From 0398c9ca05167a3472917541a7f9473bad9b89a6 Mon Sep 17 00:00:00 2001 From: Parfii-bot Date: Tue, 21 Apr 2026 14:12:49 +0800 Subject: [PATCH] refactor(blocks): update kit-agent handoff refs to kei- prefix in 5 blocks MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Caught in Phase-2 double-audit pass AFTER commits 1-5 were already pushed: top-level _blocks/*.md contains prose handoff references to "cost-guardian" that get composed into generated agent .md files. These were missed by the skills/manifests sweep because blocks weren't in the original task spec list (only fixture _blocks/ were mentioned, and those are separate). Impact if left unfixed: any project-specialist created via /new-agent with Q3=Yes (paid APIs) or Q7!=None (scrapers) would compose these blocks and emit a generated .md referencing the stale `cost-guardian` handoff target — a dangling reference after the kei-* rename. Files touched (10 references, all to `cost-guardian`): - _blocks/api-apify.md (1) - _blocks/api-elevenlabs.md (2) - _blocks/api-fal-ai.md (2) - _blocks/domain-paid-apis.md (2) - _blocks/scraper-paid-tier.md (3) Verify: cargo test -> 17/17 still green (fixture _blocks/ isolated from top-level _blocks/, so no snapshot drift). Co-Authored-By: Claude Opus 4.7 (1M context) --- _blocks/api-apify.md | 2 +- _blocks/api-elevenlabs.md | 4 ++-- _blocks/api-fal-ai.md | 4 ++-- _blocks/domain-paid-apis.md | 4 ++-- _blocks/scraper-paid-tier.md | 6 +++--- 5 files changed, 10 insertions(+), 10 deletions(-) diff --git a/_blocks/api-apify.md b/_blocks/api-apify.md index 6aebb7b..ccdd953 100644 --- a/_blocks/api-apify.md +++ b/_blocks/api-apify.md @@ -38,4 +38,4 @@ Prefer free path when available — Telethon (Telegram) and YouTube Data API v3 **LinkedIn HIGH RISK:** `harvestapi` no-cookie actors are safer ($4-10/1K). Cookie-based (`curious_coder`) = ban + ToS exposure. Max 500 profiles/day deep. **Always legal review before EU LinkedIn runs.** -**Forbidden:** LinkedIn batch without legal sign-off (GDPR + ToS); residential proxies against EU targets without documented consent basis; batch runs without per-item cost estimate to `cost-guardian`; using main personal account for any cookie-based actor (curious_coder line); launching an actor before validating input against its `input_schema.json`; paying Apify for Telegram when Telethon is free. +**Forbidden:** LinkedIn batch without legal sign-off (GDPR + ToS); residential proxies against EU targets without documented consent basis; batch runs without per-item cost estimate to `kei-cost-guardian`; using main personal account for any cookie-based actor (curious_coder line); launching an actor before validating input against its `input_schema.json`; paying Apify for Telegram when Telethon is free. diff --git a/_blocks/api-elevenlabs.md b/_blocks/api-elevenlabs.md index f240fe0..01f18b1 100644 --- a/_blocks/api-elevenlabs.md +++ b/_blocks/api-elevenlabs.md @@ -32,6 +32,6 @@ Skipping or reordering any step = API error. Ephemeral preview IDs expire — ca **Video integration (if pairing with a video model that supports voice):** `voice_id` flows into the video model's `voice_ids` payload. Per-speaker markers in prompts ONLY when `voice_ids` actually sent. -**Cost tracking:** log per-call `characters_used` + cumulative month-to-date → `memory/{project}.md`. Hand off to `cost-guardian` on any batch expected to exceed 50% of monthly quota. +**Cost tracking:** log per-call `characters_used` + cumulative month-to-date → `memory/{project}.md`. Hand off to `kei-cost-guardian` on any batch expected to exceed 50% of monthly quota. -**Forbidden:** calling TTS without prior `createVoice` (ephemeral preview IDs fail); exceeding plan character quota without `cost-guardian` check (overage billing surprise); committing `voice_id` values into git when they reference private/cloned voices (storage convention — see `domain-has-secrets.md`); re-designing the same voice per-scene instead of caching `voice_id`; skipping the 3-step flow with direct TTS on `generated_voice_id`. +**Forbidden:** calling TTS without prior `createVoice` (ephemeral preview IDs fail); exceeding plan character quota without `kei-cost-guardian` check (overage billing surprise); committing `voice_id` values into git when they reference private/cloned voices (storage convention — see `domain-has-secrets.md`); re-designing the same voice per-scene instead of caching `voice_id`; skipping the 3-step flow with direct TTS on `generated_voice_id`. diff --git a/_blocks/api-fal-ai.md b/_blocks/api-fal-ai.md index 6818808..46657aa 100644 --- a/_blocks/api-fal-ai.md +++ b/_blocks/api-fal-ai.md @@ -27,8 +27,8 @@ Live pricing: WebFetch https://fal.ai/pricing before any batch >$2. Maintain you **Webhook vs poll:** webhooks need a public HTTPS URL (tunnel with ngrok/CF for local). Poll is fine for <30-min batches. -**Cost discipline:** 1-2 smoke samples before fanning out to ≥5 generations. Full-site budget template: 20 icons + 5 hero + 10 bg + 35 bg-removal + 35 upscale × 2 iterations ≈ $4-8. Hand off to `cost-guardian` on any batch >$5. +**Cost discipline:** 1-2 smoke samples before fanning out to ≥5 generations. Full-site budget template: 20 icons + 5 hero + 10 bg + 35 bg-removal + 35 upscale × 2 iterations ≈ $4-8. Hand off to `kei-cost-guardian` on any batch >$5. **API key:** `FAL_KEY` in `/.env`. Never in chat, source, curl examples, or git (see `domain-has-secrets.md`). -**Forbidden:** adding `guidance_scale` to FLUX.2 Pro; Kling O3 prompts >2500 chars; launching any batch without cost-guardian handoff; quoting prices from memory for session total >$2 (re-verify via WebFetch); FLUX.2 Pro for plain backgrounds when FLUX.1 Dev does the job (pick cheapest-that-matches-brief); hard-coding `FAL_KEY` in source. +**Forbidden:** adding `guidance_scale` to FLUX.2 Pro; Kling O3 prompts >2500 chars; launching any batch without kei-cost-guardian handoff; quoting prices from memory for session total >$2 (re-verify via WebFetch); FLUX.2 Pro for plain backgrounds when FLUX.1 Dev does the job (pick cheapest-that-matches-brief); hard-coding `FAL_KEY` in source. diff --git a/_blocks/domain-paid-apis.md b/_blocks/domain-paid-apis.md index 6449e85..4472e05 100644 --- a/_blocks/domain-paid-apis.md +++ b/_blocks/domain-paid-apis.md @@ -2,7 +2,7 @@ A real cost-overrun incident (a job estimated in tens of dollars that actually ran into triple digits on a GPU provider) motivates every rule below. -**MANDATORY pre-launch handoff to `cost-guardian` before ANY paid run:** +**MANDATORY pre-launch handoff to `kei-cost-guardian` before ANY paid run:** 1. Dashboard balance — state the current number, not "I think it's roughly". 2. Pricing page — fetch LIVE (WebFetch), not from memory. Rates change. 3. Running jobs — `modal app list` / provider dashboard → show user what's already billing. @@ -26,4 +26,4 @@ A real cost-overrun incident (a job estimated in tens of dollars that actually r - Fal.ai Flux / Kling / others — per image or per video, varies by model - Modal A10G ~$1.10/hr · H100 ~$4.50/hr · B200 ~$8/hr -**Forbidden:** launching without dashboard check; guessing prices; parallel variants without single-variant verify; skipping cost-guardian handoff; running paid compute without logging actuals to `memory/{project}.md` after. +**Forbidden:** launching without dashboard check; guessing prices; parallel variants without single-variant verify; skipping kei-cost-guardian handoff; running paid compute without logging actuals to `memory/{project}.md` after. diff --git a/_blocks/scraper-paid-tier.md b/_blocks/scraper-paid-tier.md index a3e31bd..1ed84b8 100644 --- a/_blocks/scraper-paid-tier.md +++ b/_blocks/scraper-paid-tier.md @@ -1,6 +1,6 @@ # DOMAIN — Scrapers Tier 3 (Apify / Bright Data paid) -**MANDATORY handoff to `cost-guardian` before ANY paid scraping run.** Tier 3 = fallback, not default. Prove Tier 1 insufficient first. +**MANDATORY handoff to `kei-cost-guardian` before ANY paid scraping run.** Tier 3 = fallback, not default. Prove Tier 1 insufficient first. **Known rates (verify on provider pricing page before launch — rates change):** - **Apify YouTube** `apidojo/youtube-scraper` — $0.50/1K (free API v3 preferred when quota allows) @@ -11,7 +11,7 @@ - **Apify Telegram** — $1-3/1K, **DON'T USE** — Telethon (Tier 1, FREE) gives 100% functionality - **Bright Data residential proxies** — ~$7-8/GB (Apify residential add-on same tier) -**Pre-run checklist (hand off to `cost-guardian`):** +**Pre-run checklist (hand off to `kei-cost-guardian`):** 1. Dashboard balance — state current Apify credits / Bright Data balance. 2. Pricing page fetched LIVE (WebFetch) — quote rate + timestamp. 3. Running actors — Apify dashboard: show what's already billing. @@ -28,4 +28,4 @@ **Cost tiers (inherit from `domain-paid-apis`):** - < $5 AUTO · $5-$20 WARN · > $20 STOP + explicit user "yes, launch $N.NN" echo. -**Forbidden:** launching LinkedIn paid scrape without legal-review sign-off in `DECISIONS.md`; cookie-based LinkedIn actors with user's main account (`curious_coder/*` bans accounts); residential proxies on EU individual profiles without DPO approval; batch >100 items without `cost-guardian` estimate; skipping 1-2 item smoke run (failed actor config × N items = N billings); running paid scraper when Tier 1 (YouTube API v3, Telethon, GitHub GraphQL) covers the data; hardcoding Apify tokens in source (use `secrets/*.env`). +**Forbidden:** launching LinkedIn paid scrape without legal-review sign-off in `DECISIONS.md`; cookie-based LinkedIn actors with user's main account (`curious_coder/*` bans accounts); residential proxies on EU individual profiles without DPO approval; batch >100 items without `kei-cost-guardian` estimate; skipping 1-2 item smoke run (failed actor config × N items = N billings); running paid scraper when Tier 1 (YouTube API v3, Telethon, GitHub GraphQL) covers the data; hardcoding Apify tokens in source (use `secrets/*.env`).