10 commits
| Author | SHA1 | Message | Date | |
|---|---|---|---|---|
| abae256c1d |
feat(install): opt-in hook packs + stack profiles (public posture)
A fresh install now activates only the safety pack; discipline hooks and agents are opt-in via an onboarding step (step 6) or `kei configure`. "People don't need Rust-only" — they pick their own stack. - _primitives/hook-packs.toml: SSoT mapping pack -> hooks, stack -> packs + agent groups. safety always on; evidence/observability/epistemic/ orchestration/git-guard/stack-rust opt-in. rust-first/no-python only under the systems stack; git-guard (no-github-push) opt-in only, pulled by no stack. - lib-profile: extract generic _toml_array (reused by lib-packs); profile_members becomes a thin wrapper (no behavior change). - lib-packs: pack/stack/agent resolvers + selection loader. - lib-hooks: filter_snippet_by_packs (install-time allowlist) + prune_kit_hooks (reconfigure removes deselected kit hooks, keeps foreign ones); activate_hooks rewired to prune + filter + merge. No custom settings.json fields (/doctor safe). - lib-agents: install_manifests filters by stack agent set (empty = install all). - onboarding: pick_stack step (reuse _onb_read_choice), persists stack_profile + enabled_packs to onboarding.toml; i18n STR_* added. - bin/kei configure -> scripts/kei-configure.sh (re-pick without reinstall); install stamps ~/.claude/.kei-kit-dir. - numeric-claims-guard: money regex no longer matches shell positionals ($1..$9); requires decimal / unit / 2+ digits / tilde. Real money + time still caught. - gate one-liner added to 8 discipline hooks (runtime toggle via hooks-control). Verified end-to-end (scratch HOME): fresh=safety only; evidence pack adds numeric+citation; systems stack wires rust-first + 14 base/systems agents (no data-science/swift); reconfigure-shrink prunes kit hooks but keeps a foreign hook; settings schema clean; assembler golden 3/3. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com> |
|||
| 6d68a3f1ad |
fix(onboarding): no crash on text input, Claude Code default, explanations
Some checks are pending
CI (Forgejo Actions — self-hosted runner on Mac, host mode) / preflight (push) Waiting to run
CI (Forgejo Actions — self-hosted runner on Mac, host mode) / vps-smoke (push) Waiting to run
CI (Forgejo Actions — self-hosted runner on Mac, host mode) / rust-primitives (map[crates:frustration-matrix,kei-frustration-loop,kei-skill-importer,kei-projects-index,kei-projects-watcher,kei-gdrive-import,kei-leak-matrix,kei-skills,kei-gateway,kei-cron-scheduler,kei-export-trajectories,kei-backend-daytona,kei-d… (push) Blocked by required conditions
CI (Forgejo Actions — self-hosted runner on Mac, host mode) / rust-primitives (map[crates:kei-compute-baremetal,kei-compute-vultr,kei-compute-linode,kei-compute-digitalocean,kei-svc-systemd,kei-llm-bridge-mlx name:hosted-sleep-compute]) (push) Blocked by required conditions
CI (Forgejo Actions — self-hosted runner on Mac, host mode) / rust-primitives (map[crates:kei-diff,kei-scheduler,kei-watch,kei-prune,kei-discover,kei-brain-view,kei-hibernate,kei-ledger-sign,kei-fork name:wave13-15]) (push) Blocked by required conditions
CI (Forgejo Actions — self-hosted runner on Mac, host mode) / rust-primitives (map[crates:kei-git-gitea,kei-git-forgejo,kei-git-gitlab,kei-git-bitbucket,kei-memory-sled,kei-memory-redis,kei-memory-postgres,kei-memory-sqlite,kei-auth-google,kei-auth-apple,kei-auth-magiclink,kei-auth-webauthn,kei-notify-slack,kei-n… (push) Blocked by required conditions
CI (Forgejo Actions — self-hosted runner on Mac, host mode) / rust-primitives (map[crates:kei-ledger,kei-migrate,kei-changelog,kei-memory,kei-store,kei-conflict-scan,kei-refactor-engine,kei-graph-check,kei-shared,kei-dna-index,kei-pet name:core]) (push) Blocked by required conditions
CI (Forgejo Actions — self-hosted runner on Mac, host mode) / rust-primitives (map[crates:kei-machine-probe,kei-llm-ollama,kei-llm-llamacpp,kei-llm-mlx,kei-llm-router,kei-model name:llm-stack]) (push) Blocked by required conditions
CI (Forgejo Actions — self-hosted runner on Mac, host mode) / rust-primitives (map[crates:kei-router,kei-sage,kei-task,kei-chat-store,kei-crossdomain,kei-search-core,kei-content-store,kei-social-store,kei-curator,kei-auth,kei-artifact name:mcp-lbm]) (push) Blocked by required conditions
