keisei/KeiSeiKit-1.0
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
183 commits 3 branches 11 tags 12 MiB
Commit graph

183 commits

This branch
This branch
All branches
Author SHA1 Message Date
Parfii-bot
3ad64332bc Merge fix/v0.19-audit-hardening — security HIGH + critic HIGH consolidated (conflicts resolved) 
4 adapter conflicts resolved by taking fix-wave version — preserves
security hardening (path confinement, name validation + collision
refuse, paths::resolve_home SSoT, fsx::write_atomic_json via
NamedTempFile). jsonmcp.rs from v0.19 refactor commit fa253d0
became dead code post-merge; deleted + unregistered from adapters/mod.rs.

If future iteration wants jsonmcp-style shared merge, it should
layer on top of the security-hardened adapter inline logic, not
replace it.

Tests: 16/16 pass (11 pre-existing + 5 new adversarial).
cargo check -p keisei: clean (4 pre-existing dead-code warnings,
not introduced by this merge).
 2026-04-22 16:37:19 +08:00
Parfii-bot
d32ca0bc28 fix(v0.19): audit hardening — 3 security HIGH + 3 critic HIGH + 2 critic MEDIUM 
Closes consolidated findings from wave-audit (critic + security + architect):

SECURITY HIGH:
  H1 path escape — Brain::load rejects absolute mcp_server paths +
    any containing '..'; canonicalize + starts_with(root) assertion;
    new Error::PathEscape variant.
  H2 brain name validation + clobber refuse — regex ^[a-z][a-z0-9_-]{0,63}$
    enforced at Brain::load; adapters refuse to overwrite existing
    mcpServers[name] with NameConflict (unless same content).
  H3 symlink reject at canonicalize — std::fs::symlink_metadata()
    called before canonicalize; Error::BrainIsSymlink with resolved
    target path; prevents USB → $HOME pivot.

CRITIC HIGH:
  #1 rusqlite dep deleted (zero uses in src/, pulls C toolchain).
  #3 BrainPaths memory/artifacts/manifests now Option<String>
    (only mcp_server required; schema no longer lies about contract).

CRITIC MEDIUM:
  #1 _primitives/_rust/keisei/src/paths.rs (new, 23 LOC) — SSoT for
    $KEISEI_HOME/$HOME resolver; config.rs and claude_code.rs
    delegate instead of duplicating 7-line block.
  #2 canonicalize error preserves io::Error via new Error::BrainLoad
    { path, source } with #[source] attribute.
  #5 fsx::write_atomic_json rewrite via tempfile::NamedTempFile
    + persist — Windows-safe, cross-fs-fallback handling.

New module split (Constructor Pattern): brain.rs (104 → 122) now a
thin orchestrator over brain_validate.rs (108 LOC) which owns
symlink-reject / canonicalize-root / read-manifest / validate-schema
/ validate-name / check-relative-in-root / canonicalize-in-root.

Deps: regex = { workspace = true }, tempfile = "3" (runtime).
Workspace-level regex = "1.10" added.
MANIFEST.toml [primitive.keisei] deps updated.

Tests: 11 pre-existing + 5 adversarial:
  - manifest_with_absolute_mcp_server_rejected — proves /usr/bin/python3
    CANNOT land in settings.json (PathEscape + marker absent asserts)
  - manifest_with_parent_traversal_rejected — ../../etc/passwd rejected
  - manifest_with_invalid_name_rejected — 'claude-ide!' rejected
  - brain_path_is_symlink_rejected — USB → $HOME pivot blocked
  - attach_refuses_to_clobber_existing_mcp_entry — NameConflict on diff

All 16 pass.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
 2026-04-22 16:36:11 +08:00
Parfii-bot
fa253d04cc refactor(v0.19): extract adapters/jsonmcp.rs shared MCP entry merge/remove 
v0.19 agent's additional factorization that wasn't captured in the
initial branch commit. Extracts shared merge/remove-named helpers
for claude-code/cursor/zed into adapters/jsonmcp.rs (70 LOC). 3
adapters simplify significantly (-65/-68/-102 LOC each).

Also: #[allow(dead_code)] on Error::AdapterFailed (surfaced by
mount/detach orchestration; reserved for library consumers).

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
 2026-04-22 16:35:02 +08:00
Parfii-bot
d39abf1914 Merge feat/v0.19-multi-client-adapters — pre-hardening integration 2026-04-22 16:04:56 +08:00
Parfii-bot
e6cab72587 feat(v0.19): multi-client adapters + detach/mount/list-adapters + schema v2 
Extends keisei CLI from single-client (v0.18) to multi-client exobrain:
new subcommands detach/mount/list-adapters, 3 new adapters (Cursor,
Continue, Zed), schema v2 for ~/.claude/keisei-attached.toml with
[[attachments]] array (v1 backward-compat via untagged serde).

New subcommands:
  detach — iterate marker attachments, call adapter.detach() on each,
    then delete marker. Real strip of mcpServers entry per adapter.
  mount <brain> — auto-attach to ALL detected clients in one call.
  list-adapters — tabular status (name / detected / config path).

