keisei/KeiSeiKit-1.0
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
109 commits 3 branches 11 tags 12 MiB
Commit graph

109 commits

This branch
This branch
All branches
Author SHA1 Message Date
Parfii-bot
e01b219291 feat(install): Rust binary acquisition for fresh-clone installs (Path A + Path B) 
Pre-fix: install.sh on a fresh clone has no binaries — target/ is gitignored,
copy_prebuilt_substrate_binaries() skips silently with "no pre-built found",
end users get zero kei-fork / kei-ledger / kei-cortex / etc.

New module: install/lib-rust-prebuild.sh (~120 LOC, Constructor Pattern).

  ensure_rust_binaries() — main entry, idempotent
    1. has_prebuilt_substrate_binaries() — quorum check (5+ kit binaries already in
       target/release/ → no-op).
    2. Else Path A: download keisei-${TARGET}.tar.gz from
       https://github.com/KeiSei84/KeiSeiKit-1.0/releases/latest/download/
       Detects target via uname (x86_64/aarch64 × darwin/linux), verifies
       sha256, extracts into target/release/.
    3. Path A fail (404, network, sha mismatch) → Path B fallback:
       cargo build --release --workspace (slow first time, requires Rust).
    4. Path B fail (no cargo) → say + return non-zero.

  Bypass: KEI_SKIP_RUST=1 — skip both paths (markdown-only install).

Wired in install/lib-rust.sh — ensure_rust_binaries() called BEFORE
copy_prebuilt_substrate_binaries() in regenerate_rust_workspace.

Path A activates ONLY after a v* tag is pushed and release.yml uploads
tarballs to github releases. Until then, Path A 404s and Path B kicks in.
This commit lays the wire — release tag is a separate user-driven action.

Verify:
- bash -n install.sh: OK
- bash -n install/lib-rust-prebuild.sh: OK
- detect_rust_target on this host: aarch64-apple-darwin
- has_prebuilt_substrate_binaries: correctly returns false on partial dev
  target (only kei-memory + kei-db-contract built locally today)

Out of scope (not done in this commit):
- Tag v0.X release to populate github tarballs (deploy step, deferred)
- Update keiseikit.dev/install.sh redirect target (downstream wiring)

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
 2026-05-01 19:07:55 +08:00
Parfii-bot
8e39e4186f fix(ci): regenerate insta golden snapshots after Wave A scrub 
After session-wide kit scrub (CfC/Born-like/KILL GUARD/etc → generic),
_assembler/tests/snapshots/{code-implementer,researcher}.snap held stale
expectations. CI failed on golden_code_implementer + golden_researcher
across 9 consecutive runs.

Regenerated via cargo-insta accept. Snapshot diffs are exactly the term
substitutions Wave A applied to manifests:
  - "ML/RL/CfC-adjacent" → "ML/RL specialized-node"
  - similar 1-line shifts in code-implementer.snap

cargo test --release now green across all 11 _assembler test binaries
(22+3+3+3+1+2+2+7+4+6 = 53 tests passing).

=== STATUS-TRUTH MARKER ===
shipped: functional
stubs: 0
cargo-check: PASS
cargo-test: PASS (53 tests, 0 failures)
behaviour-verified: yes
follow-up-required:
  - none — CI should turn green on next push

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
 2026-05-01 18:28:28 +08:00
Parfii-bot
785ad75aaa chore(security): scrub residual leaks — NOTICE email + HERMES patent section 
NOTICE: parfionovich@keilab.ioinfo@greendragon.info
  Earlier mass-scrub missed NOTICE; now consistent with all Cargo.toml + package.json.

HERMES-MIGRATION-PLAN.md: removed 'Patent / IP considerations' section.
  Original text revealed: internal prior-art search activity, plan to file
  defensive provisional before public release of P3, reference to
  keipatent-project-specialist (private agent, not in public kit).
  Replaced with generic 'Licensing' block (MIT/Apache attribution only).

Audit confirmed remaining 'patent' mentions are legitimate:
  - LICENSE/NOTICE Apache 2.0 boilerplate (patent grant clause required)
  - README license-choice rationale
  - kei-leak-matrix source — IT IS the secret-scanner with Category::PatentIp
  - _generated/{researcher,ml-researcher,validator}.md — reference public agent 'patent-researcher'
  - kei-store/github.rs — explain RULE 0.1 rationale to kit users
  - skills/ci-scaffold — security-feature wording
  - docs/AGENT-ROLES + skills/compose-solution — 'prior-art search' as generic researcher capability

No real-secret findings (sk-/ghp_/AKIA/etc) in tracked files.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
 2026-05-01 18:19:14 +08:00
Parfii-bot
331eb87657 chore: regenerate DNA-INDEX after kit changes (kei-db-contract + Wave B follow-up) 
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
 2026-05-01 17:59:15 +08:00
Parfii-bot
89d466309e chore(kit): wire kei-db-contract into installer + drop final #[path] hack 
A1 — install.sh wiring for kei-db-contract:
- install/lib-substrate.sh substrate_core_binaries(): add kei-db-contract
  to always-copy list. End users now get the binary in ~/.cargo/bin/
  immediately after install (no manual cargo install --path needed).

