@kontourai/flow-agents 1.1.0 → 1.3.0

package/src/cli/{flow-kit.ts → kit.ts}

@@ -34,7 +34,7 @@ function contentHash(root: string): string {
   return `sha256:${hash.digest("hex")}`;
 }
 
-/** Content hash that excludes .git and other VCS/cache directories (for install-git clones). */
+/** Content hash that excludes .git and other VCS/cache directories (for install git clones). */
 function kitContentHash(root: string): string {
   const EXCLUDE_DIRS = new Set([".git", "__pycache__", ".pytest_cache"]);
   const hash = crypto.createHash("sha256");
@@ -50,13 +50,40 @@ function kitContentHash(root: string): string {
   return `sha256:${hash.digest("hex")}`;
 }
 
-function installLocal(argv: string[]): number {
+/**
+ * install <source> [--dest <path>] [--force] [--update] [--ref <branch|tag|sha>]
+ *
+ * Installs a Flow Kit from a local path or a git URL.
+ *
+ * - Local path: validates then copies the kit into the destination registry.
+ * - Git URL (http://, https://, git+, ssh://, file://): shallow-clones the repository,
+ *   validates the kit container with @kontourai/flow, then delegates to the install path.
+ *   Supports an optional #ref fragment in the URL or a separate --ref flag.
+ */
+async function install(argv: string[]): Promise<number> {
+  const args = parseArgs(argv);
+  const source = args.positionals[0] ?? "";
+  if (!source) {
+    console.error("install: missing <source> argument");
+    console.error("usage: flow-agents kit install <path-or-git-url> [--dest <path>] [--ref <ref>] [--force] [--update]");
+    return 2;
+  }
+
+  // Detect git URL: starts with http(s)://, git+, ssh://, file://, or ends with .git
+  const isGitUrl = /^(https?:\/\/|git\+|ssh:\/\/|file:\/\/)/.test(source) || source.endsWith(".git");
+
+  if (isGitUrl) {
+    return await installGitSource(source, argv);
+  }
+  return await installLocalSource(path.resolve(source), argv);
+}
+
+async function installLocalSource(source: string, argv: string[]): Promise<number> {
   const args = parseArgs(argv);
-  const source = path.resolve(args.positionals[0] ?? "");
   const dest = path.resolve(flagString(args.flags, "dest", ".") ?? ".");
   let manifest: Record<string, unknown>;
   try {
-    manifest = assertKitRepository(source);
+    manifest = await assertKitRepository(source);
   } catch (error) {
     console.log("Flow Kit repository validation failed:");
     for (const diagnostic of ((error as Error & { diagnostics?: string[] }).diagnostics ?? [(error as Error).message])) console.log(` - ${diagnostic}`);
@@ -93,6 +120,86 @@ function installLocal(argv: string[]): number {
   return 0;
 }
 
