npm - @a5c-ai/kradle - Versions diffs - 5.0.1-staging.3abdf9534c25 - Mend

@a5c-ai/kradle 5.0.1-staging.3abdf9534c25

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (295) hide show

package/Dockerfile +31 -0
package/README.md +187 -0
package/bin/kradle-demo.mjs +23 -0
package/bin/kradle-server.mjs +14 -0
package/dist/kradle-controller-ui.json +3482 -0
package/dist/kradle-lifecycle.json +201 -0
package/dist/kradle-runtime-snapshot.json +3125 -0
package/dist/kradle-summary.json +724 -0
package/docs/README.md +61 -0
package/docs/agents/README.md +83 -0
package/docs/agents/acceptance-test-matrix.md +193 -0
package/docs/agents/agent-mux-adapter-contract.md +167 -0
package/docs/agents/agent-mux-source-map.md +310 -0
package/docs/agents/agent-run-memory-import-spec.md +256 -0
package/docs/agents/agent-stack-management-spec.md +421 -0
package/docs/agents/api-contract-spec.md +309 -0
package/docs/agents/artifacts-writeback-spec.md +145 -0
package/docs/agents/chart-packaging-spec.md +128 -0
package/docs/agents/ci-orchestration-spec.md +140 -0
package/docs/agents/context-assembly-spec.md +219 -0
package/docs/agents/controller-reconciliation-spec.md +255 -0
package/docs/agents/crd-schema-spec.md +315 -0
package/docs/agents/decision-log-open-questions.md +169 -0
package/docs/agents/developer-implementation-checklist.md +329 -0
package/docs/agents/dispatching-design.md +262 -0
package/docs/agents/gaps-agent-mux-to-kradle-crds.md +298 -0
package/docs/agents/glossary.md +66 -0
package/docs/agents/implementation-blueprint.md +324 -0
package/docs/agents/implementation-rollout-slices.md +251 -0
package/docs/agents/memory-context-integration-spec.md +194 -0
package/docs/agents/memory-ontology-schema-spec.md +253 -0
package/docs/agents/memory-operations-runbook.md +121 -0
package/docs/agents/mvp-vertical-slice-spec.md +146 -0
package/docs/agents/observability-audit-spec.md +265 -0
package/docs/agents/operator-runbook.md +174 -0
package/docs/agents/org-memory-api-payload-examples.md +333 -0
package/docs/agents/org-memory-controller-sequence-spec.md +181 -0
package/docs/agents/org-memory-e2e-fixture-plan.md +161 -0
package/docs/agents/org-memory-ui-implementation-map.md +114 -0
package/docs/agents/org-memory-vertical-slice-spec.md +168 -0
package/docs/agents/org-resource-model-delta-spec.md +111 -0
package/docs/agents/org-route-resource-model-spec.md +183 -0
package/docs/agents/org-scoping-namespace-spec.md +114 -0
package/docs/agents/rbac-secrets-management-spec.md +406 -0
package/docs/agents/repository-page-integration-spec.md +255 -0
package/docs/agents/resource-contract-examples.md +808 -0
package/docs/agents/resource-relationship-map.md +190 -0
package/docs/agents/security-threat-model.md +188 -0
package/docs/agents/shared-memory-company-brain-spec.md +358 -0
package/docs/agents/storage-migration-spec.md +168 -0
package/docs/agents/subagent-orchestration-spec.md +152 -0
package/docs/agents/system-overview.md +88 -0
package/docs/agents/tools-mcp-skills-spec.md +189 -0
package/docs/agents/traceability-matrix.md +79 -0
package/docs/agents/ui-flow-spec.md +211 -0
package/docs/agents/ui-ux-system-spec.md +426 -0
package/docs/agents/workspace-lifecycle-spec.md +166 -0
package/docs/architecture-spec.md +78 -0
package/docs/architecture-v2.md +2759 -0
package/docs/components/control-plane.md +78 -0
package/docs/components/data-plane.md +69 -0
package/docs/components/hooks-events.md +67 -0
package/docs/components/identity-rbac-policy.md +73 -0
package/docs/components/kubevela-oam.md +70 -0
package/docs/components/operations-publishing.md +81 -0
package/docs/components/runners-ci.md +66 -0
package/docs/components/web-ui.md +94 -0
package/docs/crd-behaviors-and-relationships.md +3926 -0
package/docs/external/README.md +47 -0
package/docs/external/bidirectional-sync-design.md +134 -0
package/docs/external/cicd-interface.md +64 -0