New adapters (each <130 LOC mirrors claude_code.rs pattern):
  adapters/cursor.rs — .cursor/mcp.json project-local, fallback
    ~/.cursor/mcp.json global.
  adapters/continue_adapter.rs — ~/.continue/config.json with
    experimental.modelContextProtocolServers key.
  adapters/zed.rs — ~/.config/zed/settings.json (Linux) or
    ~/Library/Application Support/Zed/settings.json (macOS) with
    context_servers key. Zed schema marked [UNVERIFIED] pending docs.

Schema v2 (~/.claude/keisei-attached.toml):
  [[attachments]]
  client_type = "claude-code"
  config_path = "/Users/.../.claude/settings.json"
  [[attachments]]
  client_type = "cursor"
  config_path = "/Users/.../proj/.cursor/mcp.json"

v1 marker migration: untagged serde accepts legacy client_type=string,
upgrades to single-entry attachments[] on next write.

Tests: 5 (v0.18) + 6 new = 11 integration tests, all pass:
  - attach_then_status_happy_path
  - attach_missing_manifest_errors
  - attach_unsupported_schema_errors
  - status_without_attach_is_clean
  - attach_writes_marker_with_expected_fields
  - mount_with_claude_code_only_detected (new)
  - mount_with_no_client_detected (new)
  - detach_round_trip (new)
  - detach_preserves_other_mcp_servers (new)
  - list_adapters_prints_expected_rows (new)
  - schema_v1_to_v2_migration (new)

Known issues (defer to follow-up commit):
  - CRITIC HIGH#1: rusqlite declared but unused
  - CRITIC HIGH#3: BrainPaths fields required but only mcp_server used
  - SECURITY H1/H2/H3: brain path/name not validated before writing
    into client config — will be addressed before tagging v0.19.0

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
 2026-04-22 16:04:45 +08:00
Parfii-bot
76ff1e637d chore(v0.18): regen counts — RUST_CRATES 24→25, PROFILE_FULL 37→38, TOTAL_PRIMITIVES 37→38 (keisei added) 2026-04-22 15:53:09 +08:00
Parfii-bot
e53ad26243 Merge feat/v0.18-keisei-cli-mvp — exobrain attach/status CLI 2026-04-22 15:52:59 +08:00
Parfii-bot
a52bdbab4c Merge feat/v0.18-mcp-server-binary — 5-platform bun compile 2026-04-22 15:52:54 +08:00
Parfii-bot
3bb9ba7911 feat(v0.18): keisei CLI MVP — exobrain attach/status 
Phase 3 of exobrain architecture. Ships the entry-point CLI
that mounts a portable brain (memory + artifacts + manifests +
mcp-server) into an AI client via one command.

MVP scope: 2 subcommands (attach, status), 1 adapter (claude-code).
detach + mount + multi-client deferred to v1.0.

New Rust crate _primitives/_rust/keisei/ — 10 src files + 1 tests
(Constructor Pattern: all files <150 LOC, all fns <=23 LOC).
  main.rs (53 LOC) — clap dispatch
  error.rs (36 LOC) — thiserror enum (BrainNotFound,
    UnsupportedSchema, NoClientDetected, Io/Toml/Json #[from])
  brain.rs (103 LOC) — Brain::load() reads brain/manifest.toml
    schema_v1 (name, created, paths.{memory,artifacts,manifests,
    mcp_server})
  adapter.rs (38 LOC) — ClientAdapter trait (detect/attach/
    detach/config_path) + registry
  adapters/claude_code.rs (121 LOC) — writes MCP server entry
    into ~/.claude/settings.json via merge_mcp_entry (23 LOC,
    mirrors jq-merge pattern from install/lib-hooks.sh)
  attach.rs (44 LOC) — load brain, detect client, call adapter,
    write SSoT ~/.claude/keisei-attached.toml
  status.rs (62 LOC) — read SSoT, print brain name/path/client/
    timestamp + health check (mcp_server binary exists?)
  config.rs (97 LOC) — KeiseiAttached TOML struct + KEISEI_HOME
    env hook for test isolation
  tests/integration.rs (142 LOC) — 5 cases via tempfile + Mutex
    env guard: happy-path, missing-manifest, unsupported-schema,
    no-attach-state, marker-field verification

Workspace: keisei added to _primitives/_rust/Cargo.toml members.
MANIFEST.toml: [primitive.keisei] rust kind, kei-ledger-style
deps (rusqlite bundled, stub for future artifact reads), added
to full profile (standalone opt-in via --add=keisei).

README Rust crates table gains 1 row; count marker untouched.
CHANGELOG [Unreleased] bullet added.

Usage:
  keisei attach /path/to/brain    # mounts into current Claude Code
  keisei status                   # shows mounted brain + health

Next (v0.18 follow-ups): detach impl, cursor/continue adapters,
list-adapters subcommand.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
 2026-04-22 15:52:40 +08:00
Parfii-bot
e67ade47c8 feat(v0.18): kei-mcp-server single-binary compile — 5-platform via bun 
Phase 1 of exobrain architecture. Ships TS MCP server as a static
binary so users on machines without Node can run KeiSeiKit (USB /
flashdrive / air-gapped scenarios).

