@a5c-ai/krate 5.0.1-staging.04a3db697

package/src/gitea-backend.js

@@ -0,0 +1,95 @@
+export function createGiteaBackend({ baseUrl = 'http://krate-gitea-http:3000', token, fetchImpl = globalThis.fetch } = {}) {
+  if (!fetchImpl) throw new Error('Gitea backend requires a fetch implementation');
+  const root = baseUrl.replace(/\/$/, '');
+
+  async function request(method, path, body) {
+    const response = await fetchImpl(`${root}/api/v1${path}`, {
+      method,
+      headers: {
+        Accept: 'application/json',
+        'Content-Type': 'application/json',
+        ...(token ? { Authorization: `token ${token}` } : {})
+      },
+      ...(body === undefined ? {} : { body: JSON.stringify(body) })
+    });
+    if (!response.ok) throw new Error(`Gitea ${method} ${path} failed with ${response.status}`);
+    return response.status === 204 ? null : response.json();
+  }
+
+  return {
+    role: 'gitea-backend',
+    baseUrl: root,
+    createOrganization({ name, fullName = name, description = '', visibility = 'private' }) {
+      return request('POST', '/orgs', { username: name, full_name: fullName, description, visibility });
+    },
+    createUser({ username, email, fullName = username, password, mustChangePassword = true }) {
+      return request('POST', '/admin/users', { username, email, full_name: fullName, password, must_change_password: mustChangePassword });
+    },
+    editUser({ username, email, fullName, active = true, admin = false }) {
+      return request('PATCH', `/admin/users/${encodeURIComponent(username)}`, { email, full_name: fullName, active, admin });
+    },
+    addUserSshKey({ title, key, readOnly = false }) {
+      return request('POST', '/user/keys', { title, key, read_only: readOnly });
+    },
+    createRepository({ owner, name, private: isPrivate = true, defaultBranch = 'main', description = '' }) {
+      const path = owner ? `/orgs/${encodeURIComponent(owner)}/repos` : '/user/repos';
+      return request('POST', path, { name, private: isPrivate, default_branch: defaultBranch, description, auto_init: false });
+    },
+    addDeployKey({ owner, repo, title, key, readOnly = true }) {
+      return request('POST', `/repos/${encodeURIComponent(owner)}/${encodeURIComponent(repo)}/keys`, { title, key, read_only: readOnly });
+    },
+    addCollaborator({ owner, repo, username, permission = 'read' }) {
+      return request('PUT', `/repos/${encodeURIComponent(owner)}/${encodeURIComponent(repo)}/collaborators/${encodeURIComponent(username)}`, { permission });
+    },
+    addTeamRepository({ org, team, repo, owner = org, permission = 'read' }) {
+      return request('PUT', `/teams/${encodeURIComponent(team)}/repos/${encodeURIComponent(owner)}/${encodeURIComponent(repo)}`, { permission });
+    },
+    createTeam({ org, name, permission = 'read', units = ['repo.code', 'repo.pulls', 'repo.issues'] }) {
+      return request('POST', `/orgs/${encodeURIComponent(org)}/teams`, { name, permission, units });
+    },
+    addTeamMember({ team, username }) {
+      return request('PUT', `/teams/${encodeURIComponent(team)}/members/${encodeURIComponent(username)}`);
+    },
+    protectBranch({ owner, repo, branch = 'main', approvals = 1, statusChecks = [] }) {
+      return request('POST', `/repos/${encodeURIComponent(owner)}/${encodeURIComponent(repo)}/branch_protections`, {
+        branch_name: branch,
+        enable_push: false,
+        enable_push_whitelist: true,
+        required_approvals: approvals,
+        enable_status_check: statusChecks.length > 0,
+        status_check_contexts: statusChecks
+      });
+    },
+    createIssue({ owner, repo, title, body = '', labels = [], assignees = [] }) {
+      return request('POST', `/repos/${encodeURIComponent(owner)}/${encodeURIComponent(repo)}/issues`, { title, body, labels, assignees });
