技能工厂
经 AI Skill Hub 精选评估,技能工厂 获评「推荐使用」。这款Agent工作流在功能完整性、社区活跃度和易用性方面表现出色,AI 评分 7.5 分,适合有一定技术背景的用户使用。
📚 深度解析
技能工厂 工作流的设计遵循"最小配置,最大复用"原则:核心逻辑已经封装好,用户只需配置自己的 API Key 和业务参数即可快速上手。工作流内置错误处理和重试机制,在网络波动或 API 限速等情况下仍能稳定运行,适合作为生产环境的自动化基础设施。
在实际部署时,建议先在测试环境中运行 3-5 次,验证各个环节的输出结果符合预期,再部署到生产环境。AI Skill Hub 评分 7.5 分,是同类 Agent 工作流中的精选推荐。
📋 工具概览
技能工厂 是一套完整的 AI Agent 自动化工作流方案。通过可视化的节点编排,将复杂的多步骤任务拆解为清晰的自动化流程,实现全程无人值守的智能处理。支持与数百种外部服务和 API 无缝集成,适合构建数据处理管线、业务自动化和 AI 辅助决策系统。
📖 中文文档
技能工厂 是一套完整的 AI Agent 自动化工作流方案。通过可视化的节点编排,将复杂的多步骤任务拆解为清晰的自动化流程,实现全程无人值守的智能处理。支持与数百种外部服务和 API 无缝集成,适合构建数据处理管线、业务自动化和 AI 辅助决策系统。
- 可视化 Agent 工作流编排,无需编写复杂代码
- 支持多步骤自动化任务链,实现全流程无人值守
- 与外部 API、数据库和第三方服务无缝集成
- 内置错误处理与自动重试机制,保障稳定运行
- 提供可复用的自动化模板,快速在同类场景部署
- 自动化日常重复性工作,将精力集中于创造性任务
- 构建数据采集 → 处理 → 输出的完整自动化管线
- 实现跨平台、跨系统的数据流转和业务协同
# 方式一:npm 全局安装 npm install -g skillfoundry # 方式二:npx 直接运行(无需安装) npx skillfoundry --help # 方式三:项目依赖安装 npm install skillfoundry # 方式四:从源码运行 git clone https://github.com/samibs/skillfoundry cd skillfoundry npm install npm start
- 访问 GitHub 仓库获取工作流文件
- 在对应平台(Dify / Flowise / Make 等)中找到「导入工作流」功能
- 上传工作流文件
- 按照提示配置必要的环境变量和 API Key
- 运行测试确认流程正常后投入使用
# 命令行使用
skillfoundry --help
# 基本用法
skillfoundry [options] <input>
# Node.js 代码中使用
const skillfoundry = require('skillfoundry');
const result = await skillfoundry.run(options);
console.log(result);
# skillfoundry 配置说明 # 查看配置选项 skillfoundry --config-example > config.yml # 常见配置项 # output_dir: ./output # log_level: info # workers: 4 # 环境变量(覆盖配置文件) export SKILLFOUNDRY_CONFIG="/path/to/config.yml"
SkillFoundry
Turn requirements into tested, production-ready code — with quality gates your AI can't skip.
SkillFoundry is an AI engineering framework that works two ways: as a standalone CLI (sf) with its own AI connection, or as a skill layer inside your existing IDE (Claude Code, Cursor, Copilot, Codex, Gemini, Grok Build). Either way you get the same thing — quality gates your AI can't skip, a PRD-first pipeline that enforces structure before writing code, and persistent memory that learns from every session. 23 real tool agents, 128+ skills, 6 AI providers, a tree-sitter Code Map pre-flight that reads your codebase before the AI writes, Semgrep SAST, PRD linting, cross-platform parity detection, and a knowledge base built from 2,792 artifacts across 49 projects.
<p align="center"> <img src="docs/demo.gif" alt="SkillFoundry /forge demo — PRD validation, story implementation, quality gates, security audit" width="840"> </p>
What's New in v5.17.0
Codebase Comprehension Pre-Flight (Code Map)
v5.17.0 gives your AI a structural map of the code before it writes a line — the missing half of the pre-flight (the other half checks your environment). It's a tree-sitter engine exposed as the sf_codemap tool and the /preflight command, wired straight into /forge and /go.