.github/workflows/release.yml (+62 LOC) — new build-mcp-binary job:
  - 5-target matrix: darwin arm64/x64, linux arm64/x64, windows x64
  - bun build --compile, linux arm64 continue-on-error (ARM runners
    less reliable)
  - Artifact kei-mcp-server-<os>-<arch>[.exe] + sha256
  - release job now needs [build-release, build-mcp-binary]

install/lib-rust.sh (+50 LOC) — have_prebuilt_mcp_server() +
  report_mcp_server_binary_status(); KEI_SKIP_MCP_BUILD=1 env
  flag skips bun/npm install when a prebuilt binary is present.
  File 165 LOC (<200 limit).

_ts_packages/packages/mcp-server/package.json — scripts.build:native
  + 5 per-target aliases (macos-arm, macos-x64, linux-x64,
  linux-arm, win-x64) for local dev.

_ts_packages/packages/mcp-server/BUILD.md (NEW, 52 LOC) — local
  compile guide per platform + Gatekeeper/code-sign notes +
  cites bun docs [VERIFIED: https://bun.sh/docs/bundler/executables].

README.md pre-built-binaries section gains 'MCP server binary'
subsection (download, chmod +x, xattr -d com.apple.quarantine for
macOS, UAC note for Windows).

CHANGELOG.md [Unreleased] bullet added.

Output size: ~90 MB per binary (bundled bun runtime). Acceptable
trade for zero-dep USB distribution.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
 2026-04-22 15:52:36 +08:00
Parfii-bot
bcc199a62e chore(v0.17.1): regen counts — HOOKS 9 → 10 2026-04-22 15:42:12 +08:00
Parfii-bot
b913316b4a Merge feat/v0.17.1-orchestrator-dirty-check 2026-04-22 15:42:12 +08:00
Parfii-bot
249733c164 feat(v0.17.1): orchestrator-dirty-check hook — prevent uncommitted-output compounding 
PreToolUse:Agent advisory — warns orchestrator if git status is dirty
before spawning next agent. Closes the workflow gap that caused 28
uncommitted files across 5 bundles on main (2026-04-22 incident).

hooks/orchestrator-dirty-check.sh (51 LOC, POSIX sh):
  - Sources _lib/gate.sh, respects KEI_DISABLED_HOOKS
  - Reads git status --porcelain at repo root
  - Emits stderr advisory with modified/untracked counts + sample
  - Exit 0 always (advisory, not blocking)
  - Bypass: ORCHESTRATOR_META=1 (existing RULE 0.13 flag) or
    ORCHESTRATOR_DIRTY_OK=1 (new, explicit)
  - Severity: warn — per RULE 0.10 ladder; upgrade to enforce
    only after 2nd recurrence

hooks/_lib/test-orchestrator-dirty-check.sh (60 LOC):
  - 5 test cases with mocked git PATH shim
  - Clean / dirty-modified / dirty-untracked / env-bypass /
    gate-bypass
  - PASS 5/5 (existing gate.sh tests unchanged — 11/11)

Wired into hooks/hooks.json (plugin format) and settings-snippet.json
(classic install) at PreToolUse/Agent matcher.

skills/hooks-control/SKILL.md — hook list 9 → 10.
README.md — hook table gains 1 row; count marker left at 9 for
scripts/regen-counts.sh to update post-merge.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
 2026-04-22 15:42:11 +08:00
Parfii-bot
a6853134cc Merge refactor/v0.17-readme-counts-autogen — drift elimination (conflict resolved + regen) 
README: took A2 markered version over polish bundle's hardcoded counts.
Then ran scripts/regen-counts.sh to sync marker values to current
post-v0.16.1 state — BLOCKS 78 → 79 (polish added _blocks/mode-matrix.md).

regen-counts --check now exits 0: zero drift.
 2026-04-22 15:24:22 +08:00
Parfii-bot
d04e6efe1e refactor(v0.17): README counts auto-generation via markers + regen script 
Eliminates README counts drift class (RULE 0.10 recurrence — 3rd
drift in one week: RUST_CRATES 23→24, SKILLS 38→39, PROFILE_FULL
36→37, PROFILE_DEV 4→10, BLOCKS 73→78).

Mechanism: HTML-comment markers wrap every auto-countable value:
  <!-- count:RUST_CRATES -->24<!-- /count:RUST_CRATES -->

16 marker types cover: RUST_CRATES, RUST/SHELL/TOTAL_PRIMITIVES,
SKILLS, HOOKS, BLOCKS, AGENTS, BRIDGES, PROFILE_FULL/MCP/DEV/OPS/
FRONTEND/CORE, LBM_PORTS.

scripts/regen-counts.sh (117 LOC, POSIX sh) — computes every count
from source (MANIFEST.toml, Cargo.toml, find on skills/hooks/blocks/
manifests/bridges) and rewrites markers in place. --check mode
(side-effect-free via mktemp+cmp+diff) exits 1 on drift.

scripts/precommit-counts-check.sh (26 LOC) — invokes regen-counts
--check, blocks commit on drift with fix-it hint.

README gains 'Regenerating counts' subsection documenting both
commands and pre-commit wiring.

No Python/jq/yq hard deps. macOS /bin/sh compat (3.2-era). Idempotent.

