npm - @cyanautomation/kaseki-agent - Versions diffs - 1.4.1 - Mend

@cyanautomation/kaseki-agent 1.4.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (459) hide show

package/.dockerignore +54 -0
package/.eslintignore +11 -0
package/.eslintrc.json +95 -0
package/.github/ISSUE_TEMPLATE/bug_report.md +53 -0
package/.github/ISSUE_TEMPLATE/feature_request.md +53 -0
package/.github/ISSUE_TEMPLATE/security.md +51 -0
package/.github/PULL_REQUEST_TEMPLATE/default.md +71 -0
package/.github/dependabot.yml +38 -0
package/.github/skills/dependency-cache-optimization/SKILL.md +526 -0
package/.github/skills/docker-image-management/SKILL.md +532 -0
package/.github/skills/frontend-design/SKILL.md +782 -0
package/.github/skills/prompt-engineering/SKILL.md +360 -0
package/.github/skills/quality-gate-config/SKILL.md +591 -0
package/.github/skills/result-report-analysis/SKILL.md +576 -0
package/.github/skills/test-automation/SKILL.md +593 -0
package/.github/skills/workflow-diagnosis/SKILL.md +468 -0
package/.github/workflows/build-docker-image.yml +453 -0
package/.github/workflows/release.yml +68 -0
package/.releaserc.json +135 -0
package/CHANGELOG.md +117 -0
package/CLAUDE.md +336 -0
package/CONTRIBUTING.md +339 -0
package/Dockerfile +217 -0
package/README.md +1527 -0
package/STYLE.md +521 -0
package/add-js-extensions.d.ts +9 -0
package/add-js-extensions.d.ts.map +1 -0
package/add-js-extensions.js.map +1 -0
package/dist/add-js-extensions.d.ts +9 -0
package/dist/add-js-extensions.d.ts.map +1 -0
package/dist/add-js-extensions.js +52 -0
package/dist/add-js-extensions.js.map +1 -0
package/dist/ansi-colors.d.ts +26 -0
package/dist/ansi-colors.d.ts.map +1 -0
package/dist/ansi-colors.js +51 -0
package/dist/ansi-colors.js.map +1 -0
package/dist/cli/BaseCommand.d.ts +18 -0
package/dist/cli/BaseCommand.d.ts.map +1 -0
package/dist/cli/BaseCommand.js +31 -0
package/dist/cli/BaseCommand.js.map +1 -0
package/dist/cli/KasekiCLI.d.ts +30 -0
package/dist/cli/KasekiCLI.d.ts.map +1 -0
package/dist/cli/KasekiCLI.js +134 -0
package/dist/cli/KasekiCLI.js.map +1 -0
package/dist/cli/commands/ConfigCommand.d.ts +13 -0
package/dist/cli/commands/ConfigCommand.d.ts.map +1 -0
package/dist/cli/commands/ConfigCommand.js +131 -0
package/dist/cli/commands/ConfigCommand.js.map +1 -0
package/dist/cli/commands/DoctorCommand.d.ts +45 -0
package/dist/cli/commands/DoctorCommand.d.ts.map +1 -0
package/dist/cli/commands/DoctorCommand.js +309 -0
package/dist/cli/commands/DoctorCommand.js.map +1 -0
package/dist/cli/commands/ListCommand.d.ts +9 -0
package/dist/cli/commands/ListCommand.d.ts.map +1 -0
package/dist/cli/commands/ListCommand.js +81 -0
package/dist/cli/commands/ListCommand.js.map +1 -0
package/dist/cli/commands/ReportCommand.d.ts +9 -0
package/dist/cli/commands/ReportCommand.d.ts.map +1 -0
package/dist/cli/commands/ReportCommand.js +98 -0
package/dist/cli/commands/ReportCommand.js.map +1 -0
package/dist/cli/commands/RunCommand.d.ts +13 -0
package/dist/cli/commands/RunCommand.d.ts.map +1 -0
package/dist/cli/commands/RunCommand.js +191 -0
package/dist/cli/commands/RunCommand.js.map +1 -0
package/dist/cli/commands/SecretsCommand.d.ts +9 -0
package/dist/cli/commands/SecretsCommand.d.ts.map +1 -0
package/dist/cli/commands/SecretsCommand.js +109 -0
package/dist/cli/commands/SecretsCommand.js.map +1 -0
package/dist/cli/commands/ServeCommand.d.ts +9 -0
package/dist/cli/commands/ServeCommand.d.ts.map +1 -0
package/dist/cli/commands/ServeCommand.js +50 -0
package/dist/cli/commands/ServeCommand.js.map +1 -0
package/dist/cli/commands/SetupCommand.d.ts +42 -0
package/dist/cli/commands/SetupCommand.d.ts.map +1 -0
package/dist/cli/commands/SetupCommand.js +249 -0
package/dist/cli/commands/SetupCommand.js.map +1 -0
package/dist/cli.d.ts +9 -0
package/dist/cli.d.ts.map +1 -0
package/dist/cli.js +130 -0
package/dist/cli.js.map +1 -0
package/dist/config/ConfigManager.d.ts +395 -0
package/dist/config/ConfigManager.d.ts.map +1 -0
package/dist/config/ConfigManager.js +446 -0
package/dist/config/ConfigManager.js.map +1 -0
package/dist/docker/DockerManager.d.ts +69 -0
package/dist/docker/DockerManager.d.ts.map +1 -0
package/dist/docker/DockerManager.js +266 -0
package/dist/docker/DockerManager.js.map +1 -0
