governance

Compare original and translation side by side

🇺🇸

Original

English

🇨🇳

Translation

Chinese

Skill: Governance

These are the rules, policies, and best practices that every AI agent in your organization must follow. Always check Guidelines before generating content, making decisions, or taking actions. One update here → every AI tool in your org gets smarter.

Guidelines are stored as markdown documents and are automatically available to all agents via

smartGuidelines

. Use this skill to read, create, update, and manage them.

This skill supports two workflows: conversational editing (chat, SDK scripts, automated pipelines) and GitOps sync (
.md
files in a Git repo synced to the API). Both produce the same output: well-structured guidelines available to all agents via
smartGuidelines
.

这些是你组织内所有AI Agent必须遵守的规则、政策和最佳实践。在生成内容、做出决策或采取行动前，请务必先检查准则。 在此处进行一次更新 → 组织内所有AI工具都会同步更新能力。

准则以markdown文档形式存储，所有Agent都可通过

smartGuidelines

自动访问。你可以使用此Skill读取、创建、更新和管理这些准则。

此Skill支持两种工作流：对话式编辑（聊天、SDK脚本、自动化流水线）和GitOps同步（Git仓库中的
.md
文件同步到API）。两种方式产出的结果一致：结构规范的准则会通过
smartGuidelines
对所有Agent可用。

When NOT to Use This Skill

何时不应使用此Skill

Need to store data about contacts/companies → use entity-memory
Need multi-agent coordination state (tasks, updates, issues) → use collaboration
Need to plan a full Personize integration → use solution-architect

需要存储联系人/公司相关数据 → 使用 entity-memory
需要多Agent协调状态（任务、更新、问题） → 使用 collaboration
需要规划完整的Personize集成 → 使用 solution-architect

Actions

操作

You have 6 actions available. Use whichever is appropriate for what the admin needs. They are not sequential — jump to the right action based on the conversation.

Action	When to Use	Reference
CREATE	Admin shares content or wants a new guideline	`reference/operations.md`
UPDATE	Admin wants to modify an existing guideline (section, append, replace)	`reference/operations.md`
IMPROVE	Admin wants to clean up, restructure, or improve guideline quality	`reference/operations.md`
AUDIT	A factual change affects multiple guidelines (pricing, branding, policy)	`reference/operations.md`
VERIFY	Confirm agents can see the updated content via `smartGuidelines`	`reference/operations.md`
ONBOARD	First-time user with 0-2 guidelines — guide them through setup	`reference/onboarding.md`

Before each action: Read the reference file for full workflows, conversation patterns, and code examples.

你可以使用6种操作，根据管理员的需求选择合适的操作即可。操作无需按顺序执行，可以根据对话直接跳转到对应的操作。

操作	适用场景	参考文档
CREATE	管理员分享内容或想要新增一条准则	`reference/operations.md`
UPDATE	管理员想要修改现有准则（修改章节、追加内容、替换内容）	`reference/operations.md`
IMPROVE	管理员想要梳理、重构或提升准则质量	`reference/operations.md`
AUDIT	事实变更影响多条准则（定价、品牌、政策）	`reference/operations.md`
VERIFY	确认Agent可以通过 `smartGuidelines` 查看更新后的内容	`reference/operations.md`
ONBOARD	首次使用的用户只有0-2条准则 — 引导他们完成设置	`reference/onboarding.md`

执行每项操作前： 请阅读参考文档了解完整工作流、对话模式和代码示例。

Works With Both SDK and MCP — One Skill, Two Interfaces

同时支持SDK和MCP — 一个Skill，两种接口

This skill works identically whether the LLM accesses guidelines via the SDK (code, scripts, IDE agents) or via MCP (Claude Desktop, ChatGPT, Cursor MCP connection).

Interface	How it works	Best for
SDK ( `@personize/sdk` )	`client.guidelines.list()` , `client.guidelines.update()` , etc.	Scripts, CI/CD, IDE agents, recipes
MCP (Model Context Protocol)	`guideline_list` , `guideline_read` , `guideline_create` , `guideline_update` , `guideline_delete` tools	Claude Desktop, ChatGPT, Cursor, any MCP-compatible client

MCP tools map 1:1 to SDK methods:

SDK Method	MCP Tool	Purpose
`client.guidelines.list()`	`guideline_list`	List all guidelines (includes `governanceScope` )
`client.guidelines.getStructure(id)`	`guideline_read(guidelineId)`	Get section headings (TOC) + `governanceScope`
`client.guidelines.getSection(id, { header })`	`guideline_read(guidelineId, header)`	Get section content
`client.guidelines.create(payload)`	`guideline_create(name, value, tags, description)`	Create new guideline
`client.guidelines.update(id, payload)`	`guideline_update(guidelineId, value, updateMode, ...)`	Update guideline
`client.guidelines.delete(id)`	`guideline_delete(guidelineId)`	Delete guideline
`client.guidelines.history(id)`	`guideline_history(guidelineId)`	View change history
`client.ai.smartGuidelines({ message })`	`ai_smart_guidelines(message)`	Verify/fetch guidelines

governanceScope
is a read-only field returned on
guideline_list
and
guideline_read
(structure mode). It contains
alwaysOn
(boolean) and
triggerKeywords
(string array) — auto-inferred at save time. See the "Governance Scope" section below for details.

Response shape note:
client.guidelines.list()
returns
{ data: { actions: [...], count, nextToken? } }
— guidelines are in
data.actions
, not a top-level array. Iterate with
res.data?.actions || []
.

When reading this skill document:

If you're connected via MCP, use the MCP tool names (
```
guideline_list
```
,
```
guideline_update
```
, etc.)
If you're running via SDK, use the
```
client.guidelines.*
```
methods
All workflows, rules, and best practices apply equally to both interfaces

无论LLM是通过SDK（代码、脚本、IDE Agent）还是MCP（Claude Desktop、ChatGPT、Cursor MCP连接）访问准则，此Skill的工作逻辑完全一致。

接口	工作方式	适用场景
SDK ( `@personize/sdk` )	`client.guidelines.list()` 、 `client.guidelines.update()` 等	脚本、CI/CD、IDE Agent、运行脚本
MCP (Model Context Protocol)	`guideline_list` 、 `guideline_read` 、 `guideline_create` 、 `guideline_update` 、 `guideline_delete` 工具	Claude Desktop、ChatGPT、Cursor、任何兼容MCP的客户端

MCP工具与SDK方法一一对应：

SDK方法	MCP工具	用途
`client.guidelines.list()`	`guideline_list`	列出所有准则（包含 `governanceScope` ）
`client.guidelines.getStructure(id)`	`guideline_read(guidelineId)`	获取章节标题（目录）+ `governanceScope`
`client.guidelines.getSection(id, { header })`	`guideline_read(guidelineId, header)`	获取章节内容
`client.guidelines.create(payload)`	`guideline_create(name, value, tags, description)`	创建新准则
`client.guidelines.update(id, payload)`	`guideline_update(guidelineId, value, updateMode, ...)`	更新准则
`client.guidelines.delete(id)`	`guideline_delete(guidelineId)`	删除准则
`client.guidelines.history(id)`	`guideline_history(guidelineId)`	查看变更历史
`client.ai.smartGuidelines({ message })`	`ai_smart_guidelines(message)`	验证/获取准则

governanceScope
是
guideline_list
和
guideline_read
（结构模式）返回的只读字段，包含
alwaysOn
（布尔值）和
triggerKeywords
（字符串数组）—— 保存时自动推断。详情请见下文「治理范围」章节。

