@kya-os/contracts 1.7.20 → 1.7.22

package/dist/molti/schemas.js

@@ -0,0 +1,267 @@
+"use strict";
+/**
+ * Molti Deployment Zod Validation Schemas
+ *
+ * Runtime validation schemas for the Molti deployment API.
+ * These schemas ensure request/response validation at API boundaries.
+ *
+ * @package @kya-os/contracts/molti
+ */
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.moltiSSEEventSchema = exports.moltiSSEKeepaliveEventSchema = exports.moltiSSEErrorEventSchema = exports.moltiSSECompleteEventSchema = exports.moltiSSEProgressEventSchema = exports.moltiHealthStatusSchema = exports.moltiDeployResponseSchema = exports.moltiDeploySuccessResponseSchema = exports.moltiDeployErrorResponseSchema = exports.moltiDeployErrorCodeSchema = exports.moltiDeployResultSchema = exports.moltiDeployProgressSchema = exports.moltiDeployStepSchema = exports.moltiDeployStepStatusSchema = exports.moltiDeployStepIdSchema = exports.moltiDeployStartResponseSchema = exports.moltiDeployRequestSchema = exports.moltiDeployConfigSchema = exports.moltiContainerStatusSchema = exports.moltiInstanceTypeSchema = exports.moltiIdentityConfigSchema = void 0;
+const zod_1 = require("zod");
+// ============================================================================
+// Shared Validation
+// ============================================================================
+/**
+ * Shared project name validation — lowercase alphanumeric with hyphens.
+ * Reused by both moltiDeployConfigSchema and moltiDeployRequestSchema.
+ */
+const projectNameSchema = zod_1.z
+    .string()
+    .min(1, "Project name is required")
+    .max(100, "Project name must be 100 characters or less")
+    .regex(/^[a-z0-9](?:[a-z0-9-]*[a-z0-9])?$/, "Project name must be lowercase, alphanumeric with hyphens");
+// ============================================================================
+// Identity Schemas
+// ============================================================================
+/**
+ * Molti identity configuration schema
+ */
+exports.moltiIdentityConfigSchema = zod_1.z.object({
+    did: zod_1.z.string().min(1).startsWith("did:key:"),
+    publicKey: zod_1.z.string().min(1),
+    agentName: zod_1.z.string().max(255).optional(),
+    agentDescription: zod_1.z.string().max(2000).optional(),
+});
+// ============================================================================
+// Container Schemas
+// ============================================================================
+/**
+ * Container instance type schema
+ */
+exports.moltiInstanceTypeSchema = zod_1.z.enum([
+    "lite",
+    "basic",
+    "standard-1",
+    "standard-2",
+    "standard-3",
+    "standard-4",
+]);
+/**
+ * Container runtime status schema
+ */
+exports.moltiContainerStatusSchema = zod_1.z.enum([
+    "pending",
+    "deploying",
+    "running",
+    "stopped",
+    "unhealthy",
+    "error",
+]);
+// ============================================================================
+// Deploy Configuration Schemas
+// ============================================================================
+/**
+ * Molti deploy configuration schema
+ */
+exports.moltiDeployConfigSchema = zod_1.z.object({
+    projectName: projectNameSchema,
+    agentName: zod_1.z.string().max(255).optional(),
+    agentDescription: zod_1.z.string().max(2000).optional(),
+    agentShieldProjectId: zod_1.z.string().optional(),
+    agentShieldApiKey: zod_1.z.string().optional(),
+    instanceType: exports.moltiInstanceTypeSchema.optional(),
+    enableReputation: zod_1.z.boolean().optional(),
+});
+// ============================================================================
+// Deploy Request/Response Schemas