A2 — Wave B follow-up: drop #[path] hack from guard_test_corpus.rs
- tests/guard_test_corpus.rs: #[path = "../src/injection_*"] mod ...
  → use kei_memory::injection_guard::scan
- Now uses Wave B's [lib] target like tests/integration.rs already does.
- 4 tests still pass.

Verified via cargo test: 18 lib + 4 corpus + 3 ingest_guard + 1 injection_unit
+ 4 dedup + 8 integration + 4 ingest_real_trace = 42 tests, all green.

=== STATUS-TRUTH MARKER ===
shipped: functional
stubs: 0
cargo-check: PASS
cargo-test: PASS (42 tests, 0 failures)
behaviour-verified: yes
follow-up-required:
  - tests/ingest_guard_tests.rs already migrated (Wave A's earlier work)
  - kei-db-contract still requires kit user to have run install.sh; existing
    installs need re-run. Kit ledger-validate should add post-install probe.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
 2026-05-01 17:55:52 +08:00
Parfii-bot
bb5f734833 feat(frontend-loop): /visual-loop skill + dev-ship frontend-final-gate (Wave 4+5a) 
Wave 4 — /visual-loop skill (replaces deferred kei-visual-snapshot Rust primitive):
- One-command Playwright scaffolding per project (config + 2 spec templates + npm scripts + axe-core)
- Auto-discovers routes (Next.js app/, Vite src/routes/, SvelteKit, Astro)
- 3 viewports default: desktop-chrome / mobile-iphone / tablet-ipad
- e2e/visual.spec.ts: route × viewport screenshot matrix vs baseline
- e2e/a11y.spec.ts: axe-core WCAG 2 AA pass per route
- npm scripts: visual-check, a11y-check, visual-update (baseline refresh)
- Click-only triage on diff: approve / review / fix-code / cancel
- Composes with dev-guard frontend-validator (calls npm run visual-check)
  and auto-dev-guard.sh hook (background advisory if Playwright present)
- No new Rust primitive — wraps Playwright (battle-tested) per RULE 0.10 (don't reinvent)

Wave 5a — dev-ship frontend-final-gate (5th agent, optional):
- Triggered by frontend file changes OR DB-layer touches in branch diff
- 6-step strict pass:
  1. Production build (npm run build) — zero errors+warnings
  2. tsc --noEmit --strict — force strict regardless of project tsconfig
  3. kei-db-contract --strict — drift_count must be 0
  4. visual-check FULL — across all routes × all viewports
  5. a11y-check FULL — zero WCAG 2 AA violations
  6. Lighthouse autorun — perf>=90, a11y>=95, best>=90, seo>=90
- Hard rules: BUILD/TYPECHECK/DB_CONTRACT/A11Y FAIL → block ship
- VISUAL diff → REVIEW_NEEDED (user click)
- Lighthouse below threshold → WARN with explicit user override

Wave 5b (dev-start frontend-contract-designer) — SKIPPED.
  Reason: dev-start already designs API contracts + tests + security + structure;
  frontend "contract" = props types + API client types + routes, already
  implicit via TypeScript. Adding dedicated agent = duplication, not value.

frontend-validator.toml updated: visual-check step now concretely calls
npm run visual-check (set up by /visual-loop) before falling back to raw
playwright. A11y quick step added (npm run a11y-check if available).

Verify-before-commit:
- visual-loop SKILL.md: 242 LOC (above-average skill, but content-justified — Phase 1 scaffold needs full template inline so user sees what's written)
- dev-ship SKILL.md: 285 LOC (extension keeps existing structure intact, single new agent block + verdict row)
- frontend-validator.toml: format matches existing critic-perf.toml; assembler-compatible

=== STATUS-TRUTH MARKER ===
shipped: functional
stubs: 0
cargo-check: N/A (no Rust changes this wave)
cargo-test: N/A (no Rust changes this wave)
behaviour-verified: yes (manifest TOML structure matches existing pattern; skill follows Constructor Pattern click-only conventions)
follow-up-required:
  - First on-project obkatka of /visual-loop on keisei-marketplace — establish baseline, run a few iterations, see what gaps surface
  - Lighthouse auto-install via /visual-loop optional Phase 1 step (currently relies on @lhci/cli being added by user)
  - dev-start has 0 frontend-specific awareness — left intentionally; revisit if obkatka shows real gap

