npm - @cyanautomation/kaseki-agent - Versions diffs - 1.4.1 - Mend

@cyanautomation/kaseki-agent 1.4.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (459) hide show

package/.dockerignore +54 -0
package/.eslintignore +11 -0
package/.eslintrc.json +95 -0
package/.github/ISSUE_TEMPLATE/bug_report.md +53 -0
package/.github/ISSUE_TEMPLATE/feature_request.md +53 -0
package/.github/ISSUE_TEMPLATE/security.md +51 -0
package/.github/PULL_REQUEST_TEMPLATE/default.md +71 -0
package/.github/dependabot.yml +38 -0
package/.github/skills/dependency-cache-optimization/SKILL.md +526 -0
package/.github/skills/docker-image-management/SKILL.md +532 -0
package/.github/skills/frontend-design/SKILL.md +782 -0
package/.github/skills/prompt-engineering/SKILL.md +360 -0
package/.github/skills/quality-gate-config/SKILL.md +591 -0
package/.github/skills/result-report-analysis/SKILL.md +576 -0
package/.github/skills/test-automation/SKILL.md +593 -0
package/.github/skills/workflow-diagnosis/SKILL.md +468 -0
package/.github/workflows/build-docker-image.yml +453 -0
package/.github/workflows/release.yml +68 -0
package/.releaserc.json +135 -0
package/CHANGELOG.md +117 -0
package/CLAUDE.md +336 -0
package/CONTRIBUTING.md +339 -0
package/Dockerfile +217 -0
package/README.md +1527 -0
package/STYLE.md +521 -0
package/add-js-extensions.d.ts +9 -0
package/add-js-extensions.d.ts.map +1 -0
package/add-js-extensions.js.map +1 -0
package/dist/add-js-extensions.d.ts +9 -0
package/dist/add-js-extensions.d.ts.map +1 -0
package/dist/add-js-extensions.js +52 -0
package/dist/add-js-extensions.js.map +1 -0
package/dist/ansi-colors.d.ts +26 -0
package/dist/ansi-colors.d.ts.map +1 -0
package/dist/ansi-colors.js +51 -0
package/dist/ansi-colors.js.map +1 -0
package/dist/cli/BaseCommand.d.ts +18 -0
package/dist/cli/BaseCommand.d.ts.map +1 -0
package/dist/cli/BaseCommand.js +31 -0
package/dist/cli/BaseCommand.js.map +1 -0
package/dist/cli/KasekiCLI.d.ts +30 -0
package/dist/cli/KasekiCLI.d.ts.map +1 -0
package/dist/cli/KasekiCLI.js +134 -0
package/dist/cli/KasekiCLI.js.map +1 -0
package/dist/cli/commands/ConfigCommand.d.ts +13 -0
package/dist/cli/commands/ConfigCommand.d.ts.map +1 -0
package/dist/cli/commands/ConfigCommand.js +131 -0
package/dist/cli/commands/ConfigCommand.js.map +1 -0
package/dist/cli/commands/DoctorCommand.d.ts +45 -0
package/dist/cli/commands/DoctorCommand.d.ts.map +1 -0
package/dist/cli/commands/DoctorCommand.js +309 -0
package/dist/cli/commands/DoctorCommand.js.map +1 -0
package/dist/cli/commands/ListCommand.d.ts +9 -0
package/dist/cli/commands/ListCommand.d.ts.map +1 -0
package/dist/cli/commands/ListCommand.js +81 -0
package/dist/cli/commands/ListCommand.js.map +1 -0
package/dist/cli/commands/ReportCommand.d.ts +9 -0
package/dist/cli/commands/ReportCommand.d.ts.map +1 -0
package/dist/cli/commands/ReportCommand.js +98 -0
package/dist/cli/commands/ReportCommand.js.map +1 -0
package/dist/cli/commands/RunCommand.d.ts +13 -0
package/dist/cli/commands/RunCommand.d.ts.map +1 -0
package/dist/cli/commands/RunCommand.js +191 -0
package/dist/cli/commands/RunCommand.js.map +1 -0
package/dist/cli/commands/SecretsCommand.d.ts +9 -0
package/dist/cli/commands/SecretsCommand.d.ts.map +1 -0
package/dist/cli/commands/SecretsCommand.js +109 -0
package/dist/cli/commands/SecretsCommand.js.map +1 -0
package/dist/cli/commands/ServeCommand.d.ts +9 -0
package/dist/cli/commands/ServeCommand.d.ts.map +1 -0
package/dist/cli/commands/ServeCommand.js +50 -0
package/dist/cli/commands/ServeCommand.js.map +1 -0
package/dist/cli/commands/SetupCommand.d.ts +42 -0
package/dist/cli/commands/SetupCommand.d.ts.map +1 -0
package/dist/cli/commands/SetupCommand.js +249 -0
package/dist/cli/commands/SetupCommand.js.map +1 -0
package/dist/cli.d.ts +9 -0
package/dist/cli.d.ts.map +1 -0
package/dist/cli.js +130 -0
package/dist/cli.js.map +1 -0
package/dist/config/ConfigManager.d.ts +395 -0
package/dist/config/ConfigManager.d.ts.map +1 -0
package/dist/config/ConfigManager.js +446 -0
package/dist/config/ConfigManager.js.map +1 -0
package/dist/docker/DockerManager.d.ts +69 -0
package/dist/docker/DockerManager.d.ts.map +1 -0
package/dist/docker/DockerManager.js +266 -0
package/dist/docker/DockerManager.js.map +1 -0
package/dist/event-aggregator.d.ts +71 -0
package/dist/event-aggregator.d.ts.map +1 -0
package/dist/event-aggregator.js +95 -0
package/dist/event-aggregator.js.map +1 -0
package/dist/github-app-token.d.ts +16 -0
package/dist/github-app-token.d.ts.map +1 -0
package/dist/github-app-token.js +148 -0
package/dist/github-app-token.js.map +1 -0
package/dist/idempotency-store.d.ts +61 -0
package/dist/idempotency-store.d.ts.map +1 -0
package/dist/idempotency-store.js +321 -0
package/dist/idempotency-store.js.map +1 -0
package/dist/index.d.ts +25 -0
package/dist/index.d.ts.map +1 -0
package/dist/index.js +31 -0
package/dist/index.js.map +1 -0
package/dist/instance/InstanceManager.d.ts +81 -0
package/dist/instance/InstanceManager.d.ts.map +1 -0
package/dist/instance/InstanceManager.js +220 -0
package/dist/instance/InstanceManager.js.map +1 -0
package/dist/instance-metadata-reader.d.ts +48 -0
package/dist/instance-metadata-reader.d.ts.map +1 -0
package/dist/instance-metadata-reader.js +94 -0
