+});
+```
+
+**测试用例的 7 种检查模式：**
+
+| # | 模式 | 适用场景 | Playwright 写法 |
+|---|------|---------|----------------|
+| 1 | **页面加载** | 所有 Bug | `expect(page).not.toHaveURL(/.*login.*/)` |
+| 2 | **元素可见** | 显示/缺失类 | `expect(locator).toBeVisible()` |
+| 3 | **元素可交互** | 按钮/弹窗类 | `await locator.click()` + 等待响应 |
+| 4 | **数据正确** | 列表/回显类 | `expect(locator).toHaveText()` |
+| 5 | **无报错** | 所有 Bug | `page.on('pageerror')` + `expect(jsErrors).toEqual([])` |
+| 6 | **流程完整** | 交互流程类 | 多步骤操作链 + 每步断言 |
+| 7 | **状态变更** | 退回/审核类 | 操作前状态 vs 操作后状态对比 |
+
+### Step 3: 基线测试 — 确认 Bug 存在
+
+修复前运行测试，**预期应该失败**，证明 Bug 确实存在：
+
+```bash
+npx playwright test --grep @bugN --reporter=line
+# 预期: FAIL (证明 Bug 存在)
+```
+
+如果基线测试通过了：
+- 可能 Bug 已被之前的修复解决 → 检查 develop 分支
+- 可能测试用例设计不正确 → 重新分析 Bug
+- 可能环境问题 → 检查 dev server / 数据库
+
+### Step 4: 修复代码
+
+按照 Harness Engineering 方法论修复：
+1. 全链路 6 环分析
+2. 一次只修一个 Bug
+3. 只动必要文件
+
+### Step 5: 回归测试 — 确认修复有效
+
+修复后运行测试，**预期应该通过**：
+
+```bash
+npx playwright test --grep @bugN --reporter=line
+# 预期: PASS (证明修复有效)
+```
+
+### Step 6: 扩展测试 — 检查回归
+
+运行相邻模块的测试，检查是否引入新问题：
+
+```bash
+npx playwright test --grep @regression --reporter=line
+# 预期: 全部 PASS
+```
+
+## 三、测试用例生成规则
+
+### 从 Bug 标题推断检查项
+
+| 标题关键词 | 生成的检查项 |
+|-----------|-------------|
+| 报错/错误/异常 | 检查页面无 JS 错误 + 控制台无报错 |
+| 显示/缺失/不规范 | 检查元素正确显示 + 数据完整性 |
+| 弹窗/弹框 | 检查弹窗正常弹出 + 内容正确 |
+| 保存/提交/写入 | 检查保存操作成功 + 数据持久化 |
+| 列表/查询 | 检查列表数据加载 + 分页功能 |
+| 按钮/操作 | 检查按钮可点击 + 操作响应 |
+| 下拉/选择/字典 | 检查下拉选项加载 + 选项值正确 |
+| 退回/撤回/取消 | 检查退回流程 + 状态变更 |
+
+### 从复现步骤生成操作序列
+
+```
+复现步骤: "1. 登录 → 2. 进入住院医生站 → 3. 点击医嘱录入 → 4. 保存"
+生成代码:
+  await page.goto('/inpatientDoctor');
+  await page.click('button:has-text("医嘱录入")');
+  await page.click('button:has-text("保存")');
+```
+
+## 四、质量标准
+
+**好的 Bug 测试用例：**
+- ✅ 有 `@bug{N}` 标签（可单独运行）
+- ✅ 有 `@regression` 标签（回归测试套件）
+- ✅ 操作路径来自禅道复现步骤
+- ✅ 断言覆盖期望结果
+- ✅ 检查无 JS 错误
+- ✅ 有截图记录
+- ✅ 独立运行（不依赖其他测试）
+
+**坏的 Bug 测试用例：**
+- ❌ 只检查页面加载（太弱）
+- ❌ 没有断言（只操作不断言）
+- ❌ 依赖特定数据（硬编码）
+- ❌ 超时设置过短
+
+## 五、与 Agent 工作流集成
+
+```
+Agent 收到 Bug
+  │
+  ├→ Step 1: 读取禅道 Bug 详情（标题/步骤/截图）
+  ├→ Step 2: 生成 Playwright 测试用例（自动生成 spec 文件）
+  ├→ Step 3: 运行基线测试（应失败）
+  │    └→ 如果通过 → 检查 develop 是否已修复
+  ├→ Step 4: 修复代码（全链路 6 环）
+  ├→ Step 5: 运行回归测试（应通过）
+  │    └→ 如果失败 → 分析失败原因 → 返回 Step 4
+  └→ Step 6: 提交代码 + 推远程 + 更新禅道
+```
+
+## 六、CLI 命令速查
+
+```bash
+# 生成测试用例
+bash tests/e2e/utils/generate-bug-test.sh <bug_id> "<bug_title>"
+
+# 运行单个 Bug 测试
+npx playwright test --grep @bug630
+
+# 运行全部回归测试
+npx playwright test --grep @regression
+
+# 查看测试报告
+npx playwright show-report tests/e2e/report
+```

