@aikdna/kdna-cli 0.21.0 → 0.22.0

package/src/agent.js

@@ -16,17 +16,15 @@
  *         not treat as a fit decision; many false positives expected)
  *     The agent makes the final call using its own language understanding.
  *
- *   kdna load <name|file.kdna> [--as=prompt|json|raw]
- *     Read the domain's Core + Patterns and emit:
- *       --as=prompt (default): compact text suitable for system-prompt
- *                              injection (axioms one-liners + stances +
- *                              banned-terms + misunderstandings + self-checks)
- *       --as=json:  raw JSON of Core + Patterns
- *       --as=raw:   concatenated raw file contents
+ *   kdna load <name|file.kdna> [--as=prompt]
+ *     Read the domain's judgment and emit context suitable for agent
+ *     system-prompt injection (axioms one-liners + stances +
+ *     banned-terms + misunderstandings + self-checks).
+ *     For raw inspection use: kdna dev decode <file.kdna> --reveal
  *
  * These commands are the supported interface between the kdna-loader
- * skill and the KDNA file format. The skill should not parse JSON
- * directly.
+ * skill and the KDNA file format. The skill should not read KDNA
+ * internals directly.
  */
 
 const fs = require('fs');
@@ -309,7 +307,7 @@ function cmdMatch(taskText, args = []) {
     }
     console.log('');
     console.log(
-      'To consider any of these, read its full data: kdna load <name|file.kdna> --as=json',
+      'To load a domain: kdna load <name|file.kdna>',
     );
   }
 }
@@ -407,61 +405,12 @@ function cmdLoad(input, args = []) {
   const core = container.core || {};
   const pat = container.patterns || {};
 
-  // JSON format
-  if (format === 'json') {
-    process.stdout.write(
-      JSON.stringify(
-        {
-          manifest,
-          core,
-          patterns: pat,
-          trust: {
-            signature: isPlaceholder ? 'unsigned' : 'present',
-            risk_level: riskLevel,
-            deprecated: manifest.status === 'deprecated',
-            yanked: false,
-            warnings: loadWarnings,
-            asset_digest: asset.asset_digest || null,
-            content_digest: asset.content_digest || null,
-            license_id: licenseActivation?.license_id || null,
-          },
-        },
-        null,
-        2,
-      ) + '\n',
-    );
-    recordTrace({
-      timestamp: new Date().toISOString(),
-      agent: detectAgent(),
-      domain: label,
-      format: 'json',
-      asset: traceAssetFields(asset, manifest, licenseActivation),
-    });
-    return;
-  }
-
-  // Raw format
-  if (format === 'raw') {
-    for (const f of ['KDNA_Core.json', 'KDNA_Patterns.json']) {
-      const encrypted = encryptedEntries.includes(f);
-      const buf = encrypted
-        ? Buffer.from(
-            JSON.stringify(container[f === 'KDNA_Core.json' ? 'core' : 'patterns'], null, 2),
-          )
-        : readContainerEntry(asset.asset_path, f);
-      if (buf) {
-        process.stdout.write(`\n=== ${f} ===\n`);
-        process.stdout.write(buf.toString('utf8'));
-      }
-    }
-    recordTrace({
-      timestamp: new Date().toISOString(),
-      agent: detectAgent(),
-      domain: label,
-      format: 'raw',
-      asset: traceAssetFields(asset, manifest, licenseActivation),
-    });
-    return;
+  // JSON format — removed from agent runtime
+  if (format === 'json' || format === 'raw') {
+    console.error(`ERR_RAW_LOAD_REMOVED: --as=${format} is not supported in agent runtime.`);
+    console.error('Use: kdna dev decode <asset.kdna> --reveal');
+    console.error('Agent consumption: kdna load @scope/name [--as=prompt]');
+    process.exit(2);
   }
 