package/dist/instance-metadata-reader.js.map +1 -0
package/dist/instance-state-derivation.d.ts +42 -0
package/dist/instance-state-derivation.d.ts.map +1 -0
package/dist/instance-state-derivation.js +133 -0
package/dist/instance-state-derivation.js.map +1 -0
package/dist/job-scheduler.d.ts +124 -0
package/dist/job-scheduler.d.ts.map +1 -0
package/dist/job-scheduler.js +992 -0
package/dist/job-scheduler.js.map +1 -0
package/dist/kaseki-api-client.d.ts +89 -0
package/dist/kaseki-api-client.d.ts.map +1 -0
package/dist/kaseki-api-client.js +405 -0
package/dist/kaseki-api-client.js.map +1 -0
package/dist/kaseki-api-config.d.ts +34 -0
package/dist/kaseki-api-config.d.ts.map +1 -0
package/dist/kaseki-api-config.js +113 -0
package/dist/kaseki-api-config.js.map +1 -0
package/dist/kaseki-api-routes.d.ts +13 -0
package/dist/kaseki-api-routes.d.ts.map +1 -0
package/dist/kaseki-api-routes.js +559 -0
package/dist/kaseki-api-routes.js.map +1 -0
package/dist/kaseki-api-service-wrapper.d.ts +43 -0
package/dist/kaseki-api-service-wrapper.d.ts.map +1 -0
package/dist/kaseki-api-service-wrapper.js +150 -0
package/dist/kaseki-api-service-wrapper.js.map +1 -0
package/dist/kaseki-api-service.d.ts +16 -0
package/dist/kaseki-api-service.d.ts.map +1 -0
package/dist/kaseki-api-service.js +143 -0
package/dist/kaseki-api-service.js.map +1 -0
package/dist/kaseki-api-types.d.ts +440 -0
package/dist/kaseki-api-types.d.ts.map +1 -0
package/dist/kaseki-api-types.js +64 -0
package/dist/kaseki-api-types.js.map +1 -0
package/dist/kaseki-cli-lib.d.ts +219 -0
package/dist/kaseki-cli-lib.d.ts.map +1 -0
package/dist/kaseki-cli-lib.js +523 -0
package/dist/kaseki-cli-lib.js.map +1 -0
package/dist/kaseki-cli.d.ts +38 -0
package/dist/kaseki-cli.d.ts.map +1 -0
package/dist/kaseki-cli.js +559 -0
package/dist/kaseki-cli.js.map +1 -0
package/dist/kaseki-report.d.ts +3 -0
package/dist/kaseki-report.d.ts.map +1 -0
package/dist/kaseki-report.js +140 -0
package/dist/kaseki-report.js.map +1 -0
package/dist/lib/subprocess-helpers.d.ts +98 -0
package/dist/lib/subprocess-helpers.d.ts.map +1 -0
package/dist/lib/subprocess-helpers.js +136 -0
package/dist/lib/subprocess-helpers.js.map +1 -0
package/dist/logger.d.ts +39 -0
package/dist/logger.d.ts.map +1 -0
package/dist/logger.js +79 -0
package/dist/logger.js.map +1 -0
package/dist/metrics.d.ts +19 -0
package/dist/metrics.d.ts.map +1 -0
package/dist/metrics.js +59 -0
package/dist/metrics.js.map +1 -0
package/dist/middleware/job-lookup.d.ts +27 -0
package/dist/middleware/job-lookup.d.ts.map +1 -0
package/dist/middleware/job-lookup.js +28 -0
package/dist/middleware/job-lookup.js.map +1 -0
package/dist/pi-event-filter.d.ts +3 -0
package/dist/pi-event-filter.d.ts.map +1 -0
package/dist/pi-event-filter.js +126 -0
package/dist/pi-event-filter.js.map +1 -0
package/dist/pi-progress-stream.d.ts +3 -0
package/dist/pi-progress-stream.d.ts.map +1 -0
package/dist/pi-progress-stream.js +205 -0
package/dist/pi-progress-stream.js.map +1 -0
package/dist/pi-progress-summarizer.d.ts +61 -0
package/dist/pi-progress-summarizer.d.ts.map +1 -0
package/dist/pi-progress-summarizer.js +246 -0
package/dist/pi-progress-summarizer.js.map +1 -0
package/dist/pre-flight-validator.d.ts +72 -0
package/dist/pre-flight-validator.d.ts.map +1 -0
package/dist/pre-flight-validator.js +513 -0
package/dist/pre-flight-validator.js.map +1 -0
package/dist/progress-stream-utils.d.ts +3 -0
package/dist/progress-stream-utils.d.ts.map +1 -0
package/dist/progress-stream-utils.js +15 -0
package/dist/progress-stream-utils.js.map +1 -0
package/dist/result-cache.d.ts +52 -0
package/dist/result-cache.d.ts.map +1 -0
package/dist/result-cache.js +134 -0
package/dist/result-cache.js.map +1 -0
package/dist/routes/artifact-routes.d.ts +10 -0
package/dist/routes/artifact-routes.d.ts.map +1 -0
package/dist/routes/artifact-routes.js +126 -0
package/dist/routes/artifact-routes.js.map +1 -0
package/dist/routes/log-routes.d.ts +8 -0
package/dist/routes/log-routes.d.ts.map +1 -0
package/dist/routes/log-routes.js +345 -0
package/dist/routes/log-routes.js.map +1 -0
package/dist/routes/status-routes.d.ts +8 -0
package/dist/routes/status-routes.d.ts.map +1 -0
package/dist/routes/status-routes.js +82 -0
package/dist/routes/status-routes.js.map +1 -0
package/dist/routes/webhook-routes.d.ts +6 -0
package/dist/routes/webhook-routes.d.ts.map +1 -0
package/dist/routes/webhook-routes.js +86 -0
package/dist/routes/webhook-routes.js.map +1 -0
package/dist/run-artifact-metadata-cache.d.ts +42 -0
package/dist/run-artifact-metadata-cache.d.ts.map +1 -0
package/dist/run-artifact-metadata-cache.js +139 -0
package/dist/run-artifact-metadata-cache.js.map +1 -0
package/dist/secret-value-cache.d.ts +13 -0
package/dist/secret-value-cache.d.ts.map +1 -0
package/dist/secret-value-cache.js +44 -0
package/dist/secret-value-cache.js.map +1 -0
package/dist/secrets/SecretsManager.d.ts +80 -0
package/dist/secrets/SecretsManager.d.ts.map +1 -0
package/dist/secrets/SecretsManager.js +306 -0
package/dist/secrets/SecretsManager.js.map +1 -0
package/dist/test-utils.d.ts +55 -0
package/dist/test-utils.d.ts.map +1 -0
package/dist/test-utils.js +48 -0
package/dist/test-utils.js.map +1 -0
package/dist/timestamp-tracker.d.ts +75 -0
package/dist/timestamp-tracker.d.ts.map +1 -0
