npm - @cyanautomation/kaseki-agent - Versions diffs - 1.4.1 - Mend

@cyanautomation/kaseki-agent 1.4.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (459) hide show

package/.dockerignore +54 -0
package/.eslintignore +11 -0
package/.eslintrc.json +95 -0
package/.github/ISSUE_TEMPLATE/bug_report.md +53 -0
package/.github/ISSUE_TEMPLATE/feature_request.md +53 -0
package/.github/ISSUE_TEMPLATE/security.md +51 -0
package/.github/PULL_REQUEST_TEMPLATE/default.md +71 -0
package/.github/dependabot.yml +38 -0
package/.github/skills/dependency-cache-optimization/SKILL.md +526 -0
package/.github/skills/docker-image-management/SKILL.md +532 -0
package/.github/skills/frontend-design/SKILL.md +782 -0
package/.github/skills/prompt-engineering/SKILL.md +360 -0
package/.github/skills/quality-gate-config/SKILL.md +591 -0
package/.github/skills/result-report-analysis/SKILL.md +576 -0
package/.github/skills/test-automation/SKILL.md +593 -0
package/.github/skills/workflow-diagnosis/SKILL.md +468 -0
package/.github/workflows/build-docker-image.yml +453 -0
package/.github/workflows/release.yml +68 -0
package/.releaserc.json +135 -0
package/CHANGELOG.md +117 -0
package/CLAUDE.md +336 -0
package/CONTRIBUTING.md +339 -0
package/Dockerfile +217 -0
package/README.md +1527 -0
package/STYLE.md +521 -0
package/add-js-extensions.d.ts +9 -0
package/add-js-extensions.d.ts.map +1 -0
package/add-js-extensions.js.map +1 -0
package/dist/add-js-extensions.d.ts +9 -0
package/dist/add-js-extensions.d.ts.map +1 -0
package/dist/add-js-extensions.js +52 -0
package/dist/add-js-extensions.js.map +1 -0
package/dist/ansi-colors.d.ts +26 -0
package/dist/ansi-colors.d.ts.map +1 -0
package/dist/ansi-colors.js +51 -0
package/dist/ansi-colors.js.map +1 -0
package/dist/cli/BaseCommand.d.ts +18 -0
package/dist/cli/BaseCommand.d.ts.map +1 -0
package/dist/cli/BaseCommand.js +31 -0
package/dist/cli/BaseCommand.js.map +1 -0
package/dist/cli/KasekiCLI.d.ts +30 -0
package/dist/cli/KasekiCLI.d.ts.map +1 -0
package/dist/cli/KasekiCLI.js +134 -0
package/dist/cli/KasekiCLI.js.map +1 -0
package/dist/cli/commands/ConfigCommand.d.ts +13 -0
package/dist/cli/commands/ConfigCommand.d.ts.map +1 -0
package/dist/cli/commands/ConfigCommand.js +131 -0
package/dist/cli/commands/ConfigCommand.js.map +1 -0
package/dist/cli/commands/DoctorCommand.d.ts +45 -0
package/dist/cli/commands/DoctorCommand.d.ts.map +1 -0
package/dist/cli/commands/DoctorCommand.js +309 -0
package/dist/cli/commands/DoctorCommand.js.map +1 -0
package/dist/cli/commands/ListCommand.d.ts +9 -0
package/dist/cli/commands/ListCommand.d.ts.map +1 -0
package/dist/cli/commands/ListCommand.js +81 -0
package/dist/cli/commands/ListCommand.js.map +1 -0
package/dist/cli/commands/ReportCommand.d.ts +9 -0
package/dist/cli/commands/ReportCommand.d.ts.map +1 -0
package/dist/cli/commands/ReportCommand.js +98 -0
package/dist/cli/commands/ReportCommand.js.map +1 -0
package/dist/cli/commands/RunCommand.d.ts +13 -0
package/dist/cli/commands/RunCommand.d.ts.map +1 -0
package/dist/cli/commands/RunCommand.js +191 -0
package/dist/cli/commands/RunCommand.js.map +1 -0
package/dist/cli/commands/SecretsCommand.d.ts +9 -0
package/dist/cli/commands/SecretsCommand.d.ts.map +1 -0
package/dist/cli/commands/SecretsCommand.js +109 -0
package/dist/cli/commands/SecretsCommand.js.map +1 -0
package/dist/cli/commands/ServeCommand.d.ts +9 -0
package/dist/cli/commands/ServeCommand.d.ts.map +1 -0
package/dist/cli/commands/ServeCommand.js +50 -0
package/dist/cli/commands/ServeCommand.js.map +1 -0
package/dist/cli/commands/SetupCommand.d.ts +42 -0
package/dist/cli/commands/SetupCommand.d.ts.map +1 -0
package/dist/cli/commands/SetupCommand.js +249 -0
package/dist/cli/commands/SetupCommand.js.map +1 -0
package/dist/cli.d.ts +9 -0
package/dist/cli.d.ts.map +1 -0
package/dist/cli.js +130 -0
package/dist/cli.js.map +1 -0
package/dist/config/ConfigManager.d.ts +395 -0
package/dist/config/ConfigManager.d.ts.map +1 -0
package/dist/config/ConfigManager.js +446 -0
package/dist/config/ConfigManager.js.map +1 -0
package/dist/docker/DockerManager.d.ts +69 -0
package/dist/docker/DockerManager.d.ts.map +1 -0
package/dist/docker/DockerManager.js +266 -0
package/dist/docker/DockerManager.js.map +1 -0
package/dist/event-aggregator.d.ts +71 -0
package/dist/event-aggregator.d.ts.map +1 -0
package/dist/event-aggregator.js +95 -0
package/dist/event-aggregator.js.map +1 -0
package/dist/github-app-token.d.ts +16 -0
package/dist/github-app-token.d.ts.map +1 -0
package/dist/github-app-token.js +148 -0
package/dist/github-app-token.js.map +1 -0
package/dist/idempotency-store.d.ts +61 -0
package/dist/idempotency-store.d.ts.map +1 -0
package/dist/idempotency-store.js +321 -0
package/dist/idempotency-store.js.map +1 -0
package/dist/index.d.ts +25 -0