Constructor Pattern: largest script 117 LOC (<120), largest awk fn
10 LOC (<30).

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
 2026-04-22 15:24:05 +08:00
Parfii-bot
d0ade2b411 Merge refactor/v0.17-hook-gate-lib — extract gate lib (conflict resolved) 
hooks/*.sh: take shim from A1 (gate logic lives in _lib/gate.sh)
install.sh: take dispatcher from v0.16 install-split; ported A1's
_lib-copy logic into install/lib-hooks.sh::install_hooks (since
A1 worktree was based on pre-v0.16-split main and couldn't see
the cube structure).

Gate semantics preserved — tokenized KEI_DISABLED_HOOKS, minimal
profile whitelist. Net: −171 (hooks) +104 (_lib new) +15 (lib-hooks)
= −52 LOC across kit.
 2026-04-22 15:23:44 +08:00
Parfii-bot
588e194d59 refactor(v0.17): extract hook gate into shared lib 
Removes 9×20 LOC duplication of KEI_DISABLED_HOOKS gate logic
from each hook into hooks/_lib/gate.sh. Next CVE in gate path
fixes in ONE file, not 9.

hooks/_lib/gate.sh (new, 57 LOC) — POSIX sh library, single
  kei_hook_gate() function. Exact-token tokenize on comma OR
  space (RED-1 fix preserved). Minimal-profile whitelist baked
  in: no-hand-edit-agents, assemble-validate, agent-fork-logger,
  session-end-dump. Idempotent re-source guard.

hooks/_lib/test-gate.sh (new, 47 LOC) — 11 test cases covering
  empty/comma/space/whitespace/substring-NOT-match/literal 'all'/
  minimal-profile included+excluded/minimal+disabled combo.

Per-hook shim (exactly 2 LOC, same in all 9):
  _KEI_LIB="$(dirname "$0")/_lib/gate.sh"
  if [ -r "$_KEI_LIB" ]; then . "$_KEI_LIB"; kei_hook_gate "<name>" || exit 0; fi

Net LOC delta: −171 (hooks) +104 (lib new) +15 (installer) = −52.

Gate semantics bit-identical to v0.15.1 hotfix on the 6
enumerated behaviors; off/advisory-off profile values dropped
per spec (only 'minimal' recognized, any other = full).

Fail-open on missing lib — if _lib/gate.sh absent (old install
pre-v0.17), hook falls through to normal operation.

install.sh — +15 LOC copies hooks/_lib/*.sh to
$HOOKS_DIR/_lib/, preserving relative path the shim expects.

Note: v0.16 split this file; A1 worktree was based on pre-split
main — merge into current main required resolving conflict so
_lib-copy logic moved to install/lib-hooks.sh.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
 2026-04-22 15:14:19 +08:00
Parfii-bot
4c77b9a79b Merge feat/v0.17-sleep-setup-hybrid — local/remote/hybrid mode wizard 2026-04-22 15:13:54 +08:00
Parfii-bot
bbe1d79c53 feat(v0.17): sleep-setup local/remote/hybrid mode + time picker 
Extends /sleep-setup wizard with three deployment modes and
user-picked nightly time. Pure-click except existing free-text
(repo URL; custom time if chosen).

New phases:
  phase-0-mode.md (64 LOC) — 3 options: local-only (CronCreate,
    full filesystem access, real /self-audit skill) / remote-only
    (existing cloud-agent + git-repo flow) / hybrid (both;
    redundancy if Mac asleep).
  phase-0b-time.md (79 LOC) — 6 options: 03:00 REM peak /
    00:00 / 05:00 / 23:00 / 21:00 / Custom (freeText with
    HH:MM regex + 3-retry fallback to 03:00).

phase-5-trigger.md — octal-safe $SLEEP_TIME_LOCAL parsing
  (10# prefix), branches on $SLEEP_MODE:
    local-only → CronCreate only, local time (no UTC conversion)
    remote-only → /schedule create only (UTC-converted)
    hybrid → both, two sequential AskUserQuestion

phase-3b-deep-sleep.md — adds plan+local-patch option when
  SLEEP_MODE=local-only (apply patches to ~/.claude/ directly
  after morning confirm, no git branch).

SKILL.md — pipeline table 6 → 8 rows, AskUserQuestion minimum
  9 → 11 (remote/hybrid) or 6 (local-only); final report shows
  Mode + Time fields adapted per mode.

Verify: new user picks local-only + Custom 05:00 → zero git,
cron 0 5 * * * registered with /self-audit body referencing
~/.claude/memory/audit-backlog.md and sleep-report-DATE.md.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
 2026-04-22 15:13:54 +08:00
Parfii-bot
1c054860e0 Merge fix/v0.17-test-matrix-yaml — YAML frontmatter quoting 2026-04-22 15:13:33 +08:00
Parfii-bot
cedf22ece8 fix(v0.17): test-matrix SKILL.md YAML frontmatter quoting 
Plugin-format agent flagged: description value contains 'Pure-click:'
mid-string; unquoted colon breaks yaml.safe_load strict parse —
blocks claude plugin validate on the entire kit.

