npm - @cyanautomation/kaseki-agent - Versions diffs - 1.4.1 - Mend

@cyanautomation/kaseki-agent 1.4.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (459) hide show

package/.dockerignore +54 -0
package/.eslintignore +11 -0
package/.eslintrc.json +95 -0
package/.github/ISSUE_TEMPLATE/bug_report.md +53 -0
package/.github/ISSUE_TEMPLATE/feature_request.md +53 -0
package/.github/ISSUE_TEMPLATE/security.md +51 -0
package/.github/PULL_REQUEST_TEMPLATE/default.md +71 -0
package/.github/dependabot.yml +38 -0
package/.github/skills/dependency-cache-optimization/SKILL.md +526 -0
package/.github/skills/docker-image-management/SKILL.md +532 -0
package/.github/skills/frontend-design/SKILL.md +782 -0
package/.github/skills/prompt-engineering/SKILL.md +360 -0
package/.github/skills/quality-gate-config/SKILL.md +591 -0
package/.github/skills/result-report-analysis/SKILL.md +576 -0
package/.github/skills/test-automation/SKILL.md +593 -0
package/.github/skills/workflow-diagnosis/SKILL.md +468 -0
package/.github/workflows/build-docker-image.yml +453 -0
package/.github/workflows/release.yml +68 -0
package/.releaserc.json +135 -0
package/CHANGELOG.md +117 -0
package/CLAUDE.md +336 -0
package/CONTRIBUTING.md +339 -0
package/Dockerfile +217 -0
package/README.md +1527 -0
package/STYLE.md +521 -0
package/add-js-extensions.d.ts +9 -0
package/add-js-extensions.d.ts.map +1 -0
package/add-js-extensions.js.map +1 -0
package/dist/add-js-extensions.d.ts +9 -0
package/dist/add-js-extensions.d.ts.map +1 -0
package/dist/add-js-extensions.js +52 -0
package/dist/add-js-extensions.js.map +1 -0
package/dist/ansi-colors.d.ts +26 -0
package/dist/ansi-colors.d.ts.map +1 -0
package/dist/ansi-colors.js +51 -0
package/dist/ansi-colors.js.map +1 -0
package/dist/cli/BaseCommand.d.ts +18 -0
package/dist/cli/BaseCommand.d.ts.map +1 -0
package/dist/cli/BaseCommand.js +31 -0
package/dist/cli/BaseCommand.js.map +1 -0
package/dist/cli/KasekiCLI.d.ts +30 -0
package/dist/cli/KasekiCLI.d.ts.map +1 -0
package/dist/cli/KasekiCLI.js +134 -0
package/dist/cli/KasekiCLI.js.map +1 -0
package/dist/cli/commands/ConfigCommand.d.ts +13 -0
package/dist/cli/commands/ConfigCommand.d.ts.map +1 -0
package/dist/cli/commands/ConfigCommand.js +131 -0
package/dist/cli/commands/ConfigCommand.js.map +1 -0
package/dist/cli/commands/DoctorCommand.d.ts +45 -0
package/dist/cli/commands/DoctorCommand.d.ts.map +1 -0
package/dist/cli/commands/DoctorCommand.js +309 -0
package/dist/cli/commands/DoctorCommand.js.map +1 -0
package/dist/cli/commands/ListCommand.d.ts +9 -0
package/dist/cli/commands/ListCommand.d.ts.map +1 -0
package/dist/cli/commands/ListCommand.js +81 -0
package/dist/cli/commands/ListCommand.js.map +1 -0
package/dist/cli/commands/ReportCommand.d.ts +9 -0
package/dist/cli/commands/ReportCommand.d.ts.map +1 -0
package/dist/cli/commands/ReportCommand.js +98 -0
package/dist/cli/commands/ReportCommand.js.map +1 -0
package/dist/cli/commands/RunCommand.d.ts +13 -0
package/dist/cli/commands/RunCommand.d.ts.map +1 -0
package/dist/cli/commands/RunCommand.js +191 -0
package/dist/cli/commands/RunCommand.js.map +1 -0
package/dist/cli/commands/SecretsCommand.d.ts +9 -0
package/dist/cli/commands/SecretsCommand.d.ts.map +1 -0
package/dist/cli/commands/SecretsCommand.js +109 -0
package/dist/cli/commands/SecretsCommand.js.map +1 -0
package/dist/cli/commands/ServeCommand.d.ts +9 -0
package/dist/cli/commands/ServeCommand.d.ts.map +1 -0
package/dist/cli/commands/ServeCommand.js +50 -0
package/dist/cli/commands/ServeCommand.js.map +1 -0
package/dist/cli/commands/SetupCommand.d.ts +42 -0
package/dist/cli/commands/SetupCommand.d.ts.map +1 -0
package/dist/cli/commands/SetupCommand.js +249 -0
package/dist/cli/commands/SetupCommand.js.map +1 -0
package/dist/cli.d.ts +9 -0
package/dist/cli.d.ts.map +1 -0
package/dist/cli.js +130 -0
package/dist/cli.js.map +1 -0
package/dist/config/ConfigManager.d.ts +395 -0
package/dist/config/ConfigManager.d.ts.map +1 -0
package/dist/config/ConfigManager.js +446 -0
package/dist/config/ConfigManager.js.map +1 -0
package/dist/docker/DockerManager.d.ts +69 -0
package/dist/docker/DockerManager.d.ts.map +1 -0
package/dist/docker/DockerManager.js +266 -0
package/dist/docker/DockerManager.js.map +1 -0
package/dist/event-aggregator.d.ts +71 -0
package/dist/event-aggregator.d.ts.map +1 -0
package/dist/event-aggregator.js +95 -0
package/dist/event-aggregator.js.map +1 -0
package/dist/github-app-token.d.ts +16 -0
package/dist/github-app-token.d.ts.map +1 -0
package/dist/github-app-token.js +148 -0
package/dist/github-app-token.js.map +1 -0
package/dist/idempotency-store.d.ts +61 -0
package/dist/idempotency-store.d.ts.map +1 -0
package/dist/idempotency-store.js +321 -0
package/dist/idempotency-store.js.map +1 -0
package/dist/index.d.ts +25 -0
package/dist/index.d.ts.map +1 -0
package/dist/index.js +31 -0
package/dist/index.js.map +1 -0
package/dist/instance/InstanceManager.d.ts +81 -0
package/dist/instance/InstanceManager.d.ts.map +1 -0
package/dist/instance/InstanceManager.js +220 -0
package/dist/instance/InstanceManager.js.map +1 -0
package/dist/instance-metadata-reader.d.ts +48 -0
package/dist/instance-metadata-reader.d.ts.map +1 -0
package/dist/instance-metadata-reader.js +94 -0
package/dist/instance-metadata-reader.js.map +1 -0
package/dist/instance-state-derivation.d.ts +42 -0
package/dist/instance-state-derivation.d.ts.map +1 -0
package/dist/instance-state-derivation.js +133 -0