   // Load profiles

package/src/cli.js

@@ -206,9 +206,26 @@ switch (cmd) {
     if (sub === 'validate') {
       const schemaFlag = args.includes('--schema');
       const jsonFlag = args.includes('--json');
-      const target = args.filter((a, i) => i > 1 && a !== '--schema' && a !== '--json')[0];
-      if (!target) error('Usage: kdna dev validate <source-dir>');
-      cmdValidate(target, schemaFlag, jsonFlag);
+      const antiMonolithicFlag = args.includes('--anti-monolithic');
+      const strictFlag = args.includes('--strict');
+      const target = args.filter(
+        (a, i) =>
+          i > 1 &&
+          a !== '--schema' &&
+          a !== '--json' &&
+          a !== '--anti-monolithic' &&
+          a !== '--strict',
+      )[0];
+      if (!target)
+        error(
+          'Usage: kdna dev validate <source-dir> [--schema] [--json] [--anti-monolithic] [--strict]',
+        );
+      if (antiMonolithicFlag) {
+        const { cmdValidateAntiMonolithic } = require('./cmds/domain');
+        cmdValidateAntiMonolithic(target, { json: jsonFlag, strict: strictFlag });
+      } else {
+        cmdValidate(target, schemaFlag, jsonFlag);
+      }
       break;
     }
     if (sub === 'pack') {
@@ -260,6 +277,16 @@ switch (cmd) {
     break;
   }
   case 'validate': {
+    const v1Target = args.filter((a) => !a.startsWith('--'))[1];
+    if (v1Target) {
+      const v1 = require('./v1-cli');
+      const abs = require('node:path').resolve(v1Target);
+      if (v1.isV1SourceDir(abs) || v1.detectContainerFormat(abs) === 'v1') {
+        const result = v1.validate(v1Target);
+        console.log(JSON.stringify(result, null, 2));
+        process.exit(result.overall_valid ? 0 : 1);
+      }
+    }
     error(
       'Directory validation is a dev-only operation. Use: kdna dev validate <source-dir>',
       EXIT.INPUT_ERROR,
@@ -267,6 +294,23 @@ switch (cmd) {
     break;
   }
   case 'pack': {
+    const v1Target = args.filter((a) => !a.startsWith('--'))[1];
+    if (v1Target) {
+      const v1 = require('./v1-cli');
+      const abs = require('node:path').resolve(v1Target);
+      if (v1.isV1SourceDir(abs)) {
+        const out = args.filter((a) => !a.startsWith('--'))[2];
+        if (!out) {
+          process.stderr.write('Usage: kdna pack <source-dir> <output.kdna>\n');
+          process.exit(2);
+        }
+        const r = v1.pack(v1Target, out);
+        process.stdout.write(
+          `Packed: ${r.outputPath}\nEntries: ${r.entries.length} (${r.entries.join(', ')})\n`,
+        );
+        return;
+      }
+    }
     error(
       'Directory packaging is a dev-only operation. Use: kdna dev pack <source-dir>',
       EXIT.INPUT_ERROR,
@@ -274,6 +318,23 @@ switch (cmd) {
     break;
   }
   case 'unpack': {
+    const v1Target = args.filter((a) => !a.startsWith('--'))[1];
+    if (v1Target) {
+      const v1 = require('./v1-cli');
+      const abs = require('node:path').resolve(v1Target);
+      if (v1.detectContainerFormat(abs) === 'v1') {
+        const out = args.filter((a) => !a.startsWith('--'))[2];
+        if (!out) {
+          process.stderr.write('Usage: kdna unpack <input.kdna> <output-dir>\n');
+          process.exit(2);
+        }
+        const r = v1.unpack(v1Target, out);
+        process.stdout.write(
+          `Unpacked: ${r.outputDir}\nEntries: ${r.entries.length} (${r.entries.join(', ')})\n`,
+        );
+        return;
+      }
+    }
     error(
       'Unpacking exposes internal files and is dev-only. Use: kdna dev unpack <file.kdna>',
       EXIT.INPUT_ERROR,
@@ -337,7 +398,14 @@ switch (cmd) {
   }
   case 'inspect': {
     const target = args.filter((a) => !a.startsWith('--'))[1];
-    if (!target) error('Usage: kdna inspect <file.kdna> [--json] [--locale zh-CN]');
+    if (!target) error('Usage: kdna inspect <path> [--json] [--locale zh-CN]');
+    const v1 = require('./v1-cli');
+    const abs = require('node:path').resolve(target);
+    if (v1.isV1SourceDir(abs) || v1.detectContainerFormat(abs) === 'v1') {
+      const out = v1.inspect(target);
+      console.log(JSON.stringify(out, null, 2));
+      return;
+    }
     const localeIdx = args.indexOf('--locale');
     const locale = localeIdx >= 0 ? args[localeIdx + 1] : null;
     cmdInspect(target, args.includes('--json'), locale);