Fix: wrap description in double quotes. Content unchanged.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
 2026-04-22 15:13:33 +08:00
Parfii-bot
14ae1af585 Merge feat/v0.16.1-polish — dynamic schema + mode matrix Phase 3.6 2026-04-22 15:13:05 +08:00
Parfii-bot
e6c79e2495 Merge feat/v0.16-plugin-format — Anthropic plugin + own marketplace 2026-04-22 15:13:05 +08:00
Parfii-bot
3e792d169d Merge feat/v0.16-changelog-gen — Keep-a-Changelog + release workflow 2026-04-22 15:13:05 +08:00
Parfii-bot
1c633f0616 Merge feat/v0.16-install-split — install.sh cube refactor 2026-04-22 15:13:05 +08:00
Parfii-bot
95cacc5ffd Merge fix/v0.15.1-critical — RED-1 CVE hotfix 2026-04-22 15:12:57 +08:00
Parfii-bot
d95a3ba48c feat(v0.16.1): dynamic schema SSoT + KNOWN_SCHEMAS drift-test + mode-matrix Phase 3.6 
Three polish items from post-audit parallel agent.

1. Dynamic schema whitelist (drops hardcoded const drift)
   _assembler/src/schemas_export.rs (NEW, 136 LOC) — loader cube,
     priority path $AGENT_ROOT/artifacts/schemas.json →
     ~/.claude/agents/artifacts/schemas.json → BUILTIN fallback.
     Hand-rolled JSON parser (no serde_json dep).
   _assembler/src/validator.rs delegates to schemas_export::load,
     keeps KNOWN_ARTIFACT_SCHEMAS alias for back-compat.
   _primitives/_rust/kei-artifact/src/export.rs (NEW, 82 LOC) —
     write() + render() + default_path().
   _primitives/_rust/kei-artifact/src/cli_cmds.rs (NEW, 126 LOC) —
     extracted cmd_emit/get/list/chain so main stays <200 LOC.
   ExportSchemas + ListSchemas subcommands; cmd_register
     auto-refreshes export file (best-effort).

2. KNOWN_SCHEMAS SSoT — documented-dual-const + drift-test
   (Option "simpler than new crate"). SSoT in kei-artifact's
   BUILTIN; schemas_export::BUILTIN is a documented mirror;
   builtin_schemas_do_not_drift_from_kei_artifact test in
   validator.rs parses the primitive's source at test time and
   diffs. <30 LOC change. No workspace structural change —
   assembler stays decoupled from runtime primitive.

3. Agent-to-mode matrix + wizard Phase 3.6
   _blocks/mode-matrix.md (NEW, 24 LOC) — 11-row table mapping
     agent role × recommended mode blocks.
   skills/new-agent/SKILL.md — new Phase 3.6 (between name-confirm
     3.5 and manifest-write 4). AskUserQuestion with 5
     cognitive-mode options (skeptic/devils-advocate/minimalist/
     maximalist/first-principles, multiSelect). Appends picked
     labels to manifest's blocks array. Defaults to NONE.
   _blocks/README.md adds one-line reference to the matrix.
   _assembler/tests/mode_blocks.rs (NEW, 78 LOC) — 3 integration
     tests lock the wiring.

README.md — all accumulated count + pre-built-binaries + plugin
section edits from the v0.16 cycle consolidated here (will be
replaced by markers in v0.17 counts-autogen refactor).

Tests: assembler 24 → 33 (+9), kei-artifact 24 → 31 (+7), total
48 → 64. cargo check --workspace clean.

Constructor Pattern: largest new file validator.rs 180 LOC.

Pre-existing flagged for separate refactor: kei-artifact
validate.rs 268 LOC (not touched by this polish).

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
 2026-04-22 15:10:46 +08:00
Parfii-bot
164c521936 feat(v0.16): Anthropic plugin format + own marketplace 
Makes KeiSeiKit installable both as classic kit AND as an
Anthropic Claude Code plugin.

.claude-plugin/plugin.json — plugin manifest (name, version,
description, author OBJECT per schema, repository, license)
.claude-plugin/marketplace.json — own marketplace declaration
(owner OBJECT per schema, plugins[].source OBJECT)
.claude-plugin/mcp-template.json — template for .mcp.json (actual
.mcp.json write is blocked by hook; user copies template manually)
PLUGIN.md — dual-install docs (plugin vs classic)
hooks/hooks.json — uses ${CLAUDE_PLUGIN_ROOT} (per Anthropic
schema, NOT ${PLUGIN_ROOT}); wraps hooks under top-level
"hooks": {...} key

Schema corrections caught during agent validation:
  - marketplace.json owner MUST be object (not string)
  - hooks.json requires "hooks": {...} top-level wrapper
  - env var is ${CLAUDE_PLUGIN_ROOT} not ${PLUGIN_ROOT}

Companion edits in install-split bundle: install/lib-args.sh
gains an 8-line plugin-first banner in print_help() directing
users toward the plugin install path as recommended default.