响应格式说明：
client.guidelines.list()
返回
{ data: { actions: [...], count, nextToken? } }
—— 准则位于
data.actions
中，不是顶层数组。请使用
res.data?.actions || []
进行遍历。

阅读此Skill文档时：

如果你通过MCP连接，请使用MCP工具名称（
```
guideline_list
```
、
```
guideline_update
```
等）
如果你通过SDK运行，请使用
```
client.guidelines.*
```
方法
所有工作流、规则和最佳实践对两种接口同样适用

Prerequisites

前提条件

SDK Mode

SDK模式

```
@personize/sdk
```
installed
```
PERSONIZE_SECRET_KEY
```
env var set to an
```
sk_live_...
```
key

typescript

import { Personize } from '@personize/sdk';
const client = new Personize({ secretKey: process.env.PERSONIZE_SECRET_KEY! });

已安装
```
@personize/sdk
```
已将
```
PERSONIZE_SECRET_KEY
```
环境变量设置为
```
sk_live_...
```
开头的密钥

typescript

import { Personize } from '@personize/sdk';
const client = new Personize({ secretKey: process.env.PERSONIZE_SECRET_KEY! });

MCP Mode

MCP模式

Personize MCP server connected (SSE endpoint:
```
https://agent.personize.ai/mcp/sse
```
)
API key provided via
```
?api_key=sk_live_...
```
or OAuth configured

Tools

guideline_list

guideline_read

guideline_create

guideline_update

guideline_delete

guideline_history

, and

ai_smart_guidelines

are automatically available

已连接Personize MCP服务器（SSE端点：
```
https://agent.personize.ai/mcp/sse
```
）
已通过
```
?api_key=sk_live_...
```
提供API密钥或配置了OAuth

工具

guideline_list

、

guideline_read

、

guideline_create

、

guideline_update

、

guideline_delete

、

guideline_history

和

ai_smart_guidelines

已自动可用

What Guidelines Are

什么是准则

Guidelines are organization-wide documents — policies, best practices, playbooks, checklists, technical manuals, how-tos — stored as markdown. Once saved, they are automatically available to all agents in the organization via

client.ai.smartGuidelines()

. When any agent asks smartGuidelines a question like "how should I write a cold email?", it retrieves the relevant guidelines and includes them as context.

Examples:

sales-playbook

brand-voice-guidelines

icp-definitions

data-handling-policy

engineering-standards

incident-response-runbook

known-bugs-and-workarounds

pricing-rules

准则是组织级别的文档 —— 政策、最佳实践、操作手册、检查清单、技术手册、操作指南 —— 以markdown形式存储。保存后，所有组织内的Agent都可以通过

client.ai.smartGuidelines()

自动访问。当任何Agent向smartGuidelines询问「我应该怎么写开发信？」这类问题时，它会检索相关准则并作为上下文提供。

示例：

sales-playbook

、

brand-voice-guidelines

、

icp-definitions

、

data-handling-policy

、

engineering-standards

、

incident-response-runbook

、

known-bugs-and-workarounds

、

pricing-rules

Action Summaries

操作概要

CREATE — Draft a New Guideline

CREATE — 起草新准则

Ask admin for topic, audience, and source material
Check for overlap with existing variables (
```
client.guidelines.list()
```
)
Draft with proper markdown structure (H1 title, H2 sections, actionable content)
Propose kebab-case name, tags, description
Show draft and ask for approval → create → verify with
```
smartGuidelines
```

向管理员询问主题、受众和源材料
检查与现有变量是否重叠（
```
client.guidelines.list()
```
）
按照规范markdown结构起草（H1标题、H2章节、可执行内容）
提议短横线命名的名称、标签、描述
展示草稿并请求审批 → 创建 → 用
```
smartGuidelines
```
验证

UPDATE — Modify Existing Guidelines

UPDATE — 修改现有准则

Choose the right update mode:

Scope	Mode	When
Single section	`section`	"Update the Cold Email section"
Add to a section	`appendToSection`	"Add a new rule to the Email Rules section"
Add new section	`append`	"Add a GDPR section to the data policy"
Full rewrite	`replace`	"Completely rewrite this variable"

Workflow: find variable → read structure → read target section → draft update → show before/after → apply with

historyNote

选择合适的更新模式：

范围	模式	适用场景
单个章节	`section`	「更新开发信章节」
追加到章节	`appendToSection`	「给邮件规则章节添加一条新规则」
添加新章节	`append`	「给数据政策添加GDPR章节」
全量重写	`replace`	「完全重写这个变量」

工作流：查找变量 → 读取结构 → 读取目标章节 → 起草更新内容 → 展示变更前后对比 → 附带

historyNote

应用变更

IMPROVE — Enhance Writing Quality

IMPROVE — 提升写作质量

Read content → analyze structure/clarity/formatting/completeness → draft improved version → show summary of changes → apply

读取内容 → 分析结构/清晰度/格式/完整性 → 起草优化版本 → 展示变更摘要 → 应用变更

AUDIT — Cross-Guideline Accuracy Scan

AUDIT — 跨准则准确性扫描

Admin reports a factual change → list ALL guidelines → search for old fact → draft corrections → present batch of proposed changes → apply each with

historyNote

管理员上报事实变更 → 列出所有准则 → 搜索旧事实 → 起草修正内容 → 展示批量变更提案 → 每个变更都附带

historyNote

应用

VERIFY — Confirm Agent Visibility

VERIFY — 确认Agent可见性

After any create/update: call

smartGuidelines

with relevant query → confirm the updated content appears.

Full workflows, conversation patterns, and code: Read
reference/operations.md

任何创建/更新操作后：使用相关查询调用

smartGuidelines

→ 确认更新后的内容已出现。

完整工作流、对话模式和代码： 请阅读
reference/operations.md

Constraints

约束条件

Keywords follow RFC 2119: MUST = non-negotiable, SHOULD = strong default (override with stated reasoning), MAY = agent discretion.

MUST show the admin the proposed change before calling any mutating API -- because silent modifications erode trust and prevent catching errors before they reach production.
MUST include a descriptive
```
historyNote
```
on every update -- because change tracking enables audit trails, team collaboration, and rollback decisions.
MUST call
```
list()
```
and check for name/topic overlap before creating a new guideline -- because duplicate guidelines cause conflicting governance and confuse downstream agents.
SHOULD use section-level updates (
```
section
```
or
```
appendToSection
```
mode) over full
```
replace
```
-- because scoped edits reduce blast radius and allow concurrent editing; override only when structural reorganization requires full rewrite.
MUST call
```
smartGuidelines()
```
after any create or update to verify the change is visible to agents -- because the API call succeeding does not guarantee semantic retrievability.
SHOULD preserve the existing heading structure when updating a section -- because reorganizing adjacent sections creates unintended diffs and may break other agents' section-targeted queries.
SHOULD reuse existing tags before inventing new ones -- because inconsistent tagging fragments filtering and makes audit harder.
MUST write guideline content for agent consumption: explicit instructions, unambiguous language, headers that match likely
```
smartGuidelines
```
search queries -- because agents cannot infer intent from vague prose the way humans do.
SHOULD limit each guideline to a single concept or policy domain -- because mono-topic guidelines produce higher-relevance
```
smartGuidelines
```
matches and are easier to maintain.
MUST preserve the admin's voice and intent when improving structure or formatting -- because the admin owns the content; the agent is a writing assistant, not an editor-in-chief.
SHOULD check
```
history()
```
before editing and mention recent changes by others -- because concurrent edits without awareness cause overwrites in team environments.