package/dist/timestamp-tracker.js +121 -0
package/dist/timestamp-tracker.js.map +1 -0
package/dist/utils/failure-artifact-writer.d.ts +29 -0
package/dist/utils/failure-artifact-writer.d.ts.map +1 -0
package/dist/utils/failure-artifact-writer.js +157 -0
package/dist/utils/failure-artifact-writer.js.map +1 -0
package/dist/utils/file-helpers.d.ts +41 -0
package/dist/utils/file-helpers.d.ts.map +1 -0
package/dist/utils/file-helpers.js +143 -0
package/dist/utils/file-helpers.js.map +1 -0
package/dist/utils/http-client-factory.d.ts +46 -0
package/dist/utils/http-client-factory.d.ts.map +1 -0
package/dist/utils/http-client-factory.js +114 -0
package/dist/utils/http-client-factory.js.map +1 -0
package/dist/utils/progress-normalizer.d.ts +13 -0
package/dist/utils/progress-normalizer.d.ts.map +1 -0
package/dist/utils/progress-normalizer.js +57 -0
package/dist/utils/progress-normalizer.js.map +1 -0
package/dist/utils/response-helpers.d.ts +34 -0
package/dist/utils/response-helpers.d.ts.map +1 -0
package/dist/utils/response-helpers.js +78 -0
package/dist/utils/response-helpers.js.map +1 -0
package/dist/utils/route-helpers.d.ts +17 -0
package/dist/utils/route-helpers.d.ts.map +1 -0
package/dist/utils/route-helpers.js +22 -0
package/dist/utils/route-helpers.js.map +1 -0
package/dist/utils/status-response-builder.d.ts +23 -0
package/dist/utils/status-response-builder.d.ts.map +1 -0
package/dist/utils/status-response-builder.js +144 -0
package/dist/utils/status-response-builder.js.map +1 -0
package/dist/utils/type-guards.d.ts +37 -0
package/dist/utils/type-guards.d.ts.map +1 -0
package/dist/utils/type-guards.js +45 -0
package/dist/utils/type-guards.js.map +1 -0
package/dist/utils/utf8-helpers.d.ts +32 -0
package/dist/utils/utf8-helpers.d.ts.map +1 -0
package/dist/utils/utf8-helpers.js +97 -0
package/dist/utils/utf8-helpers.js.map +1 -0
package/dist/utils/webhook-event-builder.d.ts +26 -0
package/dist/utils/webhook-event-builder.d.ts.map +1 -0
package/dist/utils/webhook-event-builder.js +77 -0
package/dist/utils/webhook-event-builder.js.map +1 -0
package/dist/webhook-manager.d.ts +56 -0
package/dist/webhook-manager.d.ts.map +1 -0
package/dist/webhook-manager.js +359 -0
package/dist/webhook-manager.js.map +1 -0
package/docker/workspace-cache/package-lock.json +13 -0
package/docker/workspace-cache/package.json +7 -0
package/docker-compose.yml +53 -0
package/docs/API.md +708 -0
package/docs/BACKLOG.md +19 -0
package/docs/BUILD_STRATEGY.md +404 -0
package/docs/CLI.md +569 -0
package/docs/DEPLOYMENT.md +521 -0
package/docs/DEVELOPMENT.md +459 -0
package/docs/DOCKER_SETUP.md +522 -0
package/docs/ENHANCED_PROGRESS_LOGS.md +264 -0
package/docs/IMPLEMENTATION_SUMMARY.md +549 -0
package/docs/INTEGRATION_EXAMPLE.md +217 -0
package/docs/NPM_SETUP.md +468 -0
package/docs/PHASE1-4_IMPLEMENTATION.md +302 -0
package/docs/PHASE1_COMPLETION.md +192 -0
package/docs/PHASE2_COMPLETION.md +134 -0
package/docs/PHASE6_MIGRATION.md +392 -0
package/docs/PRINTF_SAFETY_FIX.md +282 -0
package/docs/QUALITY_GATES.md +369 -0
package/docs/SETUP_GUIDE.md +482 -0
package/docs/TASK_PROMPT_TEMPLATES.md +533 -0
package/docs/VALIDATION_FIX.md +139 -0
package/docs/VERIFICATION_CHECKLIST.md +335 -0
package/docs/repo-maturity.md +760 -0
package/fix-tests.d.ts +9 -0
package/fix-tests.d.ts.map +1 -0
package/fix-tests.js.map +1 -0
package/fix-tests.ts +53 -0
package/jest.config.ts +31 -0
package/kaseki +183 -0
package/kaseki-agent.sh +1961 -0
package/ops/logrotate/kaseki +10 -0
package/package.json +83 -0
package/perf/README.md +54 -0
package/perf/pi-event-filter.benchmark.test.ts +98 -0
package/run-kaseki-json.test.sh +106 -0
package/run-kaseki.sh +990 -0
package/scripts/allowlist-helper.sh +56 -0
package/scripts/cleanup-kaseki.sh +168 -0
package/scripts/deploy-pi-template.sh +293 -0
package/scripts/docker-entrypoint.sh +71 -0
package/scripts/dry-run-allowlist.sh +161 -0
package/scripts/kaseki-activate.sh +396 -0
package/scripts/kaseki-api.service +62 -0
package/scripts/kaseki-container-entrypoint-wrapper.sh +119 -0
package/scripts/kaseki-container-setup-remote.sh +172 -0
package/scripts/kaseki-container-setup.sh +193 -0
package/scripts/kaseki-healthcheck.sh +95 -0
package/scripts/kaseki-install.sh +50 -0
package/scripts/kaseki-maturity-score.sh +291 -0
package/scripts/kaseki-performance-metrics.sh +122 -0
package/scripts/kaseki-preflight.sh +270 -0
package/scripts/kaseki-setup.sh +265 -0
package/scripts/pi-setup-remote.sh +213 -0
package/scripts/setup-github-labels.sh +42 -0
package/scripts/suggest-allowlist.sh +68 -0
package/scripts/templates/MULTI_HOST_DISTRIBUTED.md +337 -0
package/scripts/templates/REST_API_SERVICE.md +490 -0
package/scripts/templates/SINGLE_HOST_CLI.md +194 -0
package/scripts/test-github-app.sh +248 -0
package/src/add-js-extensions.ts +61 -0
package/src/ansi-colors.test.ts +62 -0
package/src/ansi-colors.ts +67 -0
package/src/cli/BaseCommand.ts +40 -0
package/src/cli/KasekiCLI.ts +154 -0
package/src/cli/commands/ConfigCommand.ts +145 -0
package/src/cli/commands/DoctorCommand.ts +329 -0
package/src/cli/commands/ListCommand.ts +105 -0
package/src/cli/commands/ReportCommand.ts +110 -0
package/src/cli/commands/RunCommand.ts +218 -0
package/src/cli/commands/SecretsCommand.ts +120 -0