+    },
+    createPullRequest({ owner, repo, title, head, base = 'main', body = '' }) {
+      return request('POST', `/repos/${encodeURIComponent(owner)}/${encodeURIComponent(repo)}/pulls`, { title, head, base, body });
+    },
+    createWebhook({ owner, repo, url, events = ['push', 'pull_request'], secret }) {
+      return request('POST', `/repos/${encodeURIComponent(owner)}/${encodeURIComponent(repo)}/hooks`, {
+        type: 'gitea',
+        active: true,
+        events,
+        config: { url, content_type: 'json', ...(secret ? { secret } : {}) }
+      });
+    }
+  };
+}
+
+export function giteaRepositoryIntegrationPlan({ owner, repo, deployKeyTitle = 'krate-gitops', permission = 'write', branch = 'main', webhookUrl }) {
+  return {
+    backend: 'gitea',
+    operations: [
+      { action: 'createOrganization', owner },
+      { action: 'createRepository', owner, repo },
+      { action: 'ensureUserMappings', owner },
+      { action: 'addDeployKey', owner, repo, title: deployKeyTitle, readOnly: false },
+      { action: 'addUserSshKey', owner, repo, title: 'developer key' },
+      { action: 'addCollaborator', owner, repo, permission },
+      { action: 'addTeamRepository', owner, repo, team: 'maintainers', permission: 'admin' },
+      { action: 'protectBranch', owner, repo, branch },
+      { action: 'createWebhook', owner, repo, url: webhookUrl }
+    ]
+  };
+}

package/src/gitea-service.js

@@ -0,0 +1,173 @@
+import { createGiteaBackend } from './gitea-backend.js';
+
+/**
+ * Gitea service layer that wraps gitea-backend.js for repo code-browsing operations.
+ *
+ * Returns null when Gitea is not configured so call-sites can fall back to mock data.
+ *
+ * @param {{ giteaUrl?: string, token?: string, fetchImpl?: Function }} [options]
+ * @returns {GiteaService|null}
+ */
+export function createGiteaService(options = {}) {
+  const giteaUrl = options.giteaUrl || process.env.KRATE_GITEA_HTTP_URL;
+  if (!giteaUrl) return null; // Gitea not configured — callers must fall back
+
+  const backend = createGiteaBackend({
+    baseUrl: giteaUrl,
+    token: options.token || process.env.KRATE_GITEA_TOKEN,
+    fetchImpl: options.fetchImpl || globalThis.fetch,
+  });
+
+  // Low-level fetch helper that bypasses the backend's opinionated error handling
+  // so service methods can gracefully return null on 404 rather than throwing.
+  const root = giteaUrl.replace(/\/$/, '');
+  const fetchImpl = options.fetchImpl || globalThis.fetch;
+  const token = options.token || process.env.KRATE_GITEA_TOKEN;
+
+  async function rawRequest(path) {
+    if (!fetchImpl) throw new Error('Gitea service requires a fetch implementation');
+    const response = await fetchImpl(`${root}/api/v1${path}`, {
+      method: 'GET',
+      headers: {
+        Accept: 'application/json',
+        ...(token ? { Authorization: `token ${token}` } : {}),
+      },
+    });
+    if (response.status === 404) return null;
+    if (!response.ok) {
+      throw new Error(`Gitea GET ${path} failed with ${response.status}`);
+    }
+    return response.json();
+  }
+
+  async function rawRawRequest(path) {
+    if (!fetchImpl) throw new Error('Gitea service requires a fetch implementation');
+    const response = await fetchImpl(`${root}/api/v1${path}`, {
+      method: 'GET',
+      headers: {
+        Accept: 'text/plain',
+        ...(token ? { Authorization: `token ${token}` } : {}),
+      },
+    });
+    if (response.status === 404) return null;
+    if (!response.ok) {
+      throw new Error(`Gitea GET ${path} failed with ${response.status}`);
+    }
+    return response.text();
+  }
+
+  return {
+    available: true,
+    baseUrl: root,
+
+    /**
+     * List tree entries for a repository path at a given ref.