关键字遵循 RFC 2119 规范：MUST = 不可协商的硬性要求，SHOULD = 强默认规则（可提供明确理由后覆盖），MAY = Agent可自行判断。

MUST 在调用任何变更API前向管理员展示变更提案 —— 因为静默修改会破坏信任，也无法在变更上线前发现错误。
MUST 每次更新都包含描述性的
```
historyNote
```
—— 因为变更追踪支持审计轨迹、团队协作和回滚决策。
MUST 创建新准则前调用
```
list()
```
检查名称/主题是否重叠 —— 因为重复的准则会导致治理冲突，也会让下游Agent产生混淆。
SHOULD 优先使用章节级更新（
```
section
```
或
```
appendToSection
```
模式）而非全量
```
replace
```
—— 因为范围可控的编辑可以缩小影响范围，支持并发编辑；仅当结构重组需要全量重写时才覆盖此规则。
MUST 任何创建或更新操作后调用
```
smartGuidelines()
```
验证变更对Agent可见 —— 因为API调用成功不代表语义可检索。
SHOULD 更新章节时保留现有标题结构 —— 因为重组相邻章节会产生意外的差异，可能破坏其他Agent的章节定向查询。
SHOULD 优先复用现有标签而非创建新标签 —— 因为不一致的标签会碎片化过滤能力，提升审计难度。
MUST 编写供Agent消费的准则内容：明确的指令、无歧义的语言、匹配
```
smartGuidelines
```
常见搜索查询的标题 —— 因为Agent无法像人类一样从模糊的文本中推断意图。
SHOULD 每个准则只覆盖单个概念或政策领域 —— 因为单主题准则可以让
```
smartGuidelines
```
返回更高相关性的匹配结果，也更易于维护。
MUST 优化结构或格式时保留管理员的表述和意图 —— 因为管理员是内容的所有者，Agent是写作助手，不是主编。
SHOULD 编辑前检查
```
history()
```
并提及其他人最近的变更 —— 因为团队环境中无感知的并发编辑会导致内容覆盖。

Guideline Quality at Scale

大规模准则质量保障

smartGuidelines

uses hybrid semantic scoring (embeddings + keyword matching + governance scope boosts) to select the most relevant guidelines for each task. Its quality is directly affected by how guidelines are structured.

smartGuidelines

使用混合语义评分（嵌入 + 关键词匹配 + 治理范围加权）为每个任务选择最相关的准则，其质量直接受准则结构的影响。

Fewer, Richer Guidelines > Many Small Ones

少量的丰富准则 > 大量的碎片化准则

The retrieval pipeline has dynamic caps on how many guidelines it returns per query (~7-12 critical, ~5-8 supplementary, scaling with total count). This means:

Guideline count	Retrieval quality	Notes
1-20	Excellent	LLM-based routing sees everything
20-50	Very good	Embedding-based fast mode works well
50-80	Good	Quality starts to depend on naming/tagging discipline
80+	Requires care	Must follow all rules below to maintain quality

MUST prefer consolidating related content into fewer, well-structured guidelines over creating many small ones — because each guideline competes for limited retrieval slots, and a single rich document with clear H2 sections is retrieved more reliably than five fragments. The section-level extraction in full mode already supports delivering only the relevant sections from a large guideline.

Examples of consolidation:

Instead of these 5 guidelines...	Create 1 guideline with sections
`api-auth-rules` , `api-error-format` , `api-pagination` , `api-naming` , `api-versioning`	`api-conventions` with H2 sections: Auth, Errors, Pagination, Naming, Versioning
`bug-fix-process` , `known-bugs-list` , `debugging-tips`	`debugging-playbook` with H2 sections: Process, Known Issues, Tips & Patterns
`react-style-guide` , `react-testing` , `react-performance`	`react-standards` with H2 sections: Style, Testing, Performance

检索流水线对每个查询返回的准则数量有动态上限（~7-12条核心准则，~5-8条补充准则，随总数量扩容）。这意味着：

准则数量	检索质量	说明
1-20	优秀	基于LLM的路由可以覆盖所有内容
20-50	非常好	基于嵌入的快速模式运行效果良好
50-80	良好	质量开始依赖命名/标签规范
80+	需要谨慎维护	必须遵守以下所有规则才能保证质量

MUST 优先将相关内容整合为少量结构清晰的准则，而非创建大量小型准则 —— 因为每个准则都会竞争有限的检索插槽，一份带有清晰H2章节的丰富文档比五个碎片化文档的检索可靠性更高。全量模式下的章节级提取能力已经支持从大型准则中只返回相关章节。

整合示例：

与其创建这5条准则...	创建1条包含以下章节的准则
`api-auth-rules` 、 `api-error-format` 、 `api-pagination` 、 `api-naming` 、 `api-versioning`	`api-conventions` ，包含H2章节：Auth、Errors、Pagination、Naming、Versioning
`bug-fix-process` 、 `known-bugs-list` 、 `debugging-tips`	`debugging-playbook` ，包含H2章节：Process、Known Issues、Tips & Patterns
`react-style-guide` 、 `react-testing` 、 `react-performance`	`react-standards` ，包含H2章节：Style、Testing、Performance

Writing for Maximum Retrievability

编写高可检索性内容

Name = search query. Name guidelines as a developer would search for them:
```
api-conventions
```
not
```
doc-v2-final
```
. The name is the highest-weight signal in scoring.
Description = summary sentence. Write the description as if answering "what is this?":
```
"REST API design rules: authentication, error handling, pagination, and naming conventions"
```
. Descriptions feed directly into embedding and keyword scoring.
Tags = routing filters. Use consistent tags (
```
engineering
```
,
```
security
```
,
```
sales
```
,
```
onboarding
```
). Agents can filter by tags to narrow the pool before scoring.
H2 headers = section search targets. In full mode, the LLM can select individual sections by header. Write headers that match how people describe the topic:
```
## Error Response Format
```
not
```
## Section 3.2
```
.
Front-load key terms. Put the most important terms in the first 1000 characters of content — this preview is included in the embedding for semantic matching.

名称 = 搜索查询。 按照开发者的搜索习惯命名准则：用
```
api-conventions
```
而非
```
doc-v2-final
```
。名称是评分中权重最高的信号。
描述 = 摘要句。 按照回答「这是什么？」的逻辑写描述：
```
"REST API设计规则：认证、错误处理、分页和命名规范"
```
。描述会直接输入嵌入和关键词评分。
标签 = 路由过滤器。 使用统一的标签（
```
engineering
```
、
```
security
```
、
```
sales
```
、
```
onboarding
```
）。Agent可以在评分前通过标签过滤缩小范围。
H2标题 = 章节搜索目标。 全量模式下，LLM可以通过标题选择单个章节。按照人们描述主题的方式写标题：用
```
## 错误响应格式
```
而非
```
## 3.2节
```
。
关键词前置。 将最重要的术语放在内容的前1000个字符中 —— 此预览内容会包含在嵌入中用于语义匹配。

When to Split vs. Merge

拆分与合并的判断标准

Split when topics serve different audiences or are queried in completely different contexts (e.g.,

sales-playbook

and

engineering-standards

should stay separate even if both are long).

Merge when topics are often needed together for the same task (e.g., API auth rules and API error formats are almost always needed together when building endpoints).