package/src/cli/commands/ServeCommand.ts +62 -0
package/src/cli/commands/SetupCommand.ts +301 -0
package/src/cli.ts +138 -0
package/src/config/ConfigManager.ts +476 -0
package/src/docker/DockerManager.ts +319 -0
package/src/docker-entrypoint-packaging.test.ts +33 -0
package/src/event-aggregator.test.ts +117 -0
package/src/event-aggregator.ts +126 -0
package/src/github-app-token.ts +215 -0
package/src/idempotency-store.test.ts +117 -0
package/src/idempotency-store.ts +385 -0
package/src/index.ts +89 -0
package/src/instance/InstanceManager.ts +285 -0
package/src/instance-metadata-reader.test.ts +190 -0
package/src/instance-metadata-reader.ts +129 -0
package/src/instance-state-derivation.test.ts +263 -0
package/src/instance-state-derivation.ts +148 -0
package/src/job-scheduler.test.ts +1236 -0
package/src/job-scheduler.ts +1117 -0
package/src/kaseki-api-client.ts +488 -0
package/src/kaseki-api-config.test.ts +315 -0
package/src/kaseki-api-config.ts +175 -0
package/src/kaseki-api-routes.test.ts +1615 -0
package/src/kaseki-api-routes.ts +643 -0
package/src/kaseki-api-service-wrapper.ts +188 -0
package/src/kaseki-api-service.test.ts +418 -0
package/src/kaseki-api-service.ts +192 -0
package/src/kaseki-api-types.ts +320 -0
package/src/kaseki-cli-lib.test.ts +552 -0
package/src/kaseki-cli-lib.ts +760 -0
package/src/kaseki-cli.ts +682 -0
package/src/kaseki-report.test.ts +118 -0
package/src/kaseki-report.ts +192 -0
package/src/lib/subprocess-helpers.ts +177 -0
package/src/logger.ts +114 -0
package/src/metrics.ts +66 -0
package/src/middleware/job-lookup.test.ts +113 -0
package/src/middleware/job-lookup.ts +45 -0
package/src/pi-event-filter.test.ts +183 -0
package/src/pi-event-filter.ts +183 -0
package/src/pi-progress-stream.ts +287 -0
package/src/pi-progress-summarizer.test.ts +302 -0
package/src/pi-progress-summarizer.ts +287 -0
package/src/pre-flight-validator.test.ts +512 -0
package/src/pre-flight-validator.ts +618 -0
package/src/progress-stream-utils.test.ts +35 -0
package/src/progress-stream-utils.ts +14 -0
package/src/result-cache.test.ts +195 -0
package/src/result-cache.ts +181 -0
package/src/routes/artifact-routes.ts +169 -0
package/src/routes/log-routes.ts +391 -0
package/src/routes/status-routes.ts +92 -0
package/src/routes/webhook-routes.ts +97 -0
package/src/run-artifact-metadata-cache.test.ts +80 -0
package/src/run-artifact-metadata-cache.ts +184 -0
package/src/secret-value-cache.test.ts +66 -0
package/src/secret-value-cache.ts +55 -0
package/src/secrets/SecretsManager.ts +343 -0
package/src/test-utils.ts +81 -0
package/src/timestamp-tracker.test.ts +134 -0
package/src/timestamp-tracker.ts +132 -0
package/src/utils/failure-artifact-writer.ts +187 -0
package/src/utils/file-helpers.test.ts +235 -0
package/src/utils/file-helpers.ts +150 -0
package/src/utils/http-client-factory.test.ts +245 -0
package/src/utils/http-client-factory.ts +157 -0
package/src/utils/progress-normalizer.test.ts +442 -0
package/src/utils/progress-normalizer.ts +68 -0
package/src/utils/response-helpers.test.ts +122 -0
package/src/utils/response-helpers.ts +101 -0
package/src/utils/route-helpers.ts +30 -0
package/src/utils/status-response-builder.ts +159 -0
package/src/utils/type-guards.ts +52 -0
package/src/utils/utf8-helpers.ts +102 -0
package/src/utils/webhook-event-builder.test.ts +143 -0
package/src/utils/webhook-event-builder.ts +87 -0
package/src/webhook-manager.test.ts +152 -0
package/src/webhook-manager.ts +445 -0
package/templates/allowlist-api-route.txt +7 -0
package/templates/allowlist-comprehensive.txt +8 -0
package/templates/allowlist-parser-fix.txt +6 -0
package/templates/allowlist-ui-component.txt +9 -0
package/templates/allowlist-utility.txt +9 -0
package/test/actual-model-metadata.test.sh +102 -0
package/test/dry-run.test.sh +131 -0
package/test/fixtures/kaseki-report-exit-codes/metadata-exit-0.json +1 -0
package/test/fixtures/kaseki-report-exit-codes/metadata-exit-1.json +1 -0
package/test/fixtures/kaseki-report-exit-codes/metadata-exit-invalid.json +1 -0
package/test/fixtures/kaseki-report-exit-codes/metadata-exit-str-0.json +1 -0
package/test/fixtures/kaseki-report-exit-codes/metadata-exit-str-1.json +1 -0
package/test/kaseki-api.integration.test.sh +165 -0
package/test/pi-event-filter-failure.test.sh +83 -0
package/test/printf-safety-focused.test.sh +99 -0
package/test/printf-safety-results/results/restoration.jsonl +10 -0
package/test/printf-safety-results/results/test.jsonl +0 -0
package/test/printf-safety.test.sh +297 -0
package/test/validation-fix.test.sh +79 -0
package/test/validation-integration.test.sh +109 -0
package/tests/allowlist-glob.test.sh +61 -0
package/tests/dependency-cache-key.test.sh +48 -0
package/tests/dependency-restore-mode.test.sh +48 -0
package/tests/doctor-template-parity.test.sh +95 -0
package/tests/github-operations.test.sh +142 -0
package/tests/npm-install-flags.test.sh +58 -0
package/tests/quality-gates.test.sh +178 -0
package/tests/repo-memory.test.sh +103 -0
package/tests/restore-disallowed-changes.test.sh +80 -0
package/tests/validation-missing-npm-scripts.test.sh +93 -0
package/tests/validation-strict-mode.test.sh +118 -0
package/tsconfig.changed.json +7 -0
package/tsconfig.json +39 -0

