npm - @cyanautomation/kaseki-agent - Versions diffs - 1.4.1 - Mend

@cyanautomation/kaseki-agent 1.4.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (459) hide show

package/.dockerignore +54 -0
package/.eslintignore +11 -0
package/.eslintrc.json +95 -0
package/.github/ISSUE_TEMPLATE/bug_report.md +53 -0
package/.github/ISSUE_TEMPLATE/feature_request.md +53 -0
package/.github/ISSUE_TEMPLATE/security.md +51 -0
package/.github/PULL_REQUEST_TEMPLATE/default.md +71 -0
package/.github/dependabot.yml +38 -0
package/.github/skills/dependency-cache-optimization/SKILL.md +526 -0
package/.github/skills/docker-image-management/SKILL.md +532 -0
package/.github/skills/frontend-design/SKILL.md +782 -0
package/.github/skills/prompt-engineering/SKILL.md +360 -0
package/.github/skills/quality-gate-config/SKILL.md +591 -0
package/.github/skills/result-report-analysis/SKILL.md +576 -0
package/.github/skills/test-automation/SKILL.md +593 -0
package/.github/skills/workflow-diagnosis/SKILL.md +468 -0
package/.github/workflows/build-docker-image.yml +453 -0
package/.github/workflows/release.yml +68 -0
package/.releaserc.json +135 -0
package/CHANGELOG.md +117 -0
package/CLAUDE.md +336 -0
package/CONTRIBUTING.md +339 -0
package/Dockerfile +217 -0
package/README.md +1527 -0
package/STYLE.md +521 -0
package/add-js-extensions.d.ts +9 -0
package/add-js-extensions.d.ts.map +1 -0
package/add-js-extensions.js.map +1 -0
package/dist/add-js-extensions.d.ts +9 -0
package/dist/add-js-extensions.d.ts.map +1 -0
package/dist/add-js-extensions.js +52 -0
package/dist/add-js-extensions.js.map +1 -0
package/dist/ansi-colors.d.ts +26 -0
package/dist/ansi-colors.d.ts.map +1 -0
package/dist/ansi-colors.js +51 -0
package/dist/ansi-colors.js.map +1 -0
package/dist/cli/BaseCommand.d.ts +18 -0
package/dist/cli/BaseCommand.d.ts.map +1 -0
package/dist/cli/BaseCommand.js +31 -0
package/dist/cli/BaseCommand.js.map +1 -0
package/dist/cli/KasekiCLI.d.ts +30 -0
package/dist/cli/KasekiCLI.d.ts.map +1 -0
package/dist/cli/KasekiCLI.js +134 -0
package/dist/cli/KasekiCLI.js.map +1 -0
package/dist/cli/commands/ConfigCommand.d.ts +13 -0
package/dist/cli/commands/ConfigCommand.d.ts.map +1 -0
package/dist/cli/commands/ConfigCommand.js +131 -0
package/dist/cli/commands/ConfigCommand.js.map +1 -0
package/dist/cli/commands/DoctorCommand.d.ts +45 -0
package/dist/cli/commands/DoctorCommand.d.ts.map +1 -0
package/dist/cli/commands/DoctorCommand.js +309 -0
package/dist/cli/commands/DoctorCommand.js.map +1 -0
package/dist/cli/commands/ListCommand.d.ts +9 -0
package/dist/cli/commands/ListCommand.d.ts.map +1 -0
package/dist/cli/commands/ListCommand.js +81 -0
package/dist/cli/commands/ListCommand.js.map +1 -0
package/dist/cli/commands/ReportCommand.d.ts +9 -0
package/dist/cli/commands/ReportCommand.d.ts.map +1 -0
package/dist/cli/commands/ReportCommand.js +98 -0
package/dist/cli/commands/ReportCommand.js.map +1 -0
package/dist/cli/commands/RunCommand.d.ts +13 -0
package/dist/cli/commands/RunCommand.d.ts.map +1 -0
package/dist/cli/commands/RunCommand.js +191 -0
package/dist/cli/commands/RunCommand.js.map +1 -0
package/dist/cli/commands/SecretsCommand.d.ts +9 -0
package/dist/cli/commands/SecretsCommand.d.ts.map +1 -0
package/dist/cli/commands/SecretsCommand.js +109 -0
package/dist/cli/commands/SecretsCommand.js.map +1 -0
package/dist/cli/commands/ServeCommand.d.ts +9 -0
package/dist/cli/commands/ServeCommand.d.ts.map +1 -0
package/dist/cli/commands/ServeCommand.js +50 -0
package/dist/cli/commands/ServeCommand.js.map +1 -0
package/dist/cli/commands/SetupCommand.d.ts +42 -0
package/dist/cli/commands/SetupCommand.d.ts.map +1 -0
package/dist/cli/commands/SetupCommand.js +249 -0
package/dist/cli/commands/SetupCommand.js.map +1 -0
package/dist/cli.d.ts +9 -0
package/dist/cli.d.ts.map +1 -0
package/dist/cli.js +130 -0
package/dist/cli.js.map +1 -0
package/dist/config/ConfigManager.d.ts +395 -0
package/dist/config/ConfigManager.d.ts.map +1 -0
package/dist/config/ConfigManager.js +446 -0
package/dist/config/ConfigManager.js.map +1 -0
package/dist/docker/DockerManager.d.ts +69 -0
package/dist/docker/DockerManager.d.ts.map +1 -0
package/dist/docker/DockerManager.js +266 -0
package/dist/docker/DockerManager.js.map +1 -0
package/dist/event-aggregator.d.ts +71 -0
package/dist/event-aggregator.d.ts.map +1 -0
package/dist/event-aggregator.js +95 -0
package/dist/event-aggregator.js.map +1 -0
package/dist/github-app-token.d.ts +16 -0
package/dist/github-app-token.d.ts.map +1 -0
package/dist/github-app-token.js +148 -0
package/dist/github-app-token.js.map +1 -0
package/dist/idempotency-store.d.ts +61 -0
package/dist/idempotency-store.d.ts.map +1 -0
package/dist/idempotency-store.js +321 -0
package/dist/idempotency-store.js.map +1 -0
package/dist/index.d.ts +25 -0
package/dist/index.d.ts.map +1 -0
package/dist/index.js +31 -0
package/dist/index.js.map +1 -0
package/dist/instance/InstanceManager.d.ts +81 -0