+async function installGitSource(rawUrl: string, argv: string[]): Promise<number> {
+  const args = parseArgs(argv);
+
+  // Parse ref: #fragment in URL takes precedence over --ref flag.
+  let repoUrl = rawUrl;
+  let ref: string | null = null;
+  const hashIdx = rawUrl.indexOf("#");
+  if (hashIdx !== -1) {
+    repoUrl = rawUrl.slice(0, hashIdx);
+    ref = rawUrl.slice(hashIdx + 1) || null;
+  }
+  if (!ref) ref = flagString(args.flags, "ref") ?? null;
+
+  const dest = path.resolve(flagString(args.flags, "dest", ".") ?? ".");
+  const force = flagBool(args.flags, "force") ?? false;
+  const update = flagBool(args.flags, "update") ?? false;
+
+  // Shallow-clone into a temporary directory.
+  const tmpBase = fs.mkdtempSync(path.join(os.tmpdir(), "flow-kit-git-"));
+  try {
+    const cloneArgs = ["clone", "--depth", "1"];
+    if (ref) cloneArgs.push("--branch", ref);
+    cloneArgs.push("--", repoUrl, tmpBase);
+    try {
+      child_process.execFileSync("git", cloneArgs, { stdio: ["ignore", "pipe", "pipe"] });
+    } catch (err) {
+      const msg = err instanceof Error && (err as NodeJS.ErrnoException & { stderr?: Buffer }).stderr
+        ? ((err as NodeJS.ErrnoException & { stderr?: Buffer }).stderr as Buffer).toString().trim()
+        : String(err);
+      console.error(`install: git clone failed: ${msg}`);
+      return 1;
+    }
+
+    // Validate the cloned kit using the same logic as install local.
+    let manifest: Record<string, unknown>;
+    try {
+      manifest = await assertKitRepository(tmpBase);
+    } catch (error) {
+      console.log("Flow Kit repository validation failed:");
+      for (const diagnostic of ((error as Error & { diagnostics?: string[] }).diagnostics ?? [(error as Error).message])) {
+        console.log(` - ${diagnostic}`);
+      }
+      return 1;
+    }
+
+    // Delegate to the shared install logic (copy + registry update).
+    const kitId = String(manifest.id);
+    const hash = kitContentHash(tmpBase);
+    const registry = loadRegistry(dest);
+    const existing = registry.kits.find((entry) => entry.id === kitId);
+    const target = installedPath(dest, kitId);
+    assertPathContained(dest, target);
+    const sourceText = repoUrl + (ref ? `#${ref}` : "");
+    if (existing && existing.source !== sourceText && !update) {
+      console.log(`conflict: kit '${kitId}' is already installed from ${existing.source}; rerun with --update to replace it`);
+      return 2;
+    }
+    if (existing && existing.source === sourceText && existing.hash === hash && fs.existsSync(target) && !force) {
+      console.log(`kit '${kitId}' is already installed from ${sourceText}`);
+      return 0;
+    }
+    copyDir(tmpBase, target);
+    const entry: Record<string, unknown> = {
+      id: kitId,
+      source: sourceText,
+      hash,
+      installed_at: existing && existing.source === sourceText && !update ? existing.installed_at : isoNow(),
+      installed_path: target,
+      state: "installed",
+    };
+    if (typeof manifest.version === "string" && manifest.version) entry.version = manifest.version;
+    registry.kits = existing ? registry.kits.map((item) => item.id === kitId ? entry : item) : [...registry.kits, entry];
+    writeJson(registryPath(dest), registry);
+    console.log(`${existing ? "updated" : "installed"} git kit '${kitId}' from ${sourceText} at ${target}`);
+    return 0;
+  } finally {
+    fs.rmSync(tmpBase, { recursive: true, force: true });
+  }
+}
+
 function list(argv: string[]): number {
   const args = parseArgs(argv);
   const dest = path.resolve(flagString(args.flags, "dest", ".") ?? ".");
@@ -153,7 +260,8 @@ function activate(argv: string[]): number {
  * inspect <kit-dir> [--json]
  *
  * Derives conformance level (K0/K1/K2) and consumer targets from a kit's
- * observable asset classes. Exits 1 if the kit fails core container validation.
+ * observable asset classes. Delegates core container validation to @kontourai/flow.
+ * Exits 1 if the kit fails core container validation.
  * Outputs stable JSON suitable for use by catalog tooling and CI.
  *
  * K-levels (issue #52):
@@ -166,7 +274,7 @@ function activate(argv: string[]): number {
  *   flow-agents   present at K1+ (Flow Agents extension activated)
  *   <namespace>   unknown top-level keys list verbatim as third-party consumer targets
  */
-function inspect(argv: string[]): number {
+async function inspect(argv: string[]): Promise<number> {
   const args = parseArgs(argv);
   const kitDir = path.resolve(args.positionals[0] ?? ".");
   const manifestPath = path.join(kitDir, "kit.json");
@@ -181,116 +289,23 @@ function inspect(argv: string[]): number {
     console.error(`inspect: invalid JSON in ${manifestPath}: ${(err as Error).message}`);
     return 1;
   }
-  const result = deriveKitTargets(manifest);
+  // Pass the real kitDir so @kontourai/flow can validate flow file existence for K0.
+  const result = await deriveKitTargets(manifest, kitDir);
   console.log(JSON.stringify(result, null, 2));
   return result.conformance.k0 ? 0 : 1;
 }
 