+// ============================================================================
+/**
+ * Molti deploy request schema
+ * POST /api/internal/deploy/molti/start
+ */
+exports.moltiDeployRequestSchema = zod_1.z.object({
+    projectName: projectNameSchema,
+    agentName: zod_1.z.string().max(255).optional(),
+    agentDescription: zod_1.z.string().max(2000).optional(),
+    organizationId: zod_1.z.string().uuid(),
+    existingProjectId: zod_1.z.string().uuid().optional(),
+    instanceType: exports.moltiInstanceTypeSchema.optional(),
+    enableReputation: zod_1.z.boolean().default(true),
+});
+/**
+ * Molti deploy start response schema
+ */
+exports.moltiDeployStartResponseSchema = zod_1.z.object({
+    success: zod_1.z.literal(true),
+    deploymentId: zod_1.z.string().uuid(),
+});
+// ============================================================================
+// Deploy Progress Schemas
+// ============================================================================
+/**
+ * Deploy step ID schema
+ */
+exports.moltiDeployStepIdSchema = zod_1.z.enum([
+    "github_verify",
+    "project_create",
+    "api_key_create",
+    "kta_register",
+    "scaffold",
+    "repo_create",
+    "commit_files",
+    "add_secrets",
+    "gateway_route",
+]);
+/**
+ * Deploy step status schema
+ */
+exports.moltiDeployStepStatusSchema = zod_1.z.enum([
+    "pending",
+    "in_progress",
+    "completed",
+    "failed",
+    "skipped",
+]);
+/**
+ * Individual deploy step schema
+ */
+exports.moltiDeployStepSchema = zod_1.z.object({
+    id: exports.moltiDeployStepIdSchema,
+    name: zod_1.z.string().min(1),
+    status: exports.moltiDeployStepStatusSchema,
+    message: zod_1.z.string().optional(),
+    startedAt: zod_1.z.string().datetime().optional(),
+    completedAt: zod_1.z.string().datetime().optional(),
+});
+/**
+ * Overall deployment progress schema
+ */
+exports.moltiDeployProgressSchema = zod_1.z.object({
+    deploymentId: zod_1.z.string().uuid(),
+    steps: zod_1.z.array(exports.moltiDeployStepSchema),
+    currentStep: zod_1.z.number().int().min(0),
+    totalSteps: zod_1.z.number().int().positive(),
+    overallStatus: zod_1.z.enum(["pending", "in_progress", "completed", "failed"]),
+});
+// ============================================================================
+// Deploy Result Schemas
+// ============================================================================
+/**
+ * Successful deploy result schema
+ */
+exports.moltiDeployResultSchema = zod_1.z.object({
+    agentDid: zod_1.z.string().min(1).startsWith("did:key:"),
+    repoUrl: zod_1.z.string().url(),
+    repoFullName: zod_1.z.string().regex(/^[a-zA-Z0-9_-]+\/[a-zA-Z0-9_.-]+$/),
+    projectId: zod_1.z.string().uuid(),
+    projectFriendlyId: zod_1.z.string().min(1),
+    ktaClaimUrl: zod_1.z.string().url().optional(),
+    deployButtonUrl: zod_1.z.string().url(),
+    gatewayHostname: zod_1.z.string().optional(),
+});
+/**
+ * Molti deploy error codes schema
+ */
+exports.moltiDeployErrorCodeSchema = zod_1.z.enum([
+    "GITHUB_NOT_CONNECTED",
+    "REPO_NAME_TAKEN",
+    "REPO_NAME_INVALID",
+    "RATE_LIMIT_EXCEEDED",
+    "PLAN_LIMIT_EXCEEDED",
+    "SCAFFOLDER_ERROR",
+    "IDENTITY_ERROR",
+    "PROJECT_CREATION_ERROR",
+    "KTA_REGISTRATION_ERROR",
+    "SECRETS_ERROR",
+    "GATEWAY_ERROR",
+    "GITHUB_API_ERROR",
+    "INTERNAL_ERROR",
+]);
+/**
+ * Molti deploy error response schema
+ */
+exports.moltiDeployErrorResponseSchema = zod_1.z.object({
+    success: zod_1.z.literal(false),
+    error: zod_1.z.object({
+        code: exports.moltiDeployErrorCodeSchema,
+        message: zod_1.z.string(),
+        details: zod_1.z.record(zod_1.z.unknown()).optional(),
