npm - @a5c-ai/krate - Versions diffs - 5.0.1-staging.f672fe79b - Mend

@a5c-ai/krate 5.0.1-staging.f672fe79b

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (174) hide show

package/Dockerfile +29 -0
package/README.md +183 -0
package/bin/krate-demo.mjs +23 -0
package/bin/krate-server.mjs +14 -0
package/dist/krate-controller-ui.json +2407 -0
package/dist/krate-lifecycle.json +201 -0
package/dist/krate-runtime-snapshot.json +2955 -0
package/dist/krate-summary.json +687 -0
package/docs/README.md +61 -0
package/docs/agents/README.md +83 -0
package/docs/agents/acceptance-test-matrix.md +193 -0
package/docs/agents/agent-mux-adapter-contract.md +167 -0
package/docs/agents/agent-mux-source-map.md +310 -0
package/docs/agents/agent-run-memory-import-spec.md +256 -0
package/docs/agents/agent-stack-management-spec.md +421 -0
package/docs/agents/api-contract-spec.md +309 -0
package/docs/agents/artifacts-writeback-spec.md +145 -0
package/docs/agents/chart-packaging-spec.md +128 -0
package/docs/agents/ci-orchestration-spec.md +140 -0
package/docs/agents/context-assembly-spec.md +219 -0
package/docs/agents/controller-reconciliation-spec.md +255 -0
package/docs/agents/crd-schema-spec.md +315 -0
package/docs/agents/decision-log-open-questions.md +169 -0
package/docs/agents/developer-implementation-checklist.md +329 -0
package/docs/agents/dispatching-design.md +262 -0
package/docs/agents/glossary.md +66 -0
package/docs/agents/implementation-blueprint.md +324 -0
package/docs/agents/implementation-rollout-slices.md +251 -0
package/docs/agents/memory-context-integration-spec.md +194 -0
package/docs/agents/memory-ontology-schema-spec.md +253 -0
package/docs/agents/memory-operations-runbook.md +121 -0
package/docs/agents/mvp-vertical-slice-spec.md +146 -0
package/docs/agents/observability-audit-spec.md +265 -0
package/docs/agents/operator-runbook.md +174 -0
package/docs/agents/org-memory-api-payload-examples.md +333 -0
package/docs/agents/org-memory-controller-sequence-spec.md +181 -0
package/docs/agents/org-memory-e2e-fixture-plan.md +161 -0
package/docs/agents/org-memory-ui-implementation-map.md +114 -0
package/docs/agents/org-memory-vertical-slice-spec.md +168 -0
package/docs/agents/org-resource-model-delta-spec.md +111 -0
package/docs/agents/org-route-resource-model-spec.md +183 -0
package/docs/agents/org-scoping-namespace-spec.md +114 -0
package/docs/agents/rbac-secrets-management-spec.md +406 -0
package/docs/agents/repository-page-integration-spec.md +255 -0
package/docs/agents/resource-contract-examples.md +808 -0
package/docs/agents/resource-relationship-map.md +190 -0
package/docs/agents/security-threat-model.md +188 -0
package/docs/agents/shared-memory-company-brain-spec.md +358 -0
package/docs/agents/storage-migration-spec.md +168 -0
package/docs/agents/subagent-orchestration-spec.md +152 -0
package/docs/agents/system-overview.md +88 -0
package/docs/agents/tools-mcp-skills-spec.md +189 -0
package/docs/agents/traceability-matrix.md +79 -0
package/docs/agents/ui-flow-spec.md +211 -0
package/docs/agents/ui-ux-system-spec.md +426 -0
package/docs/agents/workspace-lifecycle-spec.md +166 -0
package/docs/architecture-spec.md +78 -0
package/docs/components/control-plane.md +78 -0
package/docs/components/data-plane.md +69 -0
package/docs/components/hooks-events.md +67 -0
package/docs/components/identity-rbac-policy.md +73 -0
package/docs/components/kubevela-oam.md +70 -0
package/docs/components/operations-publishing.md +81 -0
package/docs/components/runners-ci.md +66 -0
package/docs/components/web-ui.md +94 -0
package/docs/external/README.md +47 -0
package/docs/external/bidirectional-sync-design.md +134 -0
package/docs/external/cicd-interface.md +64 -0
package/docs/external/external-backend-controllers.md +170 -0
package/docs/external/external-backend-crds.md +234 -0
package/docs/external/external-backend-ui-spec.md +151 -0
package/docs/external/external-backend-ux-flows.md +115 -0
package/docs/external/external-object-mapping.md +125 -0
package/docs/external/git-forge-interface.md +68 -0
package/docs/external/github-integration-design.md +151 -0
package/docs/external/issue-tracking-interface.md +66 -0
package/docs/external/provider-capability-manifests.md +204 -0
package/docs/external/provider-catalog.md +139 -0
