npm - @a5c-ai/krate - Versions diffs - 5.0.1-staging.00fa5317c - Mend

@a5c-ai/krate 5.0.1-staging.00fa5317c

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (256) hide show

package/Dockerfile +31 -0
package/README.md +183 -0
package/bin/krate-demo.mjs +23 -0
package/bin/krate-server.mjs +14 -0
package/dist/krate-controller-ui.json +3205 -0
package/dist/krate-lifecycle.json +201 -0
package/dist/krate-runtime-snapshot.json +3125 -0
package/dist/krate-summary.json +724 -0
package/docs/README.md +61 -0
package/docs/agents/README.md +83 -0
package/docs/agents/acceptance-test-matrix.md +193 -0
package/docs/agents/agent-mux-adapter-contract.md +167 -0
package/docs/agents/agent-mux-source-map.md +310 -0
package/docs/agents/agent-run-memory-import-spec.md +256 -0
package/docs/agents/agent-stack-management-spec.md +421 -0
package/docs/agents/api-contract-spec.md +309 -0
package/docs/agents/artifacts-writeback-spec.md +145 -0
package/docs/agents/chart-packaging-spec.md +128 -0
package/docs/agents/ci-orchestration-spec.md +140 -0
package/docs/agents/context-assembly-spec.md +219 -0
package/docs/agents/controller-reconciliation-spec.md +255 -0
package/docs/agents/crd-schema-spec.md +315 -0
package/docs/agents/decision-log-open-questions.md +169 -0
package/docs/agents/developer-implementation-checklist.md +329 -0
package/docs/agents/dispatching-design.md +262 -0
package/docs/agents/gaps-agent-mux-to-krate-crds.md +298 -0
package/docs/agents/glossary.md +66 -0
package/docs/agents/implementation-blueprint.md +324 -0
package/docs/agents/implementation-rollout-slices.md +251 -0
package/docs/agents/memory-context-integration-spec.md +194 -0
package/docs/agents/memory-ontology-schema-spec.md +253 -0
package/docs/agents/memory-operations-runbook.md +121 -0
package/docs/agents/mvp-vertical-slice-spec.md +146 -0
package/docs/agents/observability-audit-spec.md +265 -0
package/docs/agents/operator-runbook.md +174 -0
package/docs/agents/org-memory-api-payload-examples.md +333 -0
package/docs/agents/org-memory-controller-sequence-spec.md +181 -0
package/docs/agents/org-memory-e2e-fixture-plan.md +161 -0
package/docs/agents/org-memory-ui-implementation-map.md +114 -0
package/docs/agents/org-memory-vertical-slice-spec.md +168 -0
package/docs/agents/org-resource-model-delta-spec.md +111 -0
package/docs/agents/org-route-resource-model-spec.md +183 -0
package/docs/agents/org-scoping-namespace-spec.md +114 -0
package/docs/agents/rbac-secrets-management-spec.md +406 -0
package/docs/agents/repository-page-integration-spec.md +255 -0
package/docs/agents/resource-contract-examples.md +808 -0
package/docs/agents/resource-relationship-map.md +190 -0
package/docs/agents/security-threat-model.md +188 -0
package/docs/agents/shared-memory-company-brain-spec.md +358 -0
package/docs/agents/storage-migration-spec.md +168 -0
package/docs/agents/subagent-orchestration-spec.md +152 -0
package/docs/agents/system-overview.md +88 -0
package/docs/agents/tools-mcp-skills-spec.md +189 -0
package/docs/agents/traceability-matrix.md +79 -0
package/docs/agents/ui-flow-spec.md +211 -0
package/docs/agents/ui-ux-system-spec.md +426 -0
package/docs/agents/workspace-lifecycle-spec.md +166 -0
package/docs/architecture-spec.md +78 -0
package/docs/components/control-plane.md +78 -0
package/docs/components/data-plane.md +69 -0
package/docs/components/hooks-events.md +67 -0
package/docs/components/identity-rbac-policy.md +73 -0
package/docs/components/kubevela-oam.md +70 -0
package/docs/components/operations-publishing.md +81 -0
package/docs/components/runners-ci.md +66 -0
package/docs/components/web-ui.md +94 -0
package/docs/external/README.md +47 -0
package/docs/external/bidirectional-sync-design.md +134 -0