package/dist/event-aggregator.d.ts +71 -0
package/dist/event-aggregator.d.ts.map +1 -0
package/dist/event-aggregator.js +95 -0
package/dist/event-aggregator.js.map +1 -0
package/dist/github-app-token.d.ts +16 -0
package/dist/github-app-token.d.ts.map +1 -0
package/dist/github-app-token.js +148 -0
package/dist/github-app-token.js.map +1 -0
package/dist/idempotency-store.d.ts +61 -0
package/dist/idempotency-store.d.ts.map +1 -0
package/dist/idempotency-store.js +321 -0
package/dist/idempotency-store.js.map +1 -0
package/dist/index.d.ts +25 -0
package/dist/index.d.ts.map +1 -0
package/dist/index.js +31 -0
package/dist/index.js.map +1 -0
package/dist/instance/InstanceManager.d.ts +81 -0
package/dist/instance/InstanceManager.d.ts.map +1 -0
package/dist/instance/InstanceManager.js +220 -0
package/dist/instance/InstanceManager.js.map +1 -0
package/dist/instance-metadata-reader.d.ts +48 -0
package/dist/instance-metadata-reader.d.ts.map +1 -0
package/dist/instance-metadata-reader.js +94 -0
package/dist/instance-metadata-reader.js.map +1 -0
package/dist/instance-state-derivation.d.ts +42 -0
package/dist/instance-state-derivation.d.ts.map +1 -0
package/dist/instance-state-derivation.js +133 -0
package/dist/instance-state-derivation.js.map +1 -0
package/dist/job-scheduler.d.ts +124 -0
package/dist/job-scheduler.d.ts.map +1 -0
package/dist/job-scheduler.js +992 -0
package/dist/job-scheduler.js.map +1 -0
package/dist/kaseki-api-client.d.ts +89 -0
package/dist/kaseki-api-client.d.ts.map +1 -0
package/dist/kaseki-api-client.js +405 -0
package/dist/kaseki-api-client.js.map +1 -0
package/dist/kaseki-api-config.d.ts +34 -0
package/dist/kaseki-api-config.d.ts.map +1 -0
package/dist/kaseki-api-config.js +113 -0
package/dist/kaseki-api-config.js.map +1 -0
package/dist/kaseki-api-routes.d.ts +13 -0
package/dist/kaseki-api-routes.d.ts.map +1 -0
package/dist/kaseki-api-routes.js +559 -0
package/dist/kaseki-api-routes.js.map +1 -0
package/dist/kaseki-api-service-wrapper.d.ts +43 -0
package/dist/kaseki-api-service-wrapper.d.ts.map +1 -0
package/dist/kaseki-api-service-wrapper.js +150 -0
package/dist/kaseki-api-service-wrapper.js.map +1 -0
package/dist/kaseki-api-service.d.ts +16 -0
package/dist/kaseki-api-service.d.ts.map +1 -0
package/dist/kaseki-api-service.js +143 -0
package/dist/kaseki-api-service.js.map +1 -0
package/dist/kaseki-api-types.d.ts +440 -0
package/dist/kaseki-api-types.d.ts.map +1 -0
package/dist/kaseki-api-types.js +64 -0
package/dist/kaseki-api-types.js.map +1 -0
package/dist/kaseki-cli-lib.d.ts +219 -0
package/dist/kaseki-cli-lib.d.ts.map +1 -0
package/dist/kaseki-cli-lib.js +523 -0
package/dist/kaseki-cli-lib.js.map +1 -0
package/dist/kaseki-cli.d.ts +38 -0
package/dist/kaseki-cli.d.ts.map +1 -0
package/dist/kaseki-cli.js +559 -0
package/dist/kaseki-cli.js.map +1 -0
package/dist/kaseki-report.d.ts +3 -0
package/dist/kaseki-report.d.ts.map +1 -0
package/dist/kaseki-report.js +140 -0
package/dist/kaseki-report.js.map +1 -0
package/dist/lib/subprocess-helpers.d.ts +98 -0
package/dist/lib/subprocess-helpers.d.ts.map +1 -0
package/dist/lib/subprocess-helpers.js +136 -0
package/dist/lib/subprocess-helpers.js.map +1 -0
package/dist/logger.d.ts +39 -0
package/dist/logger.d.ts.map +1 -0
package/dist/logger.js +79 -0
package/dist/logger.js.map +1 -0
package/dist/metrics.d.ts +19 -0
package/dist/metrics.d.ts.map +1 -0
package/dist/metrics.js +59 -0
package/dist/metrics.js.map +1 -0
package/dist/middleware/job-lookup.d.ts +27 -0
package/dist/middleware/job-lookup.d.ts.map +1 -0
package/dist/middleware/job-lookup.js +28 -0
package/dist/middleware/job-lookup.js.map +1 -0
package/dist/pi-event-filter.d.ts +3 -0
package/dist/pi-event-filter.d.ts.map +1 -0
package/dist/pi-event-filter.js +126 -0
package/dist/pi-event-filter.js.map +1 -0
package/dist/pi-progress-stream.d.ts +3 -0
package/dist/pi-progress-stream.d.ts.map +1 -0
package/dist/pi-progress-stream.js +205 -0
package/dist/pi-progress-stream.js.map +1 -0
package/dist/pi-progress-summarizer.d.ts +61 -0
package/dist/pi-progress-summarizer.d.ts.map +1 -0
package/dist/pi-progress-summarizer.js +246 -0
package/dist/pi-progress-summarizer.js.map +1 -0
package/dist/pre-flight-validator.d.ts +72 -0
package/dist/pre-flight-validator.d.ts.map +1 -0
