rapidkit 0.37.0 → 0.38.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +166 -147
- package/contracts/create-planner-capabilities.v1.json +251 -0
- package/contracts/runtime-command-surface.v1.json +52 -0
- package/dist/autopilot-release-SBPGNGAB.js +1 -0
- package/dist/chunk-2ED6SPXP.js +1 -0
- package/dist/chunk-3R7UJAX5.js +1 -0
- package/dist/{chunk-RUUDLAKJ.js → chunk-5NBYSXOZ.js} +1 -1
- package/dist/chunk-7XW2I6MP.js +13 -0
- package/dist/{chunk-U6QUN6V2.js → chunk-ABPDGFVD.js} +1 -1
- package/dist/chunk-IW3KLQXE.js +2 -0
- package/dist/{chunk-7VSYTOOG.js → chunk-NKNMGWAZ.js} +1 -1
- package/dist/{chunk-IOIWVHRO.js → chunk-TVIOAZ6E.js} +13 -13
- package/dist/chunk-XESEBTPE.js +1 -0
- package/dist/{create-HN5HOGQ4.js → create-Y3XJOKL5.js} +1 -1
- package/dist/index.js +150 -144
- package/dist/{pipeline-BOU4KETN.js → pipeline-C4UCLETO.js} +1 -1
- package/dist/{workspace-2AL5C3QZ.js → workspace-WBKFXH4Z.js} +1 -1
- package/dist/{workspace-agent-sync-V2H6NTGD.js → workspace-agent-sync-3FFFJYKF.js} +1 -1
- package/dist/{workspace-context-KCKNV5VQ.js → workspace-context-V4UGIHSC.js} +1 -1
- package/dist/{workspace-foundation-L6ZBGMVE.js → workspace-foundation-T45HAWKL.js} +1 -1
- package/dist/{workspace-intelligence-3TWXJQ7Y.js → workspace-intelligence-MGL3Z25K.js} +1 -1
- package/dist/{workspace-model-NQVZN5W4.js → workspace-model-IKMGY2BX.js} +1 -1
- package/dist/workspace-run-HOR56FON.js +1 -0
- package/dist/workspace-verify-A3J6D7T2.js +1 -0
- package/docs/AI_DYNAMIC_INTEGRATION.md +440 -0
- package/docs/AI_EXAMPLES.md +419 -0
- package/docs/AI_FEATURES.md +460 -0
- package/docs/AI_QUICKSTART.md +245 -0
- package/docs/DEVELOPMENT.md +88 -0
- package/docs/From Code to Shared Understanding.png +0 -0
- package/docs/OPEN_SOURCE_USER_SCENARIOS.md +170 -0
- package/docs/OPTIMIZATION_GUIDE.md +504 -0
- package/docs/PACKAGE_MANAGER_POLICY.md +25 -0
- package/docs/README.md +121 -0
- package/docs/SECURITY.md +63 -0
- package/docs/SETUP.md +107 -0
- package/docs/UTILITIES.md +221 -0
- package/docs/WORKSPACE_MARKER_SPEC.md +276 -0
- package/docs/ci-workflows.md +56 -0
- package/docs/commands-reference.md +136 -0
- package/docs/config-file-guide.md +295 -0
- package/docs/contracts/ARTIFACT_CATALOG.md +111 -0
- package/docs/contracts/COMMAND_OWNERSHIP_MATRIX.md +138 -0
- package/docs/contracts/README.md +71 -0
- package/docs/contracts/RUNTIME_ACCEPTANCE_MATRIX.md +98 -0
- package/docs/contracts/RUNTIME_SUPPORT_MATRIX.md +74 -0
- package/docs/contracts/rapidkit-cli-contracts.json +239 -0
- package/docs/create-planner-capabilities.md +81 -0
- package/docs/doctor-command.md +263 -0
- package/docs/examples/ci-agent-grounding.yml +62 -0
- package/docs/from-code-to-shared-understanding.md +46 -0
- package/docs/governance-policy.enterprise.example.json +40 -0
- package/docs/mirror-config.enterprise.example.json +60 -0
- package/docs/policies.workspace.example.yml +23 -0
- package/docs/workspace-operations.md +160 -0
- package/docs/workspace-run.md +80 -0
- package/package.json +3 -2
- package/dist/autopilot-release-AUXP2ZIF.js +0 -1
- package/dist/chunk-C7OVQQXT.js +0 -1
- package/dist/chunk-EJGKBFV4.js +0 -2
- package/dist/chunk-UXKB4KGZ.js +0 -13
- package/dist/chunk-YJ24EV3P.js +0 -1
- package/dist/workspace-run-DEXI52KO.js +0 -1
- package/dist/workspace-verify-HBCQNNGU.js +0 -1
- /package/dist/{chunk-D23L2GFT.js → chunk-6E5TBB2C.js} +0 -0
|
@@ -0,0 +1,263 @@
|
|
|
1
|
+
# RapidKit Doctor Command
|
|
2
|
+
|
|
3
|
+
`doctor` checks health for the npm wrapper environment in system, workspace, or project scope.