package/scripts/dry-run-allowlist.sh ADDED Viewed

@@ -0,0 +1,161 @@
+#!/bin/bash
+# dry-run-allowlist.sh - Preview which files would be restored for a given allowlist
+# Usage: ./scripts/dry-run-allowlist.sh [--changed-files <file>] [--allowlist <pattern>]
+# Example: ./scripts/dry-run-allowlist.sh --changed-files /results/kaseki-1/changed-files.txt
+set -e
+CHANGED_FILES=""
+ALLOWLIST="${KASEKI_CHANGED_FILES_ALLOWLIST:-src/lib/parser.ts tests/parser.validation.ts}"
+RESULT_DIR=""
+# Parse arguments
+while [[ $# -gt 0 ]]; do
+  case "$1" in
+    --changed-files)
+      CHANGED_FILES="$2"
+      shift 2
+      ;;
+    --allowlist)
+      ALLOWLIST="$2"
+      shift 2
+      ;;
+    --result-dir|--results)
+      RESULT_DIR="$2"
+      shift 2
+      ;;
+    --help)
+      cat << 'EOF'
+dry-run-allowlist.sh - Preview which files would be restored for a given allowlist
+Usage: ./scripts/dry-run-allowlist.sh [OPTIONS]
+Options:
+  --changed-files <file>   Path to changed-files.txt (default: /results/changed-files.txt)
+  --allowlist <pattern>    Allowlist pattern (default: from KASEKI_CHANGED_FILES_ALLOWLIST)
+  --result-dir <dir>       Result directory (for convenience, auto-finds changed-files.txt)
+  --help                   Show this help message
+Examples:
+  # Preview current results
+  ./scripts/dry-run-allowlist.sh --result-dir /results/kaseki-1
+  # Test a custom allowlist
+  ./scripts/dry-run-allowlist.sh --allowlist "src/lib/** tests/**" --changed-files /results/kaseki-1/changed-files.txt
+  # Using template
+  ./scripts/dry-run-allowlist.sh --allowlist "$(cat templates/allowlist-ui-component.txt | tr '\n' ' ')"
+EOF
+      exit 0
+      ;;
+    *)
+      echo "Unknown option: $1" >&2
+      exit 1
+      ;;
+  esac
+done
+# Determine changed-files location
+if [ -z "$CHANGED_FILES" ]; then
+  if [ -n "$RESULT_DIR" ]; then
+    CHANGED_FILES="$RESULT_DIR/changed-files.txt"
+  else
+    CHANGED_FILES="${KASEKI_RESULTS:-/results}/changed-files.txt"
+  fi
+fi
+if [ ! -f "$CHANGED_FILES" ]; then
+  echo "❌ changed-files.txt not found: $CHANGED_FILES" >&2
+  exit 1
+fi
+# Source the allowlist helper
+SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
+ALLOWLIST_HELPER="$SCRIPT_DIR/allowlist-helper.sh"
+if [ ! -r "$ALLOWLIST_HELPER" ]; then
+  echo "❌ allowlist-helper.sh not found: $ALLOWLIST_HELPER" >&2
+  exit 1
+fi
+# shellcheck disable=SC1090
+source "$ALLOWLIST_HELPER"
+# Build regex from allowlist
+allowlist_regex="$(build_allowlist_regex "$ALLOWLIST")"
+if [ -z "$allowlist_regex" ]; then
+  echo "⚠️  Empty allowlist — all files would be restored"
+  cat "$CHANGED_FILES"
+  exit 0
+fi
+# Analyze files
+declare -a would_restore
+declare -a would_keep
+total=0
+while IFS= read -r file || [ -n "$file" ]; do
+  [ -z "$file" ] && continue
+  total=$((total + 1))
+  if printf '%s\n' "$file" | grep -Eq "^(${allowlist_regex})$"; then
+    would_keep+=("$file")
+  else
+    would_restore+=("$file")
+  fi
+done < "$CHANGED_FILES"
+# Print results
+{
+  printf "# Dry-Run Allowlist Preview\n\n"
+  printf "Allowlist: \`%s\`\n" "$ALLOWLIST"
+  printf "Changed files: %s\n\n" "$CHANGED_FILES"
+  printf '## Summary\n\n'
+  printf '- **Total Files:** %d\n' "$total"
+  printf '- **Would Keep (matched):** %d\n' "${#would_keep[@]}"
+  printf '- **Would Restore (outside):** %d\n' "${#would_restore[@]}"
+  if [ "$total" -gt 0 ]; then
+    coverage=$((${#would_keep[@]} * 100 / total))
+    printf '- **Coverage:** %d%%\n\n' "$coverage"
+  else
+    printf '\n'
+  fi
+  if [ "${#would_restore[@]}" -gt 0 ]; then
+    printf '## Would Be Restored\n\n'
+    printf 'These files would NOT pass through to validation:\n\n'
+    for file in "${would_restore[@]}"; do
+      printf "- \`%s\`\n" "$file"
+    done
+    printf '\n'
+  fi
+  if [ "${#would_keep[@]}" -gt 0 ]; then
+    printf '## Would Be Kept\n\n'
+    printf 'These files would pass through to validation:\n\n'
+    for file in "${would_keep[@]}"; do
+      printf "- \`%s\`\n" "$file"
+    done
+    printf '\n'
+  fi
+  printf '## Recommendations\n\n'
+  if [ "${#would_restore[@]}" -gt 0 ] && [ "${#would_keep[@]}" -eq 0 ]; then
+    printf '⚠️  **ALL files would be restored** — allowlist is too narrow or wrong.\n'
+  elif [ "${#would_restore[@]}" -gt 0 ] && [ "$coverage" -lt 30 ]; then
+    printf '⚠️  **Low coverage (%d%%)** — consider:\n' "$coverage"
+    printf '1. Expanding the allowlist patterns\n'
+    printf "2. Using a broader template (e.g., \`allowlist-utility\`)\n"
+    printf '3. Reviewing the TASK_PROMPT for clarity\n'
+  elif [ "${#would_restore[@]}" -eq 0 ]; then
+    printf '✅ **Perfect coverage** — all files match the allowlist.\n'
+  else
+    printf '✅ **Good coverage** — allowlist looks reasonable.\n'
+  fi
+} | tee /tmp/dry-run-allowlist-preview.md
+echo ""
+echo "Preview saved to: /tmp/dry-run-allowlist-preview.md"

package/scripts/kaseki-activate.sh ADDED Viewed

@@ -0,0 +1,396 @@
+#!/usr/bin/env bash
+set -euo pipefail
+KASEKI_REPO_URL="${KASEKI_REPO_URL:-https://github.com/CyanAutomation/kaseki-agent.git}"
+KASEKI_REF="${KASEKI_REF:-main}"
+KASEKI_ROOT="${KASEKI_ROOT:-/agents}"
+KASEKI_CHECKOUT_DIR="${KASEKI_CHECKOUT_DIR:-$KASEKI_ROOT/kaseki-agent}"