package/dist/pre-flight-validator.js +513 -0
package/dist/pre-flight-validator.js.map +1 -0
package/dist/progress-stream-utils.d.ts +3 -0
package/dist/progress-stream-utils.d.ts.map +1 -0
package/dist/progress-stream-utils.js +15 -0
package/dist/progress-stream-utils.js.map +1 -0
package/dist/result-cache.d.ts +52 -0
package/dist/result-cache.d.ts.map +1 -0
package/dist/result-cache.js +134 -0
package/dist/result-cache.js.map +1 -0
package/dist/routes/artifact-routes.d.ts +10 -0
package/dist/routes/artifact-routes.d.ts.map +1 -0
package/dist/routes/artifact-routes.js +126 -0
package/dist/routes/artifact-routes.js.map +1 -0
package/dist/routes/log-routes.d.ts +8 -0
package/dist/routes/log-routes.d.ts.map +1 -0
package/dist/routes/log-routes.js +345 -0
package/dist/routes/log-routes.js.map +1 -0
package/dist/routes/status-routes.d.ts +8 -0
package/dist/routes/status-routes.d.ts.map +1 -0
package/dist/routes/status-routes.js +82 -0
package/dist/routes/status-routes.js.map +1 -0
package/dist/routes/webhook-routes.d.ts +6 -0
package/dist/routes/webhook-routes.d.ts.map +1 -0
package/dist/routes/webhook-routes.js +86 -0
package/dist/routes/webhook-routes.js.map +1 -0
package/dist/run-artifact-metadata-cache.d.ts +42 -0
package/dist/run-artifact-metadata-cache.d.ts.map +1 -0
package/dist/run-artifact-metadata-cache.js +139 -0
package/dist/run-artifact-metadata-cache.js.map +1 -0
package/dist/secret-value-cache.d.ts +13 -0
package/dist/secret-value-cache.d.ts.map +1 -0
package/dist/secret-value-cache.js +44 -0
package/dist/secret-value-cache.js.map +1 -0
package/dist/secrets/SecretsManager.d.ts +80 -0
package/dist/secrets/SecretsManager.d.ts.map +1 -0
package/dist/secrets/SecretsManager.js +306 -0
package/dist/secrets/SecretsManager.js.map +1 -0
package/dist/test-utils.d.ts +55 -0
package/dist/test-utils.d.ts.map +1 -0
package/dist/test-utils.js +48 -0
package/dist/test-utils.js.map +1 -0
package/dist/timestamp-tracker.d.ts +75 -0
package/dist/timestamp-tracker.d.ts.map +1 -0
package/dist/timestamp-tracker.js +121 -0
package/dist/timestamp-tracker.js.map +1 -0
package/dist/utils/failure-artifact-writer.d.ts +29 -0
package/dist/utils/failure-artifact-writer.d.ts.map +1 -0
package/dist/utils/failure-artifact-writer.js +157 -0
package/dist/utils/failure-artifact-writer.js.map +1 -0
package/dist/utils/file-helpers.d.ts +41 -0
package/dist/utils/file-helpers.d.ts.map +1 -0
package/dist/utils/file-helpers.js +143 -0
package/dist/utils/file-helpers.js.map +1 -0
package/dist/utils/http-client-factory.d.ts +46 -0
package/dist/utils/http-client-factory.d.ts.map +1 -0
package/dist/utils/http-client-factory.js +114 -0
package/dist/utils/http-client-factory.js.map +1 -0
package/dist/utils/progress-normalizer.d.ts +13 -0
package/dist/utils/progress-normalizer.d.ts.map +1 -0
package/dist/utils/progress-normalizer.js +57 -0
package/dist/utils/progress-normalizer.js.map +1 -0
package/dist/utils/response-helpers.d.ts +34 -0
package/dist/utils/response-helpers.d.ts.map +1 -0
package/dist/utils/response-helpers.js +78 -0
package/dist/utils/response-helpers.js.map +1 -0
package/dist/utils/route-helpers.d.ts +17 -0
package/dist/utils/route-helpers.d.ts.map +1 -0
package/dist/utils/route-helpers.js +22 -0
package/dist/utils/route-helpers.js.map +1 -0
package/dist/utils/status-response-builder.d.ts +23 -0
package/dist/utils/status-response-builder.d.ts.map +1 -0
package/dist/utils/status-response-builder.js +144 -0
package/dist/utils/status-response-builder.js.map +1 -0
package/dist/utils/type-guards.d.ts +37 -0
package/dist/utils/type-guards.d.ts.map +1 -0
package/dist/utils/type-guards.js +45 -0
package/dist/utils/type-guards.js.map +1 -0
package/dist/utils/utf8-helpers.d.ts +32 -0
package/dist/utils/utf8-helpers.d.ts.map +1 -0
package/dist/utils/utf8-helpers.js +97 -0
package/dist/utils/utf8-helpers.js.map +1 -0
package/dist/utils/webhook-event-builder.d.ts +26 -0
package/dist/utils/webhook-event-builder.d.ts.map +1 -0
package/dist/utils/webhook-event-builder.js +77 -0
package/dist/utils/webhook-event-builder.js.map +1 -0
package/dist/webhook-manager.d.ts +56 -0
package/dist/webhook-manager.d.ts.map +1 -0
package/dist/webhook-manager.js +359 -0
package/dist/webhook-manager.js.map +1 -0
