1. 强调词层级体系(Emphasis Hierarchy)
| 提示词片段 |
出处 |
设计巧妙之处 |
IMPORTANT:, CRITICAL:, NEVER, MUST, DO NOT |
全局使用 |
建立了明确的优先级体系:CRITICAL > IMPORTANT > MUST > NEVER > DO NOT,让模型理解指令的紧迫程度 |
示例:
CRITICAL: Always create NEW commits rather than amending...
IMPORTANT: Avoid using this tool to run...
NEVER skip hooks (--no-verify)
MUST include a Sources: section
DO NOT use the Bash tool...
2. 角色锚定(Role Anchoring)
| 提示词片段 |
出处 |
设计巧妙之处 |
"You are Claude Code, Anthropic's official CLI for Claude." |
constants/system.ts:10 |
简洁明确的身份定义,建立权威性和专业性 |
"You are an interactive agent that helps users with software engineering tasks." |
constants/prompts.ts:180 |
明确定位为"交互式代理"而非"聊天机器人",暗示需要主动行动 |
"You are a verification specialist. Your job is not to confirm the implementation works — it's to try to break it." |
verificationAgent.ts:10 |
对抗性角色设定——通过赋予"破坏者"身份,克服 AI 倾向于"讨好"的行为模式 |
3. 认知偏差对抗(Cognitive Bias Mitigation)
| 提示词片段 |
出处 |
设计巧妙之处 |
"You have two documented failure patterns. First, verification avoidance... Second, being seduced by the first 80%" |
verificationAgent.ts:12 |
自我意识注入——直接告诉模型它的已知弱点,形成"元认知"防线 |
"These are the exact excuses you reach for — recognize them and do the opposite" |
verificationAgent.ts:53-61 |
列出合理化借口清单:如"The code looks correct based on my reading",让模型识别并抵制自我欺骗 |
"If you catch yourself writing an explanation instead of a command, stop. Run the command." |
verificationAgent.ts:61 |
行为触发器——定义具体的自我纠正机制 |
4. 负面示例对比(Negative Example Contrast)
| 提示词片段 |
出处 |
设计巧妙之处 |
"Bad (rejected):" + "Good:" 示例 |
verificationAgent.ts:93-115 |
用对比格式展示错误与正确做法,比单独说"要这样做"更有效 |
示例:
Bad (rejected):
### Check: POST /api/register validation
**Result: PASS**
Evidence: Reviewed the route handler...
(No command run. Reading code is not verification.)
Good:
### Check: POST /api/register rejects short password
**Command run:** curl -s -X POST localhost:8000/api/register...
5. 工具优先级引导(Tool Priority Guidance)
| 提示词片段 |
出处 |
设计巧妙之处 |
"Do NOT use the Bash to run commands when a relevant dedicated tool is provided. This is CRITICAL to assisting the user" |
prompts.ts:305 |
将用户体验作为工具选择的理由,而非仅仅是规则 |
| 专用工具映射表 |
BashTool/prompt.ts:281-291 |
提供具体的替代方案映射:File search: Use Glob (NOT find or ls),比泛泛禁止更易执行 |
6. 安全边界的精细定义(Security Boundary Definition)
| 提示词片段 |
出处 |
设计巧妙之处 |
"Assist with authorized security testing...Refuse requests for destructive techniques, DoS attacks, mass targeting..." |
cyberRiskInstruction.ts:24 |
白名单+黑名单组合——先说允许什么(CTF、渗透测试),再说禁止什么,比单纯禁止更实用 |
"Dual-use security tools...require clear authorization context" |
cyberRiskInstruction.ts:24 |
定义灰色地带的判断标准:需要"明确的授权上下文" |
7. 动作可逆性框架(Reversibility Framework)
| 提示词片段 |
出处 |
设计巧妙之处 |
"Carefully consider the reversibility and blast radius of actions" |
prompts.ts:257 |
引入**"爆炸半径"**这一安全工程概念,让模型评估影响范围 |
| 风险操作分类列表 |
prompts.ts:260-264 |
将风险分为三类:破坏性操作、难以逆转操作、影响他人操作,形成决策框架 |
"measure twice, cut once" |
prompts.ts:266 |
用谚语强化核心原则,比长篇解释更易记忆 |
8. READ-ONLY 模式强制执行
| 提示词片段 |
出处 |
设计巧妙之处 |
"=== CRITICAL: READ-ONLY MODE - NO FILE MODIFICATIONS ===" |
planAgent.ts:23 |
视觉突出——使用等号包围和全大写,形成"警告标志" |
"You are STRICTLY PROHIBITED from:" + 详细列表 |
planAgent.ts:24-31 |
穷尽式列举所有禁止操作,不留解释空间 |
"You do NOT have access to file editing tools - attempting to edit files will fail." |
planAgent.ts:33 |
