npm - @a5c-ai/krate - Versions diffs - 5.0.1-staging.04a3db697 - Mend

@a5c-ai/krate 5.0.1-staging.04a3db697

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (246) hide show

package/Dockerfile +31 -0
package/README.md +183 -0
package/bin/krate-demo.mjs +23 -0
package/bin/krate-server.mjs +14 -0
package/dist/krate-controller-ui.json +3067 -0
package/dist/krate-lifecycle.json +201 -0
package/dist/krate-runtime-snapshot.json +2955 -0
package/dist/krate-summary.json +722 -0
package/docs/README.md +61 -0
package/docs/agents/README.md +83 -0
package/docs/agents/acceptance-test-matrix.md +193 -0
package/docs/agents/agent-mux-adapter-contract.md +167 -0
package/docs/agents/agent-mux-source-map.md +310 -0
package/docs/agents/agent-run-memory-import-spec.md +256 -0
package/docs/agents/agent-stack-management-spec.md +421 -0
package/docs/agents/api-contract-spec.md +309 -0
package/docs/agents/artifacts-writeback-spec.md +145 -0
package/docs/agents/chart-packaging-spec.md +128 -0
package/docs/agents/ci-orchestration-spec.md +140 -0
package/docs/agents/context-assembly-spec.md +219 -0
package/docs/agents/controller-reconciliation-spec.md +255 -0
package/docs/agents/crd-schema-spec.md +315 -0
package/docs/agents/decision-log-open-questions.md +169 -0
package/docs/agents/developer-implementation-checklist.md +329 -0
package/docs/agents/dispatching-design.md +262 -0
package/docs/agents/gaps-agent-mux-to-krate-crds.md +298 -0
package/docs/agents/glossary.md +66 -0
package/docs/agents/implementation-blueprint.md +324 -0
package/docs/agents/implementation-rollout-slices.md +251 -0
package/docs/agents/memory-context-integration-spec.md +194 -0
package/docs/agents/memory-ontology-schema-spec.md +253 -0
package/docs/agents/memory-operations-runbook.md +121 -0
package/docs/agents/mvp-vertical-slice-spec.md +146 -0
package/docs/agents/observability-audit-spec.md +265 -0
package/docs/agents/operator-runbook.md +174 -0
package/docs/agents/org-memory-api-payload-examples.md +333 -0
package/docs/agents/org-memory-controller-sequence-spec.md +181 -0
package/docs/agents/org-memory-e2e-fixture-plan.md +161 -0
package/docs/agents/org-memory-ui-implementation-map.md +114 -0
package/docs/agents/org-memory-vertical-slice-spec.md +168 -0
package/docs/agents/org-resource-model-delta-spec.md +111 -0
package/docs/agents/org-route-resource-model-spec.md +183 -0
package/docs/agents/org-scoping-namespace-spec.md +114 -0
package/docs/agents/rbac-secrets-management-spec.md +406 -0
package/docs/agents/repository-page-integration-spec.md +255 -0
package/docs/agents/resource-contract-examples.md +808 -0
package/docs/agents/resource-relationship-map.md +190 -0
package/docs/agents/security-threat-model.md +188 -0
package/docs/agents/shared-memory-company-brain-spec.md +358 -0
package/docs/agents/storage-migration-spec.md +168 -0
package/docs/agents/subagent-orchestration-spec.md +152 -0
package/docs/agents/system-overview.md +88 -0
package/docs/agents/tools-mcp-skills-spec.md +189 -0
package/docs/agents/traceability-matrix.md +79 -0
package/docs/agents/ui-flow-spec.md +211 -0
package/docs/agents/ui-ux-system-spec.md +426 -0
package/docs/agents/workspace-lifecycle-spec.md +166 -0
package/docs/architecture-spec.md +78 -0
package/docs/components/control-plane.md +78 -0
package/docs/components/data-plane.md +69 -0
package/docs/components/hooks-events.md +67 -0
package/docs/components/identity-rbac-policy.md +73 -0
package/docs/components/kubevela-oam.md +70 -0
package/docs/components/operations-publishing.md +81 -0
package/docs/components/runners-ci.md +66 -0
package/docs/components/web-ui.md +94 -0
package/docs/external/README.md +47 -0
package/docs/external/bidirectional-sync-design.md +134 -0
package/docs/external/cicd-interface.md +64 -0
package/docs/external/external-backend-controllers.md +170 -0
package/docs/external/external-backend-crds.md +234 -0
package/docs/external/external-backend-ui-spec.md +151 -0
package/docs/external/external-backend-ux-flows.md +115 -0
package/docs/external/external-object-mapping.md +125 -0
package/docs/external/git-forge-interface.md +68 -0
