@kognai/build 0.6.0

package/dist/lib/router.js

@@ -0,0 +1,119 @@
+"use strict";
+var __importDefault = (this && this.__importDefault) || function (mod) {
+    return (mod && mod.__esModule) ? mod : { "default": mod };
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.makeBuildRouter = makeBuildRouter;
+/**
+ * router.ts — ModelRouter adapter for kognai-build (TICKET-233 Phase 1).
+ *
+ * Registers via setModelRouter() so the ENTIRE kognai-build pipeline routes
+ * through @kognai/orchestrator-core instead of calling the Anthropic SDK
+ * directly. This is the substrate swap that makes the flagship CLI genuinely
+ * engine-backed and sovereign-capable:
+ *
+ *   - cloud tier      → Anthropic (builder's BYO ANTHROPIC_API_KEY)
+ *   - sovereign / local tier → Ollama ($0, Mac Mini vault / localhost)
+ *
+ * No viem / wallet / x402 required — that stays in @kognai/clawrouter-x402 and
+ * can be slotted in later for PACT-metered billing (TICKET-120).
+ */
+const sdk_1 = __importDefault(require("@anthropic-ai/sdk"));
+const orchestrator_core_1 = require("@kognai/orchestrator-core");
+// complexity → concrete model, per backend.
+const CLOUD_MODEL = {
+    nano: 'claude-haiku-4-5-20251001',
+    local: 'claude-haiku-4-5-20251001',
+    power: 'claude-sonnet-4-6',
+    exec: 'claude-sonnet-4-6',
+    apex: 'claude-sonnet-4-6', // opus can be slotted here for constitutional/apex work
+};
+const LOCAL_MODEL = {
+    nano: 'qwen3:0.6b',
+    local: 'qwen3:4b',
+    power: 'qwen3:14b',
+    exec: 'deepseek-r1:14b',
+    apex: 'qwen3:32b',
+};
+/**
+ * Build a ModelRouter for kognai-build. `sovereign` forces every call to the
+ * local Ollama backend ($0); otherwise calls go to Anthropic (BYO key).
+ */
+function makeBuildRouter(sovereign) {
+    let _anth = null;
+    const anth = () => {
+        if (_anth)
+            return _anth;
+        const key = process.env.ANTHROPIC_API_KEY;
+        if (!key) {
+            throw new Error('ANTHROPIC_API_KEY not set — required for cloud tiers. Use --sovereign for $0 local inference.');
+        }
+        return (_anth = new sdk_1.default({ apiKey: key }));
+    };
+    const digest = {
+        total_usd: 0,
+        by_tier: {},
+        by_agent: {},
+        tokens_saved_by_qcg: 0,
+        call_count: 0,
+    };
+    async function call(prompt, opts) {
+        const complexity = opts?.complexity ?? 'power';
+        const maxTokens = opts?.maxTokens ?? 4096;
+        const agent = opts?.agentId ?? 'kognai-build';
+        if (sovereign) {
+            const model = LOCAL_MODEL[complexity];
+            const r = await (0, orchestrator_core_1.callOllama)({ model, prompt, systemPrompt: opts?.systemPrompt, maxTokens });
+            digest.call_count++;
+            return { content: r.content, model: r.model, tier: `local:${complexity}`, cost_usd: 0 };
+        }
+        const model = CLOUD_MODEL[complexity];
+        const resp = await anth().messages.create({
+            model,
+            max_tokens: maxTokens,
+            system: opts?.systemPrompt,
+            messages: [{ role: 'user', content: prompt }],
+        });
+        const text = resp.content.map((b) => (b.type === 'text' ? b.text : '')).join('');
+        const cost = (0, orchestrator_core_1.computeCost)(model, resp.usage.input_tokens, resp.usage.output_tokens);
+        digest.total_usd += cost;
+        digest.call_count++;
+        digest.by_tier[complexity] = (digest.by_tier[complexity] ?? 0) + cost;
+        digest.by_agent[agent] = (digest.by_agent[agent] ?? 0) + cost;
+        return { content: text, model, tier: `cloud:${complexity}`, cost_usd: cost };
+    }
+    return {
+        callLLM: call,
+        async routeCall(req) {
+            const prompt = req.payload?.prompt ?? '';
+            const r = await call(prompt, {
+                systemPrompt: req.payload?.system,
+                complexity: req.complexity,
+                agentId: req.agent_id,
+                taskType: req.task_type,
+            });
+            return {