+    }),
+});
+/**
+ * Molti deploy success response schema
+ */
+exports.moltiDeploySuccessResponseSchema = zod_1.z.object({
+    success: zod_1.z.literal(true),
+    data: exports.moltiDeployResultSchema,
+});
+/**
+ * Molti deploy response union schema
+ */
+exports.moltiDeployResponseSchema = zod_1.z.discriminatedUnion("success", [
+    exports.moltiDeploySuccessResponseSchema,
+    exports.moltiDeployErrorResponseSchema,
+]);
+// ============================================================================
+// Health Status Schemas
+// ============================================================================
+/**
+ * Health check response schema
+ */
+exports.moltiHealthStatusSchema = zod_1.z.object({
+    agentDid: zod_1.z.string().min(1),
+    containerStatus: exports.moltiContainerStatusSchema,
+    gatewayRunning: zod_1.z.boolean(),
+    gatewayPort: zod_1.z.number().int().positive(),
+    uptimeSeconds: zod_1.z.number().min(0).optional(),
+    lastCheckedAt: zod_1.z.string().datetime(),
+    workerUrl: zod_1.z.string().url().optional(),
+});
+// ============================================================================
+// SSE Event Schemas
+// ============================================================================
+/**
+ * SSE progress event schema
+ */
+exports.moltiSSEProgressEventSchema = zod_1.z.object({
+    type: zod_1.z.literal("progress"),
+    data: exports.moltiDeployProgressSchema,
+});
+/**
+ * SSE completion event schema
+ */
+exports.moltiSSECompleteEventSchema = zod_1.z.object({
+    type: zod_1.z.literal("complete"),
+    data: exports.moltiDeployResultSchema,
+});
+/**
+ * SSE error event schema
+ */
+exports.moltiSSEErrorEventSchema = zod_1.z.object({
+    type: zod_1.z.literal("error"),
+    data: zod_1.z.object({
+        code: exports.moltiDeployErrorCodeSchema,
+        message: zod_1.z.string(),
+        step: exports.moltiDeployStepIdSchema.optional(),
+    }),
+});
+/**
+ * SSE keepalive event schema
+ */
+exports.moltiSSEKeepaliveEventSchema = zod_1.z.object({
+    type: zod_1.z.literal("keepalive"),
+    data: zod_1.z.object({
+        timestamp: zod_1.z.string().datetime(),
+    }),
+});
+/**
+ * Union of all SSE event schemas
+ */
+exports.moltiSSEEventSchema = zod_1.z.discriminatedUnion("type", [
+    exports.moltiSSEProgressEventSchema,
+    exports.moltiSSECompleteEventSchema,
+    exports.moltiSSEErrorEventSchema,
+    exports.moltiSSEKeepaliveEventSchema,
+]);

package/dist/molti/types.d.ts

@@ -0,0 +1,216 @@
+/**
+ * Molti Deployment Type Definitions
+ *
+ * TypeScript interfaces for the Molti (Moltworker + Identity) deployment system.
+ * Molti scaffolds Cloudflare Worker + Container projects with MCP-I identity.
+ *
+ * @package @kya-os/contracts/molti
+ */
+/**
+ * MCP-I identity for a Molti agent
+ */
+export interface MoltiIdentityConfig {
+    /** Agent DID (did:key:z6Mk...) */
+    did: string;
+    /** Base64-encoded Ed25519 public key */
+    publicKey: string;
+    /** Optional human-readable agent name */
+    agentName?: string;
+    /** Optional agent description */
+    agentDescription?: string;
+}
+/**
+ * Cloudflare Container instance types
+ */
+export type MoltiInstanceType = "lite" | "basic" | "standard-1" | "standard-2" | "standard-3" | "standard-4";
+/**
+ * Container runtime status
+ */
+export type MoltiContainerStatus = "pending" | "deploying" | "running" | "stopped" | "unhealthy" | "error";
+/**
+ * Molti deploy configuration — what the scaffolder needs
+ */
+export interface MoltiDeployConfig {
+    /** Project name (npm-compatible, used as Worker name) */
+    projectName: string;
+    /** Human-readable agent name */