- Reads the real code, not guesses — extracts the API contract surface (
endpoints[]), import graph, call graph, and a DB/layer map from TS/JS + Python. - Feeds the gates — hands the real endpoints to
sf_contract_checkand unresolved imports tosf_import_validatorbefore code is written, attacking the #1 vibe-coding failure (frontend/backend contract mismatch) proactively. - Cheap to run — incremental refresh re-parses only changed files (sha256-keyed); runs automatically in the IGNITE phase and never blocks (advisory).
- Diff-impact — see the blast radius of a change (which components depend on what you touched).
- Code Map dashboard tab — explore the map by layer, search symbols, toggle a diff-impact overlay (localhost-only).
- Optional, non-authoritative LLM labels — off by default; plain-English summaries are flagged as hints and never satisfy quality gates.
- Pure-WASM tree-sitter — no native build,
npm cistays portable.
Previous: Coding Discipline Protocol (v5.15.0)
- Framework-wide behavioral guardrail (
agents/_coding-discipline.md): Think-Before-Coding, Simplicity-First (scoped), Surgical Changes, Goal-Driven Execution, stricter-rule-wins. Documentation/behavior only.
Previous: MCP Server Security Hardening (v5.14.0)
- Bearer token auth, rate limiting, CORS,
handleRouteError(),MAX_PAGE_SIZE = 500, atomic session writes. All 11 BPSBS controls pass.
Previous: Pipeline Quality (v5.13.0)
/guardloopskill,failure-scan.sh+guardloop-harvest.shhooks,agents/_guardloop-rules.mdadaptive rules file. 10 patterns tracked, CRITICAL patterns auto-promoted after 3 hits.
Previous: FolderFlow — Story State Machine (v5.11.0)
/go+/layer-checkintegration, story checkbox reconciler, folder state machine (todo/in-progress/blocked/done), JSON artifact handlers. 83-case test suite.
Previous: Test Cartographer — /test-map Skill (v5.10.0)
/test-mapskill for automated test documentation across all 5 platforms with three-tier classification (HIGH/MEDIUM/BASELINE), deep optimization for GitHub Copilot with the Claude model (~160 lines of constitutional rules), and config-protect fix for.claude/allowlist entries.- Forge progress notification —
withProgressnotification wraps the forge terminal lifetime, cancellable from the notification. ForgeMonitor sidebar continues tracking phases live viaforge-state.json.
Previous: Adversarial Intelligence (v5.7.0)
Local Vector Memory + Specter Security Engine + Red Team Researcher Skill
- Local Vector Memory — File-based cosine-similarity vector store with multi-provider embedding (Ollama → Transformers → OpenAI).
TransformersEmbeddingProvider(@xenova/transformers) is always available as a zero-dependency local fallback.harvestRunMemorynow semantically indexes every pipeline run. Hybrid recall combines keyword + semantic search. - Specter Security Engine — Adversarial threat modeling phase injected into every pipeline between INSPECT and DEBRIEF (now 9 phases).
SpecterEngineruns an agentic red-team loop, generates attack vectors with severity/CVSS metadata, and executes safe simulations against an allowlisted command set. Registered as the 62nd agent (specter, FULL category). - Red Team Researcher Skill (
/red-team-researcher) — Senior offensive/defensive security researcher persona. Thinks in attacker primitives (source → sink → impact), grades severity by reachability, uses structured finding format. Ships with 6 domain reference files: code review, web/API, cloud infrastructure, threat modeling, reporting, and blue team/incident triage.
Previous: Parallel Dispatch + NL Cron (v5.6.0)
- Parallel Dispatch Engine (
sf_parallel_analyze), Natural Language Cron (sf_cron_compile).
Previous: Hermes Intelligence (v5.5.0)
- LLM Context Summarizer (Haiku-powered), Memory Nudge System (13 tools monitored), FTS5 Session Search (sf_memory_search).