package/docs/external/provider-rollout-testing.md +78 -0
package/docs/external/research-results.md +48 -0
package/docs/external/security-auth-permissions.md +81 -0
package/docs/external/sync-state-machines.md +108 -0
package/docs/external/unified-external-backend-model.md +107 -0
package/docs/external/user-facing-changes.md +67 -0
package/docs/gaps.md +161 -0
package/docs/install.md +94 -0
package/docs/krate-design.md +334 -0
package/docs/local-minikube.md +55 -0
package/docs/ontology/README.md +32 -0
package/docs/ontology/bounded-contexts.md +29 -0
package/docs/ontology/events-and-hooks.md +32 -0
package/docs/ontology/oam-kubevela.md +32 -0
package/docs/ontology/operations-and-release.md +25 -0
package/docs/ontology/personas-and-actors.md +32 -0
package/docs/ontology/policies-and-invariants.md +33 -0
package/docs/ontology/problem-space.md +30 -0
package/docs/ontology/resource-contracts.md +40 -0
package/docs/ontology/resource-taxonomy.md +42 -0
package/docs/ontology/runners-and-ci.md +29 -0
package/docs/ontology/solution-space.md +24 -0
package/docs/ontology/storage-and-data-boundaries.md +29 -0
package/docs/ontology/validation-matrix.md +24 -0
package/docs/ontology/web-ui-excellent-flows.md +32 -0
package/docs/ontology/workflows.md +39 -0
package/docs/ontology/world.md +35 -0
package/docs/product-requirements.md +62 -0
package/docs/roadmap-mvp.md +87 -0
package/docs/system-requirements.md +90 -0
package/docs/tests/README.md +53 -0
package/docs/tests/agent-qa-plan.md +63 -0
package/docs/tests/browser-ui-tests.md +62 -0
package/docs/tests/ci-quality-gates.md +48 -0
package/docs/tests/coverage-model.md +64 -0
package/docs/tests/e2e-scenario-tests.md +53 -0
package/docs/tests/fixtures-test-data.md +63 -0
package/docs/tests/observability-reliability-tests.md +54 -0
package/docs/tests/product-test-matrix.md +145 -0
package/docs/tests/qa-adoption-roadmap.md +130 -0
package/docs/tests/qa-automation-plan.md +101 -0
package/docs/tests/security-compliance-tests.md +57 -0
package/docs/tests/test-framework-tools.md +88 -0
package/docs/tests/test-suite-layout.md +121 -0
package/docs/tests/unit-integration-tests.md +48 -0
package/docs/todo-kyverno +714 -0
package/docs/user-stories.md +78 -0
package/examples/minikube-demo.yaml +190 -0
package/examples/oam-application.yaml +23 -0
package/examples/policy-kyverno-pr-title.yaml +18 -0
package/package.json +63 -0
package/scripts/build.mjs +29 -0
package/scripts/setup-minikube.mjs +65 -0
package/scripts/smoke.mjs +37 -0
package/scripts/validate-doc-coverage.mjs +152 -0
package/scripts/validate-package.mjs +93 -0
package/scripts/validate-ui.mjs +207 -0
package/src/agent-approval-controller.js +123 -0
package/src/agent-context-bundles.js +242 -0
package/src/agent-dispatch-controller.js +86 -0
package/src/agent-mux-client.js +280 -0
package/src/agent-permission-review.js +162 -0
package/src/agent-stack-controller.js +296 -0
package/src/agent-trigger-controller.js +108 -0
package/src/api-controller.js +206 -0
package/src/argocd-gitops.js +43 -0
package/src/auth.js +265 -0
package/src/component-catalog.js +41 -0
package/src/control-plane.js +136 -0
package/src/controller-client.js +38 -0
package/src/controller-ui.js +538 -0
package/src/data-plane.js +178 -0
package/src/gitea-backend.js +95 -0
package/src/handoff.js +98 -0
package/src/hooks-events.js +63 -0
package/src/http-server.js +151 -0
package/src/identity-policy.js +86 -0
package/src/index.js +30 -0
package/src/kubernetes-controller.js +812 -0
package/src/kubernetes-resource-gateway.js +48 -0
package/src/operations.js +112 -0
package/src/resource-model.js +203 -0
package/src/runners-ci.js +48 -0
package/src/runtime.js +196 -0
package/src/web-ui.js +40 -0
package/tests/agent-approval-controller.test.js +173 -0
package/tests/agent-context-bundles.test.js +278 -0
package/tests/agent-dispatch-controller.test.js +176 -0
package/tests/agent-mux-client.test.js +204 -0
package/tests/agent-permission-review.test.js +209 -0
package/tests/agent-resources.test.js +212 -0
package/tests/agent-stack-controller.test.js +221 -0
package/tests/agent-trigger-controller.test.js +211 -0
package/tests/deployment.test.js +395 -0
package/tests/e2e/lifecycle.test.js +117 -0
package/tests/krate.test.js +727 -0

