ark-runtime-kernel 1.2.0 → 1.3.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +45 -1
- package/bin/ark-check.mjs +259 -46
- package/bin/ark-mcp.mjs +42 -1
- package/bin/ark-shared.mjs +2 -1
- package/dist/index.cjs +3 -2
- package/dist/index.cjs.map +1 -1
- package/dist/index.d.cts +1 -1
- package/dist/index.d.ts +1 -1
- package/dist/index.js +3 -2
- package/dist/index.js.map +1 -1
- package/dist/nestjs/index.cjs +1 -1
- package/dist/nestjs/index.cjs.map +1 -1
- package/dist/nestjs/index.js +1 -1
- package/dist/nestjs/index.js.map +1 -1
- package/docs/agent-guide.md +9 -0
- package/docs/ai-gates.md +8 -0
- package/package.json +1 -1
- package/server.json +2 -2
- package/docs/blog/how-i-stopped-claude-from-breaking-my-architecture.md +0 -85
package/docs/agent-guide.md
CHANGED
|
@@ -277,6 +277,15 @@ createAdapter(PaymentGateway, stripeAdapter, {
|
|
|
277
277
|
|
|
278
278
|
Preset: `elevenLayerProfile` plus `defineArchitectureProfilePolicy()` forbids invalid declared dependencies across the 11-layer profile. `architecturalPolicies.cleanArchitectureMatrix()` remains available for the older four-prefix model.
|
|
279
279
|
|
|
280
|
+
Runtime support depth varies by design. Layers with dedicated kernel modules:
|
|
281
|
+
DomainModel/ApplicationOrchestration (intents, policies), WorkflowSagaEngine
|
|
282
|
+
(workflow engine), PersistenceAdapters (adapters, outbox), ReportingReadModels
|
|
283
|
+
(projections), ExtensibilityMetadata (metadata registry), SecurityAuditObservability
|
|
284
|
+
(audit trail, drift reporter), Kernel (event bus, graph, manifest).
|
|
285
|
+
PresentationAdapters, IntegrationAdapters, and BackgroundJobsScheduling are
|
|
286
|
+
**boundary-only on purpose**: Ark governs what they may import and publish, but does
|
|
287
|
+
not replace your web framework, HTTP clients, or job scheduler.
|
|
288
|
+
|
|
280
289
|
## Write-Path Gate (MCP)
|
|
281
290
|
|
|
282
291
|
The strongest place to constrain an AI agent is the moment it writes a file, not after.
|
package/docs/ai-gates.md
CHANGED
|
@@ -31,6 +31,10 @@ GitHub Actions, `AGENTS.md`, and a Codex TOML snippet under `docs/`. It skips
|
|
|
31
31
|
existing files unless you pass `--force`, so review and commit only the templates
|
|
32
32
|
that match your project.
|
|
33
33
|
|
|
34
|
+
If your project uses Codex, treat the MCP registration as part of the default setup,
|
|
35
|
+
not an optional extra. Ark works best when Codex can read `ark://manifest` before it
|
|
36
|
+
writes code; that is the fast path to avoiding architecture drift during generation.
|
|
37
|
+
|
|
34
38
|
## Claude Code — hook (recommended, hard block)
|
|
35
39
|
|
|
36
40
|
`ark-mcp --hook` is a one-shot PreToolUse gate: it reads the hook payload from stdin, computes the **post-edit** file content, validates it, and exits `2` (block, violations on stderr) or `0` (allow). The agent sees the violations and self-corrects.
|
|
@@ -124,6 +128,8 @@ Your hard backstop in Cursor is CI: `ark-check` fails the PR on anything that sl
|
|
|
124
128
|
|
|
125
129
|
## OpenAI Codex CLI
|
|
126
130
|
|
|
131
|
+
Recommended for Ark projects.
|
|
132
|
+
|
|
127
133
|
`~/.codex/config.toml`:
|
|
128
134
|
|
|
129
135
|
```toml
|
|
@@ -133,6 +139,8 @@ args = ["ark-mcp", "--root", ".", "--config", "ark.config.json"]
|
|
|
133
139
|
```
|
|
134
140
|
|
|
135
141
|
Same model as Cursor: MCP for discovery/validation, `ark-check` in CI as the hard gate.
|
|
142
|
+
For Ark projects, register the MCP server as soon as the repo is adopted so the agent
|
|
143
|
+
has the contract available from the first edit.
|
|
136
144
|
|
|
137
145
|
## Any other agent runtime with shell hooks
|
|
138
146
|
|
package/package.json
CHANGED
package/server.json
CHANGED
|
@@ -6,12 +6,12 @@
|
|
|
6
6
|
"url": "https://github.com/pedroknigge/ark-runtime-kernel",
|
|
7
7
|
"source": "github"
|
|
8
8
|
},
|
|
9
|
-
"version": "1.
|
|
9
|
+
"version": "1.3.0",
|
|
10
10
|
"packages": [
|
|
11
11
|
{
|
|
12
12
|
"registry_type": "npm",
|
|
13
13
|
"identifier": "ark-runtime-kernel",
|
|
14
|
-
"version": "1.
|
|
14
|
+
"version": "1.3.0",
|
|
15
15
|
"transport": {
|
|
16
16
|
"type": "stdio"
|
|
17
17
|
},
|
|
@@ -1,85 +0,0 @@
|
|
|
1
|
-
# How I stopped Claude from breaking my hexagonal architecture
|
|
2
|
-
|
|
3
|
-
*Draft — publish on dev.to / HN / r/typescript alongside the repo going public.*
|
|
4
|
-
|
|
5
|
-
---
|
|
6
|
-
|
|
7
|
-
AI agents write most of my code now. They're fast, they're tireless, and they have absolutely no respect for my architecture.
