Aegis — AI Development Quality Guardian
Five-layer defense for AI-assisted software development.
Modes
Lite Mode (Default for small tasks)
- - Design Brief only → straight to implementation
- Use when: solo dev, single-service feature, quick fix
Full Mode (Multi-service / team projects)
- - Complete contract-first workflow
- Use when: multiple API boundaries, team collaboration, complex features
Phase 0: Workspace Architecture Detection
Before starting the Aegis workflow, detect the project architecture to choose the right contract strategy.
Auto-Detection
Scan the workspace for indicators:
- - Both
frontend//client//web/ AND backend//server//api/ directories → Monorepo - INLINECODE6� with workspaces containing both frontend and backend → Monorepo
- Only one side present (pure frontend or pure backend) → Split Workspace
If Split Workspace detected, ask the human:
�CODEBLOCK0
Architecture Modes
| Mode | Contract Location | Sync Method |
|---|
| Monorepo | INLINECODE7� in project root | Direct (same repo) |
| Multi-Repo, Single Agent |
Lead workspace's
contracts/, copied to each repo | Copy before dispatch |
|
Cross-Agent, Cross-Workspace | Dedicated contract repository | Git submodule / package / lead copy-sync |
Cross-Workspace: Contract lives in an independent Git repo. Each agent's workspace integrates it as read-only. Contract Change Requests go through the Lead who has merge rights. See references/multi-agent-protocol.md for the full protocol.
Phase 1: Design
Before any non-trivial feature, create a Design Brief:
- 1. Read
templates/design-brief.md for the template - Fill in: Problem Statement, Architecture Overview, Key Decisions, Module Boundaries, API Surface, Known Gaps, Testing Strategy
- Submit for human review
- Gate: Do not proceed to Phase 2 until Design Brief is approved
Lite Mode stops here — proceed to Phase 3 after Design Brief approval.
Phase 2: Contract (Full Mode)
Define the API contract before writing implementation code:
- 1. Create/update
contracts/api-spec.yaml (OpenAPI 3.1) — use templates/api-spec-starter.yaml as base - Create/update
contracts/shared-types.ts — use templates/shared-types-starter.ts as base - Create/update
contracts/errors.yaml — use templates/errors-starter.yaml as base - Run
bash scripts/validate-contract.sh <project-path> to check consistency - Gate: Contracts must be reviewed before implementation begins
Reference: references/contract-first-guide.md for the full contract-first methodology.
Phase 3: Implementation
Pre-Coding Checklist (EVERY TIME before writing code)
- 1. Check if
contracts/ exists in the project root - If yes: read
contracts/api-spec.yaml, contracts/errors.yaml, �INLINECODE22 - Read
CLAUDE.md for project-specific constraints - If a Design Brief exists for your task: read
docs/designs/ relevant file
Hard Rules (violation = PR rejected)
R1: Contract is the truth
- - All API responses MUST conform to �INLINECODE25
- Response shapes, status codes, field names — all from the spec
R2: Shared types — import, never redefine
- - �INLINECODE26
- NEVER create local types that shadow contract types
- If shared-types doesn't have what you need → file a Change Request (R5)
R3: Error codes from registry only
- - Use codes defined in �INLINECODE27
- Never invent ad-hoc error codes
- Need a new code → file a Change Request (R5)
R4: Contract tests mandatory
- - Every new API endpoint MUST have a contract test
- Contract test = validate real response against OpenAPI spec schema
- Modified endpoints → update contract test
R5: Never modify contracts directly
If the contract needs changes:
- 1. Create �INLINECODE28
- Include: what, why, which modules affected
- Continue implementing with the CURRENT contract
- Human reviews and updates the contract
R6: CLAUDE.md constraints
- - Read and follow all ⛔ Hard Constraints in CLAUDE.md
- These are project-specific and override general preferences
R7: Pre-commit checks are mandatory
- - Run lint → type-check → format-check → contract validation before committing
- After ALL code changes, run formatters as a final step
- Never bypass with �INLINECODE29
Quick Reference
| Situation | Action |
|---|
| Need a new endpoint | Check api-spec.yaml first |
| Need a new type |
Check shared-types.ts → if missing, Change Request |
| Need a new error code | Check errors.yaml → if missing, Change Request |
| API response doesn't match spec | Fix code, not spec |
| Spec seems wrong | Change Request, implement per current spec |
| No contracts/ directory | Hard rules don't apply — standard development |
Phase 4: Verification
After implementation, validate quality:
- 1. Run contract tests — �INLINECODE30
- Run frontend tests —
pnpm test (if frontend exists) - Run backend integration tests — HTTP E2E against real server + real DB
- Generate gap report — �INLINECODE32
- Review: are all Design Brief items implemented?
- Review: do all endpoints have contract + integration tests?
- Gate: All tests must pass before PR/MR
Testing Hierarchy
CODEBLOCK1
Frontend Testing (when project has frontend)
- - Stack: Vitest + React Testing Library + MSW
- Required coverage: API clients (normal/error/auth), data hooks (loading/success/error), key components
- MSW handlers: must mock every backend endpoint with data matching �INLINECODE33
- CI gate:
pnpm test must pass — same blocking power as backend tests
Backend Integration Testing (HTTP E2E)
- - Every endpoint must have: happy path (200) + bad request (400) + not found (404) + auth failure (401)
- Real database — isolated test DB, not mocks. Transactions or migrations for clean state.