package/docs/external/external-backend-controllers.md +170 -0
package/docs/external/external-backend-crds.md +234 -0
package/docs/external/external-backend-ui-spec.md +151 -0
package/docs/external/external-backend-ux-flows.md +115 -0
package/docs/external/external-object-mapping.md +125 -0
package/docs/external/git-forge-interface.md +68 -0
package/docs/external/github-integration-design.md +151 -0
package/docs/external/issue-tracking-interface.md +66 -0
package/docs/external/provider-capability-manifests.md +204 -0
package/docs/external/provider-catalog.md +139 -0
package/docs/external/provider-rollout-testing.md +78 -0
package/docs/external/research-results.md +48 -0
package/docs/external/security-auth-permissions.md +81 -0
package/docs/external/sync-state-machines.md +108 -0
package/docs/external/unified-external-backend-model.md +107 -0
package/docs/external/user-facing-changes.md +67 -0
package/docs/gaps.md +161 -0
package/docs/install.md +94 -0
package/docs/integration-and-design-decisions.md +1530 -0
package/docs/kradle-design.md +334 -0
package/docs/local-minikube.md +55 -0
package/docs/ontology/README.md +32 -0
package/docs/ontology/bounded-contexts.md +29 -0
package/docs/ontology/events-and-hooks.md +32 -0
package/docs/ontology/oam-kubevela.md +32 -0
package/docs/ontology/operations-and-release.md +25 -0
package/docs/ontology/personas-and-actors.md +32 -0
package/docs/ontology/policies-and-invariants.md +33 -0
package/docs/ontology/problem-space.md +30 -0
package/docs/ontology/resource-contracts.md +40 -0
package/docs/ontology/resource-taxonomy.md +42 -0
package/docs/ontology/runners-and-ci.md +29 -0
package/docs/ontology/solution-space.md +24 -0
package/docs/ontology/storage-and-data-boundaries.md +29 -0
package/docs/ontology/validation-matrix.md +24 -0
package/docs/ontology/web-ui-excellent-flows.md +32 -0
package/docs/ontology/workflows.md +39 -0
package/docs/ontology/world.md +35 -0
package/docs/openapi.yaml +1291 -0
package/docs/product-requirements.md +62 -0
package/docs/requirements-v2.md +235 -0
package/docs/roadmap-mvp.md +87 -0
package/docs/sdk-api-reference.md +1108 -0
package/docs/system-requirements.md +90 -0
package/docs/system-spec-v2.md +1230 -0
package/docs/tests/README.md +53 -0
package/docs/tests/agent-qa-plan.md +63 -0
package/docs/tests/browser-ui-tests.md +62 -0
package/docs/tests/ci-quality-gates.md +48 -0
package/docs/tests/coverage-model.md +64 -0
package/docs/tests/e2e-scenario-tests.md +53 -0
package/docs/tests/fixtures-test-data.md +63 -0
package/docs/tests/observability-reliability-tests.md +54 -0
package/docs/tests/product-test-matrix.md +145 -0
package/docs/tests/qa-adoption-roadmap.md +130 -0
package/docs/tests/qa-automation-plan.md +101 -0
package/docs/tests/security-compliance-tests.md +57 -0
package/docs/tests/test-framework-tools.md +88 -0
package/docs/tests/test-suite-layout.md +121 -0
package/docs/tests/unit-integration-tests.md +48 -0
package/docs/todo-kyverno +714 -0
package/docs/todos.md +4 -0
package/docs/user-stories.md +78 -0
package/docs/web-console-spec.md +533 -0
package/examples/minikube-demo.yaml +190 -0
package/examples/oam-application.yaml +23 -0
package/examples/policy-kyverno-pr-title.yaml +18 -0
package/package.json +66 -0
package/scripts/build.mjs +29 -0
package/scripts/setup-minikube.mjs +65 -0
package/scripts/smoke.mjs +37 -0
package/scripts/validate-doc-coverage.mjs +152 -0
package/scripts/validate-package.mjs +95 -0
package/scripts/validate-ui.mjs +305 -0
package/src/agent-adapter-controller.js +169 -0
package/src/agent-approval-controller.js +170 -0
package/src/agent-context-bundles.js +242 -0
package/src/agent-dispatch-controller.js +549 -0
package/src/agent-gateway-config-controller.js +147 -0
package/src/agent-identity-migration.js +115 -0
package/src/agent-memory-controller.js +357 -0