+KASEKI_TEMPLATE_DIR="${KASEKI_TEMPLATE_DIR:-$KASEKI_ROOT/kaseki-template}"
+KASEKI_LOG_DIR="${KASEKI_LOG_DIR:-/var/log/kaseki}"
+KASEKI_STRICT_HOST_LOGGING="${KASEKI_STRICT_HOST_LOGGING:-0}"
+KASEKI_OUTPUT_FORMAT="${KASEKI_OUTPUT_FORMAT:-text}"
+KASEKI_CONTROLLER_MODE="${KASEKI_CONTROLLER_MODE:-0}"
+KASEKI_BUILD_IMAGE_IF_TEMPLATE_MISSING="${KASEKI_BUILD_IMAGE_IF_TEMPLATE_MISSING:-1}"
+KASEKI_IMAGE_PULL_POLICY="${KASEKI_IMAGE_PULL_POLICY:-always}"
+KASEKI_REPLACE_STALE="${KASEKI_REPLACE_STALE:-0}"
+KASEKI_DOCTOR_REQUIRE_OPENROUTER_KEY="${KASEKI_DOCTOR_REQUIRE_OPENROUTER_KEY:-1}"
+KASEKI_JSON_LOG_COMPONENT="kaseki-activate"
+COMMAND=""
+COMMAND_ARGS=()
+json_escape() {
+  local value="${1-}"
+  value="${value//\\/\\\\}"
+  value="${value//\"/\\\"}"
+  value="${value//$'\n'/\\n}"
+  value="${value//$'\r'/\\r}"
+  value="${value//$'\t'/\\t}"
+  printf '%s' "$value"
+}
+emit_json_log() {
+  local stage="$1"
+  local status="$2"
+  local detail="${3-}"
+  local line
+  line="$(printf '{"timestamp":"%s","component":"%s","stage":"%s","status":"%s","detail":"%s"}' \
+    "$(date -u +%Y-%m-%dT%H:%M:%SZ)" \
+    "$KASEKI_JSON_LOG_COMPONENT" \
+    "$(json_escape "$stage")" \
+    "$(json_escape "$status")" \
+    "$(json_escape "$detail")")"
+  if [ "$KASEKI_OUTPUT_FORMAT" = "json" ]; then
+    printf '%s\n' "$line" >&2
+  else
+    printf '%s\n' "$line"
+  fi
+}
+json_string() {
+  printf '"%s"' "$(json_escape "${1-}")"
+}
+json_bool() {
+  case "${1-}" in
+    1|true|TRUE|yes|YES) printf 'true' ;;
+    *) printf 'false' ;;
+  esac
+}
+parse_args() {
+  for arg in "$@"; do
+    case "$arg" in
+      --json)
+        KASEKI_OUTPUT_FORMAT="json"
+        ;;
+      --jsonl)
+        KASEKI_OUTPUT_FORMAT="jsonl"
+        ;;
+      --format=json)
+        KASEKI_OUTPUT_FORMAT="json"
+        ;;
+      --format=jsonl)
+        KASEKI_OUTPUT_FORMAT="jsonl"
+        ;;
+      --format=text)
+        KASEKI_OUTPUT_FORMAT="text"
+        ;;
+      --controller)
+        KASEKI_CONTROLLER_MODE="1"
+        KASEKI_OUTPUT_FORMAT="json"
+        KASEKI_BUILD_IMAGE_IF_TEMPLATE_MISSING="0"
+        KASEKI_IMAGE_PULL_POLICY="always"
+        ;;
+      --no-build)
+        KASEKI_BUILD_IMAGE_IF_TEMPLATE_MISSING="0"
+        ;;
+      --replace-stale)
+        KASEKI_REPLACE_STALE="1"
+        ;;
+      *)
+        if [ -z "$COMMAND" ]; then
+          COMMAND="$arg"
+        else
+          COMMAND_ARGS+=("$arg")
+        fi
+        ;;
+    esac
+  done
+  COMMAND="${COMMAND:-bootstrap}"
+}
+print_command_json() {
+  local command="$1"
+  local exit_code="$2"
+  local message="${3-}"
+  local result_dir="${4-}"
+  local instance="${5-}"
+  local checkout_ref=""
+  local template_ready="false"
+  if [ -d "$KASEKI_CHECKOUT_DIR/.git" ]; then
+    checkout_ref="$(git -C "$KASEKI_CHECKOUT_DIR" rev-parse --short HEAD 2>/dev/null || true)"
+  fi
+  [ -x "$KASEKI_TEMPLATE_DIR/run-kaseki.sh" ] && template_ready="true"
+  cat <<JSON
+{"command":$(json_string "$command"),"exit_code":$exit_code,"ok":$(json_bool "$([ "$exit_code" -eq 0 ] && printf 1 || printf 0)"),"message":$(json_string "$message"),"instance":$(json_string "$instance"),"result_dir":$(json_string "$result_dir"),"checkout":$(json_string "$KASEKI_CHECKOUT_DIR"),"checkout_ref":$(json_string "$checkout_ref"),"template":$(json_string "$KASEKI_TEMPLATE_DIR"),"template_ready":$template_ready}
+JSON
+}
+setup_host_logging() {
+  local stamp host_log_file
+  if [ "$KASEKI_OUTPUT_FORMAT" = "json" ]; then
+    return 0
+  fi
+  if mkdir -p "$KASEKI_LOG_DIR" 2>/dev/null && [ -w "$KASEKI_LOG_DIR" ]; then
+    stamp="$(date -u +%Y%m%dT%H%M%SZ)"
+    host_log_file="$KASEKI_LOG_DIR/kaseki-activate-${stamp}.log"
+    exec > >(tee -a "$host_log_file") 2> >(tee -a "$host_log_file" >&2)
+    emit_json_log "logging" "ok" "$host_log_file"
+    return 0
+  fi
+  if [ "$KASEKI_STRICT_HOST_LOGGING" = "1" ]; then
+    emit_json_log "logging" "error" "KASEKI_LOG_DIR is not writable: $KASEKI_LOG_DIR"
+    exit 1
+  fi
+  emit_json_log "logging" "warning" "host log mirroring disabled: $KASEKI_LOG_DIR"
+}
+show_help() {
+  cat <<HELP
+Usage: scripts/kaseki-activate.sh [--json|--jsonl] [bootstrap|install|deploy|doctor|run|status|clean] [run args...]
+Host-side activation entrypoint for local or SSH-launched agents.
+Commands:
+  bootstrap  Install/update checkout, deploy template, then run doctor.
+  install    Clone or fast-forward KASEKI_CHECKOUT_DIR to KASEKI_REF.
+  deploy     Deploy KASEKI_TEMPLATE_DIR from the configured image or local build.
+  doctor     Run /agents/kaseki-template/run-kaseki.sh --doctor.
+  run        Run /agents/kaseki-template/run-kaseki.sh with remaining args.
+  status     Print template presence and recent Kaseki instances.
+  clean      Remove template, runs, results, cache, and checkout.
+Output:
+  --json     Print a final machine-readable JSON object for status, doctor, and run.
+  --jsonl    Keep newline-delimited JSON progress logs on stdout.
+Controller options:
+  --controller  JSON output, pull registry image, and fail instead of building locally.
+  --no-build    Fail deployment if the registry image cannot be used.
+  --replace-stale
+              Reset and clean an existing dirty checkout before updating it.
