keystone-cli 1.0.3 → 1.1.0

package/src/templates/control-flow/idempotency-example.yaml

@@ -0,0 +1,30 @@
+$schema: https://raw.githubusercontent.com/mhingston/keystone-cli/main/schemas/workflow.json
+name: idempotency-example
+description: "Demonstrate safely retrying side-effecting steps"
+
+inputs:
+  order_id:
+    type: string
+    default: "order-123"
+
+steps:
+  - id: risky_operation
+    type: shell
+    # This key ensures that for a given order_id, this step runs only once
+    # even if the workflow is retried or resumed.
+    idempotencyKey: '"process-order-" + inputs.order_id'
+    # Scope can be global (across all runs) or run (just this run)
+    idempotencyScope: global
+    # Expire the record after 1 day
+    idempotencyTtlSeconds: 86400
+    allowInsecure: true
+    run: |
+      echo "Processing order ${{ inputs.order_id }}..."
+      # Simulate a side effect
+      sleep 1
+      echo "Charged payment for ${{ inputs.order_id }}"
+
+  - id: next_step
+    type: shell
+    needs: [risky_operation]
+    run: echo "Order processed."

package/src/templates/{loop-parallel.yaml → control-flow/loop-parallel.yaml}

@@ -1,3 +1,4 @@
+$schema: https://raw.githubusercontent.com/mhingston/keystone-cli/main/schemas/workflow.json
 name: loop-parallel
 description: "Test the foreach race condition fix and .every() support"
 
@@ -10,6 +11,7 @@ steps:
   # Generate test data
   - id: generate_items
     type: shell
+    allowInsecure: true
     run: "echo 'item1\nitem2\nitem3\nitem4\nitem5'"
     transform: "stdout.split('\\n').filter(Boolean)"
 
@@ -19,6 +21,7 @@ steps:
     needs: [generate_items]
     foreach: ${{ steps.generate_items.output }}
     concurrency: 3
+    allowInsecure: true
     run: "echo 'Processing: ${{ item }}' && sleep 0.1"
     transform: "stdout.trim()"
 

package/src/templates/{parent-rollback.yaml → control-flow/parent-rollback.yaml}

@@ -1,3 +1,4 @@
+$schema: https://raw.githubusercontent.com/mhingston/keystone-cli/main/schemas/workflow.json
 name: nested-rollback-parent
 description: Parent workflow that triggers a child and then fails
 

package/src/templates/{retry-policy.yaml → control-flow/retry-policy.yaml}

@@ -1,3 +1,4 @@
+$schema: https://raw.githubusercontent.com/mhingston/keystone-cli/main/schemas/workflow.json
 name: retry-policy
 description: "Test retry and timeout features"
 
@@ -5,6 +6,7 @@ steps:
   # Test retry with a command that fails first few times
   - id: flaky_command
     type: shell
+    allowInsecure: true
     run: |
       if [ ! -f /tmp/keystone-retry-test ]; then
         echo "1" > /tmp/keystone-retry-test
@@ -25,6 +27,7 @@ steps:
   # Test timeout (should complete before timeout)
   - id: quick_task
     type: shell
+    allowInsecure: true
     run: sleep 0.1 && echo "Completed"
     timeout: 5000
     needs: [flaky_command]

package/src/templates/features/artifact-example.yaml

@@ -0,0 +1,39 @@
+$schema: https://raw.githubusercontent.com/mhingston/keystone-cli/main/schemas/workflow.json
+name: artifact-example
+description: "Demonstrate artifact upload and download between steps"
+
+steps:
+  - id: create_content
+    type: shell
+    allowInsecure: true
+    run: |
+      mkdir -p ./output
+      echo "Hello from step 1" > ./output/file1.txt
+      echo "Hello from step 1 (second file)" > ./output/file2.txt
+
+  - id: upload_files
+    type: artifact
+    op: upload
+    name: build-outputs
+    paths: ["./output/*.txt"]
+    needs: [create_content]
+
+  - id: clean_local
+    type: shell
+    needs: [upload_files]
+    run: rm -rf ./output
+
+  - id: download_files
+    type: artifact
+    op: download
+    name: build-outputs
+    path: ./downloaded
+    needs: [clean_local]
+
+  - id: verify
+    type: shell
+    needs: [download_files]
+    allowInsecure: true
+    run: |
+      ls -R ./downloaded
+      cat ./downloaded/file1.txt

package/src/templates/{engine-example.yaml → features/engine-example.yaml}

@@ -1,3 +1,4 @@
+$schema: https://raw.githubusercontent.com/mhingston/keystone-cli/main/schemas/workflow.json
 name: engine-example
 description: "Run an allowlisted external CLI and capture a structured summary"
 

package/src/templates/{human-interaction.yaml → features/human-interaction.yaml}

@@ -1,3 +1,4 @@
+$schema: https://raw.githubusercontent.com/mhingston/keystone-cli/main/schemas/workflow.json
 name: human-interaction
 description: A workflow that prompts the user for input and uses it in another step.
 