Dual-install strategy: users can pick
  - `claude plugin marketplace add <url>` then install — latest
    and iteration-friendly (this PR enables it)
  - classic ./install.sh — legacy kit path, full 37-primitive
    control

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
 2026-04-22 15:10:15 +08:00
Parfii-bot
d97afb63ec feat(v0.16): CHANGELOG + tag-driven release workflow 
Keep-a-Changelog format. 12 sections: [Unreleased] + 11 real
releases v0.8.0..v0.15.0, every bullet with real git SHA pulled
via git log --no-merges. 150 LOC.

.github/workflows/release.yml — 3 jobs, triggered on tag push:
  build-release: 4-platform matrix
    - x86_64-unknown-linux-gnu
    - aarch64-unknown-linux-gnu (continue-on-error)
    - x86_64-apple-darwin
    - aarch64-apple-darwin
    Builds entire _primitives/_rust workspace, emits tar.gz +
    sha256 per target via portable executable-discovery loop.
  release: downloads artifacts, runs local
    kei-changelog --from <prev-tag> --to <tag>, publishes via
    softprops/action-gh-release@v2.
  npm-publish: graceful skip when NPM_TOKEN secret absent
    (steps.have_token.outputs.present gate + || warning wrap
    so one failing package doesn't kill the job).

Companion install support: install/lib-rust.sh gains
have_prebuilt_binaries() + KEI_SKIP_RUST_BUILD=1 guard (shipped
as part of install-split bundle). Users can download tarball
instead of compiling Rust from source.

release.yml validated via yaml.safe_load: 3 jobs parse cleanly,
matrix expands 4-wide, jobs = [build-release, release, npm-publish].

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
 2026-04-22 15:10:00 +08:00
Parfii-bot
03d1dc7362 refactor(v0.16): split install.sh monolith (1238 LOC) into 17 cubes 
Constructor Pattern (RULE ZERO). Zero behaviour change, zero flag
drift — all original CLI flags preserved verbatim.

Before: install.sh — 1238 LOC monolith
After:  install.sh — 138 LOC dispatcher (sources libs in order)
        install/lib-*.sh — 16 cubes, max 183 LOC (lib-menu)

Cubes:
  lib-log       21 LOC — logging primitives
  lib-backup    63 LOC — rollback trap + BACKUP_PAIRS
  lib-profile  115 LOC — MANIFEST.toml profile resolution
  lib-args      92 LOC — CLI parsing + --help heredoc
  lib-menu     183 LOC — whiptail/dialog/plain-text interactive picker
  lib-plan     150 LOC — dry-run --no-execute output
  lib-prereqs   91 LOC — hard + soft dependency checks
  lib-primitives 131 LOC — primitive copy + MANIFEST drive
  lib-rust     114 LOC — cargo workspace build + pre-built support
  lib-scaffold 144 LOC — agent/skill/block scaffolding
  lib-bridges   31 LOC — project-bridge install
  lib-hooks    104 LOC — settings.json jq merge
  lib-agents    77 LOC — assembled agent output
  lib-skills    23 LOC — skill copy
  lib-wizard    20 LOC — sleep-setup wizard invocation
  lib-summary   59 LOC — post-install summary

Invariants preserved:
  - macOS bash 3.2 compat (no associative arrays, no [[ ]], no ${,,})
  - rollback trap wired via setup_backup_trap early in dispatcher
  - jq-merge behaviour verbatim in lib-hooks
  - scoped Cargo.toml regeneration in lib-rust

Function LOC limits: largest non-heredoc fn 22 LOC (check_soft_prereqs).
Three functions kept >30 LOC because heredoc-dominated (print_help,
print_summary, profile_members); splitting would fragment logical unit.

62 unique function names across cubes, zero duplicates (grep-verified).

bash -n passes on all 17 files. Runtime smoke test deferred to user's
shell (bash-readonly sandbox constraint).

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
 2026-04-22 15:09:35 +08:00
Parfii-bot
f77c1b7fdc fix(v0.15.1): RED-1 CVE + typed-handoff + schema minItems 
Security hotfix — v0.15.1 Wave 1 fixes from 4-parallel audit.

RED-1 (CVE): KEI_DISABLED_HOOKS tokenized match — was `*all*`
substring-glob (trivially bypassable via "install", "wall-clock", etc.),
now exact-token split on comma/space. Patched in all 9 hooks:
no-hand-edit-agents, assemble-agents, assemble-validate, tomd-preread,
agent-fork-logger, site-wysiwyd-check, error-spike-detector,
milestone-commit-hook, session-end-dump.

RED-2 (observability): minimal profile whitelist now includes
agent-fork-logger and session-end-dump (ledger + trace paths) so
observability is not silently lost on minimal installs.

HIGH: review.json schema minItems:1 on findings — rejects empty
reviews; new Rust test review_schema_rejects_empty_findings.

HIGH: typed-handoff wire-up — produces_artifact declared at top
level on 5 manifests (kei-security-auditor, kei-validator,
kei-architect, kei-code-implementer, kei-critic); duplicate
per-handoff declarations removed.

MED: kei-artifact validate.rs gains warn_unsupported_keywords —
non-fatal stderr warning when schema uses keywords outside the
hand-rolled 2020-12 subset.

LOW: CI Node matrix dropped 18, now ['20','22'].

Doc drift: skills/hooks-control/SKILL.md reflects tokenized-match
semantics and updated minimal-profile hook list.