|
|
4
|
+
|
|
5
|
+
**Related:** [workspace-operations.md](./workspace-operations.md) · [commands-reference.md](./commands-reference.md) · [Documentation index](./README.md)
|
|
6
|
+
|
|
7
|
+
## Command Modes
|
|
8
|
+
|
|
9
|
+
### 1) System Check
|
|
10
|
+
|
|
11
|
+
```bash
|
|
12
|
+
npx rapidkit doctor
|
|
13
|
+
```
|
|
14
|
+
|
|
15
|
+
Checks host prerequisites:
|
|
16
|
+
- Python
|
|
17
|
+
- Poetry (optional)
|
|
18
|
+
- pipx (optional)
|
|
19
|
+
- RapidKit Core availability
|
|
20
|
+
- Go (optional)
|
|
21
|
+
|
|
22
|
+
### 2) Workspace Check (Canonical)
|
|
23
|
+
|
|
24
|
+
```bash
|
|
25
|
+
cd my-workspace
|
|
26
|
+
npx rapidkit doctor workspace
|
|
27
|
+
```
|
|
28
|
+
|
|
29
|
+
Checks:
|
|
30
|
+
- all system checks
|
|
31
|
+
- workspace marker resolution
|
|
32
|
+
- project discovery and per-project health
|
|
33
|
+
- dependency/env readiness by project type (Python/Node/Go)
|
|
34
|
+
|
|
35
|
+
> Compatibility note: `npx rapidkit doctor --workspace` still works, but `doctor workspace` is the canonical form.
|
|
36
|
+
|
|
37
|
+
### 3) Project Check (Canonical)
|
|
38
|
+
|
|
39
|
+
```bash
|
|
40
|
+
cd my-workspace/my-project
|
|
41
|
+
npx rapidkit doctor project
|
|
42
|
+
```
|
|
43
|
+
|
|
44
|
+
Checks:
|
|
45
|
+
- all system checks
|
|
46
|
+
- nearest project resolution (current folder or parent with project markers)
|
|
47
|
+
- project-specific framework/runtime health
|
|
48
|
+
- dependency/env readiness for the selected project
|
|
49
|
+
- enterprise probes (config contract, migration surface, runtime health surface)
|
|
50
|
+
- score explainability breakdown for audit trails
|
|
51
|
+
|
|
52
|
+
> Compatibility note: `npx rapidkit doctor --project` also works.
|
|
53
|
+
|
|
54
|
+
## Typical Usage
|
|
55
|
+
|
|
56
|
+
```bash
|
|
57
|
+
# Pre-flight on a contributor machine
|
|
58
|
+
npx rapidkit doctor
|
|
59
|
+
|
|
60
|
+
# Full check inside a workspace
|
|
61
|
+
npx rapidkit doctor workspace
|
|
62
|
+
|
|
63
|
+
# Focus only on current project
|
|
64
|
+
npx rapidkit doctor project
|
|
65
|
+
|
|
66
|
+
# Machine-readable output
|
|
67
|
+
npx rapidkit doctor workspace --json
|
|
68
|
+
|
|
69
|
+
# Attempt safe fixes (interactive)
|
|
70
|
+
npx rapidkit doctor workspace --fix
|
|
71
|
+
|
|
72
|
+
# Attempt safe fixes for current project only
|
|
73
|
+
npx rapidkit doctor project --fix
|
|
74
|
+
|
|
75
|
+
# JSON output with audit-ready breakdown + probes
|
|
76
|
+
npx rapidkit doctor project --json
|
|
77
|
+
```
|
|
78
|
+
|
|
79
|
+
## Enterprise Fix Pipeline
|
|
80
|
+
|
|
81
|
+
When `--fix` is enabled, Doctor now runs a staged treatment pipeline:
|
|
82
|
+
|
|
83
|
+
1. Fix policy engine assigns risk for each fix step (`safe`, `guarded`, `invasive`).
|
|
84
|
+
2. Transaction snapshots are created for guarded/invasive steps.
|
|
85
|
+
3. Dependency orchestrator executes known dependency commands via structured adapters.
|
|
86
|
+
4. Post-fix verification re-runs project diagnostics.
|
|
87
|
+
5. Retry policy re-attempts transient network failures once before failing.
|
|
88
|
+
|
|
89
|
+
If a guarded/invasive step fails, Doctor attempts rollback from snapshot and records the failure.
|
|
90
|
+
|
|
91
|
+
## CI Example
|
|
92
|
+
|
|
93
|
+
```yaml
|
|
94
|
+
name: Health Check
|
|
95
|
+
on: [push]
|
|
96
|
+
|
|
97
|
+
jobs:
|
|
98
|
+
doctor:
|
|
99
|
+
runs-on: ubuntu-latest
|
|
100
|
+
steps:
|
|
101
|
+
- uses: actions/checkout@v4
|
|
102
|
+
- uses: actions/setup-node@v4
|
|
103
|
+
with:
|
|
104
|
+
node-version: '20'
|
|
105
|
+
- run: npm ci
|
|
106
|
+
- run: npx rapidkit doctor
|
|
107
|
+
```
|
|
108
|
+
|
|
109
|
+
## Exit Codes
|
|
110
|
+
|
|
111
|
+
| Code | Meaning |
|
|
112
|
+
| --- | --- |
|
|
113
|
+
| `0` | checks passed or warnings only |
|
|
114
|
+
| `1` | blocking issues found |
|
|
115
|
+
|
|
116
|
+
## Enterprise Probe Extensions
|
|
117
|
+
|
|
118
|
+
Doctor supports project-local custom probes via JSON contract files:
|
|
119
|
+
|
|
120
|
+
- `.rapidkit/doctor.probes.json`
|
|
121
|
+
- `doctor.probes.json`
|
|
122
|
+
|
|
123
|
+
Schema:
|
|
124
|
+
|
|
125
|
+
```json
|
|
126
|
+
{
|
|
127
|
+
"probes": [
|
|
128
|
+
{
|
|
129
|
+
"id": "db-schema-contract",
|
|
130
|
+
"label": "Database schema contract",
|
|
131
|
+
"severity": "error",
|
|
132
|
+
"anyOfPaths": ["prisma/schema.prisma", "migrations"],
|
|
133
|
+
"allOfPaths": ["README.md"],
|
|
134
|
+
"recommendation": "Define deterministic schema + migration baseline."