package/dist/instance/InstanceManager.d.ts.map +1 -0
package/dist/instance/InstanceManager.js +220 -0
package/dist/instance/InstanceManager.js.map +1 -0
package/dist/instance-metadata-reader.d.ts +48 -0
package/dist/instance-metadata-reader.d.ts.map +1 -0
package/dist/instance-metadata-reader.js +94 -0
package/dist/instance-metadata-reader.js.map +1 -0
package/dist/instance-state-derivation.d.ts +42 -0
package/dist/instance-state-derivation.d.ts.map +1 -0
package/dist/instance-state-derivation.js +133 -0
package/dist/instance-state-derivation.js.map +1 -0
package/dist/job-scheduler.d.ts +124 -0
package/dist/job-scheduler.d.ts.map +1 -0
package/dist/job-scheduler.js +992 -0
package/dist/job-scheduler.js.map +1 -0
package/dist/kaseki-api-client.d.ts +89 -0
package/dist/kaseki-api-client.d.ts.map +1 -0
package/dist/kaseki-api-client.js +405 -0
package/dist/kaseki-api-client.js.map +1 -0
package/dist/kaseki-api-config.d.ts +34 -0
package/dist/kaseki-api-config.d.ts.map +1 -0
package/dist/kaseki-api-config.js +113 -0
package/dist/kaseki-api-config.js.map +1 -0
package/dist/kaseki-api-routes.d.ts +13 -0
package/dist/kaseki-api-routes.d.ts.map +1 -0
package/dist/kaseki-api-routes.js +559 -0
package/dist/kaseki-api-routes.js.map +1 -0
package/dist/kaseki-api-service-wrapper.d.ts +43 -0
package/dist/kaseki-api-service-wrapper.d.ts.map +1 -0
package/dist/kaseki-api-service-wrapper.js +150 -0
package/dist/kaseki-api-service-wrapper.js.map +1 -0
package/dist/kaseki-api-service.d.ts +16 -0
package/dist/kaseki-api-service.d.ts.map +1 -0
package/dist/kaseki-api-service.js +143 -0
package/dist/kaseki-api-service.js.map +1 -0
package/dist/kaseki-api-types.d.ts +440 -0
package/dist/kaseki-api-types.d.ts.map +1 -0
package/dist/kaseki-api-types.js +64 -0
package/dist/kaseki-api-types.js.map +1 -0
package/dist/kaseki-cli-lib.d.ts +219 -0
package/dist/kaseki-cli-lib.d.ts.map +1 -0
package/dist/kaseki-cli-lib.js +523 -0
package/dist/kaseki-cli-lib.js.map +1 -0
package/dist/kaseki-cli.d.ts +38 -0
package/dist/kaseki-cli.d.ts.map +1 -0
package/dist/kaseki-cli.js +559 -0
package/dist/kaseki-cli.js.map +1 -0
package/dist/kaseki-report.d.ts +3 -0
package/dist/kaseki-report.d.ts.map +1 -0
package/dist/kaseki-report.js +140 -0
package/dist/kaseki-report.js.map +1 -0
package/dist/lib/subprocess-helpers.d.ts +98 -0
package/dist/lib/subprocess-helpers.d.ts.map +1 -0
package/dist/lib/subprocess-helpers.js +136 -0
package/dist/lib/subprocess-helpers.js.map +1 -0
package/dist/logger.d.ts +39 -0
package/dist/logger.d.ts.map +1 -0
package/dist/logger.js +79 -0
package/dist/logger.js.map +1 -0
package/dist/metrics.d.ts +19 -0
package/dist/metrics.d.ts.map +1 -0
package/dist/metrics.js +59 -0
package/dist/metrics.js.map +1 -0
package/dist/middleware/job-lookup.d.ts +27 -0
package/dist/middleware/job-lookup.d.ts.map +1 -0
package/dist/middleware/job-lookup.js +28 -0
package/dist/middleware/job-lookup.js.map +1 -0
package/dist/pi-event-filter.d.ts +3 -0
package/dist/pi-event-filter.d.ts.map +1 -0
package/dist/pi-event-filter.js +126 -0
package/dist/pi-event-filter.js.map +1 -0
package/dist/pi-progress-stream.d.ts +3 -0
package/dist/pi-progress-stream.d.ts.map +1 -0
package/dist/pi-progress-stream.js +205 -0
package/dist/pi-progress-stream.js.map +1 -0
package/dist/pi-progress-summarizer.d.ts +61 -0
package/dist/pi-progress-summarizer.d.ts.map +1 -0
package/dist/pi-progress-summarizer.js +246 -0
package/dist/pi-progress-summarizer.js.map +1 -0
package/dist/pre-flight-validator.d.ts +72 -0
package/dist/pre-flight-validator.d.ts.map +1 -0
package/dist/pre-flight-validator.js +513 -0
package/dist/pre-flight-validator.js.map +1 -0
package/dist/progress-stream-utils.d.ts +3 -0
package/dist/progress-stream-utils.d.ts.map +1 -0
package/dist/progress-stream-utils.js +15 -0
package/dist/progress-stream-utils.js.map +1 -0
package/dist/result-cache.d.ts +52 -0
package/dist/result-cache.d.ts.map +1 -0
package/dist/result-cache.js +134 -0
package/dist/result-cache.js.map +1 -0
package/dist/routes/artifact-routes.d.ts +10 -0
package/dist/routes/artifact-routes.d.ts.map +1 -0
package/dist/routes/artifact-routes.js +126 -0
package/dist/routes/artifact-routes.js.map +1 -0
package/dist/routes/log-routes.d.ts +8 -0
package/dist/routes/log-routes.d.ts.map +1 -0
package/dist/routes/log-routes.js +345 -0
package/dist/routes/log-routes.js.map +1 -0
package/dist/routes/status-routes.d.ts +8 -0
package/dist/routes/status-routes.d.ts.map +1 -0
package/dist/routes/status-routes.js +82 -0
package/dist/routes/status-routes.js.map +1 -0
package/dist/routes/webhook-routes.d.ts +6 -0
package/dist/routes/webhook-routes.d.ts.map +1 -0
package/dist/routes/webhook-routes.js +86 -0
package/dist/routes/webhook-routes.js.map +1 -0
package/dist/run-artifact-metadata-cache.d.ts +42 -0
package/dist/run-artifact-metadata-cache.d.ts.map +1 -0
package/dist/run-artifact-metadata-cache.js +139 -0