package/src/agent-memory-import.js +327 -0
package/src/agent-memory-query.js +292 -0
package/src/agent-memory-repository-source-controller.js +255 -0
package/src/agent-mux-client.js +589 -0
package/src/agent-permission-review.js +250 -0
package/src/agent-persona-controller.js +135 -0
package/src/agent-project-controller.js +117 -0
package/src/agent-prompt-composition.js +55 -0
package/src/agent-provider-config-controller.js +151 -0
package/src/agent-secret-config-grant-controller.js +282 -0
package/src/agent-session-transcript-controller.js +189 -0
package/src/agent-stack-controller.js +421 -0
package/src/agent-subagent-controller.js +160 -0
package/src/agent-transport-binding-controller.js +121 -0
package/src/agent-trigger-controller.js +387 -0
package/src/agent-workspace-controller.js +702 -0
package/src/agent-writeback-controller.js +302 -0
package/src/api-controller.js +621 -0
package/src/argocd-gitops.js +43 -0
package/src/artifact-registry-controller.js +542 -0
package/src/assistant-runtime.js +284 -0
package/src/async-controller.js +207 -0
package/src/audit-controller.js +191 -0
package/src/auth.js +310 -0
package/src/component-catalog.js +41 -0
package/src/control-plane.js +136 -0
package/src/controller-client.js +112 -0
package/src/controller-ui.js +620 -0
package/src/data-plane.js +179 -0
package/src/event-bus.js +397 -0
package/src/external/conflict-controller.js +225 -0
package/src/external/github/auth.js +96 -0
package/src/external/github/cicd.js +180 -0
package/src/external/github/git-forge.js +240 -0
package/src/external/github/index.js +144 -0
package/src/external/github/issue-tracking.js +163 -0
package/src/external/provider-adapter.js +161 -0
package/src/external/provider-resource-factory.js +221 -0
package/src/external/sync-controller.js +235 -0
package/src/external/webhook-controller.js +144 -0
package/src/external/write-controller.js +283 -0
package/src/gitea-backend.js +131 -0
package/src/gitea-service.js +173 -0
package/src/handoff.js +98 -0
package/src/health-probes.js +134 -0
package/src/hooks-events.js +63 -0
package/src/hooks-lifecycle.js +117 -0
package/src/http-server.js +409 -0
package/src/identity-policy.js +86 -0
package/src/index.js +71 -0
package/src/jitsi-agent-bridge.js +141 -0
package/src/jitsi-meeting-controller.js +291 -0
package/src/jitsi-sync-controller.js +198 -0
package/src/kradle-inference-service-controller.js +246 -0
package/src/kubernetes-controller-async.js +531 -0
package/src/kubernetes-controller.js +904 -0
package/src/kubernetes-resource-gateway.js +48 -0
package/src/model-route-controller.js +364 -0
package/src/notification-controller.js +178 -0
package/src/operations.js +112 -0
package/src/org-scoping.js +5 -0
package/src/resource-model.js +282 -0
package/src/runner-controller.js +272 -0
package/src/runners-ci.js +48 -0
package/src/runtime.js +196 -0
package/src/snapshot-cache.js +157 -0
package/src/virtual-model-controller.js +538 -0
package/src/virtual-model-hook-bridge.js +200 -0
package/src/web-ui.js +40 -0
package/tests/agent-adapter-controller.test.js +361 -0
package/tests/agent-approval-controller.test.js +173 -0
package/tests/agent-context-bundles.test.js +278 -0
package/tests/agent-dispatch-controller.test.js +679 -0
package/tests/agent-gateway-config-controller.test.js +386 -0
package/tests/agent-identity-migration.test.js +87 -0
package/tests/agent-memory-controller.test.js +461 -0
package/tests/agent-memory-import-snapshot.test.js +477 -0
package/tests/agent-memory-query.test.js +404 -0
package/tests/agent-memory-repository-source.test.js +514 -0
package/tests/agent-mux-client.test.js +389 -0
package/tests/agent-mux-integration.test.js +971 -0
package/tests/agent-permission-review-v2.test.js +317 -0
package/tests/agent-permission-review.test.js +209 -0
package/tests/agent-persona-controller.test.js +127 -0
package/tests/agent-project-controller.test.js +302 -0