Tests: 191 Rust workspace + 30 assembler (both pass). RED-1
reproducer 10/10 (4 former-CVE vectors blocked, 5 legit vectors
accepted, empty passes).

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
 2026-04-22 15:08:51 +08:00
Parfii-bot
b62b219500 Merge branch 'feat/v0.15-cognitive-modes' — 5 cognitive mode blocks 2026-04-22 14:15:17 +08:00
Parfii-bot
59725ae021 Merge branch 'feat/v0.15-artifact-handoff' — kei-artifact typed handoff pipeline 
# Conflicts:
#	_primitives/MANIFEST.toml
 2026-04-22 14:15:17 +08:00
Parfii-bot
34ace50183 Merge branch 'feat/v0.14.2-hook-runtime' — runtime hook controls (KEI_DISABLED_HOOKS + profiles) 
# Conflicts:
#	hooks/git-pre-commit-genesis.sh
 2026-04-22 14:14:26 +08:00
Parfii-bot
ad8747f22c Merge branch 'fix/v0.14.2-remove-genesis-scan-public' — genesis-scan internal-only 2026-04-22 14:12:54 +08:00
Parfii-bot
24c584ee50 fix: remove genesis-scan from public kit (internal tool, Bundle-only) 
Per user decision: publishing the sensitive IP pattern blocklist via public
scanner is leak of the blocklist itself (attack surface). genesis-scan
remains in PROJECT-E (private); user-global
~/.claude/hooks/genesis-leak-guard.sh (runtime hook) separate.

Deleted:
- _primitives/_rust/genesis-scan/ (whole crate, 5 files)
- hooks/git-pre-commit-genesis.sh (scanner companion)

Modified:
- workspace Cargo.toml -1 member (24→23)
- MANIFEST.toml — removed [primitive.genesis-scan] + core/full profile refs
- .github/workflows/ci.yml — removed genesis-scan job
- README.md — 7 count/description edits (24→23 rust, 10→9 hooks, 37→36 full)
- install.sh — 5 edits (--help + menus)
- mcp-server tool-registry.ts + test — scanner removed from MCP surface
- kei-sleep-queue.sh — removed scan_prompt() pre-submit hook
- 2 sleep-on-it skill phases — removed genesis-scan references

Tests: 160 Rust (was 167, -7 genesis-scan tests as expected), 24 assembler unchanged.
 2026-04-22 14:11:22 +08:00
Parfii-bot
537589e6a7 feat(primitives): kei-artifact typed handoff pipeline (BMAD-style doc passthrough) 
- kei-artifact Rust crate (25th): schema registry + artifact store + SHA-256 id + chain walker
- 5 schemas (JSON Schema 2020-12 strict): spec / plan / patch / review / research
- Manifest extension: optional produces_artifact + expects_artifact per handoff (non-breaking)
- Validator extension: KNOWN_ARTIFACT_SCHEMAS whitelist check + 4 new tests
- 3 kei-* manifests updated with typed handoff (architect→code-implementer→critic chain)
- compose-solution phase-5 cross-ref to kei-artifact

Tests: 189 Rust workspace (was 167, +22 artifact tests) + 24 assembler (was 20, +4 validator tests)
 2026-04-22 14:10:08 +08:00
Parfii-bot
da0f2cb42b feat(hooks): runtime controls via KEI_DISABLED_HOOKS + KEI_HOOK_PROFILE (v0.14.2) 
10 hooks get 21-line guard block: env-var short-circuit, 4 profiles (full/advisory-off/minimal/off), per-hook disable.

Safety-critical preserved in 'minimal': no-hand-edit-agents, assemble-validate, git-pre-commit-genesis.
Advisory off list: recurrence-suggest, citation-verify, error-spike-detector, milestone-commit-hook.

skills/hooks-control/SKILL.md — click-only toggle emitting shell export commands.
README +27 LOC 'Runtime hook controls' section with examples.
 2026-04-22 13:51:48 +08:00
Parfii-bot
d50c5a56ae feat(blocks): 5 cognitive mode blocks + 2 manifest wirings 
- mode-skeptic (17 LOC) — doubt everything, E1/E2 grade evidence
- mode-devils-advocate (16) — steel-man the opposite
- mode-minimalist (18) — what is unnecessary?
- mode-maximalist (19) — 10x thinking for broad scope
- mode-first-principles (21) — derive from invariants

kei-critic += skeptic + devils-advocate
kei-architect += first-principles

Docs: _blocks/README.md + README.md paragraph under Behavioral blocks
 2026-04-22 13:49:57 +08:00
Parfii-bot
4b0185a3d1 Merge branch 'fix/v0.14.1-audit-blockers' — v0.14.1 audit fixes + CI 
Wave 1+2 audit: 3 RELEASE BLOCKERS + 3 HIGH + 2 MED + newly-surfaced CI gap all fixed.