-
-/**
- * install-git <repo-url>[#ref] [--ref <branch|tag|sha>] [--dest <path>] [--force] [--update]
- *
- * Shallow-clones a remote git repository to a temporary directory, validates the kit
- * container with the same logic used by install-local, then delegates to the existing
- * install path. Supports an optional #ref fragment in the URL or a separate --ref flag.
- *
- * Implements kontourai/flow-agents#56 (git-ref install surface).
- */
-function installGit(argv: string[]): number {
-  const args = parseArgs(argv);
-  const rawUrl = args.positionals[0] ?? "";
-  if (!rawUrl) {
-    console.error("install-git: missing <repo-url> argument");
-    console.error("usage: flow-kit install-git <repo-url>[#ref] [--ref <branch|tag|sha>] [--dest <path>]");
-    return 2;
-  }
-
-  // Parse ref: #fragment in URL takes precedence over --ref flag.
-  let repoUrl = rawUrl;
-  let ref: string | null = null;
-  const hashIdx = rawUrl.indexOf("#");
-  if (hashIdx !== -1) {
-    repoUrl = rawUrl.slice(0, hashIdx);
-    ref = rawUrl.slice(hashIdx + 1) || null;
-  }
-  if (!ref) ref = flagString(args.flags, "ref") ?? null;
-
-  const dest = path.resolve(flagString(args.flags, "dest", ".") ?? ".");
-  const force = flagBool(args.flags, "force") ?? false;
-  const update = flagBool(args.flags, "update") ?? false;
-
-  // Shallow-clone into a temporary directory.
-  const tmpBase = fs.mkdtempSync(path.join(os.tmpdir(), "flow-kit-git-"));
-  try {
-    const cloneArgs = ["clone", "--depth", "1"];
-    if (ref) cloneArgs.push("--branch", ref);
-    cloneArgs.push("--", repoUrl, tmpBase);
-    try {
-      child_process.execFileSync("git", cloneArgs, { stdio: ["ignore", "pipe", "pipe"] });
-    } catch (err) {
-      const msg = err instanceof Error && (err as NodeJS.ErrnoException & { stderr?: Buffer }).stderr
-        ? ((err as NodeJS.ErrnoException & { stderr?: Buffer }).stderr as Buffer).toString().trim()
-        : String(err);
-      console.error(`install-git: git clone failed: ${msg}`);
-      return 1;
-    }
-
-    // Validate the cloned kit using the same logic as install-local.
-    let manifest: Record<string, unknown>;
-    try {
-      manifest = assertKitRepository(tmpBase);
-    } catch (error) {
-      console.log("Flow Kit repository validation failed:");
-      for (const diagnostic of ((error as Error & { diagnostics?: string[] }).diagnostics ?? [(error as Error).message])) {
-        console.log(` - ${diagnostic}`);
-      }
-      return 1;
-    }
-
-    // Delegate to the shared install logic (copy + registry update).
-    const kitId = String(manifest.id);
-    const hash = kitContentHash(tmpBase);
-    const registry = loadRegistry(dest);
-    const existing = registry.kits.find((entry) => entry.id === kitId);
-    const target = installedPath(dest, kitId);
-    assertPathContained(dest, target);
-    const sourceText = repoUrl + (ref ? `#${ref}` : "");
-    if (existing && existing.source !== sourceText && !update) {
-      console.log(`conflict: kit '${kitId}' is already installed from ${existing.source}; rerun with --update to replace it`);
-      return 2;
-    }
-    if (existing && existing.source === sourceText && existing.hash === hash && fs.existsSync(target) && !force) {
-      console.log(`kit '${kitId}' is already installed from ${sourceText}`);
-      return 0;
-    }
-    copyDir(tmpBase, target);
-    const entry: Record<string, unknown> = {
-      id: kitId,
-      source: sourceText,
-      hash,
-      installed_at: existing && existing.source === sourceText && !update ? existing.installed_at : isoNow(),
-      installed_path: target,
-      state: "installed",
-    };
-    if (typeof manifest.version === "string" && manifest.version) entry.version = manifest.version;
-    registry.kits = existing ? registry.kits.map((item) => item.id === kitId ? entry : item) : [...registry.kits, entry];
-    writeJson(registryPath(dest), registry);
-    console.log(`${existing ? "updated" : "installed"} git kit '${kitId}' from ${sourceText} at ${target}`);
-    return 0;
-  } finally {
-    fs.rmSync(tmpBase, { recursive: true, force: true });
-  }
-}
-
-export function main(argv = process.argv.slice(2)): number {
+export async function main(argv = process.argv.slice(2)): Promise<number> {
   const [command, ...rest] = argv;
-  if (command === "install-local") return installLocal(rest);
-  if (command === "install-git") return installGit(rest);
+  if (command === "install") return await install(rest);
+  // Legacy sub-subcommands forwarded for backward compatibility within the kit subcommand.
+  if (command === "install-local") return await installLocalSource(path.resolve(rest[0] ?? ""), rest);
+  if (command === "install-git") return await installGitSource(rest[0] ?? "", rest);
   if (command === "list") return list(rest);
   if (command === "status") return status(rest);
   if (command === "activate") return activate(rest);
-  if (command === "inspect") return inspect(rest);
-  console.error("usage: flow-kit <install-local|install-git|list|status|activate|inspect> ...");
+  if (command === "inspect") return await inspect(rest);
+  console.error("usage: flow-agents kit <install|activate|inspect|list|status> ...");
   return 2;
 }
 
