@kungfu-tech/buildchain 2.2.3-alpha.0 → 2.2.3

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
package/AGENTS.md CHANGED
@@ -29,7 +29,7 @@ For new repositories, prefer the CLI:
29
29
  ```sh
30
30
  npx @kungfu-tech/buildchain init --type package
31
31
  npx @kungfu-tech/buildchain validate --require-version-state
32
- npx @kungfu-tech/buildchain release --dry-run --target-ref alpha/v2/v2.0
32
+ npx @kungfu-tech/buildchain release --dry-run --target-ref alpha/v2/v2.2
33
33
  ```
34
34
 
35
35
  See [`docs/cli.md`](docs/cli.md), [`docs/lifecycle-protocol.md`](docs/lifecycle-protocol.md),
package/README.md CHANGED
@@ -55,11 +55,31 @@ npx buildchain version
55
55
  npx buildchain doctor --json
56
56
  ```
57
57
 
58
- The npm package exposes the `buildchain` command and importable toolkit APIs:
58
+ The npm package is also the Buildchain toolkit. Use the command when a workflow
59
+ or shell step needs an executable; use the ESM APIs directly from JavaScript
60
+ build scripts. JavaScript callers should import the package instead of spawning
61
+ the CLI or unpacking the standalone binary:
59
62
 
60
63
  ```js
61
- import { createBuildchainLogger } from "@kungfu-tech/buildchain/logging";
62
- import { verifyReleasePassport } from "@kungfu-tech/buildchain/release-passport";
64
+ import {
65
+ createBuildchainLogger,
66
+ verifyBuildchainLogEvents,
67
+ } from "@kungfu-tech/buildchain/logging";
68
+
69
+ const logger = createBuildchainLogger({
70
+ path: ".buildchain/logs/native-build.jsonl",
71
+ source: "user",
72
+ component: "native-build",
73
+ });
74
+
75
+ await logger.span("native.compile", { phase: "build" }, async () => {
76
+ await compileNativeTargets();
77
+ });
78
+
79
+ const report = verifyBuildchainLogEvents({
80
+ path: logger.path,
81
+ requireEvents: ["native.compile.start", "native.compile.end"],
82
+ });
63
83
  ```
64
84
 
65
85
  The package also ships `dist/site/` as the Buildchain-owned fact source for
@@ -130,7 +150,18 @@ should open a new major line.
130
150
 
131
151
  ## Toolkit Observability
132
152
 
133
- Buildchain includes a logging toolkit for release and build steps:
153
+ Buildchain includes a logging toolkit for release and build steps. Inside
154
+ JavaScript build code, prefer the package API:
155
+
156
+ ```js
157
+ import { createBuildchainLogger } from "@kungfu-tech/buildchain/logging";
158
+
159
+ const logger = createBuildchainLogger({ source: "user", component: "conan" });
160
+ logger.mark("conan.profile.ready", { phase: "configure" });
161
+ await logger.span("conan.install", { phase: "dependencies" }, runConanInstall);
162
+ ```
163
+
164
+ In workflows or shell scripts, use the equivalent CLI:
134
165
 
135
166
  ```bash
136
167
  buildchain mark --event native.configure --phase configure --component cmake
package/docs/MAP.md CHANGED
@@ -21,6 +21,7 @@ running artifact), *use* (consume / extend) - and a **status**:
21
21
  | How do agents and contributors enter this repo? | [`../AGENTS.md`](../AGENTS.md) + [`../CONTRIBUTING.md`](../CONTRIBUTING.md) | use | stable |
22
22
  | How do I install a standalone binary or npm package? | [`install.md`](install.md) | use | stable |
23
23
  | How do I run the `buildchain` CLI? | [`cli.md`](cli.md) | use | stable |
24
+ | How do I import Buildchain toolkit APIs from JavaScript build code? | [`toolkit-observability.md`](toolkit-observability.md) + [`../packages/core/README.md`](../packages/core/README.md) | use | stable |
24
25
  | How do I initialize a new repository? | [`cli.md`](cli.md) + [`lifecycle-protocol.md`](lifecycle-protocol.md) | use | stable |
25
26
  | Why does Buildchain use branch-driven release governance? | [`release-governance.md`](release-governance.md) | why | stable |
26
27
  | How does Buildchain decide patch, minor, and major release lines? | [`versioning.md`](versioning.md) | why | stable |
@@ -67,7 +68,8 @@ running artifact), *use* (consume / extend) - and a **status**:
67
68
  [`release-passport.md`](release-passport.md),
68
69
  [`binary-distribution.md`](binary-distribution.md), and [`cli.md`](cli.md).
69
70
  - **Buildchain logging / timestamps / consumer build phase timing** ->
70
- [`toolkit-observability.md`](toolkit-observability.md) and [`cli.md`](cli.md).
71
+ [`toolkit-observability.md`](toolkit-observability.md) for JavaScript API
72
+ imports, and [`cli.md`](cli.md) for workflow or shell command usage.
71
73
  - **buildchain.libkungfu.dev / package-owned site facts** ->
72
74
  [`site-bundle-contract.md`](site-bundle-contract.md).
73
75
  - **sites / web previews / staging / production gates** ->
package/docs/cli.md CHANGED
@@ -1,8 +1,8 @@
1
- # Buildchain CLI and npm Package
1
+ # Buildchain CLI, npm Package, and Toolkit API
2
2
 