+Useful environment:
+  KASEKI_REPO_URL=$KASEKI_REPO_URL
+  KASEKI_REF=$KASEKI_REF
+  KASEKI_ROOT=$KASEKI_ROOT
+  KASEKI_CHECKOUT_DIR=$KASEKI_CHECKOUT_DIR
+  KASEKI_TEMPLATE_DIR=$KASEKI_TEMPLATE_DIR
+  KASEKI_CONTROLLER_MODE=$KASEKI_CONTROLLER_MODE
+  KASEKI_IMAGE_PULL_POLICY=$KASEKI_IMAGE_PULL_POLICY
+  KASEKI_BUILD_IMAGE_IF_TEMPLATE_MISSING=$KASEKI_BUILD_IMAGE_IF_TEMPLATE_MISSING
+  KASEKI_REPLACE_STALE=$KASEKI_REPLACE_STALE
+HELP
+}
+require_bin() {
+  local bin="$1"
+  if ! command -v "$bin" >/dev/null 2>&1; then
+    emit_json_log "preflight" "error" "missing required binary: $bin"
+    exit 1
+  fi
+}
+install_checkout() {
+  require_bin git
+  mkdir -p "$(dirname "$KASEKI_CHECKOUT_DIR")"
+  if [ -d "$KASEKI_CHECKOUT_DIR/.git" ]; then
+    if [ -n "$(git -C "$KASEKI_CHECKOUT_DIR" status --porcelain)" ]; then
+      if [ "$KASEKI_REPLACE_STALE" = "1" ]; then
+        emit_json_log "install" "warning" "dirty checkout detected; resetting because KASEKI_REPLACE_STALE=1"
+        git -C "$KASEKI_CHECKOUT_DIR" reset --hard HEAD >&2
+        git -C "$KASEKI_CHECKOUT_DIR" clean -fdx >&2
+      else
+        emit_json_log "install" "error" "dirty checkout at $KASEKI_CHECKOUT_DIR; rerun with --replace-stale or KASEKI_REPLACE_STALE=1 to reset it"
+        [ "$KASEKI_OUTPUT_FORMAT" = "json" ] && print_command_json "install" 3 "dirty checkout; use --replace-stale to reset stale local files" "" ""
+        exit 3
+      fi
+    fi
+    emit_json_log "install" "started" "updating $KASEKI_CHECKOUT_DIR"
+    git -C "$KASEKI_CHECKOUT_DIR" fetch --prune origin >&2
+  else
+    rm -rf "$KASEKI_CHECKOUT_DIR"
+    emit_json_log "install" "started" "cloning $KASEKI_REPO_URL to $KASEKI_CHECKOUT_DIR"
+    git clone "$KASEKI_REPO_URL" "$KASEKI_CHECKOUT_DIR" >&2
+  fi
+  git -C "$KASEKI_CHECKOUT_DIR" checkout "$KASEKI_REF" >&2
+  git -C "$KASEKI_CHECKOUT_DIR" pull --ff-only origin "$KASEKI_REF" >&2 || true
+  emit_json_log "install" "finished" "$(git -C "$KASEKI_CHECKOUT_DIR" rev-parse --short HEAD)"
+  if [ "$KASEKI_OUTPUT_FORMAT" = "json" ] && [ "$COMMAND" = "install" ]; then
+    print_command_json "install" 0 "checkout installed" "" ""
+  fi
+}
+deploy_template() {
+  local code output_file
+  require_bin docker
+  emit_json_log "deploy" "started" "$KASEKI_TEMPLATE_DIR"
+  if [ "$KASEKI_OUTPUT_FORMAT" = "json" ]; then
+    output_file="$(mktemp)"
+    set +e
+    KASEKI_TEMPLATE_DIR="$KASEKI_TEMPLATE_DIR" \
+      KASEKI_IMAGE_PULL_POLICY="$KASEKI_IMAGE_PULL_POLICY" \
+      KASEKI_BUILD_IMAGE_IF_TEMPLATE_MISSING="$KASEKI_BUILD_IMAGE_IF_TEMPLATE_MISSING" \
+      "$KASEKI_CHECKOUT_DIR/scripts/deploy-pi-template.sh" >"$output_file" 2>&1
+    code=$?
+    set -e
+    cat "$output_file" >&2
+    if [ "$COMMAND" = "deploy" ]; then
+      print_command_json "deploy" "$code" "$(tail -n 20 "$output_file")" "" ""
+    fi
+    rm -f "$output_file"
+    [ "$code" -eq 0 ] || exit "$code"
+  else
+    KASEKI_TEMPLATE_DIR="$KASEKI_TEMPLATE_DIR" \
+      KASEKI_IMAGE_PULL_POLICY="$KASEKI_IMAGE_PULL_POLICY" \
+      KASEKI_BUILD_IMAGE_IF_TEMPLATE_MISSING="$KASEKI_BUILD_IMAGE_IF_TEMPLATE_MISSING" \
+      "$KASEKI_CHECKOUT_DIR/scripts/deploy-pi-template.sh"
+  fi
+  emit_json_log "deploy" "finished" "$KASEKI_TEMPLATE_DIR"
+}
+run_doctor() {
+  local code output_file
+  if [ ! -x "$KASEKI_TEMPLATE_DIR/run-kaseki.sh" ]; then
+    emit_json_log "doctor" "error" "template is not deployed: $KASEKI_TEMPLATE_DIR"
+    [ "$KASEKI_OUTPUT_FORMAT" = "json" ] && print_command_json "doctor" 2 "template is not deployed" "" ""
+    exit 2
+  fi
+  emit_json_log "doctor" "started" "$KASEKI_TEMPLATE_DIR"
+  if [ "$KASEKI_OUTPUT_FORMAT" = "json" ]; then
+    output_file="$(mktemp)"
+    set +e
+    KASEKI_DOCTOR_REQUIRE_OPENROUTER_KEY="$KASEKI_DOCTOR_REQUIRE_OPENROUTER_KEY" \
+      "$KASEKI_TEMPLATE_DIR/run-kaseki.sh" --doctor >"$output_file" 2>&1
+    code=$?
+    set -e
+    print_command_json "doctor" "$code" "$(tail -n 20 "$output_file")" "" ""
+    rm -f "$output_file"
+    [ "$code" -eq 0 ] || exit "$code"
+  else
+    KASEKI_DOCTOR_REQUIRE_OPENROUTER_KEY="$KASEKI_DOCTOR_REQUIRE_OPENROUTER_KEY" \
+      "$KASEKI_TEMPLATE_DIR/run-kaseki.sh" --doctor
+  fi
+  emit_json_log "doctor" "finished" "$KASEKI_TEMPLATE_DIR"
+}
+run_kaseki() {
+  local code output_file instance result_dir
+  if [ ! -x "$KASEKI_TEMPLATE_DIR/run-kaseki.sh" ]; then
+    emit_json_log "run" "error" "template is not deployed: $KASEKI_TEMPLATE_DIR"
+    [ "$KASEKI_OUTPUT_FORMAT" = "json" ] && print_command_json "run" 2 "template is not deployed" "" ""
+    exit 2
+  fi
+  emit_json_log "run" "started" "run-kaseki.sh with $(($# > 0 ? $# : 0)) arguments"
+  set +e
+  if [ "$KASEKI_OUTPUT_FORMAT" = "json" ]; then
+    output_file="$(mktemp)"
+    "$KASEKI_TEMPLATE_DIR/run-kaseki.sh" "$@" >"$output_file" 2>&1
+  else
+    "$KASEKI_TEMPLATE_DIR/run-kaseki.sh" "$@"
+  fi
+  code=$?
