优化

Dockerfile

@@ -12,7 +12,9 @@ COPY . .
 # Create a non-root user for security (required by HF Spaces)
 RUN useradd -m -u 1000 user
 RUN chown -R user:user /app
-RUN chmod -R 777 /app/data
+
+# Ensure data directory exists and has correct permissions
+RUN mkdir -p /app/data && chown -R user:user /app/data && chmod -R 777 /app/data
 
 USER user
 

app.py

@@ -2,6 +2,7 @@ from flask import Flask, render_template, request, jsonify, send_file
 import os
 import json
 import uuid
+import shutil
 from datetime import datetime
 
 app = Flask(__name__)
@@ -10,12 +11,24 @@ app.config['MAX_CONTENT_LENGTH'] = 5 * 1024 * 1024  # 5MB Limit
 # Configuration
 DATA_DIR = os.path.join(os.path.dirname(__file__), 'data')
 SOP_FILE = os.path.join(DATA_DIR, 'sops.json')
+DEFAULT_SOP_FILE = os.path.join(os.path.dirname(__file__), 'sops_default.json')
+
 os.makedirs(DATA_DIR, exist_ok=True)
 
 # Initialize data file if not exists
 if not os.path.exists(SOP_FILE):
-    with open(SOP_FILE, 'w', encoding='utf-8') as f:
-        json.dump([], f)
+    if os.path.exists(DEFAULT_SOP_FILE):
+        try:
+            shutil.copy(DEFAULT_SOP_FILE, SOP_FILE)
+            print(f"Initialized {SOP_FILE} from default data.")
+        except Exception as e:
+            print(f"Error copying default data: {e}")
+            # Fallback to empty list
+            with open(SOP_FILE, 'w', encoding='utf-8') as f:
+                json.dump([], f)
+    else:
+        with open(SOP_FILE, 'w', encoding='utf-8') as f:
+            json.dump([], f)
 
 # Error Handlers
 @app.errorhandler(404)

sops_default.json

@@ -0,0 +1,113 @@
+[
+  {
+    "id": "sop-001",
+    "title": "服务器故障应急响应流程",
+    "category": "运维",
+    "version": "1.2",
+    "status": "published",
+    "created_at": "2023-10-01T09:00:00",
+    "updated_at": "2023-11-15T14:30:00",
+    "content": {
+      "purpose": "规范服务器故障时的应急处理步骤，最小化业务中断时间。",
+      "scope": "所有生产环境 Linux 服务器。",
+      "prerequisites": [
+        "拥有服务器 root 权限或 sudo 权限",
+        "已配置监控告警系统 (Prometheus/Grafana)",
+        "已备份关键数据"
+      ],
+      "roles": [
+        "运维工程师",
+        "开发负责人",
+        "CTO"
+      ],
+      "steps": [
+        {
+          "title": "收到告警与确认",
+          "description": "收到监控系统告警后，立即登录监控面板确认故障范围（单机/集群）和类型（CPU/内存/磁盘/网络）。",
+          "role": "运维工程师"
+        },
+        {
+          "title": "初步诊断",
+          "description": "登录故障服务器，使用 top, htop, iotop, netstat 等命令检查系统资源使用情况。查看 /var/log/messages 和应用日志。",
+          "role": "运维工程师"
+        },
+        {
+          "title": "通报故障",
+          "description": "如果预计修复时间超过 10 分钟，需在内部群通报故障情况，并通知开发负责人。",
+          "role": "运维工程师"
+        },
+        {
+          "title": "服务重启/回滚",
+          "description": "尝试重启服务。如果是最近更新导致的问题，立即执行版本回滚。",
+          "role": "运维工程师"
+        },
+        {
+          "title": "故障升级",
+          "description": "如果 30 分钟内无法解决，升级故障至 CTO，并请求高级技术支持。",
+          "role": "开发负责人"
+        }
+      ],
+      "flowchart": "graph TD\n    A[收到告警] --> B{确认故障真实性}\n    B -- 是 --> C[初步诊断]\n    B -- 否 --> Z[标记误报]\n    C --> D{预计修复>10min?}\n    D -- 是 --> E[通报故障]\n    D -- 否 --> F[尝试重启/修复]\n    E --> F\n    F --> G{修复成功?}\n    G -- 是 --> H[撰写事故报告]\n    G -- 否 --> I[回滚版本]\n    I --> J{回滚成功?}\n    J -- 否 --> K[升级故障至CTO]",
+      "troubleshooting": [
+        {
+          "issue": "SSH 无法连接",
+          "solution": "通过云服务商 VNC 控制台登录；检查安全组规则；检查 SSHD 服务状态。"
+        },
+        {
+          "issue": "磁盘空间满",
+          "solution": "使用 du -sh * 查找大文件；清理 /tmp 或日志文件；扩容磁盘。"
+        }
+      ]
+    }
+  },
+  {
+    "id": "sop-002",
+    "title": "新员工入职技术配置",
+    "category": "人事/IT",
+    "version": "2.0",
+    "status": "published",
+    "created_at": "2024-01-10T10:00:00",
+    "updated_at": "2024-01-10T10:00:00",
+    "content": {
+      "purpose": "确保新入职员工在第一天能够获得所有必要的账号和权限。",
+      "scope": "技术部所有新员工。",
+      "prerequisites": [
+        "HR 已发送入职通知",
+        "企业邮箱已创建"
+      ],
+      "roles": [
+        "IT 管理员",
+        "部门主管"
+      ],
+      "steps": [
+        {
+          "title": "开通 GitLab/GitHub 账号",
+          "description": "根据部门需求，将员工账号添加到对应的 Group，并分配 Developer 权限。",
+          "role": "IT 管理员"
+        },
+        {
+          "title": "配置 VPN/内网访问",
+          "description": "创建 VPN 账号，发送配置文件和连接手册给新员工。",
+          "role": "IT 管理员"
+        },
+        {
+          "title": "分配 JIRA/Confluence 权限",
+          "description": "开通项目管理工具账号，拉入对应项目板。",
+          "role": "部门主管"
+        },
+        {
+          "title": "硬件发放与登记",
+          "description": "发放笔记本电脑、显示器等，并在资产管理系统中登记。",
+          "role": "IT 管理员"
+        }
+      ],
+      "flowchart": "graph TD\n    A[收到入职通知] --> B[创建域账号/邮箱]\n    B --> C[配置VPN]\n    C --> D[开通代码仓库权限]\n    D --> E[硬件发放]\n    E --> F[入职指引培训]",
+      "troubleshooting": [
+        {
+          "issue": "VPN 连接失败",
+          "solution": "检查证书是否过期；检查客户端版本；确认网络端口未被封锁。"
+        }
+      ]
+    }
+  }
+]