package/dist/run-artifact-metadata-cache.js.map +1 -0
package/dist/secret-value-cache.d.ts +13 -0
package/dist/secret-value-cache.d.ts.map +1 -0
package/dist/secret-value-cache.js +44 -0
package/dist/secret-value-cache.js.map +1 -0
package/dist/secrets/SecretsManager.d.ts +80 -0
package/dist/secrets/SecretsManager.d.ts.map +1 -0
package/dist/secrets/SecretsManager.js +306 -0
package/dist/secrets/SecretsManager.js.map +1 -0
package/dist/test-utils.d.ts +55 -0
package/dist/test-utils.d.ts.map +1 -0
package/dist/test-utils.js +48 -0
package/dist/test-utils.js.map +1 -0
package/dist/timestamp-tracker.d.ts +75 -0
package/dist/timestamp-tracker.d.ts.map +1 -0
package/dist/timestamp-tracker.js +121 -0
package/dist/timestamp-tracker.js.map +1 -0
package/dist/utils/failure-artifact-writer.d.ts +29 -0
package/dist/utils/failure-artifact-writer.d.ts.map +1 -0
package/dist/utils/failure-artifact-writer.js +157 -0
package/dist/utils/failure-artifact-writer.js.map +1 -0
package/dist/utils/file-helpers.d.ts +41 -0
package/dist/utils/file-helpers.d.ts.map +1 -0
package/dist/utils/file-helpers.js +143 -0
package/dist/utils/file-helpers.js.map +1 -0
package/dist/utils/http-client-factory.d.ts +46 -0
package/dist/utils/http-client-factory.d.ts.map +1 -0
package/dist/utils/http-client-factory.js +114 -0
package/dist/utils/http-client-factory.js.map +1 -0
package/dist/utils/progress-normalizer.d.ts +13 -0
package/dist/utils/progress-normalizer.d.ts.map +1 -0
package/dist/utils/progress-normalizer.js +57 -0
package/dist/utils/progress-normalizer.js.map +1 -0
package/dist/utils/response-helpers.d.ts +34 -0
package/dist/utils/response-helpers.d.ts.map +1 -0
package/dist/utils/response-helpers.js +78 -0
package/dist/utils/response-helpers.js.map +1 -0
package/dist/utils/route-helpers.d.ts +17 -0
package/dist/utils/route-helpers.d.ts.map +1 -0
package/dist/utils/route-helpers.js +22 -0
package/dist/utils/route-helpers.js.map +1 -0
package/dist/utils/status-response-builder.d.ts +23 -0
package/dist/utils/status-response-builder.d.ts.map +1 -0
package/dist/utils/status-response-builder.js +144 -0
package/dist/utils/status-response-builder.js.map +1 -0
package/dist/utils/type-guards.d.ts +37 -0
package/dist/utils/type-guards.d.ts.map +1 -0
package/dist/utils/type-guards.js +45 -0
package/dist/utils/type-guards.js.map +1 -0
package/dist/utils/utf8-helpers.d.ts +32 -0
package/dist/utils/utf8-helpers.d.ts.map +1 -0
package/dist/utils/utf8-helpers.js +97 -0
package/dist/utils/utf8-helpers.js.map +1 -0
package/dist/utils/webhook-event-builder.d.ts +26 -0
package/dist/utils/webhook-event-builder.d.ts.map +1 -0
package/dist/utils/webhook-event-builder.js +77 -0
package/dist/utils/webhook-event-builder.js.map +1 -0
package/dist/webhook-manager.d.ts +56 -0
package/dist/webhook-manager.d.ts.map +1 -0
package/dist/webhook-manager.js +359 -0
package/dist/webhook-manager.js.map +1 -0
package/docker/workspace-cache/package-lock.json +13 -0
package/docker/workspace-cache/package.json +7 -0
package/docker-compose.yml +53 -0
package/docs/API.md +708 -0
package/docs/BACKLOG.md +19 -0
package/docs/BUILD_STRATEGY.md +404 -0
package/docs/CLI.md +569 -0
package/docs/DEPLOYMENT.md +521 -0
package/docs/DEVELOPMENT.md +459 -0
package/docs/DOCKER_SETUP.md +522 -0
package/docs/ENHANCED_PROGRESS_LOGS.md +264 -0
package/docs/IMPLEMENTATION_SUMMARY.md +549 -0
package/docs/INTEGRATION_EXAMPLE.md +217 -0
package/docs/NPM_SETUP.md +468 -0
package/docs/PHASE1-4_IMPLEMENTATION.md +302 -0
package/docs/PHASE1_COMPLETION.md +192 -0
package/docs/PHASE2_COMPLETION.md +134 -0
package/docs/PHASE6_MIGRATION.md +392 -0
package/docs/PRINTF_SAFETY_FIX.md +282 -0
package/docs/QUALITY_GATES.md +369 -0
package/docs/SETUP_GUIDE.md +482 -0
package/docs/TASK_PROMPT_TEMPLATES.md +533 -0
package/docs/VALIDATION_FIX.md +139 -0
package/docs/VERIFICATION_CHECKLIST.md +335 -0
package/docs/repo-maturity.md +760 -0
package/fix-tests.d.ts +9 -0
package/fix-tests.d.ts.map +1 -0
package/fix-tests.js.map +1 -0
package/fix-tests.ts +53 -0
package/jest.config.ts +31 -0
package/kaseki +183 -0
package/kaseki-agent.sh +1961 -0
package/ops/logrotate/kaseki +10 -0
package/package.json +83 -0
package/perf/README.md +54 -0
package/perf/pi-event-filter.benchmark.test.ts +98 -0
package/run-kaseki-json.test.sh +106 -0
package/run-kaseki.sh +990 -0
package/scripts/allowlist-helper.sh +56 -0
package/scripts/cleanup-kaseki.sh +168 -0
package/scripts/deploy-pi-template.sh +293 -0
package/scripts/docker-entrypoint.sh +71 -0
package/scripts/dry-run-allowlist.sh +161 -0
package/scripts/kaseki-activate.sh +396 -0
package/scripts/kaseki-api.service +62 -0
package/scripts/kaseki-container-entrypoint-wrapper.sh +119 -0
package/scripts/kaseki-container-setup-remote.sh +172 -0
package/scripts/kaseki-container-setup.sh +193 -0
package/scripts/kaseki-healthcheck.sh +95 -0
package/scripts/kaseki-install.sh +50 -0