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
 2026-05-01 15:43:05 +08:00
Parfii-bot
54c298036e feat(frontend-loop): kei-db-contract primitive + frontend-validator agent + auto-dev-guard hook 
Frontend continuous-quality loop landed. Three composable cubes:

Wave 1 — kei-db-contract primitive (~870 LOC, 7 cubes per Constructor Pattern):
- Diffs SQL CREATE TABLE migrations against TypeScript type/interface declarations
- 4 drift modes: ORPHAN-SQL, ORPHAN-TS, TYPE-MISMATCH, NULL-MISMATCH
- Reuses sqlparser-rs (Apache 2.0) + regex + walkdir + serde_json + clap
- CLI: kei-db-contract <project-root> [--output json|text] [--strict]
- 5/5 integration tests pass (cargo check + cargo test green)
- Smoke-tested on keisei-marketplace: drift_count=266 across 30 tables
  (expected — marketplace uses raw better-sqlite3 without explicit row types)

Wave 2 — frontend-validator agent + dev-guard skill extension:
- New _manifests/frontend-validator.toml (substrate_role: edit-local, tools: Bash+Read+Glob+Grep)
- Agent runs: stack detect → tsc --noEmit → eslint → kei-db-contract → playwright (optional)
- Severity rules: TYPE_CHECK FAIL = block, DB_CONTRACT drift > 0 = block, lint = advisory
- skills/dev-guard/SKILL.md extended: 4th agent triggered on .tsx/.ts/.dart edits or DB-layer touches
- adaptive-depth table extended with frontend + DB-layer rows

Wave 3 — auto-dev-guard.sh hook (PostToolUse:Edit|Write):
- Trivial-edit gate: skip if delta < 30 LOC (avoid spawn fatigue)
- File-pattern match: *.tsx|*.ts|*.svelte|*.vue|*.dart OR migrations/*.sql OR src/db/** OR src/types/** OR prisma/schema.prisma OR drizzle.config.*
- Auto-runs kei-db-contract for DB-layer edits if binary on PATH
- Stderr advisory only (exit 0 always — never blocks)
- Bypass: KEI_DISABLED_HOOKS or KEI_HOOK_PROFILE in {advisory-off, minimal, off}
- Smoke-tested with synthetic Edit input (39 LOC delta on .tsx → emits advisory)
- Registered in hooks/hooks.json under PostToolUse:Write|Edit chain

Reusability map (Constructor Pattern compose):
  shared cubes: detect-stack, tsc, eslint, kei-db-contract, kei-visual-snapshot (deferred)
  orchestrators: /dev-start (pre), /dev-guard (during, NOW with frontend-validator),
                 /dev-ship (final), /site-create (init)

Verify-before-commit (RULE 0.13):
- cargo check -p kei-db-contract: PASS
- cargo test -p kei-db-contract: 5 passed
- jq . hooks/hooks.json: valid
- bash hooks/auto-dev-guard.sh < synthetic-input: works (frontend-relevant edit detected, exit 0)

=== STATUS-TRUTH MARKER ===
shipped: functional
stubs: 0
cargo-check: PASS
cargo-test: PASS (5 tests, 0 failures)
behaviour-verified: yes
follow-up-required:
  - kei-visual-snapshot primitive (Playwright wrap) — Wave 4, deferred
  - /dev-start frontend-contract-designer agent + /dev-ship frontend-final-gate — Wave 5, after Wave 1-3 obkatka
  - install.sh wiring for kei-db-contract binary
  - hermes-style emit-on-drift advisory mode

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
 2026-05-01 15:34:39 +08:00
Parfii-bot
eedffd1cd2 feat(kei-memory): functional schema fix + 4-wave architecture refactor 
Wave A — Functional ingest fix (root cause of empty Sleep reports):
- Rewrote TraceLine struct to match real Claude Code trace JSONL:
  type (was kind), timestamp ISO8601 (was epoch ts), message Object,
  cwd / gitBranch / parentUuid / uuid / subtype / toolUseID / toolUseResult
- New src/extract.rs: extract_tool_uses + extract_tool_result walks
  message.content[] for nested tool_use / tool_result blocks
- New src/classifier.rs: explicit table classifier (tool_error, user_correction,
  retry_loop, permission_denied, tool_use:<name>, ...) replaces shallow heuristic
- New src/error.rs: KeiMemoryError enum (IO/Parse/Db) replaces semantic
  mismatch where IO error was wrapped as rusqlite::InvalidParameterName
- New src/trace_line.rs: TraceLine + helpers (cube extraction)
- Schema migration v3: events.cwd column + 3 hot-query indices
  (events.tool, events.file_path, events.ts) + UNIQUE on patterns
- New tests/ingest_real_trace.rs: synth-fixture asserts tool/file/cwd/class extraction