当主题服务于不同受众或在完全不同的上下文下被查询时拆分（例如

sales-playbook

和

engineering-standards

即使都很长也应该保持独立）。

当主题在同一任务中经常被同时需要时合并（例如构建接口时几乎总是需要同时用到API认证规则和API错误格式）。

Governance Scope: alwaysOn and triggerKeywords

治理范围：alwaysOn和triggerKeywords

Every guideline is automatically analyzed at save time to determine:

alwaysOn — whether this guideline applies to virtually all tasks (e.g., core company values, universal compliance). alwaysOn guidelines are always included regardless of similarity score.
triggerKeywords — action and domain words that trigger inclusion (e.g., "email", "pricing", "customer", "deploy"). Each matching keyword boosts the guideline's retrieval score.

These are inferred by LLM and stored automatically. Keep alwaysOn guidelines to a maximum of 2-3 — each one consumes a retrieval slot on every query.

每条准则在保存时都会被自动分析，确定：

alwaysOn —— 此准则是否适用于几乎所有任务（例如核心公司价值观、通用合规规则）。alwaysOn准则无论相似度评分如何都会被包含。
triggerKeywords —— 触发包含的动作和领域词汇（例如「email」、「pricing」、「customer」、「deploy」）。每个匹配的关键词都会提升准则的检索评分。

这些字段由LLM推断并自动存储。请将alwaysOn准则的数量控制在最多2-3条 —— 每条都会在每次查询时占用一个检索插槽。

How It Works (Architecture)

工作原理（架构）

┌─────────────────────────────────────────────────────┐
│                   GUIDELINES                         │
│              (Personize Variables)                   │
│                                                     │
│  sales-playbook    brand-voice    data-policy        │
│  icp-definitions   engineering-standards   ...       │
└────────┬─────────────────┬─────────────────┬────────┘
         │ smartGuidelines     │ SDK API          │ Sync
         ▼                 ▼                  ▼
┌────────────┐   ┌──────────────┐   ┌──────────────────┐
│ AI Agents  │   │ IDE/Dev Tool │   │ CI/CD Pipelines  │
│ (chat,     │   │ Claude Code  │   │ GitHub Actions   │
│  workflows │   │ Codex/Cursor │   │ Cron jobs        │
│  pipelines)│   │ Gemini/Copilot│  │ n8n workflows    │
└────────────┘   └──────────────┘   └──────────────────┘

Guidelines are one layer of the three-layer agent operating model — together with Memory (

entity-memory

skill) and Workspace (

collaboration

skill). Every agent should call

smartGuidelines()

for rules,

smartDigest()

recall()

for entity knowledge, and

recall()

by workspace tags for coordination — all before acting. Guidelines provide the governance that makes the other two layers safe to use autonomously.

Full architecture guide: See the
collaboration
skill's
reference/architecture.md
for the complete three-layer model, composition patterns, and adoption path.

┌─────────────────────────────────────────────────────┐
│                   GUIDELINES                         │
│              (Personize Variables)                   │
│                                                     │
│  sales-playbook    brand-voice    data-policy        │
│  icp-definitions   engineering-standards   ...       │
└────────┬─────────────────┬─────────────────┬────────┘
         │ smartGuidelines     │ SDK API          │ Sync
         ▼                 ▼                  ▼
┌────────────┐   ┌──────────────┐   ┌──────────────────┐
│ AI Agents  │   │ IDE/Dev Tool │   │ CI/CD Pipelines  │
│ (chat,     │   │ Claude Code  │   │ GitHub Actions   │
│  workflows │   │ Codex/Cursor │   │ Cron jobs        │
│  pipelines)│   │ Gemini/Copilot│  │ n8n workflows    │
└────────────┘   └──────────────┘   └──────────────────┘

准则是三层Agent运营模型的一层 —— 另外两层是Memory（

entity-memory

Skill）和Workspace（

collaboration

Skill）。所有Agent在行动前都应该调用

smartGuidelines()

获取规则，调用

smartDigest()

recall()

获取实体知识，调用

recall()

按工作区标签获取协调信息。准则提供的治理能力让另外两层可以安全地自主运行。

完整架构指南： 请查看
collaboration
Skill的
reference/architecture.md
了解完整的三层模型、组合模式和 adoption 路径。

Team Collaboration

团队协作

When multiple people manage guidelines, follow these practices:

Version history: Every update is tracked. Use
```
client.guidelines.history(id)
```
or
```
guideline_history
```
to review changes. Always start with
```
limit: 1
```
.
Conflict avoidance: Use section-level updates (
```
updateMode: 'section'
```
) — two people can safely update different sections concurrently. Read before writing.
Attribution: Write attribution-rich
```
historyNote
```
values — include what changed, why, and who requested it.
Ownership by tag:
```
sales-*
```
variables owned by sales team,
```
engineering-*
```
by engineering.

Full guide: Read
reference/collaboration.md
for version history patterns, conflict avoidance workflows, team patterns, and weekly review scripts.

当多人管理准则时，请遵循以下实践：

版本历史： 每次更新都会被追踪。使用
```
client.guidelines.history(id)
```
或
```
guideline_history
```
查看变更，始终以
```
limit: 1
```
开头。
冲突规避： 使用章节级更新（
```
updateMode: 'section'
```
）—— 两个人可以安全地同时更新不同章节。写入前先读取。
归因： 编写包含丰富归因信息的
```
historyNote
```
—— 包含变更内容、变更原因、请求人。
按标签归属：
```
sales-*
```
变量由销售团队负责，
```
engineering-*
```
由工程团队负责。

完整指南： 请阅读
reference/collaboration.md
了解版本历史模式、冲突规避工作流、团队模式和周度审查脚本。

Production Guardrails (Recommended, Opt-in)

生产防护栏（推荐，可选开启）

For shared/production deployments, add guardrails to autonomous learning. These are recommendations and are off by default so existing accounts keep working.

```
--require-approval
```
: write proposals JSON, do not mutate guidelines
```
--proposals-file
```
: persist proposals to a reviewable path/artifact
```
--min-confidence 0.60-0.75
```
: skip weak AI extractions
```
--max-updates N
```
: cap per-run blast radius
```
--dry-run
```
: test extraction/routing with zero writes
```
--no-auto-apply
```
: require an explicit promote/apply step

Recommended two-stage CI pattern:

Learn stage (non-mutating): run

scan-git --require-approval --proposals-file ...

Apply stage (approved): run
```
batch --file ...
```
or re-run
```
scan-git --autoApply
```
with stricter bounds

This skill keeps auto-apply available for teams that want speed, but production defaults SHOULD include a review path.

对于共享/生产部署，为自主学习添加防护栏。这些是推荐配置，默认关闭，因此现有账号可以正常运行。

```
--require-approval
```
：写入提案JSON，不修改准则
```
--proposals-file
```
：将提案持久化到可审查的路径/产物
```
--min-confidence 0.60-0.75
```
：跳过置信度低的AI提取结果
```
--max-updates N
```
：限制每次运行的变更影响范围
```
--dry-run
```
：测试提取/路由，不执行任何写入
```
--no-auto-apply
```
：需要显式的提升/应用步骤

推荐的两阶段CI模式：

学习阶段（无变更）：运行

scan-git --require-approval --proposals-file ...

应用阶段（已审批）：运行
```
batch --file ...
```
或使用更严格的边界重新运行
```
scan-git --autoApply
```

此Skill为追求速度的团队保留了自动应用能力，但生产默认配置SHOULD包含审查路径。

Use Cases & Deployment Patterns

用例与部署模式

This skill supports three deployment patterns beyond conversational editing:

Use Case	What It Does	Reference
IDE-Integrated Guidelines	Developers read/write guidelines from Claude Code, Codex, Cursor, Copilot	`reference/use-cases.md`
Autonomous Learning	LLMs auto-extract learnings from incidents, code reviews, conversations	`reference/use-cases.md`
Document Ingestion	Batch-import policies from folders of docs (wikis, Notion, Google Docs)	`reference/use-cases.md`

Full guide: Read
reference/use-cases.md
for code examples, recipes, context engineering best practices, and layered context architecture.