package/docs/external/cicd-interface.md +64 -0
package/docs/external/external-backend-controllers.md +170 -0
package/docs/external/external-backend-crds.md +234 -0
package/docs/external/external-backend-ui-spec.md +151 -0
package/docs/external/external-backend-ux-flows.md +115 -0
package/docs/external/external-object-mapping.md +125 -0
package/docs/external/git-forge-interface.md +68 -0
package/docs/external/github-integration-design.md +151 -0
package/docs/external/issue-tracking-interface.md +66 -0
package/docs/external/provider-capability-manifests.md +204 -0
package/docs/external/provider-catalog.md +139 -0
package/docs/external/provider-rollout-testing.md +78 -0
package/docs/external/research-results.md +48 -0
package/docs/external/security-auth-permissions.md +81 -0
package/docs/external/sync-state-machines.md +108 -0
package/docs/external/unified-external-backend-model.md +107 -0
package/docs/external/user-facing-changes.md +67 -0
package/docs/gaps.md +161 -0
package/docs/install.md +94 -0
package/docs/krate-design.md +334 -0
package/docs/local-minikube.md +55 -0
package/docs/ontology/README.md +32 -0
package/docs/ontology/bounded-contexts.md +29 -0
package/docs/ontology/events-and-hooks.md +32 -0
package/docs/ontology/oam-kubevela.md +32 -0
package/docs/ontology/operations-and-release.md +25 -0
package/docs/ontology/personas-and-actors.md +32 -0
package/docs/ontology/policies-and-invariants.md +33 -0
package/docs/ontology/problem-space.md +30 -0
package/docs/ontology/resource-contracts.md +40 -0
package/docs/ontology/resource-taxonomy.md +42 -0
package/docs/ontology/runners-and-ci.md +29 -0
package/docs/ontology/solution-space.md +24 -0
package/docs/ontology/storage-and-data-boundaries.md +29 -0
package/docs/ontology/validation-matrix.md +24 -0
package/docs/ontology/web-ui-excellent-flows.md +32 -0
package/docs/ontology/workflows.md +39 -0
package/docs/ontology/world.md +35 -0
package/docs/openapi.yaml +1275 -0
package/docs/product-requirements.md +62 -0
package/docs/roadmap-mvp.md +87 -0
package/docs/system-requirements.md +90 -0
package/docs/tests/README.md +53 -0
package/docs/tests/agent-qa-plan.md +63 -0
package/docs/tests/browser-ui-tests.md +62 -0
package/docs/tests/ci-quality-gates.md +48 -0
package/docs/tests/coverage-model.md +64 -0
package/docs/tests/e2e-scenario-tests.md +53 -0
package/docs/tests/fixtures-test-data.md +63 -0
package/docs/tests/observability-reliability-tests.md +54 -0
package/docs/tests/product-test-matrix.md +145 -0
package/docs/tests/qa-adoption-roadmap.md +130 -0
package/docs/tests/qa-automation-plan.md +101 -0
package/docs/tests/security-compliance-tests.md +57 -0
package/docs/tests/test-framework-tools.md +88 -0
package/docs/tests/test-suite-layout.md +121 -0
package/docs/tests/unit-integration-tests.md +48 -0
package/docs/todo-kyverno +714 -0
package/docs/todos.md +4 -0
package/docs/user-stories.md +78 -0
package/examples/minikube-demo.yaml +190 -0
package/examples/oam-application.yaml +23 -0
package/examples/policy-kyverno-pr-title.yaml +18 -0
package/package.json +63 -0
package/scripts/build.mjs +29 -0
package/scripts/setup-minikube.mjs +65 -0
package/scripts/smoke.mjs +37 -0
package/scripts/validate-doc-coverage.mjs +152 -0
package/scripts/validate-package.mjs +93 -0
package/scripts/validate-ui.mjs +278 -0
package/src/agent-adapter-controller.js +169 -0
package/src/agent-approval-controller.js +170 -0
package/src/agent-context-bundles.js +242 -0
package/src/agent-dispatch-controller.js +209 -0
package/src/agent-gateway-config-controller.js +147 -0
package/src/agent-memory-controller.js +357 -0
package/src/agent-memory-import.js +327 -0
package/src/agent-memory-query.js +292 -0