Previous: Token Optimization (v5.4.0)
- Response Optimizer (JSON compaction, concise mode, output truncation), Token Tracker (SQLite-persisted), sf_token_report tool.
Previous: Hook Enforcement (v5.3.0)
- GateGuard (force-read-before-edit), Config Protection (30+ linter/formatter configs), Session Quality Report, Session Lifecycle hooks.
Previous: Multi-Tenant Security (v5.2.0)
- Auto-injected security stories (SEC-001–SEC-006), Multi-Tenant Isolation Gate (7 checks), 10 deviation patterns (MT-001–MT-010).
Previous: Harness Engineering + Learning Intelligence (v5.0–5.1)
- 22 tool agents, Secret Guard, Deviation Enforcer (161 rules), Import Validator, Correction Loop, Health Scores, harness engineering upgrade.
// Token printed to console on first boot — also at data/.api-token
"mcpServers": {
"skillfoundry": {
"url": "http://localhost:9877/mcp/sse",
"headers": { "Authorization": "Bearer <token>" }
}
}Features
Quick Install
```bash
Full pipeline — works in Claude Code, Copilot, Cursor, Codex, Gemini, Grok Build
/prd "add user authentication" # create requirements /forge # validate → implement → gate → audit → harvest /goma # autonomous mode: just describe what you want
One-time setup: connect a global knowledge repo
scripts/knowledge-sync.sh init https://github.com/you/dev-memory.git
Or build from source
cd skillfoundry-vscode && npm install && npm run build code --install-extension skillfoundry-1.3.0.vsix ```
IDE Skills (63 — Claude Code, Copilot, Cursor, Codex, Gemini, Grok Build)
These work inside your AI coding tool, not in the sf CLI:
| Skill | Purpose |
|---|---|
/forge | Full 6-phase pipeline (Ignite → Forge → Temper → Inspect → Remember → Debrief) |
/go | PRD-first orchestrator: validate → stories → implement |
/goma | Autonomous mode: classify intent, route to pipeline, execute |
/prd "idea" | Create a Product Requirements Document |
/coder | Code implementation agent |
/tester | Test generation and validation |
/review | Code review |
/security | Security audit (OWASP, credentials, banned patterns) |
/architect | System design and architecture |
/debug | Interactive debugger (breakpoints, scope, evaluate) |
/layer-check | Three-layer validation (DB → Backend → Frontend) |
/memory | Knowledge management |
/gohm | Harvest lessons from current session |
/autonomous | Toggle autonomous developer loop |
| *...and 50 more* | See /help in your IDE for the full list |
Note: /forge exists in both systems but they are different implementations. The IDE skill orchestrates sub-agents; the CLI command runs a self-contained pipeline.
---
Quick Start (5 Minutes)
1. Install & Setup
npm install -g skillfoundry
sf setup # Pick provider, paste API key2. Create a PRD
/prd "add user authentication" # Describe your feature3. Forge Production Code
/forge # Validate, implement, and test automaticallyUsing an IDE? Run npx skillfoundry init in your project to add these skills directly to Claude Code, Cursor, or Copilot.
<details> <summary><strong>Windows (PowerShell)</strong></summary>
```powershell
Option A: npx
cd C:\MyProject npx skillfoundry init
Option B: npm global
npm install -g skillfoundry cd C:\MyProject; skillfoundry init
Option C: git clone
git clone https://github.com/samibs/skillfoundry.git C:\DevTools\skillfoundry cd C:\MyProject C:\DevTools\skillfoundry\install.ps1 ```
</details>
Requires Node.js v20+ for the standalone CLI. IDE skills work without Node.js. Cross-platform: Works on Linux, macOS, Windows (native, Git Bash, and WSL). Quality gates and anvil scripts auto-detect the environment. New to SkillFoundry? See the Todo API example — a complete project built from a single PRD in two commands. For model recommendations, see Model Compatibility.
---
.skillfoundry/config.toml
[budget] monthly_limit_usd = 50.00 per_run_limit_usd = 2.00 ```
Token usage and cost are shown live in the header during streaming.