package/scripts/kaseki-maturity-score.sh +291 -0
package/scripts/kaseki-performance-metrics.sh +122 -0
package/scripts/kaseki-preflight.sh +270 -0
package/scripts/kaseki-setup.sh +265 -0
package/scripts/pi-setup-remote.sh +213 -0
package/scripts/setup-github-labels.sh +42 -0
package/scripts/suggest-allowlist.sh +68 -0
package/scripts/templates/MULTI_HOST_DISTRIBUTED.md +337 -0
package/scripts/templates/REST_API_SERVICE.md +490 -0
package/scripts/templates/SINGLE_HOST_CLI.md +194 -0
package/scripts/test-github-app.sh +248 -0
package/src/add-js-extensions.ts +61 -0
package/src/ansi-colors.test.ts +62 -0
package/src/ansi-colors.ts +67 -0
package/src/cli/BaseCommand.ts +40 -0
package/src/cli/KasekiCLI.ts +154 -0
package/src/cli/commands/ConfigCommand.ts +145 -0
package/src/cli/commands/DoctorCommand.ts +329 -0
package/src/cli/commands/ListCommand.ts +105 -0
package/src/cli/commands/ReportCommand.ts +110 -0
package/src/cli/commands/RunCommand.ts +218 -0
package/src/cli/commands/SecretsCommand.ts +120 -0
package/src/cli/commands/ServeCommand.ts +62 -0
package/src/cli/commands/SetupCommand.ts +301 -0
package/src/cli.ts +138 -0
package/src/config/ConfigManager.ts +476 -0
package/src/docker/DockerManager.ts +319 -0
package/src/docker-entrypoint-packaging.test.ts +33 -0
package/src/event-aggregator.test.ts +117 -0
package/src/event-aggregator.ts +126 -0
package/src/github-app-token.ts +215 -0
package/src/idempotency-store.test.ts +117 -0
package/src/idempotency-store.ts +385 -0
package/src/index.ts +89 -0
package/src/instance/InstanceManager.ts +285 -0
package/src/instance-metadata-reader.test.ts +190 -0
package/src/instance-metadata-reader.ts +129 -0
package/src/instance-state-derivation.test.ts +263 -0
package/src/instance-state-derivation.ts +148 -0
package/src/job-scheduler.test.ts +1236 -0
package/src/job-scheduler.ts +1117 -0
package/src/kaseki-api-client.ts +488 -0
package/src/kaseki-api-config.test.ts +315 -0
package/src/kaseki-api-config.ts +175 -0
package/src/kaseki-api-routes.test.ts +1615 -0
package/src/kaseki-api-routes.ts +643 -0
package/src/kaseki-api-service-wrapper.ts +188 -0
package/src/kaseki-api-service.test.ts +418 -0
package/src/kaseki-api-service.ts +192 -0
package/src/kaseki-api-types.ts +320 -0
package/src/kaseki-cli-lib.test.ts +552 -0
package/src/kaseki-cli-lib.ts +760 -0
package/src/kaseki-cli.ts +682 -0
package/src/kaseki-report.test.ts +118 -0
package/src/kaseki-report.ts +192 -0
package/src/lib/subprocess-helpers.ts +177 -0
package/src/logger.ts +114 -0
package/src/metrics.ts +66 -0
package/src/middleware/job-lookup.test.ts +113 -0
package/src/middleware/job-lookup.ts +45 -0
package/src/pi-event-filter.test.ts +183 -0
package/src/pi-event-filter.ts +183 -0
package/src/pi-progress-stream.ts +287 -0
package/src/pi-progress-summarizer.test.ts +302 -0
package/src/pi-progress-summarizer.ts +287 -0
package/src/pre-flight-validator.test.ts +512 -0
package/src/pre-flight-validator.ts +618 -0
package/src/progress-stream-utils.test.ts +35 -0
package/src/progress-stream-utils.ts +14 -0
package/src/result-cache.test.ts +195 -0
package/src/result-cache.ts +181 -0
package/src/routes/artifact-routes.ts +169 -0
package/src/routes/log-routes.ts +391 -0
package/src/routes/status-routes.ts +92 -0
package/src/routes/webhook-routes.ts +97 -0
package/src/run-artifact-metadata-cache.test.ts +80 -0
package/src/run-artifact-metadata-cache.ts +184 -0
package/src/secret-value-cache.test.ts +66 -0
package/src/secret-value-cache.ts +55 -0
package/src/secrets/SecretsManager.ts +343 -0
package/src/test-utils.ts +81 -0
package/src/timestamp-tracker.test.ts +134 -0
package/src/timestamp-tracker.ts +132 -0
package/src/utils/failure-artifact-writer.ts +187 -0
package/src/utils/file-helpers.test.ts +235 -0
package/src/utils/file-helpers.ts +150 -0
package/src/utils/http-client-factory.test.ts +245 -0
package/src/utils/http-client-factory.ts +157 -0
package/src/utils/progress-normalizer.test.ts +442 -0
package/src/utils/progress-normalizer.ts +68 -0
package/src/utils/response-helpers.test.ts +122 -0
package/src/utils/response-helpers.ts +101 -0
package/src/utils/route-helpers.ts +30 -0
package/src/utils/status-response-builder.ts +159 -0
package/src/utils/type-guards.ts +52 -0
package/src/utils/utf8-helpers.ts +102 -0
package/src/utils/webhook-event-builder.test.ts +143 -0
package/src/utils/webhook-event-builder.ts +87 -0
package/src/webhook-manager.test.ts +152 -0
package/src/webhook-manager.ts +445 -0
package/templates/allowlist-api-route.txt +7 -0
package/templates/allowlist-comprehensive.txt +8 -0
package/templates/allowlist-parser-fix.txt +6 -0
package/templates/allowlist-ui-component.txt +9 -0
package/templates/allowlist-utility.txt +9 -0
package/test/actual-model-metadata.test.sh +102 -0
package/test/dry-run.test.sh +131 -0
package/test/fixtures/kaseki-report-exit-codes/metadata-exit-0.json +1 -0