+     * Uses GET /api/v1/repos/{owner}/{repo}/contents/{path}?ref={ref}
+     *
+     * @param {string} org
+     * @param {string} repo
+     * @param {string} ref  — branch name, tag, or commit SHA
+     * @param {string} [path='']
+     * @returns {Promise<Array<{path:string,type:'blob'|'tree',size:number}>|null>}
+     */
+    async listTree(org, repo, ref, path = '') {
+      const encodedPath = path ? encodeURIComponent(path).replace(/%2F/g, '/') : '';
+      const apiPath = `/repos/${encodeURIComponent(org)}/${encodeURIComponent(repo)}/contents/${encodedPath}?ref=${encodeURIComponent(ref)}`;
+      const data = await rawRequest(apiPath);
+      if (data === null) return null;
+
+      // Gitea returns an array for directories, an object for files
+      const entries = Array.isArray(data) ? data : [data];
+      return entries.map((entry) => ({
+        path: entry.path || entry.name,
+        type: entry.type === 'dir' ? 'tree' : 'blob',
+        size: entry.size || 0,
+        sha: entry.sha,
+        name: entry.name,
+      }));
+    },
+
+    /**
+     * Get the raw text content of a file.
+     * Uses GET /api/v1/repos/{owner}/{repo}/raw/{filepath}?ref={ref}
+     *
+     * @param {string} org
+     * @param {string} repo
+     * @param {string} ref
+     * @param {string} path
+     * @returns {Promise<string|null>}
+     */
+    async getBlob(org, repo, ref, path) {
+      const encodedPath = path ? encodeURIComponent(path).replace(/%2F/g, '/') : '';
+      const apiPath = `/repos/${encodeURIComponent(org)}/${encodeURIComponent(repo)}/raw/${encodedPath}?ref=${encodeURIComponent(ref)}`;
+      return rawRawRequest(apiPath);
+    },
+
+    /**
+     * List branches for a repository.
+     * Uses GET /api/v1/repos/{owner}/{repo}/branches
+     *
+     * @param {string} org
+     * @param {string} repo
+     * @returns {Promise<Array<{name:string,sha:string,protected:boolean}>|null>}
+     */
+    async listBranches(org, repo) {
+      const data = await rawRequest(`/repos/${encodeURIComponent(org)}/${encodeURIComponent(repo)}/branches`);
+      if (data === null) return null;
+      return data.map((b) => ({
+        name: b.name,
+        sha: b.commit?.id || b.commit?.sha || '',
+        protected: b.protected || false,
+      }));
+    },
+
+    /**
+     * Get file metadata + base64-decoded content for a path.
+     * Uses GET /api/v1/repos/{owner}/{repo}/contents/{path}?ref={ref}
+     *
+     * @param {string} org
+     * @param {string} repo
+     * @param {string} ref
+     * @param {string} path
+     * @returns {Promise<{path:string,content:string,size:number,sha:string,encoding:string}|null>}
+     */
+    async getFileContent(org, repo, ref, path) {
+      const encodedPath = path ? encodeURIComponent(path).replace(/%2F/g, '/') : '';
+      const apiPath = `/repos/${encodeURIComponent(org)}/${encodeURIComponent(repo)}/contents/${encodedPath}?ref=${encodeURIComponent(ref)}`;
+      const data = await rawRequest(apiPath);
+      if (data === null || Array.isArray(data)) return null; // null = not found, array = directory
+
+      // Gitea returns content as base64 — decode it
+      const rawContent = data.content
+        ? Buffer.from(data.content.replace(/\n/g, ''), 'base64').toString('utf8')
+        : '';
+
+      return {
+        path: data.path || path,
+        content: rawContent,
+        size: data.size || Buffer.byteLength(rawContent, 'utf8'),
+        sha: data.sha,
+        encoding: 'utf-8',
+        lastCommit: data.last_commit_sha || null,
+      };
+    },
+
+    /**
+     * Create a repository inside an org.