package/docker/workspace-cache/package-lock.json +13 -0
package/docker/workspace-cache/package.json +7 -0
package/docker-compose.yml +53 -0
package/docs/API.md +708 -0
package/docs/BACKLOG.md +19 -0
package/docs/BUILD_STRATEGY.md +404 -0
package/docs/CLI.md +569 -0
package/docs/DEPLOYMENT.md +521 -0
package/docs/DEVELOPMENT.md +459 -0
package/docs/DOCKER_SETUP.md +522 -0
package/docs/ENHANCED_PROGRESS_LOGS.md +264 -0
package/docs/IMPLEMENTATION_SUMMARY.md +549 -0
package/docs/INTEGRATION_EXAMPLE.md +217 -0
package/docs/NPM_SETUP.md +468 -0
package/docs/PHASE1-4_IMPLEMENTATION.md +302 -0
package/docs/PHASE1_COMPLETION.md +192 -0
package/docs/PHASE2_COMPLETION.md +134 -0
package/docs/PHASE6_MIGRATION.md +392 -0
package/docs/PRINTF_SAFETY_FIX.md +282 -0
package/docs/QUALITY_GATES.md +369 -0
package/docs/SETUP_GUIDE.md +482 -0
package/docs/TASK_PROMPT_TEMPLATES.md +533 -0
package/docs/VALIDATION_FIX.md +139 -0
package/docs/VERIFICATION_CHECKLIST.md +335 -0
package/docs/repo-maturity.md +760 -0
package/fix-tests.d.ts +9 -0
package/fix-tests.d.ts.map +1 -0
package/fix-tests.js.map +1 -0
package/fix-tests.ts +53 -0
package/jest.config.ts +31 -0
package/kaseki +183 -0
package/kaseki-agent.sh +1961 -0
package/ops/logrotate/kaseki +10 -0
package/package.json +83 -0
package/perf/README.md +54 -0
package/perf/pi-event-filter.benchmark.test.ts +98 -0
package/run-kaseki-json.test.sh +106 -0
package/run-kaseki.sh +990 -0
package/scripts/allowlist-helper.sh +56 -0
package/scripts/cleanup-kaseki.sh +168 -0
package/scripts/deploy-pi-template.sh +293 -0
package/scripts/docker-entrypoint.sh +71 -0
package/scripts/dry-run-allowlist.sh +161 -0
package/scripts/kaseki-activate.sh +396 -0
package/scripts/kaseki-api.service +62 -0
package/scripts/kaseki-container-entrypoint-wrapper.sh +119 -0
package/scripts/kaseki-container-setup-remote.sh +172 -0
package/scripts/kaseki-container-setup.sh +193 -0
package/scripts/kaseki-healthcheck.sh +95 -0
package/scripts/kaseki-install.sh +50 -0
package/scripts/kaseki-maturity-score.sh +291 -0
package/scripts/kaseki-performance-metrics.sh +122 -0
package/scripts/kaseki-preflight.sh +270 -0
package/scripts/kaseki-setup.sh +265 -0
package/scripts/pi-setup-remote.sh +213 -0
package/scripts/setup-github-labels.sh +42 -0
package/scripts/suggest-allowlist.sh +68 -0
package/scripts/templates/MULTI_HOST_DISTRIBUTED.md +337 -0
package/scripts/templates/REST_API_SERVICE.md +490 -0
package/scripts/templates/SINGLE_HOST_CLI.md +194 -0
package/scripts/test-github-app.sh +248 -0
package/src/add-js-extensions.ts +61 -0
package/src/ansi-colors.test.ts +62 -0
package/src/ansi-colors.ts +67 -0
package/src/cli/BaseCommand.ts +40 -0
package/src/cli/KasekiCLI.ts +154 -0
package/src/cli/commands/ConfigCommand.ts +145 -0
package/src/cli/commands/DoctorCommand.ts +329 -0
package/src/cli/commands/ListCommand.ts +105 -0
package/src/cli/commands/ReportCommand.ts +110 -0
package/src/cli/commands/RunCommand.ts +218 -0
package/src/cli/commands/SecretsCommand.ts +120 -0
package/src/cli/commands/ServeCommand.ts +62 -0
package/src/cli/commands/SetupCommand.ts +301 -0
package/src/cli.ts +138 -0
package/src/config/ConfigManager.ts +476 -0
package/src/docker/DockerManager.ts +319 -0
package/src/docker-entrypoint-packaging.test.ts +33 -0
package/src/event-aggregator.test.ts +117 -0
package/src/event-aggregator.ts +126 -0
package/src/github-app-token.ts +215 -0
package/src/idempotency-store.test.ts +117 -0
package/src/idempotency-store.ts +385 -0
package/src/index.ts +89 -0
package/src/instance/InstanceManager.ts +285 -0
package/src/instance-metadata-reader.test.ts +190 -0
package/src/instance-metadata-reader.ts +129 -0
package/src/instance-state-derivation.test.ts +263 -0
package/src/instance-state-derivation.ts +148 -0
package/src/job-scheduler.test.ts +1236 -0
package/src/job-scheduler.ts +1117 -0
package/src/kaseki-api-client.ts +488 -0
package/src/kaseki-api-config.test.ts +315 -0
package/src/kaseki-api-config.ts +175 -0
package/src/kaseki-api-routes.test.ts +1615 -0
package/src/kaseki-api-routes.ts +643 -0
package/src/kaseki-api-service-wrapper.ts +188 -0
package/src/kaseki-api-service.test.ts +418 -0
package/src/kaseki-api-service.ts +192 -0