package/test/fixtures/kaseki-report-exit-codes/metadata-exit-1.json +1 -0
package/test/fixtures/kaseki-report-exit-codes/metadata-exit-invalid.json +1 -0
package/test/fixtures/kaseki-report-exit-codes/metadata-exit-str-0.json +1 -0
package/test/fixtures/kaseki-report-exit-codes/metadata-exit-str-1.json +1 -0
package/test/kaseki-api.integration.test.sh +165 -0
package/test/pi-event-filter-failure.test.sh +83 -0
package/test/printf-safety-focused.test.sh +99 -0
package/test/printf-safety-results/results/restoration.jsonl +10 -0
package/test/printf-safety-results/results/test.jsonl +0 -0
package/test/printf-safety.test.sh +297 -0
package/test/validation-fix.test.sh +79 -0
package/test/validation-integration.test.sh +109 -0
package/tests/allowlist-glob.test.sh +61 -0
package/tests/dependency-cache-key.test.sh +48 -0
package/tests/dependency-restore-mode.test.sh +48 -0
package/tests/doctor-template-parity.test.sh +95 -0
package/tests/github-operations.test.sh +142 -0
package/tests/npm-install-flags.test.sh +58 -0
package/tests/quality-gates.test.sh +178 -0
package/tests/repo-memory.test.sh +103 -0
package/tests/restore-disallowed-changes.test.sh +80 -0
package/tests/validation-missing-npm-scripts.test.sh +93 -0
package/tests/validation-strict-mode.test.sh +118 -0
package/tsconfig.changed.json +7 -0
package/tsconfig.json +39 -0

package/src/kaseki-api-routes.ts ADDED Viewed

@@ -0,0 +1,643 @@
+import { Router, Request, Response, NextFunction } from 'express';
+import * as fs from 'fs';
+import * as path from 'path';
+import * as crypto from 'crypto';
+import { randomUUID } from 'node:crypto';
+import { JobScheduler } from './job-scheduler';
+import { IdempotencyStore } from './idempotency-store';
+import { PreFlightValidator } from './pre-flight-validator';
+import { execDockerCommand } from './lib/subprocess-helpers';
+import {
+  RunRequestSchema,
+  RunResponse,
+  ValidationResponse,
+  PreflightCheck,
+  PreflightResponse,
+  Job,
+} from './kaseki-api-types';
+import { KasekiApiConfig, validateApiKey } from './kaseki-api-config';
+import { createEventLogger } from './logger';
+import { sendErrorResponse } from './utils/response-helpers';
+import { readFirstLine, commandOutput } from './utils/file-helpers';
+import { createStatusRoutes } from './routes/status-routes';
+import { createLogRoutes } from './routes/log-routes';
+import { createArtifactRoutes } from './routes/artifact-routes';
+import { createWebhookRoutes } from './routes/webhook-routes';
+import { metricsRegistry } from './metrics';
+import { ResultCache } from './result-cache';
+// Re-export UTF-8 helpers for backward compatibility
+export { decodeUtf8TailSafely, tailLogByLines, readTailBytes } from './utils/utf8-helpers';
+function stableStringify(value: unknown): string {
+  if (Array.isArray(value)) {
+    return `[${value.map((item) => stableStringify(item)).join(',')}]`;
+  }
+  if (value && typeof value === 'object') {
+    const entries = Object.entries(value as Record<string, unknown>).sort(([a], [b]) => a.localeCompare(b));
+    return `{${entries.map(([k, v]) => `${JSON.stringify(k)}:${stableStringify(v)}`).join(',')}}`;
+  }
+  return JSON.stringify(value);
+}
+function buildRequestFingerprint(runRequest: Record<string, unknown>): string {
+  const requestForFingerprint = { ...runRequest };
+  delete requestForFingerprint.idempotencyKey;
+  return crypto.createHash('sha256').update(stableStringify(requestForFingerprint)).digest('hex');
+}
+function readKasekiImage(templateDir = '/agents/kaseki-template'): string {
+  if (process.env.KASEKI_IMAGE) {
+    return process.env.KASEKI_IMAGE;
+  }
+  const imageFile = path.join(templateDir, '.kaseki-image');
+  try {
+    const value = fs.readFileSync(imageFile, 'utf-8').trim();
+    if (value) {
+      return value;
+    }
+  } catch {
+    // Fall through to the registry default.
+  }
+  return 'docker.io/cyanautomation/kaseki-agent:latest';
+}
+function inspectImageDigest(image: string): string | undefined {
+  return commandOutput('docker', ['image', 'inspect', image, '--format', '{{range .RepoDigests}}{{println .}}{{end}}'])
+    ?.split(/\r?\n/)
+    .find((line) => line.trim().length > 0);
+}
+// Re-export from subprocess-helpers for backward compatibility with tests
+export { classifyDockerFailure } from './lib/subprocess-helpers';
+function checkOpenRouterKey(): PreflightCheck {
+  if (process.env.OPENROUTER_API_KEY && process.env.OPENROUTER_API_KEY.length > 0) {
+    return { name: 'openrouter-key', ok: true, detail: 'OPENROUTER_API_KEY is present in the API environment.' };
+  }
+  const keyFile = process.env.OPENROUTER_API_KEY_FILE || '/run/secrets/openrouter_api_key';
+  try {
+    const stat = fs.statSync(keyFile);
+    if (stat.isFile() && stat.size > 0) {
+      return { name: 'openrouter-key', ok: true, detail: `Readable key file: ${keyFile}` };
+    }
+  } catch {
+    // Handled below.