package/src/agent-memory-repository-source-controller.js +255 -0
package/src/agent-mux-client.js +280 -0
package/src/agent-permission-review.js +250 -0
package/src/agent-project-controller.js +117 -0
package/src/agent-provider-config-controller.js +150 -0
package/src/agent-secret-config-grant-controller.js +282 -0
package/src/agent-session-transcript-controller.js +189 -0
package/src/agent-stack-controller.js +347 -0
package/src/agent-subagent-controller.js +160 -0
package/src/agent-transport-binding-controller.js +121 -0
package/src/agent-trigger-controller.js +381 -0
package/src/agent-workspace-controller.js +702 -0
package/src/agent-writeback-controller.js +302 -0
package/src/api-controller.js +541 -0
package/src/argocd-gitops.js +43 -0
package/src/async-controller.js +207 -0
package/src/audit-controller.js +191 -0
package/src/auth.js +307 -0
package/src/component-catalog.js +41 -0
package/src/control-plane.js +136 -0
package/src/controller-client.js +72 -0
package/src/controller-ui.js +617 -0
package/src/data-plane.js +179 -0
package/src/event-bus.js +61 -0
package/src/external/conflict-controller.js +225 -0
package/src/external/github/auth.js +96 -0
package/src/external/github/cicd.js +180 -0
package/src/external/github/git-forge.js +240 -0
package/src/external/github/index.js +144 -0
package/src/external/github/issue-tracking.js +163 -0
package/src/external/provider-adapter.js +161 -0
package/src/external/provider-resource-factory.js +161 -0
package/src/external/sync-controller.js +235 -0
package/src/external/webhook-controller.js +144 -0
package/src/external/write-controller.js +283 -0
package/src/gitea-backend.js +131 -0
package/src/gitea-service.js +173 -0
package/src/handoff.js +98 -0
package/src/hooks-events.js +63 -0
package/src/http-server.js +377 -0
package/src/identity-policy.js +86 -0
package/src/index.js +57 -0
package/src/kubernetes-controller-async.js +511 -0
package/src/kubernetes-controller.js +878 -0
package/src/kubernetes-resource-gateway.js +48 -0
package/src/notification-controller.js +178 -0
package/src/operations.js +112 -0
package/src/org-scoping.js +5 -0
package/src/resource-model.js +221 -0
package/src/runner-controller.js +272 -0
package/src/runners-ci.js +48 -0
package/src/runtime.js +196 -0
package/src/snapshot-cache.js +157 -0
package/src/web-ui.js +40 -0
package/tests/agent-adapter-controller.test.js +361 -0
package/tests/agent-approval-controller.test.js +173 -0
package/tests/agent-context-bundles.test.js +278 -0
package/tests/agent-dispatch-controller.test.js +315 -0
package/tests/agent-gateway-config-controller.test.js +386 -0
package/tests/agent-memory-controller.test.js +308 -0
package/tests/agent-memory-import-snapshot.test.js +477 -0
package/tests/agent-memory-query.test.js +404 -0
package/tests/agent-memory-repository-source.test.js +514 -0
package/tests/agent-mux-client.test.js +204 -0
package/tests/agent-permission-review-v2.test.js +317 -0
package/tests/agent-permission-review.test.js +209 -0
package/tests/agent-project-controller.test.js +302 -0
package/tests/agent-provider-config-controller.test.js +376 -0
package/tests/agent-resources.test.js +228 -0
package/tests/agent-secret-config-grant.test.js +231 -0
package/tests/agent-session-transcript-controller.test.js +499 -0
package/tests/agent-stack-controller.test.js +221 -0
package/tests/agent-subagent-controller.test.js +201 -0
package/tests/agent-transport-binding-controller.test.js +294 -0
package/tests/agent-trigger-controller.test.js +211 -0
package/tests/agent-trigger-routes.test.js +190 -0
package/tests/agent-trigger-sources.test.js +245 -0
package/tests/agent-workspace-controller.test.js +181 -0