+                content: r.content,
+                model: r.model,
+                tier: r.tier,
+                local: sovereign,
+                cost_usd: r.cost_usd,
+                input_tokens: 0,
+                output_tokens: 0,
+                qcg_compressed: false,
+                tokens_saved_by_qcg: 0,
+                agent_id: req.agent_id,
+                task_type: req.task_type,
+                timestamp: new Date().toISOString(),
+            };
+        },
+        async healthCheck() {
+            return {
+                ollama: await (0, orchestrator_core_1.ollamaIsAvailable)(),
+                gateway: !!process.env.ANTHROPIC_API_KEY,
+                models: [],
+            };
+        },
+        getDailyCostDigest: () => digest,
+    };
+}

package/dist/lib/skill-bank-stub.js

@@ -0,0 +1,214 @@
+"use strict";
+/**
+ * Skill Bank Stub
+ *
+ * Mock skill metadata registry used by the cost estimator and capability
+ * preview during Phase 1. Phase 2 (TICKET-055 + TICKET-102) will replace
+ * the in-memory SKILL_BANK array with a real registry read backed by the
+ * skill bank service. The function signatures below are the stable
+ * contract that downstream consumers can rely on across both phases.
+ */
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.SKILL_BANK = void 0;
+exports.getSkillsByIds = getSkillsByIds;
+exports.listSkillsByCategory = listSkillsByCategory;
+/**
+ * Stub skill registry covering the categories declared by the 9 starter
+ * templates. ~20 entries spanning validation, security, data, api,
+ * testing, devops, and content.
+ */
+exports.SKILL_BANK = [
+    // --- validation ---
+    {
+        id: 'schema-validation',
+        name: 'Schema Validation',
+        tier: 'T2',
+        category: 'validation',
+        description: 'Validate payloads against declarative schemas (Zod/JSON Schema).',
+    },
+    {
+        id: 'type-narrowing',
+        name: 'Type Narrowing',
+        tier: 'T2',
+        category: 'validation',
+        description: 'Refine union types via discriminants and predicate guards.',
+    },
+    {
+        id: 'input-sanitization',
+        name: 'Input Sanitization',
+        tier: 'T2',
+        category: 'validation',
+        description: 'Strip, escape, and normalize untrusted user input.',
+    },
+    // --- security ---
+    {
+        id: 'audit-logging',
+        name: 'Audit Logging',
+        tier: 'T2.5',
+        category: 'security',
+        description: 'Emit tamper-evident audit trails for privileged actions.',
+    },
+    {
+        id: 'secret-rotation',
+        name: 'Secret Rotation',
+        tier: 'T3',
+        category: 'security',
+        description: 'Rotate API keys and credentials with zero-downtime cutover.',
+    },
+    {
+        id: 'jwt-issuance',
+        name: 'JWT Issuance',
+        tier: 'T2.5',
+        category: 'security',
+        description: 'Mint, sign, and verify JSON Web Tokens with rotation support.',
+    },
+    {
+        id: 'threat-modeling',
+        name: 'Threat Modeling',
+        tier: 'T3',
+        category: 'security',
+        description: 'STRIDE-style threat analysis for system designs.',
+    },
+    // --- data ---
+    {
+        id: 'postgres-migration',
+        name: 'Postgres Migration',
+        tier: 'T2.5',
+        category: 'data',
+        description: 'Author safe, reversible Postgres schema migrations.',
+    },
+    {
+        id: 'etl-windowing',
+        name: 'ETL Windowing',
+        tier: 'T3',
+        category: 'data',
+        description: 'Tumbling/sliding window aggregations for streaming ETL.',
+    },
+    {
+        id: 'schema-evolution',
+        name: 'Schema Evolution',
+        tier: 'T3',
+        category: 'data',
+        description: 'Backwards-compatible schema changes for long-lived data.',
+    },
+    // --- api ---
+    {
+        id: 'rest-design',
+        name: 'REST Design',
+        tier: 'T2',
+        category: 'api',