|
|
8
|
-
|
|
9
|
-
Ask an agent to "add a findById method to Order" and there's a decent chance it imports the Postgres repository straight into the domain layer. The code compiles. The tests pass. The PR looks fine at a glance. Three months of that and your hexagonal architecture is a decorative diagram.
|
|
10
|
-
|
|
11
|
-
The usual answer is "review harder" — which doesn't scale when the agent produces 30 PRs a week — or "add a linter", which catches the violation *after* the agent already built three files on top of it.
|
|
12
|
-
|
|
13
|
-
## The insight: block at write time, not review time
|
|
14
|
-
|
|
15
|
-
Agent runtimes like Claude Code have pre-write hooks: a shell command that runs *before* a file edit lands, and can veto it. That's a fundamentally better enforcement point than CI:
|
|
16
|
-
|
|
17
|
-
1. The violation never reaches disk.
|
|
18
|
-
2. The agent sees the error **in its loop** and self-corrects immediately — it defines the port in the domain and implements it in the adapter, like you would have asked for in review.
|
|
19
|
-
|
|
20
|
-
So I built [Ark](https://github.com/pedroknigge/ark-runtime-kernel). You describe your architecture once, as data:
|
|
21
|
-
|
|
22
|
-
```json
|
|
23
|
-
{
|
|
24
|
-
"layers": [
|
|
25
|
-
{ "name": "DomainModel", "patterns": ["src/domain/**"] },
|
|
26
|
-
{ "name": "PersistenceAdapters", "patterns": ["src/adapters/persistence/**"] }
|
|
27
|
-
],
|
|
28
|
-
"rules": [
|
|
29
|
-
{ "from": "DomainModel", "to": "PersistenceAdapters", "allowed": false }
|
|
30
|
-
]
|
|
31
|
-
}
|
|
32
|
-
```
|
|
33
|
-
|
|
34
|
-
Then wire it into Claude Code as a PreToolUse hook:
|
|
35
|
-
|
|
36
|
-
```json
|
|
37
|
-
{
|
|
38
|
-
"hooks": {
|
|
39
|
-
"PreToolUse": [{
|
|
40
|
-
"matcher": "Write|Edit|MultiEdit",
|
|
41
|
-
"hooks": [{ "type": "command",
|
|
42
|
-
"command": "npx ark-mcp --hook --root \"$CLAUDE_PROJECT_DIR\" --config ark.config.json" }]
|
|
43
|
-
}]
|
|
44
|
-
}
|
|
45
|
-
}
|
|
46
|
-
```
|
|
47
|
-
|
|
48
|
-
Now the same request plays out like this:
|
|
49
|
-
|
|
50
|
-
```
|
|
51
|
-
● Write(src/domain/order.ts)
|
|
52
|
-
✗ Ark architecture gate blocked this write to src/domain/order.ts (layer: DomainModel):
|
|
53
|
-
- [FORBIDDEN_PATTERN] Forbidden pattern matched: /from ['"].*\/(infra|adapters|persistence|db)/i (line 1)
|
|
54
|
-
- [FORBIDDEN_IMPORT] Forbidden import target: "../adapters/persistence/order-repository". (line 1)
|
|
55
|
-
Fix the violations and retry. The architecture contract is available as the ark://manifest MCP resource.
|
|
56
|
-
|
|
57
|
-
● The domain layer can't import persistence adapters. I'll define the port in
|
|
58
|
-
the domain instead and implement it in src/adapters/persistence/.
|
|
59
|
-
```
|
|
60
|
-
|
|
61
|
-
The agent fixed its own architecture violation. Nobody reviewed anything.
|
|
62
|
-
|
|
63
|
-
## Details that turned out to matter
|
|
64
|
-
|
|
65
|
-
**The gate validates the post-edit file, not the diff.** An edit snippet out of context tells you nothing about imports. `ark-mcp --hook` applies the proposed edit to the current file content and validates the result.
|
|
66
|
-
|
|
67
|
-
**The same config gates CI.** Not every write goes through an agent, and not every agent runtime has hooks. `ark-check` runs the same rules in CI with TypeScript's real module resolver — path aliases and all — so nothing merges that violates the contract, whoever wrote it.
|
|
68
|
-
|
|
69
|
-
**Agents can read the contract, not just bounce off it.** The MCP server also exposes `ark://manifest` — the architecture as JSON — so agents get the rules *before* generating code instead of learning by rejection.
|
|
70
|
-
|
|
71
|
-
**Existing codebases need a ratchet.** Nobody adopts a checker that greets them with 400 errors. `ark-check --update-baseline` freezes today's violations; from then on only *new* ones fail. The count only goes down.
|
|
72
|
-
|
|
73
|
-
## What about dependency-cruiser / eslint-plugin-boundaries?
|
|
74
|
-
|
|
75
|
-
They're good tools and they cover the CI half. What they don't have is the write-time half: an MCP server and hook designed for agent runtimes, plus a machine-readable manifest for agents to consume. That's the part that changes agent behavior instead of just grading it.
|
|
76
|
-
|
|
77
|
-
## Try it
|
|
78
|
-
|
|
79
|
-
```bash
|
|
80
|
-
npm i -D ark-runtime-kernel typescript
|
|
81
|
-
npx ark-check --init # infers layers from your folder structure
|
|
82
|
-
npx ark-check # CI gate
|
|
83
|
-
```
|
|
84
|
-
|
|
85
|
-
Repo: https://github.com/pedroknigge/ark-runtime-kernel — zero dependencies, MIT.
|