|
|
135
|
+
}
|
|
136
|
+
]
|
|
137
|
+
}
|
|
138
|
+
```
|
|
139
|
+
|
|
140
|
+
Each probe is evaluated during `doctor project` and emitted in:
|
|
141
|
+
|
|
142
|
+
- human output (`Probe checks`)
|
|
143
|
+
- JSON output (`project.probes`)
|
|
144
|
+
- evidence (`doctor-project-last-run.json`)
|
|
145
|
+
|
|
146
|
+
## Adapter Plugin Contract
|
|
147
|
+
|
|
148
|
+
Doctor also supports runtime adapter checks via JSON contracts:
|
|
149
|
+
|
|
150
|
+
- `.rapidkit/doctor.adapters.json`
|
|
151
|
+
- `doctor.adapters.json`
|
|
152
|
+
|
|
153
|
+
Schema:
|
|
154
|
+
|
|
155
|
+
```json
|
|
156
|
+
{
|
|
157
|
+
"checks": [
|
|
158
|
+
{
|
|
159
|
+
"id": "boot-probe-contract",
|
|
160
|
+
"label": "Boot probe contract",
|
|
161
|
+
"severity": "error",
|
|
162
|
+
"runtimes": ["node", "python"],
|
|
163
|
+
"anyOfPaths": ["src/main.ts", "app/main.py"],
|
|
164
|
+
"allOfPaths": ["README.md"],
|
|
165
|
+
"recommendation": "Expose deterministic bootstrap path and document runtime startup.",
|
|
166
|
+
"passReason": "Bootstrap contract markers detected.",
|
|
167
|
+
"failReason": "Bootstrap contract markers are missing."
|
|
168
|
+
}
|
|
169
|
+
]
|
|
170
|
+
}
|
|
171
|
+
```
|
|
172
|
+
|
|
173
|
+
This enables enterprise teams to extend Doctor checks without patching core CLI logic.
|
|
174
|
+
|
|
175
|
+
## Score Explainability
|
|
176
|
+
|
|
177
|
+
Both workspace/project JSON outputs include `scoreBreakdown` with:
|
|
178
|
+
|
|
179
|
+
- `id` and `label`
|
|
180
|
+
- normalized `status` (`ok`, `warn`, `error`)
|
|
181
|
+
- `scope` (`host-system`, `project-scoped`)
|
|
182
|
+
- `policyRuleId` (deterministic rule that selected status/severity)
|
|
183
|
+
- deterministic `reason`
|
|
184
|
+
|
|
185
|
+
Workspace scope additionally appends aggregate policy rules (`workspace-aggregate`), such as:
|
|
186
|
+
|
|
187
|
+
- discovery gate
|
|
188
|
+
- system error gate
|
|
189
|
+
- blocking issue gate
|
|
190
|
+
- advisory warning gate
|
|
191
|
+
|
|
192
|
+
This allows CI and governance pipelines to audit why a score was produced.
|
|
193
|
+
|
|
194
|
+
## Contract Metadata (Enterprise)
|
|
195
|
+
|
|
196
|
+
Both JSON output and evidence files include a `contract` object:
|
|
197
|
+
|
|
198
|
+
- `version`: current doctor evidence contract version
|
|
199
|
+
- `scoringPolicyVersion`: current deterministic scoring policy version
|
|
200
|
+
- `generatedBy`: emitting surface (`rapidkit-npm`)
|
|
201
|
+
- `deterministicScoreBreakdown`: explicit deterministic score policy flag
|
|
202
|
+
- `scopeModel`: how scope semantics are encoded
|
|
203
|
+
|
|
204
|
+
Use these fields for strict consumers in CI/CD and extension adapters to prevent schema drift.
|
|
205
|
+
|
|
206
|
+
## Drift Delta and Scope Provenance
|
|
207
|
+
|
|
208
|
+
Workspace/project outputs now include:
|
|
209
|
+
|
|
210
|
+
- `summary.scopeProvenance`: scoped vs aggregated vs mixed coverage summary
|
|
211
|
+
- `driftDelta`: change report compared with previous evidence (new/resolved issues, score delta, system status changes)
|
|
212
|
+
|
|
213
|
+
These fields are designed for release gates and extension timeline cards that must show progression, not only snapshots.
|
|
214
|
+
|
|
215
|
+
## Workspace scope CI exit codes
|
|
216
|
+
|
|
217
|
+
- `npx rapidkit doctor workspace --strict` exits `1` when health score reports errors **or** warnings.
|
|
218
|
+
- `npx rapidkit doctor workspace --ci` exits `1` on errors and `2` on warnings only (errors take precedence).