package/tests/agent-prompt-composition.test.js +76 -0
package/tests/agent-provider-config-controller.test.js +376 -0
package/tests/agent-resources.test.js +303 -0
package/tests/agent-secret-config-grant.test.js +231 -0
package/tests/agent-session-transcript-controller.test.js +499 -0
package/tests/agent-stack-controller.test.js +283 -0
package/tests/agent-subagent-controller.test.js +201 -0
package/tests/agent-transport-binding-controller.test.js +294 -0
package/tests/agent-trigger-controller.test.js +271 -0
package/tests/agent-trigger-routes.test.js +190 -0
package/tests/agent-trigger-sources.test.js +245 -0
package/tests/agent-workspace-controller.test.js +181 -0
package/tests/agent-writeback.test.js +292 -0
package/tests/approval-persistence.test.js +171 -0
package/tests/artifact-registry.test.js +511 -0
package/tests/assistant-runtime.test.js +506 -0
package/tests/async-controller.test.js +252 -0
package/tests/audit-controller.test.js +227 -0
package/tests/codespace-controller.test.js +318 -0
package/tests/controller-client.test.js +133 -0
package/tests/deployment.test.js +527 -0
package/tests/e2e/lifecycle.test.js +120 -0
package/tests/event-bus-integration.test.js +355 -0
package/tests/external-github-forge.test.js +560 -0
package/tests/external-github-issues-cicd.test.js +520 -0
package/tests/external-integration.test.js +470 -0
package/tests/external-persistence.test.js +415 -0
package/tests/external-provider-adapter.test.js +365 -0
package/tests/external-resource-model.test.js +223 -0
package/tests/external-webhook-sync.test.js +287 -0
package/tests/external-write-conflict.test.js +353 -0
package/tests/gitea-service.test.js +253 -0
package/tests/health-check-real.test.js +165 -0
package/tests/health-probes.test.js +90 -0
package/tests/hooks-lifecycle.test.js +364 -0
package/tests/integration/full-flow.test.js +266 -0
package/tests/jitsi-agent-bridge.test.js +119 -0
package/tests/jitsi-helm-integration.test.js +77 -0
package/tests/jitsi-meeting-controller.test.js +170 -0
package/tests/jitsi-resource-model.test.js +73 -0
package/tests/jitsi-sync-controller.test.js +112 -0
package/tests/kradle-inference-service.test.js +689 -0
package/tests/kradle.test.js +779 -0
package/tests/memory-search-wiring.test.js +270 -0
package/tests/model-route-controller.test.js +733 -0
package/tests/notification-controller.test.js +196 -0
package/tests/notification-integration.test.js +179 -0
package/tests/org-scoping.test.js +687 -0
package/tests/runner-controller.test.js +327 -0
package/tests/runner-integration.test.js +231 -0
package/tests/session-cookie-hmac.test.js +151 -0
package/tests/snapshot-performance.test.js +315 -0
package/tests/sse-events.test.js +107 -0
package/tests/virtual-model-controller.test.js +877 -0
package/tests/virtual-model-hook-bridge.test.js +384 -0
package/tests/webhook-trigger.test.js +198 -0
package/tests/workspace-volumes.test.js +312 -0
package/tests/writeback-persistence.test.js +207 -0

package/src/agent-writeback-controller.js ADDED Viewed

@@ -0,0 +1,302 @@
+import { createResource, clone } from './resource-model.js';
+export const AGENT_WRITEBACK_CONTROLLER_BOUNDARY = {
+  role: 'agent-writeback-controller',
+  scope: 'KradleArtifact write pipeline, branch push approval flow, and PR merge with status check enforcement',
+  owns: ['artifact creation', 'artifact listing', 'branch push requests', 'push approval/denial', 'PR merge requests', 'write intent validation', 'write intent status'],
+  delegatesTo: ['resource-model'],
+  mustNotOwn: ['git operations', 'secret values', 'agent execution', 'CI orchestration']
+};
+const VALID_WRITE_TYPES = new Set(['artifact', 'branch-push', 'pr-merge']);
+/**
+ * In-memory store of AgentWriteIntent records (plain objects, not K8s CRDs,
+ * because AgentWriteIntent is not in the canonical resource taxonomy).