package/src/cmds/anti-monolithic.js

@@ -0,0 +1,192 @@
+/**
+ * Anti-Monolithic Domain lint for KDNA dev source workspaces.
+ *
+ * Implements the Anti-Monolithic Domain Principle (RFC-0013 §4).
+ * The principle is codified in SPEC §1.6; this file is the runtime
+ * check that enforces it.
+ *
+ * Default mode: WARN (does not block CI).
+ * Strict mode: ERROR (blocks CI / official preflight).
+ *
+ * Trigger conditions (all three must hold):
+ *   1. KDNA_Core.json.axioms.length > 6
+ *   2. KDNA_Core.json.frameworks.length >= 3
+ *   3. The source workspace either:
+ *        (a) has no module_manifest.json, OR
+ *        (b) has module_manifest.json but no domain-level
+ *            decomposition_rationale field.
+ *
+ * If a trigger fires, the lint produces:
+ *   - WARNING: domain appears monolithic; recommend split or
+ *     add module_manifest.json + decomposition_rationale.
+ *   - ERROR (--strict only): same content, with the strict banner.
+ *
+ * Optional auxiliary checks (always WARN, never ERROR):
+ *   - module_manifest.json exists and references modules
+ *     but has no sub_domain (or all modules are internal_module)
+ *     and the domain has multiple distinct judgment questions.
+ *   - module_manifest.json exists with decomposition_rationale
+ *     but the rationale text is shorter than 30 characters
+ *     (likely placeholder).
+ *
+ * Boundary rules per RFC-0013 §3.3:
+ *   - internal_module: in-domain, not independently loadable
+ *   - sub_domain:      independently loadable as its own .kdna
+ *   - reference:       pure data, not judgment
+ */
+
+const fs = require('fs');
+const path = require('path');
+
+const AXIOM_THRESHOLD = 6;     // SPEC §5.2 says "between 2 and 6 axioms"
+const FRAMEWORK_THRESHOLD = 3; // RFC-0013 §4 companion rule
+const RATIONALE_MIN_LENGTH = 30;
+
+function readJsonSafe(filePath) {
+  try {
+    if (!fs.existsSync(filePath)) return null;
+    return JSON.parse(fs.readFileSync(filePath, 'utf8'));
+  } catch (e) {
+    return { __readError: e.message, __path: filePath };
+  }
+}
+
+/**
+ * Run the Anti-Monolithic check on a dev source directory.
+ * Returns { triggered, warnings, errors, summary }.
+ */
+function runAntiMonolithicCheck(dir, opts = {}) {
+  const strict = !!opts.strict;
+  const abs = path.resolve(dir);
+  const result = {
+    path: abs,
+    triggered: false,
+    warnings: [],
+    errors: [],
+    summary: {
+      axiom_count: 0,
+      framework_count: 0,
+      has_module_manifest: false,
+      has_decomposition_rationale: false,
+    },
+  };
+
+  const corePath = path.join(abs, 'KDNA_Core.json');
+  const core = readJsonSafe(corePath);
+  if (!core || core.__readError) {
+    result.errors.push(
+      `Cannot read KDNA_Core.json at ${corePath}: ${(core && core.__readError) || 'file not found'}`,
+    );
+    return result;
+  }
+
+  const axioms = Array.isArray(core.axioms) ? core.axioms : [];
+  const frameworks = Array.isArray(core.frameworks) ? core.frameworks : [];
+  result.summary.axiom_count = axioms.length;
+  result.summary.framework_count = frameworks.length;
+
+  const axiomOver = axioms.length > AXIOM_THRESHOLD;
+  const frameworkOver = frameworks.length >= FRAMEWORK_THRESHOLD;
+  if (!axiomOver || !frameworkOver) {
+    return result; // Below threshold: domain is not monolithic by the rule.
+  }
+
+  // Both thresholds exceeded: now check module_manifest.json.
+  const manifestPath = path.join(abs, 'module_manifest.json');
+  const manifest = readJsonSafe(manifestPath);
+  const manifestExists = manifest !== null && !manifest.__readError;
+  result.summary.has_module_manifest = manifestExists;
+