package/tests/agent-writeback.test.js +292 -0
package/tests/approval-persistence.test.js +171 -0
package/tests/async-controller.test.js +252 -0
package/tests/audit-controller.test.js +227 -0
package/tests/codespace-controller.test.js +318 -0
package/tests/deployment.test.js +407 -0
package/tests/e2e/lifecycle.test.js +117 -0
package/tests/event-bus-integration.test.js +190 -0
package/tests/external-github-forge.test.js +560 -0
package/tests/external-github-issues-cicd.test.js +520 -0
package/tests/external-integration.test.js +470 -0
package/tests/external-persistence.test.js +340 -0
package/tests/external-provider-adapter.test.js +365 -0
package/tests/external-resource-model.test.js +215 -0
package/tests/external-webhook-sync.test.js +287 -0
package/tests/external-write-conflict.test.js +353 -0
package/tests/gitea-service.test.js +253 -0
package/tests/health-check-real.test.js +165 -0
package/tests/integration/full-flow.test.js +266 -0
package/tests/krate.test.js +756 -0
package/tests/memory-search-wiring.test.js +270 -0
package/tests/notification-controller.test.js +196 -0
package/tests/notification-integration.test.js +179 -0
package/tests/org-scoping.test.js +687 -0
package/tests/runner-controller.test.js +327 -0
package/tests/runner-integration.test.js +231 -0
package/tests/session-cookie-hmac.test.js +151 -0
package/tests/snapshot-performance.test.js +247 -0
package/tests/sse-events.test.js +107 -0
package/tests/webhook-trigger.test.js +198 -0
package/tests/workspace-volumes.test.js +312 -0
package/tests/writeback-persistence.test.js +207 -0

package/tests/agent-memory-controller.test.js ADDED Viewed

@@ -0,0 +1,308 @@
+import assert from 'node:assert/strict';
+import test from 'node:test';
+import { createAgentMemoryController } from '../src/agent-memory-controller.js';
+function makeRecords() {
+  return [
+    {
+      id: 'service/auth-api',
+      nodeKind: 'Service',
+      attributes: { name: 'auth-api', language: 'typescript', team: 'platform' },
+      edges: [
+        { target: 'service/user-db', kind: 'depends-on' },
+        { target: 'team/platform', kind: 'owned-by' },
+      ],
+    },
+    {
+      id: 'service/user-db',
+      nodeKind: 'Service',
+      attributes: { name: 'user-db', language: 'go', team: 'data' },
+      edges: [
+        { target: 'infra/postgres-cluster', kind: 'depends-on' },
+      ],
+    },
+    {
+      id: 'team/platform',
+      nodeKind: 'Team',
+      attributes: { name: 'platform', lead: 'alice' },
+      edges: [],
+    },
+    {
+      id: 'infra/postgres-cluster',
+      nodeKind: 'Infrastructure',
+      attributes: { name: 'postgres-cluster', provider: 'aws' },
+      edges: [],
+    },
+    {
+      id: 'runbook/deploy-auth',
+      nodeKind: 'Runbook',
+      attributes: { name: 'deploy-auth', service: 'auth-api' },
+      edges: [
+        { target: 'service/auth-api', kind: 'references' },
+      ],
+    },
+  ];
+}
+function makeDocuments() {
+  return [
+    { path: 'docs/architecture.md', content: 'The auth-api service handles authentication.\nIt uses JWT tokens for session management.\nThe service connects to user-db for persistence.' },
+    { path: 'docs/runbooks/deploy.md', content: 'Step 1: Run the deploy script.\nStep 2: Verify health checks.\nStep 3: Monitor error rates.' },
+    { path: 'src/auth/handler.ts', content: 'export function handleAuth(req) {\n  const token = req.headers.authorization;\n  return validateToken(token);\n}' },
+    { path: 'configs/prod.yaml', content: 'database:\n  host: prod-db.internal\n  port: 5432\n  password: [redacted]' },
+  ];
+}
+test('createMemorySnapshot creates valid resource with digests', () => {
+  const controller = createAgentMemoryController();