package/src/templates/{llm-agent.yaml → features/llm-agent.yaml}

@@ -1,3 +1,4 @@
+$schema: https://raw.githubusercontent.com/mhingston/keystone-cli/main/schemas/workflow.json
 name: llm-agent
 description: "Test LLM step"
 

package/src/templates/{memory-service.yaml → features/memory-service.yaml}

@@ -1,3 +1,4 @@
+$schema: https://raw.githubusercontent.com/mhingston/keystone-cli/main/schemas/workflow.json
 name: memory-service
 description: "Demonstrate long-term memory capabilities"
 
@@ -48,6 +49,7 @@ steps:
   - id: summary
     type: shell
     needs: [confirm_memory]
+    allowInsecure: true
     run: |
       echo "Memory Service Demo Complete"
       echo "Recalled: ${{ steps.recall_preference.output[0].content }}"

package/src/templates/{robust-automation.yaml → features/robust-automation.yaml}

@@ -1,3 +1,4 @@
+$schema: https://raw.githubusercontent.com/mhingston/keystone-cli/main/schemas/workflow.json
 name: robust-automation
 description: "Demonstrate auto-healing and reflexion features"
 
@@ -6,6 +7,7 @@ steps:
   # This step attempts to run a broken command, but the agent should fix it
   - id: auto_heal_demo
     type: shell
+    allowInsecure: true
     run: |
       # This command has a typo and should fail
       ech "Hello World"
@@ -38,6 +40,7 @@ steps:
   - id: summary
     type: shell
     needs: [reflexion_demo]
+    allowInsecure: true
     run: |
       echo "Robust automation demo complete."
       echo "Healed Command Output: ${{ steps.auto_heal_demo.output.stdout }}"

package/src/templates/features/script-example.yaml

@@ -0,0 +1,27 @@
+$schema: https://raw.githubusercontent.com/mhingston/keystone-cli/main/schemas/workflow.json
+name: script-example
+description: "Demonstrate sandboxed JavaScript execution"
+
+steps:
+  - id: generate_data
+    type: shell
+    run: echo '{"values":[1,2,3,4,5]}'
+
+  - id: process_data
+    type: script
+    allowInsecure: true
+    needs: [generate_data]
+    run: |
+      const data = JSON.parse(steps.generate_data.output.stdout);
+      // Calculate sum and average
+      const sum = data.values.reduce((a, b) => a + b, 0);
+      const avg = sum / data.values.length;
+      return { sum, avg, count: data.values.length };
+
+  - id: print_result
+    type: shell
+    needs: [process_data]
+    allowInsecure: true
+    run: |
+      echo "Sum: ${{ steps.process_data.output.sum }}"
+      echo "Average: ${{ steps.process_data.output.avg }}"

package/src/templates/patterns/agent-handoff.yaml

@@ -0,0 +1,53 @@
+$schema: https://raw.githubusercontent.com/mhingston/keystone-cli/main/schemas/workflow.json
+name: agent-handoff
+description: "Demo of agent handoffs and tool-driven context updates."
+
+inputs:
+  topic:
+    type: string
+    default: "billing"
+  user:
+    type: string
+    default: "Ada"
+
+steps:
+  - id: route
+    type: llm
+    agent: handoff-router
+    prompt: |
+      We need help on "${{ inputs.topic }}" for "${{ inputs.user }}".
+      First, call remember_context with the topic and user.
+      If a specialist is needed, transfer to handoff-specialist.
+      Provide a short response after any handoff.
+    allowedHandoffs:
+      - handoff-specialist
+    tools:
+      - name: remember_context
+        description: Store user and topic in workflow context.
+        parameters:
+          type: object
+          properties:
+            topic: { type: string }
+            user: { type: string }
+          required: [topic, user]
+        execution:
+          id: remember_context
+          type: script
+          allowInsecure: true
+          run: |
+            (function() {
+              return {
+                __keystone_context: {
+                  memory: { topic: args.topic, user: args.user },
+                  env: { CURRENT_TOPIC: args.topic }
+                },
+                stored: true
+              };
+            })();
+
+  - id: show_context
+    type: shell
+    needs: [route]
+    allowInsecure: true
+    run: |
+      echo "Memory: ${{ memory.user }} on ${{ memory.topic }} (env=${{ env.CURRENT_TOPIC }})"