package/dist/instance-state-derivation.js.map +1 -0
package/dist/job-scheduler.d.ts +124 -0
package/dist/job-scheduler.d.ts.map +1 -0
package/dist/job-scheduler.js +992 -0
package/dist/job-scheduler.js.map +1 -0
package/dist/kaseki-api-client.d.ts +89 -0
package/dist/kaseki-api-client.d.ts.map +1 -0
package/dist/kaseki-api-client.js +405 -0
package/dist/kaseki-api-client.js.map +1 -0
package/dist/kaseki-api-config.d.ts +34 -0
package/dist/kaseki-api-config.d.ts.map +1 -0
package/dist/kaseki-api-config.js +113 -0
package/dist/kaseki-api-config.js.map +1 -0
package/dist/kaseki-api-routes.d.ts +13 -0
package/dist/kaseki-api-routes.d.ts.map +1 -0
package/dist/kaseki-api-routes.js +559 -0
package/dist/kaseki-api-routes.js.map +1 -0
package/dist/kaseki-api-service-wrapper.d.ts +43 -0
package/dist/kaseki-api-service-wrapper.d.ts.map +1 -0
package/dist/kaseki-api-service-wrapper.js +150 -0
package/dist/kaseki-api-service-wrapper.js.map +1 -0
package/dist/kaseki-api-service.d.ts +16 -0
package/dist/kaseki-api-service.d.ts.map +1 -0
package/dist/kaseki-api-service.js +143 -0
package/dist/kaseki-api-service.js.map +1 -0
package/dist/kaseki-api-types.d.ts +440 -0
package/dist/kaseki-api-types.d.ts.map +1 -0
package/dist/kaseki-api-types.js +64 -0
package/dist/kaseki-api-types.js.map +1 -0
package/dist/kaseki-cli-lib.d.ts +219 -0
package/dist/kaseki-cli-lib.d.ts.map +1 -0
package/dist/kaseki-cli-lib.js +523 -0
package/dist/kaseki-cli-lib.js.map +1 -0
package/dist/kaseki-cli.d.ts +38 -0
package/dist/kaseki-cli.d.ts.map +1 -0
package/dist/kaseki-cli.js +559 -0
package/dist/kaseki-cli.js.map +1 -0
package/dist/kaseki-report.d.ts +3 -0
package/dist/kaseki-report.d.ts.map +1 -0
package/dist/kaseki-report.js +140 -0
package/dist/kaseki-report.js.map +1 -0
package/dist/lib/subprocess-helpers.d.ts +98 -0
package/dist/lib/subprocess-helpers.d.ts.map +1 -0
package/dist/lib/subprocess-helpers.js +136 -0
package/dist/lib/subprocess-helpers.js.map +1 -0
package/dist/logger.d.ts +39 -0
package/dist/logger.d.ts.map +1 -0
package/dist/logger.js +79 -0
package/dist/logger.js.map +1 -0
package/dist/metrics.d.ts +19 -0
package/dist/metrics.d.ts.map +1 -0
package/dist/metrics.js +59 -0
package/dist/metrics.js.map +1 -0
package/dist/middleware/job-lookup.d.ts +27 -0
package/dist/middleware/job-lookup.d.ts.map +1 -0
package/dist/middleware/job-lookup.js +28 -0
package/dist/middleware/job-lookup.js.map +1 -0
package/dist/pi-event-filter.d.ts +3 -0
package/dist/pi-event-filter.d.ts.map +1 -0
package/dist/pi-event-filter.js +126 -0
package/dist/pi-event-filter.js.map +1 -0
package/dist/pi-progress-stream.d.ts +3 -0
package/dist/pi-progress-stream.d.ts.map +1 -0
package/dist/pi-progress-stream.js +205 -0
package/dist/pi-progress-stream.js.map +1 -0
package/dist/pi-progress-summarizer.d.ts +61 -0
package/dist/pi-progress-summarizer.d.ts.map +1 -0
package/dist/pi-progress-summarizer.js +246 -0
package/dist/pi-progress-summarizer.js.map +1 -0
package/dist/pre-flight-validator.d.ts +72 -0
package/dist/pre-flight-validator.d.ts.map +1 -0
package/dist/pre-flight-validator.js +513 -0
package/dist/pre-flight-validator.js.map +1 -0
package/dist/progress-stream-utils.d.ts +3 -0
package/dist/progress-stream-utils.d.ts.map +1 -0
package/dist/progress-stream-utils.js +15 -0
package/dist/progress-stream-utils.js.map +1 -0
package/dist/result-cache.d.ts +52 -0
package/dist/result-cache.d.ts.map +1 -0
package/dist/result-cache.js +134 -0
package/dist/result-cache.js.map +1 -0
package/dist/routes/artifact-routes.d.ts +10 -0
package/dist/routes/artifact-routes.d.ts.map +1 -0
package/dist/routes/artifact-routes.js +126 -0
package/dist/routes/artifact-routes.js.map +1 -0
package/dist/routes/log-routes.d.ts +8 -0
package/dist/routes/log-routes.d.ts.map +1 -0
package/dist/routes/log-routes.js +345 -0
package/dist/routes/log-routes.js.map +1 -0
package/dist/routes/status-routes.d.ts +8 -0
package/dist/routes/status-routes.d.ts.map +1 -0
package/dist/routes/status-routes.js +82 -0
package/dist/routes/status-routes.js.map +1 -0
package/dist/routes/webhook-routes.d.ts +6 -0
package/dist/routes/webhook-routes.d.ts.map +1 -0
package/dist/routes/webhook-routes.js +86 -0
package/dist/routes/webhook-routes.js.map +1 -0
package/dist/run-artifact-metadata-cache.d.ts +42 -0
package/dist/run-artifact-metadata-cache.d.ts.map +1 -0
package/dist/run-artifact-metadata-cache.js +139 -0
package/dist/run-artifact-metadata-cache.js.map +1 -0
package/dist/secret-value-cache.d.ts +13 -0
package/dist/secret-value-cache.d.ts.map +1 -0
package/dist/secret-value-cache.js +44 -0
package/dist/secret-value-cache.js.map +1 -0
package/dist/secrets/SecretsManager.d.ts +80 -0
package/dist/secrets/SecretsManager.d.ts.map +1 -0
package/dist/secrets/SecretsManager.js +306 -0
package/dist/secrets/SecretsManager.js.map +1 -0
package/dist/test-utils.d.ts +55 -0
package/dist/test-utils.d.ts.map +1 -0
package/dist/test-utils.js +48 -0
package/dist/test-utils.js.map +1 -0
package/dist/timestamp-tracker.d.ts +75 -0
package/dist/timestamp-tracker.d.ts.map +1 -0
package/dist/timestamp-tracker.js +121 -0
package/dist/timestamp-tracker.js.map +1 -0
package/dist/utils/failure-artifact-writer.d.ts +29 -0
package/dist/utils/failure-artifact-writer.d.ts.map +1 -0
package/dist/utils/failure-artifact-writer.js +157 -0
package/dist/utils/failure-artifact-writer.js.map +1 -0