+  const records = makeRecords();
+  const documents = makeDocuments();
+  const snapshot = controller.createMemorySnapshot({
+    memoryRepository: 'company-brain',
+    requestedRef: 'main',
+    resolvedCommit: 'abc123def456',
+    queryManifest: { include: ['Service', 'Team'] },
+    selectedRecords: records,
+    selectedDocuments: documents,
+    ontologyDigest: 'onto-digest-1',
+    namespace: 'krate-org-default',
+    organizationRef: 'acme',
+  });
+  assert.equal(snapshot.kind, 'AgentMemorySnapshot');
+  assert.ok(snapshot.metadata.name.startsWith('memsnapshot-'));
+  assert.equal(snapshot.spec.memoryRepository, 'company-brain');
+  assert.equal(snapshot.spec.requestedRef, 'main');
+  assert.equal(snapshot.spec.resolvedCommit, 'abc123def456');
+  assert.ok(snapshot.spec.queryManifestDigest, 'Should have queryManifestDigest');
+  assert.ok(snapshot.spec.selectedRecordsDigest, 'Should have selectedRecordsDigest');
+  assert.ok(snapshot.spec.selectedDocumentsDigest, 'Should have selectedDocumentsDigest');
+  assert.equal(snapshot.spec.ontologyDigest, 'onto-digest-1');
+  assert.equal(snapshot.spec.recordCount, records.length);
+  assert.equal(snapshot.spec.documentCount, documents.length);
+  assert.equal(snapshot.status.phase, 'Pinned');
+});
+test('searchGraph filters by node kind', () => {
+  const controller = createAgentMemoryController();
+  const records = makeRecords();
+  const result = controller.searchGraph({ records, kinds: ['Service'], query: '' });
+  assert.equal(result.totalMatches, 2, 'Should match exactly 2 Service records');
+  assert.ok(result.matches.every(m => m.record.nodeKind === 'Service'));
+});
+test('searchGraph matches query text', () => {
+  const controller = createAgentMemoryController();
+  const records = makeRecords();
+  const result = controller.searchGraph({ records, kinds: [], query: 'auth' });
+  assert.ok(result.totalMatches >= 1, 'Should match at least auth-api');
+  const authMatch = result.matches.find(m => m.record.id === 'service/auth-api');
+  assert.ok(authMatch, 'Should include auth-api in matches');
+  assert.equal(authMatch.score, 2, 'ID match should score 2');
+});
+test('searchGraph respects edgeDepth', () => {
+  const controller = createAgentMemoryController();
+  const records = makeRecords();
+  // edgeDepth=1: from auth-api should reach user-db and team/platform but NOT postgres-cluster
+  const depth1 = controller.searchGraph({ records, kinds: ['Service'], query: 'auth-api', edgeDepth: 1 });
+  const authMatch1 = depth1.matches.find(m => m.record.id === 'service/auth-api');
+  assert.ok(authMatch1, 'Should find auth-api');
+  const depth1Targets = authMatch1.edges.map(e => e.target);
+  assert.ok(depth1Targets.includes('service/user-db'), 'Depth 1 should include user-db');
+  assert.ok(!depth1Targets.includes('infra/postgres-cluster'), 'Depth 1 should NOT include postgres-cluster');
+  // edgeDepth=2: should also reach postgres-cluster
+  const depth2 = controller.searchGraph({ records, kinds: ['Service'], query: 'auth-api', edgeDepth: 2 });
+  const authMatch2 = depth2.matches.find(m => m.record.id === 'service/auth-api');
+  const depth2Targets = authMatch2.edges.map(e => e.target);
+  assert.ok(depth2Targets.includes('infra/postgres-cluster'), 'Depth 2 should include postgres-cluster');
+});
+test('searchGrep finds pattern matches', () => {
+  const controller = createAgentMemoryController();
+  const documents = makeDocuments();
+  const result = controller.searchGrep({ documents, pattern: 'auth', maxMatches: 25 });
+  assert.ok(result.totalMatches >= 1, 'Should find auth pattern');