package/src/templates/{approval-process.yaml → patterns/approval-process.yaml}

@@ -1,3 +1,4 @@
+$schema: https://raw.githubusercontent.com/mhingston/keystone-cli/main/schemas/workflow.json
 name: approval-process
 description: "A workflow demonstrating human-in-the-loop and conditional logic"
 

package/src/templates/{batch-processor.yaml → patterns/batch-processor.yaml}

@@ -1,3 +1,4 @@
+$schema: https://raw.githubusercontent.com/mhingston/keystone-cli/main/schemas/workflow.json
 name: batch-processor
 description: "Process multiple files in parallel"
 
@@ -14,6 +15,7 @@ steps:
   # 1. Dynamic Input Generation
   - id: list_files
     type: shell
+    allowInsecure: true
     run: "ls ${{ inputs.target_dir }}/*.txt"
     # Extract stdout lines into an array
     transform: "stdout.split('\\n').filter(Boolean)"

package/src/templates/{composition-child.yaml → patterns/composition-child.yaml}

@@ -1,3 +1,4 @@
+$schema: https://raw.githubusercontent.com/mhingston/keystone-cli/main/schemas/workflow.json
 name: composition-child
 description: "A simple child workflow"
 

package/src/templates/{composition-parent.yaml → patterns/composition-parent.yaml}

@@ -1,3 +1,4 @@
+$schema: https://raw.githubusercontent.com/mhingston/keystone-cli/main/schemas/workflow.json
 name: composition-parent
 description: "A parent workflow that calls a child workflow"
 

package/src/templates/{data-pipeline.yaml → patterns/data-pipeline.yaml}

@@ -1,3 +1,4 @@
+$schema: https://raw.githubusercontent.com/mhingston/keystone-cli/main/schemas/workflow.json
 name: data-pipeline
 description: "A workflow that demonstrates file operations and cleanup with 'finally'"
 
@@ -20,6 +21,7 @@ steps:
 
   - id: process_data
     type: shell
+    allowInsecure: true
     run: |
       echo "${{ steps.read_data.output }}" | tr '[:lower:]' '[:upper:]'
     transform: "stdout.trim()"

package/src/templates/{decompose-implement.yaml → scaffolding/decompose-implement.yaml}

@@ -1,3 +1,4 @@
+$schema: https://raw.githubusercontent.com/mhingston/keystone-cli/main/schemas/workflow.json
 name: decompose-implement
 description: "Implementation task sub-workflow for a decomposed problem"
 

package/src/templates/{decompose-problem.yaml → scaffolding/decompose-problem.yaml}

@@ -1,3 +1,4 @@
+$schema: https://raw.githubusercontent.com/mhingston/keystone-cli/main/schemas/workflow.json
 name: decompose-problem
 description: "Decompose a complex problem into research, implementation, and review sub-workflows"
 

package/src/templates/{decompose-research.yaml → scaffolding/decompose-research.yaml}

@@ -1,3 +1,4 @@
+$schema: https://raw.githubusercontent.com/mhingston/keystone-cli/main/schemas/workflow.json
 name: decompose-research
 description: "Research task sub-workflow for a decomposed problem"
 

package/src/templates/{decompose-review.yaml → scaffolding/decompose-review.yaml}