+    agentName?: string;
+    /** Agent description */
+    agentDescription?: string;
+    /** AgentShield project ID for monitoring */
+    agentShieldProjectId?: string;
+    /** AgentShield API key (stored as secret) */
+    agentShieldApiKey?: string;
+    /** Container instance type */
+    instanceType?: MoltiInstanceType;
+    /** Enable KTA reputation tracking */
+    enableReputation?: boolean;
+}
+/**
+ * Request to start a Molti deployment via agent-shield
+ * POST /api/internal/deploy/molti/start
+ */
+export interface MoltiDeployRequest {
+    /** Project name (used as repo name and Worker name) */
+    projectName: string;
+    /** Human-readable agent name */
+    agentName?: string;
+    /** Agent description */
+    agentDescription?: string;
+    /** Organization ID in AgentShield */
+    organizationId: string;
+    /** Existing AgentShield project ID (if linking to existing) */
+    existingProjectId?: string;
+    /** Container instance type */
+    instanceType?: MoltiInstanceType;
+    /** Enable KTA reputation tracking */
+    enableReputation?: boolean;
+}
+/**
+ * Response from deploy start endpoint
+ */
+export interface MoltiDeployStartResponse {
+    success: true;
+    deploymentId: string;
+}
+/**
+ * Steps in the Molti deploy pipeline
+ */
+export type MoltiDeployStepId = "github_verify" | "project_create" | "api_key_create" | "kta_register" | "scaffold" | "repo_create" | "commit_files" | "add_secrets" | "gateway_route";
+/**
+ * Human-readable names for each deploy step
+ */
+export declare const MOLTI_DEPLOY_STEP_NAMES: Record<MoltiDeployStepId, string>;
+/**
+ * Status of an individual deploy step
+ */
+export type MoltiDeployStepStatus = "pending" | "in_progress" | "completed" | "failed" | "skipped";
+/**
+ * Individual deploy step progress
+ */
+export interface MoltiDeployStep {
+    id: MoltiDeployStepId;
+    name: string;
+    status: MoltiDeployStepStatus;
+    message?: string;
+    startedAt?: string;
+    completedAt?: string;
+}
+/**
+ * Overall deployment progress (sent via SSE)
+ */
+export interface MoltiDeployProgress {
+    deploymentId: string;
+    steps: MoltiDeployStep[];
+    currentStep: number;
+    totalSteps: number;
+    overallStatus: "pending" | "in_progress" | "completed" | "failed";
+}
+/**
+ * Successful Molti deployment result
+ */
+export interface MoltiDeployResult {
+    /** Agent DID */
+    agentDid: string;
+    /** GitHub repository URL */
+    repoUrl: string;
+    /** Repository full name (owner/name) */
+    repoFullName: string;
+    /** AgentShield project ID */
+    projectId: string;
+    /** AgentShield project friendly ID */
+    projectFriendlyId: string;
+    /** KTA claim URL (if reputation enabled) */
+    ktaClaimUrl?: string;
+    /** Cloudflare deploy button URL */
+    deployButtonUrl: string;
+    /** Gateway hostname (for detection routing) */
+    gatewayHostname?: string;
+}
+/**
+ * Molti deploy error codes
+ */
+export type MoltiDeployErrorCode = "GITHUB_NOT_CONNECTED" | "REPO_NAME_TAKEN" | "REPO_NAME_INVALID" | "RATE_LIMIT_EXCEEDED" | "PLAN_LIMIT_EXCEEDED" | "SCAFFOLDER_ERROR" | "IDENTITY_ERROR" | "PROJECT_CREATION_ERROR" | "KTA_REGISTRATION_ERROR" | "SECRETS_ERROR" | "GATEWAY_ERROR" | "GITHUB_API_ERROR" | "INTERNAL_ERROR";
+/**
+ * Molti deploy error response
+ */
+export interface MoltiDeployErrorResponse {
+    success: false;
+    error: {
+        code: MoltiDeployErrorCode;
+        message: string;
+        details?: Record<string, unknown>;
+    };
+}
+/**
+ * Molti deploy success response
+ */
+export interface MoltiDeploySuccessResponse {
+    success: true;
+    data: MoltiDeployResult;
+}
+/**
+ * Union type for Molti deploy response