package/dist/utils/file-helpers.d.ts +41 -0
package/dist/utils/file-helpers.d.ts.map +1 -0
package/dist/utils/file-helpers.js +143 -0
package/dist/utils/file-helpers.js.map +1 -0
package/dist/utils/http-client-factory.d.ts +46 -0
package/dist/utils/http-client-factory.d.ts.map +1 -0
package/dist/utils/http-client-factory.js +114 -0
package/dist/utils/http-client-factory.js.map +1 -0
package/dist/utils/progress-normalizer.d.ts +13 -0
package/dist/utils/progress-normalizer.d.ts.map +1 -0
package/dist/utils/progress-normalizer.js +57 -0
package/dist/utils/progress-normalizer.js.map +1 -0
package/dist/utils/response-helpers.d.ts +34 -0
package/dist/utils/response-helpers.d.ts.map +1 -0
package/dist/utils/response-helpers.js +78 -0
package/dist/utils/response-helpers.js.map +1 -0
package/dist/utils/route-helpers.d.ts +17 -0
package/dist/utils/route-helpers.d.ts.map +1 -0
package/dist/utils/route-helpers.js +22 -0
package/dist/utils/route-helpers.js.map +1 -0
package/dist/utils/status-response-builder.d.ts +23 -0
package/dist/utils/status-response-builder.d.ts.map +1 -0
package/dist/utils/status-response-builder.js +144 -0
package/dist/utils/status-response-builder.js.map +1 -0
package/dist/utils/type-guards.d.ts +37 -0
package/dist/utils/type-guards.d.ts.map +1 -0
package/dist/utils/type-guards.js +45 -0
package/dist/utils/type-guards.js.map +1 -0
package/dist/utils/utf8-helpers.d.ts +32 -0
package/dist/utils/utf8-helpers.d.ts.map +1 -0
package/dist/utils/utf8-helpers.js +97 -0
package/dist/utils/utf8-helpers.js.map +1 -0
package/dist/utils/webhook-event-builder.d.ts +26 -0
package/dist/utils/webhook-event-builder.d.ts.map +1 -0
package/dist/utils/webhook-event-builder.js +77 -0
package/dist/utils/webhook-event-builder.js.map +1 -0
package/dist/webhook-manager.d.ts +56 -0
package/dist/webhook-manager.d.ts.map +1 -0
package/dist/webhook-manager.js +359 -0
package/dist/webhook-manager.js.map +1 -0
package/docker/workspace-cache/package-lock.json +13 -0
package/docker/workspace-cache/package.json +7 -0
package/docker-compose.yml +53 -0
package/docs/API.md +708 -0
package/docs/BACKLOG.md +19 -0
package/docs/BUILD_STRATEGY.md +404 -0
package/docs/CLI.md +569 -0
package/docs/DEPLOYMENT.md +521 -0
package/docs/DEVELOPMENT.md +459 -0
package/docs/DOCKER_SETUP.md +522 -0
package/docs/ENHANCED_PROGRESS_LOGS.md +264 -0
package/docs/IMPLEMENTATION_SUMMARY.md +549 -0
package/docs/INTEGRATION_EXAMPLE.md +217 -0
package/docs/NPM_SETUP.md +468 -0
package/docs/PHASE1-4_IMPLEMENTATION.md +302 -0
package/docs/PHASE1_COMPLETION.md +192 -0
package/docs/PHASE2_COMPLETION.md +134 -0
package/docs/PHASE6_MIGRATION.md +392 -0
package/docs/PRINTF_SAFETY_FIX.md +282 -0
package/docs/QUALITY_GATES.md +369 -0
package/docs/SETUP_GUIDE.md +482 -0
package/docs/TASK_PROMPT_TEMPLATES.md +533 -0
package/docs/VALIDATION_FIX.md +139 -0
package/docs/VERIFICATION_CHECKLIST.md +335 -0
package/docs/repo-maturity.md +760 -0
package/fix-tests.d.ts +9 -0
package/fix-tests.d.ts.map +1 -0
package/fix-tests.js.map +1 -0
package/fix-tests.ts +53 -0
package/jest.config.ts +31 -0
package/kaseki +183 -0
package/kaseki-agent.sh +1961 -0
package/ops/logrotate/kaseki +10 -0
package/package.json +83 -0
package/perf/README.md +54 -0
package/perf/pi-event-filter.benchmark.test.ts +98 -0
package/run-kaseki-json.test.sh +106 -0
package/run-kaseki.sh +990 -0
package/scripts/allowlist-helper.sh +56 -0
package/scripts/cleanup-kaseki.sh +168 -0
package/scripts/deploy-pi-template.sh +293 -0
package/scripts/docker-entrypoint.sh +71 -0
package/scripts/dry-run-allowlist.sh +161 -0
package/scripts/kaseki-activate.sh +396 -0
package/scripts/kaseki-api.service +62 -0
package/scripts/kaseki-container-entrypoint-wrapper.sh +119 -0
package/scripts/kaseki-container-setup-remote.sh +172 -0
package/scripts/kaseki-container-setup.sh +193 -0
package/scripts/kaseki-healthcheck.sh +95 -0
package/scripts/kaseki-install.sh +50 -0
package/scripts/kaseki-maturity-score.sh +291 -0
package/scripts/kaseki-performance-metrics.sh +122 -0
package/scripts/kaseki-preflight.sh +270 -0
package/scripts/kaseki-setup.sh +265 -0
package/scripts/pi-setup-remote.sh +213 -0
package/scripts/setup-github-labels.sh +42 -0
package/scripts/suggest-allowlist.sh +68 -0
package/scripts/templates/MULTI_HOST_DISTRIBUTED.md +337 -0
package/scripts/templates/REST_API_SERVICE.md +490 -0
package/scripts/templates/SINGLE_HOST_CLI.md +194 -0
package/scripts/test-github-app.sh +248 -0
package/src/add-js-extensions.ts +61 -0
package/src/ansi-colors.test.ts +62 -0
package/src/ansi-colors.ts +67 -0
package/src/cli/BaseCommand.ts +40 -0
package/src/cli/KasekiCLI.ts +154 -0
package/src/cli/commands/ConfigCommand.ts +145 -0
package/src/cli/commands/DoctorCommand.ts +329 -0
package/src/cli/commands/ListCommand.ts +105 -0
package/src/cli/commands/ReportCommand.ts +110 -0
package/src/cli/commands/RunCommand.ts +218 -0
package/src/cli/commands/SecretsCommand.ts +120 -0
package/src/cli/commands/ServeCommand.ts +62 -0
package/src/cli/commands/SetupCommand.ts +301 -0
package/src/cli.ts +138 -0
package/src/config/ConfigManager.ts +476 -0
package/src/docker/DockerManager.ts +319 -0
package/src/docker-entrypoint-packaging.test.ts +33 -0
package/src/event-aggregator.test.ts +117 -0
package/src/event-aggregator.ts +126 -0
package/src/github-app-token.ts +215 -0
package/src/idempotency-store.test.ts +117 -0
package/src/idempotency-store.ts +385 -0