package/dist/index.d.ts.map +1 -0
package/dist/index.js +31 -0
package/dist/index.js.map +1 -0
package/dist/instance/InstanceManager.d.ts +81 -0
package/dist/instance/InstanceManager.d.ts.map +1 -0
package/dist/instance/InstanceManager.js +220 -0
package/dist/instance/InstanceManager.js.map +1 -0
package/dist/instance-metadata-reader.d.ts +48 -0
package/dist/instance-metadata-reader.d.ts.map +1 -0
package/dist/instance-metadata-reader.js +94 -0
package/dist/instance-metadata-reader.js.map +1 -0
package/dist/instance-state-derivation.d.ts +42 -0
package/dist/instance-state-derivation.d.ts.map +1 -0
package/dist/instance-state-derivation.js +133 -0
package/dist/instance-state-derivation.js.map +1 -0
package/dist/job-scheduler.d.ts +124 -0
package/dist/job-scheduler.d.ts.map +1 -0
package/dist/job-scheduler.js +992 -0
package/dist/job-scheduler.js.map +1 -0
package/dist/kaseki-api-client.d.ts +89 -0
package/dist/kaseki-api-client.d.ts.map +1 -0
package/dist/kaseki-api-client.js +405 -0
package/dist/kaseki-api-client.js.map +1 -0
package/dist/kaseki-api-config.d.ts +34 -0
package/dist/kaseki-api-config.d.ts.map +1 -0
package/dist/kaseki-api-config.js +113 -0
package/dist/kaseki-api-config.js.map +1 -0
package/dist/kaseki-api-routes.d.ts +13 -0
package/dist/kaseki-api-routes.d.ts.map +1 -0
package/dist/kaseki-api-routes.js +559 -0
package/dist/kaseki-api-routes.js.map +1 -0
package/dist/kaseki-api-service-wrapper.d.ts +43 -0
package/dist/kaseki-api-service-wrapper.d.ts.map +1 -0
package/dist/kaseki-api-service-wrapper.js +150 -0
package/dist/kaseki-api-service-wrapper.js.map +1 -0
package/dist/kaseki-api-service.d.ts +16 -0
package/dist/kaseki-api-service.d.ts.map +1 -0
package/dist/kaseki-api-service.js +143 -0
package/dist/kaseki-api-service.js.map +1 -0
package/dist/kaseki-api-types.d.ts +440 -0
package/dist/kaseki-api-types.d.ts.map +1 -0
package/dist/kaseki-api-types.js +64 -0
package/dist/kaseki-api-types.js.map +1 -0
package/dist/kaseki-cli-lib.d.ts +219 -0
package/dist/kaseki-cli-lib.d.ts.map +1 -0
package/dist/kaseki-cli-lib.js +523 -0
package/dist/kaseki-cli-lib.js.map +1 -0
package/dist/kaseki-cli.d.ts +38 -0
package/dist/kaseki-cli.d.ts.map +1 -0
package/dist/kaseki-cli.js +559 -0
package/dist/kaseki-cli.js.map +1 -0
package/dist/kaseki-report.d.ts +3 -0
package/dist/kaseki-report.d.ts.map +1 -0
package/dist/kaseki-report.js +140 -0
package/dist/kaseki-report.js.map +1 -0
package/dist/lib/subprocess-helpers.d.ts +98 -0
package/dist/lib/subprocess-helpers.d.ts.map +1 -0
package/dist/lib/subprocess-helpers.js +136 -0
package/dist/lib/subprocess-helpers.js.map +1 -0
package/dist/logger.d.ts +39 -0
package/dist/logger.d.ts.map +1 -0
package/dist/logger.js +79 -0
package/dist/logger.js.map +1 -0
package/dist/metrics.d.ts +19 -0
package/dist/metrics.d.ts.map +1 -0
package/dist/metrics.js +59 -0
package/dist/metrics.js.map +1 -0
package/dist/middleware/job-lookup.d.ts +27 -0
package/dist/middleware/job-lookup.d.ts.map +1 -0
package/dist/middleware/job-lookup.js +28 -0
package/dist/middleware/job-lookup.js.map +1 -0
package/dist/pi-event-filter.d.ts +3 -0
package/dist/pi-event-filter.d.ts.map +1 -0
package/dist/pi-event-filter.js +126 -0
package/dist/pi-event-filter.js.map +1 -0
package/dist/pi-progress-stream.d.ts +3 -0
package/dist/pi-progress-stream.d.ts.map +1 -0
package/dist/pi-progress-stream.js +205 -0
package/dist/pi-progress-stream.js.map +1 -0
package/dist/pi-progress-summarizer.d.ts +61 -0
package/dist/pi-progress-summarizer.d.ts.map +1 -0
package/dist/pi-progress-summarizer.js +246 -0
package/dist/pi-progress-summarizer.js.map +1 -0
package/dist/pre-flight-validator.d.ts +72 -0
package/dist/pre-flight-validator.d.ts.map +1 -0
package/dist/pre-flight-validator.js +513 -0
package/dist/pre-flight-validator.js.map +1 -0
package/dist/progress-stream-utils.d.ts +3 -0
package/dist/progress-stream-utils.d.ts.map +1 -0
package/dist/progress-stream-utils.js +15 -0
package/dist/progress-stream-utils.js.map +1 -0
package/dist/result-cache.d.ts +52 -0
package/dist/result-cache.d.ts.map +1 -0
package/dist/result-cache.js +134 -0
package/dist/result-cache.js.map +1 -0
package/dist/routes/artifact-routes.d.ts +10 -0
package/dist/routes/artifact-routes.d.ts.map +1 -0
package/dist/routes/artifact-routes.js +126 -0
package/dist/routes/artifact-routes.js.map +1 -0
package/dist/routes/log-routes.d.ts +8 -0
package/dist/routes/log-routes.d.ts.map +1 -0
package/dist/routes/log-routes.js +345 -0
package/dist/routes/log-routes.js.map +1 -0
package/dist/routes/status-routes.d.ts +8 -0
package/dist/routes/status-routes.d.ts.map +1 -0
package/dist/routes/status-routes.js +82 -0
package/dist/routes/status-routes.js.map +1 -0
package/dist/routes/webhook-routes.d.ts +6 -0