CI (Forgejo Actions — self-hosted runner on Mac, host mode) / rust-primitives (map[crates:keisei,kei-forge,kei-runtime,kei-runtime-core,kei-atom-discovery,kei-agent-runtime,kei-capability,kei-provision,kei-entity-store,kei-pipe,kei-cache,kei-spawn,kei-replay name:atom-substrate]) (push) Blocked by required conditions
Three issues a real curl|bash user hit: 1. CRASH: typing a word (e.g. "claude") at any menu → $((ans-1)) treats it as a variable in bash arithmetic → "unbound variable" under set -u → install dies. Added _onb_read_choice (numeric+range validation, re-prompt) for all 4 menus. 2. No Claude under subscription: the kit installs into Claude Code yet the wizard offered only OpenAI Codex under subscription. Added claude-code provider (bumped kei-registries submodule c559065→b904993) + made subscription the default transport and claude-code the default provider — Enter,Enter,Enter lands on Claude Code (no API key). 3. install died at line 178 for any no-key provider (claude-code/codex/local): onboarding_run ended on a `&&` that is false when there are no auth keys → returned 1 → set -e aborted. Added explicit `return 0`. Plus per-step explanations (en+ru) and auto-select when a step has one option. Verified piped-under-pty: Enter-defaults → Claude Code, junk input → re-prompt (0 crashes), full install completes. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com> |
|||
| 01d5aa510f |
fix(install): run onboarding + profile wizard in curl|bash (gate on stdin, not stdout)
Some checks are pending
CI (Forgejo Actions — self-hosted runner on Mac, host mode) / preflight (push) Waiting to run
CI (Forgejo Actions — self-hosted runner on Mac, host mode) / vps-smoke (push) Waiting to run
CI (Forgejo Actions — self-hosted runner on Mac, host mode) / rust-primitives (map[crates:frustration-matrix,kei-frustration-loop,kei-skill-importer,kei-projects-index,kei-projects-watcher,kei-gdrive-import,kei-leak-matrix,kei-skills,kei-gateway,kei-cron-scheduler,kei-export-trajectories,kei-backend-daytona,kei-d… (push) Blocked by required conditions
CI (Forgejo Actions — self-hosted runner on Mac, host mode) / rust-primitives (map[crates:kei-compute-baremetal,kei-compute-vultr,kei-compute-linode,kei-compute-digitalocean,kei-svc-systemd,kei-llm-bridge-mlx name:hosted-sleep-compute]) (push) Blocked by required conditions
CI (Forgejo Actions — self-hosted runner on Mac, host mode) / rust-primitives (map[crates:kei-diff,kei-scheduler,kei-watch,kei-prune,kei-discover,kei-brain-view,kei-hibernate,kei-ledger-sign,kei-fork name:wave13-15]) (push) Blocked by required conditions
CI (Forgejo Actions — self-hosted runner on Mac, host mode) / rust-primitives (map[crates:kei-git-gitea,kei-git-forgejo,kei-git-gitlab,kei-git-bitbucket,kei-memory-sled,kei-memory-redis,kei-memory-postgres,kei-memory-sqlite,kei-auth-google,kei-auth-apple,kei-auth-magiclink,kei-auth-webauthn,kei-notify-slack,kei-n… (push) Blocked by required conditions
CI (Forgejo Actions — self-hosted runner on Mac, host mode) / rust-primitives (map[crates:kei-ledger,kei-migrate,kei-changelog,kei-memory,kei-store,kei-conflict-scan,kei-refactor-engine,kei-graph-check,kei-shared,kei-dna-index,kei-pet name:core]) (push) Blocked by required conditions
CI (Forgejo Actions — self-hosted runner on Mac, host mode) / rust-primitives (map[crates:kei-machine-probe,kei-llm-ollama,kei-llm-llamacpp,kei-llm-mlx,kei-llm-router,kei-model name:llm-stack]) (push) Blocked by required conditions
CI (Forgejo Actions — self-hosted runner on Mac, host mode) / rust-primitives (map[crates:kei-router,kei-sage,kei-task,kei-chat-store,kei-crossdomain,kei-search-core,kei-content-store,kei-social-store,kei-curator,kei-auth,kei-artifact name:mcp-lbm]) (push) Blocked by required conditions
CI (Forgejo Actions — self-hosted runner on Mac, host mode) / rust-primitives (map[crates:keisei,kei-forge,kei-runtime,kei-runtime-core,kei-atom-discovery,kei-agent-runtime,kei-capability,kei-provision,kei-entity-store,kei-pipe,kei-cache,kei-spawn,kei-replay name:atom-substrate]) (push) Blocked by required conditions