+  let hasRationale = false;
+  if (manifestExists) {
+    const rationale = (manifest && manifest.decomposition_rationale) || '';
+    hasRationale = typeof rationale === 'string' && rationale.trim().length >= RATIONALE_MIN_LENGTH;
+    result.summary.has_decomposition_rationale = hasRationale;
+
+    if (rationale && rationale.trim().length > 0 && rationale.trim().length < RATIONALE_MIN_LENGTH) {
+      result.warnings.push(
+        `module_manifest.json: decomposition_rationale is only ${rationale.trim().length} chars; ` +
+          `minimum is ${RATIONALE_MIN_LENGTH} chars to count as a real sign-off.`,
+      );
+    }
+  }
+
+  if (!manifestExists) {
+    result.triggered = true;
+    const msg =
+      `Anti-Monolithic Domain Principle: KDNA_Core.json has ` +
+      `${axioms.length} axioms (>${AXIOM_THRESHOLD}) and ${frameworks.length} frameworks (>=${FRAMEWORK_THRESHOLD}). ` +
+      `No module_manifest.json found. Either split into sub-domains and compose via cluster, ` +
+      `or create a module_manifest.json with a decomposition_rationale (>=${RATIONALE_MIN_LENGTH} chars) ` +
+      `and a maintainer sign-off. See SPEC §1.6 and RFC-0013 §4.`;
+    if (strict) {
+      result.errors.push(msg);
+    } else {
+      result.warnings.push(msg);
+    }
+  } else if (!hasRationale) {
+    result.triggered = true;
+    const msg =
+      `Anti-Monolithic Domain Principle: KDNA_Core.json has ` +
+      `${axioms.length} axioms (>${AXIOM_THRESHOLD}) and ${frameworks.length} frameworks (>=${FRAMEWORK_THRESHOLD}). ` +
+      `module_manifest.json exists but decomposition_rationale is missing or too short. ` +
+      `Add a substantive rationale (>=${RATIONALE_MIN_LENGTH} chars) to record the maintainer sign-off. ` +
+      `See SPEC §1.6 and RFC-0013 §4.`;
+    if (strict) {
+      result.errors.push(msg);
+    } else {
+      result.warnings.push(msg);
+    }
+  } else {
+    // Thresholds exceeded but maintainer sign-off is present:
+    // emit a soft warning so the maintainer rationale is visible in
+    // CI logs even though the rule is satisfied.
+    result.warnings.push(
+      `Anti-Monolithic Domain Principle: KDNA_Core.json has ${axioms.length} axioms and ` +
+        `${frameworks.length} frameworks. Maintainer sign-off recorded in module_manifest.json ` +
+        `(decomposition_rationale). Review periodically that the rationale still holds.`,
+    );
+  }
+
+  return result;
+}
+
+/**
+ * Print the check result to stdout. Returns the recommended process
+ * exit code: 0 if no errors (warnings OK), 1 if errors.
+ */
+function printAndExit(result, opts = {}) {
+  const jsonMode = !!opts.json;
+  if (jsonMode) {
+    console.log(JSON.stringify(result, null, 2));
+    return result.errors.length ? 1 : 0;
+  }
+  if (result.errors.length) {
+    console.error('Errors:');
+    result.errors.forEach((e) => console.error(`  - ${e}`));
+  }
+  if (result.warnings.length) {
+    console.log('Warnings:');
+    result.warnings.forEach((w) => console.log(`  - ${w}`));
+  }
+  if (!result.errors.length && !result.warnings.length) {
+    console.log(
+      `✓ Anti-Monolithic check passed: ${result.path} ` +
+        `(${result.summary.axiom_count} axioms, ${result.summary.framework_count} frameworks)`,
+    );
+  } else if (!result.errors.length) {
+    console.log(
+      `✓ Anti-Monolithic check: ${result.warnings.length} warning(s), 0 error(s) ` +
+        `(passing; --strict to upgrade warnings to errors)`,
+    );
+  }
+  return result.errors.length ? 1 : 0;
+}
+
+module.exports = {
+  runAntiMonolithicCheck,
+  printAndExit,
+  AXIOM_THRESHOLD,
+  FRAMEWORK_THRESHOLD,
+  RATIONALE_MIN_LENGTH,
+};

