fs-lawrisk/AGENTS.md

# Repository Guidelines
## 必须使用中文回复我
## Project Structure & Module Organization
`app.py` boots the Flask service and loads blueprints from `lawrisk/`, whose subpackages mirror the request flow: `api/` (v1/v2 routes), `services/` (retrieval logic, PostgreSQL access, DashScope orchestration), `middleware/`, and `utils/` for ingestion/export helpers. Static assets for manual QA live in `static/`, while `data/` stores exported JSON/SQL snapshots used by the ingestion scripts. Formal specs, API references, and prior agent notes are in `docs/`. Python tests (pytest) belong under `tests/`; favor mirroring the module paths (e.g., `tests/api/test_v2.py`).

## Build, Test, and Development Commands
Install dependencies with `pip install -r requirements.txt` from a Python 3.11+ shell. Launch the server via `python app.py`, which binds to `http://localhost:8000` and exposes `/healthz`. Run the lightweight regression suite with `pytest`. Format and lint before submitting using `black .` and `ruff .`; both read `pyproject.toml` defaults so no extra flags are needed. For manual API smoke tests, open `static/v2_tester.html` in a browser or send `curl` requests as shown in `README.md`.

## Coding Style & Naming Conventions
Use Black’s default 88-column formatting and Ruff-compatible imports; never hand-wrap lines differently. Modules, packages, and files are lowercase with underscores (`lawrisk_service.py`). Public functions favor descriptive verbs (`fetch_risk_snapshot`). Prefer dataclass-like dicts for payloads, and keep API responses snake_case to match existing endpoints. Add concise docstrings for service-layer functions that hit external systems. Configuration should be read through `lawrisk.utils.env_loader` rather than `os.environ` directly.

## Testing Guidelines
Pytest is the standard; each new feature should include a focused unit test plus, when feasible, a service-level test hitting the Flask test client. Name tests after the behavior under check (`test_query_returns_ranked_risks`). Use fixtures for sample licenses/risk tables to keep tests deterministic. Aim to cover error paths (missing env vars, DashScope failures) because they are the common regressions. Run `pytest -q` locally before opening a PR, and attach logs when failures are environment-specific.

## Commit & Pull Request Guidelines
Follow the existing Conventional Commit style (`feat: …`, `fix: …`, `chore: …`). Limit commits to one logical change and reference the affected domain in the subject when possible (e.g., `feat: enhance v2 risk scoring`). PRs should describe intent, summarize testing (`pytest`, manual curl, etc.), and link to any tracking issue or checklist. Include screenshots or JSON snippets when adjusting responses so reviewers can verify payload diffs quickly.
-												docs: 添加地区管理员权限与V2查询功能完整测试报告

新增内容：
1. 地区管理员权限与V2查询功能测试报告
   - regional_admin_and_v2_api_test_report.md
   - 验证不同地区管理员添加许可事项后的查询功能
   - 确认权限控制机制正常工作

2. 历史测试报告归档
   - final_test_report.md (许可导入功能测试)
   - test_report_permit_management_and_v2_api.md (管理员API测试)
   - test_report_department_management.md (部门管理测试)
   - test_report_org_chart.md (组织架构测试)
   - test_report_permission_visibility.md (权限可见性测试)
   - test_user_management_report.md (用户管理测试)

3. 功能开发文档
   - DEPT_PERMISSION_SYSTEM.md (部门权限系统)
   - GRADE_DRAG_DROP_FEATURE.md (等级拖拽功能)
   - LOGIN_REDIRECT_IMPLEMENTATION.md (登录跳转实现)
   - ORG_CHART_*.md (组织架构相关文档)

4. 安全与权限修复报告
   - SECURITY_FIXES.md (安全修复)
   - SECURITY_SUMMARY.md (安全总结)
   - PERMISSION_FIX_REPORT.md (权限修复报告)
   - PERMISSION_CONTROL_COMPLETION_REPORT.md (权限控制完成报告)

5. 开发指南文档
   - AGENTS.md (开发代理指南)
   - CLAUDE.md (Claude开发指南)

6. 其他文档
   - data/template/ (许可导入模板文件)
   - README.md, requirements.txt 等基础文件

测试验证结果：
- ✅ 市级、顺德区、高明区均可正常导入和查询许可事项
- ✅ Super Admin拥有全局权限，可跨地区访问
- ✅ 权限控制机制基于grade和department实现
- ✅ V2查询功能支持地区过滤和自然语言查询

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude <noreply@anthropic.com>

											
										
										
											2025-11-18 16:57:42 +08:00
+								# Repository Guidelines
 								## 必须使用中文回复我
 								## Project Structure & Module Organization
 								`app.py` boots the Flask service and loads blueprints from `lawrisk/`, whose subpackages mirror the request flow: `api/` (v1/v2 routes), `services/` (retrieval logic, PostgreSQL access, DashScope orchestration), `middleware/`, and `utils/` for ingestion/export helpers. Static assets for manual QA live in `static/`, while `data/` stores exported JSON/SQL snapshots used by the ingestion scripts. Formal specs, API references, and prior agent notes are in `docs/`. Python tests (pytest) belong under `tests/`; favor mirroring the module paths (e.g., `tests/api/test_v2.py`).
 								## Build, Test, and Development Commands
 								Install dependencies with `pip install -r requirements.txt` from a Python 3.11+ shell. Launch the server via `python app.py`, which binds to `http://localhost:8000` and exposes `/healthz`. Run the lightweight regression suite with `pytest`. Format and lint before submitting using `black .` and `ruff .`; both read `pyproject.toml` defaults so no extra flags are needed. For manual API smoke tests, open `static/v2_tester.html` in a browser or send `curl` requests as shown in `README.md`.
 								## Coding Style & Naming Conventions
 								Use Black’s default 88-column formatting and Ruff-compatible imports; never hand-wrap lines differently. Modules, packages, and files are lowercase with underscores (`lawrisk_service.py`). Public functions favor descriptive verbs (`fetch_risk_snapshot`). Prefer dataclass-like dicts for payloads, and keep API responses snake_case to match existing endpoints. Add concise docstrings for service-layer functions that hit external systems. Configuration should be read through `lawrisk.utils.env_loader` rather than `os.environ` directly.
 								## Testing Guidelines
 								Pytest is the standard; each new feature should include a focused unit test plus, when feasible, a service-level test hitting the Flask test client. Name tests after the behavior under check (`test_query_returns_ranked_risks`). Use fixtures for sample licenses/risk tables to keep tests deterministic. Aim to cover error paths (missing env vars, DashScope failures) because they are the common regressions. Run `pytest -q` locally before opening a PR, and attach logs when failures are environment-specific.
 								## Commit & Pull Request Guidelines
 								Follow the existing Conventional Commit style (`feat: …`, `fix: …`, `chore: …`). Limit commits to one logical change and reference the affected domain in the subject when possible (e.g., `feat: enhance v2 risk scoring`). PRs should describe intent, summarize testing (`pytest`, manual curl, etc.), and link to any tracking issue or checklist. Include screenshots or JSON snippets when adjusting responses so reviewers can verify payload diffs quickly.