package/src/kaseki-api-types.ts +320 -0
package/src/kaseki-cli-lib.test.ts +552 -0
package/src/kaseki-cli-lib.ts +760 -0
package/src/kaseki-cli.ts +682 -0
package/src/kaseki-report.test.ts +118 -0
package/src/kaseki-report.ts +192 -0
package/src/lib/subprocess-helpers.ts +177 -0
package/src/logger.ts +114 -0
package/src/metrics.ts +66 -0
package/src/middleware/job-lookup.test.ts +113 -0
package/src/middleware/job-lookup.ts +45 -0
package/src/pi-event-filter.test.ts +183 -0
package/src/pi-event-filter.ts +183 -0
package/src/pi-progress-stream.ts +287 -0
package/src/pi-progress-summarizer.test.ts +302 -0
package/src/pi-progress-summarizer.ts +287 -0
package/src/pre-flight-validator.test.ts +512 -0
package/src/pre-flight-validator.ts +618 -0
package/src/progress-stream-utils.test.ts +35 -0
package/src/progress-stream-utils.ts +14 -0
package/src/result-cache.test.ts +195 -0
package/src/result-cache.ts +181 -0
package/src/routes/artifact-routes.ts +169 -0
package/src/routes/log-routes.ts +391 -0
package/src/routes/status-routes.ts +92 -0
package/src/routes/webhook-routes.ts +97 -0
package/src/run-artifact-metadata-cache.test.ts +80 -0
package/src/run-artifact-metadata-cache.ts +184 -0
package/src/secret-value-cache.test.ts +66 -0
package/src/secret-value-cache.ts +55 -0
package/src/secrets/SecretsManager.ts +343 -0
package/src/test-utils.ts +81 -0
package/src/timestamp-tracker.test.ts +134 -0
package/src/timestamp-tracker.ts +132 -0
package/src/utils/failure-artifact-writer.ts +187 -0
package/src/utils/file-helpers.test.ts +235 -0
package/src/utils/file-helpers.ts +150 -0
package/src/utils/http-client-factory.test.ts +245 -0
package/src/utils/http-client-factory.ts +157 -0
package/src/utils/progress-normalizer.test.ts +442 -0
package/src/utils/progress-normalizer.ts +68 -0
package/src/utils/response-helpers.test.ts +122 -0
package/src/utils/response-helpers.ts +101 -0
package/src/utils/route-helpers.ts +30 -0
package/src/utils/status-response-builder.ts +159 -0
package/src/utils/type-guards.ts +52 -0
package/src/utils/utf8-helpers.ts +102 -0
package/src/utils/webhook-event-builder.test.ts +143 -0
package/src/utils/webhook-event-builder.ts +87 -0
package/src/webhook-manager.test.ts +152 -0
package/src/webhook-manager.ts +445 -0
package/templates/allowlist-api-route.txt +7 -0
package/templates/allowlist-comprehensive.txt +8 -0
package/templates/allowlist-parser-fix.txt +6 -0
package/templates/allowlist-ui-component.txt +9 -0
package/templates/allowlist-utility.txt +9 -0
package/test/actual-model-metadata.test.sh +102 -0
package/test/dry-run.test.sh +131 -0
package/test/fixtures/kaseki-report-exit-codes/metadata-exit-0.json +1 -0
package/test/fixtures/kaseki-report-exit-codes/metadata-exit-1.json +1 -0
package/test/fixtures/kaseki-report-exit-codes/metadata-exit-invalid.json +1 -0
package/test/fixtures/kaseki-report-exit-codes/metadata-exit-str-0.json +1 -0
package/test/fixtures/kaseki-report-exit-codes/metadata-exit-str-1.json +1 -0
package/test/kaseki-api.integration.test.sh +165 -0
package/test/pi-event-filter-failure.test.sh +83 -0
package/test/printf-safety-focused.test.sh +99 -0
package/test/printf-safety-results/results/restoration.jsonl +10 -0
package/test/printf-safety-results/results/test.jsonl +0 -0
package/test/printf-safety.test.sh +297 -0
package/test/validation-fix.test.sh +79 -0
package/test/validation-integration.test.sh +109 -0
package/tests/allowlist-glob.test.sh +61 -0
package/tests/dependency-cache-key.test.sh +48 -0
package/tests/dependency-restore-mode.test.sh +48 -0
package/tests/doctor-template-parity.test.sh +95 -0
package/tests/github-operations.test.sh +142 -0
package/tests/npm-install-flags.test.sh +58 -0
package/tests/quality-gates.test.sh +178 -0
package/tests/repo-memory.test.sh +103 -0
package/tests/restore-disallowed-changes.test.sh +80 -0
package/tests/validation-missing-npm-scripts.test.sh +93 -0
package/tests/validation-strict-mode.test.sh +118 -0
package/tsconfig.changed.json +7 -0
package/tsconfig.json +39 -0

package/docs/DEPLOYMENT.md ADDED Viewed

@@ -0,0 +1,521 @@
+# Kaseki Agent API Service - Deployment Guide
+## Overview
+The Kaseki API Service allows remote execution and monitoring of kaseki-agent runs via HTTP REST API.
