npm - @a5c-ai/krate - Versions diffs - 5.0.1-staging.f672fe79b - Mend

@a5c-ai/krate 5.0.1-staging.f672fe79b

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (174) hide show

package/Dockerfile +29 -0
package/README.md +183 -0
package/bin/krate-demo.mjs +23 -0
package/bin/krate-server.mjs +14 -0
package/dist/krate-controller-ui.json +2407 -0
package/dist/krate-lifecycle.json +201 -0
package/dist/krate-runtime-snapshot.json +2955 -0
package/dist/krate-summary.json +687 -0
package/docs/README.md +61 -0
package/docs/agents/README.md +83 -0
package/docs/agents/acceptance-test-matrix.md +193 -0
package/docs/agents/agent-mux-adapter-contract.md +167 -0
package/docs/agents/agent-mux-source-map.md +310 -0
package/docs/agents/agent-run-memory-import-spec.md +256 -0
package/docs/agents/agent-stack-management-spec.md +421 -0
package/docs/agents/api-contract-spec.md +309 -0
package/docs/agents/artifacts-writeback-spec.md +145 -0
package/docs/agents/chart-packaging-spec.md +128 -0
package/docs/agents/ci-orchestration-spec.md +140 -0
package/docs/agents/context-assembly-spec.md +219 -0
package/docs/agents/controller-reconciliation-spec.md +255 -0
package/docs/agents/crd-schema-spec.md +315 -0
package/docs/agents/decision-log-open-questions.md +169 -0
package/docs/agents/developer-implementation-checklist.md +329 -0
package/docs/agents/dispatching-design.md +262 -0
package/docs/agents/glossary.md +66 -0
package/docs/agents/implementation-blueprint.md +324 -0
package/docs/agents/implementation-rollout-slices.md +251 -0
package/docs/agents/memory-context-integration-spec.md +194 -0
package/docs/agents/memory-ontology-schema-spec.md +253 -0
package/docs/agents/memory-operations-runbook.md +121 -0
package/docs/agents/mvp-vertical-slice-spec.md +146 -0
package/docs/agents/observability-audit-spec.md +265 -0
package/docs/agents/operator-runbook.md +174 -0
package/docs/agents/org-memory-api-payload-examples.md +333 -0
package/docs/agents/org-memory-controller-sequence-spec.md +181 -0
package/docs/agents/org-memory-e2e-fixture-plan.md +161 -0
package/docs/agents/org-memory-ui-implementation-map.md +114 -0
package/docs/agents/org-memory-vertical-slice-spec.md +168 -0
package/docs/agents/org-resource-model-delta-spec.md +111 -0
package/docs/agents/org-route-resource-model-spec.md +183 -0
package/docs/agents/org-scoping-namespace-spec.md +114 -0
package/docs/agents/rbac-secrets-management-spec.md +406 -0
package/docs/agents/repository-page-integration-spec.md +255 -0
package/docs/agents/resource-contract-examples.md +808 -0
package/docs/agents/resource-relationship-map.md +190 -0
package/docs/agents/security-threat-model.md +188 -0
package/docs/agents/shared-memory-company-brain-spec.md +358 -0
package/docs/agents/storage-migration-spec.md +168 -0
package/docs/agents/subagent-orchestration-spec.md +152 -0