package/src/index.ts +89 -0
package/src/instance/InstanceManager.ts +285 -0
package/src/instance-metadata-reader.test.ts +190 -0
package/src/instance-metadata-reader.ts +129 -0
package/src/instance-state-derivation.test.ts +263 -0
package/src/instance-state-derivation.ts +148 -0
package/src/job-scheduler.test.ts +1236 -0
package/src/job-scheduler.ts +1117 -0
package/src/kaseki-api-client.ts +488 -0
package/src/kaseki-api-config.test.ts +315 -0
package/src/kaseki-api-config.ts +175 -0
package/src/kaseki-api-routes.test.ts +1615 -0
package/src/kaseki-api-routes.ts +643 -0
package/src/kaseki-api-service-wrapper.ts +188 -0
package/src/kaseki-api-service.test.ts +418 -0
package/src/kaseki-api-service.ts +192 -0
package/src/kaseki-api-types.ts +320 -0
package/src/kaseki-cli-lib.test.ts +552 -0
package/src/kaseki-cli-lib.ts +760 -0
package/src/kaseki-cli.ts +682 -0
package/src/kaseki-report.test.ts +118 -0
package/src/kaseki-report.ts +192 -0
package/src/lib/subprocess-helpers.ts +177 -0
package/src/logger.ts +114 -0
package/src/metrics.ts +66 -0
package/src/middleware/job-lookup.test.ts +113 -0
package/src/middleware/job-lookup.ts +45 -0
package/src/pi-event-filter.test.ts +183 -0
package/src/pi-event-filter.ts +183 -0
package/src/pi-progress-stream.ts +287 -0
package/src/pi-progress-summarizer.test.ts +302 -0
package/src/pi-progress-summarizer.ts +287 -0
package/src/pre-flight-validator.test.ts +512 -0
package/src/pre-flight-validator.ts +618 -0
package/src/progress-stream-utils.test.ts +35 -0
package/src/progress-stream-utils.ts +14 -0
package/src/result-cache.test.ts +195 -0
package/src/result-cache.ts +181 -0
package/src/routes/artifact-routes.ts +169 -0
package/src/routes/log-routes.ts +391 -0
package/src/routes/status-routes.ts +92 -0
package/src/routes/webhook-routes.ts +97 -0
package/src/run-artifact-metadata-cache.test.ts +80 -0
package/src/run-artifact-metadata-cache.ts +184 -0
package/src/secret-value-cache.test.ts +66 -0
package/src/secret-value-cache.ts +55 -0
package/src/secrets/SecretsManager.ts +343 -0
package/src/test-utils.ts +81 -0
package/src/timestamp-tracker.test.ts +134 -0
package/src/timestamp-tracker.ts +132 -0
package/src/utils/failure-artifact-writer.ts +187 -0
package/src/utils/file-helpers.test.ts +235 -0
package/src/utils/file-helpers.ts +150 -0
package/src/utils/http-client-factory.test.ts +245 -0
package/src/utils/http-client-factory.ts +157 -0
package/src/utils/progress-normalizer.test.ts +442 -0
package/src/utils/progress-normalizer.ts +68 -0
package/src/utils/response-helpers.test.ts +122 -0
package/src/utils/response-helpers.ts +101 -0
package/src/utils/route-helpers.ts +30 -0
package/src/utils/status-response-builder.ts +159 -0
package/src/utils/type-guards.ts +52 -0
package/src/utils/utf8-helpers.ts +102 -0
package/src/utils/webhook-event-builder.test.ts +143 -0
package/src/utils/webhook-event-builder.ts +87 -0
package/src/webhook-manager.test.ts +152 -0
package/src/webhook-manager.ts +445 -0
package/templates/allowlist-api-route.txt +7 -0
package/templates/allowlist-comprehensive.txt +8 -0
package/templates/allowlist-parser-fix.txt +6 -0
package/templates/allowlist-ui-component.txt +9 -0
package/templates/allowlist-utility.txt +9 -0
package/test/actual-model-metadata.test.sh +102 -0
package/test/dry-run.test.sh +131 -0
package/test/fixtures/kaseki-report-exit-codes/metadata-exit-0.json +1 -0
package/test/fixtures/kaseki-report-exit-codes/metadata-exit-1.json +1 -0
package/test/fixtures/kaseki-report-exit-codes/metadata-exit-invalid.json +1 -0
package/test/fixtures/kaseki-report-exit-codes/metadata-exit-str-0.json +1 -0
package/test/fixtures/kaseki-report-exit-codes/metadata-exit-str-1.json +1 -0
package/test/kaseki-api.integration.test.sh +165 -0
package/test/pi-event-filter-failure.test.sh +83 -0
package/test/printf-safety-focused.test.sh +99 -0
package/test/printf-safety-results/results/restoration.jsonl +10 -0
package/test/printf-safety-results/results/test.jsonl +0 -0
package/test/printf-safety.test.sh +297 -0
package/test/validation-fix.test.sh +79 -0
package/test/validation-integration.test.sh +109 -0
package/tests/allowlist-glob.test.sh +61 -0
package/tests/dependency-cache-key.test.sh +48 -0
package/tests/dependency-restore-mode.test.sh +48 -0
package/tests/doctor-template-parity.test.sh +95 -0
package/tests/github-operations.test.sh +142 -0
package/tests/npm-install-flags.test.sh +58 -0
package/tests/quality-gates.test.sh +178 -0
package/tests/repo-memory.test.sh +103 -0
package/tests/restore-disallowed-changes.test.sh +80 -0
package/tests/validation-missing-npm-scripts.test.sh +93 -0
package/tests/validation-strict-mode.test.sh +118 -0
package/tsconfig.changed.json +7 -0
package/tsconfig.json +39 -0

package/tests/doctor-template-parity.test.sh ADDED Viewed

@@ -0,0 +1,95 @@
+#!/usr/bin/env bash
+set -euo pipefail
+ROOT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")/.." && pwd)"
+TMP_DIR="$(mktemp -d)"
+trap 'rm -rf "$TMP_DIR"' EXIT
+template_dir="$TMP_DIR/source-checkout"
+fake_bin="$TMP_DIR/bin"
+mkdir -p "$template_dir/scripts" "$fake_bin"
+cp "$ROOT_DIR/run-kaseki.sh" "$template_dir/run-kaseki.sh"
+cp "$ROOT_DIR/kaseki-agent.sh" "$template_dir/kaseki-agent.sh"
+cp "$ROOT_DIR/scripts/kaseki-preflight.sh" "$template_dir/scripts/kaseki-preflight.sh"
+chmod +x "$template_dir/run-kaseki.sh" "$template_dir/kaseki-agent.sh" "$template_dir/scripts/kaseki-preflight.sh"