+  assert.ok(result.excerpts.some(e => e.path === 'docs/architecture.md'), 'Should match in architecture.md');
+  assert.ok(result.excerpts.every(e => e.lineNumber > 0), 'Every excerpt should have a lineNumber');
+  assert.ok(result.excerpts.every(e => typeof e.context === 'string'), 'Every excerpt should have context');
+});
+test('searchGrep caps at maxMatches', () => {
+  const controller = createAgentMemoryController();
+  const documents = makeDocuments();
+  const result = controller.searchGrep({ documents, pattern: 'the', maxMatches: 2 });
+  assert.ok(result.totalMatches <= 2, 'Should not exceed maxMatches');
+  assert.ok(result.excerpts.length <= 2, 'Excerpts length should not exceed maxMatches');
+});
+test('searchGrep filters by path patterns', () => {
+  const controller = createAgentMemoryController();
+  const documents = makeDocuments();
+  const result = controller.searchGrep({ documents, paths: ['docs/*'], pattern: 'deploy' });
+  assert.ok(result.totalMatches >= 1, 'Should find deploy in docs');
+  assert.ok(result.excerpts.every(e => e.path.startsWith('docs/')), 'All matches should be in docs/');
+});
+test('resolveTimeTravel mode=current returns latest commit', () => {
+  const controller = createAgentMemoryController();
+  const commits = [
+    { sha: 'latest-sha', timestamp: '2026-05-10T10:00:00Z' },
+    { sha: 'older-sha', timestamp: '2026-05-09T10:00:00Z' },
+  ];
+  const result = controller.resolveTimeTravel({ mode: 'current', commits });
+  assert.equal(result.resolvedCommit, 'latest-sha');
+  assert.equal(result.mode, 'current');
+  assert.ok(result.resolvedAt);
+});
+test('resolveTimeTravel mode=ref-at-time finds correct commit', () => {
+  const controller = createAgentMemoryController();
+  const commits = [
+    { sha: 'c3', timestamp: '2026-05-10T10:00:00Z' },
+    { sha: 'c2', timestamp: '2026-05-08T10:00:00Z' },
+    { sha: 'c1', timestamp: '2026-05-05T10:00:00Z' },
+  ];
+  const result = controller.resolveTimeTravel({
+    mode: 'ref-at-time',
+    requestedTime: '2026-05-09T00:00:00Z',
+    commits,
+  });
+  assert.equal(result.resolvedCommit, 'c2', 'Should resolve to c2 (latest before requested time)');
+  assert.equal(result.mode, 'ref-at-time');
+  assert.ok(result.staleBy !== null, 'staleBy should be set');
+});
+test('scanForRedaction catches API keys', () => {
+  const controller = createAgentMemoryController();
+  const content = 'API_KEY = sk-test1234567890abcdefghij\nSome normal text\nSECRET_KEY=my-super-secret-value';
+  const result = controller.scanForRedaction(content);
+  assert.equal(result.clean, false, 'Content should not be clean');
+  assert.ok(result.redactionCount > 0, 'Should have redactions');
+  assert.ok(result.redactionsByKind['secret-key'] > 0, 'Should catch secret-key pattern');
+  assert.ok(result.redactedContent.includes('[REDACTED:'), 'Redacted content should have markers');
+  assert.ok(!result.redactedContent.includes('my-super-secret-value'), 'Secret should be redacted');
+});
+test('scanForRedaction catches provider tokens', () => {
+  const controller = createAgentMemoryController();
+  const content = 'token: ghp_abcdefghijklmnopqrstuvwxyz1234567890\nslack: xoxb-123-456-abcdefghij';
+  const result = controller.scanForRedaction(content);
+  assert.equal(result.clean, false);
+  assert.ok(result.redactionsByKind['provider-token'] > 0, 'Should catch provider-token pattern');
+});
+test('validateOntology catches missing required fields', () => {
+  const controller = createAgentMemoryController();
+  const records = [
+    { id: 'svc/a', nodeKind: 'Service', attributes: { name: 'a' }, edges: [] },
+    { id: 'svc/b', nodeKind: 'Service', attributes: { name: 'b', language: 'go' }, edges: [] },
+  ];