+  }
+  return {
+    name: 'openrouter-key',
+    ok: false,
+    detail: 'No OpenRouter API key was found in env or the configured key file.',
+    remediation: 'Set OPENROUTER_API_KEY for API-triggered runs or mount OPENROUTER_API_KEY_FILE.',
+  };
+}
+function readSecretValue(inlineValue?: string, filePath?: string): string | undefined {
+  const trimmedInline = inlineValue?.trim();
+  if (trimmedInline) {
+    return trimmedInline;
+  }
+  if (!filePath) {
+    return undefined;
+  }
+  try {
+    const stat = fs.statSync(filePath);
+    if (!stat.isFile() || stat.size === 0) {
+      return undefined;
+    }
+    const value = fs.readFileSync(filePath, 'utf-8').replace(/^\uFEFF/, '').trim();
+    return value || undefined;
+  } catch {
+    return undefined;
+  }
+}
+function checkGitHubAppCredentials(): PreflightCheck {
+  const configured =
+    Boolean(process.env.GITHUB_APP_ID || process.env.GITHUB_APP_ID_FILE) ||
+    Boolean(process.env.GITHUB_APP_CLIENT_ID || process.env.GITHUB_APP_CLIENT_ID_FILE) ||
+    Boolean(process.env.GITHUB_APP_PRIVATE_KEY || process.env.GITHUB_APP_PRIVATE_KEY_FILE);
+  if (!configured) {
+    return {
+      name: 'github-app',
+      ok: true,
+      detail: 'GitHub App credentials are not configured; PR creation will be disabled.',
+    };
+  }
+  const appId = readSecretValue(process.env.GITHUB_APP_ID, process.env.GITHUB_APP_ID_FILE);
+  const clientId = readSecretValue(process.env.GITHUB_APP_CLIENT_ID, process.env.GITHUB_APP_CLIENT_ID_FILE);
+  const privateKey =
+    process.env.GITHUB_APP_PRIVATE_KEY?.trim() ||
+    readSecretValue(undefined, process.env.GITHUB_APP_PRIVATE_KEY_FILE);
+  const missing: string[] = [];
+  if (!appId) {
+    missing.push('GITHUB_APP_ID or GITHUB_APP_ID_FILE');
+  }
+  if (!clientId) {
+    missing.push('GITHUB_APP_CLIENT_ID or GITHUB_APP_CLIENT_ID_FILE');
+  }
+  if (!privateKey) {
+    missing.push('GITHUB_APP_PRIVATE_KEY or GITHUB_APP_PRIVATE_KEY_FILE');
+  }
+  if (missing.length > 0) {
+    return {
+      name: 'github-app',
+      ok: false,
+      detail: `GitHub App credentials are incomplete: missing ${missing.join(', ')}.`,
+      remediation: 'Mount readable GitHub App secret files or set the corresponding environment variables.',
+    };
+  }
+  const keyLooksLikePem = /-----BEGIN [A-Z ]*PRIVATE KEY-----/.test(privateKey as string);
+  if (!/^\d+$/.test(appId as string)) {
+    return {
+      name: 'github-app',
+      ok: false,
+      detail: 'GitHub App ID is present but is not numeric.',
+      remediation: 'Set GITHUB_APP_ID or GITHUB_APP_ID_FILE to the numeric GitHub App ID.',
+    };
+  }
+  if (!keyLooksLikePem) {
+    return {
+      name: 'github-app',
+      ok: false,
+      detail: 'GitHub App private key is present but does not look like a PEM private key.',
+      remediation: 'Mount the GitHub App private key PEM file and point GITHUB_APP_PRIVATE_KEY_FILE at it.',
+    };
+  }
+  return {
+    name: 'github-app',
+    ok: true,
+    detail: 'GitHub App credentials are readable and structurally valid for PR creation.',
+  };
+}
+function isGitHubAppReady(): boolean {
+  return checkGitHubAppCredentials().ok &&
+    (Boolean(process.env.GITHUB_APP_ID || process.env.GITHUB_APP_ID_FILE) ||
+      Boolean(process.env.GITHUB_APP_CLIENT_ID || process.env.GITHUB_APP_CLIENT_ID_FILE) ||
+      Boolean(process.env.GITHUB_APP_PRIVATE_KEY || process.env.GITHUB_APP_PRIVATE_KEY_FILE));
+}
+function buildPreflightResponse(config: KasekiApiConfig): PreflightResponse {
+  const templateDir = process.env.KASEKI_TEMPLATE_DIR || '/agents/kaseki-template';
+  const image = readKasekiImage(templateDir);
+  const templateImageDigest = readFirstLine(path.join(templateDir, '.kaseki-image-digest')) || inspectImageDigest(image);
+  const checkoutDir = process.env.KASEKI_CHECKOUT_DIR || '/agents/kaseki-agent';
+  const templateRef = fs.existsSync(path.join(checkoutDir, '.git'))
+    ? commandOutput('git', ['rev-parse', '--short', 'HEAD'], checkoutDir)
+    : undefined;
+  const checks: PreflightCheck[] = [];
+  try {
+    fs.accessSync(config.resultsDir, fs.constants.R_OK | fs.constants.W_OK);
+    checks.push({ name: 'results-dir', ok: true, detail: `${config.resultsDir} is readable and writable.` });
+  } catch (err) {
+    checks.push({
+      name: 'results-dir',
+      ok: false,
+      detail: `${config.resultsDir} is not readable and writable: ${(err as Error).message}`,
+      remediation: 'Create the results directory and make it writable by the API container user.',
+    });
+  }
+  checks.push(checkOpenRouterKey());
+  checks.push(checkGitHubAppCredentials());
+  const dockerVersion = execDockerCommand(['version', '--format', '{{.Client.Version}} -> {{.Server.Version}}']);
+  if (dockerVersion.ok) {
+    checks.push({ name: 'docker-daemon', ok: true, detail: dockerVersion.stdout });
+  } else {
+    const classified = dockerVersion.classification || { detail: 'Docker command failed', remediation: 'Check Docker daemon' };
+    checks.push({ name: 'docker-daemon', ok: false, ...classified });
+  }
+  const imageInspect = execDockerCommand(['image', 'inspect', image]);
+  if (imageInspect.ok) {
+    checks.push({ name: 'docker-image', ok: true, detail: `Image is present: ${image}` });
+  } else {
+    const classified = imageInspect.classification || { detail: 'Docker command failed', remediation: 'Check Docker daemon' };
+    const daemonFailed = checks.some((check) => check.name === 'docker-daemon' && !check.ok);
+    checks.push({
+      name: 'docker-image',
+      ok: false,
+      detail: daemonFailed ? classified.detail : `Docker image is not present locally: ${image}`,
+      remediation: daemonFailed ? classified.remediation : `Pull ${image} or set KASEKI_IMAGE to an available image.`,
+    });
+  }
+  const runScript = path.join(templateDir, 'run-kaseki.sh');
+  checks.push({
+    name: 'template',
+    ok: fs.existsSync(runScript),
+    detail: fs.existsSync(runScript) ? `Template runner exists: ${runScript}` : `Missing template runner: ${runScript}`,
+    remediation: fs.existsSync(runScript) ? undefined : 'Run scripts/kaseki-activate.sh --controller bootstrap.',
+  });
+  const status = checks.every((check) => check.ok)
+    ? 'ok'
+    : checks.some((check) => check.name === 'docker-daemon' && !check.ok)
+      ? 'error'
+      : 'degraded';
+  return {
+    status,
+    timestamp: new Date().toISOString(),
+    checks,
+    image,
+    imageDigest: templateImageDigest,
+    templateImage: image,
+    templateImageDigest,
+    templateDir,
+    templateRef,
+    resultsDir: config.resultsDir,
+    runtime: {
+      nodeVersion: process.version,
+      uid: process.getuid?.(),
+      gid: process.getgid?.(),
+      groups: process.getgroups?.(),
+    },
+    docker: {
+      version: dockerVersion.stdout,
+      clientVersion: dockerVersion.stdout?.split(' -> ')[0],
+      serverVersion: dockerVersion.stdout?.split(' -> ')[1],
+    },
+  };
+}
+function buildRunResponse(job: Job, cached = false): RunResponse {
+  return {
+    id: job.id,
+    status: job.status,
+    createdAt: job.createdAt.toISOString(),
+    correlationId: job.correlationId,
+    requestId: job.requestId,
+    cached: cached || undefined,
+    completedAt: job.completedAt?.toISOString(),
+    exitCode: job.exitCode,
+    failureClass: job.failureClass,
+    error: job.error,
+  };
+}
+/**
+ * Create the API routes.