|
|
219
|
+
- Without `--strict` or `--ci`, doctor reports findings but exits `0` (backward compatible).
|
|
220
|
+
|
|
221
|
+
## Workspace fix behavior
|
|
222
|
+
|
|
223
|
+
- Reuses cached project scans when valid; refreshes `.rapidkit/reports/doctor-last-run.json`.
|
|
224
|
+
- `--fix` runs interactive remediation; `--plan` prints plan only; `--apply` applies non-interactively.
|
|
225
|
+
- `--plan` cannot be combined with `--fix` or `--apply`.
|
|
226
|
+
- Advisory warnings do not automatically become shell fix commands.
|
|
227
|
+
- Go `go mod tidy` fixes are skipped when the Go toolchain is unavailable.
|
|
228
|
+
|
|
229
|
+
## Workspace JSON fields (AI/automation)
|
|
230
|
+
|
|
231
|
+
`npx rapidkit doctor workspace --json` includes per-project metadata: `framework`, `frameworkKey`, `importStack`, `runtimeFamily`, `projectKind`, `supportTier`, `frameworkConfidence`.
|
|
232
|
+
|
|
233
|
+
## Project scope behavior
|
|
234
|
+
|
|
235
|
+
- Resolves current or nearest parent project from nested directories.
|
|
236
|
+
- Supports RapidKit and non-RapidKit projects when `.rapidkit` is missing.
|
|
237
|
+
- Evidence: `.rapidkit/reports/doctor-project-last-run.json`.
|
|
238
|
+
- `--fix`, `--plan`, and `--apply` apply only project-scoped fixes.
|
|
239
|
+
|
|
240
|
+
## Project JSON fields (AI/automation)
|
|
241
|
+
|
|
242
|
+
`npx rapidkit doctor project --json` includes `scope`, `contract`, `project`, `summary.scopeProvenance`, `driftDelta`, and `scoreBreakdown`.
|
|
243
|
+
|
|
244
|
+
## Evidence schema compatibility
|
|
245
|
+
|
|
246
|
+
- Workspace evidence: `doctor-workspace-evidence-v1`
|
|
247
|
+
- Project evidence: `doctor-project-evidence-v1`
|
|
248
|
+
- Workspace scan cache: `doctor-workspace-cache-v1`
|
|
249
|
+
|
|
250
|
+
Legacy evidence without `schemaVersion` is still accepted. Unknown versions are treated as invalid evidence. `readiness` and `workspace share` share the same validation path.
|
|
251
|
+
|
|
252
|
+
## Related Workspace Commands
|
|
253
|
+
|
|
254
|
+
```bash
|
|
255
|
+
npx rapidkit bootstrap [--profile <profile>]
|
|
256
|
+
npx rapidkit setup <python|node|go> [--warm-deps]
|
|
257
|
+
npx rapidkit workspace list
|
|
258
|
+
npx rapidkit cache <status|clear|prune|repair>
|
|
259
|
+
npx rapidkit mirror <status|sync|verify|rotate>
|
|
260
|
+
```
|
|
261
|
+
|
|
262
|
+
Use `doctor workspace` before and after major workspace operations to detect drift early.
|
|
263
|
+
Use `doctor project` before changing a single service to keep project-scope evidence deterministic.
|
|
@@ -0,0 +1,62 @@
|
|
|
1
|
+
# Example: RapidKit agent grounding gate for consumer workspaces
|
|
2
|
+
#
|
|
3
|
+
# Copy to your repo as `.github/workflows/rapidkit-agent-grounding.yml`
|
|
4
|
+
# and adjust `working-directory` to your RapidKit workspace root.
|
|
5
|
+
#
|
|
6
|
+
# Requires: Node.js 20+, `rapidkit` available via npx in CI.
|
|
7
|
+
|
|
8
|
+
name: RapidKit Agent Grounding
|
|
9
|
+
|
|
10
|
+
on:
|
|
11
|
+
pull_request:
|
|
12
|
+
paths:
|
|
13
|
+
- '.rapidkit/**'
|
|
14
|
+
- 'AGENTS.md'
|
|
15
|
+
- 'CLAUDE.md'
|
|
16
|
+
- '.github/copilot-instructions.md'
|
|
17
|
+
- '.cursor/rules/**'
|
|
18
|
+
workflow_dispatch:
|
|
19
|
+
|
|
20
|
+
jobs:
|
|
21
|
+
agent-grounding:
|
|
22
|
+
runs-on: ubuntu-latest
|
|
23
|
+
defaults:
|
|
24
|
+
run:
|
|
25
|
+
working-directory: . # set to your workspace root if nested
|
|
26
|
+
|
|
27
|
+
steps:
|
|
28
|
+
- uses: actions/checkout@v4
|
|
29
|
+
|
|
30
|
+
- uses: actions/setup-node@v4
|
|
31
|
+
with:
|
|
32
|
+
node-version: '20'
|
|
33
|
+
|
|
34
|
+
- name: Install RapidKit CLI
|
|
35
|
+
run: npm install -g rapidkit@latest
|
|
36
|
+
|
|
37
|
+
- name: Run governance pipeline
|
|
38
|
+
run: npx rapidkit pipeline --json --strict
|
|
39
|
+
continue-on-error: true
|
|
40
|
+
id: pipeline
|
|
41
|
+
|
|
42
|
+
- name: Sync and verify agent grounding
|
|
43
|
+
run: |
|
|
44
|
+
npx rapidkit workspace agent-sync --write --refresh-context --strict --json
|
|
45
|
+
env:
|
|
46
|
+
RAPIDKIT_NO_AGENT_SYNC: '0'
|
|
47
|
+
|
|
48
|
+
- name: Upload agent grounding artifacts
|
|
49
|
+
if: always()
|
|
50
|
+
uses: actions/upload-artifact@v4
|
|
51
|
+
with:
|
|
52
|
+
name: rapidkit-agent-grounding
|
|
53
|
+
path: |
|
|
54
|
+
.rapidkit/reports/INDEX.json
|
|
55
|
+
.rapidkit/reports/workspace-context-agent.json
|
|
56
|
+
.rapidkit/reports/pipeline-last-run.json
|
|
57
|
+
AGENTS.md
|
|
58
|
+
if-no-files-found: ignore
|
|
59
|
+
|
|
60
|
+
- name: Fail if pipeline blocked
|
|
61
|
+
if: steps.pipeline.outcome == 'failure'
|
|
62
|
+
run: exit 1
|
|
@@ -0,0 +1,46 @@
|
|
|
1
|
+
# From Code to Shared Understanding
|
|
2
|
+
|
|
3
|
+
How RapidKit transforms projects and repositories into workspace intelligence for developers, CI, and AI agents.