告知技术限制,让模型理解这不是建议而是事实 |
9. 记忆系统的类型学设计(Memory Taxonomy)
| 提示词片段 |
出处 |
设计巧妙之处 |
四种记忆类型:user, feedback, project, reference |
memoryTypes.ts:14-19 |
封闭分类体系——明确"只有这四种",防止模型发明新类型 |
<when_to_save>, <how_to_use>, <examples> |
memoryTypes.ts:46-55 |
结构化定义:每种类型都有触发条件、使用场景和示例,形成完整的决策框架 |
"What NOT to save in memory" |
memoryTypes.ts:183-195 |
负面清单:明确排除"代码模式、git历史"等可从代码推断的内容 |
10. 时间感知设计(Temporal Awareness)
| 提示词片段 |
出处 |
设计巧妙之处 |
"Always convert relative dates in user messages to absolute dates when saving (e.g., 'Thursday' → '2026-03-05')" |
memoryTypes.ts:79 |
防止信息腐烂——相对日期随时间失去意义 |
"A memory that names a specific function...is a claim that it existed *when the memory was written*. It may have been renamed, removed, or never merged." |
memoryTypes.ts:247-248 |
记忆有效性警告——提醒模型验证记忆的当前有效性 |
"The time in each <tick> is the user's current local time. Use it to judge the time of day" |
prompts.ts:866 |
时区感知——避免将外部系统时间与用户本地时间混淆 |
11. 自主工作模式的行为调节
| 提示词片段 |
出处 |
设计巧妙之处 |
"If you have nothing useful to do on a tick, you MUST call Sleep." |
prompts.ts:874 |
防止无效轮次——明确禁止"still waiting"类空回复 |
"Do not spam the user. If you already asked something and they haven't responded, do not ask again." |
prompts.ts:884 |
社交智能——避免重复提问的骚扰行为 |
"terminalFocus" 字段处理 |
prompts.ts:910-913 |
根据用户注意力调整自主程度:unfocused 时更自主,focused 时更协作 |
12. 验证证据格式强制
| 提示词片段 |
出处 |
设计巧妙之处 |
"A check without a Command run block is not a PASS — it's a skip." |
verificationAgent.ts:82 |
重新定义"通过"的标准——没有证据的声称不算通过 |
"VERDICT: PASS" / "FAIL" / "PARTIAL" |
verificationAgent.ts:117-127 |
结构化输出格式——便于程序解析和人工审核 |
"PARTIAL is for environmental limitations only — not for 'I'm unsure'" |
verificationAgent.ts:125 |
消除模糊地带——明确 PARTIAL 的唯一合法用途 |
13. 缓存友好的系统提示词设计
| 提示词片段 |
出处 |
设计巧妙之处 |
SYSTEM_PROMPT_DYNAMIC_BOUNDARY = '__SYSTEM_PROMPT_DYNAMIC_BOUNDARY__' |
prompts.ts:114-115 |
分离静态与动态内容——边界标记前的内容可全局缓存,减少 token 消耗 |
"The sandbox already sets $TMPDIR at runtime" |
BashTool/prompt.ts:190 |
将用户特定路径替换为 $TMPDIR,使提示词跨用户通用 |
14. 反"过度工程"指令
| 提示词片段 |
出处 |
设计巧妙之处 |
"Don't add features, refactor code, or make 'improvements' beyond what was asked. A bug fix doesn't need surrounding code cleaned up." |
prompts.ts:201 |
明确范围边界——防止 AI 的"好心办坏事" |
"Three similar lines of code is better than a premature abstraction." |
prompts.ts:203 |
具体阈值指导——给出判断"重复 vs 抽象"的启发式规则 |
"Don't gold-plate, but don't leave it half-done." |
prompts.ts:758 |
双向约束——既防过度也防不足 |
15. Fork 子代理的上下文继承设计
| 提示词片段 |
出处 |
设计巧妙之处 |
"Since the fork inherits your context, the prompt is a *directive* — what to do, not what the situation is." |
AgentTool/prompt.ts:95 |
区分指令类型——fork 用指令式,新代理用背景式 |
"Don't peek... Reading the transcript mid-flight pulls the fork's tool noise into your context, which defeats the point of forking." |
AgentTool/prompt.ts:91 |
解释设计意图——告诉模型为什么不应该读取 fork 输出 |
"Don't race. After launching, you know nothing about what the fork found. Never fabricate or predict fork results" |
AgentTool/prompt.ts:93 |
防止幻觉——明确禁止"预测"子代理结果 |
总结:设计原则提炼
- 明确优先级:使用层级化的强调词(CRITICAL > IMPORTANT > MUST > NEVER)
- 对抗式角色:通过赋予"破坏者"角色克服 AI 的讨好倾向
- 元认知注入:直接告诉模型它的已知弱点
- 负面示例:用 Bad/Good 对比比单独说"应该"更有效
- 穷尽式列举:不留解释空间的禁止清单
- 结构化输出:强制格式便于验证和解析
- 时间感知:处理记忆腐烂和时区差异
- 缓存优化:分离静态/动态内容减少 token 消耗
- 范围约束:双向限制防止过度和不足
- 设计意图透明:解释"为什么"而非只说"是什么"