除了对话式编辑外，此Skill还支持三种部署模式：

用例	功能	参考文档
IDE集成准则	开发者可以从Claude Code、Codex、Cursor、Copilot中读取/写入准则	`reference/use-cases.md`
自主学习	LLM自动从事件、代码评审、对话中提取经验	`reference/use-cases.md`
文档导入	从文档文件夹（wiki、Notion、Google Docs）批量导入政策	`reference/use-cases.md`

完整指南： 请阅读
reference/use-cases.md
了解代码示例、运行脚本、上下文工程最佳实践和分层上下文架构。

Available Resources

可用资源

Resource	Contents
`reference/operations.md`	Full workflows for CREATE, UPDATE, IMPROVE, AUDIT, VERIFY + conversation patterns + SDK code
`reference/collaboration.md`	Version history, conflict avoidance, attribution, team patterns, weekly review
`reference/onboarding.md`	First-time setup, starter templates (brand voice, ICP), handling existing content
`reference/use-cases.md`	IDE integration, autonomous learning, document ingestion, context engineering
`reference/team-setup.md`	Team onboarding runbook for SDK + Skills + MCP + governance CI guardrails
`recipes/ide-governance-bridge.ts`	Fetch guidelines from IDE, push learnings back
`recipes/auto-learning-loop.ts`	Automatically extract and persist learnings
`recipes/document-ingestion.ts`	Batch-import policies from a folder of documents
`templates/project-governance-setup.md`	Step-by-step guide for governance-aware projects
`templates/context-engineering-guide.md`	Deep dive on context engineering principles
`sync.ts`	GitOps sync script — push local `.md` files to Personize variables API
`github-action.yml`	GitHub Actions workflow for auto-syncing on push

资源	内容
`reference/operations.md`	CREATE、UPDATE、IMPROVE、AUDIT、VERIFY的完整工作流 + 对话模式 + SDK代码
`reference/collaboration.md`	版本历史、冲突规避、归因、团队模式、周度审查
`reference/onboarding.md`	首次设置、入门模板（品牌调性、ICP）、现有内容处理
`reference/use-cases.md`	IDE集成、自主学习、文档导入、上下文工程
`reference/team-setup.md`	SDK + Skills + MCP + 治理CI防护栏的团队接入操作手册
`recipes/ide-governance-bridge.ts`	从IDE获取准则，回传经验
`recipes/auto-learning-loop.ts`	自动提取并持久化经验
`recipes/document-ingestion.ts`	从文档文件夹批量导入政策
`templates/project-governance-setup.md`	治理感知项目的分步指南
`templates/context-engineering-guide.md`	上下文工程原则深度解析
`sync.ts`	GitOps同步脚本 —— 将本地 `.md` 文件推送到Personize变量API
`github-action.yml`	推送时自动同步的GitHub Actions工作流

Variables as Code (GitOps Sync)

变量即代码（GitOps同步）

For teams that prefer managing guidelines in Git, the included

sync.ts

script syncs local

.md

files to Personize variables. The filename becomes the guideline name, the file content becomes the value.

对于更喜欢在Git中管理准则的团队，内置的

sync.ts

脚本可以将本地

.md

文件同步到Personize变量。文件名作为准则名称，文件内容作为准则值。

Folder Convention

文件夹规范

governance/
└── variables/
    ├── sales-playbook.md
    ├── icp-definitions.md
    ├── brand-voice-guidelines.md
    └── pricing-rules.md

Rules:

Filename = variable name (without
```
.md
```
). Use kebab-case.
File content = variable value (markdown body after optional frontmatter).
YAML frontmatter (optional) = tags and description:

markdown

---
tags: [sales, governance]
description: Sales team playbook and best practices
---

governance/
└── variables/
    ├── sales-playbook.md
    ├── icp-definitions.md
    ├── brand-voice-guidelines.md
    └── pricing-rules.md

规则：

文件名 = 变量名（不含
```
.md
```
），使用短横线命名法。
文件内容 = 变量值（可选前置元数据后的markdown正文）。
YAML前置元数据（可选）= 标签和描述：

markdown

---
tags: [sales, governance]
description: Sales team playbook and best practices
---

Sales Playbook

Your content here...


- Files prefixed with `_` are ignored (e.g., `_draft-policy.md`).
- Subdirectories are not scanned — only files directly in `governance/variables/`.

Your content here...


- 以`_`开头的文件会被忽略（例如`_draft-policy.md`）。
- 不会扫描子目录 —— 仅处理`governance/variables/`下的直接文件。

Sync Algorithm

同步算法

Read local files — Scan
```
governance/variables/*.md
```
, parse frontmatter and body.
Fetch remote state — Call
```
client.guidelines.list()
```
.
Diff by name — Match local filenames to remote variable names:
- Local only → CREATE
- Both exist, content differs → UPDATE
- Both exist, content identical → SKIP
- Remote only → DELETE (only with
```
--delete
```
  flag)
Execute operations — Create/update/delete via SDK.

Print summary —

Created: N, Updated: N, Deleted: N, Unchanged: N

读取本地文件 —— 扫描
```
governance/variables/*.md
```
，解析前置元数据和正文。
获取远程状态 —— 调用
```
client.guidelines.list()
```
。
按名称对比 —— 将本地文件名与远程变量名匹配：
- 仅本地存在 → 创建
- 两边都存在，内容不同 → 更新
- 两边都存在，内容相同 → 跳过
- 仅远程存在 → 删除（仅带
```
--delete
```
  flag时执行）
执行操作 —— 通过SDK创建/更新/删除。

打印摘要 ——

Created: N, Updated: N, Deleted: N, Unchanged: N

CLI Usage

CLI使用

bash

undefined

bash

undefined

Dry run — show what would change

试运行 —— 展示将发生的变更

npx ts-node sync.ts --dry-run

Sync (create + update only, never delete)

同步（仅创建+更新，永不删除）

npx ts-node sync.ts

Sync with deletion of remote-only variables

同步并删除仅远程存在的变量

npx ts-node sync.ts --delete

Pull remote variables to local folder (bootstrap)

拉取远程变量到本地文件夹（初始化）

npx ts-node sync.ts --pull

Custom variables directory

自定义变量目录

npx ts-node sync.ts ./my-variables/


| Flag | Default | Description |
|---|---|---|
| `--dry-run` | off | Show diff without executing changes |
| `--delete` | off | Delete remote variables with no matching local file |
| `--no-delete` | on | Never delete (safe default) |
| `--pull` | off | Download remote variables to local `.md` files |

npx ts-node sync.ts ./my-variables/


| Flag | 默认值 | 描述 |
|---|---|---|
| `--dry-run` | 关闭 | 展示差异，不执行变更 |
| `--delete` | 关闭 | 删除无匹配本地文件的远程变量 |
| `--no-delete` | 开启 | 永不删除（安全默认） |
| `--pull` | 关闭 | 下载远程变量到本地`.md`文件 |

CI Integration

CI集成

Auto-Sync on Push

推送时自动同步

Create

.github/workflows/governance-sync.yml

— triggers when anyone pushes changes to

governance/variables/

yaml

name: Governance Sync

on:
  push:
    branches: [master, main]
    paths:
      - "governance/variables/**"
  workflow_dispatch: {}  # Manual trigger

jobs:
  sync:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v4

      - uses: actions/setup-node@v4
        with:
          node-version: "18"

      - run: npm ci

      - name: Sync governance variables to Personize
        run: npx ts-node Skills/governance/sync.ts governance/variables
        env:
          PERSONIZE_SECRET_KEY: ${{ secrets.PERSONIZE_SECRET_KEY }}

Setup: Add

PERSONIZE_SECRET_KEY

as a GitHub repository secret (Settings → Secrets → Actions).