|
|
4
|
+
|
|
5
|
+
This Mermaid diagram is kept in the internal documentation because GitHub renders it correctly. The main npm README uses a PNG version of the same diagram so it remains visible on npm package pages.
|
|
6
|
+
|
|
7
|
+
```mermaid
|
|
8
|
+
flowchart TB
|
|
9
|
+
|
|
10
|
+
Code["Code & Repositories"]
|
|
11
|
+
Projects["Projects"]
|
|
12
|
+
Workspace["Workspace"]
|
|
13
|
+
|
|
14
|
+
Code --> Projects
|
|
15
|
+
Projects --> Workspace
|
|
16
|
+
|
|
17
|
+
subgraph Intelligence["Workspace Intelligence"]
|
|
18
|
+
Model["Workspace Model"]
|
|
19
|
+
Context["Agent Context"]
|
|
20
|
+
Impact["Impact Analysis"]
|
|
21
|
+
Verify["Verification"]
|
|
22
|
+
Evidence["Evidence & Gates"]
|
|
23
|
+
end
|
|
24
|
+
|
|
25
|
+
Workspace --> Model
|
|
26
|
+
Workspace --> Context
|
|
27
|
+
Workspace --> Impact
|
|
28
|
+
Workspace --> Verify
|
|
29
|
+
Workspace --> Evidence
|
|
30
|
+
|
|
31
|
+
Model --> Dev["Developers"]
|
|
32
|
+
Model --> CI["CI"]
|
|
33
|
+
Model --> Agents["AI Agents"]
|
|
34
|
+
|
|
35
|
+
Context --> Agents
|
|
36
|
+
|
|
37
|
+
Impact --> Dev
|
|
38
|
+
Impact --> CI
|
|
39
|
+
|
|
40
|
+
Verify --> CI
|
|
41
|
+
Verify --> Agents
|
|
42
|
+
Evidence --> Dev
|
|
43
|
+
Evidence --> CI
|
|
44
|
+
Evidence --> Agents
|
|
45
|
+
```
|
|
46
|
+
|
|
@@ -0,0 +1,40 @@
|
|
|
1
|
+
{
|
|
2
|
+
"policies": {
|
|
3
|
+
"dev": {
|
|
4
|
+
"allowedIdentities": [
|
|
5
|
+
"release@your-org.example"
|
|
6
|
+
],
|
|
7
|
+
"allowedIssuers": [
|
|
8
|
+
"https://token.actions.githubusercontent.com"
|
|
9
|
+
],
|
|
10
|
+
"allowedRekorUrls": [
|
|
11
|
+
"https://rekor.sigstore.dev"
|
|
12
|
+
],
|
|
13
|
+
"requireTransparencyLog": false
|
|
14
|
+
},
|
|
15
|
+
"stage": {
|
|
16
|
+
"allowedIdentities": [
|
|
17
|
+
"release@your-org.example"
|
|
18
|
+
],
|
|
19
|
+
"allowedIssuers": [
|
|
20
|
+
"https://token.actions.githubusercontent.com"
|
|
21
|
+
],
|
|
22
|
+
"allowedRekorUrls": [
|
|
23
|
+
"https://rekor.sigstore.dev"
|
|
24
|
+
],
|
|
25
|
+
"requireTransparencyLog": true
|
|
26
|
+
},
|
|
27
|
+
"prod": {
|
|
28
|
+
"allowedIdentities": [
|
|
29
|
+
"release@your-org.example"
|
|
30
|
+
],
|
|
31
|
+
"allowedIssuers": [
|
|
32
|
+
"https://token.actions.githubusercontent.com"
|
|
33
|
+
],
|
|
34
|
+
"allowedRekorUrls": [
|
|
35
|
+
"https://rekor.sigstore.dev"
|
|
36
|
+
],
|
|
37
|
+
"requireTransparencyLog": true
|
|
38
|
+
}
|
|
39
|
+
}
|
|
40
|
+
}
|
|
@@ -0,0 +1,60 @@
|
|
|
1
|
+
{
|
|
2
|
+
"enabled": true,
|
|
3
|
+
"mode": "offline-first",
|
|
4
|
+
"prefetch": {
|
|
5
|
+
"retries": 2,
|
|
6
|
+
"backoffMs": 300,
|
|
7
|
+
"timeoutMs": 15000
|
|
8
|
+
},
|
|
9
|
+
"retention": {
|
|
10
|
+
"keepLast": 10
|
|
11
|
+
},
|
|
12
|
+
"security": {
|
|
13
|
+
"requireAttestation": true,
|
|
14
|
+
"requireSigstore": true,
|
|
15
|
+
"requireTransparencyLog": true,
|
|
16
|
+
"requireSignedGovernance": true,
|
|
17
|
+
"governanceBundle": {
|
|
18
|
+
"policyPath": ".rapidkit/governance-policy.json",
|
|
19
|
+