package/dist/routes/webhook-routes.d.ts.map +1 -0
package/dist/routes/webhook-routes.js +86 -0
package/dist/routes/webhook-routes.js.map +1 -0
package/dist/run-artifact-metadata-cache.d.ts +42 -0
package/dist/run-artifact-metadata-cache.d.ts.map +1 -0
package/dist/run-artifact-metadata-cache.js +139 -0
package/dist/run-artifact-metadata-cache.js.map +1 -0
package/dist/secret-value-cache.d.ts +13 -0
package/dist/secret-value-cache.d.ts.map +1 -0
package/dist/secret-value-cache.js +44 -0
package/dist/secret-value-cache.js.map +1 -0
package/dist/secrets/SecretsManager.d.ts +80 -0
package/dist/secrets/SecretsManager.d.ts.map +1 -0
package/dist/secrets/SecretsManager.js +306 -0
package/dist/secrets/SecretsManager.js.map +1 -0
package/dist/test-utils.d.ts +55 -0
package/dist/test-utils.d.ts.map +1 -0
package/dist/test-utils.js +48 -0
package/dist/test-utils.js.map +1 -0
package/dist/timestamp-tracker.d.ts +75 -0
package/dist/timestamp-tracker.d.ts.map +1 -0
package/dist/timestamp-tracker.js +121 -0
package/dist/timestamp-tracker.js.map +1 -0
package/dist/utils/failure-artifact-writer.d.ts +29 -0
package/dist/utils/failure-artifact-writer.d.ts.map +1 -0
package/dist/utils/failure-artifact-writer.js +157 -0
package/dist/utils/failure-artifact-writer.js.map +1 -0
package/dist/utils/file-helpers.d.ts +41 -0
package/dist/utils/file-helpers.d.ts.map +1 -0
package/dist/utils/file-helpers.js +143 -0
package/dist/utils/file-helpers.js.map +1 -0
package/dist/utils/http-client-factory.d.ts +46 -0
package/dist/utils/http-client-factory.d.ts.map +1 -0
package/dist/utils/http-client-factory.js +114 -0
package/dist/utils/http-client-factory.js.map +1 -0
package/dist/utils/progress-normalizer.d.ts +13 -0
package/dist/utils/progress-normalizer.d.ts.map +1 -0
package/dist/utils/progress-normalizer.js +57 -0
package/dist/utils/progress-normalizer.js.map +1 -0
package/dist/utils/response-helpers.d.ts +34 -0
package/dist/utils/response-helpers.d.ts.map +1 -0
package/dist/utils/response-helpers.js +78 -0
package/dist/utils/response-helpers.js.map +1 -0
package/dist/utils/route-helpers.d.ts +17 -0
package/dist/utils/route-helpers.d.ts.map +1 -0
package/dist/utils/route-helpers.js +22 -0
package/dist/utils/route-helpers.js.map +1 -0
package/dist/utils/status-response-builder.d.ts +23 -0
package/dist/utils/status-response-builder.d.ts.map +1 -0
package/dist/utils/status-response-builder.js +144 -0
package/dist/utils/status-response-builder.js.map +1 -0
package/dist/utils/type-guards.d.ts +37 -0
package/dist/utils/type-guards.d.ts.map +1 -0
package/dist/utils/type-guards.js +45 -0
package/dist/utils/type-guards.js.map +1 -0
package/dist/utils/utf8-helpers.d.ts +32 -0
package/dist/utils/utf8-helpers.d.ts.map +1 -0
package/dist/utils/utf8-helpers.js +97 -0
package/dist/utils/utf8-helpers.js.map +1 -0
package/dist/utils/webhook-event-builder.d.ts +26 -0
package/dist/utils/webhook-event-builder.d.ts.map +1 -0
package/dist/utils/webhook-event-builder.js +77 -0
package/dist/utils/webhook-event-builder.js.map +1 -0
package/dist/webhook-manager.d.ts +56 -0
package/dist/webhook-manager.d.ts.map +1 -0
package/dist/webhook-manager.js +359 -0
package/dist/webhook-manager.js.map +1 -0
package/docker/workspace-cache/package-lock.json +13 -0
package/docker/workspace-cache/package.json +7 -0
package/docker-compose.yml +53 -0
package/docs/API.md +708 -0
package/docs/BACKLOG.md +19 -0
package/docs/BUILD_STRATEGY.md +404 -0
package/docs/CLI.md +569 -0
package/docs/DEPLOYMENT.md +521 -0
package/docs/DEVELOPMENT.md +459 -0
package/docs/DOCKER_SETUP.md +522 -0
package/docs/ENHANCED_PROGRESS_LOGS.md +264 -0
package/docs/IMPLEMENTATION_SUMMARY.md +549 -0
package/docs/INTEGRATION_EXAMPLE.md +217 -0
package/docs/NPM_SETUP.md +468 -0
package/docs/PHASE1-4_IMPLEMENTATION.md +302 -0
package/docs/PHASE1_COMPLETION.md +192 -0
package/docs/PHASE2_COMPLETION.md +134 -0
package/docs/PHASE6_MIGRATION.md +392 -0
package/docs/PRINTF_SAFETY_FIX.md +282 -0
package/docs/QUALITY_GATES.md +369 -0
package/docs/SETUP_GUIDE.md +482 -0
package/docs/TASK_PROMPT_TEMPLATES.md +533 -0
package/docs/VALIDATION_FIX.md +139 -0
package/docs/VERIFICATION_CHECKLIST.md +335 -0
package/docs/repo-maturity.md +760 -0
package/fix-tests.d.ts +9 -0
package/fix-tests.d.ts.map +1 -0
package/fix-tests.js.map +1 -0
package/fix-tests.ts +53 -0
package/jest.config.ts +31 -0
package/kaseki +183 -0
package/kaseki-agent.sh +1961 -0
package/ops/logrotate/kaseki +10 -0
package/package.json +83 -0
package/perf/README.md +54 -0
package/perf/pi-event-filter.benchmark.test.ts +98 -0
package/run-kaseki-json.test.sh +106 -0
package/run-kaseki.sh +990 -0
package/scripts/allowlist-helper.sh +56 -0
package/scripts/cleanup-kaseki.sh +168 -0
package/scripts/deploy-pi-template.sh +293 -0