3
3
  Buildchain is published as the public npm package
4
4
  `@kungfu-tech/buildchain`. The package contains the `buildchain` command,
5
- the shared core libraries, and the local scripts needed to initialize and
5
+ the importable ESM toolkit APIs, and the local scripts needed to initialize and
6
6
  validate repositories before they use the reusable GitHub workflow surface.
7
7
 
8
8
  The npm package is not the release authority. Release authority still comes
@@ -27,6 +27,22 @@ pnpm add -D @kungfu-tech/buildchain
27
27
  pnpm exec buildchain validate
28
28
  ```
29
29
 
30
+ Use the package API directly inside JavaScript build scripts:
31
+
32
+ ```js
33
+ import { createBuildchainLogger } from "@kungfu-tech/buildchain/logging";
34
+
35
+ const logger = createBuildchainLogger({ source: "user", component: "build" });
36
+ await logger.span("build.native", { phase: "build" }, async () => {
37
+ await buildNativeArtifacts();
38
+ });
39
+ ```
40
+
41
+ The standalone binary and CLI are for workflow steps, shell scripts, and
42
+ non-JavaScript environments. JavaScript code that already depends on
43
+ `@kungfu-tech/buildchain` should import the toolkit API instead of spawning
44
+ `npx buildchain` or a downloaded binary.
45
+
30
46
  ## Commands
31
47
 
32
48
  `buildchain init` writes a starter `buildchain.toml` and a reusable workflow
@@ -153,9 +169,9 @@ for agents: trust, completeness, impact, recovery route, and next action.
153
169
  maintainer opens or merges a channel PR:
154
170
 
155
171
  ```bash
156
- buildchain release --dry-run --target-ref alpha/v2/v2.0
157
- buildchain release --dry-run --target-ref release/v2/v2.0 --sha <verified-sha>
158
- buildchain release dry-run --target-ref publish-gate/major --source-ref release/v2/v2.0
172
+ buildchain release --dry-run --target-ref alpha/v2/v2.2
173
+ buildchain release --dry-run --target-ref release/v2/v2.2 --sha <verified-sha>
174
+ buildchain release dry-run --target-ref publish-gate/major --source-ref release/v2/v2.2
159
175
  buildchain release explain --target-ref alpha/v2/v2.1 --json
160
176
  ```
161
177
 
@@ -4,6 +4,82 @@ Buildchain ships a small logging toolkit for repository workflows and project
4
4
  scripts. The goal is to separate time spent in Buildchain's framework from time
5
5
  spent in the consumer's own build, test, packaging, and publish steps.
6
6
 
7
+ ## Choose API or CLI
8
+
9
+ `@kungfu-tech/buildchain` is not only a CLI package. It exports ESM toolkit APIs
10
+ that project scripts can import directly:
11
+
12
+ ```js
13
+ import { createBuildchainLogger } from "@kungfu-tech/buildchain/logging";
14
+ ```
15
+
16
+ Use the API inside JavaScript or TypeScript build code. Do not spawn
17
+ `buildchain`, download the standalone binary, or shell out through `npx` from
18
+ code that can import the package. The CLI is for GitHub Actions steps, shell
19
+ scripts, and non-JavaScript tools.
20
+
21
+ When a script runs inside `buildchain lifecycle run`, the lifecycle runner sets
22
+ `BUILDCHAIN_LOG_PATH` and `BUILDCHAIN_LOG_RUN_ID`. Imported loggers pick up those
23
+ environment variables automatically, so events emitted deep inside the build are
24
+ grouped into the same lifecycle summary.
25
+
26
+ Outside a Buildchain lifecycle or GitHub Actions run, the logger defaults to
27
+ console output unless a path is provided. Pass `path` when local scripts should
28
+ write a reusable JSONL log:
29
+
30
+ ```js
31
+ const logger = createBuildchainLogger({
32
+ path: ".buildchain/logs/native-build.jsonl",
33
+ source: "user",
34
+ component: "native-build",
35
+ });
36
+ ```
37
+
38
+ ## Library API
39
+
40
+ ```js
41
+ import {
42
+ createBuildchainLogger,
43
+ verifyBuildchainLogEvents,
44
+ } from "@kungfu-tech/buildchain/logging";
45
+
46
+ const logger = createBuildchainLogger({
47
+ source: "user",
48
+ component: "native-build",
49
+ });
50
+
51
+ logger.mark("configure.ready", {
52
+ phase: "configure",
53
+ attributes: { preset: "release" },
54
+ });
55
+
56
+ await logger.span("native.compile", {
57
+ phase: "build",
58
+ attributes: { target: "release" },
59
+ }, async () => {
60
+ await compile();
61
+ });
62
+
63
+ const report = verifyBuildchainLogEvents({
64
+ path: logger.path,
65
+ minEvents: 3,
66
+ requirePhases: ["configure", "build"],
67
+ requireEvents: [
68
+ "configure.ready",
69
+ "native.compile.start",
70
+ "native.compile.end",
71
+ ],
72
+ });
73
+
74
+ if (!report.ok) {
75
+ throw new Error("Buildchain observability verification failed");
76
+ }
77
+ ```
78
+
79
+ Use the API when a build script has internal stages that are invisible to the
80
+ outer workflow. Keep secret values out of attributes; known sensitive keys are
81
+ redacted, but callers should still avoid logging private material.
82
+
7
83
  ## CLI Logging
8
84
 
9
85
  ```bash
@@ -26,31 +102,6 @@ buildchain verify observability-log .buildchain/logs/events.jsonl --min-events 4
26
102
  Every event records a timestamp. `span` records duration and preserves the
27
103
  wrapped command's exit code.
28
104
 