package/docs/external/github-integration-design.md +151 -0
package/docs/external/issue-tracking-interface.md +66 -0
package/docs/external/provider-capability-manifests.md +204 -0
package/docs/external/provider-catalog.md +139 -0
package/docs/external/provider-rollout-testing.md +78 -0
package/docs/external/research-results.md +48 -0
package/docs/external/security-auth-permissions.md +81 -0
package/docs/external/sync-state-machines.md +108 -0
package/docs/external/unified-external-backend-model.md +107 -0
package/docs/external/user-facing-changes.md +67 -0
package/docs/gaps.md +161 -0
package/docs/install.md +94 -0
package/docs/krate-design.md +334 -0
package/docs/local-minikube.md +55 -0
package/docs/ontology/README.md +32 -0
package/docs/ontology/bounded-contexts.md +29 -0
package/docs/ontology/events-and-hooks.md +32 -0
package/docs/ontology/oam-kubevela.md +32 -0
package/docs/ontology/operations-and-release.md +25 -0
package/docs/ontology/personas-and-actors.md +32 -0
package/docs/ontology/policies-and-invariants.md +33 -0
package/docs/ontology/problem-space.md +30 -0
package/docs/ontology/resource-contracts.md +40 -0
package/docs/ontology/resource-taxonomy.md +42 -0
package/docs/ontology/runners-and-ci.md +29 -0
package/docs/ontology/solution-space.md +24 -0
package/docs/ontology/storage-and-data-boundaries.md +29 -0
package/docs/ontology/validation-matrix.md +24 -0
package/docs/ontology/web-ui-excellent-flows.md +32 -0
package/docs/ontology/workflows.md +39 -0
package/docs/ontology/world.md +35 -0
package/docs/product-requirements.md +62 -0
package/docs/roadmap-mvp.md +87 -0
package/docs/system-requirements.md +90 -0
package/docs/tests/README.md +53 -0
package/docs/tests/agent-qa-plan.md +63 -0
package/docs/tests/browser-ui-tests.md +62 -0
package/docs/tests/ci-quality-gates.md +48 -0
package/docs/tests/coverage-model.md +64 -0
package/docs/tests/e2e-scenario-tests.md +53 -0
package/docs/tests/fixtures-test-data.md +63 -0
package/docs/tests/observability-reliability-tests.md +54 -0
package/docs/tests/product-test-matrix.md +145 -0
package/docs/tests/qa-adoption-roadmap.md +130 -0
package/docs/tests/qa-automation-plan.md +101 -0
package/docs/tests/security-compliance-tests.md +57 -0
package/docs/tests/test-framework-tools.md +88 -0
package/docs/tests/test-suite-layout.md +121 -0
package/docs/tests/unit-integration-tests.md +48 -0
package/docs/todo-kyverno +714 -0
package/docs/todos.md +4 -0
package/docs/user-stories.md +78 -0
package/examples/minikube-demo.yaml +190 -0
package/examples/oam-application.yaml +23 -0
package/examples/policy-kyverno-pr-title.yaml +18 -0
package/package.json +63 -0
package/scripts/build.mjs +29 -0
package/scripts/setup-minikube.mjs +65 -0
package/scripts/smoke.mjs +37 -0
package/scripts/validate-doc-coverage.mjs +152 -0
package/scripts/validate-package.mjs +93 -0
package/scripts/validate-ui.mjs +236 -0
package/src/agent-adapter-controller.js +169 -0
package/src/agent-approval-controller.js +170 -0
package/src/agent-context-bundles.js +242 -0
package/src/agent-dispatch-controller.js +209 -0
package/src/agent-gateway-config-controller.js +147 -0
package/src/agent-memory-controller.js +357 -0
package/src/agent-memory-import.js +327 -0
package/src/agent-memory-query.js +292 -0
package/src/agent-memory-repository-source-controller.js +255 -0
package/src/agent-mux-client.js +280 -0
package/src/agent-permission-review.js +250 -0
package/src/agent-project-controller.js +117 -0
package/src/agent-provider-config-controller.js +150 -0
package/src/agent-secret-config-grant-controller.js +282 -0
package/src/agent-session-transcript-controller.js +189 -0
package/src/agent-stack-controller.js +347 -0
package/src/agent-subagent-controller.js +160 -0
package/src/agent-transport-binding-controller.js +121 -0
package/src/agent-trigger-controller.js +321 -0
package/src/agent-workspace-controller.js +447 -0
package/src/agent-writeback-controller.js +302 -0
package/src/api-controller.js +541 -0
package/src/argocd-gitops.js +43 -0
package/src/async-controller.js +207 -0
package/src/audit-controller.js +191 -0
package/src/auth.js +307 -0