package/scripts/docker-entrypoint.sh +71 -0
package/scripts/dry-run-allowlist.sh +161 -0
package/scripts/kaseki-activate.sh +396 -0
package/scripts/kaseki-api.service +62 -0
package/scripts/kaseki-container-entrypoint-wrapper.sh +119 -0
package/scripts/kaseki-container-setup-remote.sh +172 -0
package/scripts/kaseki-container-setup.sh +193 -0
package/scripts/kaseki-healthcheck.sh +95 -0
package/scripts/kaseki-install.sh +50 -0
package/scripts/kaseki-maturity-score.sh +291 -0
package/scripts/kaseki-performance-metrics.sh +122 -0
package/scripts/kaseki-preflight.sh +270 -0
package/scripts/kaseki-setup.sh +265 -0
package/scripts/pi-setup-remote.sh +213 -0
package/scripts/setup-github-labels.sh +42 -0
package/scripts/suggest-allowlist.sh +68 -0
package/scripts/templates/MULTI_HOST_DISTRIBUTED.md +337 -0
package/scripts/templates/REST_API_SERVICE.md +490 -0
package/scripts/templates/SINGLE_HOST_CLI.md +194 -0
package/scripts/test-github-app.sh +248 -0
package/src/add-js-extensions.ts +61 -0
package/src/ansi-colors.test.ts +62 -0
package/src/ansi-colors.ts +67 -0
package/src/cli/BaseCommand.ts +40 -0
package/src/cli/KasekiCLI.ts +154 -0
package/src/cli/commands/ConfigCommand.ts +145 -0
package/src/cli/commands/DoctorCommand.ts +329 -0
package/src/cli/commands/ListCommand.ts +105 -0
package/src/cli/commands/ReportCommand.ts +110 -0
package/src/cli/commands/RunCommand.ts +218 -0
package/src/cli/commands/SecretsCommand.ts +120 -0
package/src/cli/commands/ServeCommand.ts +62 -0
package/src/cli/commands/SetupCommand.ts +301 -0
package/src/cli.ts +138 -0
package/src/config/ConfigManager.ts +476 -0
package/src/docker/DockerManager.ts +319 -0
package/src/docker-entrypoint-packaging.test.ts +33 -0
package/src/event-aggregator.test.ts +117 -0
package/src/event-aggregator.ts +126 -0
package/src/github-app-token.ts +215 -0
package/src/idempotency-store.test.ts +117 -0
package/src/idempotency-store.ts +385 -0
package/src/index.ts +89 -0
package/src/instance/InstanceManager.ts +285 -0
package/src/instance-metadata-reader.test.ts +190 -0
package/src/instance-metadata-reader.ts +129 -0
package/src/instance-state-derivation.test.ts +263 -0
package/src/instance-state-derivation.ts +148 -0
package/src/job-scheduler.test.ts +1236 -0
package/src/job-scheduler.ts +1117 -0
package/src/kaseki-api-client.ts +488 -0
package/src/kaseki-api-config.test.ts +315 -0
package/src/kaseki-api-config.ts +175 -0
package/src/kaseki-api-routes.test.ts +1615 -0
package/src/kaseki-api-routes.ts +643 -0
package/src/kaseki-api-service-wrapper.ts +188 -0
package/src/kaseki-api-service.test.ts +418 -0
package/src/kaseki-api-service.ts +192 -0
package/src/kaseki-api-types.ts +320 -0
package/src/kaseki-cli-lib.test.ts +552 -0
package/src/kaseki-cli-lib.ts +760 -0
package/src/kaseki-cli.ts +682 -0
package/src/kaseki-report.test.ts +118 -0
package/src/kaseki-report.ts +192 -0
package/src/lib/subprocess-helpers.ts +177 -0
package/src/logger.ts +114 -0
package/src/metrics.ts +66 -0
package/src/middleware/job-lookup.test.ts +113 -0
package/src/middleware/job-lookup.ts +45 -0
package/src/pi-event-filter.test.ts +183 -0
package/src/pi-event-filter.ts +183 -0
package/src/pi-progress-stream.ts +287 -0
package/src/pi-progress-summarizer.test.ts +302 -0
package/src/pi-progress-summarizer.ts +287 -0
package/src/pre-flight-validator.test.ts +512 -0
package/src/pre-flight-validator.ts +618 -0
package/src/progress-stream-utils.test.ts +35 -0
package/src/progress-stream-utils.ts +14 -0
package/src/result-cache.test.ts +195 -0
package/src/result-cache.ts +181 -0
package/src/routes/artifact-routes.ts +169 -0
package/src/routes/log-routes.ts +391 -0
package/src/routes/status-routes.ts +92 -0
package/src/routes/webhook-routes.ts +97 -0
package/src/run-artifact-metadata-cache.test.ts +80 -0
package/src/run-artifact-metadata-cache.ts +184 -0
package/src/secret-value-cache.test.ts +66 -0
package/src/secret-value-cache.ts +55 -0
package/src/secrets/SecretsManager.ts +343 -0
package/src/test-utils.ts +81 -0
package/src/timestamp-tracker.test.ts +134 -0
package/src/timestamp-tracker.ts +132 -0
package/src/utils/failure-artifact-writer.ts +187 -0
package/src/utils/file-helpers.test.ts +235 -0
package/src/utils/file-helpers.ts +150 -0
package/src/utils/http-client-factory.test.ts +245 -0
package/src/utils/http-client-factory.ts +157 -0
package/src/utils/progress-normalizer.test.ts +442 -0
package/src/utils/progress-normalizer.ts +68 -0
package/src/utils/response-helpers.test.ts +122 -0
package/src/utils/response-helpers.ts +101 -0
package/src/utils/route-helpers.ts +30 -0
package/src/utils/status-response-builder.ts +159 -0
package/src/utils/type-guards.ts +52 -0
package/src/utils/utf8-helpers.ts +102 -0