+ * Controllers operate statelessly against caller-supplied resources maps;
+ * the write intent shape mirrors what would live in an aggregated store.
+ */
+export function createAgentWritebackController() {
+  return {
+    role: 'agent-writeback-controller',
+    // -----------------------------------------------------------------------
+    // Artifacts
+    // -----------------------------------------------------------------------
+    createArtifact({ name, runRef, contentRef, kind = 'output', namespace = 'default', organizationRef = 'default' }) {
+      if (!runRef) {
+        return { error: true, reason: 'missing-run-ref', message: 'runRef is required to link an artifact to a dispatch run' };
+      }
+      if (!contentRef) {
+        return { error: true, reason: 'missing-content-ref', message: 'contentRef is required to identify the artifact content' };
+      }
+      const now = new Date().toISOString();
+      const artifactName = name || `artifact-${runRef}-${Date.now()}`;
+      const artifact = createResource('KradleArtifact', { name: artifactName, namespace }, {
+        organizationRef,
+        dispatchRun: runRef,
+        kind,
+        digest: contentRef
+      });
+      artifact.status = { phase: 'Available', createdAt: now };
+      return { error: false, artifact };
+    },
+    validateArtifact({ artifact }) {
+      if (!artifact || typeof artifact !== 'object') {
+        return { valid: false, error: true, reason: 'invalid-artifact', message: 'artifact must be an object' };
+      }
+      if (artifact.kind !== 'KradleArtifact') {
+        return { valid: false, error: true, reason: 'wrong-kind', message: `Expected KradleArtifact, got: ${artifact.kind}` };
+      }
+      if (!artifact.spec?.dispatchRun) {
+        return { valid: false, error: true, reason: 'missing-run-ref', message: 'artifact spec.dispatchRun is required' };
+      }
+      if (!artifact.spec?.digest) {
+        return { valid: false, error: true, reason: 'missing-digest', message: 'artifact spec.digest is required' };
+      }
+      return { valid: true, error: false };
+    },
+    listArtifactsForRun({ runRef, resources = {} }) {
+      const artifacts = resources.KradleArtifact || [];
+      return artifacts.filter((a) => a.spec?.dispatchRun === runRef).map(clone);
+    },
+    // -----------------------------------------------------------------------
+    // Branch push approval flow
+    // -----------------------------------------------------------------------
+    requestBranchPush({ runRef, branch, targetRepo, requestedBy, namespace = 'default', organizationRef = 'default' }) {
+      if (!runRef) {
+        return { error: true, reason: 'missing-run-ref', message: 'runRef is required' };
+      }
+      if (!branch) {
+        return { error: true, reason: 'missing-branch', message: 'branch is required' };
+      }
+      if (!targetRepo) {
+        return { error: true, reason: 'missing-target-repo', message: 'targetRepo is required' };
+      }
+      const now = new Date().toISOString();
+      const intentName = `push-${runRef}-${Date.now()}`;
+      const pushRequest = {
+        kind: 'AgentWriteIntent',
+        metadata: { name: intentName, namespace, labels: {}, annotations: {} },
+        spec: { organizationRef, runRef, branch, targetRepo, writeType: 'branch-push', requestedBy: requestedBy || 'unknown', requestedAt: now },
+        status: { approvalStatus: 'pending', phase: 'Pending', createdAt: now }
+      };
+      return { error: false, pushRequest };
+    },
+    approveBranchPush({ intentName, approvedBy, reason, resources = {} }) {
+      if (!intentName) {
+        return { error: true, reason: 'missing-intent-name', message: 'intentName is required' };
+      }
+      if (!approvedBy) {
+        return { error: true, reason: 'missing-approved-by', message: 'approvedBy is required' };
+      }
+      const intents = resources.AgentWriteIntent || [];
+      const intent = intents.find((i) => i.metadata?.name === intentName);