+**Authoritative deployment mode: Docker container runtime** (docker-compose, systemd+docker, or manual `docker run`). Host Node.js process mode is fallback/dev-only and is not the production reference path.
+## Prerequisites
+- Docker + Docker Compose (for docker-compose deployment)
+- Node.js ≥ 24.x (for Node.js fallback deployment)
+- `/agents/kaseki-results` directory must exist or be creatable
+- OpenRouter API key for Pi agent invocation (inherited from kaseki-agent)
+## Quick Start
+### ✅ Recommended: Docker Compose
+```bash
+# Navigate to kaseki-agent repository
+cd /agents/kaseki-template
+# Set API key
+export KASEKI_API_KEYS=sk-your-secret-key-here
+# Build image from this repo
+docker build -t kaseki-agent:node24-local .
+# Start services (uses KASEKI_API_IMAGE, default: kaseki-agent:node24-local)
+docker-compose up -d
+# View logs
+docker-compose logs -f kaseki-api
+# Stop services
+docker-compose down
+```
+The API container runs as the `/agents` owner by default (`1000:1000`) and must also be able to use the host Docker socket so it can launch ephemeral `kaseki-N` containers. Set `DOCKER_GID` to the group owner of `/var/run/docker.sock`:
+```bash
+export DOCKER_GID="$(stat -c '%g' /var/run/docker.sock)"
+docker-compose up -d
+```
+In Dockhand, Portainer, or another compose manager, keep the same shape:
+```yaml
+services:
+  kaseki-api:
+    user: "1000:1000"
+    group_add:
+      - "${DOCKER_GID:-985}"
+    volumes:
+      - /agents:/agents:rw
+      - /var/run/docker.sock:/var/run/docker.sock
+```
+After deployment, verify controller readiness with the authenticated preflight endpoint:
+```bash
+curl -H "Authorization: Bearer $KASEKI_API_KEYS" \
+  http://localhost:8080/api/preflight
+```
+**Configuration** (via environment variables):
+```bash
+# Core settings
+KASEKI_API_KEYS=sk-key1,sk-key2            # Required: comma-separated API keys
+KASEKI_API_PORT=8080                        # API listen port (default: 8080)
+KASEKI_API_LOG_LEVEL=info                  # Log level: debug/info/warn/error
+KASEKI_API_IMAGE=kaseki-agent:node24-local # Must be built from this repo's Dockerfile
+# Performance
+KASEKI_API_MAX_CONCURRENT_RUNS=3           # Max concurrent jobs (default: 3)
+KASEKI_AGENT_TIMEOUT_SECONDS=1200          # Agent timeout in seconds (default: 20 min)
+KASEKI_MAX_DIFF_BYTES=200000               # Max diff size (default: 200 KB)
+# Paths (usually inherited from docker-compose)
+KASEKI_RESULTS_DIR=/agents/kaseki-results
+KASEKI_API_LOG_DIR=/var/log/kaseki-api
+```
+---
+## Fallback Deployment Options
+### Option 1: Node.js Process (Fallback)
+Quick alternative if Docker/docker-compose is unavailable:
+```bash
+cd /agents/kaseki-template
+# Install dependencies (lockfile-enforced)
+npm ci --omit=dev
+# Verify runtime
+node -v  # Must report v24.x or newer
+# Start API
+KASEKI_API_KEYS=sk-dev-key npm run kaseki-api
+```
+**Environment variables:**
+```bash
+KASEKI_API_KEYS=sk-key1,sk-key2            # Required
+KASEKI_API_PORT=8080                        # Default: 8080
+KASEKI_API_LOG_LEVEL=info                  # Default: info
+KASEKI_API_MAX_CONCURRENT_RUNS=3           # Default: 3
+KASEKI_AGENT_TIMEOUT_SECONDS=1200          # Default: 1200
+KASEKI_MAX_DIFF_BYTES=200000               # Default: 200000
+```
+**Production considerations:**
+- Use a process manager (systemd, supervisor, PM2) for restart/recovery
+- Run with `NODE_ENV=production` for optimal performance
+- Monitor logs and uptime independently
+### Option 2: systemd Service (Alternative)
+Deploy as a systemd service on the host (advanced):
+```bash
+# 1. Build image from this repository
+cd /agents/kaseki-template
+npm ci --omit=dev
+npm run build
+docker build -t kaseki-agent:node24-local .