@@ -1,3 +1,4 @@
+$schema: https://raw.githubusercontent.com/mhingston/keystone-cli/main/schemas/workflow.json
 name: decompose-review
 description: "Review task sub-workflow for a decomposed problem"
 

package/src/templates/{dev.yaml → scaffolding/dev.yaml}

@@ -1,3 +1,4 @@
+$schema: https://raw.githubusercontent.com/mhingston/keystone-cli/main/schemas/workflow.json
 name: dev
 description: "Self-bootstrapping DevMode workflow for Keystone CLI"
 

package/src/templates/scaffolding/review-loop.yaml

@@ -0,0 +1,97 @@
+$schema: https://raw.githubusercontent.com/mhingston/keystone-cli/main/schemas/workflow.json
+name: review-loop
+description: "Generate, review, and refine output with a lightweight quality gate"
+
+inputs:
+  goal: { type: string }
+  context: { type: string, default: "" }
+  draft: { type: string, default: "" }
+  attempt: { type: number, default: 1 }
+  maxAttempts: { type: number, default: 2 }
+
+outputs:
+  draft: ${{ steps.iterate.output.draft || steps.refine.output || steps.generate.output || inputs.draft }}
+  review: ${{ steps.iterate.output.review || steps.review.output }}
+  attempts: ${{ steps.iterate.output.attempts || inputs.attempt }}
+
+steps:
+  - id: generate
+    type: llm
+    agent: general
+    if: ${{ !inputs.draft }}
+    prompt: |
+      Generate a draft for the goal.
+
+      Goal:
+      ${{ inputs.goal }}
+
+      Context:
+      ${{ inputs.context }}
+
+      Return only the draft text.
+
+  - id: review
+    type: llm
+    agent: general
+    prompt: |
+      Review the draft for correctness, completeness, and clarity.
+
+      Goal:
+      ${{ inputs.goal }}
+
+      Context:
+      ${{ inputs.context }}
+
+      Draft:
+      ${{ inputs.draft || steps.generate.output }}
+
+      Identify issues, risks, and missing details. Be specific.
+      Return only the structured JSON required by the schema.
+    outputSchema:
+      type: object
+      properties:
+        approved:
+          type: boolean
+        issues:
+          type: array
+          items: { type: string }
+        suggestions:
+          type: array
+          items: { type: string }
+      required: [approved]
+
+  - id: refine
+    type: llm
+    agent: general
+    if: ${{ steps.review.output.approved == false }}
+    prompt: |
+      Improve the draft based on the review feedback.
+
+      Goal:
+      ${{ inputs.goal }}
+
+      Context:
+      ${{ inputs.context }}
+
+      Draft:
+      ${{ inputs.draft || steps.generate.output }}
+
+      Review feedback:
+      ${{ steps.review.output }}
+
+      Return only the revised draft text.
+
+  - id: iterate
+    type: workflow
+    if: ${{ steps.review.output.approved == false && inputs.attempt < inputs.maxAttempts }}
+    path: review-loop.yaml
+    inputs:
+      goal: ${{ inputs.goal }}
+      context: ${{ inputs.context }}
+      draft: ${{ steps.refine.output }}
+      attempt: ${{ inputs.attempt + 1 }}
+      maxAttempts: ${{ inputs.maxAttempts }}
+    outputMapping:
+      draft: draft
+      review: review
+      attempts: attempts

package/src/templates/{scaffold-feature.yaml → scaffolding/scaffold-feature.yaml}

@@ -1,3 +1,4 @@
+$schema: https://raw.githubusercontent.com/mhingston/keystone-cli/main/schemas/workflow.json
 name: scaffold-feature
 description: "Autonomously build new Keystone workflows and agents"
 
@@ -47,6 +48,7 @@ steps:
   - id: summary
     type: shell
     needs: [write_files]
+    allowInsecure: true
     run: |
       echo "Scaffolding complete. Files created:"
       echo "${{ steps.generate.outputs && steps.generate.outputs.files ? steps.generate.outputs.files.map(f => f.path).join('\n') : '(dry run: no files generated)' }}"

package/src/templates/{scaffold-generate.yaml → scaffolding/scaffold-generate.yaml}

@@ -1,3 +1,4 @@
+$schema: https://raw.githubusercontent.com/mhingston/keystone-cli/main/schemas/workflow.json
 name: scaffold-generate
 description: "Generate file contents from a file plan"
 

package/src/templates/{scaffold-plan.yaml → scaffolding/scaffold-plan.yaml}

@@ -1,3 +1,4 @@
+$schema: https://raw.githubusercontent.com/mhingston/keystone-cli/main/schemas/workflow.json
 name: scaffold-plan
 description: "Plan the files for a new workflow and optional agents"
 

package/src/templates/testing/invalid.yaml

@@ -0,0 +1,6 @@
+$schema: https://raw.githubusercontent.com/mhingston/keystone-cli/main/schemas/workflow.json
+name: invalid-workflow
+steps:
+  - id: step1
+    type: shell
+    # Missing 'run' property