+  set -e
+  if [ "$KASEKI_OUTPUT_FORMAT" = "json" ]; then
+    instance="$(awk '/^kaseki-[0-9]+$/ { value=$0 } END { print value }' "$output_file")"
+    result_dir="$(awk -F= '/^result_dir=/ { value=$2 } END { print value }' "$output_file")"
+    print_command_json "run" "$code" "$(tail -n 40 "$output_file")" "$result_dir" "$instance"
+    rm -f "$output_file"
+  fi
+  if [ "$code" -eq 0 ]; then
+    emit_json_log "run" "finished" "$*"
+  else
+    emit_json_log "run" "error" "run-kaseki.sh exited with code $code"
+  fi
+  return "$code"
+}
+show_status() {
+  emit_json_log "status" "started" "$KASEKI_ROOT"
+  if [ "$KASEKI_OUTPUT_FORMAT" = "json" ]; then
+    local checkout_ref="" template_ready="false" instances_json="[]"
+    if [ -d "$KASEKI_CHECKOUT_DIR/.git" ]; then
+      checkout_ref="$(git -C "$KASEKI_CHECKOUT_DIR" rev-parse --short HEAD 2>/dev/null || true)"
+    fi
+    [ -x "$KASEKI_TEMPLATE_DIR/run-kaseki.sh" ] && template_ready="true"
+    if [ -d "$KASEKI_ROOT/kaseki-results" ]; then
+      instances_json="$(
+        find "$KASEKI_ROOT/kaseki-results" -mindepth 1 -maxdepth 1 -type d -name 'kaseki-*' -print 2>/dev/null |
+          sort -Vr |
+          awk -v root="$KASEKI_ROOT/kaseki-results" '
+            BEGIN { printf "[" }
+            {
+              name=$0
+              sub("^" root "/", "", name)
+              if (count++ > 0) printf ","
+              printf "{\"instance\":\"%s\",\"result_dir\":\"%s\"}", name, $0
+            }
+            END { printf "]" }
+          '
+      )"
+    fi
+    cat <<JSON
+{"command":"status","exit_code":0,"ok":true,"checkout":$(json_string "$KASEKI_CHECKOUT_DIR"),"checkout_ref":$(json_string "$checkout_ref"),"template":$(json_string "$KASEKI_TEMPLATE_DIR"),"template_ready":$template_ready,"results_dir":$(json_string "$KASEKI_ROOT/kaseki-results"),"instances":$instances_json}
+JSON
+    emit_json_log "status" "finished" "$KASEKI_ROOT"
+    return 0
+  fi
+  printf 'checkout=%s\n' "$KASEKI_CHECKOUT_DIR"
+  if [ -d "$KASEKI_CHECKOUT_DIR/.git" ]; then
+    printf 'checkout_ref=%s\n' "$(git -C "$KASEKI_CHECKOUT_DIR" rev-parse --short HEAD)"
+  fi
+  printf 'template=%s\n' "$KASEKI_TEMPLATE_DIR"
+  [ -x "$KASEKI_TEMPLATE_DIR/run-kaseki.sh" ] && printf 'template_ready=true\n' || printf 'template_ready=false\n'
+  if [ -x "$KASEKI_TEMPLATE_DIR/kaseki" ]; then
+    "$KASEKI_TEMPLATE_DIR/kaseki" list || true
+  fi
+  emit_json_log "status" "finished" "$KASEKI_ROOT"
+}
+clean_all() {
+  emit_json_log "clean" "started" "$KASEKI_ROOT"
+  rm -rf "$KASEKI_TEMPLATE_DIR" \
+    "$KASEKI_ROOT/kaseki-runs" \
+    "$KASEKI_ROOT/kaseki-results" \
+    "$KASEKI_ROOT/kaseki-cache" \
+    "$KASEKI_CHECKOUT_DIR"
+  emit_json_log "clean" "finished" "$KASEKI_ROOT"
+  if [ "$KASEKI_OUTPUT_FORMAT" = "json" ]; then
+    print_command_json "clean" 0 "removed Kaseki checkout, template, runs, results, and cache" "" ""
+  fi
+}
+parse_args "$@"
+if [ "$KASEKI_CONTROLLER_MODE" = "1" ]; then
+  KASEKI_OUTPUT_FORMAT="json"
+  KASEKI_BUILD_IMAGE_IF_TEMPLATE_MISSING="0"
+  KASEKI_IMAGE_PULL_POLICY="always"
+  if [ -z "${OPENROUTER_API_KEY:-}" ] && [ -z "${OPENROUTER_API_KEY_FILE:-}" ]; then
+    KASEKI_DOCTOR_REQUIRE_OPENROUTER_KEY="0"
+  fi
+fi
+setup_host_logging
+case "$COMMAND" in
+  bootstrap)
+    install_checkout
+    deploy_template
+    run_doctor
+    ;;
+  install)
+    install_checkout
+    ;;
+  deploy)
+    deploy_template
+    ;;
+  doctor)
+    run_doctor
+    ;;
+  run)
+    run_kaseki "${COMMAND_ARGS[@]}"
+    ;;
+  status)
+    show_status
+    ;;
+  clean)
+    clean_all
+    ;;
+  --help|-h|help)
+    show_help
+    ;;
+  *)
+    emit_json_log "usage" "error" "unknown command: $COMMAND"
+    show_help >&2
+    exit 2
+    ;;
+esac

package/scripts/kaseki-api.service ADDED Viewed

@@ -0,0 +1,62 @@
+[Unit]
+Description=Kaseki Agent API Service
+Documentation=https://github.com/CyanAutomation/kaseki-agent
+After=network.target docker.service
+[Service]
+Type=simple
+User=nobody
+Group=nogroup
+EnvironmentFile=-/etc/kaseki-api/kaseki-api.env
+# Security hardening (match Docker settings)
+NoNewPrivileges=true
+PrivateTmp=true
+ProtectSystem=strict
+ProtectHome=true
+ReadWritePaths=/agents/kaseki-results /var/log/kaseki-api /tmp
+UMask=0077
+# Restart behavior
+Restart=on-failure
+RestartSec=10
+StandardOutput=journal
+StandardError=journal
+SyslogIdentifier=kaseki-api
+# Timeout and graceful shutdown
+TimeoutStopSec=30
+KillSignal=SIGTERM
+# Authoritative runtime mode: Docker container.
+# This unit intentionally runs the baked image artifact at /app/dist/kaseki-api-service.js.
+# Do not switch this unit to a host Node.js ExecStart; use a separate unit for host-mode if needed.
+#
+# Required deployment sequence for image lifecycle:
+# 1) Build image from this repo: docker build -t <tag> .
+# 2) If using a registry image, push it: docker push <registry>/<image>:<tag>
+# 3) On host, set KASEKI_API_IMAGE in /etc/kaseki-api/kaseki-api.env and pull it:
+#      docker pull "${KASEKI_API_IMAGE}"
+# 4) Restart service: systemctl restart kaseki-api
+ExecStartPre=/usr/bin/bash -lc 'printf "KASEKI_API_IMAGE=%s\n" "${KASEKI_API_IMAGE:-kaseki-agent:node24-local}"; docker image inspect "${KASEKI_API_IMAGE:-kaseki-agent:node24-local}" --format "ImageId={{.Id}} RepoDigests={{join .RepoDigests \",\"}}"'
+ExecStartPre=/usr/bin/docker run --rm --entrypoint /bin/bash "${KASEKI_API_IMAGE:-kaseki-agent:node24-local}" -lc 'test -f /app/dist/kaseki-api-service.js && ls -l /app/dist/kaseki-api-service.js'
+ExecStart=/usr/bin/docker run --rm \
+  --name kaseki-api-container \
+  -p 8080:8080 \
+  -v /agents:/agents:rw \
+  -v /agents/kaseki-results:/agents/kaseki-results:rw \
+  -v /var/log/kaseki-api:/var/log/kaseki-api:rw \
+  -v /var/run/docker.sock:/var/run/docker.sock \
+  --env-file /etc/kaseki-api/kaseki-api.env \
+  --user 0:0 \
+  --cap-drop ALL \
+  --security-opt no-new-privileges:true \
+  --read-only \
+  --entrypoint /bin/bash \
+  "${KASEKI_API_IMAGE:-kaseki-agent:node24-local}" \
+  -lc 'set -euo pipefail; test -f /app/dist/kaseki-api-service.js; ls -l /app/dist/kaseki-api-service.js; test ! -e /agents/kaseki-template/dist/kaseki-api-service.js || echo "INFO: host /agents/kaseki-template/dist exists but is ignored in Docker mode"; exec node /app/dist/kaseki-api-service.js'
+ExecStop=/usr/bin/docker stop -t 30 kaseki-api-container
+[Install]
+WantedBy=multi-user.target