.qoder/skills/check-status/SKILL.md

@@ -0,0 +1,73 @@
+---
+name: check-status
+description: Show current code status including uncommitted changes, test health, and build state. Use to get a quick overview before starting work or before committing.
+---
+
+Show a comprehensive status report of the HealthLink-HIS codebase:
+
+## 1. Git status
+```bash
+git status
+git log --oneline -5
+```
+
+## 2. Uncommitted changes
+```bash
+git diff --stat
+git diff --name-only
+```
+
+## 3. Backend health (quick check)
+```bash
+cd healthlink-his-server
+mvn clean compile -DskipTests -q
+echo "Backend compile: $?"
+```
+
+## 4. Frontend health (quick check)
+```bash
+cd healthlink-his-ui
+npm run build:dev --silent 2>&1 | tail -5
+npm run lint --silent 2>&1 | tail -10
+```
+
+## 5. Test status
+```bash
+# Backend: check if tests exist for modified files
+git diff --name-only | grep -E "\.java$" | while read f; do
+  test_file=$(echo "$f" | sed 's/src\/main/src\/test/' | sed 's/\.java$/Test\.java/')
+  if [ -f "$test_file" ]; then
+    echo "✓ Test exists: $test_file"
+  else
+    echo "⚠ No test: $f"
+  fi
+done
+
+# Frontend: check test coverage
+cd healthlink-his-ui
+npm run test:run -- --reporter=basic 2>&1 | grep -E "(PASS|FAIL|Tests|Coverage)"
+```
+
+## Report format:
+```
+=== Git Status ===
+Branch: develop
+Uncommitted: X files
+Last commit: abc1234 (message)
+
+=== Backend ===
+Compile: ✓/✗
+Modified files: X
+Tests missing: Y
+
+=== Frontend ===
+Build: ✓/✗
+Lint: ✓/✗ (X warnings, Y errors)
+Tests: X passed, Y failed
+
+=== Ready to commit? ===
+✓/✗ (list blockers if any)
+```
+
+## Iron Law 3 reminder:
+"编译 + 测试全部通过后才能 git commit"

.qoder/skills/closed-loop-testing/SKILL.md

@@ -0,0 +1,84 @@
+---
+name: closed-loop-testing
+description: Quality gates, test automation, and feedback loops for AI-generated code. Use when generating tests, running validation pipelines, setting up quality gates, or implementing auto-fix loops for test failures. Covers L1-L5 quality gates, mutation testing, coverage strategies, and failure analysis.
+---
+
+# 闭环测试 — 质量门禁与反馈循环
+
+> 没有门禁的 Agent 是不受控的。每层门禁捕获特定类型的问题。
+
+## 🚪 五层质量门禁
+
+| 门禁 | 时间 | 范围 | 失败处理 |
+|---|---|---|---|
+| **L1 编译检查** | <30 秒 | 语法、类型、导入 | Agent 自行修复 |
+| **L2 静态分析** | <2 分钟 | 代码风格、复杂度、安全 | Agent 修复 |
+| **L3 单元测试** | <5 分钟 | 功能正确性、边界条件 | 自动修复或上报 |
+| **L4 集成测试** | <15 分钟 | 模块间交互、数据流 | 上报人工 |
+| **L5 生产验证** | 持续 | 监控、告警、性能 | 自动回滚 |
+
+## 🔄 反馈循环机制
+
+```
+测试失败
+  → 分析失败原因（编译/逻辑/边界/依赖）
+  → 提取可行动的反馈（文件:行号:错误类型:修复方向）
+  → Agent 修复
+  → 重测
+  → 若持续失败（3次）→ 上报人类
+```
+
+### 反馈格式规范
+```
+文件路径:行号 错误类型 错误描述 | 修复建议
+示例:
+src/payment/applepay_processor.py:42 TypeError amount must be int | 添加类型转换 str → int
+```
+
+## 🧪 测试生成策略
+
+### 策略优先级
+1. **边界值分析** — 测试空值、越界、特殊值
+2. **等价类划分** — 覆盖每个分支路径
+3. **错误猜测** — 基于经验预测常见错误
+4. **组合测试** — 参数组合爆炸场景
+
+### 覆盖率目标
+```yaml
+unit_test_coverage: 90%      # 行覆盖率
+mutation_score: 80%          # 变异测试通过率
+branch_coverage: 85%         # 分支覆盖率
+```
+
+## 📊 失败原因分析（基于项目数据）
+
+| 类型 | 占比 | 典型表现 | 捕获门禁 |
+|---|---|---|---|
+| 架构错误 | 35% | 接口不匹配、依赖错乱 | L1 编译 |
+| 业务逻辑 | 25% | 条件判断错误、数据流断裂 | L3 单元测试 |
+| 创造性偏差 | 20% | 过度设计、不必要的抽象 | L3 + L5 |
+| Debug 残留 | 15% | print、临时变量未清理 | L2 静态分析 |
+| 其他 | 5% | 环境、工具问题 | L5 |
+
+## ⚙️ 本项目测试命令
+
+```bash
+# L1 编译检查（Java）
+cd /root/.openclaw/workspace/his-repo/openhis-server-new
+mvn compile -pl openhis-application -am
+
+# L1 语法检查（Python）
+python3 -c "import py_compile; py_compile.compile('strategy.py', doraise=True)"
+
+# L2 全链路验证
+# 检查 AGENTS.md 中的铁律清单：录入 → 保存 → 查询 → 修改 → 删除 → 关联
+```
+
+## ⚠️ 常见陷阱
+
+| 陷阱 | 表现 | 解决 |
+|---|---|---|
+| 测试滞后 | Agent 写完代码再补测试 | 测试先行或并行生成 |
+| 覆盖幻觉 | 覆盖率数字达标但逻辑没测 | 引入变异测试 |
+| 反馈过载 | 同时报太多错误 | 按优先级逐层暴露 |
+| Mock 泛滥 | 过度 Mock 导致测试失真 | 优先写集成测试 |