package/docs/agents/system-overview.md +88 -0
package/docs/agents/tools-mcp-skills-spec.md +189 -0
package/docs/agents/traceability-matrix.md +79 -0
package/docs/agents/ui-flow-spec.md +211 -0
package/docs/agents/ui-ux-system-spec.md +426 -0
package/docs/agents/workspace-lifecycle-spec.md +166 -0
package/docs/architecture-spec.md +78 -0
package/docs/components/control-plane.md +78 -0
package/docs/components/data-plane.md +69 -0
package/docs/components/hooks-events.md +67 -0
package/docs/components/identity-rbac-policy.md +73 -0
package/docs/components/kubevela-oam.md +70 -0
package/docs/components/operations-publishing.md +81 -0
package/docs/components/runners-ci.md +66 -0
package/docs/components/web-ui.md +94 -0
package/docs/external/README.md +47 -0
package/docs/external/bidirectional-sync-design.md +134 -0
package/docs/external/cicd-interface.md +64 -0
package/docs/external/external-backend-controllers.md +170 -0
package/docs/external/external-backend-crds.md +234 -0
package/docs/external/external-backend-ui-spec.md +151 -0
package/docs/external/external-backend-ux-flows.md +115 -0
package/docs/external/external-object-mapping.md +125 -0
package/docs/external/git-forge-interface.md +68 -0
package/docs/external/github-integration-design.md +151 -0
package/docs/external/issue-tracking-interface.md +66 -0
package/docs/external/provider-capability-manifests.md +204 -0
package/docs/external/provider-catalog.md +139 -0
package/docs/external/provider-rollout-testing.md +78 -0
package/docs/external/research-results.md +48 -0
package/docs/external/security-auth-permissions.md +81 -0
package/docs/external/sync-state-machines.md +108 -0
package/docs/external/unified-external-backend-model.md +107 -0
package/docs/external/user-facing-changes.md +67 -0
package/docs/gaps.md +161 -0
package/docs/install.md +94 -0
package/docs/krate-design.md +334 -0
package/docs/local-minikube.md +55 -0
package/docs/ontology/README.md +32 -0
package/docs/ontology/bounded-contexts.md +29 -0
package/docs/ontology/events-and-hooks.md +32 -0
package/docs/ontology/oam-kubevela.md +32 -0
package/docs/ontology/operations-and-release.md +25 -0
package/docs/ontology/personas-and-actors.md +32 -0
package/docs/ontology/policies-and-invariants.md +33 -0
package/docs/ontology/problem-space.md +30 -0
package/docs/ontology/resource-contracts.md +40 -0
package/docs/ontology/resource-taxonomy.md +42 -0
package/docs/ontology/runners-and-ci.md +29 -0
package/docs/ontology/solution-space.md +24 -0
package/docs/ontology/storage-and-data-boundaries.md +29 -0
package/docs/ontology/validation-matrix.md +24 -0
package/docs/ontology/web-ui-excellent-flows.md +32 -0
package/docs/ontology/workflows.md +39 -0
package/docs/ontology/world.md +35 -0
package/docs/product-requirements.md +62 -0
package/docs/roadmap-mvp.md +87 -0
package/docs/system-requirements.md +90 -0