29
- ## Library API
30
-
31
- ```js
32
- import { createBuildchainLogger } from "@kungfu-tech/buildchain/logging";
33
-
34
- const logger = createBuildchainLogger({
35
- source: "consumer",
36
- component: "native-build",
37
- phase: "compile",
38
- });
39
-
40
- const span = logger.span("native.compile", { attributes: { target: "release" } });
41
- try {
42
- await compile();
43
- span.end();
44
- } catch (error) {
45
- span.error(error);
46
- throw error;
47
- }
48
- ```
49
-
50
- Use the API when a build script has internal stages that are invisible to the
51
- outer workflow. Keep secret values out of attributes; known sensitive keys are
52
- redacted, but callers should still avoid logging private material.
53
-
54
105
  ## Release Gate
55
106
 
56
107
  Buildchain's own binary distribution lane verifies required log events before
@@ -67,4 +118,3 @@ buildchain verify observability-log .buildchain/logs/events.jsonl \
67
118
 
68
119
  This makes missing instrumentation a release failure instead of a dashboard
69
120
  afterthought.
70
-
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "@kungfu-tech/buildchain",
3
- "version": "2.2.3-alpha.0",
3
+ "version": "2.2.3",
4
4
  "private": false,
5
5
  "description": "Buildchain Release Passport, release governance, CLI toolkit, and site facts.",
6
6
  "repository": "https://github.com/kungfu-systems/buildchain",
@@ -9,6 +9,24 @@ Current shared surfaces:
9
9
  - version-state file discovery and update helpers;
10
10
  - lifecycle stage normalization and execution;
11
11
  - config validation for release-package and `web-surface` projects.
12
+ - toolkit observability logging through `@kungfu-tech/buildchain/logging`;
13
+ - release passport creation and verification through
14
+ `@kungfu-tech/buildchain/release-passport`.
15
+
16
+ ## Toolkit Imports
17
+
18
+ The npm package exports ESM APIs. JavaScript build scripts should import these
19
+ APIs directly instead of spawning the `buildchain` CLI:
20
+
21
+ ```js
22
+ import { createBuildchainLogger } from "@kungfu-tech/buildchain/logging";
23
+
24
+ const logger = createBuildchainLogger({ source: "user", component: "native" });
25
+ await logger.span("native.package", { phase: "package" }, packageArtifacts);
26
+ ```
27
+
28
+ The CLI remains the right surface for GitHub Actions steps, shell scripts, and
29
+ non-JavaScript build tools.
12
30
 
13
31
  Web-surface validation stays in core because both local scripts and GitHub
14
32
  Actions need the same fail-closed interpretation of project, channel, deploy,