.qoder/skills/closed-loop-testing/agents/openai.yaml

@@ -0,0 +1,3 @@
+interface:
+  display_name: "Closed Loop Testing"
+  short_description: "Part of Harness Engineering plugin — closed-loop-testing"

.qoder/skills/constraint-design/SKILL.md

@@ -0,0 +1,113 @@
+---
+name: constraint-design
+description: Design patterns for writing effective Agent constraints. Use when defining rules, policies, or guardrails for AI code generation. Covers constraint types (architectural/code quality/security/business), DSL patterns, conflict resolution, and progressive trust scaling.
+---
+
+# 约束设计 — 让 Agent 在边界内发挥
+
+> 好的约束不是束缚，是护栏。它让 Agent 在安全区域内自由发挥。
+
+## 📐 四类约束
+
+### 1. 架构约束
+定义系统结构和组件关系：
+```yaml
+architecture:
+  required_interface: "PaymentProcessor"  # 必须实现
+  file_location: "src/payment/"           # 文件位置
+  naming_convention: "{name}_processor.py"
+  forbidden_patterns:
+    - "god_class"     # 禁止上帝类
+    - "circular_dep"  # 禁止循环依赖
+```
+
+### 2. 代码质量约束
+定义代码质量和风格标准：
+```yaml
+code_quality:
+  max_complexity: 10          # 圈复杂度上限
+  max_line_length: 120        # Java / 100（Vue）
+  type_hints: "required"      # 必须类型提示
+  docstrings: "public_only"   # 公共方法需要文档
+  test_coverage: 90           # 覆盖率目标
+```
+
+### 3. 安全约束
+防止 Agent 引入安全隐患：
+```yaml
+security:
+  no_hardcoded_secrets: true
+  use_vault_for_credentials: true
+  input_sanitization: "strict"
+  forbidden_functions:
+    - "eval()"
+    - "exec()"
+```
+
+### 4. 业务规则
+领域特定的约束：
+```yaml
+business:
+  data_flow: "full_chain"     # 必须走通全链路
+  soft_delete: true           # 软删除机制
+  audit_log: true             # 操作审计
+```
+
+## 🎯 约束设计原则
+
+### 原则 1：可验证
+每条约束必须能被自动化检查：
+```
+✅ "代码覆盖率 > 90%" — 可用 pytest-cov 验证
+❌ "代码质量要高" — 无法验证
+```
+
+### 原则 2：无歧义
+约束必须精确，不留解读空间：
+```
+✅ "每函数不超过 50 行"
+❌ "函数不要太长"
+```
+
+### 原则 3：优先级排序
+约束冲突时按优先级裁决：
+```
+安全(1) > 架构(2) > 业务(3) > 质量(4) > 性能(5)
+```
+
+### 原则 4：渐进增强
+从最少的约束开始，按需增加：
+```
+L1: 编译通过
+L2: + 类型提示 + 命名规范
+L3: + 测试覆盖 + 复杂度限制
+L4: + 安全扫描 + 架构合规
+```
+
+## 🔧 约束 DSL 模式
+
+### 声明式（推荐）
+```yaml
+constraint:
+  type: "must" | "must_not" | "should" | "may"
+  scope: "file" | "class" | "method" | "project"
+  rule: "具体规则"
+  verification: "如何验证"
+```
+
+### 命令式（脚本）
+```python
+# validate_constraints.py
+def check_naming(file_path):
+    if not file_path.endswith("_processor.py"):
+        raise Violation("命名不规范")
+```
+
+## ⚠️ 常见陷阱
+
+| 陷阱 | 表现 | 解决 |
+|---|---|---|
+| 过度约束 | Agent 无法完成任务 | 从最小约束集开始 |
+| 约束冲突 | 约束 A 要求 X，约束 B 禁止 X | 建立优先级链 |
+| 无法验证 | 约束定义模糊，无法自动化检查 | 每条约束都必须可验证 |
+| 静态不变 | 项目演进后约束过时 | 定期复审约束集 |