- Mutation verification — POST/PUT/DELETE → GET to confirm state change
- CI pipeline: �INLINECODE35
Consumer-Driven Route Coverage
Integration tests must cover what the frontend calls, not just what the backend implements.
- - Full mode:
verify-route-coverage.sh cross-references frontend API calls with backend routes. Every consumer route needs a backend handler + integration test. - Degraded mode: If no frontend manifest or scannable frontend code exists, CI warns but does not fail. Provider-driven tests remain the baseline.
- Cross-workspace: Frontend agent exports
consumer-routes.yaml to the contract repo. Backend CI validates coverage against it. - Route manifest:
contracts/route-manifest.yaml — declares every API route the frontend consumes. Auto-generated or manual.
Run after integration tests in CI:
�CODEBLOCK2
Test Strategy = Design Artifact
Full-stack features require a complete testing strategy in the Design Brief before coding begins.
Reference: references/testing-strategy.md for the full testing pyramid and standards.
Phase 5: PM
Track progress and enforce quality gates:
- 1. Update
docs/designs/<feature>/implementation-summary.md — use �INLINECODE41 - Mark Design Brief items as completed
- Note any contract Change Requests filed during implementation
- Release readiness check: all gates passed?
Project Setup
Initialize Aegis in any project:
CODEBLOCK3
This creates:
- -
contracts/ — API spec, shared types, error codes (stack-aware) - INLINECODE43� — for Design Briefs
- INLINECODE44� — portable validation scripts
- INLINECODE45� — from Aegis template (if not existing)
- INLINECODE46� — auto-detects your database
Set up guardrails (pre-commit hooks + CI):
CODEBLOCK4�
Multi-Agent Protocol
When multiple agents work on the same project:
- - Each agent reads contracts before starting
- Contracts are the synchronization point — not code
- Change Requests prevent concurrent contract modifications
Cross-Workspace: When agents operate in separate workspaces, contract lives in a dedicated repository. Each agent integrates via submodule/package/copy-sync and treats contracts/ as read-only. Integration testing is orchestrated externally.
Reference: �INLINECODE48
File Structure
CODEBLOCK5
Aegis — AI开发质量守护者
AI辅助软件开发的五层防御体系。
模式
精简模式(小型任务默认)
- - 仅需设计概要 → 直接进入实现阶段
- 适用场景:独立开发、单服务功能、快速修复
完整模式(多服务/团队项目)
- - 完整的契约优先工作流
- 适用场景:多API边界、团队协作、复杂功能
阶段0:工作区架构检测
在启动Aegis工作流之前,检测项目架构以选择正确的契约策略。
自动检测
扫描工作区以识别指标:
- - 同时存在frontend//client//web/和backend//server//api/目录 → 单体仓库
- package.json中包含同时涉及前端和后端的工作区 → 单体仓库
- 仅存在一侧(纯前端或纯后端) → 分离工作区
如果检测到分离工作区,询问用户:
检测到:此工作区仅包含{前端|后端}代码。
另一侧代码位于何处?
(a) 由同一代理管理的另一个仓库(我可访问)
(b) 由不同代理/工作区管理的另一个仓库(我无法访问)
(c) 这实际上是一个单体仓库(我遗漏了某些信息)
架构模式
| 模式 | 契约位置 | 同步方式 |
|---|
| 单体仓库 | 项目根目录下的contracts/ | 直接(同一仓库) |
| 多仓库,单代理 |
主导工作区的contracts/,复制到每个仓库 | 分发前复制 |
|
跨代理,跨工作区 | 专用契约仓库 | Git子模块/包/主导复制同步 |
跨工作区: 契约存在于独立的Git仓库中。每个代理的工作区以只读方式集成。契约变更请求通过具有合并权限的主导代理处理。完整协议请参见references/multi-agent-protocol.md。