+ */
+export function createApiRouter(
+  scheduler: JobScheduler,
+  config: KasekiApiConfig,
+  idempotencyStore: IdempotencyStore,
+  preFlightValidator: PreFlightValidator,
+  artifactCache = new ResultCache({
+    maxEntries: config.artifactCacheMaxEntries,
+    ttlMs: config.artifactCacheTtlMs,
+    maxFileBytes: config.artifactCacheMaxFileBytes,
+  }),
+): Router {
+  const router = Router();
+  const logger = createEventLogger('api');
+  /**
+   * Middleware: Request/Response logging.
+   */
+  router.use((req: Request, res: Response, next: NextFunction) => {
+    const startTime = Date.now();
+    const originalSend = res.send;
+    res.send = function (data: any) {
+      const duration = Date.now() - startTime;
+      const statusCode = res.statusCode;
+      // Log request/response event
+      logger.event('api_request_complete', {
+        method: req.method,
+        path: req.path,
+        statusCode,
+        durationMs: duration,
+        query: Object.keys(req.query).length > 0 ? req.query : undefined,
+      });
+      return originalSend.call(this, data);
+    };
+    next();
+  });
+  /**
+   * Middleware: API key validation.
+   */
+  router.use((req: Request, res: Response, next: NextFunction) => {
+    // Skip auth for health check
+    if (req.path === '/health' || req.path === '/ready') {
+      return next();
+    }
+    const authHeader = req.get('Authorization');
+    if (!authHeader || !authHeader.startsWith('Bearer ')) {
+      logger.event('api_auth_failed', {
+        path: req.path,
+        reason: 'missing_or_invalid_header',
+      });
+      return sendErrorResponse(res, 401, 'Unauthorized', 'Missing or invalid Authorization header');
+    }
+    const token = authHeader.slice(7);
+    if (!validateApiKey(config, token)) {
+      logger.event('api_auth_failed', {
+        path: req.path,
+        reason: 'invalid_api_key',
+      });
+      return sendErrorResponse(res, 401, 'Unauthorized', 'Invalid API key');
+    }
+    next();
+  });
+  /**
+   * Health check endpoint.
+   */
+  router.get('/health', (_req: Request, res: Response) => {
+    const queueStatus = scheduler.getQueueStatus();
+    const errors: string[] = [];
+    // Check if results directory is accessible
+    if (!fs.existsSync(config.resultsDir)) {
+      errors.push(`Results directory not accessible: ${config.resultsDir}`);
+    }
+    const status = errors.length === 0 ? 'healthy' : 'degraded';
+    res.json({
+      status,
+      timestamp: new Date().toISOString(),
+      queue: queueStatus,
+      errors: errors.length > 0 ? errors : undefined,
+    });
+  });
+  router.get('/ready', (_req: Request, res: Response) => {
+    const readiness = scheduler.getReadiness();
+    if (readiness.ready) {
+      return res.status(200).json({ status: 'ready', timestamp: new Date().toISOString() });
+    }
+    return res.status(503).json({
+      status: 'not_ready',
+      timestamp: new Date().toISOString(),
+      reasons: readiness.reasons,
+    });
+  });
+  router.get('/metrics', (_req: Request, res: Response) => {
+    const cacheStats = artifactCache.getStats();
+    const artifactCacheMetrics = [
+      '# HELP kaseki_artifact_cache_entries Number of artifact content cache entries currently held in memory.',
+      '# TYPE kaseki_artifact_cache_entries gauge',
+      `kaseki_artifact_cache_entries ${cacheStats.entries}`,
+      '# HELP kaseki_artifact_cache_bytes Bytes of artifact content currently held in memory.',
+      '# TYPE kaseki_artifact_cache_bytes gauge',
+      `kaseki_artifact_cache_bytes ${cacheStats.bytes}`,
+      '# HELP kaseki_artifact_cache_hits_total Total artifact content cache hits.',
+      '# TYPE kaseki_artifact_cache_hits_total counter',
+      `kaseki_artifact_cache_hits_total ${cacheStats.hits}`,
+      '# HELP kaseki_artifact_cache_misses_total Total artifact content cache misses.',
+      '# TYPE kaseki_artifact_cache_misses_total counter',
+      `kaseki_artifact_cache_misses_total ${cacheStats.misses}`,
+      '# HELP kaseki_artifact_cache_max_entries Configured maximum artifact content cache entries.',
+      '# TYPE kaseki_artifact_cache_max_entries gauge',
+      `kaseki_artifact_cache_max_entries ${cacheStats.maxEntries}`,
+      '# HELP kaseki_artifact_cache_max_file_bytes Configured maximum file size eligible for artifact content caching.',
+      '# TYPE kaseki_artifact_cache_max_file_bytes gauge',
+      `kaseki_artifact_cache_max_file_bytes ${cacheStats.maxFileBytes}`,
+    ].join('\n');
+    res.setHeader('Content-Type', 'text/plain; version=0.0.4; charset=utf-8');
+    res.status(200).send(`${metricsRegistry.renderPrometheus()}${artifactCacheMetrics}\n`);
+  });
+  /**
+   * GET /api/preflight - Controller-oriented readiness diagnostics.
+   */
+  router.get('/preflight', (_req: Request, res: Response) => {
+    const response = buildPreflightResponse(config);
+    res.status(response.status === 'error' ? 503 : 200).json(response);
+  });
+  /**
+   * POST /api/runs - Trigger a new kaseki run.