.qoder/skills/constraint-design/agents/openai.yaml

@@ -0,0 +1,3 @@
+interface:
+  display_name: "Constraint Design"
+  short_description: "Part of Harness Engineering plugin — constraint-design"

.qoder/skills/dispatching-parallel-agents/SKILL.md

@@ -0,0 +1,182 @@
+---
+name: dispatching-parallel-agents
+description: Use when facing 2+ independent tasks that can be worked on without shared state or sequential dependencies
+---
+
+# Dispatching Parallel Agents
+
+## Overview
+
+You delegate tasks to specialized agents with isolated context. By precisely crafting their instructions and context, you ensure they stay focused and succeed at their task. They should never inherit your session's context or history — you construct exactly what they need. This also preserves your own context for coordination work.
+
+When you have multiple unrelated failures (different test files, different subsystems, different bugs), investigating them sequentially wastes time. Each investigation is independent and can happen in parallel.
+
+**Core principle:** Dispatch one agent per independent problem domain. Let them work concurrently.
+
+## When to Use
+
+```dot
+digraph when_to_use {
+    "Multiple failures?" [shape=diamond];
+    "Are they independent?" [shape=diamond];
+    "Single agent investigates all" [shape=box];
+    "One agent per problem domain" [shape=box];
+    "Can they work in parallel?" [shape=diamond];
+    "Sequential agents" [shape=box];
+    "Parallel dispatch" [shape=box];
+
+    "Multiple failures?" -> "Are they independent?" [label="yes"];
+    "Are they independent?" -> "Single agent investigates all" [label="no - related"];
+    "Are they independent?" -> "Can they work in parallel?" [label="yes"];
+    "Can they work in parallel?" -> "Parallel dispatch" [label="yes"];
+    "Can they work in parallel?" -> "Sequential agents" [label="no - shared state"];
+}
+```
+
+**Use when:**
+- 3+ test files failing with different root causes
+- Multiple subsystems broken independently
+- Each problem can be understood without context from others
+- No shared state between investigations
+
+**Don't use when:**
+- Failures are related (fix one might fix others)
+- Need to understand full system state
+- Agents would interfere with each other
+
+## The Pattern
+
+### 1. Identify Independent Domains
+
+Group failures by what's broken:
+- File A tests: Tool approval flow
+- File B tests: Batch completion behavior
+- File C tests: Abort functionality
+
+Each domain is independent - fixing tool approval doesn't affect abort tests.
+
+### 2. Create Focused Agent Tasks
+
+Each agent gets:
+- **Specific scope:** One test file or subsystem
+- **Clear goal:** Make these tests pass
+- **Constraints:** Don't change other code
+- **Expected output:** Summary of what you found and fixed
+
+### 3. Dispatch in Parallel
+
+```typescript
+// In Claude Code / AI environment
+Task("Fix agent-tool-abort.test.ts failures")
+Task("Fix batch-completion-behavior.test.ts failures")
+Task("Fix tool-approval-race-conditions.test.ts failures")
+// All three run concurrently
+```
+
+### 4. Review and Integrate
+
+When agents return:
+- Read each summary
+- Verify fixes don't conflict
+- Run full test suite
+- Integrate all changes
+
+## Agent Prompt Structure
+
+Good agent prompts are:
+1. **Focused** - One clear problem domain
+2. **Self-contained** - All context needed to understand the problem