"signaturePath": ".rapidkit/governance-policy.sig",
|
|
20
|
+
"publicKeyPath": ".rapidkit/governance-public.pem",
|
|
21
|
+
"algorithm": "sha256"
|
|
22
|
+
},
|
|
23
|
+
"evidenceExport": {
|
|
24
|
+
"enabled": true,
|
|
25
|
+
"target": "http",
|
|
26
|
+
"endpoint": "https://siem.example.com/intake/rapidkit",
|
|
27
|
+
"authTokenEnv": "RAPIDKIT_EVIDENCE_TOKEN",
|
|
28
|
+
"timeoutMs": 10000,
|
|
29
|
+
"retries": 3,
|
|
30
|
+
"backoffMs": 500,
|
|
31
|
+
"deadLetterPath": ".rapidkit/reports/evidence-export-dead-letter.ndjson",
|
|
32
|
+
"signing": {
|
|
33
|
+
"enabled": true,
|
|
34
|
+
"hmacKeyEnv": "RAPIDKIT_EVIDENCE_HMAC_KEY",
|
|
35
|
+
"algorithm": "sha256",
|
|
36
|
+
"headerName": "x-rapidkit-evidence-signature"
|
|
37
|
+
},
|
|
38
|
+
"failOnError": true
|
|
39
|
+
}
|
|
40
|
+
},
|
|
41
|
+
"artifacts": [
|
|
42
|
+
{
|
|
43
|
+
"id": "backend-release",
|
|
44
|
+
"source": "mirror-source/release.bin",
|
|
45
|
+
"target": "releases/release.bin",
|
|
46
|
+
"sha256": "PUT_REAL_SHA256_HERE",
|
|
47
|
+
"required": true,
|
|
48
|
+
"attestation": {
|
|
49
|
+
"signature": "BASE64_DETACHED_SIGNATURE",
|
|
50
|
+
"publicKeyPath": ".rapidkit/mirror-public.pem",
|
|
51
|
+
"sigstore": {
|
|
52
|
+
"signaturePath": ".rapidkit/release.sig",
|
|
53
|
+
"identity": "release@your-org.example",
|
|
54
|
+
"issuer": "https://token.actions.githubusercontent.com",
|
|
55
|
+
"rekorUrl": "https://rekor.sigstore.dev"
|
|
56
|
+
}
|
|
57
|
+
}
|
|
58
|
+
}
|
|
59
|
+
]
|
|
60
|
+
}
|
|
@@ -0,0 +1,23 @@
|
|
|
1
|
+
version: "1.0"
|
|
2
|
+
mode: warn # "warn" or "strict"
|
|
3
|
+
dependency_sharing_mode: isolated # "isolated" or "shared-runtime-caches" or "shared-node-deps"
|
|
4
|
+
# change profile (recommended): npx rapidkit bootstrap --profile polyglot
|
|
5
|
+
# change mode/dependency manually: edit this file and rerun npx rapidkit init
|
|
6
|
+
|
|
7
|
+
rules:
|
|
8
|
+
enforce_workspace_marker: true
|
|
9
|
+
enforce_toolchain_lock: false
|
|
10
|
+
disallow_untrusted_tool_sources: false
|
|
11
|
+
enforce_compatibility_matrix: false
|
|
12
|
+
require_mirror_lock_for_offline: true
|
|
13
|
+
|
|
14
|
+
# preferred policy management commands:
|
|
15
|
+
# npx rapidkit workspace policy show
|
|
16
|
+
# npx rapidkit workspace policy set mode strict
|
|
17
|
+
# npx rapidkit workspace policy set dependency_sharing_mode shared-runtime-caches
|
|
18
|
+
# npx rapidkit workspace policy set rules.enforce_toolchain_lock true
|
|
19
|
+
|
|
20
|
+
# dependency_sharing_mode options:
|
|
21
|
+
# - isolated (default, safest)
|
|
22
|
+
# - shared-runtime-caches (share Node/Python/Go caches at workspace level)
|
|
23
|
+
# - shared-node-deps (compat alias for Node shared mode)
|
|
@@ -0,0 +1,160 @@
|
|
|
1
|
+
# Workspace Operations
|
|
2
|
+
|
|
3
|
+
Behavioral guide for import, adoption, snapshots, archives, contracts, collaboration bundles, and local infra sidecars.
|
|
4
|
+
|
|
5
|
+
Command syntax: [commands-reference.md](./commands-reference.md).
