# Personal Workbench & Business Flywheel OS

生成时间：2026-05-30T01:53:22
Release：v1.0-github-release

这是一个 AI 原生的个人工作台 + 业务增长飞轮系统项目。

当前阶段状态：

```text
PRD：v1.2
低保真设计：v1.1
高保真结构设计：v0.1
Clickable Prototype：v0.2
MVP-0 Static Enhanced Prototype：v0.1
MVP-1 Local Mock App：v0.2，已完成并通过 runtime/build validation
MVP-2 Local API Mock Server：v0.1，已完成并通过 runtime/contract validation
当前阶段：MVP-2 Final Review v0.1，等待 CEO 最终审查
v0.3 Full Project Bundle：已加入 code/ 下的 Personal Workbench + Light Food Flywheel 可运行包
```

## 当前核心结论

```text
MVP-1：已完成
MVP-2 Local API Mock Server：已实现
MVP-2 Runtime / Contract Validation：PASS
MVP-2 Final Review：已生成，等待 CEO 最终审查
仍然禁止：真实 API、真实数据库、生产数据、生产写入、高风险动作执行
```

## 目录说明

```text
docs/
  ceo-reviews/         CEO 审查报告
  prd/                 PRD 与需求验证
  prototype/           低保真、高保真、可点击原型资料
  technical/           MVP 技术方案、Readiness、Final Review
  validations/         重要验证报告
  manifests/           版本 manifest

apps/
  mvp-0-static-enhanced-prototype-v0.1/
  mvp-1-local-mock-app-v0.2/
  mvp-2-local-api-mock-server-v0.1/

contracts/
  mvp-2 API contract 与 contract test cases

github/
  GITHUB_PUSH_INSTRUCTIONS.md
  CONTINUATION_PROMPT.md
  CURRENT_STATE.md

code/
  personal-workbench-business-flywheel-os-monorepo-v0.3/

docs/deployment/
  GitHub / Vercel / Cloudflare 配置与交接说明
```

## 安装

根目录只包装平台预览和 v0.3 业务 mock。MVP-2 API 与 Sandbox 前端各自维护依赖：

```bash
npm ci
npm --prefix apps/mvp-2-local-api-mock-server-v0.1 install --package-lock=false
npm --prefix apps/sandbox-mvp install --package-lock=false
```

## 本地验证

### 完整验证矩阵

```bash
npm run validate:all
npm run build
npm run preflight:publish
```

`validate:all` 覆盖 v0.3 monorepo、MVP-2 Fastify contract smoke、Sandbox source smoke、GitHub bridge guardrails 和发布前敏感扫描。

### v0.3 Full Project Bundle

```bash
npm test
npm run test:mvp2
npm run test:sandbox
npm run test:bridge
npm run preflight:publish
npm run build
npm run start:workbench
npm run start:light-food
```

平台静态预览输出在 `public/`，Vercel 和 Cloudflare Pages 都按该目录配置；完整交互服务仍走本机 Node mock，避免在静态托管环境误写本地 JSON 状态。

### MVP-1

```bash
cd apps/mvp-1-local-mock-app-v0.2
python scripts/validate_mvp1.py
python scripts/validate_guardrails.py
python scripts/validate_fixture_sync.py
npm install
npm run build
```

### MVP-2

```bash
cd apps/mvp-2-local-api-mock-server-v0.1
python scripts/validate_mvp2.py
python scripts/validate_api_contract.py
python scripts/validate_no_external_network.py
python scripts/validate_mock_guardrails.py
python scripts/validate_contract_tests.py
npm install
npm run build
npm run test:contract
npm run dev
```

MVP-2 默认本地服务：

```text
http://127.0.0.1:4312/api/mock
```

### Sandbox MVP

```bash
cd apps/sandbox-mvp
npm install
npm run test:smoke
npm run build
npm run dev
```

## 环境变量示例

不要提交真实 `.env`。如需部署 GitHub bridge，只在平台环境变量里配置：

```text
GITHUB_TOKEN=ghp_xxx_placeholder
BRIDGE_ACCESS_KEY=random-long-placeholder
ALLOWED_OWNER=wanghui6670-max
ALLOWED_REPO=personal-workbench-business-flywheel-os
BRIDGE_ALLOWED_ORIGIN=https://chatgpt.com
ALLOW_GRAPHQL=false
```

`BRIDGE_ACCESS_KEY` 只能通过 `Authorization: Bearer <key>` 传递，不能放在 URL path、query 或 body。

## 安全边界

```text
Local only
Mock only
No real API
No real database
No production data
No production write
No real execution
R3/R4 locked
No secrets in repo
```