package/src/cmds/domain.js

@@ -200,6 +200,109 @@ function cmdValidate(dir, schemaOnly, jsonMode = false) {
   }
 }
 
+/**
+ * Anti-Monolithic Domain lint entry point.
+ *
+ * Runs schema validation (same as `kdna dev validate`) and then runs
+ * the Anti-Monolithic Domain Principle check (RFC-0013 §4 / SPEC §1.6)
+ * on top. The Anti-Monolithic check produces warnings by default and
+ * errors under `--strict`.
+ *
+ * Exits with non-zero only on schema errors or (under --strict) on
+ * Anti-Monolithic trigger.
+ */
+function cmdValidateAntiMonolithic(dir, opts = {}) {
+  const jsonMode = !!opts.json;
+  const strict = !!opts.strict;
+
+  // First, run the standard schema validation but capture its result
+  // rather than letting it process.exit(0).
+  // We achieve this by re-using the underlying helpers.
+  const abs = path.resolve(dir);
+  if (!fs.existsSync(abs) || !fs.statSync(abs).isDirectory()) {
+    error(`Not a directory: ${abs}`, EXIT.INPUT_ERROR);
+  }
+
+  const SCHEMA_DIR = path.join(
+    path.dirname(require.resolve('@aikdna/kdna-core/package.json')),
+    'schema',
+  );
+  const { schemaMap, loadedSchemas, missingSchemas } = loadSchemaMap(SCHEMA_DIR);
+
+  const schemaResult = isClusterDirectory(abs)
+    ? validateClusterDirectory(abs, schemaMap, false)
+    : validateDomainDirectory(abs, schemaMap, false);
+
+  // Run Anti-Monolithic check on the top-level (or first sub-) directory.
+  // For clusters, run on each domain dir and aggregate.
+  const amResults = [];
+  if (schemaResult.cluster && Array.isArray(schemaResult.domains)) {
+    for (const d of schemaResult.domains) {
+      amResults.push(
+        runAntiMonolithicCheckOnCore(d.path || abs, { strict }),
+      );
+    }
+  } else {
+    amResults.push(runAntiMonolithicCheckOnCore(abs, { strict }));
+  }
+
+  // Aggregate.
+  const allErrors = [...schemaResult.errors];
+  const allWarnings = [...schemaResult.warnings];
+  for (const r of amResults) {
+    allErrors.push(...r.errors);
+    allWarnings.push(...r.warnings);
+  }
+
+  if (jsonMode) {
+    console.log(
+      JSON.stringify(
+        {
+          path: abs,
+          schema_validation: {
+            valid: schemaResult.errors.length === 0,
+            errors: schemaResult.errors,
+            warnings: schemaResult.warnings,
+            cluster: !!schemaResult.cluster,
+            files: schemaResult.files,
+            domains: schemaResult.domains,
+            schemas_loaded: loadedSchemas.length,
+            missing_schemas: missingSchemas,
+          },
+          anti_monolithic: amResults,
+        },
+        null,
+        2,
+      ),
+    );
+    process.exit(allErrors.length ? EXIT.VALIDATION_FAILED : EXIT.OK);
+  }
+
+  if (allErrors.length) {
+    console.error('Errors:');
+    allErrors.forEach((e) => console.error(`  - ${e}`));
+  }
+  if (allWarnings.length) {
+    console.log('Warnings:');
+    allWarnings.forEach((w) => console.log(`  - ${w}`));
+  }
+  if (allErrors.length === 0) {
+    if (amResults.some((r) => r.triggered)) {
+      console.log(
+        `✓ Schema valid; Anti-Monolithic triggered (${amResults.filter((r) => r.triggered).length}/${amResults.length} domain(s))`,
+      );
+    } else {
+      console.log(`✓ Schema valid; Anti-Monolithic check passed (${amResults.length} domain(s))`);
+    }
+  }
+  process.exit(allErrors.length ? EXIT.VALIDATION_FAILED : EXIT.OK);
+}
+
+function runAntiMonolithicCheckOnCore(dir, opts) {
+  const { runAntiMonolithicCheck } = require('./anti-monolithic');
+  return runAntiMonolithicCheck(dir, opts);
+}
+
 // ─── Pack / Unpack (.kdna ZIP container) ──────────────────────────────────
 
 function cmdPack(dir, outputDir) {
@@ -918,6 +1021,7 @@ function cmdCard(dir, jsonMode = false, locale = null, options = {}) {
 
 module.exports = {
   cmdValidate,
+  cmdValidateAntiMonolithic,
   cmdPack,
   cmdUnpack,
   cmdInspect,