+   */
+  router.post('/runs', async (req: Request, res: Response) => {
+    try {
+      // Validate request body
+      const runRequest = RunRequestSchema.parse({
+        ...req.body,
+        startupCheck:
+          req.query.dryRun === 'true' || req.query.startupCheck === 'true'
+            ? true
+            : req.body?.startupCheck,
+      });
+      if ((runRequest.publishMode === 'branch' || runRequest.publishMode === 'draft_pr') && !isGitHubAppReady()) {
+        return sendErrorResponse(
+          res,
+          400,
+          'Bad Request',
+          `publishMode=${runRequest.publishMode} requires readable GitHub App credentials. Check /api/preflight before submitting publishable runs.`,
+        );
+      }
+      // Auto-generate idempotency key if not provided
+      const idempotencyKey = runRequest.idempotencyKey || randomUUID();
+      const requestFingerprint = buildRequestFingerprint(runRequest as Record<string, unknown>);
+      const claimResult = idempotencyStore.claimOrGet(idempotencyKey, requestFingerprint);
+      if (claimResult.kind === 'fulfilled') {
+        const currentJob = scheduler.getJob(claimResult.response.id);
+        const response = currentJob
+          ? buildRunResponse(currentJob, true)
+          : {
+            ...claimResult.response,
+            cached: true,
+          };
+        logger.event('api_idempotent_resubmission', {
+          jobId: response.id,
+          idempotencyKey,
+          currentStatus: currentJob?.status,
+        });
+        return res.status(200).json(response); // 200 OK, not 202
+      }
+      if (claimResult.kind === 'pending') {
+        return sendErrorResponse(res, 409, 'Conflict', 'Request with this idempotency key is already being processed');
+      }
+      // Log request
+      logger.event('api_run_request', {
+        repoUrl: runRequest.repoUrl,
+        ref: runRequest.ref,
+        taskMode: runRequest.taskMode,
+        publishMode: runRequest.publishMode,
+        startupCheck: runRequest.startupCheck,
+        idempotencyKey,
+      });
+      // Submit to scheduler
+      const job = await scheduler.submitJob(runRequest);
+      // Store idempotency key on job
+      job.idempotencyKey = idempotencyKey;
+      const response = buildRunResponse(job);
+      // Store in idempotency cache
+      idempotencyStore.storeResponse(idempotencyKey, response, requestFingerprint);
+      res.status(202).json(response); // 202 Accepted
+    } catch (err: unknown) {
+      if (err instanceof Error && 'errors' in err) {
+        // Zod validation error
+        const details = (err as any).errors.map((e: any) => `${(e.path as string[]).join('.')}: ${e.message}`).join('; ');
+        logger.event('api_validation_error', {
+          path: '/runs',
+          details,
+        });
+        return sendErrorResponse(res, 400, 'Bad Request', details);
+      }
+      logger.event('api_error', {
+        path: '/runs',
+        error: (err as Error).message,
+      });
+      return sendErrorResponse(res, 400, 'Bad Request', (err as Error).message);
+    }
+  });
+  /**
+   * POST /api/webhooks/test - Test webhook configuration.
+   */
+  router.post('/webhooks/test', async (req: Request, res: Response) => {
+    try {
+      const { url, secret } = req.body;
+      if (!url || typeof url !== 'string') {
+        return sendErrorResponse(res, 400, 'Bad Request', 'Webhook URL is required');
+      }
+      // Validate URL format
+      try {
+        new URL(url);
+      } catch {
+        return sendErrorResponse(res, 400, 'Bad Request', 'Invalid webhook URL format');
+      }
+      // Send test webhook
+      let statusCode: number | undefined;
+      let error: string | undefined;
+      let durationMs = 0;
+      const startTime = Date.now();
+      try {
+        const testPayload = {
+          eventType: 'webhook.test',
+          jobId: 'test',
+          timestamp: new Date().toISOString(),
+          data: { message: 'This is a test webhook from kaseki-agent API' },
+        };
+        // Generate HMAC signature if secret provided
+        let signature: string | null = null;
+        if (secret && typeof secret === 'string') {
+          const body = JSON.stringify(testPayload);
+          signature = crypto.createHmac('sha256', secret).update(body).digest('hex');
+        }
+        const response = await fetch(url, {
+          method: 'POST',
+          headers: {
+            'Content-Type': 'application/json',
+            'X-Kaseki-Event': 'webhook.test',
+            'X-Kaseki-Job-Id': 'test',
+            ...(signature && { 'X-Kaseki-Signature': `sha256=${signature}` }),
+          },
+          body: JSON.stringify(testPayload),
+          signal: AbortSignal.timeout(10000),
+        });
+        durationMs = Date.now() - startTime;
+        statusCode = response.status;
+        if (!response.ok) {
+          error = `HTTP ${response.status} ${response.statusText}`;
+        }
+      } catch (err) {
+        durationMs = Date.now() - startTime;
+        error = err instanceof Error ? err.message : String(err);
+      }
+      const result = {
+        url,
+        statusCode,
+        durationMs,
+        success: !error,
+        error,
+      };
+      logger.event('webhook_test', result);
+      res.json(result);
+    } catch (err) {
+      logger.event('api_error', {
+        path: '/webhooks/test',
+        error: (err as Error).message,
+      });
+      return sendErrorResponse(res, 400, 'Bad Request', (err as Error).message);
+    }
+  });
+  /**
+   * POST /api/validate - Pre-flight validation of job request (dry-run).
+   */
+  router.post('/validate', async (req: Request, res: Response) => {
+    try {
+      // Validate request body
+      const runRequest = RunRequestSchema.parse(req.body);
+      logger.event('api_validation_request', {
+        repoUrl: runRequest.repoUrl,
+        ref: runRequest.ref,
+      });
+      // Run pre-flight validation
+      const validationResult = await preFlightValidator.validate(runRequest);
+      const response: ValidationResponse = validationResult;
+      res.json(response);
+    } catch (err: unknown) {
+      if (err instanceof Error && 'errors' in err) {
+        // Zod validation error
+        const details = (err as any).errors.map((e: any) => `${(e.path as string[]).join('.')}: ${e.message}`).join('; ');
+        logger.event('api_validation_error', {
+          path: '/validate',
+          details,
+        });
+        return sendErrorResponse(res, 400, 'Bad Request', details);
+      }
+      logger.event('api_error', {
+        path: '/validate',
+        error: (err as Error).message,
+      });
+      return sendErrorResponse(res, 400, 'Bad Request', (err as Error).message);
+    }
+  });
+  // Register domain-focused route modules
+  router.use(createStatusRoutes(scheduler, config));
+  router.use(createLogRoutes(scheduler, config));
+  router.use(createArtifactRoutes(scheduler, config, artifactCache));
+  router.use(createWebhookRoutes());
+  return router;
+}