package/src/component-catalog.js +41 -0
package/src/control-plane.js +136 -0
package/src/controller-client.js +50 -0
package/src/controller-ui.js +551 -0
package/src/data-plane.js +178 -0
package/src/event-bus.js +61 -0
package/src/external/conflict-controller.js +225 -0
package/src/external/github/auth.js +96 -0
package/src/external/github/cicd.js +180 -0
package/src/external/github/git-forge.js +240 -0
package/src/external/github/index.js +144 -0
package/src/external/github/issue-tracking.js +163 -0
package/src/external/provider-adapter.js +161 -0
package/src/external/provider-resource-factory.js +161 -0
package/src/external/sync-controller.js +235 -0
package/src/external/webhook-controller.js +144 -0
package/src/external/write-controller.js +283 -0
package/src/gitea-backend.js +95 -0
package/src/gitea-service.js +173 -0
package/src/handoff.js +98 -0
package/src/hooks-events.js +63 -0
package/src/http-server.js +377 -0
package/src/identity-policy.js +86 -0
package/src/index.js +55 -0
package/src/kubernetes-controller-async.js +511 -0
package/src/kubernetes-controller.js +878 -0
package/src/kubernetes-resource-gateway.js +48 -0
package/src/operations.js +112 -0
package/src/org-scoping.js +5 -0
package/src/resource-model.js +221 -0
package/src/runners-ci.js +48 -0
package/src/runtime.js +196 -0
package/src/snapshot-cache.js +157 -0
package/src/web-ui.js +40 -0
package/tests/agent-adapter-controller.test.js +361 -0
package/tests/agent-approval-controller.test.js +173 -0
package/tests/agent-context-bundles.test.js +278 -0
package/tests/agent-dispatch-controller.test.js +315 -0
package/tests/agent-gateway-config-controller.test.js +386 -0
package/tests/agent-memory-controller.test.js +308 -0
package/tests/agent-memory-import-snapshot.test.js +477 -0
package/tests/agent-memory-query.test.js +404 -0
package/tests/agent-memory-repository-source.test.js +514 -0
package/tests/agent-mux-client.test.js +204 -0
package/tests/agent-permission-review-v2.test.js +317 -0
package/tests/agent-permission-review.test.js +209 -0
package/tests/agent-project-controller.test.js +302 -0
package/tests/agent-provider-config-controller.test.js +376 -0
package/tests/agent-resources.test.js +228 -0
package/tests/agent-secret-config-grant.test.js +231 -0
package/tests/agent-session-transcript-controller.test.js +499 -0
package/tests/agent-stack-controller.test.js +221 -0
package/tests/agent-subagent-controller.test.js +201 -0
package/tests/agent-transport-binding-controller.test.js +294 -0
package/tests/agent-trigger-controller.test.js +211 -0
package/tests/agent-trigger-routes.test.js +190 -0
package/tests/agent-trigger-sources.test.js +245 -0
package/tests/agent-workspace-controller.test.js +181 -0
package/tests/agent-writeback.test.js +292 -0
package/tests/approval-persistence.test.js +171 -0
package/tests/async-controller.test.js +252 -0
package/tests/audit-controller.test.js +227 -0
package/tests/deployment.test.js +396 -0
package/tests/e2e/lifecycle.test.js +117 -0
package/tests/external-github-forge.test.js +560 -0
package/tests/external-github-issues-cicd.test.js +520 -0
package/tests/external-integration.test.js +470 -0
package/tests/external-persistence.test.js +340 -0
package/tests/external-provider-adapter.test.js +365 -0
package/tests/external-resource-model.test.js +215 -0
package/tests/external-webhook-sync.test.js +287 -0
package/tests/external-write-conflict.test.js +353 -0
package/tests/gitea-service.test.js +253 -0
package/tests/health-check-real.test.js +165 -0
package/tests/integration/full-flow.test.js +266 -0
package/tests/krate.test.js +727 -0
package/tests/memory-search-wiring.test.js +270 -0
package/tests/org-scoping.test.js +687 -0
package/tests/session-cookie-hmac.test.js +151 -0
package/tests/snapshot-performance.test.js +247 -0
package/tests/sse-events.test.js +107 -0
package/tests/workspace-volumes.test.js +312 -0
package/tests/writeback-persistence.test.js +207 -0

package/tests/agent-secret-config-grant.test.js ADDED Viewed

@@ -0,0 +1,231 @@
+import assert from 'node:assert/strict';
+import test from 'node:test';
+import {