+        description: 'Design resource-oriented REST endpoints with proper verbs/codes.',
+    },
+    {
+        id: 'graphql-resolver',
+        name: 'GraphQL Resolver',
+        tier: 'T2.5',
+        category: 'api',
+        description: 'Author GraphQL resolvers with dataloader batching.',
+    },
+    {
+        id: 'x402-meter',
+        name: 'x402 Meter',
+        tier: 'T3',
+        category: 'api',
+        description: 'HTTP 402 payment metering middleware for API monetization.',
+    },
+    // --- testing ---
+    {
+        id: 'unit-test-author',
+        name: 'Unit Test Author',
+        tier: 'T1',
+        category: 'testing',
+        description: 'Write focused unit tests with clear arrange/act/assert.',
+    },
+    {
+        id: 'integration-test-author',
+        name: 'Integration Test Author',
+        tier: 'T2',
+        category: 'testing',
+        description: 'Cross-module tests with real or hermetic dependencies.',
+    },
+    {
+        id: 'property-test',
+        name: 'Property Test',
+        tier: 'T2.5',
+        category: 'testing',
+        description: 'Generative property-based testing with shrinking.',
+    },
+    // --- devops ---
+    {
+        id: 'ci-config',
+        name: 'CI Config',
+        tier: 'T2',
+        category: 'devops',
+        description: 'Continuous integration pipelines (GitHub Actions/GitLab CI).',
+    },
+    {
+        id: 'docker-compose',
+        name: 'Docker Compose',
+        tier: 'T2',
+        category: 'devops',
+        description: 'Local multi-service orchestration via docker-compose.',
+    },
+    {
+        id: 'deployment-manifest',
+        name: 'Deployment Manifest',
+        tier: 'T2.5',
+        category: 'devops',
+        description: 'Kubernetes/Nomad deployment manifests with health checks.',
+    },
+    // --- content ---
+    {
+        id: 'copyedit',
+        name: 'Copyedit',
+        tier: 'T1',
+        category: 'content',
+        description: 'Grammar, clarity, and tone editing for written copy.',
+    },
+    {
+        id: 'citation-format',
+        name: 'Citation Format',
+        tier: 'T1',
+        category: 'content',
+        description: 'Format citations in APA/MLA/Chicago style.',
+    },
+    {
+        id: 'seo-optimize',
+        name: 'SEO Optimize',
+        tier: 'T2',
+        category: 'content',
+        description: 'Optimize page content for search engine ranking.',
+    },
+];
+/**
+ * Build a lookup index by id. Materialized once at module load; the stub
+ * registry is small enough that a Map is overkill but keeps the contract
+ * identical when Phase 2 swaps in a larger registry.
+ */
+const SKILL_INDEX = new Map(exports.SKILL_BANK.map((entry) => [entry.id, entry]));
+/**
+ * Return skill entries for the given ids, preserving caller order.
+ * Unknown ids are silently skipped — callers that need strict resolution
+ * should diff the returned ids against their input.
+ */
+function getSkillsByIds(ids) {
+    if (!Array.isArray(ids) || ids.length === 0)
+        return [];
+    const out = [];
+    for (const id of ids) {
+        const entry = SKILL_INDEX.get(id);
+        if (entry)
+            out.push(entry);
+    }
+    return out;
+}
+/**
+ * Return all skill entries in the given category. Category match is
+ * case-insensitive to tolerate template author inconsistency.
+ */
+function listSkillsByCategory(category) {
+    if (typeof category !== 'string' || category.length === 0)
+        return [];
+    const needle = category.toLowerCase();
+    return exports.SKILL_BANK.filter((entry) => entry.category.toLowerCase() === needle);
+}

package/dist/lib/skill-bank.js

@@ -0,0 +1,248 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.SKILL_BANK = void 0;
+exports.getSkillsByIds = getSkillsByIds;
+exports.listSkillsByCategory = listSkillsByCategory;
+exports.unknownSkillIds = unknownSkillIds;
+/**
+ * Skill Bank (TICKET-055 / skill-bank-v2) — the registry of skills (tiered
+ * capabilities) templates declare and the mandate preview validates/resolves.