The CI workflow uses

--no-delete

by default. Add

--delete

to the run command to enable deletion on push.

创建

.github/workflows/governance-sync.yml

—— 当有人推送变更到

governance/variables/

时触发：

yaml

name: Governance Sync

on:
  push:
    branches: [master, main]
    paths:
      - "governance/variables/**"
  workflow_dispatch: {}  # 手动触发

jobs:
  sync:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v4

      - uses: actions/setup-node@v4
        with:
          node-version: "18"

      - run: npm ci

      - name: Sync governance variables to Personize
        run: npx ts-node Skills/governance/sync.ts governance/variables
        env:
          PERSONIZE_SECRET_KEY: ${{ secrets.PERSONIZE_SECRET_KEY }}

设置： 将

PERSONIZE_SECRET_KEY

添加为GitHub仓库密钥（设置 → 密钥 → Actions）。

CI工作流默认使用

--no-delete

。如果需要开启推送时删除，请在运行命令中添加

--delete

。

Auto-Learn from Commits

从提交中自动学习

Create

.github/workflows/governance-learn.yml

— scans source code commits and auto-extracts patterns into the right governance variables:

yaml

name: Governance Auto-Learn

on:
  push:
    branches: [master, main]
    paths:
      - "src/**"
  workflow_dispatch:
    inputs:
      since:
        description: "How far back to scan (e.g., '7 days ago', '1 day ago')"
        required: false
        default: "1 day ago"

jobs:
  learn:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v4
        with:
          fetch-depth: 50  # Need commit history for scan-git

      - uses: actions/setup-node@v4
        with:
          node-version: "18"

      - run: npm ci

      - name: Extract learnings from recent commits
        run: |
          SINCE="${{ github.event.inputs.since || '1 day ago' }}"
          npx ts-node Skills/governance/recipes/auto-learning-loop.ts scan-git \
            --since "$SINCE" \
            --autoApply
        env:
          PERSONIZE_SECRET_KEY: ${{ secrets.PERSONIZE_SECRET_KEY }}

How it works: The

auto-learning-loop.ts scan-git

command reads recent commit diffs, classifies each change (bug-fix →

known-bugs-and-workarounds

, security →

security-standards

, pattern →

engineering-standards

, etc.), and appends the learning to the right governance variable. Developers don't need to do anything — their commits teach the shared brain automatically.

创建

.github/workflows/governance-learn.yml

—— 扫描源代码提交，自动提取模式到对应的治理变量：

yaml

name: Governance Auto-Learn

on:
  push:
    branches: [master, main]
    paths:
      - "src/**"
  workflow_dispatch:
    inputs:
      since:
        description: "扫描的时间范围（例如'7 days ago'、'1 day ago'）"
        required: false
        default: "1 day ago"

jobs:
  learn:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v4
        with:
          fetch-depth: 50  # scan-git需要提交历史

      - uses: actions/setup-node@v4
        with:
          node-version: "18"

      - run: npm ci

      - name: Extract learnings from recent commits
        run: |
          SINCE="${{ github.event.inputs.since || '1 day ago' }}"
          npx ts-node Skills/governance/recipes/auto-learning-loop.ts scan-git \
            --since "$SINCE" \
            --autoApply
        env:
          PERSONIZE_SECRET_KEY: ${{ secrets.PERSONIZE_SECRET_KEY }}

工作原理：

auto-learning-loop.ts scan-git

命令读取最近的提交差异，对每个变更进行分类（bug修复 →

known-bugs-and-workarounds

，安全问题 →

security-standards

，模式 →

engineering-standards

等），并将经验追加到对应的治理变量中。开发者不需要做任何操作 —— 他们的提交会自动教给共享大脑。

Safety

安全性

--delete
is never implied. Remote-only variables are only removed when explicitly requested.
--dry-run
shows the full diff before any changes.
Pull mode (
```
--pull
```
) writes local files but never modifies remote variables.
Frontmatter tags are preserved during update — only the value is compared.
Version history: Every update is tracked with the commit message or a sync note.

--delete
永远不会默认启用。仅当显式请求时才会删除仅远程存在的变量。
--dry-run
会展示完整差异再执行任何变更。
拉取模式（
```
--pull
```
）只会写入本地文件，永远不会修改远程变量。
前置元数据标签 在更新时会被保留 —— 仅对比内容值。
版本历史： 每次更新都会附带提交消息或同步备注进行追踪。

Pull Mode (Bootstrap)

拉取模式（初始化）

bash

npx ts-node sync.ts --pull

Downloads all remote variables as local

.md

files with frontmatter. Never overwrites existing local files.

bash

npx ts-node sync.ts --pull

将所有远程变量下载为带前置元数据的本地

.md

文件，永远不会覆盖现有本地文件。

Example Workflow

示例工作流

Bootstrap:
```
npx ts-node sync.ts --pull
```
Edit
```
governance/variables/sales-playbook.md
```
Preview:
```
npx ts-node sync.ts --dry-run
```
Push:
```
npx ts-node sync.ts
```
Commit and push to Git — CI auto-syncs on merge to main

初始化：
```
npx ts-node sync.ts --pull
```
编辑
```
governance/variables/sales-playbook.md
```
预览：
```
npx ts-node sync.ts --dry-run
```
推送：
```
npx ts-node sync.ts
```
提交并推送到Git —— 合并到main分支后CI自动同步

Complete Team Setup: Shared Governance as a Service

完整团队设置：共享治理即服务

This section walks through the full setup for using governance as a shared knowledge layer across a development team. Every developer contributes knowledge (via markdown files and git commits), and every AI agent consumes it (via

smartGuidelines

本节介绍在开发团队中使用治理作为共享知识层的完整设置流程。每个开发者都可以贡献知识（通过markdown文件和Git提交），每个AI Agent都可以消费知识（通过