package/docs/user-stories.md ADDED Viewed

@@ -0,0 +1,78 @@
+# User Stories
+## Developer stories
+### Open and review a PR
+As a developer, I want to review a PR in a three-pane view with file tree, diff, conversation, inline comments, suggested edits, and CI status so that I can complete reviews quickly.
+Acceptance criteria:
+- Given I open a PR, when the page loads, then I see changed files, diff, discussion, reviewers, merge state, and related pipeline runs.
+- Given I use keyboard shortcuts, when I press navigation keys, then I can move between files and comments without leaving the keyboard.
+- Given I add a suggested edit, when I submit it, then the UI exposes the equivalent resource/YAML mutation.
+### Debug a failing run
+As a developer, I want a live run view with step navigation, log streaming, failure copy, similar-run search, and rerun controls so that I can diagnose failures without switching tools.
+Acceptance criteria:
+- Given a job is running, when logs are emitted, then the UI streams them through SSE without polling.
+- Given a step fails, when I click find similar runs, then Krate queries pipelines by failure signature labels.
+- Given I rerun from a step, when I submit, then Krate creates a new `Pipeline` with `resumeFrom`.
+## Platform engineer stories
+### Configure a runner pool
+As a platform engineer, I want a split form/YAML runner pool editor so that pool configuration is easy to edit and still GitOps-auditable.
+Acceptance criteria:
+- Given I edit image, resources, node selector, warm replicas, max replicas, trust tier, and cache backend, when fields change, then YAML updates live.
+- Given I save, when the operation succeeds, then the same manifest can be copied as `kubectl apply`.
+- Given I click save to repo, when configured, then Krate opens a PR against the platform config repo.
+### Roll out PR policy safely
+As a platform engineer, I want policy templates, CEL/raw modes, audit preview, and enforcement controls so that I can govern PRs without breaking teams unexpectedly.
+Acceptance criteria:
+- Given I select a policy template, when I preview it, then existing PRs that would violate the policy are listed.
+- Given the policy is in audit mode, when a violating PR is created, then it is recorded but not blocked.
+- Given I switch to enforce mode, when a violating PR is created, then admission blocks it with an actionable message.
+## Repo admin stories
+### Add and verify a webhook
+As a repo admin, I want to create a webhook, send a test delivery, inspect failures, and replay deliveries so integrations are operationally transparent.
+Acceptance criteria:
+- Given I create a subscription, when I send a test delivery, then a `WebhookDelivery` resource appears within seconds.
+- Given delivery fails, when I open the log, then I see request headers, body, response, latency, retries, and error details.
+- Given I click replay, when secrets are current, then Krate re-fires the event and records a new delivery attempt.
+## Team lead stories
+### Cross-repo triage
+As a team lead, I want inbox filters and saved views stored as resources so that triage workflows can be versioned and shared.
+Acceptance criteria:
+- Given I create a filter for priority issues and PRs, when I save it, then Krate stores a `Selector` or `View` resource.
+- Given another user applies the resource, when they open the inbox, then they see the same triage view.
+- Given the view is exported, when committed to Git, then it can be reviewed and applied like any other config.
+## Excellent-flow coverage
+- Open and review a PR.
+- Debug a failing run.
+- Configure a runner pool.
+- Add a webhook and verify it works.
+- Write a PR policy with audit-to-enforce rollout.
+- Cross-repo triage with saved filters.