+      if (!intent) {
+        return { error: true, reason: 'not-found', message: `AgentWriteIntent not found: ${intentName}` };
+      }
+      if (intent.status?.approvalStatus !== 'pending') {
+        return { error: true, reason: 'already-decided', message: `AgentWriteIntent ${intentName} has already been decided: ${intent.status?.approvalStatus}` };
+      }
+      const now = new Date().toISOString();
+      const pushRequest = clone(intent);
+      pushRequest.status = {
+        ...pushRequest.status,
+        approvalStatus: 'approved',
+        phase: 'Approved',
+        approvedBy,
+        approvedAt: now,
+        reason: reason || undefined
+      };
+      return { error: false, pushRequest };
+    },
+    denyBranchPush({ intentName, deniedBy, reason, resources = {} }) {
+      if (!intentName) {
+        return { error: true, reason: 'missing-intent-name', message: 'intentName is required' };
+      }
+      if (!deniedBy) {
+        return { error: true, reason: 'missing-denied-by', message: 'deniedBy is required' };
+      }
+      const intents = resources.AgentWriteIntent || [];
+      const intent = intents.find((i) => i.metadata?.name === intentName);
+      if (!intent) {
+        return { error: true, reason: 'not-found', message: `AgentWriteIntent not found: ${intentName}` };
+      }
+      if (intent.status?.approvalStatus !== 'pending') {
+        return { error: true, reason: 'already-decided', message: `AgentWriteIntent ${intentName} has already been decided: ${intent.status?.approvalStatus}` };
+      }
+      const now = new Date().toISOString();
+      const pushRequest = clone(intent);
+      pushRequest.status = {
+        ...pushRequest.status,
+        approvalStatus: 'denied',
+        phase: 'Denied',
+        deniedBy,
+        deniedAt: now,
+        reason: reason || undefined
+      };
+      return { error: false, pushRequest };
+    },
+    // -----------------------------------------------------------------------
+    // PR merge with status check enforcement
+    // -----------------------------------------------------------------------
+    requestPrMerge({ runRef, prRef, statusChecks = [], requestedBy, namespace = 'default', organizationRef = 'default' }) {
+      if (!runRef) {
+        return { error: true, reason: 'missing-run-ref', message: 'runRef is required' };
+      }
+      if (!prRef) {
+        return { error: true, reason: 'missing-pr-ref', message: 'prRef is required' };
+      }
+      // Enforce status check gate — reject if any check is not 'success'
+      const failing = statusChecks.filter((c) => c.state !== 'success');
+      if (failing.length > 0) {
+        const names = failing.map((c) => c.name).join(', ');
+        return { error: true, reason: 'status-checks-failing', message: `The following status checks are not passing: ${names}` };
+      }
+      const now = new Date().toISOString();
+      const intentName = `merge-${runRef}-${Date.now()}`;
+      const mergeRequest = {
+        kind: 'AgentWriteIntent',
+        metadata: { name: intentName, namespace, labels: {}, annotations: {} },
+        spec: { organizationRef, runRef, prRef, writeType: 'pr-merge', statusChecks: clone(statusChecks), requestedBy: requestedBy || 'unknown', requestedAt: now },
+        status: { approvalStatus: 'pending', phase: 'Pending', createdAt: now }
+      };
+      return { error: false, mergeRequest };
+    },
+    // -----------------------------------------------------------------------
+    // Write intent validation & status
+    // -----------------------------------------------------------------------
+    validateWriteIntent({ intent }) {
+      if (!intent || typeof intent !== 'object') {
+        return { valid: false, error: true, reason: 'invalid-intent', message: 'intent must be an object' };
+      }
+      const writeType = intent.spec?.writeType;
+      if (!writeType || !VALID_WRITE_TYPES.has(writeType)) {
+        return { valid: false, error: true, reason: 'invalid-write-type', message: `Unknown write type: ${writeType}. Must be one of: ${[...VALID_WRITE_TYPES].join(', ')}` };