.skillfoundry/config.toml
[routing] route_local_first = true # Enable local-first routing local_provider = "ollama" # or "lmstudio" local_model = "llama3.1" # your preferred local model context_window = 0 # 0 = auto-detect from model
**What happens when enabled:**
- Simple tasks (docs, formatting, boilerplate) route to your local model (free)
- Complex tasks (architecture, security, refactoring) route to cloud (paid)
- Context compaction automatically fits prompts within local model limits (4K-32K)
- If the local model is offline, cloud fallback activates with a warning
Standalone CLI — no IDE needed
npm install -g skillfoundry sf setup # interactive: choose provider, paste API key sf forge # run the full pipeline from your terminal
2. The Standalone CLI (`sf`)
A separate terminal app with its own AI connection. Useful for provider switching, budget controls, and working outside an IDE. Has 23 native commands (not all 64 skills).
┏━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━┓
│ ◆ SkillFoundry CLI anthropic:claude-sonnet ● team:dev ● $0.00 ● 14.2k tok │
└──────────────────────────────────────────────────────────────────────────────────┘
│ ▸ sf:coder> I'll help you add dark mode. Let me look at the existing
│ dashboard code...
│
│ ▸ bash npm test ✓ 0.8s
│ ◉ read src/styles/theme.ts ✓ 0.1s
│ ◈ write src/styles/dark.ts ✓ 0.1s
│
│ ● routed:high ● 142 in / 387 out ● $0.0045
╭──────────────────────────────────────────────────────────────────────────────────╮
│ ⟫ looks good, now review for accessibility issues │
╰──────────────────────────────────────────────────────────────────────────────────╯
│ ▸ sf:review> I'll review the dark mode implementation for accessibility...---
Command Reference
sf CLI Commands (23 native)
These work inside the sf terminal app:
| Command | Purpose |
|---|---|
/help | List available commands |
/setup | Configure API keys |
/status | Session info, provider, budget |
/team <name> | Summon a team (dev, security, ops, fullstack, ship) |
/agent <name> | Activate a single agent (coder, review, tester, etc.) |
/plan <task> | Generate an implementation plan |
/apply [plan-id] | Execute a plan with quality gates |
/gates [target] | Run The Anvil quality gates (T1-T7) |
/gate <t0-t7\|all> | Run a single quality gate or all gates |
/forge | Pipeline: validate PRDs → implement → gate → report |
/forge --dry-run | Read-only scan without execution |
/provider [set <name>] | Switch AI provider |
/model [model-name] | List or switch the AI model |
/cost | Token usage and cost report |
/memory [stats\|recall] | Query or record knowledge |
/config [key] [value] | View or edit configuration |
/metrics [--window N] | Quality metrics dashboard with trends |
/report [--format md\|json] | Generate exportable quality report |
/benchmark | Compare quality against industry baselines |
/hook install\|uninstall\|status | Manage git hook integration for quality gates |
/runtime | Runtime intelligence status (message bus, agent pool, vector store) |
/prd review <path> | Score a PRD on 4 dimensions with actionable feedback |
/lessons | Query and manage knowledge bank entries |
Pipeline Resume
/forge tracks story completion and resumes where it left off. If a run is interrupted or partially fails, re-running /forge skips already-completed stories and implements only the remaining ones.
Implementing 2 stories (3 already done, skipped)Stories are marked status: DONE in their .md files after successful completion, including passing micro-gates and fixer loops.