+3. **Specific about output** - What should the agent return?
+
+```markdown
+Fix the 3 failing tests in src/agents/agent-tool-abort.test.ts:
+
+1. "should abort tool with partial output capture" - expects 'interrupted at' in message
+2. "should handle mixed completed and aborted tools" - fast tool aborted instead of completed
+3. "should properly track pendingToolCount" - expects 3 results but gets 0
+
+These are timing/race condition issues. Your task:
+
+1. Read the test file and understand what each test verifies
+2. Identify root cause - timing issues or actual bugs?
+3. Fix by:
+   - Replacing arbitrary timeouts with event-based waiting
+   - Fixing bugs in abort implementation if found
+   - Adjusting test expectations if testing changed behavior
+
+Do NOT just increase timeouts - find the real issue.
+
+Return: Summary of what you found and what you fixed.
+```
+
+## Common Mistakes
+
+**❌ Too broad:** "Fix all the tests" - agent gets lost
+**✅ Specific:** "Fix agent-tool-abort.test.ts" - focused scope
+
+**❌ No context:** "Fix the race condition" - agent doesn't know where
+**✅ Context:** Paste the error messages and test names
+
+**❌ No constraints:** Agent might refactor everything
+**✅ Constraints:** "Do NOT change production code" or "Fix tests only"
+
+**❌ Vague output:** "Fix it" - you don't know what changed
+**✅ Specific:** "Return summary of root cause and changes"
+
+## When NOT to Use
+
+**Related failures:** Fixing one might fix others - investigate together first
+**Need full context:** Understanding requires seeing entire system
+**Exploratory debugging:** You don't know what's broken yet
+**Shared state:** Agents would interfere (editing same files, using same resources)
+
+## Real Example from Session
+
+**Scenario:** 6 test failures across 3 files after major refactoring
+
+**Failures:**
+- agent-tool-abort.test.ts: 3 failures (timing issues)
+- batch-completion-behavior.test.ts: 2 failures (tools not executing)
+- tool-approval-race-conditions.test.ts: 1 failure (execution count = 0)
+
+**Decision:** Independent domains - abort logic separate from batch completion separate from race conditions
+
+**Dispatch:**
+```
+Agent 1 → Fix agent-tool-abort.test.ts
+Agent 2 → Fix batch-completion-behavior.test.ts
+Agent 3 → Fix tool-approval-race-conditions.test.ts
+```
+
+**Results:**
+- Agent 1: Replaced timeouts with event-based waiting
+- Agent 2: Fixed event structure bug (threadId in wrong place)
+- Agent 3: Added wait for async tool execution to complete
+
+**Integration:** All fixes independent, no conflicts, full suite green
+
+**Time saved:** 3 problems solved in parallel vs sequentially
+
+## Key Benefits
+
+1. **Parallelization** - Multiple investigations happen simultaneously
+2. **Focus** - Each agent has narrow scope, less context to track
+3. **Independence** - Agents don't interfere with each other
+4. **Speed** - 3 problems solved in time of 1
+
+## Verification
+
+After agents return:
+1. **Review each summary** - Understand what changed
+2. **Check for conflicts** - Did agents edit same code?
+3. **Run full suite** - Verify all fixes work together
+4. **Spot check** - Agents can make systematic errors
+
+## Real-World Impact
+
+From debugging session (2025-10-03):
+- 6 failures across 3 files
+- 3 agents dispatched in parallel
+- All investigations completed concurrently
+- All fixes integrated successfully
+- Zero conflicts between agent changes