阶段1:设计
在任何非平凡功能之前,创建设计概要:
- 1. 阅读templates/design-brief.md模板
- 填写:问题陈述、架构概览、关键决策、模块边界、API表面、已知缺口、测试策略
- 提交供人工审核
- 关卡: 在设计概要获批之前,不得进入阶段2
精简模式在此停止 — 设计概要获批后直接进入阶段3。
阶段2:契约(完整模式)
在编写实现代码之前定义API契约:
- 1. 创建/更新contracts/api-spec.yaml(OpenAPI 3.1)— 使用templates/api-spec-starter.yaml作为基础
- 创建/更新contracts/shared-types.ts — 使用templates/shared-types-starter.ts作为基础
- 创建/更新contracts/errors.yaml — 使用templates/errors-starter.yaml作为基础
- 运行bash scripts/validate-contract.sh 检查一致性
- 关卡: 在开始实现之前,契约必须经过审核
参考:references/contract-first-guide.md了解完整的契约优先方法论。
阶段3:实现
编码前检查清单(每次编写代码前执行)
- 1. 检查项目根目录下是否存在contracts/
- 如果存在:读取contracts/api-spec.yaml、contracts/errors.yaml、contracts/shared-types.ts
- 读取CLAUDE.md了解项目特定约束
- 如果任务存在设计概要:读取docs/designs/相关文件
硬性规则(违反=PR被拒绝)
R1:契约即真理
- - 所有API响应必须符合contracts/api-spec.yaml
- 响应结构、状态码、字段名 — 全部来自规范
R2:共享类型 — 导入,绝不重新定义
- - import { User, ApiResponse } from ../contracts/shared-types
- 绝不要创建遮蔽契约类型的本地类型
- 如果shared-types没有所需内容 → 提交变更请求(R5)
R3:仅使用注册表中的错误码
- - 使用contracts/errors.yaml中定义的代码
- 绝不要发明临时错误码
- 需要新代码 → 提交变更请求(R5)
R4:契约测试强制要求
- - 每个新的API端点必须有契约测试
- 契约测试 = 针对OpenAPI规范模式验证实际响应
- 修改的端点 → 更新契约测试
R5:绝不要直接修改契约
如果契约需要变更:
- 1. 创建docs/contract-changes/CHANGE-{日期}-{描述}.md
- 包含:变更内容、原因、影响的模块
- 继续使用当前契约进行实现
- 人工审核并更新契约
R6:CLAUDE.md约束
- - 阅读并遵循CLAUDE.md中的所有⛔硬性约束
- 这些是项目特定的,覆盖一般偏好
R7:提交前检查强制要求
- - 提交前运行lint → 类型检查 → 格式检查 → 契约验证
- 在所有代码变更之后,最后一步运行格式化工具
- 绝不要使用--no-verify绕过
快速参考
| 情况 | 操作 |
|---|
| 需要新端点 | 先检查api-spec.yaml |
| 需要新类型 |
检查shared-types.ts → 如果缺失,提交变更请求 |
| 需要新错误码 | 检查errors.yaml → 如果缺失,提交变更请求 |
| API响应与规范不匹配 | 修复代码,而非规范 |
| 规范似乎有误 | 提交变更请求,按当前规范实现 |
| 没有contracts/目录 | 硬性规则不适用 — 标准开发流程 |
阶段4:验证
实现完成后,验证质量:
- 1. 运行契约测试 — bash scripts/validate-contract.sh
- 运行前端测试 — pnpm test(如果存在前端)
- 运行后端集成测试 — 针对真实服务器+真实数据库的HTTP端到端测试
- 生成缺口报告 — bash scripts/gap-report.sh
- 审核:所有设计概要项目是否已实现?
- 审核:所有端点是否都有契约测试+集成测试?
- 关卡: 所有测试必须通过才能提交PR/MR
测试层级
端到端测试 ← Playwright(真实浏览器+真实后端)
集成测试 ← 真实HTTP服务器+真实数据库(无模拟)
契约测试 ← 针对api-spec.yaml验证(不模拟契约)
前端测试 ← Vitest + React Testing Library + MSW(契约类型化模拟)
单元测试 ← 模拟外部依赖,测试纯逻辑
前端测试(当项目包含前端时)
- - 技术栈: Vitest + React Testing Library + MSW
- 要求覆盖率: API客户端(正常/错误/认证)、数据钩子(加载/成功/错误)、关键组件
- MSW处理器: 必须模拟每个后端端点,数据匹配contracts/shared-types.ts
- CI关卡: pnpm test必须通过 — 与后端测试具有相同的阻断能力
后端集成测试(HTTP端到端)
- - 每个端点必须包含:正常路径(200)+ 错误请求(400)+ 未找到(404)+ 认证失败(401)
- 真实数据库 — 隔离的测试数据库,而非模拟。使用事务或迁移确保干净状态。
- 变更验证 — POST/PUT/DELETE → GET以确认状态变更
- CI流水线: lint → 类型检查 → 单元测试 → 前端测试 → 契约测试 → 集成测试 → 路由覆盖 → 构建 → 端到端测试
消费者驱动的路由覆盖
集成测试必须覆盖前端调用的内容,而不仅仅是后端实现的内容。
- - 完整模式: verify-route-coverage.sh交叉引用前端API调用与后端路由。每个消费者路由都需要后端处理器+集成测试。
- 降级模式: 如果不存在前端清单或可扫描的前端代码,CI发出警告但不失败。提供者驱动的测试仍为基线。
- 跨工作区: 前端代理将consumer-routes.yaml导出到契约仓库。后端CI根据它验证覆盖。
- 路由清单: contracts/route-manifest.yaml — 声明前端消费的每个API路由。自动生成或手动创建。
在CI中集成测试后运行:
bash
bash scripts/verify-route-coverage.sh
测试策略 = 设计产物
全栈功能需要在编码开始前在设计概要中包含完整的测试策略。
参考:references/testing-strategy.md了解完整的测试金字塔和标准。
阶段5:项目管理
跟踪进度并强制执行质量关卡:
- 1. 更新docs/designs/<功能>/implementation-summary.md —