Search "SkillFoundry" in the Extensions panel, or:
code --install-extension skillfoundry.skillfoundry
Pipeline Details
┌─────────────┐
│ /prd │ Write requirements
└──────┬──────┘
│
┌──────▼──────┐
│ /go │ Validate → generate stories → implement
└──────┬──────┘
│
┌────────────┼────────────┐
│ │ │
┌─────▼─────┐ ┌───▼───┐ ┌─────▼─────┐
│ Architect │ │ Coder │ │ Tester │ Agent pipeline
└─────┬─────┘ └───┬───┘ └─────┬─────┘
│ │ │
└────────────┼────────────┘
│
┌──────▼──────┐
│ Micro-Gates │ MG1 security + MG2 standards
└──────┬──────┘
│
┌──────▼──────┐
│ The Anvil │ T1-T6 quality gates
└──────┬──────┘
│
┌──────▼──────┐
│ /security │ OWASP scan + credential check
└──────┬──────┘
│
┌──────▼──────┐
│ /gohm │ Harvest lessons → memory_bank/
└──────┬──────┘
│
┌──────▼──────┐
│ knowledge │ Sync to global repo (optional)
│ sync │ Lessons available in all projects
└─────────────┘/forge runs this entire pipeline in one command. It discovers PRDs, generates stories, implements each story with the agentic tool-use loop, runs micro-gates (MG1 security + MG2 standards per story, MG3 cross-story review), runs T1-T6 quality gates (with auto-fixer retries), persists run metadata, and automatically harvests knowledge entries (run summaries, errors, gate verdicts) to memory_bank/knowledge/*.jsonl. Use /forge --dry-run for a read-only scan.
---
VS Code Extension (v1.3.0)
SkillFoundry ships a native VS Code extension that works as a complete standalone shell — setup wizard, CLI check, quality gates, telemetry, and forge runs directly in your editor.
┌──────────┬──────────────────────────────┬───────────────┐
│ Explorer │ Editor │ SF Sidebar │
│ │ │ │
│ │ src/auth.ts │ ◆ Dashboard │
│ │ ───────────────── │ Pass Rate 94%│
│ │ 1 │ import { hash } │ Last Forge ✓ │
│ │ 2 │ // TODO: add rate ⚠ │ CVEs: 2 high │
│ │ │ ▸ Run T1 (Patterns) │ │
│ │ │ ▸ Run T4 (Security) │ ◆ Gate Status │
│ │ │ T0-T7 results│
│ │ │ │
│ │ │ ◆ Forge │
│ │ │ Phase: SPECTER│
│ │ │ Story: 5/8 │
├──────────┴──────────────────────────────┴───────────────┤
│ SF: 94% gates │ sf:coder │ $0.12 Output │
└─────────────────────────────────────────────────────────┘Features (v1.3.0): - Setup wizard (SkillFoundry: Setup) — On first open, prompts for provider and API key. Key stored in VS Code SecretStorage; never written to disk. Auto-detects missing install and offers setup. - sf CLI check — Detects whether sf is on PATH at activation. If missing, offers npm install -g skillfoundry via integrated terminal in one click. - Forge progress — withProgress notification stays open for the duration of the forge run, cancellable. ForgeMonitor sidebar tracks phases live via forge-state.json. - Sidebar dashboard — gate pass rate, security findings, telemetry trends, dependency CVEs - Inline diagnostics — gate findings appear as squiggly underlines (like ESLint) - CodeLens — "Run T3 (Tests)" above test files, "Run T1/T4" above source files - Command palette — 13 commands: setup, gate, forge, metrics, report, memory recall, PRD, hooks, benchmark - Status bar — gate pass rate with color coding, click to open metrics - File watcher — auto-refreshes dashboard when telemetry updates