package/src/utils/webhook-event-builder.test.ts +143 -0
package/src/utils/webhook-event-builder.ts +87 -0
package/src/webhook-manager.test.ts +152 -0
package/src/webhook-manager.ts +445 -0
package/templates/allowlist-api-route.txt +7 -0
package/templates/allowlist-comprehensive.txt +8 -0
package/templates/allowlist-parser-fix.txt +6 -0
package/templates/allowlist-ui-component.txt +9 -0
package/templates/allowlist-utility.txt +9 -0
package/test/actual-model-metadata.test.sh +102 -0
package/test/dry-run.test.sh +131 -0
package/test/fixtures/kaseki-report-exit-codes/metadata-exit-0.json +1 -0
package/test/fixtures/kaseki-report-exit-codes/metadata-exit-1.json +1 -0
package/test/fixtures/kaseki-report-exit-codes/metadata-exit-invalid.json +1 -0
package/test/fixtures/kaseki-report-exit-codes/metadata-exit-str-0.json +1 -0
package/test/fixtures/kaseki-report-exit-codes/metadata-exit-str-1.json +1 -0
package/test/kaseki-api.integration.test.sh +165 -0
package/test/pi-event-filter-failure.test.sh +83 -0
package/test/printf-safety-focused.test.sh +99 -0
package/test/printf-safety-results/results/restoration.jsonl +10 -0
package/test/printf-safety-results/results/test.jsonl +0 -0
package/test/printf-safety.test.sh +297 -0
package/test/validation-fix.test.sh +79 -0
package/test/validation-integration.test.sh +109 -0
package/tests/allowlist-glob.test.sh +61 -0
package/tests/dependency-cache-key.test.sh +48 -0
package/tests/dependency-restore-mode.test.sh +48 -0
package/tests/doctor-template-parity.test.sh +95 -0
package/tests/github-operations.test.sh +142 -0
package/tests/npm-install-flags.test.sh +58 -0
package/tests/quality-gates.test.sh +178 -0
package/tests/repo-memory.test.sh +103 -0
package/tests/restore-disallowed-changes.test.sh +80 -0
package/tests/validation-missing-npm-scripts.test.sh +93 -0
package/tests/validation-strict-mode.test.sh +118 -0
package/tsconfig.changed.json +7 -0
package/tsconfig.json +39 -0

package/.github/workflows/build-docker-image.yml ADDED Viewed

@@ -0,0 +1,453 @@
+name: Build Docker Image
+on:
+  workflow_dispatch:
+    inputs:
+      tags:
+        description: "Comma-separated Docker tags to publish (auto-detects from git ref if empty)"
+        required: false
+        default: ""
+  schedule:
+    # Weekly build every Sunday at 00:00 UTC, publishes 'latest' tag to both registries
+    - cron: '0 0 * * 0'
+  workflow_run:
+    workflows:
+      - Release
+    types:
+      - completed
+env:
+  DOCKER_IMAGE: cyanautomation/kaseki-agent
+permissions:
+  contents: read
+  packages: write
+jobs:
+  type_check_changed:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v6
+      - name: Set up Node
+        uses: actions/setup-node@v6
+        with:
+          node-version: '22.22.2'
+          cache: npm
+      - name: Install dependencies
+        run: npm ci
+      - name: Type check changed-code scope (blocking)
+        run: npm run type-check:changed
+  type_check_full:
+    runs-on: ubuntu-latest
+    continue-on-error: true
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v6
+      - name: Set up Node
+        uses: actions/setup-node@v6
+        with:
+          node-version: '22.22.2'
+          cache: npm
+      - name: Install dependencies
+        run: npm ci
+      - name: Full type check (non-blocking baseline)
+        id: full_type_check
+        shell: bash
+        run: |
+          set +e
+          npm run type-check:full > type-check-full.log 2>&1
+          exit_code=$?
+          cat type-check-full.log
+          echo "exit_code=${exit_code}" >> "$GITHUB_OUTPUT"
+          exit 0
+      - name: Upload full type-check report
+        if: always()
+        uses: actions/upload-artifact@v7
+        with:
+          name: type-check-full-report
+          path: |
+            type-check-full.log
+          if-no-files-found: warn
+  checks:
+    needs: type_check_changed
+    runs-on: ubuntu-latest
+    # Runs in parallel with type_check_full (both independent after type_check_changed blocks all)
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v6
+      - name: Set up Node
+        uses: actions/setup-node@v6
+        with:
+          node-version: '22.22.2'
+          cache: npm
+      - name: Install ShellCheck
+        shell: bash
+        run: |
+          sudo apt-get update
+          sudo apt-get install -y --no-install-recommends shellcheck
+      - name: Install dependencies
+        run: npm ci
+      - name: Run lint
+        run: npm run lint
+      - name: Run tests
+        run: npm test
+      - name: Build TypeScript
+        run: npm run build
+      - name: Verify API service build artifact
+        shell: bash
+        run: |
+          test -f dist/kaseki-api-service.js
+          ls -l dist/kaseki-api-service.js