package/docs/tests/README.md +53 -0
package/docs/tests/agent-qa-plan.md +63 -0
package/docs/tests/browser-ui-tests.md +62 -0
package/docs/tests/ci-quality-gates.md +48 -0
package/docs/tests/coverage-model.md +64 -0
package/docs/tests/e2e-scenario-tests.md +53 -0
package/docs/tests/fixtures-test-data.md +63 -0
package/docs/tests/observability-reliability-tests.md +54 -0
package/docs/tests/product-test-matrix.md +145 -0
package/docs/tests/qa-adoption-roadmap.md +130 -0
package/docs/tests/qa-automation-plan.md +101 -0
package/docs/tests/security-compliance-tests.md +57 -0
package/docs/tests/test-framework-tools.md +88 -0
package/docs/tests/test-suite-layout.md +121 -0
package/docs/tests/unit-integration-tests.md +48 -0
package/docs/todo-kyverno +714 -0
package/docs/user-stories.md +78 -0
package/examples/minikube-demo.yaml +190 -0
package/examples/oam-application.yaml +23 -0
package/examples/policy-kyverno-pr-title.yaml +18 -0
package/package.json +63 -0
package/scripts/build.mjs +29 -0
package/scripts/setup-minikube.mjs +65 -0
package/scripts/smoke.mjs +37 -0
package/scripts/validate-doc-coverage.mjs +152 -0
package/scripts/validate-package.mjs +93 -0
package/scripts/validate-ui.mjs +207 -0
package/src/agent-approval-controller.js +123 -0
package/src/agent-context-bundles.js +242 -0
package/src/agent-dispatch-controller.js +86 -0
package/src/agent-mux-client.js +280 -0
package/src/agent-permission-review.js +162 -0
package/src/agent-stack-controller.js +296 -0
package/src/agent-trigger-controller.js +108 -0
package/src/api-controller.js +206 -0
package/src/argocd-gitops.js +43 -0
package/src/auth.js +265 -0
package/src/component-catalog.js +41 -0
package/src/control-plane.js +136 -0
package/src/controller-client.js +38 -0
package/src/controller-ui.js +538 -0
package/src/data-plane.js +178 -0
package/src/gitea-backend.js +95 -0
package/src/handoff.js +98 -0
package/src/hooks-events.js +63 -0
package/src/http-server.js +151 -0
package/src/identity-policy.js +86 -0
package/src/index.js +30 -0
package/src/kubernetes-controller.js +812 -0
package/src/kubernetes-resource-gateway.js +48 -0
package/src/operations.js +112 -0
package/src/resource-model.js +203 -0
package/src/runners-ci.js +48 -0
package/src/runtime.js +196 -0
package/src/web-ui.js +40 -0
package/tests/agent-approval-controller.test.js +173 -0
package/tests/agent-context-bundles.test.js +278 -0
package/tests/agent-dispatch-controller.test.js +176 -0
package/tests/agent-mux-client.test.js +204 -0
package/tests/agent-permission-review.test.js +209 -0
package/tests/agent-resources.test.js +212 -0
package/tests/agent-stack-controller.test.js +221 -0
package/tests/agent-trigger-controller.test.js +211 -0
package/tests/deployment.test.js +395 -0
package/tests/e2e/lifecycle.test.js +117 -0
package/tests/krate.test.js +727 -0