+  createAgentSecretGrantController,
+  createAgentConfigGrantController,
+  validateAgentSecretGrant,
+  validateAgentConfigGrant,
+  listGrantsForAgent,
+  revokeGrant
+} from '../src/agent-secret-config-grant-controller.js';
+// ---------------------------------------------------------------------------
+// validateAgentSecretGrant
+// ---------------------------------------------------------------------------
+test('validateAgentSecretGrant returns valid for complete input', () => {
+  const result = validateAgentSecretGrant({
+    name: 'grant-db-password',
+    orgRef: 'acme',
+    secretName: 'db-password',
+    grantedTo: 'agent-stack-1',
+    permissions: ['read']
+  });
+  assert.equal(result.valid, true);
+  assert.equal(result.errors.length, 0);
+});
+test('validateAgentSecretGrant rejects missing name', () => {
+  const result = validateAgentSecretGrant({
+    orgRef: 'acme',
+    secretName: 'db-password',
+    grantedTo: 'agent-stack-1',
+    permissions: ['read']
+  });
+  assert.equal(result.valid, false);
+  assert.ok(result.errors.some((e) => e.includes('name')));
+});
+test('validateAgentSecretGrant rejects invalid permissions', () => {
+  const result = validateAgentSecretGrant({
+    name: 'grant-1',
+    orgRef: 'acme',
+    secretName: 'db-password',
+    grantedTo: 'agent-stack-1',
+    permissions: ['delete']
+  });
+  assert.equal(result.valid, false);
+  assert.ok(result.errors.some((e) => e.includes('invalid permissions')));
+});
+test('validateAgentSecretGrant rejects empty permissions array', () => {
+  const result = validateAgentSecretGrant({
+    name: 'grant-1',
+    orgRef: 'acme',
+    secretName: 'db-password',
+    grantedTo: 'agent-stack-1',
+    permissions: []
+  });
+  assert.equal(result.valid, false);
+});
+// ---------------------------------------------------------------------------
+// validateAgentConfigGrant
+// ---------------------------------------------------------------------------
+test('validateAgentConfigGrant returns valid for complete input', () => {
+  const result = validateAgentConfigGrant({
+    name: 'grant-app-config',
+    orgRef: 'acme',
+    configMapName: 'app-config',
+    grantedTo: 'agent-stack-2'
+  });
+  assert.equal(result.valid, true);
+});
+test('validateAgentConfigGrant rejects missing configMapName', () => {
+  const result = validateAgentConfigGrant({
+    name: 'grant-1',
+    orgRef: 'acme',
+    grantedTo: 'agent-stack-2'
+  });
+  assert.equal(result.valid, false);
+  assert.ok(result.errors.some((e) => e.includes('configMapName')));
+});
+// ---------------------------------------------------------------------------
+// createAgentSecretGrantController
+// ---------------------------------------------------------------------------
+test('createSecretGrant creates AgentSecretGrant resource with Active status', () => {
+  const controller = createAgentSecretGrantController();
+  const result = controller.createSecretGrant({
+    name: 'grant-api-key',
+    orgRef: 'acme',
+    secretName: 'api-key',
+    grantedTo: 'agent-stack-1',
+    permissions: ['read', 'mount']
+  });
+  assert.ok(!result.error, 'Should succeed');
+  assert.ok(result.grant, 'Should return a grant resource');
+  assert.equal(result.grant.kind, 'AgentSecretGrant');
+  assert.equal(result.grant.status.phase, 'Active');
+  assert.equal(result.grant.spec.secretName, 'api-key');
+  assert.equal(result.grant.spec.grantedTo, 'agent-stack-1');
+  assert.deepEqual(result.grant.spec.permissions, ['read', 'mount']);
+});
+test('createSecretGrant returns error for invalid input', () => {
+  const controller = createAgentSecretGrantController();
+  const result = controller.createSecretGrant({
+    name: '',
+    orgRef: 'acme',
+    secretName: 'key',
+    grantedTo: 'agent-1',
+    permissions: ['read']
+  });
+  assert.ok(result.error, 'Should return an error');
+  assert.ok(result.message);
+});
+test('createSecretGrant calls persistFn', async () => {
+  const persisted = [];
+  const controller = createAgentSecretGrantController({ persistFn: (r) => persisted.push(r) });
+  controller.createSecretGrant({