Wave B — Lib crate split:
- Cargo.toml: [lib] target added alongside existing [[bin]]
- src/lib.rs: pub re-export of all 18 modules
- src/main.rs: 11 mod declarations replaced by single use kei_memory::{…}
- tests/integration.rs: #[path] hack replaced by use kei_memory::{…}

Wave C — TF-IDF dedup + single-JOIN + filter_map fix:
- Schema migration v2: tokens.idf_dirty column + flag-based dedup
- index_document no longer triggers per-call recompute_idf rebuild
- top_similar uses single JOIN via vectors_for_overlapping_sessions helper
  (was N round-trips, one session_vector per candidate)
- All filter_map(|r| r.ok()) row-error swallowing replaced with ? propagation
- New tests/tfidf_idf_dedup.rs: 4 tests covering dedup behaviour, IDF emptiness,
  JOIN-pruning, empty-query safety

Wave D — Commands split + nits:
- New src/dump.rs (43 LOC) + src/stats.rs (33 LOC):
  CLI renderers extracted from commands.rs (was inline SQL + format)
- src/commands.rs: thin wrappers, -42 LOC
- src/injection_guard.rs: inline tests removed (-26 LOC), file under 200 LOC threshold
- tests/injection_guard_unit.rs (new): 4 tests in proper integration crate
- src/patterns.rs: INSERT replaced with INSERT...ON CONFLICT...DO UPDATE
  (idempotent re-ingest, uses Wave A's UNIQUE index)
- src/analyze.rs + src/coaccess.rs: filter_map row-error fixes
- src/coaccess.rs: misleading PK comment rewritten

Verify-before-commit (RULE 0.13 §"Verify-before-commit"):
- cargo check --all-targets: PASS (1 unrelated dead-code warning)
- cargo test: 42 passed, 0 failed across 9 test binaries
- STATUS-TRUTH markers aggregated at .claude/agents/_merge/kei-memory-2026-05-01/

Architect-spotted ARCH-MAJOR + ARCH-MINOR + ARCH-NIT findings addressed:
- ARCH-MAJOR Cargo.toml binary-only (Wave B)
- ARCH-MAJOR schema missing indices (Wave A v3)
- ARCH-MAJOR ingest_jsonl choke point (Wave A — extract.rs + classifier.rs)
- ARCH-MAJOR idf O(N·V) per-call rebuild (Wave C)
- ARCH-MINOR patterns no UPSERT (Wave D)
- ARCH-MINOR commands.rs houses dump+stats (Wave D)
- ARCH-MINOR classifier silent contract (Wave A)
- ARCH-MINOR IO error wrapped as rusqlite (Wave A)
- ARCH-MINOR injection_guard inline tests (Wave D)
- ARCH-MINOR tfidf top_similar N round-trips (Wave C)
- ARCH-NIT 3× filter_map(|r| r.ok()) sites (Wave C + D)
- ARCH-NIT coaccess misleading comment (Wave D)

=== STATUS-TRUTH MARKER ===
shipped: functional
stubs: 0
cargo-check: PASS
cargo-test: PASS (42 tests, 0 failures)
behaviour-verified: yes
follow-up-required:
  - tests/ingest_guard_tests.rs + tests/guard_test_corpus.rs still on #[path] hack (Wave B follow-up note, ~5 LOC)
  - dead_code warning Severity::Warn unused (pre-existing, not blocking)

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
 2026-05-01 14:10:06 +08:00
Parfii-bot
a4e667de10 KeiSeiKit-public — clean state 
Single-commit clean baseline after security scrub of niche-tells,
project codenames, internal jargon, and contributor-email leaks.

Contents:
- 100 Rust crates (_primitives/_rust/)
- 37 agent manifests (_manifests/) + generated specs (_generated/)
- 67 user-invocable skills (skills/)
- 33 hooks (hooks/)
- Composition blocks (_blocks/)
- Documentation (docs/, README.md)
- TS adapter packages (_ts_packages/)
- Assembler (_assembler/)
- Roles (_roles/)
- Templates (_templates/)
- Forgejo CI (.forgejo/)

Author: Denis Parfionovich <info@greendragon.info>

License: see LICENSE.
 2026-05-01 12:09:03 +08:00