package/examples/minikube-demo.yaml ADDED Viewed

@@ -0,0 +1,190 @@
+apiVersion: krate.a5c.ai/v1alpha1
+kind: Organization
+metadata:
+  name: krate
+  namespace: krate-system
+spec:
+  displayName: Krate
+  description: Krate-managed default organization
+  owners:
+  - platform
+  slug: krate
+  namespaceName: krate-org-krate
+---
+apiVersion: krate.a5c.ai/v1alpha1
+kind: SSHKey
+metadata:
+  name: platform-deploy
+  namespace: krate-org-krate
+  labels:
+    krate.a5c.ai/org: krate
+    krate.a5c.ai/namespace: krate-org-krate
+spec:
+  scope: deploy
+  owner: krate
+  repository: krate-demo
+  title: platform deploy key
+  key: ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKrateDemoKey platform@example.test
+  readOnly: true
+  organizationRef: krate
+---
+apiVersion: krate.a5c.ai/v1alpha1
+kind: RepositoryPermission
+metadata:
+  name: krate-demo-maintainers
+  namespace: krate-org-krate
+  labels:
+    krate.a5c.ai/org: krate
+    krate.a5c.ai/namespace: krate-org-krate
+spec:
+  repository: krate-demo
+  subjectKind: team
+  subject: maintainers
+  permission: admin
+  organizationRef: krate
+---
+apiVersion: krate.a5c.ai/v1alpha1
+kind: Repository
+metadata:
+  name: krate-demo
+  namespace: krate-org-krate
+  labels:
+    krate.a5c.ai/org: krate
+    krate.a5c.ai/namespace: krate-org-krate
+spec:
+  visibility: internal
+  defaultBranch: main
+  organizationRef: krate
+---
+apiVersion: krate.a5c.ai/v1alpha1
+kind: BranchProtection
+metadata:
+  name: main-protection
+  namespace: krate-org-krate
+  labels:
+    krate.a5c.ai/org: krate
+    krate.a5c.ai/namespace: krate-org-krate
+spec:
+  refs:
+  - refs/heads/main
+  requirePullRequest: true
+  organizationRef: krate
+---
+apiVersion: krate.a5c.ai/v1alpha1
+kind: RefPolicy
+metadata:
+  name: deny-internal-refs
+  namespace: krate-org-krate
+  labels:
+    krate.a5c.ai/org: krate
+    krate.a5c.ai/namespace: krate-org-krate
+spec:
+  deny:
+  - refs/internal/
+  organizationRef: krate
+---
+apiVersion: krate.a5c.ai/v1alpha1
+kind: RunnerPool
+metadata:
+  name: trusted-linux
+  namespace: krate-org-krate
+  labels:
+    krate.a5c.ai/org: krate
+    krate.a5c.ai/namespace: krate-org-krate
+spec:
+  warmReplicas: 1
+  maxReplicas: 4
+  organizationRef: krate
+---
+apiVersion: krate.a5c.ai/v1alpha1
+kind: WebhookSubscription
+metadata:
+  name: chatops
+  namespace: krate-org-krate
+  labels:
+    krate.a5c.ai/org: krate
+    krate.a5c.ai/namespace: krate-org-krate
+spec:
+  url: https://hooks.example.test/krate
+  events:
+  - pullrequest.created
+  organizationRef: krate
+---
+apiVersion: krate.a5c.ai/v1alpha1
+kind: Pipeline
+metadata:
+  name: demo-pr-checks
+  labels:
+    repository: krate-demo
+    workflow: pull-request
+    krate.a5c.ai/org: krate
+    krate.a5c.ai/namespace: krate-org-krate
+  namespace: krate-org-krate
+spec:
+  repository: krate-demo
+  ref: refs/pull/1/head
+  runnerPool: trusted-linux
+  trustTier: trusted
+  steps:
+  - checkout
+  - test
+  - publish
+  organizationRef: krate
+---
+apiVersion: argoproj.io/v1alpha1
+kind: Application
+metadata:
+  name: krate-demo
+  namespace: argocd
+spec:
+  project: default
+  source:
+    repoURL: https://gitea-http.krate-system.svc.cluster.local/krate/platform-config.git
+    targetRevision: main
+    path: charts/krate
+  destination:
+    server: https://kubernetes.default.svc
+    namespace: krate-system
+  syncPolicy:
+    automated:
+      prune: true
+      selfHeal: true
+    syncOptions:
+    - CreateNamespace=true
+---
+apiVersion: krate.a5c.ai/v1alpha1
+kind: Issue
+metadata:
+  name: issue-1
+  namespace: krate-org-krate
+  labels:
+    krate.a5c.ai/org: krate
+    krate.a5c.ai/namespace: krate-org-krate
+spec:
+  repository: krate-demo
+  title: Wire Krate-managed permissions
+  labels:
+  - forge
+  - access
+  organizationRef: krate
+status:
+  phase: triage
+---
+apiVersion: krate.a5c.ai/v1alpha1
+kind: PullRequest
+metadata:
+  name: pr-1
+  namespace: krate-org-krate
+  labels:
+    krate.a5c.ai/org: krate
+    krate.a5c.ai/namespace: krate-org-krate
+spec:
+  repository: krate-demo
+  title: Improve forge UI
+  head: feature/forge-ui
+  base: main
+  organizationRef: krate
+status:
+  phase: Open
+  changedFiles:
+  - apps/web/app/ui-shell.jsx