Verified:
- Rust workspace tests: 167 (up from 154; +13 new path-traversal + backend-guard + patch-format tests)
- Assembler tests: 20/20 unchanged
- install.sh syntax clean
- GitHub Actions CI covers: rust-assembler, rust-primitives, ts-packages (Node 18/20/22), install-dry-run, shell-lint, genesis-scan — all matrix Ubuntu+macOS
 2026-04-22 13:36:59 +08:00
Parfii-bot
a25796df76 docs(readme + install): reconcile all count drift (F4 RELEASE BLOCKER) 
Disk reality:
- blocks: 73, manifests: 12, skills: 38 (was 34/35), hooks: 10 (was 6/9)
- shell primitives: 16 (13 opt-in + 3 always-copied)
- bridges: 11, rust crates: 24 (was 8/9/14), MANIFEST full profile: 37

Updated: README.md lines 31, 70, 94, 111, 119-125, 254, 307 and install.sh --help + whiptail.
 2026-04-22 13:36:17 +08:00
Parfii-bot
81462a03ef chore(rust): misc schema/main refactor in 8 crates (assorted CP splits) 
kei-chat-store, kei-content-store, kei-crossdomain, kei-curator, kei-router, kei-sage, kei-search-core, kei-social-store, kei-task — small schema + main refactors for test pass parity (167 Rust tests, 20 assembler).
 2026-04-22 13:36:17 +08:00
Parfii-bot
37c8e857d7 refactor(mock-render): split main.rs 227 LOC into 4 cubes (F5a Constructor Pattern) 
main.rs 227→55 + cli_args.rs + cmd_screenshot.rs + cmd_lock.rs + cmd_verify.rs (each <100 LOC).
 2026-04-22 13:36:17 +08:00
Parfii-bot
ff10f76469 fix(kei-auth): remove --key CLI flag (F12 HIGH — /proc/cmdline leak) 
KEI_AUTH_KEY env only. On missing env, explicit error with openssl rand suggestion + RULE 0.8 SSoT pointer.
 2026-04-22 13:36:17 +08:00
Parfii-bot
363352e7bf fix(kei-refactor-engine): retract 'git apply-ready' claim (F1 RELEASE BLOCKER) 
Output renamed plan-autoresolve.md; header changed to '# AUTO-RESOLVABLE items' (no fake --- a/ /+++ b/ wrapper).
Added test autoresolve_output_is_not_claimed_as_diff.
Template updated: user manually applies, not via git apply.
 2026-04-22 13:36:17 +08:00
Parfii-bot
ef95bf2a7c fix(kei-store): path-traversal guard (F2 RELEASE BLOCKER) + S3 stub gate (F7) + GitHub RULE 0.1 guard (F8) 
F2: filesystem.rs + s3.rs 'fn full' now Result<PathBuf>, rejects absolute + ParentDir components. 7 new unit tests.
F7: factory.rs rejects 'backend=s3' without KEI_STORE_ALLOW_S3_STUB=1; backend_name() = 's3-local-stub'.
F8: github.rs push() blocks github.com unless KEI_STORE_ALLOW_GITHUB_PUSH=1 (RULE 0.1).
 2026-04-22 13:36:17 +08:00
Parfii-bot
fbd8adf9cf feat(ci): GitHub Actions workflows + .claude/worktrees gitignore 
- 6 CI jobs: rust-assembler, rust-primitives, ts-packages, install-dry-run, shell-lint, genesis-scan
- matrix: Ubuntu+macOS × rust-stable × Node 18/20/22
- closes 'no CI' -10% audit deduction
 2026-04-22 13:36:17 +08:00
Parfii-bot
a3769ebbb6 refactor(rust-core): Constructor-Pattern splits in kei-router + kei-auth 
- kei-router: extract kw_tables.rs from keywords.rs (keep <200 LOC)
- kei-auth: extract new_payload + encode_token helpers
 2026-04-22 12:57:12 +08:00
Parfii-bot
319295860f Merge branch 'feat/v0.14-lbm-ts-adapters' — 6 TS packages (MCP server + 5 adapters) 2026-04-22 12:51:28 +08:00
Parfii-bot
adc007b7b0 feat(primitives): 10 Rust crates extracted from LBM (Genesis-scrubbed) 
- kei-router — keyword-dispatch meta-tool (CfC ML fallback removed)
- kei-sage — Obsidian-style knowledge graph, FTS5 + BFS + PageRank
- kei-task — task DAG with deps, milestones, dependency-chain queries
- kei-chat-store — Claude conversation session persistence + FTS search
- kei-crossdomain — typed-edge store + BFS cross-domain glue
- kei-search-core — 3-wave deep research with microcent budget cap
- kei-content-store — asset + prompt + campaign registry
- kei-social-store — people + interactions CRM (lite)
- kei-curator — edge-decay graph hygiene utility
- kei-auth — multi-tenant session tokens (replaces single-bearer)

Genesis-scan pre-import pass: skipped pkg/mxl1/*, pkg/inference/*, pkg/trainer/*,
pkg/nc01/*, internal/ml/* (all Genesis/CfC adjacent, sensitive IP).
Security: skipped tools_threat/radio/protocol/med/mlreg (offensive/banned).
Domain verticals skipped: hr/legal/infra/ops/api/osint/edu/geo/hw/finance.

New 'mcp' profile in MANIFEST.toml bundles all 10 for MCP server deployment.

Workspace now 24 crates, cargo check --workspace clean, 94 workspace tests pass.
 2026-04-22 12:48:56 +08:00