+# 2. (Registry workflow) push/pull image before service restart
+# docker tag kaseki-agent:node24-local registry.example.com/kaseki-agent:node24-2026-05-03
+# docker push registry.example.com/kaseki-agent:node24-2026-05-03
+# On target host: docker pull registry.example.com/kaseki-agent:node24-2026-05-03
+# 3. Install systemd service (Docker mode only)
+sudo cp scripts/kaseki-api.service /etc/systemd/system/
+sudo systemctl daemon-reload
+# 4. Create environment file
+sudo mkdir -p /etc/kaseki-api
+sudo tee /etc/kaseki-api/kaseki-api.env << EOF
+KASEKI_API_KEYS=sk-your-secret-key
+KASEKI_API_PORT=8080
+KASEKI_API_LOG_LEVEL=info
+KASEKI_RESULTS_DIR=/agents/kaseki-results
+KASEKI_API_IMAGE=kaseki-agent:node24-local
+EOF
+# 5. Set appropriate permissions
+sudo chown root:root /etc/kaseki-api/kaseki-api.env
+sudo chmod 600 /etc/kaseki-api/kaseki-api.env
+# 6. Start service
+sudo systemctl enable kaseki-api
+sudo systemctl start kaseki-api
+# 7. Check status
+sudo systemctl status kaseki-api
+sudo journalctl -u kaseki-api -f
+```
+**Important behavior in Docker mode:**
+- The unit executes `node /app/dist/kaseki-api-service.js` inside the container image.
+- `/etc/kaseki-api/kaseki-api.env` only supplies environment variables; it does not mount over `/app/dist`.
+- Mounted host volumes are `/agents`, `/agents/kaseki-results`, `/var/log/kaseki-api`, and `/var/run/docker.sock`; none are mounted at `/app`, so `/app/dist` always comes from the image artifact.
+### Option 3: Manual Docker Container (Advanced)
+Run the API container directly without docker-compose:
+```bash
+docker run --rm \
+  --name kaseki-api \
+  -p 8080:8080 \
+  -v /agents:/agents:rw \
+  -v /agents/kaseki-results:/agents/kaseki-results:rw \
+  -v /var/log/kaseki-api:/var/log/kaseki-api:rw \
+  -v /var/run/docker.sock:/var/run/docker.sock \
+  -e KASEKI_API_KEYS=sk-your-key \
+  -e KASEKI_API_PORT=8080 \
+  -e KASEKI_CONTAINER_USER=1000:1000 \
+  -e KASEKI_AGENT_TIMEOUT_SECONDS=1200 \
+  --user 1000:1000 \
+  --group-add "$(stat -c '%g' /var/run/docker.sock)" \
+  --cap-drop ALL \
+  --security-opt no-new-privileges:true \
+  --read-only \
+  --entrypoint node \
+  ${KASEKI_API_IMAGE:-kaseki-agent:node24-local} \
+  /app/dist/kaseki-api-service.js
+```
+---
+## Security Best Practices
+1. **API Key Management**
+   - Store keys in environment files with mode `0600` (or use Docker secrets)
+   - Never commit keys to version control
+   - Rotate keys regularly
+   - Use separate keys for different environments (dev/staging/prod)
+   - For GitHub App authentication, prefer mounted files:
+     `GITHUB_APP_ID_FILE`, `GITHUB_APP_CLIENT_ID_FILE`, and
+     `GITHUB_APP_PRIVATE_KEY_FILE`. Avoid placing the private key PEM directly
+     in `.env`; environment variables are more likely to appear in process
+     inspection output, container metadata, and deployment UI history.
+2. **Network Security**
+   - Expose API only on trusted networks (localhost or VPN)
+   - Use firewall rules to restrict access:
+     ```bash
+     sudo ufw allow from 10.0.0.0/8 to any port 8080  # Example: allow from private network
+     ```
+   - Consider putting API behind a reverse proxy (nginx) with authentication
+3. **Container Hardening**
+   - All Docker deployments use:
+     - `--cap-drop ALL` — Remove all Linux capabilities
+     - `--security-opt no-new-privileges:true` — Prevent privilege escalation
+     - `--read-only` — Read-only root filesystem
+     - `tmpfs` — Temporary write-able directories
+   - API runs as a non-root user that owns `/agents`
+   - Add only the host Docker socket group as a supplemental group; do not run the API as root just to reach Docker
+4. **TLS/HTTPS**
+   - Forward HTTPS traffic via reverse proxy (e.g., nginx):
+     ```nginx
+     upstream kaseki_api {
+       server localhost:8080;
+     }
+     server {
+       listen 443 ssl http2;
+       server_name api.kaseki.local;
+       ssl_certificate /etc/letsencrypt/live/api.kaseki.local/fullchain.pem;
+       ssl_certificate_key /etc/letsencrypt/live/api.kaseki.local/privkey.pem;
+       location / {
+         proxy_pass http://kaseki_api;
+         proxy_set_header Authorization $http_authorization;
+       }
+     }
+     ```
+---
+## Health Checks
+All deployments should monitor health:
+```bash
+curl http://localhost:8080/health
+# Equivalent namespaced endpoint:
+curl http://localhost:8080/api/health
+```
+Expected response:
+```json
+{
+  "status": "healthy",
+  "timestamp": "2026-05-02T14:30:00Z",
+  "queue": {
+    "pending": 0,
+    "running": 0,
+    "maxConcurrent": 3
+  }
+}
+```
+---
+## Monitoring
+### Dependency Cache Behavior
+- Worker installs are lockfile-only (`npm ci --omit=dev`) and will fail when no `package-lock.json` or `npm-shrinkwrap.json` is present.
+- Scheduler/runner containers must keep a persistent cache mount at `/agents/kaseki-cache` (or override with `KASEKI_CACHE_DIR`) so dependency cache data survives between runs.