package/examples/oam-application.yaml ADDED Viewed

@@ -0,0 +1,23 @@
+apiVersion: core.oam.dev/v1beta1
+kind: Application
+metadata:
+  name: krate-demo-app
+  namespace: krate-system
+  labels:
+    krate.a5c.ai/repository: krate-demo
+spec:
+  components:
+    - name: krate-demo
+      type: webservice
+      properties:
+        image: krate/mvp-model:0.1.0
+      traits:
+        - type: scaler
+          properties:
+            replicas: 1
+      scopes:
+        healthscopes.core.oam.dev: krate-demo-health
+  workflow:
+    steps:
+      - name: deploy
+        type: deploy

package/examples/policy-kyverno-pr-title.yaml ADDED Viewed

@@ -0,0 +1,18 @@
+apiVersion: kyverno.io/v1
+kind: ClusterPolicy
+metadata:
+  name: krate-pullrequest-title-required
+spec:
+  validationFailureAction: Enforce
+  rules:
+    - name: require-descriptive-pr-title
+      match:
+        any:
+          - resources:
+              kinds:
+                - PullRequest.krate.a5c.ai/v1alpha1
+      validate:
+        message: PullRequest spec.title must be descriptive.
+        pattern:
+          spec:
+            title: "?*"

package/package.json ADDED Viewed

@@ -0,0 +1,63 @@
+{
+  "name": "@a5c-ai/krate",
+  "version": "5.0.1-staging.f672fe79b",
+  "description": "a5c.ai Krate: Kubernetes-native forge runtime with Argo CD GitOps and Gitea-backed Git hosting.",
+  "type": "module",
+  "main": "./src/index.js",
+  "exports": {
+    ".": "./src/index.js"
+  },
+  "bin": {
+    "krate-demo": "./bin/krate-demo.mjs",
+    "krate-server": "./bin/krate-server.mjs"
+  },
+  "scripts": {
+    "build": "node scripts/build.mjs",
+    "test": "node --test tests/*.test.js",
+    "validate:docs": "node scripts/validate-doc-coverage.mjs",
+    "smoke": "node scripts/smoke.mjs",
+    "check": "npm run build && npm run validate:docs && npm test && npm run e2e && npm run package:check && npm run smoke",
+    "demo": "node bin/krate-demo.mjs",
+    "e2e": "node --test tests/e2e/*.test.js",
+    "package:check": "node scripts/validate-package.mjs",
+    "setup:minikube": "node scripts/setup-minikube.mjs",
+    "serve": "node bin/krate-server.mjs"
+  },
+  "keywords": [
+    "kubernetes",
+    "forge",
+    "git",
+    "ci",
+    "rbac",
+    "webhooks"
+  ],
+  "license": "MIT",
+  "engines": {
+    "node": ">=20"
+  },
+  "dependencies": {},
+  "author": "a5c.ai",
+  "homepage": "https://github.com/a5c-ai/babysitter/tree/main/packages/krate/core#readme",
+  "repository": {
+    "type": "git",
+    "url": "git+https://github.com/a5c-ai/babysitter.git",
+    "directory": "packages/krate/core"
+  },
+  "bugs": {
+    "url": "https://github.com/a5c-ai/babysitter/issues"
+  },
+  "publishConfig": {
+    "access": "public"
+  },
+  "files": [
+    "bin",
+    "src",
+    "dist",
+    "scripts",
+    "docs",
+    "examples",
+    "tests",
+    "Dockerfile",
+    "README.md"
+  ]
+}

package/scripts/build.mjs ADDED Viewed

@@ -0,0 +1,29 @@
+import { readFile } from 'node:fs/promises';
+import { mkdir, writeFile } from 'node:fs/promises';
+import { createControllerUiModel, createKrateHandoffSummary, createKrateMvpDemo, createKrateRuntime } from '../src/index.js';
+const packageInfo = JSON.parse(await readFile('package.json', 'utf8'));
+const runtime = createKrateRuntime();
+const controller = createControllerUiModel(runtime);
+const snapshot = runtime.snapshot();
+const demo = createKrateMvpDemo();
+const lifecycle = demo.lifecycle;
+const summary = createKrateHandoffSummary(demo, { packageInfo });
+summary.controller = {
+  status: controller.status,
+  namespace: controller.namespace,
+  endpoints: controller.controller.endpoints,
+  metrics: controller.metrics,
+  operations: controller.operations
+};
+summary.runtime = {
+  resources: Object.fromEntries(Object.entries(snapshot.resources).map(([kind, resources]) => [kind, resources.length])),
+  events: snapshot.events.length,
+  auditEntries: snapshot.auditLog.length
+};
+await mkdir('dist', { recursive: true });
+await writeFile('dist/krate-summary.json', JSON.stringify(summary, null, 2));
+await writeFile('dist/krate-controller-ui.json', JSON.stringify(controller, null, 2));
+await writeFile('dist/krate-runtime-snapshot.json', JSON.stringify(snapshot, null, 2));
+await writeFile('dist/krate-lifecycle.json', JSON.stringify(lifecycle, null, 2));
+console.log('build ok: dist/krate-summary.json dist/krate-controller-ui.json dist/krate-runtime-snapshot.json dist/krate-lifecycle.json');