+ */
+export type MoltiDeployResponse = MoltiDeploySuccessResponse | MoltiDeployErrorResponse;
+/**
+ * Health check response from a deployed Molti agent
+ */
+export interface MoltiHealthStatus {
+    /** Agent DID */
+    agentDid: string;
+    /** Container runtime status */
+    containerStatus: MoltiContainerStatus;
+    /** Whether the gateway process is running */
+    gatewayRunning: boolean;
+    /** Gateway port (expected: 18789) */
+    gatewayPort: number;
+    /** Agent uptime in seconds */
+    uptimeSeconds?: number;
+    /** Last health check timestamp */
+    lastCheckedAt: string;
+    /** Worker URL (if deployed) */
+    workerUrl?: string;
+}
+/**
+ * SSE event types for the Molti deploy stream
+ */
+export type MoltiSSEEventType = "progress" | "complete" | "error" | "keepalive";
+/**
+ * SSE progress event data
+ */
+export interface MoltiSSEProgressEvent {
+    type: "progress";
+    data: MoltiDeployProgress;
+}
+/**
+ * SSE completion event data
+ */
+export interface MoltiSSECompleteEvent {
+    type: "complete";
+    data: MoltiDeployResult;
+}
+/**
+ * SSE error event data
+ */
+export interface MoltiSSEErrorEvent {
+    type: "error";
+    data: {
+        code: MoltiDeployErrorCode;
+        message: string;
+        step?: MoltiDeployStepId;
+    };
+}
+/**
+ * SSE keepalive event data
+ */
+export interface MoltiSSEKeepaliveEvent {
+    type: "keepalive";
+    data: {
+        timestamp: string;
+    };
+}
+/**
+ * Union of all SSE event types
+ */
+export type MoltiSSEEvent = MoltiSSEProgressEvent | MoltiSSECompleteEvent | MoltiSSEErrorEvent | MoltiSSEKeepaliveEvent;

package/dist/molti/types.js

@@ -0,0 +1,25 @@
+"use strict";
+/**
+ * Molti Deployment Type Definitions
+ *
+ * TypeScript interfaces for the Molti (Moltworker + Identity) deployment system.
+ * Molti scaffolds Cloudflare Worker + Container projects with MCP-I identity.
+ *
+ * @package @kya-os/contracts/molti
+ */
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.MOLTI_DEPLOY_STEP_NAMES = void 0;
+/**
+ * Human-readable names for each deploy step
+ */
+exports.MOLTI_DEPLOY_STEP_NAMES = {
+    github_verify: "Verifying GitHub connection",
+    project_create: "Creating AgentShield project",
+    api_key_create: "Generating API key",
+    kta_register: "Registering with KTA",
+    scaffold: "Scaffolding Moltworker project",
+    repo_create: "Creating GitHub repository",
+    commit_files: "Committing project files",
+    add_secrets: "Configuring secrets",
+    gateway_route: "Setting up gateway routing",
+};

package/dist/policy/index.d.ts

@@ -0,0 +1,8 @@
+/**
+ * Policy Module
+ *
+ * Types and schemas for agent detection policy configuration.
+ *
+ * @module @kya-os/contracts/policy
+ */
+export { EnforcementActionSchema, type EnforcementAction, ThresholdConfigSchema, type ThresholdConfig, DenyListEntrySchema, type DenyListEntry, AllowListEntrySchema, type AllowListEntry, PolicyConditionSchema, type PolicyCondition, PolicyRuleSchema, type PolicyRule, PolicyConfigSchema, PolicyConfigPartialSchema, type PolicyConfig, type PolicyConfigPartial, GetPolicyRequestSchema, type GetPolicyRequest, GetPolicyResponseSchema, type GetPolicyResponse, UpdatePolicyRequestSchema, type UpdatePolicyRequest, UpdatePolicyResponseSchema, type UpdatePolicyResponse, validatePolicyConfig, safeParsePolicyConfig, validateDenyListEntry, validatePolicyRule, DEFAULT_POLICY_CONFIG, EXAMPLE_BLOCK_AI_AGENTS, EXAMPLE_ALLOW_CHATGPT, EXAMPLE_CHALLENGE_LOW_REP, } from './schemas.js';

package/dist/policy/index.js

@@ -0,0 +1,41 @@
+"use strict";
+/**
+ * Policy Module
+ *
+ * Types and schemas for agent detection policy configuration.