+cat > "$fake_bin/docker" <<'DOCKER'
+#!/usr/bin/env bash
+set -euo pipefail
+if [ "${1:-}" = "--version" ]; then
+  printf 'Docker version test\n'
+  exit 0
+fi
+if [ "${1:-}" = "image" ] && [ "${2:-}" = "inspect" ]; then
+  exit 0
+fi
+if [ "${1:-}" = "run" ]; then
+  shift
+  if [ "${1:-}" = "--rm" ]; then shift; fi
+  if [ "${1:-}" = "--entrypoint" ]; then
+    entrypoint="${2:-}"
+    shift 2
+  else
+    entrypoint=""
+  fi
+  image="${1:-}"
+  shift || true
+  case "$entrypoint" in
+    test)
+      [ "${1:-}" = "-f" ] && [ "${2:-}" = "/app/run-kaseki.sh" ]
+      ;;
+    sha256sum)
+      case "${1:-}" in
+        /usr/local/bin/kaseki-agent)
+          sha256sum "$TEST_TEMPLATE_DIR/kaseki-agent.sh"
+          ;;
+        *)
+          printf '0000000000000000000000000000000000000000000000000000000000000000  %s\n' "${1:-}"
+          ;;
+      esac
+      ;;
+    *)
+      printf 'unexpected docker run entrypoint for %s: %s\n' "$image" "$entrypoint" >&2
+      exit 2
+      ;;
+  esac
+  exit 0
+fi
+printf 'unexpected docker invocation: %s\n' "$*" >&2
+exit 2
+DOCKER
+chmod +x "$fake_bin/docker"
+set +e
+output="$(
+  cd "$template_dir" && env \
+    PATH="$fake_bin:/usr/bin:/bin" \
+    TEST_TEMPLATE_DIR="$template_dir" \
+    KASEKI_ROOT="$TMP_DIR/root" \
+    KASEKI_LOG_DIR="$TMP_DIR/logs" \
+    OPENROUTER_API_KEY="test-key" \
+    ./run-kaseki.sh --doctor 2>&1
+)"
+status=$?
+set -e
+if [ "$status" -eq 0 ]; then
+  printf 'Expected doctor to fail for missing deployed template files\nOutput:\n%s\n' "$output" >&2
+  exit 1
+fi
+for expected in \
+  'Image/template parity: missing host file lib/pi-event-filter.js' \
+  'Image/template parity: missing deployed template files; this looks like a source checkout or incomplete template.' \
+  'sudo KASEKI_IMAGE_PULL_POLICY=missing ./scripts/deploy-pi-template.sh' \
+  '/agents/kaseki-template/run-kaseki.sh --doctor'
+do
+  if ! printf '%s\n' "$output" | grep -Fq "$expected"; then
+    printf 'Expected doctor output to contain: %s\nOutput:\n%s\n' "$expected" "$output" >&2
+    exit 1
+  fi
+done

package/tests/github-operations.test.sh ADDED Viewed

@@ -0,0 +1,142 @@
+#!/usr/bin/env bash
+# Integration tests for github operations printf safety
+# Tests that github operations skip logging doesn't break with variable substitution
+set -euo pipefail
+ROOT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")/.." && pwd)"
+TMP_DIR="$(mktemp -d)"
+trap 'rm -rf "$TMP_DIR"' EXIT
+pass() { printf '✓ %s\n' "$1"; }
+fail() { printf '✗ %s\n' "$1" >&2; exit 1; }
+info() { printf '[info] %s\n' "$1"; }
+# Test setup
+mkdir -p "$TMP_DIR/results"
+RESULTS_DIR="$TMP_DIR/results"
+# Test 1: printf with dash-containing variable doesn't fail
+info "Test 1: printf with dash-containing skip reasons"
+{
+  GITHUB_SKIP_REASONS=("agent_failed" "-validation_failed" "empty_diff")
+  printf -- 'GitHub operations: skipped (reasons: %s)\n' "$(IFS=,; printf '%s' "${GITHUB_SKIP_REASONS[*]}")" > "$RESULTS_DIR/test1.log"
+} && pass "printf with dash-containing reasons succeeded" || fail "printf with dash-containing reasons failed"
+# Verify output contains all reasons
+if grep -q "agent_failed,-validation_failed,empty_diff" "$RESULTS_DIR/test1.log"; then
+  pass "All skip reasons captured in output"
+else
+  fail "Skip reasons not properly captured: $(cat "$RESULTS_DIR/test1.log")"
+fi
+# Test 2: printf with multi-argument substitution (github skip diagnostics)
+info "Test 2: Multi-argument printf with exit code variables"
+{
+  PI_EXIT=0
+  VALIDATION_EXIT=1
+  QUALITY_EXIT=0
+  SECRET_SCAN_EXIT=0
+  GITHUB_SKIP_REASONS=("validation_failed")
+  DIFF_NONEMPTY="true"
+  GITHUB_APP_ENABLED="0"
+  printf -- 'GitHub operations: skipped (reasons: %s; agent %s, validation %s, quality %s, secret_scan %s, diff %s, github_enabled %s)\n' \
+    "$(IFS=,; printf '%s' "${GITHUB_SKIP_REASONS[*]}")" \
+    "$([ "$PI_EXIT" -eq 0 ] && printf 'passed' || printf 'failed')" \
+    "$([ "$VALIDATION_EXIT" -eq 0 ] && printf 'passed' || printf 'failed')" \
+    "$([ "$QUALITY_EXIT" -eq 0 ] && printf 'passed' || printf 'failed')" \
+    "$([ "$SECRET_SCAN_EXIT" -eq 0 ] && printf 'passed' || printf 'failed')" \
+    "$DIFF_NONEMPTY" \
+    "$GITHUB_APP_ENABLED" > "$RESULTS_DIR/test2.log"
+} && pass "Multi-argument printf succeeded" || fail "Multi-argument printf failed"
+# Verify output contains all placeholders properly filled
+if grep -q "validation_failed; agent passed, validation failed, quality passed, secret_scan passed, diff true, github_enabled 0" "$RESULTS_DIR/test2.log"; then
+  pass "All arguments properly substituted in output"
+else
+  fail "Arguments not properly substituted: $(cat "$RESULTS_DIR/test2.log")"
+fi
+# Test 3: printf with edge case: empty array expansion
+info "Test 3: printf with empty skip reasons"
+{
+  GITHUB_SKIP_REASONS=()
+  printf -- 'GitHub operations: skipped (reasons: %s)\n' "$(IFS=,; printf '%s' "${GITHUB_SKIP_REASONS[*]:-none}")" > "$RESULTS_DIR/test3.log"
+} && pass "printf with empty array succeeded" || fail "printf with empty array failed"
+if grep -q "reasons: none" "$RESULTS_DIR/test3.log"; then
+  pass "Empty array handled correctly"
+else
+  fail "Empty array not handled correctly: $(cat "$RESULTS_DIR/test3.log")"
+fi
+# Test 4: printf with special characters in variable values
+info "Test 4: printf with special characters in REPO_URL"