+  build:
+    needs: [checks, type_check_full]
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v6
+      - name: Set up QEMU
+        uses: docker/setup-qemu-action@v3
+        with:
+          platforms: arm64
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v3
+      - name: Login to Docker Hub
+        uses: docker/login-action@v3
+        with:
+          username: ${{ secrets.DOCKER_USERNAME }}
+          password: ${{ secrets.DOCKER_PASSWORD }}
+      - name: Login to GitHub Container Registry
+        uses: docker/login-action@v3
+        with:
+          registry: ghcr.io
+          username: ${{ github.actor }}
+          password: ${{ secrets.GITHUB_TOKEN }}
+      - name: Determine tags
+        id: meta
+        shell: bash
+        run: |
+          # Tag determination logic for different trigger types:
+          # 1. workflow_dispatch with custom tags input: use those tags
+          # 2. workflow_dispatch without input OR workflow_run: auto-detect from git ref
+          # 3. schedule (Sunday 00:00 UTC): use 'latest'
+          if [[ "${{ github.event_name }}" == "workflow_dispatch" && -n "${{ github.event.inputs.tags }}" ]]; then
+            # Manual dispatch with explicit tags provided
+            TAGS="${{ github.event.inputs.tags }}"
+          elif [[ "${{ github.ref }}" == refs/tags/* ]]; then
+            # On a git tag (from release workflow via workflow_run, or manual push)
+            VERSION="${GITHUB_REF#refs/tags/}"
+            VERSION="${VERSION#v}"
+            TAGS="$VERSION,latest"
+          elif [[ "${{ github.ref }}" == "refs/heads/main" ]]; then
+            # On main branch (scheduled builds only now)
+            SHORT_SHA="${GITHUB_SHA::12}"
+            TAGS="latest,main-$SHORT_SHA"
+          else
+            # Default to 'latest' for other triggers
+            TAGS="latest"
+          fi
+          DOCKER_HUB_TAGS=""
+          GHCR_TAGS=""
+          FIRST_TAG=""
+          for raw_tag in ${TAGS//,/ }; do
+            tag="$(echo "$raw_tag" | xargs)"
+            [[ -z "$tag" ]] && continue
+            [[ -z "$FIRST_TAG" ]] && FIRST_TAG="$tag"
+            DOCKER_HUB_TAGS="${DOCKER_HUB_TAGS}${DOCKER_IMAGE}:$tag"$'\n'
+            DOCKER_HUB_TAGS="${DOCKER_HUB_TAGS}${DOCKER_IMAGE}:$tag-arm64"$'\n'
+            GHCR_TAGS="${GHCR_TAGS}ghcr.io/${DOCKER_IMAGE}:$tag"$'\n'
+            GHCR_TAGS="${GHCR_TAGS}ghcr.io/${DOCKER_IMAGE}:$tag-arm64"$'\n'
+          done
+          if [[ -z "$DOCKER_HUB_TAGS" ]]; then
+            echo "No Docker tags were provided" >&2
+            exit 1
+          fi
+          DOCKER_HUB_TAGS="${DOCKER_HUB_TAGS%$'\n'}"
+          GHCR_TAGS="${GHCR_TAGS%$'\n'}"
+          ALL_TAGS="${DOCKER_HUB_TAGS}"$'\n'"${GHCR_TAGS}"
+          echo "tags<<EOF" >> "$GITHUB_OUTPUT"
+          echo "$ALL_TAGS" >> "$GITHUB_OUTPUT"
+          echo "EOF" >> "$GITHUB_OUTPUT"
+          echo "primary_tag=${FIRST_TAG:-latest}" >> "$GITHUB_OUTPUT"
+          echo "Building tags:"
+          echo "$ALL_TAGS"
+      - name: Build and push
+        id: build
+        uses: docker/build-push-action@v5
+        with:
+          context: .
+          platforms: linux/amd64,linux/arm64
+          push: true
+          tags: ${{ steps.meta.outputs.tags }}
+          cache-from: type=gha,scope=${{ github.ref_name }}
+          cache-to: type=gha,scope=${{ github.ref_name }},mode=max
+          provenance: true
+          sbom: true
+      - name: Log build cache statistics
+        shell: bash
+        run: |
+          echo "Build completed successfully"
+          echo "Build digest: ${{ steps.build.outputs.digest }}"
+          echo "Image size (metadata): ${{ steps.build.outputs.imageid }}"
+          echo ""
+          echo "Cache strategy: GitHub Actions cache with scope=${{ github.ref_name }}"
+          echo "Expected cache hit rate on subsequent builds: 80-90%"
+          echo "See .github/skills/docker-image-management/SKILL.md for cache optimization details"
+  scan:
+    needs: build
+    runs-on: ubuntu-latest
+    permissions:
+      contents: read
+      security-events: write
+      # artifact uploads for SBOM
+      packages: read
+    steps:
+      # Vulnerability scanning strategy:
+      # 1. HIGH/CRITICAL: Blocking scan uploaded to GitHub Security tab (fails if found)
+      # 2. All severities: Informational JSON report for visibility into MEDIUM/LOW
+      # 3. SBOM: Generated in SPDX format for supply chain security
+      #
+      # We scan docker.io registry since that's the primary distribution point.
+      # GHCR images have parity via multi-registry build, so scanning one is sufficient.
+      # Both amd64 and arm64 variants use the same base image and have identical vulnerabilities.