@@ -299,4 +314,4 @@ export function main(argv = process.argv.slice(2)): number {
 // entry-point guard fires correctly when the module is loaded directly as a script.
 const _selfRealPath = (() => { try { return fs.realpathSync(fileURLToPath(import.meta.url)); } catch { return fileURLToPath(import.meta.url); } })();
 const _argv1RealPath = (() => { try { return fs.realpathSync(process.argv[1]); } catch { return process.argv[1]; } })();
-if (_selfRealPath === _argv1RealPath) { process.exitCode = main(); }
+if (_selfRealPath === _argv1RealPath) { main().then((code) => { process.exitCode = code; }).catch((err) => { console.error(err); process.exitCode = 1; }); }

package/src/cli/validate-source-tree.ts

@@ -2,11 +2,11 @@ import * as path from "node:path";
 import { parseArgs } from "../lib/args.js";
 import { validateKitRepository } from "../flow-kit/validate.js";
 
-export function main(argv = process.argv.slice(2)): number {
+export async function main(argv = process.argv.slice(2)): Promise<number> {
   const args = parseArgs(argv);
   const kit = args.flags.kit;
   if (typeof kit === "string") {
-    const errors = validateKitRepository(path.resolve(kit));
+    const errors = await validateKitRepository(path.resolve(kit));
     if (errors.length) {
       console.log("Flow Kit repository validation failed:");
       for (const error of errors) console.log(` - ${error}`);
@@ -17,7 +17,7 @@ export function main(argv = process.argv.slice(2)): number {
   }
   const root = path.resolve(".");
   const builder = path.join(root, "kits", "builder");
-  const errors = validateKitRepository(builder);
+  const errors = await validateKitRepository(builder);
   if (errors.length) {
     console.log("Source tree validation failed:");
     for (const error of errors) console.log(` - ${error}`);
@@ -33,4 +33,4 @@ import * as _fsVST from "node:fs";
 import { fileURLToPath as _ftpVST } from "node:url";
 const _selfVST = (() => { try { return _fsVST.realpathSync(_ftpVST(import.meta.url)); } catch { return _ftpVST(import.meta.url); } })();
 const _argv1VST = (() => { try { return _fsVST.realpathSync(process.argv[1]); } catch { return process.argv[1]; } })();
-if (_selfVST === _argv1VST) { process.exitCode = main(); }
+if (_selfVST === _argv1VST) { main().then((code) => { process.exitCode = code; }).catch((err) => { console.error(err); process.exitCode = 1; }); }

package/src/cli/workflow-sidecar.ts

@@ -2,6 +2,7 @@
 import * as fs from "node:fs";
 import * as path from "node:path";
 import { execFileSync } from "node:child_process";
+import { createRequire } from "node:module";
 
 type AnyObj = Record<string, any>;
 
@@ -24,6 +25,46 @@ function appendJsonl(file: string, payload: AnyObj): void {
 function die(message: string): never { throw new Error(message); }
 function slugify(value: string, fallback: string): string { return value.toLowerCase().replace(/[^a-z0-9]+/g, "-").replace(/^-|-$/g, "") || fallback; }
 