+{
+  REPO_URL="https://github.com/owner-name/repo-name.git"
+  printf -- 'Cannot parse GitHub repo URL: %s\n' "$REPO_URL" > "$RESULTS_DIR/test4.log"
+} && pass "printf with special chars in URL succeeded" || fail "printf with special chars in URL failed"
+if grep -q "owner-name/repo-name" "$RESULTS_DIR/test4.log"; then
+  pass "Special characters preserved in output"
+else
+  fail "Special characters not preserved: $(cat "$RESULTS_DIR/test4.log")"
+fi
+# Test 5: printf with feature branch containing instance name
+info "Test 5: printf with feature branch name containing dashes"
+{
+  INSTANCE_NAME="kaseki-9142"
+  feature_branch="kaseki/$INSTANCE_NAME"
+  printf -- 'Creating feature branch: %s\n' "$feature_branch" > "$RESULTS_DIR/test5.log"
+} && pass "printf with dash-containing branch name succeeded" || fail "printf with dash-containing branch name failed"
+if grep -q "kaseki/kaseki-9142" "$RESULTS_DIR/test5.log"; then
+  pass "Feature branch name correctly output"
+else
+  fail "Feature branch name not correct: $(cat "$RESULTS_DIR/test5.log")"
+fi
+# Test 6: Verify all printf calls have -- separator (source code check)
+info "Test 6: Verify -- separator present in critical printf calls"
+if grep -n "printf -- 'GitHub operations: skipped (reasons:" "$ROOT_DIR/kaseki-agent.sh" > /dev/null; then
+  pass "Primary github operations printf has -- separator"
+else
+  fail "Primary github operations printf missing -- separator"
+fi
+if grep -n "printf -- 'GitHub operations: skipped (reasons:.*agent %s" "$ROOT_DIR/kaseki-agent.sh" > /dev/null; then
+  pass "Multi-argument github operations printf has -- separator"
+else
+  fail "Multi-argument github operations printf missing -- separator"
+fi
+# Test 7: Integration test - simulate actual function behavior
+info "Test 7: Simulate actual build_github_skip_reasons behavior"
+{
+  # Simulate the skip reasons array logic
+  GITHUB_SKIP_REASONS=()
+  PI_EXIT=1
+  [ "$PI_EXIT" -eq 0 ] || GITHUB_SKIP_REASONS+=("agent_failed")
+  VALIDATION_EXIT=5
+  [ "$VALIDATION_EXIT" -eq 0 ] || GITHUB_SKIP_REASONS+=("validation_failed")
+  # Log the skip reasons safely
+  printf -- 'GitHub operations: skipped (reasons: %s)\n' \
+    "$(IFS=,; printf '%s' "${GITHUB_SKIP_REASONS[*]}")" > "$RESULTS_DIR/test7.log"
+} && pass "Simulated skip reasons logic succeeded" || fail "Simulated skip reasons logic failed"
+if grep -q "agent_failed,validation_failed" "$RESULTS_DIR/test7.log"; then
+  pass "Skip reasons correctly accumulated and logged"
+else
+  fail "Skip reasons not correctly accumulated: $(cat "$RESULTS_DIR/test7.log")"
+fi
+# Summary
+info "All tests passed!"
+printf '\n==> Summary\n'
+printf 'Tests run: 7\n'
+printf 'Passed: 7\n'
+printf 'Failed: 0\n'

package/tests/npm-install-flags.test.sh ADDED Viewed

@@ -0,0 +1,58 @@
+#!/usr/bin/env bash
+set -euo pipefail
+ROOT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")/.." && pwd)"
+# Load only the npm install flag helpers from kaseki-agent.sh.
+eval "$(awk '
+  /^append_npm_install_flags\(\)/ { emit=1 }
+  /^dependency_cache_key\(\)/ { emit=0 }
+  emit { print }
+' "$ROOT_DIR/kaseki-agent.sh")"
+fail() { printf '✗ %s\n' "$1" >&2; exit 1; }
+pass() { printf '✓ %s\n' "$1"; }
+assert_flags() {
+  local label="$1"
+  local omit_dev="$2"
+  local ignore_scripts="$3"
+  local expected_display="$4"
+  shift 4
+  local -a expected_flags=("$@")
+  local -a install_flags=("stale")
+  KASEKI_NPM_OMIT_DEV="$omit_dev"
+  KASEKI_INSTALL_IGNORE_SCRIPTS="$ignore_scripts"
+  append_npm_install_flags install_flags
+  if [ "${#install_flags[@]}" -ne "${#expected_flags[@]}" ]; then
+    fail "$label: expected ${#expected_flags[@]} flags, got ${#install_flags[@]}"
+  fi
+  local i
+  for i in "${!expected_flags[@]}"; do
+    if [ "${install_flags[$i]}" != "${expected_flags[$i]}" ]; then
+      fail "$label: expected flag $i to be ${expected_flags[$i]}, got ${install_flags[$i]}"
+    fi
+  done
+  local display
+  display="$(render_npm_install_flags "${install_flags[@]}")"
+  if [ "$display" != "$expected_display" ]; then
+    fail "$label: expected display '$expected_display', got '$display'"
+  fi
+  local -a npm_args=(ci --prefer-offline "${install_flags[@]}")
+  local expected_count=$((2 + ${#expected_flags[@]}))
+  if [ "${#npm_args[@]}" -ne "$expected_count" ]; then
+    fail "$label: npm argument count changed during expansion"
+  fi
+  pass "$label"
+}
+assert_flags "no optional install flags" 0 0 "none"
+assert_flags "one optional install flag (omit dev)" 1 0 "--omit=dev" "--omit=dev"
+assert_flags "one optional install flag (ignore scripts)" 0 1 "--ignore-scripts" "--ignore-scripts"
+assert_flags "both optional install flags" 1 1 "--omit=dev --ignore-scripts" "--omit=dev" "--ignore-scripts"

package/tests/quality-gates.test.sh ADDED Viewed

@@ -0,0 +1,178 @@
+#!/usr/bin/env bash
+# Integration tests for quality gate enforcement
+# Tests diff size limits, allowlist validation, and secret scanning
+set -euo pipefail
+ROOT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")/.." && pwd)"
+TMP_DIR="$(mktemp -d)"
+trap 'rm -rf "$TMP_DIR"' EXIT
+# Load quality gate logic from kaseki-agent.sh
+eval "$(awk '
+  /^allowlist_pattern_to_regex\(\)/ { emit=1 }
+  /^compute_repo_memory_key\(\)/ { emit=0 }
+  emit { print }
+' "$ROOT_DIR/scripts/allowlist-helper.sh")"
+pass() { printf '✓ %s\n' "$1"; }