+      - name: Run Trivy vulnerability scanner (HIGH/CRITICAL only)
+        uses: aquasecurity/trivy-action@v0.36.0
+        with:
+          image-ref: 'docker.io/cyanautomation/kaseki-agent:latest'
+          format: 'sarif'
+          output: 'trivy-results.sarif'
+          severity: 'HIGH,CRITICAL'
+      - name: Run Trivy vulnerability scanner (all severities - informational)
+        uses: aquasecurity/trivy-action@v0.36.0
+        with:
+          image-ref: 'docker.io/cyanautomation/kaseki-agent:latest'
+          format: 'json'
+          output: 'trivy-results-all.json'
+      - name: Generate SBOM (SPDX format)
+        uses: aquasecurity/trivy-action@v0.36.0
+        with:
+          image-ref: 'docker.io/cyanautomation/kaseki-agent:latest'
+          format: 'spdx-json'
+          output: 'sbom-spdx.json'
+      - name: Upload Trivy results to GitHub Security tab
+        uses: github/codeql-action/upload-sarif@v4
+        if: always()
+        with:
+          sarif_file: 'trivy-results.sarif'
+      - name: Upload SBOM and detailed scan results
+        uses: actions/upload-artifact@v7
+        if: always()
+        with:
+          name: vulnerability-scan-results
+          path: |
+            trivy-results.sarif
+            trivy-results-all.json
+            sbom-spdx.json
+          retention-days: 30
+      - name: Summarize scan results
+        if: always()
+        shell: bash
+        run: |
+          echo "=== Vulnerability Scan Complete ==="
+          echo ""
+          echo "Scanned Image: docker.io/cyanautomation/kaseki-agent:latest"
+          echo "Scanner: Trivy v0.36.0"
+          echo ""
+          echo "Results:"
+          echo "  - HIGH/CRITICAL findings → trivy-results.sarif (uploaded to GitHub Security tab)"
+          echo "  - All severities → trivy-results-all.json (informational, includes MEDIUM/LOW)"
+          echo "  - SBOM (SPDX) → sbom-spdx.json (software composition)"
+          echo ""
+          echo "Artifacts retained for 30 days"
+          echo ""
+          if grep -q '"severity":"HIGH"' trivy-results-all.json 2>/dev/null || grep -q '"severity":"CRITICAL"' trivy-results-all.json 2>/dev/null; then
+            echo "⚠️  HIGH or CRITICAL vulnerabilities detected - review trivy-results.sarif"
+          else
+            echo "✓ No HIGH or CRITICAL vulnerabilities found"
+          fi
+  verify:
+    needs: build
+    runs-on: ubuntu-latest
+    steps:
+      - name: Login to Docker Hub
+        uses: docker/login-action@v3
+        with:
+          username: ${{ secrets.DOCKER_USERNAME }}
+          password: ${{ secrets.DOCKER_PASSWORD }}
+      - name: Login to GitHub Container Registry
+        uses: docker/login-action@v3
+        with:
+          registry: ghcr.io
+          username: ${{ github.actor }}
+          password: ${{ secrets.GITHUB_TOKEN }}
+      - name: Determine verification tag
+        id: meta
+        shell: bash
+        run: |
+          if [[ "${{ github.event_name }}" == "workflow_dispatch" ]]; then
+            TAGS="${{ github.event.inputs.tags }}"
+            TAG="$(echo "${TAGS%%,*}" | xargs)"
+            echo "tag=${TAG:-latest}" >> "$GITHUB_OUTPUT"
+          elif [[ "${{ github.ref }}" == refs/tags/* ]]; then
+            TAG="${GITHUB_REF#refs/tags/}"
+            TAG="${TAG#v}"
+            echo "tag=$TAG" >> "$GITHUB_OUTPUT"
+          else
+            echo "tag=latest" >> "$GITHUB_OUTPUT"
+          fi
+      - name: Verify multi-arch manifest
+        shell: bash
+        run: |
+          IMAGE="${DOCKER_IMAGE}:${{ steps.meta.outputs.tag }}"
+          echo "Verifying manifest for: $IMAGE"
+          docker manifest inspect "$IMAGE" | jq -e '
+            [.manifests[].platform | "\(.os)/\(.architecture)"] as $platforms |
+            ($platforms | index("linux/amd64")) and ($platforms | index("linux/arm64"))
+          '
+          docker manifest inspect "$IMAGE" | jq -r '.manifests[] | "\(.platform.os)/\(.platform.architecture)"'
+          echo "Multi-arch image verified successfully"
+      - name: Verify Pi CLI entrypoint
+        shell: bash
+        run: |
+          IMAGE="${DOCKER_IMAGE}:${{ steps.meta.outputs.tag }}"
+          docker run --rm --entrypoint pi "$IMAGE" --version
+      - name: Smoke test runtime artifacts
+        shell: bash
+        run: |
+          IMAGE="${DOCKER_IMAGE}:${{ steps.meta.outputs.tag }}"
+          WORKSPACE="$(mktemp -d)"
+          RESULTS="$(mktemp -d)"
+          chmod 0777 "$WORKSPACE" "$RESULTS"
+          set +e
+          docker run --rm \
+            --read-only \
+            --tmpfs /tmp:rw,nosuid,nodev,size=256m \
+            --security-opt no-new-privileges:true \
+            --cap-drop ALL \
+            -e KASEKI_INSTANCE=kaseki-smoke \
+            -v "$WORKSPACE:/workspace:rw" \
+            -v "$RESULTS:/results:rw" \
+            -w /workspace \
+            "$IMAGE"
+          exit_code="$?"
+          set -e
+          test "$exit_code" -eq 2
+          jq -e '
+            .instance == "kaseki-smoke" and
+            .exit_code == 2 and
+            .failed_command == "missing OPENROUTER_API_KEY"
+          ' "$RESULTS/metadata.json"
+          test -s "$RESULTS/result-summary.md"
+          test -f "$RESULTS/quality.log"
+          test -f "$RESULTS/secret-scan.log"
+          test ! -d "$WORKSPACE/repo"
+          docker run --rm \
+            --entrypoint kaseki-report \
+            -v "$RESULTS:/results:ro" \
+            "$IMAGE" \
+            /results
+      - name: Verify multi-arch manifest (GHCR)
+        shell: bash
+        run: |
+          IMAGE="ghcr.io/${DOCKER_IMAGE}:${{ steps.meta.outputs.tag }}"
+          echo "Verifying manifest for: $IMAGE"
+          docker manifest inspect "$IMAGE" | jq -e '
+            [.manifests[].platform | "\(.os)/\(.architecture)"] as $platforms |
+            ($platforms | index("linux/amd64")) and ($platforms | index("linux/arm64"))
+          '
+          docker manifest inspect "$IMAGE" | jq -r '.manifests[] | "\(.platform.os)/\(.platform.architecture)"'
+          echo "Multi-arch image verified successfully (GHCR)"
+      - name: Verify Pi CLI entrypoint (GHCR)
+        shell: bash
+        run: |
+          IMAGE="ghcr.io/${DOCKER_IMAGE}:${{ steps.meta.outputs.tag }}"
+          docker run --rm --entrypoint pi "$IMAGE" --version
+      - name: Smoke test runtime artifacts (GHCR)
+        shell: bash
+        run: |
+          IMAGE="ghcr.io/${DOCKER_IMAGE}:${{ steps.meta.outputs.tag }}"
+          WORKSPACE="$(mktemp -d)"
+          RESULTS="$(mktemp -d)"
+          chmod 0777 "$WORKSPACE" "$RESULTS"
+          set +e
+          docker run --rm \
+            --read-only \
+            --tmpfs /tmp:rw,nosuid,nodev,size=256m \
+            --security-opt no-new-privileges:true \
+            --cap-drop ALL \
+            -e KASEKI_INSTANCE=kaseki-smoke-ghcr \
+            -v "$WORKSPACE:/workspace:rw" \
+            -v "$RESULTS:/results:rw" \
+            -w /workspace \
+            "$IMAGE"
+          exit_code="$?"