+     * Delegates to the underlying gitea-backend.
+     *
+     * @param {string} org
+     * @param {string} name
+     * @param {{ private?: boolean, defaultBranch?: string, description?: string }} [repoOptions]
+     */
+    async createRepository(org, name, repoOptions = {}) {
+      return backend.createRepository({
+        owner: org,
+        name,
+        private: repoOptions.private ?? true,
+        defaultBranch: repoOptions.defaultBranch || 'main',
+        description: repoOptions.description || '',
+      });
+    },
+  };
+}

package/src/handoff.js

@@ -0,0 +1,98 @@
+export const HANDOFF_COMMANDS = Object.freeze({
+  build: 'npm run build',
+  demo: 'npm run demo',
+  serve: 'npm run serve',
+  check: 'npm run check',
+  test: 'npm test',
+  smoke: 'npm run smoke',
+  validateDocs: 'npm run validate:docs',
+  e2e: 'npm run e2e',
+  packageCheck: 'npm run package:check',
+  setupMinikube: 'npm run setup:minikube -- --dry-run',
+  dev: 'npm run dev',
+  uiBuild: 'npm run ui:build',
+  uiValidate: 'npm run ui:validate'
+});
+
+export const HANDOFF_DOCS = Object.freeze([
+  'docs/README.md',
+  'docs/product-requirements.md',
+  'docs/system-requirements.md',
+  'docs/architecture-spec.md',
+  'docs/user-stories.md',
+  'docs/roadmap-mvp.md',
+  'docs/local-minikube.md',
+  'docs/install.md',
+  'docs/ontology/README.md'
+]);
+
+export function createKrateHandoffSummary(demo, { packageInfo = {}, generatedAt = new Date().toISOString() } = {}) {
+  const smoke = demo.smoke || { ok: true, assertions: [] };
+  return {
+    project: 'Krate',
+    description: 'Kubernetes-native forge runtime with Argo CD and Krate-managed repository hosting',
+    package: {
+      name: packageInfo.name || 'krate',
+      version: packageInfo.version || '0.1.0',
+      private: packageInfo.private !== false
+    },
+    entrypoints: {
+      library: './src/index.js',
+      cli: './bin/krate-demo.mjs',
+      runtimeServer: './bin/krate-server.mjs',
+      webPreview: './public/index.html',
+      nextUi: './apps/web',
+      generatedSummary: './dist/krate-summary.json',
+      lifecycleSnapshot: './dist/krate-lifecycle.json',
+      helmChart: './charts/krate',
+      minikubeSetup: './scripts/setup-minikube.mjs'
+    },
+    commands: { ...HANDOFF_COMMANDS },
+    docs: [...HANDOFF_DOCS],
+    components: demo.components || [],
+    lifecycle: demo.lifecycle || null,
+    resources: Object.fromEntries(Object.entries(demo.resources).map(([key, value]) => [key, value?.kind || 'workflow'])),
+    storage: demo.controlPlane.storageReport(),
+    excellentFlows: demo.ui.dashboard.excellentFlows,
+    agents: demo.agents ? {
+      stacks: demo.agents.stacks?.count || 0,
+      runs: demo.agents.runs?.count || 0,
+      activeRuns: demo.agents.runs?.active?.length || 0,
+      rules: demo.agents.rules?.count || 0,
+      sessions: demo.agents.sessions?.count || 0,
+      workspaces: demo.agents.workspaces?.count || 0,
+      pendingApprovals: demo.agents.approvals?.pending?.length || 0
+    } : null,
+    operations: { chartPackage: demo.operations.chartPackage, localSetup: demo.operations.localSetup },
+    releaseGates: demo.operations.releaseGates,
+    smoke: {
+      ok: smoke.ok,
+      assertions: smoke.assertions.map(([name, passed]) => ({ name, passed }))
+    },
+    generatedAt
+  };
+}
+
+export function formatHandoffSummary(summary) {
+  const lines = [
+    `${summary.project} ${summary.package.version} — ${summary.description}`,
+    '',