.qoder/skills/durable-execution/SKILL.md

@@ -0,0 +1,119 @@
+---
+name: durable-execution
+description: Checkpoint management and state persistence for long-running agents. Use when executing tasks that span multiple steps, need failure recovery, or require idempotent operations. Covers checkpoint strategy, state management layers, event sourcing, and recovery patterns.
+---
+
+# 持久化执行 — 检查点与状态管理
+
+> 可靠是规模化的前提。每个长时任务都必须有可恢复的检查点。
+
+## 🎯 何时使用
+
+- 任务预计超过 5 个步骤
+- 任务涉及文件修改（需要回滚能力）
+- 任务依赖外部服务/API
+- 任务需要在中断后恢复
+
+## 📦 三层状态管理
+
+| 层级 | 内容 | 本项目的实现 |
+|---|---|---|
+| **系统层** | 工作流 ID、超时、重试配置 | update_plan 记录任务 ID 和进度 |
+| **执行层** | 当前活动、执行进度、等待事件 | checklist_write 分步骤记录 |
+| **业务层** | 已完成工作、中间产物 | git diff + 编译结果作为验证 |
+
+## 🔄 检查点策略
+
+### 触发时机
+```
+时间触发：每完成 1 个关键步骤
+事件触发：编译通过 / 失败后
+状态变化：每次代码修改后（git diff 可见）
+```
+
+### 检查点内容
+```yaml
+checkpoint:
+  step_id: "string"
+  status: "pending | in_progress | completed | failed"
+  inputs: { }           # 该步骤的输入参数
+  outputs: { }          # 该步骤的产出
+  error_message: ""     # 失败原因
+  timestamp: "ISO8601"  # 时间戳
+```
+
+### 恢复流程
+```
+失败检测
+  → 定位最新检查点（update_plan / checklist）
+  → 分析失败原因（编译错误 / 测试失败 / 逻辑错误）
+  → git restore 撤销本次修改
+  → 从失败点修复（不从头开始）
+  → 继续执行
+  → 恢复验证（确认状态一致性）
+```
+
+## ♻️ 幂等性模式
+
+### 模式 1：唯一标识
+每个操作生成唯一 ID，已执行则跳过：
+```
+generate_code(task_id="abc123")
+if executed(task_id="abc123"):
+    return cached_result  # 已执行，跳过
+```
+
+### 模式 2：状态检查
+执行前检查目标是否已达成：
+```
+if file_exists("src/utils/helper.js"):
+    return  # 已生成，跳过
+```
+
+### 模式 3：补偿操作
+不可逆操作提供回滚机制：
+```
+try:
+    modify_file(path)
+except:
+    restore_from_git(path)  # 补偿操作
+```
+
+## 📝 事件溯源（简化版）
+
+每次操作产生不可变事件记录：
+
+```
+事件流（按时间顺序）:
+  ① 人类提交任务 → ② Agent 制定计划
+  → ③ 修改文件 → ④ 编译检查
+  → ⑤ 数据流验证 → ⑥ 人类审查
+  → ⑦ 提交代码
+```
+
+每次事件可通过 `git log` + `update_plan` 追溯。
+
+## ⚡ 本项目的检查点命令速查
+
+```bash
+# 查看当前进度
+grep -n "^[0-9]\+\." <(cat AGENTS.md | grep -A 100 "工作流程")
+
+# 回滚最近的修改
+git checkout -- <file>
+
+# 查看修改历史
+git log --oneline -10
+
+# 查看未提交的变更
+git diff --stat HEAD
+```
+
+## ⚠️ 常见陷阱
+
+| 陷阱 | 表现 | 解决 |
+|---|---|---|
+| 不设检查点 | 失败后全部重来 | 步骤间自动 save_checkpoint |
+| 幂等性缺失 | 重复执行导致错误 | 唯一 ID / 状态检查 |
+| 状态不一致 | 检查点与实际不符 | git diff 验证后再恢复 |
+| 检查点过大 | 保存和恢复慢 | 只保存增量状态 |

.qoder/skills/durable-execution/agents/openai.yaml

@@ -0,0 +1,3 @@
+interface:
+  display_name: "Durable Execution"
+  short_description: "Part of Harness Engineering plugin — durable-execution"

.qoder/skills/executing-plans/SKILL.md

@@ -0,0 +1,70 @@
+---
+name: executing-plans
+description: Use when you have a written implementation plan to execute in a separate session with review checkpoints
+---
+
+# Executing Plans
+
+## Overview
+
+Load plan, review critically, execute all tasks, report when complete.
+
+**Announce at start:** "I'm using the executing-plans skill to implement this plan."
+
+**Note:** Tell your human partner that Superpowers works much better with access to subagents. The quality of its work will be significantly higher if run on a platform with subagent support (such as Claude Code or Codex). If subagents are available, use superpowers:subagent-driven-development instead of this skill.
+
+## The Process
+
+### Step 1: Load and Review Plan
+1. Read plan file
+2. Review critically - identify any questions or concerns about the plan
+3. If concerns: Raise them with your human partner before starting
+4. If no concerns: Create TodoWrite and proceed
+
+### Step 2: Execute Tasks
+
+For each task:
+1. Mark as in_progress
+2. Follow each step exactly (plan has bite-sized steps)
+3. Run verifications as specified
+4. Mark as completed
+
+### Step 3: Complete Development
+
+After all tasks complete and verified:
+- Announce: "I'm using the finishing-a-development-branch skill to complete this work."
+- **REQUIRED SUB-SKILL:** Use superpowers:finishing-a-development-branch
+- Follow that skill to verify tests, present options, execute choice
+
+## When to Stop and Ask for Help
+
+**STOP executing immediately when:**
+- Hit a blocker (missing dependency, test fails, instruction unclear)
+- Plan has critical gaps preventing starting
+- You don't understand an instruction
+- Verification fails repeatedly
+
+**Ask for clarification rather than guessing.**
+
+## When to Revisit Earlier Steps
+
+**Return to Review (Step 1) when:**
+- Partner updates the plan based on your feedback
+- Fundamental approach needs rethinking
+
+**Don't force through blockers** - stop and ask.
+
+## Remember
+- Review plan critically first
+- Follow plan steps exactly
+- Don't skip verifications
+- Reference skills when plan says to
+- Stop when blocked, don't guess
+- Never start implementation on main/master branch without explicit user consent
+
+## Integration
+
+**Required workflow skills:**
+- **superpowers:using-git-worktrees** - Ensures isolated workspace (creates one or verifies existing)
+- **superpowers:writing-plans** - Creates the plan this skill executes
+- **superpowers:finishing-a-development-branch** - Complete development after all tasks