+- `run-kaseki.sh` mounts that directory into workers at `/cache`, and workers use:
+  - `KASEKI_DEPENDENCY_CACHE_DIR=/cache/dependencies`
+  - `NPM_CONFIG_CACHE=/cache/npm-cache`
+- Cache key is deterministic: `sha256(repo_url) + lockfile sha256 + Node major version`.
+- Progress + timing artifacts include install/cache signals:
+  - `progress.jsonl` / `progress.log`: dependency install stage, cache hit/miss, elapsed seconds.
+  - `stage-timings.tsv`: `dependency install` row with cache source and install flags.
+  - `dependency-cache.log`: summarized cache status.
+### Docker Compose
+```bash
+# View logs
+docker-compose logs -f kaseki-api
+# Check resource usage
+docker stats kaseki-api
+```
+### Node.js Process
+```bash
+# Check process status
+ps aux | grep kaseki-api
+# View recent logs (depends on logging setup)
+tail -f /var/log/kaseki-api.log
+```
+### systemd Service
+```bash
+# Check status
+systemctl status kaseki-api
+# View logs (last 100 lines)
+journalctl -u kaseki-api -n 100
+# Stream logs
+journalctl -u kaseki-api -f
+```
+### Prometheus Metrics
+Metrics endpoint coming in Phase 8:
+```bash
+curl -H "Authorization: Bearer $KASEKI_API_KEYS" http://localhost:8080/api/metrics
+```
+Example Prometheus scrape config:
+```yaml
+scrape_configs:
+  - job_name: kaseki_api
+    metrics_path: /api/metrics
+    scheme: http
+    static_configs:
+      - targets: ['kaseki-api:8080']
+    authorization:
+      credentials: ${KASEKI_API_KEY}
+```
+Readiness probe (no auth required):
+```bash
+curl -f http://localhost:8080/ready
+# or
+curl -f http://localhost:8080/api/ready
+```
+`/ready` returns `503` with machine-readable `reasons` when dependencies like results-dir writability,
+scheduler queue introspection, or webhook processing health are unavailable.
+---
+## Log Rotation
+### Docker Compose
+Logs are managed by Docker automatically. To configure retention:
+```bash
+# Edit daemon.json
+sudo nano /etc/docker/daemon.json
+```
+Add:
+```json
+{
+  "log-driver": "json-file",
+  "log-opts": {
+    "max-size": "10m",
+    "max-file": "3"
+  }
+}
+```
+Then restart Docker:
+```bash
+sudo systemctl restart docker
+```
+### Host Deployment (systemd/Node.js)
+Configure logrotate:
+```bash
+sudo tee /etc/logrotate.d/kaseki-api << EOF
+/var/log/kaseki-api/*.log {
+  daily
+  rotate 7
+  compress
+  delaycompress
+  missingok
+  notifempty
+  create 0640 nobody nogroup
+  sharedscripts
+  postrotate
+    systemctl reload kaseki-api > /dev/null 2>&1 || true
+  endscript
+}
+EOF
+```
+---
+## Troubleshooting
+### API won't start
+Check required environment variables:
+```bash
+# Must be set
+echo $KASEKI_API_KEYS  # Should not be empty
+ls -la /agents/kaseki-results  # Directory must exist
+```
+### Container/process is crashing
+View logs for detailed error:
+```bash
+# Docker Compose
+docker-compose logs kaseki-api | head -50
+# Node.js
+npm run kaseki-api  # Run in foreground to see errors
+# systemd
+journalctl -u kaseki-api -n 50
+```
+Common issues:
+- Missing `/agents/kaseki-results` directory
+- Invalid port (not between 1-65535)
+- API key environment variable not set
+- Docker daemon not running (for docker-compose)
+- Node.js not installed or wrong version
+### Slow performance
+Check queue status:
+```bash
+curl -H "Authorization: Bearer sk-key" http://localhost:8080/api/runs
+# Monitor running jobs
+watch -n2 'curl -s http://localhost:8080/health | jq ".queue"'
+```
+Increase `KASEKI_API_MAX_CONCURRENT_RUNS` if jobs are queueing unnecessarily.
+---
+## Cleanup
+### Docker Compose
+```bash
+cd /agents/kaseki-template
+docker-compose down
+docker volume prune  # Optional: delete unused volumes
+```
+### Node.js Process
+```bash
+# Stop the process
+pkill -f "kaseki-api"
+# Or if using npm:
+# Ctrl+C in the terminal
+```
+### systemd Service
+```bash
+sudo systemctl stop kaseki-api
+sudo systemctl disable kaseki-api
+sudo rm /etc/systemd/system/kaseki-api.service
+sudo systemctl daemon-reload
+```
+---
+## Next Steps
+1. **Choose your deployment path** — Docker Compose (recommended) or Node.js
+2. **Configure for your network** — Update firewall rules, reverse proxy settings
+3. **Set up monitoring** — Add health checks, alerts
+4. **Test integration** — Use TypeScript client library to submit test runs
+5. **Deploy kaseki-agent** — Ensure Docker base image and OpenRouter credentials are configured
+## Runtime Verification
+Use these checks after deployment:
+```bash
+# Check whether systemd is launching Docker or host Node
+systemctl cat kaseki-api | sed -n "1,220p"
+# Docker path: verify container runtime Node major
+docker exec kaseki-api node -v
+# Host-Node path: verify service user runtime (example for nobody)
+sudo -u nobody /usr/bin/node -v
+```
+The service startup precheck logs detected Node version and exits with a clear error if the major version is less than 24.