+ *
+ * @module @kya-os/contracts/policy
+ */
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.EXAMPLE_CHALLENGE_LOW_REP = exports.EXAMPLE_ALLOW_CHATGPT = exports.EXAMPLE_BLOCK_AI_AGENTS = exports.DEFAULT_POLICY_CONFIG = exports.validatePolicyRule = exports.validateDenyListEntry = exports.safeParsePolicyConfig = exports.validatePolicyConfig = exports.UpdatePolicyResponseSchema = exports.UpdatePolicyRequestSchema = exports.GetPolicyResponseSchema = exports.GetPolicyRequestSchema = exports.PolicyConfigPartialSchema = exports.PolicyConfigSchema = exports.PolicyRuleSchema = exports.PolicyConditionSchema = exports.AllowListEntrySchema = exports.DenyListEntrySchema = exports.ThresholdConfigSchema = exports.EnforcementActionSchema = void 0;
+// Schema exports
+var schemas_js_1 = require("./schemas.js");
+// Action types
+Object.defineProperty(exports, "EnforcementActionSchema", { enumerable: true, get: function () { return schemas_js_1.EnforcementActionSchema; } });
+// Threshold configuration
+Object.defineProperty(exports, "ThresholdConfigSchema", { enumerable: true, get: function () { return schemas_js_1.ThresholdConfigSchema; } });
+// Deny/Allow list entries
+Object.defineProperty(exports, "DenyListEntrySchema", { enumerable: true, get: function () { return schemas_js_1.DenyListEntrySchema; } });
+Object.defineProperty(exports, "AllowListEntrySchema", { enumerable: true, get: function () { return schemas_js_1.AllowListEntrySchema; } });
+// Policy rules
+Object.defineProperty(exports, "PolicyConditionSchema", { enumerable: true, get: function () { return schemas_js_1.PolicyConditionSchema; } });
+Object.defineProperty(exports, "PolicyRuleSchema", { enumerable: true, get: function () { return schemas_js_1.PolicyRuleSchema; } });
+// Main policy config
+Object.defineProperty(exports, "PolicyConfigSchema", { enumerable: true, get: function () { return schemas_js_1.PolicyConfigSchema; } });
+Object.defineProperty(exports, "PolicyConfigPartialSchema", { enumerable: true, get: function () { return schemas_js_1.PolicyConfigPartialSchema; } });
+// API schemas
+Object.defineProperty(exports, "GetPolicyRequestSchema", { enumerable: true, get: function () { return schemas_js_1.GetPolicyRequestSchema; } });
+Object.defineProperty(exports, "GetPolicyResponseSchema", { enumerable: true, get: function () { return schemas_js_1.GetPolicyResponseSchema; } });
+Object.defineProperty(exports, "UpdatePolicyRequestSchema", { enumerable: true, get: function () { return schemas_js_1.UpdatePolicyRequestSchema; } });
+Object.defineProperty(exports, "UpdatePolicyResponseSchema", { enumerable: true, get: function () { return schemas_js_1.UpdatePolicyResponseSchema; } });
+// Validation helpers
+Object.defineProperty(exports, "validatePolicyConfig", { enumerable: true, get: function () { return schemas_js_1.validatePolicyConfig; } });
+Object.defineProperty(exports, "safeParsePolicyConfig", { enumerable: true, get: function () { return schemas_js_1.safeParsePolicyConfig; } });
+Object.defineProperty(exports, "validateDenyListEntry", { enumerable: true, get: function () { return schemas_js_1.validateDenyListEntry; } });
+Object.defineProperty(exports, "validatePolicyRule", { enumerable: true, get: function () { return schemas_js_1.validatePolicyRule; } });
+// Defaults
+Object.defineProperty(exports, "DEFAULT_POLICY_CONFIG", { enumerable: true, get: function () { return schemas_js_1.DEFAULT_POLICY_CONFIG; } });
+// Examples (for documentation)
+Object.defineProperty(exports, "EXAMPLE_BLOCK_AI_AGENTS", { enumerable: true, get: function () { return schemas_js_1.EXAMPLE_BLOCK_AI_AGENTS; } });
+Object.defineProperty(exports, "EXAMPLE_ALLOW_CHATGPT", { enumerable: true, get: function () { return schemas_js_1.EXAMPLE_ALLOW_CHATGPT; } });
+Object.defineProperty(exports, "EXAMPLE_CHALLENGE_LOW_REP", { enumerable: true, get: function () { return schemas_js_1.EXAMPLE_CHALLENGE_LOW_REP; } });