smartGuidelines

）。

How Knowledge Flows

知识流入流程

┌─────────────────────────────────────────────────────────────┐
│                  HOW KNOWLEDGE FLOWS IN                      │
│                                                             │
│  Developer A          Developer B          CI/CD Pipeline   │
│  (Claude Code)        (Cursor/Copilot)     (GitHub Actions) │
│       │                    │                     │          │
│  writes code,         writes code,          merges PR,      │
│  fixes bugs,          adds patterns,        runs tests      │
│  learns things        learns things                         │
│       │                    │                     │          │
│       ▼                    ▼                     ▼          │
│  ┌──────────────────────────────────────────────────────┐   │
│  │           governance/variables/*.md                   │   │
│  │                  (in Git repo)                        │   │
│  │                                                      │   │
│  │  coding-standards.md    known-bugs.md                │   │
│  │  architecture-decisions.md   debugging-patterns.md   │   │
│  │  api-conventions.md     testing-playbook.md          │   │
│  │  module-map.md          security-standards.md        │   │
│  └──────────────────────┬───────────────────────────────┘   │
│                         │                                   │
│                    git push / PR merge                       │
│                         │                                   │
│                         ▼                                   │
│              ┌─────────────────────┐                        │
│              │   GitHub Actions     │                        │
│              │   governance-sync    │ ← syncs .md to API    │
│              │   governance-learn   │ ← extracts from code  │
│              └──────────┬──────────┘                        │
│                         │                                   │
│                         ▼                                   │
│  ┌──────────────────────────────────────────────────────┐   │
│  │         Personize Governance Layer                    │   │
│  │         (smartGuidelines API)                         │   │
│  │                                                      │   │
│  │  Every agent in your org can now query:               │   │
│  │  "What are our API conventions?"                      │   │
│  │  "How do we handle auth errors?"                      │   │
│  │  "What depends on the memory module?"                 │   │
│  └──────────────────────┬───────────────────────────────┘   │
│                         │                                   │
│              HOW KNOWLEDGE FLOWS OUT                         │
│                         │                                   │
│       ┌─────────────────┼─────────────────┐                │
│       ▼                 ▼                 ▼                │
│  Developer A       Developer B       Any AI Agent          │
│  (auto-fetches     (auto-fetches     (calls smart          │
│   governance        governance        Guidelines            │
│   into CLAUDE.md)   into .cursorrules) before acting)      │
└─────────────────────────────────────────────────────────────┘

┌─────────────────────────────────────────────────────────────┐
│                  HOW KNOWLEDGE FLOWS IN                      │
│                                                             │
│  Developer A          Developer B          CI/CD Pipeline   │
│  (Claude Code)        (Cursor/Copilot)     (GitHub Actions) │
│       │                    │                     │          │
│  编写代码、修复bug、      编写代码、添加模式、    合并PR、运行测试
│  总结经验                总结经验                           │
│       │                    │                     │          │
│       ▼                    ▼                     ▼          │
│  ┌──────────────────────────────────────────────────────┐   │
│  │           governance/variables/*.md                   │   │
│  │                  (in Git repo)                        │   │
│  │                                                      │   │
│  │  coding-standards.md    known-bugs.md                │   │
│  │  architecture-decisions.md   debugging-patterns.md   │   │
│  │  api-conventions.md     testing-playbook.md          │   │
│  │  module-map.md          security-standards.md        │   │
│  └──────────────────────┬───────────────────────────────┘   │
│                         │                                   │
│                    git push / PR merge                       │
│                         │                                   │
│                         ▼                                   │
│              ┌─────────────────────┐                        │
│              │   GitHub Actions     │                        │
│              │   governance-sync    │ ← 将.md同步到API    │
│              │   governance-learn   │ ← 从代码中提取经验  │
│              └──────────┬──────────┘                        │
│                         │                                   │
│                         ▼                                   │
│  ┌──────────────────────────────────────────────────────┐   │
│  │         Personize Governance Layer                    │   │
│  │         (smartGuidelines API)                         │   │
│  │                                                      │   │
│  │  你组织内的所有Agent现在都可以查询：               │   │
│  │  "我们的API规范是什么？"                              │   │
│  │  "我们怎么处理认证错误？"                              │   │
│  │  "内存模块依赖哪些内容？"                             │   │
│  └──────────────────────┬───────────────────────────────┘   │
│                         │                                   │
│              HOW KNOWLEDGE FLOWS OUT                         │
│                         │                                   │
│       ┌─────────────────┼─────────────────┐                │
│       ▼                 ▼                 ▼                │
│  Developer A       Developer B       Any AI Agent          │
│  (自动获取治理规则     (自动获取治理规则     (行动前调用smart  │
│   到CLAUDE.md)        到.cursorrules)    Guidelines)       │
└─────────────────────────────────────────────────────────────┘

Three Layers of Automation

三层自动化

Layer	What	How	Developer effort
1. GitOps Sync	`.md` files in Git → Personize API	`governance-sync.yml` GitHub Action on push to `governance/variables/`	Edit a `.md` file, push. Done.
2. Auto-Learning	Git commits → governance updates	`governance-learn.yml` GitHub Action scans diffs, classifies changes, appends to right variable	Zero. Commits teach the shared brain.
3. IDE Bridge	Agents fetch governance before acting	`bridge.ts` CLI or MCP `ai_smart_guidelines` tool	Zero. Agent checks automatically.

层级	功能	实现方式	开发者工作量
1. GitOps同步	Git中的 `.md` 文件 → Personize API	推送到 `governance/variables/` 时触发 `governance-sync.yml` GitHub Action	编辑 `.md` 文件，推送。完成。
2. 自动学习	Git提交 → 治理更新	`governance-learn.yml` GitHub Action扫描差异、分类变更、追加到对应变量	零。提交自动教给共享大脑。
3. IDE桥接	Agent行动前获取治理规则	`bridge.ts` CLI或MCP `ai_smart_guidelines` 工具	零。Agent自动检查。

Step-by-Step Setup

分步设置

Step 1: Create the governance folder with seed files

步骤1：创建治理文件夹和种子文件

governance/
├── variables/
│   ├── coding-standards.md          ← Code style, naming, patterns
│   ├── architecture-decisions.md    ← ADRs, why we chose X over Y
│   ├── api-conventions.md           ← Endpoint patterns, error handling
│   ├── testing-playbook.md          ← How/what/when to test
│   ├── debugging-patterns.md        ← Common issues & solutions
│   ├── known-bugs-and-workarounds.md ← Living bug knowledge base
│   ├── security-standards.md        ← Auth, input validation, secrets
│   ├── onboarding-guide.md          ← New developer quick-start
│   ├── pr-review-checklist.md       ← What to check in code reviews
│   ├── module-map.md                ← Every module's purpose, deps, danger zones
│   └── high-risk-changes.md         ← Cross-cutting concerns, approval rules
└── bridge.ts                        ← CLI wrapper for IDE use

Each

.md

file should have YAML frontmatter:

markdown

---
tags: [engineering, standards, governance]
description: One-line summary for routing and search
---

governance/
├── variables/
│   ├── coding-standards.md          ← 代码风格、命名、模式
│   ├── architecture-decisions.md    ← ADR、技术选型决策原因
│   ├── api-conventions.md           ← 接口模式、错误处理
│   ├── testing-playbook.md          ← 测试方式/内容/时机
│   ├── debugging-patterns.md        ← 常见问题与解决方案
│   ├── known-bugs-and-workarounds.md ← 动态bug知识库
│   ├── security-standards.md        ← 认证、输入验证、密钥管理
│   ├── onboarding-guide.md          ← 新开发者快速入门
│   ├── pr-review-checklist.md       ← 代码评审检查项
│   ├── module-map.md                ← 每个模块的用途、依赖、风险点
│   └── high-risk-changes.md         ← 跨领域关注点、审批规则
└── bridge.ts                        ← 供IDE使用的CLI封装

每个

.md

文件都应该包含YAML前置元数据：

markdown

---
tags: [engineering, standards, governance]
description: 用于路由和搜索的单行摘要
---

Title

标题

Section One

章节一

Content written for AI consumption: explicit rules, concrete examples, tables.