```bash
From VS Code Marketplace (recommended)
**项目简介**:SkillFoundry 是一个 AI 驱动的代码生成工具,能够将需求转化为可测试、生产就绪的代码,并通过质量门控确保 AI 无法跳过。
**功能介绍**:v5.17.0 版本新增 Codebase Comprehension Pre-Flight(Code Map)功能,提供代码结构的图表,帮助 AI 在编写代码前了解代码结构。同时,提到了 API 限制等功能。
**环境依赖与系统要求**:无
**安装步骤**:快速安装 SkillFoundry,支持全栈式部署,包括 npm、Docker、源码等方式。支持连接 Claude Code、Copilot、Cursor、Codex 等 AI 平台。
**使用教程**:快速开始使用 SkillFoundry,包括安装、设置、创建 PRD、forge 生成代码等步骤。支持 IDE 和独立 CLI 使用。
**配置说明**:配置 SkillFoundry,包括 MCP、环境变量、关键参数等设置。支持多种部署方式,包括 npm 全局安装、Docker 等。
**API/接口说明**:SkillFoundry CLI 的 API 文档,包括 23 个原生命令和 64 个技能。支持独立 CLI 使用。
**工作流 / 模块说明**:SkillFoundry 的工作流程,包括 /prd、/go、/forge 等命令。支持自动化代码生成和质量门控。
**FAQ 摘要**:无
一个不错的AI工作流框架,支持多平台和质量控制
- 需要让 Claude / Cursor 操作本地工具的 AI 工程师
- 构建多智能体协作系统的 Agent 开发者
- 构建企业知识库 / RAG 检索应用的团队
- 跨境业务、多语言内容运营团队
- 配置 MCP 服务器时建议使用 stdio 传输 + JSON-RPC,避免暴露公网
- 本地部署优先选 GGUF 量化模型,节省显存并保持响应速度
- Agent 任务先做 dry-run 验证工具调用链,再开启自主执行
- API key 直接提交到 git 仓库(请用 .env 并加入 .gitignore)
- MCP 配置路径拼错或权限不足,重启 Claude Desktop 才生效
- 显存不足直接 OOM — 优先降低 context 或换更小的量化模型
- CLI:直接 npm install -g / pip install,命令行调用
- 本地部署:CPU 8GB 起,GPU 推荐 16GB+ 显存
- 云端托管:可放在 Vercel / Railway / Fly.io 等 PaaS 平台
⚡ 核心功能
- 可视化 Agent 工作流编排,无需编写复杂代码
- 支持多步骤自动化任务链,实现全流程无人值守
- 与外部 API、数据库和第三方服务无缝集成
- 内置错误处理与自动重试机制,保障稳定运行
- 提供可复用的自动化模板,快速在同类场景部署
- 需要让 Claude / Cursor 操作本地工具的 AI 工程师
- 构建多智能体协作系统的 Agent 开发者
- 构建企业知识库 / RAG 检索应用的团队
- 跨境业务、多语言内容运营团队
- 配置 MCP 服务器时建议使用 stdio 传输 + JSON-RPC,避免暴露公网
- 本地部署优先选 GGUF 量化模型,节省显存并保持响应速度
- Agent 任务先做 dry-run 验证工具调用链,再开启自主执行
- API key 直接提交到 git 仓库(请用 .env 并加入 .gitignore)
- MCP 配置路径拼错或权限不足,重启 Claude Desktop 才生效
- 显存不足直接 OOM — 优先降低 context 或换更小的量化模型
👥 适合人群
🎯 使用场景
- 自动化日常重复性工作,将精力集中于创造性任务
- 构建数据采集 → 处理 → 输出的完整自动化管线
- 实现跨平台、跨系统的数据流转和业务协同
⚖️ 优点与不足
- +MIT 协议,可免费商用
- +大幅减少重复性人工操作
- +可视化流程,清晰直观
- +可扩展性强,支持复杂场景
- −初始配置和调试需投入一定时间
- −强依赖外部服务的稳定性
- −复杂场景需具备一定技术基础
AI Skill Hub 为第三方内容聚合平台,本页面信息基于公开数据整理,不对工具功能和质量作任何法律背书。
建议在沙箱或测试环境中充分验证后,再部署至生产环境,并做好必要的安全评估。
✅ MIT 协议 — 最宽松的开源协议之一,可自由商用、修改、分发,仅需保留版权声明。
🔗 相关工具推荐
❓ 常见问题 FAQ
AI Skill Hub 点评:技能工厂 的核心功能完整,质量良好。对于自动化工程师和运维人员来说,这是一个值得纳入个人工具库的选择。建议先在非生产环境试用,再逐步推广。
| 原始名称 | skillfoundry |
| 原始描述 | 开源AI工作流:AI engineering framework with quality gates, persistent memory, and multi-platfo。⭐10 · TypeScript |
| Topics | aitypescript工作流 |
| GitHub | https://github.com/samibs/skillfoundry |
| License | MIT |
| 语言 | TypeScript |
收录时间:2026-06-07 · 更新时间:2026-06-08 · License:MIT · AI Skill Hub 不对第三方内容的准确性作法律背书。