keisei/KeiSeiKit-1.0
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
369 commits 3 branches 11 tags 12 MiB
Commit graph

4 commits

Author SHA1 Message Date
Parfii-bot
0ea429054f feat(wave14): 5 bio-inspired primitives + phase2 cleanup + substrate dogfood 
## Wave 14 — 5 new primitives (44 crates total, 713 tests green)

All specs written as task.toml → passed through kei-agent-runtime prepare
→ composed prompts via capability fragments → Agent tool invocation.
First fully-dogfooded wave.

- kei-prune (9 tests): biological pruning. `candidates(idle_days)` +
  `mark_retired(id)` on sidecar `prune_retirements` table (agents.status
  CHECK precluded 'retired' value).
- kei-discover (8 tests): federated marketplace discovery stub. UNIQUE
  slug via custom migration + FTS5 on slug+description. Engine-native
  via kei-entity-store. Typed DuplicateSlug error.
- kei-brain-view (6-8 tests): stdout visualizer for ledger taxonomy
  graph + agent lineage. Tree / stats / lineage subcommands. NO_COLOR
  env respected. No kei-entity-store dep (direct rusqlite).
- kei-hibernate (6 tests): whole-brain tar.zst export/import. Manifest
  with sha256 per-file, version gate, safe_join on extract, dry-run
  mode. tar 0.4 + zstd 0.13.
- kei-ledger-sign (7 tests): ed25519 creator attestation. keygen / sign /
  verify CLI. Canonical message `dna|spec_sha|creator_id` with pipe
  rejection. chmod 600 on key storage (unix). Tamper-detection on load
  via pubkey re-derivation.

## Phase 2 cleanup shipped in same commit

- LOC splits: walk.rs 221→91 (path_safety.rs + wikilink.rs extracted),
  prepare.rs 228→199 (dead build_ledger_row removed, fn helpers split).
- Clippy pass: 6 warnings fixed (derivable_impls, manual_contains,
  type_complexity x2, doc_overindented_list_items x2) in
  kei-entity-store, kei-ledger, kei-spawn.
- DNA eprintln removed from kei-agent-runtime/src/dna.rs (stderr
  pollution from library parse).
- kei-pipe integrations: hot_reload.rs (kei-watch wrapper, sync API,
  50ms debounce) + scheduler_bridge.rs (kei-scheduler executor, shell
  exec documented). +6 tests.
- Workspace [workspace.dependencies] centralised: rusqlite/chrono/
  anyhow/thiserror/tempfile/toml — future crates opt in via
  `.workspace = true`. Existing pins preserved.

## Substrate dogfood verified

task.toml → `kei-agent-runtime prepare` → DNA + composed prompt from
capability fragments → Agent tool invocation. kei-spawn also tested
end-to-end (prompt.md written to tasks/<agent-id>/, ledger row created).

Verified: cargo check --workspace clean, 713 tests passing,
substrate_integration.sh ✓, hook_wiring_integration.sh ✓.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
 2026-04-23 17:19:25 +08:00
Parfii-bot
c1556f505a fix: Wave 13 cleanup — HttpDriver + agent_id validator + safe_join + 4 MEDIUM 
Closes the remaining v0.29.0 follow-ups + post-audit MEDIUMs.

## HttpDriver (kei-spawn http-driver feature)
- Real reqwest::blocking POST to api.anthropic.com/v1/messages
- Feature flag `http-driver = ["dep:reqwest"]` (default off, zero breaking)
- KEI_ANTHROPIC_KEY read at invoke time (rotation-friendly)
- 5 httpmock tests (missing key, 200, 4xx, 5xx, malformed json)
- Endpoint override via KEI_ANTHROPIC_ENDPOINT env for tests
- Files: drive.rs, drive_http.rs (new), drive_http_parse.rs (new), tests/http_driver.rs

## agent_id path-traversal validator (HIGH)
- New validate.rs with validate_agent_id() — whitelist grammar, 64-char cap,
  rejects /, \, .., leading dot/dash, NUL, :, whitespace, non-ASCII,
  Windows-reserved (CON/PRN/AUX/NUL/COM1-9/LPT1-9)
- Wired into all 5 agent_id→path sinks: load_task, resolve_agent_id,
  prepare, simulated_merge, verify_task
- autogen_agent_id moved to validate.rs with slugify_role helper —
  output passes validator by construction (100-draw property test)
- 33 new tests in agent_id_validator.rs

## safe_join symlink escape (MEDIUM)
- Base must canonicalize (nonexistent → Canonicalize error)
- Joined must start_with base_canon OR joined.parent() must start_with base_canon
- Blocks symlink-to-outside-base with non-existent tail file
- walk.rs refactored into 5 ≤17-LOC helpers
- 7 new tests in safe_join_hardening.rs

## entity-store 4 MEDIUM fixes
- ddl.rs: panic on unsupported FieldKind → typed DdlError::UnsupportedExtraColumn
  propagated through Store::open as VerbError::InvalidInput (exit 2).
  Extracted ddl_edge.rs + ddl_error.rs modules. Backward-compat shim preserved.
- search.rs: FTS5 empty-tokenization → typed InvalidInput on queries with
  no alphanumeric tokens (was opaque rusqlite error). Unicode-aware via
  char::is_alphanumeric.
- engine.rs: WAL pragma failure now logged to stderr with path + rusqlite
  source; fallback to rollback journal preserved (exit-code contract intact).
- bug_fixes_smoke: added fts5_phrase_quoting_preserves_legitimate_queries —
  catches over-broad sanitizer that passes injection test alone.

## Verified
- cargo check --workspace clean (both with and without http-driver feature)
- cargo test --workspace: 668 tests green (up from 620)
- substrate_integration.sh ✓, hook_wiring_integration.sh ✓

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
 2026-04-23 16:16:24 +08:00
Parfii-bot
6562b581f7 feat(w9d): kei-spawn drive subcommand + AnthropicDriver trait stub 
kei-spawn drive <task.toml> internally calls spawn pipeline, emits
SpawnOutput JSON to stdout, returns exit 64 (NotImplemented) from
ManualDriver with stderr instruction to use manual Agent-tool path.

AnthropicDriver trait: ManualDriver (current) + HttpDriver (future
reqwest+tokio+KEI_ANTHROPIC_KEY). Extensibility preserved without
breaking-change deps.

Tests: 10/10 (was 6, +4: 2 drive unit + 2 drive_smoke binary integration).

Exit code contract: 0 success, 1 spawn-fail, 2 verify-fail, 64
NotImplemented (matches kei-runtime::invoke NotImplemented convention).

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
 2026-04-23 13:34:16 +08:00
Parfii-bot
02451f5f49 feat(sp1): NEW kei-spawn crate — automation envelope 
spawn <task.toml> internally calls prepare + ledger fork, emits
JSON ready for Agent tool invocation. verify wraps post-return
check+ledger update. list-pending shows running forks.

kei-ledger invoked via subprocess (no lib.rs in kei-ledger).
KEI_SPAWN_LEDGER_NOOP=1 test escape hatch for CI without binary.

spec_sha = SHA-256 of task.toml bytes (workspace sha2 dep).

Tests: 6/6 integration (happy, explicit-id, unknown-role, non-spawnable,
verify-missing, end-to-end roundtrip).

Step 3 (Anthropic API) stays with orchestrator — next iteration adds
kei-spawn drive <task.toml> for HTTP automation.

Workspace Cargo.toml: +kei-spawn member.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
 2026-04-23 10:21:45 +08:00