package/scripts/setup-minikube.mjs ADDED Viewed

@@ -0,0 +1,65 @@
+#!/usr/bin/env node
+import { spawnSync } from 'node:child_process';
+export function parseArgs(argv = process.argv.slice(2)) {
+  const options = { apply: false, json: false, profile: 'krate', namespace: 'krate-system', release: 'krate', driver: 'docker', chart: '../charts' };
+  for (const arg of argv) {
+    if (arg === '--apply') options.apply = true;
+    else if (arg === '--dry-run') options.apply = false;
+    else if (arg === '--json') options.json = true;
+    else if (arg.startsWith('--profile=')) options.profile = arg.slice('--profile='.length);
+    else if (arg.startsWith('--namespace=')) options.namespace = arg.slice('--namespace='.length);
+    else if (arg.startsWith('--release=')) options.release = arg.slice('--release='.length);
+    else if (arg.startsWith('--driver=')) options.driver = arg.slice('--driver='.length);
+    else if (arg.startsWith('--chart=')) options.chart = arg.slice('--chart='.length);
+    else throw new Error(`Unknown option: ${arg}`);
+  }
+  return options;
+}
+export function buildMinikubePlan(options = parseArgs([])) {
+  const { profile, namespace, release, driver, chart } = options;
+  return {
+    mode: options.apply ? 'apply' : 'dry-run',
+    requiredTools: ['minikube', 'kubectl', 'helm', 'node', 'npm'],
+    commands: [
+      ['minikube', ['start', '-p', profile, '--driver', driver]],
+      ['minikube', ['addons', 'enable', 'ingress', '-p', profile]],
+      ['minikube', ['addons', 'enable', 'metrics-server', '-p', profile]],
+      ['kubectl', ['config', 'use-context', profile]],
+      ['kubectl', ['create', 'namespace', namespace, '--dry-run=client', '-o', 'yaml']],
+      ['helm', ['lint', chart]],
+      ['helm', ['upgrade', '--install', release, chart, '--namespace', namespace, '--create-namespace', '--set', 'demo.enabled=true']],
+      ['kubectl', ['apply', '-n', namespace, '-f', 'examples/minikube-demo.yaml']],
+      ['kubectl', ['wait', '--for=condition=Available', `deployment/${release}-krate-api`, '-n', namespace, '--timeout=120s']],
+      ['node', ['scripts/smoke.mjs']]
+    ]
+  };
+}
+function commandToString([command, args]) {
+  return [command, ...args].join(' ');
+}
+function runCommand(command) {
+  const [bin, args] = command;
+  const result = spawnSync(bin, args, { stdio: 'inherit', shell: process.platform === 'win32' });
+  if (result.status !== 0) throw new Error(`Command failed: ${commandToString(command)}`);
+}
+const isMain = process.argv[1]?.replace(/\\/g, '/').endsWith('/scripts/setup-minikube.mjs');
+if (isMain) {
+  try {
+    const options = parseArgs();
+    const plan = buildMinikubePlan(options);
+    if (options.json) console.log(JSON.stringify({ ...plan, commands: plan.commands.map(commandToString) }, null, 2));
+    else {
+      console.log(`Krate minikube setup (${plan.mode})`);
+      for (const command of plan.commands) console.log(`- ${commandToString(command)}`);
+    }
+    if (options.apply) for (const command of plan.commands) runCommand(command);
+  } catch (error) {
+    console.error(error.message);
+    process.exit(1);
+  }
+}