+// Optional Hachure trust-bundle validation. No-ops gracefully when hachure is not installed.
+// Install hachure (^0.4.0) as an optional dependency to enable schema validation.
+function tryLoadHachureValidator(): ((bundle: unknown) => { valid: boolean; errors: string[] }) | null {
+  try {
+    const _require = createRequire(import.meta.url);
+    const hachureDir = path.dirname(_require.resolve("hachure"));
+    const schemasDir = path.join(hachureDir, "schemas");
+    const Ajv = _require("ajv/dist/2020");
+    const schemas: Record<string, any> = {};
+    for (const file of fs.readdirSync(schemasDir)) {
+      if (!file.endsWith(".schema.json")) continue;
+      schemas[file] = JSON.parse(fs.readFileSync(path.join(schemasDir, file), "utf8"));
+    }
+    const ajv = new Ajv({ strict: false, allErrors: true });
+    for (const [filename, schema] of Object.entries(schemas)) {
+      if (filename === "trust-bundle.schema.json") continue;
+      ajv.addSchema(schema, filename);
+    }
+    const trustBundleSchema = schemas["trust-bundle.schema.json"];
+    if (!trustBundleSchema) return null;
+    const validate = ajv.compile(trustBundleSchema);
+    return (bundle: unknown) => {
+      const valid = validate(bundle);
+      if (valid) return { valid: true, errors: [] };
+      const errors = ((validate as any).errors ?? []).map((err: any) => {
+        const loc = err.instancePath || err.schemaPath || "";
+        return `${loc} ${err.message ?? "invalid"}`.trim();
+      });
+      return { valid: false, errors };
+    };
+  } catch {
+    return null;
+  }
+}
+let _hachureValidator: ReturnType<typeof tryLoadHachureValidator> | undefined;
+function getHachureValidator(): ReturnType<typeof tryLoadHachureValidator> {
+  if (_hachureValidator === undefined) _hachureValidator = tryLoadHachureValidator();
+  return _hachureValidator;
+}
+
 function safeRepoIdentifier(value: string): string {
   const trimmed = value.trim().replace(/\.git$/, "");
   if (!trimmed || trimmed.length > 120) return "";
@@ -372,11 +413,27 @@ function normalizeCheck(raw: AnyObj): AnyObj {
 }
 function normalizeSurfaceRefs(refs: any): AnyObj[] {
   if (!Array.isArray(refs)) die("surface_trust_refs must be an array");
+  const hachureValidate = getHachureValidator();
   return refs.map((ref) => {
     const keys = JSON.stringify(ref).match(/"([^"]+)":/g) ?? [];
     for (const key of keys.map((k) => k.slice(1, -2))) if (key.toLowerCase().includes("veritas")) die(`unsupported field in Surface trust ref: ${key}`);
     const out = { ...ref };
-    if (!["TrustReport", "Trust Snapshot"].includes(out.artifact_kind)) die("artifact_kind must be one of");
+    // trust.bundle is the canonical Hachure-aligned artifact kind; TrustReport/Trust Snapshot are legacy aliases
+    if (!["trust.bundle", "TrustReport", "Trust Snapshot"].includes(out.artifact_kind)) die("artifact_kind must be one of: trust.bundle, TrustReport, Trust Snapshot");
+    // When hachure is installed, validate the referenced trust artifact if it is a local file
+    if (hachureValidate && out.artifact_ref && typeof out.artifact_ref === "string" && fs.existsSync(out.artifact_ref)) {
+      try {
+        const bundle = JSON.parse(fs.readFileSync(out.artifact_ref, "utf8"));
+        const result = hachureValidate(bundle);
+        if (!result.valid) {
+          const errorSummary = result.errors.slice(0, 3).join("; ");
+          die(`trust.bundle artifact at ${out.artifact_ref} failed Hachure schema validation: ${errorSummary}`);
+        }
+      } catch (err) {
+        if (err instanceof Error && err.message.includes("failed Hachure schema validation")) throw err;
+        // File read or parse errors are not re-thrown: the artifact_ref validation path is advisory
+      }
+    }
     const status = deriveSurfaceStatus(out);
     if (out.status === "pass" && status !== "pass") die("surface_trust_refs contradicts Surface trust facts");
     return out;
@@ -394,15 +451,16 @@ function surfaceCheckFromArtifact(file: string, index: number): AnyObj {
   const lower = JSON.stringify(raw).toLowerCase();
   let ref: AnyObj;
   if (lower.includes("provider") && lower.includes("absent")) {
-    ref = { artifact_kind: "TrustReport", artifact_ref: file, gate_id: "provider.unavailable", claim_type: "surface.claim", claim_status: "unknown", subject: "builder-kit", freshness: { status: "unknown", summary: "No trust provider is configured" }, authority: { producer: "unknown", summary: "No trust provider is configured" }, integrity: { status: "unknown", summary: "Unknown" }, status: "not_verified", summary: "No trust provider is configured" };
+    ref = { artifact_kind: "trust.bundle", artifact_ref: file, gate_id: "provider.unavailable", claim_type: "builder.trust.bundle", claim_status: "unknown", subject: "builder-kit", freshness: { status: "unknown", summary: "No trust provider is configured" }, authority: { producer: "unknown", summary: "No trust provider is configured" }, integrity: { status: "unknown", summary: "Unknown" }, status: "not_verified", summary: "No trust provider is configured" };
   } else if (lower.includes("artifact") && lower.includes("absent")) {
-    ref = { artifact_kind: "TrustReport", artifact_ref: file, gate_id: "artifact.unavailable", claim_type: "surface.claim", claim_status: "unknown", subject: "builder-kit", freshness: { status: "unknown", summary: "Artifact not readable" }, authority: { producer: "unknown", summary: "Artifact not readable" }, integrity: { status: "unknown", summary: "Artifact not readable" }, status: "not_verified", summary: "artifact not readable" };
+    ref = { artifact_kind: "trust.bundle", artifact_ref: file, gate_id: "artifact.unavailable", claim_type: "builder.trust.bundle", claim_status: "unknown", subject: "builder-kit", freshness: { status: "unknown", summary: "Artifact not readable" }, authority: { producer: "unknown", summary: "Artifact not readable" }, integrity: { status: "unknown", summary: "Artifact not readable" }, status: "not_verified", summary: "artifact not readable" };
   } else {
     const claimStatus = lower.includes("rejected") ? "rejected" : "accepted";
     const freshness = lower.includes("stale") ? "stale" : "fresh";
     const producer = lower.includes("missing-authority") ? "unknown" : "surface-local";
     const integrity = lower.includes("mismatch") ? "mismatch" : "matched";
-    ref = { artifact_kind: file.includes("snapshot") ? "Trust Snapshot" : "TrustReport", artifact_ref: file, gate_id: "builder.surface.claim", claim_type: "surface.claim", claim_status: claimStatus, subject: "builder-kit", freshness: { status: freshness, summary: freshness === "fresh" ? "fresh" : "not currently verifiable" }, authority: { producer, summary: producer === "unknown" ? "missing authority" : "Local Surface trust producer." }, integrity: { status: integrity, summary: integrity === "matched" ? "matched" : "integrity mismatch" } };
+    // Use trust.bundle as the canonical Hachure-aligned artifact_kind for all trust-backed evidence refs
+    ref = { artifact_kind: "trust.bundle", artifact_ref: file, gate_id: "builder.trust.bundle", claim_type: "builder.trust.bundle", claim_status: claimStatus, subject: "builder-kit", freshness: { status: freshness, summary: freshness === "fresh" ? "fresh" : "not currently verifiable" }, authority: { producer, summary: producer === "unknown" ? "missing authority" : "Local Surface trust producer." }, integrity: { status: integrity, summary: integrity === "matched" ? "matched" : "integrity mismatch" } };
     ref.status = deriveSurfaceStatus(ref);
     ref.summary = ref.status === "pass" ? "accepted" : ref.status === "not_verified" ? "not currently verifiable" : (claimStatus === "rejected" ? "rejected" : producer === "unknown" ? "missing authority" : "integrity mismatch");
   }