.qoder/skills/finishing-a-development-branch/SKILL.md

@@ -0,0 +1,251 @@
+---
+name: finishing-a-development-branch
+description: Use when implementation is complete, all tests pass, and you need to decide how to integrate the work - guides completion of development work by presenting structured options for merge, PR, or cleanup
+---
+
+# Finishing a Development Branch
+
+## Overview
+
+Guide completion of development work by presenting clear options and handling chosen workflow.
+
+**Core principle:** Verify tests → Detect environment → Present options → Execute choice → Clean up.
+
+**Announce at start:** "I'm using the finishing-a-development-branch skill to complete this work."
+
+## The Process
+
+### Step 1: Verify Tests
+
+**Before presenting options, verify tests pass:**
+
+```bash
+# Run project's test suite
+npm test / cargo test / pytest / go test ./...
+```
+
+**If tests fail:**
+```
+Tests failing (<N> failures). Must fix before completing:
+
+[Show failures]
+
+Cannot proceed with merge/PR until tests pass.
+```
+
+Stop. Don't proceed to Step 2.
+
+**If tests pass:** Continue to Step 2.
+
+### Step 2: Detect Environment
+
+**Determine workspace state before presenting options:**
+
+```bash
+GIT_DIR=$(cd "$(git rev-parse --git-dir)" 2>/dev/null && pwd -P)
+GIT_COMMON=$(cd "$(git rev-parse --git-common-dir)" 2>/dev/null && pwd -P)
+```
+
+This determines which menu to show and how cleanup works:
+
+| State | Menu | Cleanup |
+|-------|------|---------|
+| `GIT_DIR == GIT_COMMON` (normal repo) | Standard 4 options | No worktree to clean up |
+| `GIT_DIR != GIT_COMMON`, named branch | Standard 4 options | Provenance-based (see Step 6) |
+| `GIT_DIR != GIT_COMMON`, detached HEAD | Reduced 3 options (no merge) | No cleanup (externally managed) |
+
+### Step 3: Determine Base Branch
+
+```bash
+# Try common base branches
+git merge-base HEAD main 2>/dev/null || git merge-base HEAD master 2>/dev/null
+```
+
+Or ask: "This branch split from main - is that correct?"
+
+### Step 4: Present Options
+
+**Normal repo and named-branch worktree — present exactly these 4 options:**
+
+```
+Implementation complete. What would you like to do?
+
+1. Merge back to <base-branch> locally
+2. Push and create a Pull Request
+3. Keep the branch as-is (I'll handle it later)
+4. Discard this work
+
+Which option?
+```
+
+**Detached HEAD — present exactly these 3 options:**
+
+```
+Implementation complete. You're on a detached HEAD (externally managed workspace).
+
+1. Push as new branch and create a Pull Request
+2. Keep as-is (I'll handle it later)
+3. Discard this work
+
+Which option?
+```
+
+**Don't add explanation** - keep options concise.
+
+### Step 5: Execute Choice
+
+#### Option 1: Merge Locally
+
+```bash
+# Get main repo root for CWD safety
+MAIN_ROOT=$(git -C "$(git rev-parse --git-common-dir)/.." rev-parse --show-toplevel)
+cd "$MAIN_ROOT"
+
+# Merge first — verify success before removing anything
+git checkout <base-branch>
+git pull
+git merge <feature-branch>
+
+# Verify tests on merged result
+<test command>
+
+# Only after merge succeeds: cleanup worktree (Step 6), then delete branch
+```
+
+Then: Cleanup worktree (Step 6), then delete branch:
+
+```bash
+git branch -d <feature-branch>
+```
+
+#### Option 2: Push and Create PR
+
+```bash
+# Push branch
+git push -u origin <feature-branch>
+
+# Create PR
+gh pr create --title "<title>" --body "$(cat <<'EOF'
+## Summary
+<2-3 bullets of what changed>
+
+## Test Plan
+- [ ] <verification steps>
+EOF
+)"
+```
+
+**Do NOT clean up worktree** — user needs it alive to iterate on PR feedback.
+
+#### Option 3: Keep As-Is
+
+Report: "Keeping branch <name>. Worktree preserved at <path>."