+ *
+ * The curated catalog below is the base registry; a workspace extends or
+ * overrides it via `.kognai/skills.json` (merged at module load). Skills are
+ * capabilities, not metered tools — they carry no per-call cost.
+ */
+const registry_overrides_1 = require("./registry-overrides");
+/**
+ * Curated skill registry covering the capabilities declared by the starter
+ * templates — validation, security, data, api, testing, devops, content,
+ * research, frontend, cli, reliability, performance, and media.
+ */
+exports.SKILL_BANK = [
+    // --- validation ---
+    {
+        id: 'schema-validation',
+        name: 'Schema Validation',
+        tier: 'T2',
+        category: 'validation',
+        description: 'Validate payloads against declarative schemas (Zod/JSON Schema).',
+    },
+    {
+        id: 'type-narrowing',
+        name: 'Type Narrowing',
+        tier: 'T2',
+        category: 'validation',
+        description: 'Refine union types via discriminants and predicate guards.',
+    },
+    {
+        id: 'input-sanitization',
+        name: 'Input Sanitization',
+        tier: 'T2',
+        category: 'validation',
+        description: 'Strip, escape, and normalize untrusted user input.',
+    },
+    // --- security ---
+    {
+        id: 'audit-logging',
+        name: 'Audit Logging',
+        tier: 'T2.5',
+        category: 'security',
+        description: 'Emit tamper-evident audit trails for privileged actions.',
+    },
+    {
+        id: 'secret-rotation',
+        name: 'Secret Rotation',
+        tier: 'T3',
+        category: 'security',
+        description: 'Rotate API keys and credentials with zero-downtime cutover.',
+    },
+    {
+        id: 'jwt-issuance',
+        name: 'JWT Issuance',
+        tier: 'T2.5',
+        category: 'security',
+        description: 'Mint, sign, and verify JSON Web Tokens with rotation support.',
+    },
+    {
+        id: 'threat-modeling',
+        name: 'Threat Modeling',
+        tier: 'T3',
+        category: 'security',
+        description: 'STRIDE-style threat analysis for system designs.',
+    },
+    // --- data ---
+    {
+        id: 'postgres-migration',
+        name: 'Postgres Migration',
+        tier: 'T2.5',
+        category: 'data',
+        description: 'Author safe, reversible Postgres schema migrations.',
+    },
+    {
+        id: 'etl-windowing',
+        name: 'ETL Windowing',
+        tier: 'T3',
+        category: 'data',
+        description: 'Tumbling/sliding window aggregations for streaming ETL.',
+    },
+    {
+        id: 'schema-evolution',
+        name: 'Schema Evolution',
+        tier: 'T3',
+        category: 'data',
+        description: 'Backwards-compatible schema changes for long-lived data.',
+    },
+    // --- api ---
+    {
+        id: 'rest-design',
+        name: 'REST Design',
+        tier: 'T2',
+        category: 'api',
+        description: 'Design resource-oriented REST endpoints with proper verbs/codes.',
+    },
+    {
+        id: 'graphql-resolver',
+        name: 'GraphQL Resolver',
+        tier: 'T2.5',
+        category: 'api',
+        description: 'Author GraphQL resolvers with dataloader batching.',
+    },
+    {
+        id: 'x402-meter',
+        name: 'x402 Meter',
+        tier: 'T3',
+        category: 'api',
+        description: 'HTTP 402 payment metering middleware for API monetization.',
+    },
+    // --- testing ---
+    {
+        id: 'unit-test-author',
+        name: 'Unit Test Author',
+        tier: 'T1',
+        category: 'testing',
+        description: 'Write focused unit tests with clear arrange/act/assert.',
+    },
+    {
+        id: 'integration-test-author',
+        name: 'Integration Test Author',
+        tier: 'T2',
+        category: 'testing',
+        description: 'Cross-module tests with real or hermetic dependencies.',
+    },
+    {
+        id: 'property-test',
+        name: 'Property Test',
+        tier: 'T2.5',
+        category: 'testing',
+        description: 'Generative property-based testing with shrinking.',
+    },
+    // --- devops ---
+    {
+        id: 'ci-config',
+        name: 'CI Config',
+        tier: 'T2',
+        category: 'devops',
+        description: 'Continuous integration pipelines (GitHub Actions/GitLab CI).',
+    },
+    {
+        id: 'docker-compose',
+        name: 'Docker Compose',
+        tier: 'T2',
+        category: 'devops',
+        description: 'Local multi-service orchestration via docker-compose.',
+    },
+    {
+        id: 'deployment-manifest',
+        name: 'Deployment Manifest',
+        tier: 'T2.5',
+        category: 'devops',
+        description: 'Kubernetes/Nomad deployment manifests with health checks.',
+    },
+    // --- content ---
+    {
+        id: 'copyedit',