+fail() { printf '✗ %s\n' "$1" >&2; exit 1; }
+# Create a test results directory structure
+mkdir -p "$TMP_DIR/results"
+mkdir -p "$TMP_DIR/repo"
+# Test 1: Diff size exceeds max bytes
+echo "==> Test: Diff size check"
+{
+  cd "$TMP_DIR/repo"
+  git init --initial-branch=main -q
+  git config user.email "test@kaseki.local"
+  git config user.name "Test User"
+  # Create initial commit
+  echo "initial" > file.txt
+  git add file.txt
+  git commit -q -m "initial"
+  # Generate a large diff (exceeds default 200KB)
+  # Create a file with 300KB of data
+  python3 -c "print('x' * 310000)" > large_file.txt
+  git add large_file.txt
+  git diff --cached > "$TMP_DIR/results/git.diff"
+  diff_size="$(wc -c < "$TMP_DIR/results/git.diff" | tr -d ' ')"
+  KASEKI_MAX_DIFF_BYTES=200000
+  if [ "$diff_size" -gt "$KASEKI_MAX_DIFF_BYTES" ]; then
+    pass "Diff size check: detects oversized diff ($diff_size > $KASEKI_MAX_DIFF_BYTES)"
+  else
+    fail "Diff size check: expected diff to exceed $KASEKI_MAX_DIFF_BYTES bytes, got $diff_size"
+  fi
+}
+# Test 2: Allowlist validation
+echo "==> Test: Allowlist validation"
+{
+  cd "$TMP_DIR/repo"
+  git diff --name-only > "$TMP_DIR/results/changed-files.txt"
+  # Test matching allowed files
+  KASEKI_CHANGED_FILES_ALLOWLIST="src/**/*.ts tests/**/*.test.ts"
+  allowlist_regex="$(build_allowlist_regex)"
+  # Should match
+  if printf 'src/index.ts\n' | grep -Eq "^(${allowlist_regex})$"; then
+    pass "Allowlist: allows src/index.ts pattern"
+  else
+    fail "Allowlist: should allow src/index.ts"
+  fi
+  # Should not match
+  if printf 'README.md\n' | grep -Eq "^(${allowlist_regex})$"; then
+    fail "Allowlist: should reject README.md"
+  else
+    pass "Allowlist: rejects README.md"
+  fi
+  # Test wildcard patterns
+  if printf 'src/lib/parser.ts\n' | grep -Eq "^(${allowlist_regex})$"; then
+    pass "Allowlist: allows nested src/lib/parser.ts"
+  else
+    fail "Allowlist: should allow src/lib/parser.ts"
+  fi
+}
+# Test 3: Secret scanning (pattern detection)
+echo "==> Test: Secret scanning"
+{
+  # Create a file with a fake API key
+  cat > "$TMP_DIR/results/secret-test.txt" <<'EOF'
+This file has an OpenRouter API key: sk-or-aBcDeFgHiJkLmNoPqRsT
+And some normal content
+EOF
+  if grep -E 'sk-or-[A-Za-z0-9_-]{20,}' "$TMP_DIR/results/secret-test.txt" > /dev/null; then
+    pass "Secret scanning: detects sk-or-* pattern"
+  else
+    fail "Secret scanning: should detect sk-or-* pattern"
+  fi
+  # Create a clean file
+  cat > "$TMP_DIR/results/clean-test.txt" <<'EOF'
+This file has no secrets
+Just normal content here
+EOF
+  if ! grep -E 'sk-or-[A-Za-z0-9_-]{20,}' "$TMP_DIR/results/clean-test.txt"; then
+    pass "Secret scanning: clean file passes"
+  else
+    fail "Secret scanning: clean file should pass"
+  fi
+}
+# Test 4: Overly broad allowlist patterns
+echo "==> Test: Overly broad allowlist detection"
+{
+  # Test that '*' pattern is too broad
+  KASEKI_CHANGED_FILES_ALLOWLIST="*"
+  allowlist_regex="$(build_allowlist_regex)"
+  # This would match everything, which is bad
+  test_cases=("package.json" "src/index.ts" "tests/foo.test.ts" "README.md" "Dockerfile")
+  all_match=true
+  for file in "${test_cases[@]}"; do
+    if ! printf '%s\n' "$file" | grep -Eq "^(${allowlist_regex})$"; then
+      all_match=false
+      break
+    fi
+  done
+  if [ "$all_match" = true ]; then
+    fail "Overly broad allowlist: '*' pattern matches everything (too permissive)"
+  else
+    pass "Allowlist prevents overly broad '*' patterns"
+  fi
+}
+# Test 5: Multiple file allowlist
+echo "==> Test: Multiple file allowlist patterns"
+{
+  KASEKI_CHANGED_FILES_ALLOWLIST="src/lib/parser.ts tests/parser.validation.ts docs/README.md"
+  allowlist_regex="$(build_allowlist_regex)"
+  allowed_files=("src/lib/parser.ts" "tests/parser.validation.ts" "docs/README.md")
+  rejected_files=("src/index.ts" "tests/other.test.ts" "CHANGELOG.md")
+  for file in "${allowed_files[@]}"; do
+    if printf '%s\n' "$file" | grep -Eq "^(${allowlist_regex})$"; then
+      pass "Allowlist: allows $file"
+    else
+      fail "Allowlist: should allow $file"
+    fi
+  done
+  for file in "${rejected_files[@]}"; do
+    if printf '%s\n' "$file" | grep -Eq "^(${allowlist_regex})$"; then
+      fail "Allowlist: should reject $file"
+    else
+      pass "Allowlist: rejects $file"
+    fi
+  done
+}
+# Test 6: Empty diff detection
+echo "==> Test: Empty diff handling"
+{
+  : > "$TMP_DIR/results/empty.diff"
+  empty_size="$(wc -c < "$TMP_DIR/results/empty.diff" | tr -d ' ')"
+  if [ "$empty_size" -eq 0 ]; then
+    pass "Empty diff detection: correctly identifies 0-byte diff"
+  else
+    fail "Empty diff detection: expected 0 bytes, got $empty_size"
+  fi
+}
+printf '\n✅ All quality gate tests passed\n'

package/tests/repo-memory.test.sh ADDED Viewed

@@ -0,0 +1,103 @@
+#!/usr/bin/env bash
+set -euo pipefail
+ROOT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")/.." && pwd)"
+TMP_DIR="$(mktemp -d)"
+trap 'rm -rf "$TMP_DIR"' EXIT
+# Load only repository-memory and prompt helpers from kaseki-agent.sh.
+eval "$(awk '
+  /^compute_repo_memory_key\(\)/ { emit=1 }
+  /^run_github_operations\(\)/ { emit=0 }
+  emit { print }
+' "$ROOT_DIR/kaseki-agent.sh")"
+emit_event() { :; }
+emit_error_event() { :; }
+REPO_URL="https://example.com/acme/widgets.git"
+GIT_REF="main"
+TASK_PROMPT="Fix the widget parser."