+  const ontology = {
+    requiredFields: { Service: ['name', 'language', 'team'] },
+    allowedEdgeKinds: ['depends-on', 'owned-by'],
+  };
+  const result = controller.validateOntology({ records, ontology });
+  assert.equal(result.valid, false, 'Should be invalid due to missing fields');
+  assert.ok(result.errors.length >= 2, 'Should have errors for missing language and team on svc/a, and team on svc/b');
+  const missingLang = result.errors.find(e => e.record === 'svc/a' && e.field === 'language');
+  assert.ok(missingLang, 'Should report missing language on svc/a');
+  const missingTeam = result.errors.find(e => e.record === 'svc/a' && e.field === 'team');
+  assert.ok(missingTeam, 'Should report missing team on svc/a');
+});
+test('validateOntology passes valid records', () => {
+  const controller = createAgentMemoryController();
+  const records = [
+    { id: 'svc/a', nodeKind: 'Service', attributes: { name: 'a', language: 'ts' }, edges: [{ target: 'svc/b', kind: 'depends-on' }] },
+    { id: 'svc/b', nodeKind: 'Service', attributes: { name: 'b', language: 'go' }, edges: [] },
+  ];
+  const ontology = {
+    requiredFields: { Service: ['name', 'language'] },
+    allowedEdgeKinds: ['depends-on', 'owned-by'],
+  };
+  const result = controller.validateOntology({ records, ontology });
+  assert.equal(result.valid, true, 'Should be valid');
+  assert.equal(result.errors.length, 0);
+});
+test('createImport sets phase=Pending', () => {
+  const controller = createAgentMemoryController();
+  const importResource = controller.createImport({
+    organizationRef: 'acme',
+    memoryRepository: 'company-brain',
+    source: 'babysitter-run/run-123',
+    include: { kinds: ['decision', 'learning'] },
+    validationPolicy: 'strict',
+    namespace: 'krate-org-default',
+  });
+  assert.equal(importResource.kind, 'AgentRunMemoryImport');
+  assert.ok(importResource.metadata.name.startsWith('memimport-'));
+  assert.equal(importResource.status.phase, 'Pending');
+  assert.equal(importResource.spec.memoryRepository, 'company-brain');
+  assert.equal(importResource.spec.source, 'babysitter-run/run-123');
+  assert.equal(importResource.spec.validationPolicy, 'strict');
+});
+test('processImport advances phases', () => {
+  const controller = createAgentMemoryController();
+  let importResource = controller.createImport({
+    organizationRef: 'acme',
+    memoryRepository: 'company-brain',
+    source: 'run-1',
+    include: { kinds: ['all'] },
+    namespace: 'krate-org-default',
+  });
+  assert.equal(importResource.status.phase, 'Pending');
+  // Pending -> Collecting
+  importResource = controller.processImport({ importResource, content: 'some content' });
+  assert.equal(importResource.status.phase, 'Collecting');
+  // Collecting -> Redacting (triggers scanForRedaction)
+  importResource = controller.processImport({ importResource, content: 'API_KEY=secret123' });
+  assert.equal(importResource.status.phase, 'Redacting');
+  assert.ok(importResource.status.redactionScan, 'Should have redaction scan result');
+  assert.equal(importResource.status.redactionScan.clean, false, 'Should detect secret');
+  // Redacting -> Normalizing
+  importResource = controller.processImport({ importResource, content: 'normalized' });
+  assert.equal(importResource.status.phase, 'Normalizing');
+  // Normalizing -> Validating
+  importResource = controller.processImport({ importResource, content: 'validated' });
+  assert.equal(importResource.status.phase, 'Validating');
+  // Validating -> AwaitingReview
+  importResource = controller.processImport({ importResource, content: '' });
+  assert.equal(importResource.status.phase, 'AwaitingReview');
+});