+
+**Don't cleanup worktree.**
+
+#### Option 4: Discard
+
+**Confirm first:**
+```
+This will permanently delete:
+- Branch <name>
+- All commits: <commit-list>
+- Worktree at <path>
+
+Type 'discard' to confirm.
+```
+
+Wait for exact confirmation.
+
+If confirmed:
+```bash
+MAIN_ROOT=$(git -C "$(git rev-parse --git-common-dir)/.." rev-parse --show-toplevel)
+cd "$MAIN_ROOT"
+```
+
+Then: Cleanup worktree (Step 6), then force-delete branch:
+```bash
+git branch -D <feature-branch>
+```
+
+### Step 6: Cleanup Workspace
+
+**Only runs for Options 1 and 4.** Options 2 and 3 always preserve the worktree.
+
+```bash
+GIT_DIR=$(cd "$(git rev-parse --git-dir)" 2>/dev/null && pwd -P)
+GIT_COMMON=$(cd "$(git rev-parse --git-common-dir)" 2>/dev/null && pwd -P)
+WORKTREE_PATH=$(git rev-parse --show-toplevel)
+```
+
+**If `GIT_DIR == GIT_COMMON`:** Normal repo, no worktree to clean up. Done.
+
+**If worktree path is under `.worktrees/`, `worktrees/`, or `~/.config/superpowers/worktrees/`:** Superpowers created this worktree — we own cleanup.
+
+```bash
+MAIN_ROOT=$(git -C "$(git rev-parse --git-common-dir)/.." rev-parse --show-toplevel)
+cd "$MAIN_ROOT"
+git worktree remove "$WORKTREE_PATH"
+git worktree prune  # Self-healing: clean up any stale registrations
+```
+
+**Otherwise:** The host environment (harness) owns this workspace. Do NOT remove it. If your platform provides a workspace-exit tool, use it. Otherwise, leave the workspace in place.
+
+## Quick Reference
+
+| Option | Merge | Push | Keep Worktree | Cleanup Branch |
+|--------|-------|------|---------------|----------------|
+| 1. Merge locally | yes | - | - | yes |
+| 2. Create PR | - | yes | yes | - |
+| 3. Keep as-is | - | - | yes | - |
+| 4. Discard | - | - | - | yes (force) |
+
+## Common Mistakes
+
+**Skipping test verification**
+- **Problem:** Merge broken code, create failing PR
+- **Fix:** Always verify tests before offering options
+
+**Open-ended questions**
+- **Problem:** "What should I do next?" is ambiguous
+- **Fix:** Present exactly 4 structured options (or 3 for detached HEAD)
+
+**Cleaning up worktree for Option 2**
+- **Problem:** Remove worktree user needs for PR iteration
+- **Fix:** Only cleanup for Options 1 and 4
+
+**Deleting branch before removing worktree**
+- **Problem:** `git branch -d` fails because worktree still references the branch
+- **Fix:** Merge first, remove worktree, then delete branch
+
+**Running git worktree remove from inside the worktree**
+- **Problem:** Command fails silently when CWD is inside the worktree being removed
+- **Fix:** Always `cd` to main repo root before `git worktree remove`
+
+**Cleaning up harness-owned worktrees**
+- **Problem:** Removing a worktree the harness created causes phantom state
+- **Fix:** Only clean up worktrees under `.worktrees/`, `worktrees/`, or `~/.config/superpowers/worktrees/`
+
+**No confirmation for discard**
+- **Problem:** Accidentally delete work
+- **Fix:** Require typed "discard" confirmation
+
+## Red Flags
+
+**Never:**
+- Proceed with failing tests
+- Merge without verifying tests on result
+- Delete work without confirmation
+- Force-push without explicit request
+- Remove a worktree before confirming merge success
+- Clean up worktrees you didn't create (provenance check)
+- Run `git worktree remove` from inside the worktree
+
+**Always:**
+- Verify tests before offering options
+- Detect environment before presenting menu
+- Present exactly 4 options (or 3 for detached HEAD)
+- Get typed confirmation for Option 4
+- Clean up worktree for Options 1 & 4 only
+- `cd` to main repo root before worktree removal
+- Run `git worktree prune` after removal