|
|
6
|
+
|
|
7
|
+
## Import and adoption
|
|
8
|
+
|
|
9
|
+
Use `import` to copy or clone an existing project into a RapidKit workspace.
|
|
10
|
+
Use `adopt` when the project must stay where it already lives but should become visible to RapidKit and Workspai workspace intelligence.
|
|
11
|
+
|
|
12
|
+
```bash
|
|
13
|
+
npx rapidkit import ../orders-api
|
|
14
|
+
npx rapidkit import https://github.com/acme/orders-api.git --git
|
|
15
|
+
npx rapidkit import ../orders-api --workspace ./my-workspace --name orders-api --json
|
|
16
|
+
npx rapidkit adopt ../marketing-web --workspace ./my-workspace
|
|
17
|
+
npx rapidkit adopt --json
|
|
18
|
+
```
|
|
19
|
+
|
|
20
|
+
### Import behavior
|
|
21
|
+
|
|
22
|
+
- Local folders are copied; git sources are cloned with shallow history.
|
|
23
|
+
- Outside any workspace (no `--workspace`), RapidKit auto-creates/reuses the managed **Workspai** workspace at `~/rapidkit/workspaces/workspai`.
|
|
24
|
+
- Existing workspaces under `~/Workspai/rapidkits/*` remain registered after upgrade.
|
|
25
|
+
- CLI prints a next-step `cd ...` hint (`suggestedCdCommand` in JSON mode).
|
|
26
|
+
- Failed workspace sync rolls back imported files and registry entries.
|
|
27
|
+
|
|
28
|
+
### Adopt behavior
|
|
29
|
+
|
|
30
|
+
- Source files are not moved or copied.
|
|
31
|
+
- Default workspace resolution matches import (`workspai` under `~/rapidkit/workspaces/`).
|
|
32
|
+
- Writes `.rapidkit/project.json`, `.rapidkit/adopt.json`, and `.rapidkit/adopt-readiness.json`.
|
|
33
|
+
- Registry and contract sync include adopted projects for `workspace model`, `workspace context`, Dashboard, and agents.
|
|
34
|
+
- `--dry-run --json` previews detection without writing metadata.
|
|
35
|
+
|
|
36
|
+
### JSON output (`--json`)
|
|
37
|
+
|
|
38
|
+
- `workspacePath`, `workspaceResolution` (`explicit` | `nearest` | `default-auto`)
|
|
39
|
+
- `defaultWorkspaceCreated`, `suggestedCdCommand`
|
|
40
|
+
- `importedProject` or `adoptedProject` (`name`, `path`, `stack`, `runtime`, `framework`, `supportTier`, `moduleSupport`, `confidence`, `source`)
|
|
41
|
+
|
|
42
|
+
Imported projects receive `.rapidkit/import-readiness.json`. Adopted projects add frontend-aware detection for Next.js, React, Vite, Vue, Angular, SvelteKit, Nuxt, Astro, Remix, and Solid.
|
|
43
|
+
|
|
44
|
+
## Workspace snapshots and safe project operations
|
|
45
|
+
|
|
46
|
+
```bash
|
|
47
|
+
npx rapidkit snapshot create before-upgrade --reason "before dependency upgrade"
|
|
48
|
+
npx rapidkit snapshot list
|
|
49
|
+
npx rapidkit snapshot inspect before-upgrade
|
|
50
|
+
npx rapidkit snapshot restore before-upgrade --dry-run
|
|
51
|
+
npx rapidkit snapshot restore before-upgrade --force
|
|
52
|
+
```
|
|
53
|
+
|
|
54
|
+
Project delete is safe-by-default:
|
|
55
|
+
|
|
56
|
+
```bash
|
|
57
|
+
npx rapidkit project archive orders-api --reason "replaced by orders-v2"
|
|
58
|
+
npx rapidkit project archives
|
|
59
|
+
npx rapidkit project restore orders-api
|
|
60
|
+
npx rapidkit project delete orders-api
|
|
61
|
+
npx rapidkit project delete orders-api --permanent --confirm orders-api
|
|
62
|
+
```
|
|
63
|
+
|
|
64
|
+
Lifecycle safety:
|
|
65
|
+
|
|
66
|
+
- `project delete` archives by default; permanent removal requires `--permanent --confirm <exact-name>`.
|
|
67
|
+
- `snapshot restore` requires `--force` unless dry-run.
|
|
68
|
+
- Restore, archive, and permanent delete create pre-operation metadata snapshots.
|
|
69
|
+
- Archive manifests live under `.rapidkit/archive/projects`.
|
|
70
|
+
- Audit records append to `.rapidkit/audit/events.jsonl`.
|
|
71
|
+
- Workspace policy can require reasons, safety snapshots, or block permanent delete via `.rapidkit/policies.yml`.
|
|
72
|
+
|
|
73
|
+
## Workspace collaboration bundle
|
|
74
|
+
|
|
75
|
+
```bash
|
|
76
|
+
npx rapidkit workspace share
|
|
77
|
+
npx rapidkit workspace share --output ./team-share.json
|
|
78
|
+
npx rapidkit workspace share --include-paths
|
|
79
|
+
npx rapidkit workspace share --no-doctor
|
|
80
|
+
```
|
|
81
|
+
|
|
82
|
+
Bundle includes workspace metadata, discovered projects, report index, and latest doctor evidence (unless `--no-doctor`). `--include-paths` is for internal teams only (absolute paths).