package/src/cli.ts

@@ -2,7 +2,7 @@
 import { basename } from "node:path";
 import { main as effectiveBacklogSettings } from "./cli/effective-backlog-settings.js";
 import { main as consoleLearningProjection } from "./cli/console-learning-projection.js";
-import { main as flowKit } from "./cli/flow-kit.js";
+import { main as kit } from "./cli/kit.js";
 import { main as fixtureRetirementAudit } from "./cli/fixture-retirement-audit.js";
 import { main as init } from "./cli/init.js";
 import { main as promoteWorkflowArtifact } from "./cli/promote-workflow-artifact.js";
@@ -28,7 +28,7 @@ const availableCommands = new Map<string, (argv: string[]) => number | Promise<n
   ["effective-backlog-settings", effectiveBacklogSettings],
   ["filter-installed-packs", filterInstalledPacks],
   ["fixture-retirement-audit", fixtureRetirementAudit],
-  ["flow-kit", flowKit],
+  ["kit", kit],
   ["init", init],
   ["promote-workflow-artifact", promoteWorkflowArtifact],
   ["publish-change", publishChange],
@@ -51,7 +51,7 @@ const aliases = new Map<string, string>([
   ["flow-agents-effective-backlog-settings", "effective-backlog-settings"],
   ["flow-agents-filter-installed-packs", "filter-installed-packs"],
   ["flow-agents-fixture-retirement-audit", "fixture-retirement-audit"],
-  ["flow-agents-flow-kit", "flow-kit"],
+  ["flow-agents-kit", "kit"],
   ["flow-agents-promote-workflow-artifact", "promote-workflow-artifact"],
   ["flow-agents-publish-change", "publish-change"],
   ["flow-agents-pull-work-provider", "pull-work-provider"],