+    name: 'grant-persist-test',
+    orgRef: 'acme',
+    secretName: 'my-secret',
+    grantedTo: 'agent-stack-1',
+    permissions: ['read']
+  });
+  await new Promise((r) => setTimeout(r, 10));
+  assert.equal(persisted.length, 1);
+  assert.equal(persisted[0].kind, 'AgentSecretGrant');
+});
+// ---------------------------------------------------------------------------
+// createAgentConfigGrantController
+// ---------------------------------------------------------------------------
+test('createConfigGrant creates AgentConfigGrant resource with Active status', () => {
+  const controller = createAgentConfigGrantController();
+  const result = controller.createConfigGrant({
+    name: 'grant-app-cfg',
+    orgRef: 'acme',
+    configMapName: 'app-config',
+    grantedTo: 'agent-stack-2'
+  });
+  assert.ok(!result.error, 'Should succeed');
+  assert.ok(result.grant, 'Should return a grant resource');
+  assert.equal(result.grant.kind, 'AgentConfigGrant');
+  assert.equal(result.grant.status.phase, 'Active');
+  assert.equal(result.grant.spec.configMapName, 'app-config');
+  assert.equal(result.grant.spec.grantedTo, 'agent-stack-2');
+});
+test('createConfigGrant returns error for invalid input', () => {
+  const controller = createAgentConfigGrantController();
+  const result = controller.createConfigGrant({
+    name: 'grant-bad',
+    orgRef: 'acme',
+    configMapName: '',
+    grantedTo: 'agent-1'
+  });
+  assert.ok(result.error, 'Should return an error');
+});
+// ---------------------------------------------------------------------------
+// listGrantsForAgent
+// ---------------------------------------------------------------------------
+test('listGrantsForAgent filters by grantedTo field', () => {
+  const grants = [
+    { metadata: { name: 'g1' }, spec: { grantedTo: 'agent-1' } },
+    { metadata: { name: 'g2' }, spec: { grantedTo: 'agent-2' } },
+    { metadata: { name: 'g3' }, spec: { grantedTo: 'agent-1' } }
+  ];
+  const result = listGrantsForAgent(grants, 'agent-1');
+  assert.equal(result.length, 2);
+  assert.ok(result.every((g) => g.spec.grantedTo === 'agent-1'));
+});
+test('listGrantsForAgent returns empty array for unknown agent', () => {
+  const grants = [{ metadata: { name: 'g1' }, spec: { grantedTo: 'agent-1' } }];
+  const result = listGrantsForAgent(grants, 'agent-unknown');
+  assert.equal(result.length, 0);
+});
+// ---------------------------------------------------------------------------
+// revokeGrant
+// ---------------------------------------------------------------------------
+test('revokeGrant transitions grant phase to Revoked', () => {
+  const grants = [
+    { metadata: { name: 'grant-1' }, spec: { secretName: 'key' }, status: { phase: 'Active' } }
+  ];
+  const result = revokeGrant(grants, 'grant-1');
+  assert.ok(!result.error, 'Should succeed');
+  assert.equal(result.grant.status.phase, 'Revoked');
+  assert.ok(result.grant.status.revokedAt, 'Should set revokedAt timestamp');
+});
+test('revokeGrant returns error for unknown grant name', () => {
+  const result = revokeGrant([], 'nonexistent-grant');
+  assert.ok(result.error, 'Should return an error');
+  assert.equal(result.reason, 'not-found');
+});
+test('revokeGrant returns error for already-revoked grant', () => {
+  const grants = [
+    { metadata: { name: 'grant-already' }, spec: {}, status: { phase: 'Revoked', revokedAt: new Date().toISOString() } }
+  ];
+  const result = revokeGrant(grants, 'grant-already');
+  assert.ok(result.error, 'Should return an error');
+  assert.equal(result.reason, 'already-revoked');
+});
+test('controller.revokeGrant works end-to-end via secret grant controller', () => {
+  const controller = createAgentSecretGrantController();
+  const { grant } = controller.createSecretGrant({
+    name: 'grant-to-revoke',
+    orgRef: 'acme',
+    secretName: 'my-key',
+    grantedTo: 'agent-stack-1',
+    permissions: ['read']
+  });
+  const result = controller.revokeGrant('grant-to-revoke', [grant]);
+  assert.ok(!result.error, 'Should succeed');
+  assert.equal(result.grant.status.phase, 'Revoked');
+});