package/scripts/smoke.mjs ADDED Viewed

@@ -0,0 +1,37 @@
+import { createKrateHttpServer, createKrateRuntime, runSmokeAssertions } from '../src/index.js';
+const runtime = createKrateRuntime();
+const server = createKrateHttpServer({ runtime });
+const checks = [];
+function record(name, passed, evidence = '') {
+  checks.push({ name, passed: Boolean(passed), evidence });
+  console.log(`${passed ? 'ok' : 'not ok'} - ${name}${evidence ? ` (${evidence})` : ''}`);
+}
+await new Promise((resolve) => server.listen(0, resolve));
+const base = `http://127.0.0.1:${server.address().port}`;
+let model;
+try {
+  const health = await fetch(`${base}/healthz`);
+  record('HTTP health endpoint is live', health.ok, '/healthz');
+  const modelResponse = await fetch(`${base}/api/controller`);
+  model = await modelResponse.json();
+  record('Controller API exposes Krate workspace model', modelResponse.ok && model.controller.mode === 'krate-workspace', '/api/controller');
+  record('Controller model reports truthful ready or degraded state', ['ready', 'degraded'].includes(model.status) && Number.isFinite(model.metrics.resources), `${model.status}; ${model.metrics.resources} resources`);
+  record('Controller model includes Krate management endpoints', model.controller.endpoints.some((endpoint) => endpoint.path === '/api/orgs/:org/resources') && model.controller.endpoints.some((endpoint) => endpoint.path === '/api/orgs/:org/repositories'), model.controller.endpoints.map((endpoint) => endpoint.path).join(', '));
+  record('Controller model includes publishing gates', model.operations.releaseGates.includes('npm pack --json') && model.operations.releaseGates.includes('docker build'), model.operations.releaseGates.join(', '));
+  const snapshotResponse = await fetch(`${base}/api/orgs/default/snapshot`);
+  const snapshot = await snapshotResponse.json();
+  record('Org snapshot endpoint exports durable runtime state', snapshotResponse.ok && snapshot.export?.controlPlane && snapshot.resources?.Repository?.length > 0, '/api/orgs/default/snapshot');
+} finally {
+  await new Promise((resolve) => server.close(resolve));
+}
+const contractSmoke = runSmokeAssertions();
+for (const [name, passed] of contractSmoke.assertions) record(name, passed, 'runtime contract compatibility');
+if (!checks.every((check) => check.passed)) {
+  console.error(JSON.stringify({ status: 'failed', checks }, null, 2));
+  process.exit(1);
+}
+console.log(JSON.stringify({ status: 'success', checks: checks.length, controllerStatus: model.status, resources: model.metrics.resources }, null, 2));