+    'Entrypoints:',
+    ...Object.entries(summary.entrypoints).map(([name, target]) => `- ${name}: ${target}`),
+    '',
+    'Commands:',
+    ...Object.entries(summary.commands).map(([name, command]) => `- ${name}: ${command}`),
+    '',
+    'Storage boundary:',
+    `- etcd: ${summary.storage.etcd.join(', ')}`,
+    `- postgres: ${summary.storage.postgres.join(', ')}`,
+    '',
+    'Excellent flows:',
+    ...summary.excellentFlows.map((flow) => `- ${flow}`),
+    '',
+    `Smoke: ${summary.smoke.ok ? 'pass' : 'fail'}`
+  ];
+  return `${lines.join('\n')}\n`;
+}
+
+

package/src/hooks-events.js

@@ -0,0 +1,63 @@
+import { createHmac } from 'node:crypto';
+import { createResource } from './resource-model.js';
+
+export class WebhookBus {
+  constructor({ controlPlane, secret = 'krate-dev-secret' }) { this.controlPlane = controlPlane; this.secret = secret; }
+
+  subscribe({ name, namespace = 'krate-org-default', organizationRef = 'default', url, events = ['pullrequest.created'], mode = 'active' }, user) {
+    return this.controlPlane.create(createResource('WebhookSubscription', { name, namespace }, {
+      organizationRef, url, events, signing: { algorithm: 'hmac-sha256', secretRef: `${name}-secret` }, mode
+    }, { ready: true }), user);
+  }
+
+  sign(payload) { return createHmac('sha256', this.secret).update(JSON.stringify(payload)).digest('hex'); }
+
+  deliver({ subscriptionName, namespace = 'krate-org-default', organizationRef = 'default', eventType, payload, response = { status: 202, body: 'accepted' } }, user) {
+    const subscription = this.controlPlane.get('WebhookSubscription', namespace, subscriptionName);
+    if (!subscription) throw new Error(`WebhookSubscription ${subscriptionName} not found`);
+    if (!subscription.spec.events.includes(eventType)) throw new Error(`${subscriptionName} does not subscribe to ${eventType}`);
+    const delivery = createResource('WebhookDelivery', {
+      name: `${subscriptionName}-${Date.now()}-${this.controlPlane.list('WebhookDelivery', { namespace }).items.length + 1}`,
+      namespace,
+      labels: { subscription: subscriptionName, eventType }
+    }, {
+      organizationRef: subscription.spec.organizationRef || organizationRef,
+      subscription: subscriptionName,
+      url: subscription.spec.url,
+      eventType,
+      payload,
+      signature: this.sign(payload),
+      replayOf: payload.replayOf || null
+    }, {
+      phase: response.status >= 200 && response.status < 300 ? 'Delivered' : 'Failed',
+      response,
+      attempts: 1
+    });
+    return this.controlPlane.create(delivery, user);
+  }
+
+  replay(delivery, user) {
+    return this.deliver({
+      subscriptionName: delivery.spec.subscription,
+      namespace: delivery.metadata.namespace,
+      organizationRef: delivery.spec.organizationRef,
+      eventType: delivery.spec.eventType,
+      payload: { ...delivery.spec.payload, replayOf: delivery.metadata.name },
+      response: { status: 202, body: 'replayed' }
+    }, user);
+  }
+
+  inspect(delivery) {
+    return {
+      name: delivery.metadata.name,
+      subscription: delivery.spec.subscription,
+      eventType: delivery.spec.eventType,
+      phase: delivery.status.phase,
+      attempts: delivery.status.attempts,
+      response: delivery.status.response,
+      signature: delivery.spec.signature,
+      replayOf: delivery.spec.replayOf,
+      replayable: Boolean(delivery.spec.subscription && delivery.spec.eventType)
+    };
+  }
+}