+KASEKI_AGENT_GUARDRAILS=1
+KASEKI_REPO_MEMORY_MODE=summary
+KASEKI_REPO_MEMORY_TTL_DAYS=30
+KASEKI_REPO_MEMORY_MAX_BYTES=4096
+KASEKI_DRY_RUN=0
+REPO_MEMORY_KEY=""
+REPO_MEMORY_DIR=""
+REPO_MEMORY_FILE=""
+REPO_MEMORY_STATUS="disabled"
+init_repo_memory_paths
+trap 'rm -rf "$TMP_DIR" "$REPO_MEMORY_DIR"' EXIT
+rm -rf "$REPO_MEMORY_DIR"
+mkdir -p "$REPO_MEMORY_DIR"
+cat > "$REPO_MEMORY_FILE" <<'MEMORY'
+# Repository Memory Summary
+- Repo URL: https://example.com/acme/widgets.git
+- Default ref: main
+- Commit SHA: abc123
+- Updated at: 2026-05-06T00:00:00Z
+## Changed files
+- src/widget.ts
+MEMORY
+prompt="$(build_agent_prompt)"
+if ! grep -q 'Prior repository context (opt-in cache' <<< "$prompt"; then
+  printf 'Expected build_agent_prompt to append labeled repository memory.\n' >&2
+  exit 1
+fi
+if ! grep -q 'Commit SHA: abc123' <<< "$prompt"; then
+  printf 'Expected appended memory to include cached metadata.\n' >&2
+  exit 1
+fi
+touch -d '45 days ago' "$REPO_MEMORY_FILE"
+expired_prompt="$(build_agent_prompt)"
+if grep -q 'Commit SHA: abc123' <<< "$expired_prompt"; then
+  printf 'Expected expired repository memory to be omitted.\n' >&2
+  exit 1
+fi
+mkdir -p /results
+cat > /results/result-summary.md <<'SUMMARY'
+# Kaseki Result: test
+- Status: passed
+- Secret scan: 0
+- Task Prompt: do not persist this
+SUMMARY
+cat > /results/analysis.md <<'ANALYSIS'
+Useful architecture note.
+OPENROUTER_API_KEY=sk-or-should-not-persist
+ANALYSIS
+cat > /results/changed-files.txt <<'FILES'
+src/widget.ts
+tests/widget.test.ts
+FILES
+cat > /results/validation-timings.tsv <<'TIMINGS'
+npm test	0	3
+TIMINGS
+STATUS=0
+PI_EXIT=0
+SECRET_SCAN_EXIT=0
+KASEKI_TASK_MODE=patch
+START_ISO="2026-05-06T12:00:00Z"
+VALIDATION_EXIT=0
+QUALITY_EXIT=0
+write_repo_memory_summary
+if grep -Eiq 'OPENROUTER|sk-or|Task Prompt|do not persist' "$REPO_MEMORY_FILE"; then
+  printf 'Expected repository memory writer to filter prompts and secrets.\n' >&2
+  exit 1
+fi
+if ! grep -q 'Useful architecture note' "$REPO_MEMORY_FILE"; then
+  printf 'Expected sanitized analysis note to be retained.\n' >&2
+  exit 1
+fi
+if ! grep -q 'npm test: exit 0, 3s' "$REPO_MEMORY_FILE"; then
+  printf 'Expected validation outcome to be summarized.\n' >&2
+  exit 1
+fi

package/tests/restore-disallowed-changes.test.sh ADDED Viewed

@@ -0,0 +1,80 @@
+#!/usr/bin/env bash
+# Tests for allowlist restoration behavior in kaseki-agent.sh.
+set -euo pipefail
+ROOT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")/.." && pwd)"
+TMP_DIR="$(mktemp -d)"
+trap 'rm -rf "$TMP_DIR"' EXIT
+# Load allowlist helper functions used by restore_disallowed_changes().
+# shellcheck source=../scripts/allowlist-helper.sh
+. "$ROOT_DIR/scripts/allowlist-helper.sh"
+pass() { printf '✓ %s\n' "$1"; }
+fail() { printf '✗ %s\n' "$1" >&2; exit 1; }
+emit_event() {
+  printf '%s' "$1" >> "$TMP_DIR/results/events.log"
+  shift
+  while [ "$#" -gt 0 ]; do
+    printf ' %s' "$1" >> "$TMP_DIR/results/events.log"
+    shift
+  done
+  printf '\n' >> "$TMP_DIR/results/events.log"
+}
+collect_git_artifacts() {
+  printf 'collect_git_artifacts should not be called when restored_count=0\n' >&2
+  return 1
+}
+# Load restore_disallowed_changes() while redirecting its container-only absolute
+# paths into this test's temporary workspace.
+eval "$(awk '
+  /^restore_disallowed_changes\(\)/ { emit=1 }
+  /^generate_restoration_report\(\)/ { emit=0 }
+  emit { print }
+' "$ROOT_DIR/kaseki-agent.sh" | sed "s#/workspace/repo#$TMP_DIR/repo#g; s#/results#$TMP_DIR/results#g")"
+mkdir -p "$TMP_DIR/results" "$TMP_DIR/repo"
+{
+  cd "$TMP_DIR/repo"
+  git init --initial-branch=main -q
+  git config user.email "test@kaseki.local"
+  git config user.name "Test User"
+  printf 'original\n' > allowed.txt
+  git add allowed.txt
+  git commit -q -m "initial"
+  printf 'modified\n' > allowed.txt
+}
+printf 'allowed.txt\n' > "$TMP_DIR/results/changed-files.txt"
+: > "$TMP_DIR/results/quality.log"
+: > "$TMP_DIR/results/events.log"
+KASEKI_RESTORE_DISALLOWED_CHANGES=1
+KASEKI_CHANGED_FILES_ALLOWLIST='allowed.txt'
+restore_disallowed_changes
+if grep -Fq '[allowlist summary] Restored: 0 files; Kept: 1 files (coverage: 100%)' "$TMP_DIR/results/quality.log"; then
+  pass 'restore_disallowed_changes summarizes 0 restored / 1 kept with coverage under set -u'
+else
+  fail 'restore_disallowed_changes did not write the expected 0 restored / 1 kept summary'
+fi
+if grep -Fq 'allowlist_restoration_complete restored=0 kept=1 coverage=100' "$TMP_DIR/results/events.log"; then
+  pass 'restore_disallowed_changes emits completion event with computed coverage'
+else
+  fail 'restore_disallowed_changes did not emit expected coverage event'
+fi
+if grep -Fxq 'COPY kaseki-agent.sh /usr/local/bin/kaseki-agent' "$ROOT_DIR/Dockerfile"; then
+  pass 'Docker image installs /usr/local/bin/kaseki-agent directly from repository kaseki-agent.sh'
+else
+  fail 'Dockerfile must copy repository kaseki-agent.sh to /usr/local/bin/kaseki-agent'
+fi
+printf '\n✅ restore_disallowed_changes tests passed\n'