package/scripts/validate-doc-coverage.mjs ADDED Viewed

@@ -0,0 +1,152 @@
+import { readFile } from 'node:fs/promises';
+const requiredDocs = [
+  'README.md',
+  'docs/README.md',
+  'docs/product-requirements.md',
+  'docs/system-requirements.md',
+  'docs/architecture-spec.md',
+  'docs/user-stories.md',
+  'docs/roadmap-mvp.md',
+  'docs/install.md',
+  'docs/local-minikube.md',
+  'docs/components/control-plane.md',
+  'docs/components/data-plane.md',
+  'docs/components/identity-rbac-policy.md',
+  'docs/components/runners-ci.md',
+  'docs/components/hooks-events.md',
+  'docs/components/web-ui.md',
+  'docs/components/operations-publishing.md',
+  'docs/components/kubevela-oam.md'
+];
+const requiredOntology = [
+  'docs/ontology/README.md',
+  'docs/ontology/world.md',
+  'docs/ontology/problem-space.md',
+  'docs/ontology/solution-space.md',
+  'docs/ontology/bounded-contexts.md',
+  'docs/ontology/resource-taxonomy.md',
+  'docs/ontology/resource-contracts.md',
+  'docs/ontology/personas-and-actors.md',
+  'docs/ontology/workflows.md',
+  'docs/ontology/policies-and-invariants.md',
+  'docs/ontology/storage-and-data-boundaries.md',
+  'docs/ontology/events-and-hooks.md',
+  'docs/ontology/runners-and-ci.md',
+  'docs/ontology/web-ui-excellent-flows.md',
+  'docs/ontology/operations-and-release.md',
+  'docs/ontology/validation-matrix.md',
+  'docs/ontology/oam-kubevela.md'
+];
+const implementationFiles = [
+  'src/resource-model.js',
+  'src/control-plane.js',
+  'src/data-plane.js',
+  'src/identity-policy.js',
+  'src/runners-ci.js',
+  'src/hooks-events.js',
+  'src/web-ui.js',
+  'src/operations.js',
+  'tests/krate.test.js'
+];
+async function readRequired(file) {
+  try {
+    return await readFile(file, 'utf8');
+  } catch (error) {
+    throw new Error(`${file} missing or unreadable: ${error.message}`);
+  }
+}
+const docsText = (await Promise.all(requiredDocs.map(readRequired))).join('\n');
+const ontologyByFile = Object.fromEntries(await Promise.all(requiredOntology.map(async (file) => [file, await readRequired(file)])));
+const ontologyText = Object.values(ontologyByFile).join('\n');
+const sourceByFile = Object.fromEntries(await Promise.all(implementationFiles.map(async (file) => [file, await readRequired(file)])));
+const allRequirementsText = `${docsText}\n${ontologyText}`;
+const requiredTerms = [
+  'Repository', 'PullRequest', 'Issue', 'Review', 'Pipeline', 'Job', 'RunnerPool',
+  'WebhookSubscription', 'WebhookDelivery', 'RefPolicy', 'BranchProtection', 'View', 'Selector',
+  'RBAC', 'OIDC', 'Postgres', 'etcd', 'receive-pack', 'GitOps', 'backup', 'restore',
+  'APIService', 'fork', 'admission', 'webhook', 'object storage', 'search', 'release gates', 'KubeVela', 'OAM', 'Application', 'Component', 'Trait', 'Workflow Step'
+];
+const sourceTerms = [
+  ['RESOURCE_DEFINITIONS', 'src/resource-model.js'],
+  ['resourceSchemaForKind', 'src/resource-model.js'],
+  ['watch', 'src/control-plane.js'],
+  ['auditLog', 'src/control-plane.js'],
+  ['recordObject', 'src/data-plane.js'],
+  ['enqueueSearchIndex', 'src/data-plane.js'],
+  ['serviceAccountForJob', 'src/identity-policy.js'],
+  ['rerunFromStep', 'src/runners-ci.js'],
+  ['inspect', 'src/hooks-events.js'],
+  ['createWebhookInspector', 'src/web-ui.js'],
+  ['observabilityModel', 'src/operations.js'],
+  ['releaseGates', 'src/operations.js']
+];
+const workflowText = await readRequired('.github/workflows/publish.yml');
+const releaseSurfaceTerms = [
+  ['Dockerfile', docsText],
+  ['controller image', docsText],
+  ['GitHub publishing', docsText],
+  ['GHCR', docsText],
+  ['Helm chart', docsText],
+  ['Live-cluster conformance', docsText],
+  ['docker/build-push-action', workflowText],
+  ['helm push', workflowText],
+  ['npm pack', workflowText]
+];
+const staleReleaseBoundaryPhrases = [
+  'does not claim to ship production controller images yet',
+  'does not yet ship production controller images',
+  'Real controller images, registry publication, and live-cluster conformance remain follow-up release work',
+  'Production controller images, registry publication, and live-cluster conformance still remain tracked follow-ups'
+];
+const ontologyExpectations = [
+  ['docs/ontology/resource-taxonomy.md', ['CRD-backed', 'Aggregated', 'Repository', 'WebhookDelivery']],
+  ['docs/ontology/resource-contracts.md', ['metadata.name', 'resourceVersion', 'RunnerPool', 'WebhookDelivery']],
+  ['docs/ontology/policies-and-invariants.md', ['RBAC', 'Admission', 'Fork PR', 'BranchProtection']],
+  ['docs/ontology/storage-and-data-boundaries.md', ['etcd', 'Postgres', 'Gitea', 'Object storage', 'Search']],
+  ['docs/ontology/validation-matrix.md',
+  'docs/ontology/oam-kubevela.md', ['npm run check', 'docs and ontology coverage']]
+];
+const missing = [];
+for (const term of requiredTerms) {
+  if (!allRequirementsText.includes(term)) missing.push(`requirements/ontology missing term: ${term}`);
+}
+for (const [term, file] of sourceTerms) {
+  if (!sourceByFile[file]?.includes(term)) missing.push(`${file} missing implementation term: ${term}`);
+}
+for (const [term, text] of releaseSurfaceTerms) {
+  if (!text.includes(term)) missing.push(`release surface missing term: ${term}`);
+}
+for (const phrase of staleReleaseBoundaryPhrases) {
+  if (allRequirementsText.includes(phrase)) missing.push(`stale release boundary phrase still present: ${phrase}`);
+}
+for (const [file, terms] of ontologyExpectations) {
+  for (const term of terms) {
+    if (!ontologyByFile[file]?.includes(term)) missing.push(`${file} missing ontology term: ${term}`);
+  }
+}
+if (missing.length) {
+  console.error(JSON.stringify({ status: 'failed', missing }, null, 2));
+  process.exit(1);
+}
+console.log(JSON.stringify({
+  status: 'success',
+  checkedDocs: requiredDocs.length,
+  checkedOntologyFiles: requiredOntology.length,
+  checkedImplementationFiles: implementationFiles.length,
+  requiredTerms: requiredTerms.length,
+  sourceTerms: sourceTerms.length,
+  releaseSurfaceTerms: releaseSurfaceTerms.length
+}, null, 2));