|
|
83
|
+
|
|
84
|
+
## Workspace contract registry
|
|
85
|
+
|
|
86
|
+
```bash
|
|
87
|
+
npx rapidkit workspace contract init
|
|
88
|
+
npx rapidkit workspace contract inspect
|
|
89
|
+
npx rapidkit workspace contract verify --strict
|
|
90
|
+
npx rapidkit workspace contract graph
|
|
91
|
+
```
|
|
92
|
+
|
|
93
|
+
Contract file: `.rapidkit/workspace.contract.json`. Verification checks schema, duplicate slugs, port collisions, and unknown dependencies.
|
|
94
|
+
|
|
95
|
+
RapidKit keeps the contract alive during `create project` and `workspace sync` without overwriting manual API/event/owner declarations.
|
|
96
|
+
|
|
97
|
+
## Portable workspace archives
|
|
98
|
+
|
|
99
|
+
```bash
|
|
100
|
+
npx rapidkit workspace export --output team-workspace.rapidkit-archive.zip
|
|
101
|
+
npx rapidkit workspace archive inspect team-workspace.rapidkit-archive.zip
|
|
102
|
+
npx rapidkit workspace archive verify team-workspace.rapidkit-archive.zip --strict
|
|
103
|
+
npx rapidkit workspace archive doctor team-workspace.rapidkit-archive.zip
|
|
104
|
+
npx rapidkit workspace hydrate team-workspace.rapidkit-archive.zip --output ./team-workspace
|
|
105
|
+
```
|
|
106
|
+
|
|
107
|
+
Export excludes dependency folders, build output, git history, logs, `.env`, and private keys by default. Use `--include-env` only for trusted internal handoffs.
|
|
108
|
+
|
|
109
|
+
## Workspace infrastructure (sidecar)
|
|
110
|
+
|
|
111
|
+
Discovery sources: Core module slugs, project `.env.example`, workspace contract env, and `.rapidkit/infra/overrides.json`.
|
|
112
|
+
|
|
113
|
+
```bash
|
|
114
|
+
cd my-workspace
|
|
115
|
+
npx rapidkit infra plan
|
|
116
|
+
npx rapidkit infra up
|
|
117
|
+
npx rapidkit infra status --strict
|
|
118
|
+
npx rapidkit infra down
|
|
119
|
+
```
|
|
120
|
+
|
|
121
|
+
Artifacts:
|
|
122
|
+
|
|
123
|
+
- `.rapidkit/infra/docker-compose.yml`
|
|
124
|
+
- `.rapidkit/reports/infra-plan.json`
|
|
125
|
+
- `.rapidkit/infra/.env.example`
|
|
126
|
+
|
|
127
|
+
## Command ownership
|
|
128
|
+
|
|
129
|
+
| Command family | Owner | Notes |
|
|
130
|
+
| --- | --- | --- |
|
|
131
|
+
| `create workspace`, `workspace`, `cache`, `mirror`, `infra` | RapidKit wrapper | Platform orchestration |
|
|
132
|
+
| `init` | Wrapper orchestrated | Project init; full-init alias at workspace root |
|
|
133
|
+
| `dev`, `test`, `build`, `start` | Runtime aware | Delegates to active project/runtime |
|
|
134
|
+
| `readiness` | Wrapper release gate | Env + doctor + analyze + verify + dependency gates |
|
|
135
|
+
| `pipeline` | Wrapper orchestrator | sync → doctor → analyze → readiness → autopilot |
|
|
136
|
+
| `autopilot release` | Wrapper orchestrator | End-to-end release gate evidence |
|
|
137
|
+
| `import` | Workspace ingestion | Rollback-safe sync |
|
|
138
|
+
| `adopt` | Workspace adoption | In-place linking + registry sync |
|
|
139
|
+
| `workspace model/context/diff/impact/verify` | Workspace intelligence | Model, context packs, blast radius |
|
|
140
|
+
| `snapshot` | Workspace recovery | Metadata or full snapshots |
|
|
141
|
+
| `project archive/restore/delete` | Project lifecycle | Safe delete with confirmation |
|
|
142
|
+
| `doctor` / `doctor workspace` / `doctor project` | Wrapper health | Host, workspace, and project scopes |
|
|
143
|
+
| `workspace run` | Workspace orchestrator | Fleet stage execution |
|
|
144
|
+
| `infra` | Workspace sidecar | Contract-driven local dependencies |
|
|
145
|
+
|
|
146
|
+
## Verification evidence freshness
|
|
147
|
+
|
|
148
|
+
`workspace verify` treats evidence as release-gate material, not just as a file
|
|
149
|
+
presence check. Required project evidence must match the affected project in
|
|
150
|
+
`workspace-run-last.json`, and evidence generated before the current impact
|
|
151
|
+
report is treated as stale and blocking. Re-run the recommended commands from
|
|
152
|
+
`workspace impact --json` before using `workspace verify --strict` in CI.
|
|
153
|
+
|
|
154
|
+
For doctor CI exit codes and JSON evidence fields, see [doctor-command.md](./doctor-command.md).
|
|
155
|
+
|
|
156
|
+
## See also
|
|
157
|
+
|
|
158
|
+
- [Documentation index](./README.md)
|
|
159
|
+
- [commands-reference.md](./commands-reference.md)
|
|
160
|
+
- [doctor-command.md](./doctor-command.md)
|