package/src/identity-policy.js ADDED Viewed

@@ -0,0 +1,86 @@
+import { clone } from './resource-model.js';
+export function mapOidcIdentity({ subject, email, groups = [] }) {
+  if (!subject && !email) throw new Error('OIDC identity requires subject or email');
+  const name = email || subject;
+  return { name, uid: subject || email, groups: [...new Set(['system:authenticated', ...groups])], extra: { email } };
+}
+export class RbacAuthorizer {
+  constructor(bindings = []) { this.bindings = bindings; }
+  allow(subject, rule) { this.bindings.push({ subject, rule }); return this; }
+  can(user, verb, kind, namespace = 'default') {
+    const subjects = new Set([user?.name, ...(user?.groups || [])]);
+    return this.bindings.some(({ subject, rule }) => {
+      if (!subjects.has(subject)) return false;
+      if (rule.namespace && rule.namespace !== namespace) return false;
+      const verbs = new Set(rule.verbs || []);
+      const kinds = new Set(rule.kinds || []);
+      return (verbs.has('*') || verbs.has(verb)) && (kinds.has('*') || kinds.has(kind));
+    });
+  }
+}
+export function defaultAuthorizer() {
+  return new RbacAuthorizer()
+    .allow('system:authenticated', { verbs: ['get', 'list', 'watch'], kinds: ['*'] })
+    .allow('krate:developers', { verbs: ['create', 'update'], kinds: ['PullRequest', 'Issue', 'Review', 'Pipeline', 'Job'] })
+    .allow('krate:repo-admins', { verbs: ['create', 'update', 'delete'], kinds: ['Organization', 'User', 'Team', 'Invite', 'IdentityMapping', 'AuthProvider', 'Repository', 'SSHKey', 'RepositoryPermission', 'BranchProtection', 'RefPolicy', 'WebhookSubscription', 'WebhookDelivery', 'View', 'Selector', 'PullRequest', 'Issue', 'Review', 'Pipeline', 'Job'] })
+    .allow('krate:platform-engineers', { verbs: ['*'], kinds: ['*'] });
+}
+export function createAdmissionPolicy({ name, mode = 'enforce', match, validate, message }) {
+  if (!name) throw new Error('admission policy requires name');
+  if (!['audit', 'enforce'].includes(mode)) throw new Error('mode must be audit or enforce');
+  return { name, mode, match, validate, message };
+}
+export function evaluateAdmission(policies, request) {
+  const warnings = [];
+  const violations = [];
+  for (const policy of policies) {
+    if (policy.match && !policy.match(request)) continue;
+    const valid = policy.validate ? policy.validate(request) : true;
+    if (valid) continue;
+    const entry = { policy: policy.name, mode: policy.mode, message: policy.message || `admission policy ${policy.name} rejected request` };
+    if (policy.mode === 'audit') warnings.push(entry); else violations.push(entry);
+  }
+  return { allowed: violations.length === 0, warnings, violations };
+}
+export function serviceAccountForJob({ namespace = 'default', repository, pipeline, trustTier = 'trusted' }) {
+  return {
+    name: `krate-job-${pipeline}`,
+    namespace,
+    groups: ['system:serviceaccounts', `system:serviceaccounts:${namespace}`, 'krate:ci-jobs'],
+    trustTier,
+    scopes: trustTier === 'untrusted'
+      ? { repository, pipeline, secrets: false, clusterApi: false }
+      : { repository, pipeline, secrets: true, clusterApi: 'scoped' }
+  };
+}
+function scalarToYaml(value) {
+  if (value === null || value === undefined) return 'null';
+  if (typeof value === 'number' || typeof value === 'boolean') return String(value);
+  if (typeof value === 'string' && /^[a-zA-Z0-9_.:/-]+$/.test(value)) return value;
+  return JSON.stringify(value);
+}
+export function toResourceYaml(value, indent = 0) {
+  const spaces = ' '.repeat(indent);
+  if (Array.isArray(value)) {
+    if (value.length === 0) return '[]';
+    return value.map((item) => item && typeof item === 'object'
+      ? `${spaces}- ${toResourceYaml(item, indent + 2).trimStart()}`
+      : `${spaces}- ${scalarToYaml(item)}`).join('\n');
+  }
+  if (value && typeof value === 'object') {
+    return Object.entries(clone(value)).map(([key, child]) => {
+      if (child && typeof child === 'object') return `${spaces}${key}:\n${toResourceYaml(child, indent + 2)}`;
+      return `${spaces}${key}: ${scalarToYaml(child)}`;
+    }).join('\n');
+  }
+  return `${spaces}${scalarToYaml(value)}`;
+}

package/src/index.js ADDED Viewed

@@ -0,0 +1,30 @@
+export * from './resource-model.js';
+export * from './identity-policy.js';
+export * from './auth.js';
+export * from './control-plane.js';
+export * from './data-plane.js';
+export * from './runners-ci.js';
+export * from './hooks-events.js';
+export * from './web-ui.js';
+export * from './operations.js';
+export * from './component-catalog.js';
+export * from './handoff.js';
+export * from './runtime.js';
+export * from './http-server.js';
+export * from './controller-ui.js';
+export * from './controller-client.js';
+export * from './api-controller.js';
+export * from './kubernetes-controller.js';
+export * from './kubernetes-resource-gateway.js';
+export * from './gitea-backend.js';
+export * from './argocd-gitops.js';
+export * from './agent-permission-review.js';
+export * from './agent-stack-controller.js';
+export * from './agent-context-bundles.js';
+export * from './agent-mux-client.js';
+export * from './agent-dispatch-controller.js';
+export * from './agent-approval-controller.js';
+export * from './agent-trigger-controller.js';