+          set -e
+          test "$exit_code" -eq 2
+          jq -e '
+            .instance == "kaseki-smoke-ghcr" and
+            .exit_code == 2 and
+            .failed_command == "missing OPENROUTER_API_KEY"
+          ' "$RESULTS/metadata.json"
+          test -s "$RESULTS/result-summary.md"
+          test -f "$RESULTS/quality.log"
+          test -f "$RESULTS/secret-scan.log"
+          test ! -d "$WORKSPACE/repo"
+          docker run --rm \
+            --entrypoint kaseki-report \
+            -v "$RESULTS:/results:ro" \
+            "$IMAGE" \
+            /results

package/.github/workflows/release.yml ADDED Viewed

@@ -0,0 +1,68 @@
+name: Release
+on:
+  workflow_dispatch:
+    inputs:
+      dry_run:
+        description: "Perform a dry-run (preview only, no tags/releases created)"
+        required: false
+        default: "false"
+        type: choice
+        options:
+          - "true"
+          - "false"
+permissions:
+  contents: write
+  packages: write
+jobs:
+  release:
+    runs-on: ubuntu-latest
+    outputs:
+      released: ${{ steps.release.outputs.released }}
+      version: ${{ steps.release.outputs.version }}
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v6
+        with:
+          fetch-depth: 0  # Full history for semantic-release
+      - name: Set up Node
+        uses: actions/setup-node@v6
+        with:
+          node-version: '22.22.2'
+          cache: npm
+      - name: Install dependencies
+        run: npm ci
+      - name: Run semantic-release
+        id: release
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+        run: |
+          if [[ "${{ github.event.inputs.dry_run }}" == "true" ]]; then
+            npm run release:dry 2>&1 | tee release-output.log
+            echo "released=false" >> "$GITHUB_OUTPUT"
+            echo "dry_run=true" >> "$GITHUB_OUTPUT"
+          else
+            npm run release 2>&1 | tee release-output.log
+            # Check if release was created (look for "published" in output)
+            if grep -q "Published release" release-output.log; then
+              echo "released=true" >> "$GITHUB_OUTPUT"
+              # Extract version from git describe
+              VERSION=$(git describe --tags --abbrev=0 2>/dev/null | sed 's/^v//')
+              echo "version=${VERSION}" >> "$GITHUB_OUTPUT"
+            else
+              echo "released=false" >> "$GITHUB_OUTPUT"
+            fi
+          fi
+      - name: Upload release log
+        if: always()
+        uses: actions/upload-artifact@v7
+        with:
+          name: release-output
+          path: release-output.log
+          retention-days: 30

package/.releaserc.json ADDED Viewed

@@ -0,0 +1,135 @@
+{
+  "branches": [
+    {
+      "name": "main",
+      "prerelease": false
+    }
+  ],
+  "plugins": [
+    [
+      "@semantic-release/commit-analyzer",
+      {
+        "preset": "conventionalcommits",
+        "releaseRules": [
+          {
+            "type": "feat",
+            "release": "minor"
+          },
+          {
+            "type": "fix",
+            "release": "patch"
+          },
+          {
+            "type": "perf",
+            "release": "patch"
+          },
+          {
+            "type": "revert",
+            "release": "patch"
+          },
+          {
+            "type": "docs",
+            "release": false
+          },
+          {
+            "type": "style",
+            "release": false
+          },
+          {
+            "type": "refactor",
+            "release": false
+          },
+          {
+            "type": "test",
+            "release": false
+          },
+          {
+            "type": "chore",
+            "release": false
+          }
+        ]
+      }
+    ],
+    [
+      "@semantic-release/release-notes-generator",
+      {
+        "preset": "conventionalcommits",
+        "presetConfig": {
+          "types": [
+            {
+              "type": "feat",
+              "section": "Features",
+              "hidden": false
+            },
+            {
+              "type": "fix",
+              "section": "Bug Fixes",
+              "hidden": false
+            },
+            {
+              "type": "perf",
+              "section": "Performance Improvements",
+              "hidden": false
+            },
+            {
+              "type": "revert",
+              "section": "Reverts",
+              "hidden": false
+            },
+            {
+              "type": "docs",
+              "section": "Documentation",
+              "hidden": true
+            },
+            {
+              "type": "style",
+              "section": "Styles",
+              "hidden": true
+            },
+            {
+              "type": "refactor",
+              "section": "Refactoring",
+              "hidden": true
+            },
+            {
+              "type": "test",
+              "section": "Tests",
+              "hidden": true
+            },
+            {
+              "type": "chore",
+              "section": "Miscellaneous",
+              "hidden": true
+            }
+          ]
+        }
+      }
+    ],
+    [
+      "@semantic-release/changelog",
+      {
+        "changelogFile": "CHANGELOG.md",
+        "changelogTitle": "# Changelog\n\nAll notable changes to Kaseki Agent are documented in this file.\n\nThe format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/) and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html)."
+      }
+    ],
+    [
+      "@semantic-release/git",
+      {
+        "assets": [
+          "package.json",
+          "package-lock.json",
+          "CHANGELOG.md"
+        ],
+        "message": "chore(release): ${nextRelease.version} [skip ci]\n\n${nextRelease.notes}"
+      }
+    ],
+    [
+      "@semantic-release/github",
+      {
+        "successComment": false,
+        "failComment": false,
+        "failTitle": "The automated release failed"
+      }
+    ]
+  ]
+}