为AI消费编写的内容：明确的规则、具体的示例、表格。

Section Two

章节二

Step 2: Add GitHub Actions

步骤2：添加GitHub Actions

Create two workflows (see "CI Integration" section above for full YAML):

.github/workflows/governance-sync.yml
— Syncs

governance/variables/

to Personize on push to main

.github/workflows/governance-learn.yml
— Extracts learnings from
```
src/
```
commits on push to main

Required secret:

PERSONIZE_SECRET_KEY

(Settings → Secrets and variables → Actions)

创建两个工作流（完整YAML请见上文「CI集成」章节）：

.github/workflows/governance-sync.yml
—— 推送到main分支时将

governance/variables/

同步到Personize

.github/workflows/governance-learn.yml
—— 推送到main分支时从
```
src/
```
提交中提取经验

所需密钥：

PERSONIZE_SECRET_KEY

（设置 → 密钥和变量 → Actions）

Step 3: Create the IDE bridge

步骤3：创建IDE桥接

Create

governance/bridge.ts

as a thin CLI wrapper:

typescript

/**
 * Governance Bridge — Local CLI wrapper for IDE governance integration.
 *
 * Usage:
 *   npx ts-node governance/bridge.ts fetch "how do we handle auth?"
 *   npx ts-node governance/bridge.ts learn "DynamoDB needs LastEvaluatedKey pagination"
 *   npx ts-node governance/bridge.ts list
 *   npx ts-node governance/bridge.ts structure <guidelineId>
 *   npx ts-node governance/bridge.ts generate-claude-md
 *
 * Requires: PERSONIZE_SECRET_KEY environment variable
 */
import { resolve } from 'path';
const recipePath = resolve(__dirname, '../Skills/governance/recipes/ide-governance-bridge.ts');
require(recipePath);

创建

governance/bridge.ts

作为轻量CLI封装：

typescript

/**
 * Governance Bridge — 用于IDE治理集成的本地CLI封装。
 *
 * 使用方式：
 *   npx ts-node governance/bridge.ts fetch "how do we handle auth?"
 *   npx ts-node governance/bridge.ts learn "DynamoDB needs LastEvaluatedKey pagination"
 *   npx ts-node governance/bridge.ts list
 *   npx ts-node governance/bridge.ts structure <guidelineId>
 *   npx ts-node governance/bridge.ts generate-claude-md
 *
 * 依赖：PERSONIZE_SECRET_KEY环境变量
 */
import { resolve } from 'path';
const recipePath = resolve(__dirname, '../Skills/governance/recipes/ide-governance-bridge.ts');
require(recipePath);

Step 4: Add governance to CLAUDE.md (or .cursorrules, or copilot instructions)

步骤4：将治理添加到CLAUDE.md（或.cursorrules、copilot指令）

Add a governance block to the project's AI agent instructions so every agent checks shared knowledge first:

markdown

undefined

在项目的AI Agent指令中添加治理块，让所有Agent先检查共享知识：

markdown

undefined

Governance — Check Before Acting

治理 —— 行动前检查

Before writing code, modifying a module, or making architectural decisions:

```bash npx ts-node governance/bridge.ts fetch "your question here" ```

Key files in governance/variables/:

module-map.md — Every module's purpose, dependencies, danger zones
high-risk-changes.md — What needs approval, migration rules
coding-standards.md — Naming, patterns, file structure
api-conventions.md — Endpoints, response format, auth
security-standards.md — Auth, PII, API key handling


For Cursor: add the same block to `.cursorrules`.
For Copilot: add to `.github/copilot-instructions.md`.

在编写代码、修改模块或做出架构决策前：

```bash npx ts-node governance/bridge.ts fetch "your question here" ```

governance/variables/中的关键文件：

module-map.md —— 每个模块的用途、依赖、风险点
high-risk-changes.md —— 需要审批的内容、迁移规则
coding-standards.md —— 命名、模式、文件结构
api-conventions.md —— 接口、响应格式、认证
security-standards.md —— 认证、PII、API密钥处理


对于Cursor：将相同的块添加到`.cursorrules`。
对于Copilot：添加到`.github/copilot-instructions.md`。

Step 5: Initial sync

步骤5：首次同步

bash

undefined

bash

undefined

Set your API key

设置你的API密钥

export PERSONIZE_SECRET_KEY=sk_live_...

Dry run first

先试运行

npx ts-node Skills/governance/sync.ts governance/variables --dry-run

Sync to Personize

同步到Personize

npx ts-node Skills/governance/sync.ts governance/variables

Verify — should return relevant governance

验证 —— 应该返回相关治理规则

npx ts-node governance/bridge.ts fetch "what are our coding standards?"

undefined

npx ts-node governance/bridge.ts fetch "what are our coding standards?"

undefined

Developer Experience

开发者体验

Concern	Answer
"I don't want to learn a new tool"	It's just `.md` files in Git. Edit, commit, push. Done.
"I'll forget to contribute"	Auto-learning extracts from your commits automatically.
"How do I find what the team knows?"	Your AI agent queries `smartGuidelines` before every task.
"What if two people edit the same guideline?"	Section-level updates + Git merge = safe concurrent editing.
"How do I get started?"	`npx ts-node Skills/governance/sync.ts --pull` downloads everything locally.
"What if I'm offline?"	`generate-claude-md` creates a local snapshot for offline use.

疑问	解答
「我不想学新工具」	就是Git里的 `.md` 文件，编辑、提交、推送就完成了。
「我会忘记贡献」	自动学习会从你的提交中自动提取经验。
「我怎么找到团队的已有经验」	你的AI Agent在每个任务前都会查询 `smartGuidelines` 。
「如果两个人编辑同一条准则怎么办？」	章节级更新 + Git合并 = 安全的并发编辑。
「我怎么开始使用？」	`npx ts-node Skills/governance/sync.ts --pull` 会把所有内容下载到本地。
「如果我离线怎么办？」	`generate-claude-md` 会创建本地快照供离线使用。

Example Seed Variables for Engineering Teams

工程团队的示例种子变量

These are the most common governance variables for development teams:

Variable	What it contains	Who maintains
`coding-standards`	Language, framework, naming, module structure	Tech lead
`architecture-decisions`	ADRs: why we chose X over Y	Tech lead + senior devs
`api-conventions`	Endpoint patterns, response format, auth, pagination	Backend team
`testing-playbook`	Framework, test types, how to run, what to test	QA / all devs
`debugging-patterns`	Debug flags, common issues, diagnostic commands	All devs (grows via auto-learn)
`known-bugs-and-workarounds`	Active bugs, recently fixed, open TODOs	All devs (grows via auto-learn)
`security-standards`	Auth patterns, PII redaction, key handling	Security / tech lead
`module-map`	Every module's purpose, deps, consumers, danger zones	Tech lead (grows via auto-learn)
`high-risk-changes`	Cross-cutting concerns, approval rules, migration checklist	Tech lead
`onboarding-guide`	New developer quick-start	All devs
`pr-review-checklist`	What to check in code reviews	All devs

这些是开发团队最常用的治理变量：

变量	内容	维护人
`coding-standards`	语言、框架、命名、模块结构	技术负责人
`architecture-decisions`	ADR：技术选型决策原因	技术负责人 + 高级开发者
`api-conventions`	接口模式、响应格式、认证、分页	后端团队
`testing-playbook`	框架、测试类型、运行方式、测试范围	QA / 所有开发者
`debugging-patterns`	调试开关、常见问题、诊断命令	所有开发者（通过自动学习更新）
`known-bugs-and-workarounds`	活跃bug、最近修复的问题、待办	所有开发者（通过自动学习更新）
`security-standards`	认证模式、PII脱敏、密钥处理	安全团队 / 技术负责人
`module-map`	每个模块的用途、依赖、消费者、风险点	技术负责人（通过自动学习更新）
`high-risk-changes`	跨领域关注点、审批规则、迁移检查清单	技术负责人
`onboarding-guide`	新开发者快速入门	所有开发者
`pr-review-checklist`	代码评审检查项	所有开发者