+        name: 'Copyedit',
+        tier: 'T1',
+        category: 'content',
+        description: 'Grammar, clarity, and tone editing for written copy.',
+    },
+    {
+        id: 'citation-format',
+        name: 'Citation Format',
+        tier: 'T1',
+        category: 'content',
+        description: 'Format citations in APA/MLA/Chicago style.',
+    },
+    {
+        id: 'seo-optimize',
+        name: 'SEO Optimize',
+        tier: 'T2',
+        category: 'content',
+        description: 'Optimize page content for search engine ranking.',
+    },
+    // --- template-aligned capabilities (TICKET-233) ---
+    { id: "citation-validation", name: "Citation Validation", tier: 'T2', category: "research", description: "Citation Validation — skill declared by kognai-build templates." },
+    { id: "source-credibility", name: "Source Credibility", tier: 'T2', category: "research", description: "Source Credibility — skill declared by kognai-build templates." },
+    { id: "claim-extraction", name: "Claim Extraction", tier: 'T2', category: "research", description: "Claim Extraction — skill declared by kognai-build templates." },
+    { id: "copywriting", name: "Copywriting", tier: 'T2', category: "content", description: "Copywriting — skill declared by kognai-build templates." },
+    { id: "tone-matching", name: "Tone Matching", tier: 'T2', category: "content", description: "Tone Matching — skill declared by kognai-build templates." },
+    { id: "seo-basics", name: "Seo Basics", tier: 'T2', category: "content", description: "Seo Basics — skill declared by kognai-build templates." },
+    { id: "react-patterns", name: "React Patterns", tier: 'T2', category: "frontend", description: "React Patterns — skill declared by kognai-build templates." },
+    { id: "state-management", name: "State Management", tier: 'T2', category: "frontend", description: "State Management — skill declared by kognai-build templates." },
+    { id: "api-integration", name: "Api Integration", tier: 'T2', category: "frontend", description: "Api Integration — skill declared by kognai-build templates." },
+    { id: "invariant-analysis", name: "Invariant Analysis", tier: 'T2', category: "security", description: "Invariant Analysis — skill declared by kognai-build templates." },
+    { id: "reentrancy-detection", name: "Reentrancy Detection", tier: 'T2', category: "security", description: "Reentrancy Detection — skill declared by kognai-build templates." },
+    { id: "gas-optimization", name: "Gas Optimization", tier: 'T2', category: "security", description: "Gas Optimization — skill declared by kognai-build templates." },
+    { id: "phi-redaction", name: "Phi Redaction", tier: 'T2', category: "security", description: "Phi Redaction — skill declared by kognai-build templates." },
+    { id: "cli-design", name: "Cli Design", tier: 'T2', category: "cli", description: "Cli Design — skill declared by kognai-build templates." },
+    { id: "argument-parsing", name: "Argument Parsing", tier: 'T2', category: "cli", description: "Argument Parsing — skill declared by kognai-build templates." },
+    { id: "shell-scripting", name: "Shell Scripting", tier: 'T2', category: "cli", description: "Shell Scripting — skill declared by kognai-build templates." },
+    { id: "idempotency-design", name: "Idempotency Design", tier: 'T2', category: "reliability", description: "Idempotency Design — skill declared by kognai-build templates." },
+    { id: "backpressure-handling", name: "Backpressure Handling", tier: 'T2', category: "reliability", description: "Backpressure Handling — skill declared by kognai-build templates." },
+    { id: "profiling", name: "Profiling", tier: 'T2', category: "performance", description: "Profiling — skill declared by kognai-build templates." },
+    { id: "concurrency-patterns", name: "Concurrency Patterns", tier: 'T2', category: "reliability", description: "Concurrency Patterns — skill declared by kognai-build templates." },
+    { id: "memory-management", name: "Memory Management", tier: 'T2', category: "performance", description: "Memory Management — skill declared by kognai-build templates." },
+    { id: "composition-design", name: "Composition Design", tier: 'T2', category: "media", description: "Composition Design — skill declared by kognai-build templates." },
+    { id: "timing-coordination", name: "Timing Coordination", tier: 'T2', category: "media", description: "Timing Coordination — skill declared by kognai-build templates." },
+    { id: "audio-sync", name: "Audio Sync", tier: 'T2', category: "media", description: "Audio Sync — skill declared by kognai-build templates." },
+];
+// Merge optional workspace overrides (.kognai/skills.json) before the index is
+// built — makes the registry real & extensible, not a frozen catalog.