+      }
+      if (!intent.spec?.runRef) {
+        return { valid: false, error: true, reason: 'missing-run-ref', message: 'intent spec.runRef is required' };
+      }
+      return { valid: true, error: false };
+    },
+    getWriteIntentStatus({ intentName, resources = {} }) {
+      if (!intentName) {
+        return { error: true, reason: 'missing-intent-name', message: 'intentName is required' };
+      }
+      const intents = resources.AgentWriteIntent || [];
+      const intent = intents.find((i) => i.metadata?.name === intentName);
+      if (!intent) {
+        return { error: true, reason: 'not-found', message: `AgentWriteIntent not found: ${intentName}` };
+      }
+      return {
+        error: false,
+        intent: clone(intent),
+        approvalStatus: intent.status?.approvalStatus || 'pending',
+        phase: intent.status?.phase || 'Pending',
+        approvedBy: intent.status?.approvedBy || null,
+        deniedBy: intent.status?.deniedBy || null,
+        approvedAt: intent.status?.approvedAt || null,
+        deniedAt: intent.status?.deniedAt || null,
+        reason: intent.status?.reason || null
+      };
+    },
+    // -----------------------------------------------------------------------
+    // B2: Persistence
+    // -----------------------------------------------------------------------
+    async persistWriteIntent({ intent, applyResource }) {
+      if (!intent) {
+        return { error: true, reason: 'missing-intent', message: 'intent is required' };
+      }
+      if (typeof applyResource !== 'function') {
+        return { error: true, reason: 'missing-apply-resource', message: 'applyResource function is required' };
+      }
+      try {
+        const applyResult = await applyResource(intent);
+        return { error: false, intent, applyResult };
+      } catch (err) {
+        return { error: true, reason: 'persist-failed', message: err?.message || 'applyResource failed' };
+      }
+    },
+    // -----------------------------------------------------------------------
+    // B2: Execution pipeline
+    // -----------------------------------------------------------------------
+    async executeWriteIntent({ intent, gateway }) {
+      if (!intent) {
+        return { error: true, reason: 'missing-intent', message: 'intent is required' };
+      }
+      const approvalStatus = intent.status?.approvalStatus;
+      if (approvalStatus !== 'approved') {
+        return { error: true, reason: 'not-approved', message: `WriteIntent is not approved (current status: ${approvalStatus})` };
+      }
+      const writeType = intent.spec?.writeType;
+      try {
+        if (writeType === 'branch-push') {
+          const executionResult = await gateway.pushBranch({
+            branch: intent.spec.branch,
+            targetRepo: intent.spec.targetRepo,
+            runRef: intent.spec.runRef
+          });
+          return { error: false, executionResult };
+        }
+        if (writeType === 'pr-merge') {
+          // Validate status checks before merging
+          const statusChecks = intent.spec?.statusChecks || [];
+          const failing = statusChecks.filter((c) => c.state !== 'success');
+          if (failing.length > 0) {
+            const names = failing.map((c) => c.name).join(', ');
+            return { error: true, reason: 'status-checks-failing', message: `The following status checks are not passing: ${names}` };
+          }
+          const executionResult = await gateway.mergePr({
+            prRef: intent.spec.prRef,
+            runRef: intent.spec.runRef
+          });
+          return { error: false, executionResult };
+        }
+        return { error: true, reason: 'unsupported-write-type', message: `Execution not supported for writeType: ${writeType}` };
+      } catch (err) {
+        return { error: true, reason: 'execution-failed', message: err?.message || 'Gateway execution failed' };
+      }
+    }
+  };
+}