+(0, registry_overrides_1.applyRegistryOverrides)(exports.SKILL_BANK, 'skills.json');
+/**
+ * Build a lookup index by id, materialized once at module load over the
+ * merged registry.
+ */
+const SKILL_INDEX = new Map(exports.SKILL_BANK.map((entry) => [entry.id, entry]));
+/**
+ * Return skill entries for the given ids, preserving caller order.
+ * Unknown ids are silently skipped — callers that need strict resolution
+ * should diff the returned ids against their input.
+ */
+function getSkillsByIds(ids) {
+    if (!Array.isArray(ids) || ids.length === 0)
+        return [];
+    const out = [];
+    for (const id of ids) {
+        const entry = SKILL_INDEX.get(id);
+        if (entry)
+            out.push(entry);
+    }
+    return out;
+}
+/**
+ * Return all skill entries in the given category. Category match is
+ * case-insensitive to tolerate template author inconsistency.
+ */
+function listSkillsByCategory(category) {
+    if (typeof category !== 'string' || category.length === 0)
+        return [];
+    const needle = category.toLowerCase();
+    return exports.SKILL_BANK.filter((entry) => entry.category.toLowerCase() === needle);
+}
+/** Return any skill ids not present in the registry (for template validation). */
+function unknownSkillIds(ids) {
+    if (!Array.isArray(ids))
+        return [];
+    return ids.filter((id) => !SKILL_INDEX.has(id));
+}

package/dist/lib/swarm-coder-prompt.js

@@ -0,0 +1,39 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.SWARM_CODER_PROMPT = void 0;
+/**
+ * swarm-coder-prompt.ts — the bundled coder agent prompt for --swarm mode
+ * (TICKET-233 Phase 2). The engine loads coding agents from ./agents/<name>/prompt.md;
+ * --swarm scaffolds a working dir and writes this as agents/coder/prompt.md so the
+ * full @kognai/orchestrator-core swarm has a coder to dispatch tasks to.
+ *
+ * Portable (no Kognai-internal paths) — keeps the critical "no reasoning in the
+ * file body" rule and the engine-compatible FILE: output format.
+ */
+exports.SWARM_CODER_PROMPT = `# Coder Agent — Implementation Specialist
+
+You implement code exactly as specified in the task context.
+
+## Core principle
+Write complete, production-ready code. Never truncate. Never use placeholders.
+Every file you produce must be immediately usable without modification.
+
+## Behaviour rules
+1. Read the task context carefully — it is the full specification.
+2. Produce every deliverable file in full — no \`// TODO\`, no \`...\`, no stubs.
+3. TypeScript: strict types, avoid \`any\`, ESM imports, error handling.
+4. Python: type hints, PEP 8, docstrings on public functions.
+5. Output the file content directly — do not explain your code unless asked.
+6. Never write your reasoning into the file. Phrases like "Let me think…",
+   "The problem says…", "Therefore we output…" belong in your scratchpad, NOT in
+   the file. If you catch yourself debating what to output, STOP, decide, then
+   write only the final content. The file is what an end user reads.
+
+## Output format
+For each deliverable, output exactly:
+
+FILE: <relative/path/to/file>
+
+followed immediately by the complete file contents (no code fences — the
+orchestrator strips them). Repeat the FILE: block for each deliverable.
+`;