web-install.sh tees stdout to a logfile (exec > >(tee) 2>&1), so -t 1 is false even in an interactive curl|bash. The /dev/tty fix reattached stdin but the wizard gates required BOTH -t 0 and -t 1, so onboarding (language select) and bootstrap's profile wizard were silently skipped on the primary install path. Prompts go to stderr and read from stdin — interactive stdin is the only real requirement (already the proven pattern in lib-plan.sh confirm screen). Gates now require interactive stdin only: bootstrap.sh profile wizard lib-onboarding.sh onboarding_should_run + preflight-continue prompt lib-preflight.sh CLI-install offer prompt lib-hooks.sh activate-hooks prompt Non-interactive (CI / </dev/null / no /dev/tty) still skips — verified. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com> |
|||
Parfii-bot
|
5b8e066888 |
refactor(install): production-ready финальный круг
Some checks are pending
CI (Forgejo Actions — self-hosted runner on Mac, host mode) / preflight (push) Waiting to run
CI (Forgejo Actions — self-hosted runner on Mac, host mode) / vps-smoke (push) Waiting to run
CI (Forgejo Actions — self-hosted runner on Mac, host mode) / rust-primitives (map[crates:frustration-matrix,kei-frustration-loop,kei-skill-importer,kei-projects-index,kei-projects-watcher,kei-gdrive-import,kei-leak-matrix,kei-skills,kei-gateway,kei-cron-scheduler,kei-export-trajectories,kei-backend-daytona,kei-d… (push) Blocked by required conditions
CI (Forgejo Actions — self-hosted runner on Mac, host mode) / rust-primitives (map[crates:kei-compute-baremetal,kei-compute-vultr,kei-compute-linode,kei-compute-digitalocean,kei-svc-systemd,kei-llm-bridge-mlx name:hosted-sleep-compute]) (push) Blocked by required conditions
CI (Forgejo Actions — self-hosted runner on Mac, host mode) / rust-primitives (map[crates:kei-diff,kei-scheduler,kei-watch,kei-prune,kei-discover,kei-brain-view,kei-hibernate,kei-ledger-sign,kei-fork name:wave13-15]) (push) Blocked by required conditions
CI (Forgejo Actions — self-hosted runner on Mac, host mode) / rust-primitives (map[crates:kei-git-gitea,kei-git-forgejo,kei-git-gitlab,kei-git-bitbucket,kei-memory-sled,kei-memory-redis,kei-memory-postgres,kei-memory-sqlite,kei-auth-google,kei-auth-apple,kei-auth-magiclink,kei-auth-webauthn,kei-notify-slack,kei-n… (push) Blocked by required conditions
CI (Forgejo Actions — self-hosted runner on Mac, host mode) / rust-primitives (map[crates:kei-ledger,kei-migrate,kei-changelog,kei-memory,kei-store,kei-conflict-scan,kei-refactor-engine,kei-graph-check,kei-shared,kei-dna-index,kei-pet name:core]) (push) Blocked by required conditions
CI (Forgejo Actions — self-hosted runner on Mac, host mode) / rust-primitives (map[crates:kei-machine-probe,kei-llm-ollama,kei-llm-llamacpp,kei-llm-mlx,kei-llm-router,kei-model name:llm-stack]) (push) Blocked by required conditions
CI (Forgejo Actions — self-hosted runner on Mac, host mode) / rust-primitives (map[crates:kei-router,kei-sage,kei-task,kei-chat-store,kei-crossdomain,kei-search-core,kei-content-store,kei-social-store,kei-curator,kei-auth,kei-artifact name:mcp-lbm]) (push) Blocked by required conditions
CI (Forgejo Actions — self-hosted runner on Mac, host mode) / rust-primitives (map[crates:keisei,kei-forge,kei-runtime,kei-runtime-core,kei-atom-discovery,kei-agent-runtime,kei-capability,kei-provision,kei-entity-store,kei-pipe,kei-cache,kei-spawn,kei-replay name:atom-substrate]) (push) Blocked by required conditions
1. lib-onboarding.sh раскидан на 3 куба (Constructor Pattern <200 LOC):
- lib-onboarding-registry.sh (79 LOC) — парсеры providers/models.toml
+ onboarding_fallback_providers (14 провайдеров)
+ onboarding_auth_env_for_provider helper (был inline в collect_auth)
- lib-onboarding-ui.sh (189 LOC) — pick_language/transport/provider/model
+ collect_auth (whiptail/bash select)
- lib-onboarding-state.sh (57 LOC) — write_secrets + write_config
+ user-model-override.toml для kei-model-router
- lib-onboarding.sh (95 LOC) — тонкий оркестратор: should_run + run
Сам lib-onboarding.sh source'ит 3 подкуба автоматически. Глобалы
(ONBOARDING_*, REGISTRY_*, ONBOARDED_FLAG, etc.) объявлены в
оркестраторе, подкубы их используют через имена.
2. lib-menu.sh локализован:
- whiptail title + radiolist prompt через ${STR_MENU_TITLE} +
${STR_MENU_SUBSTRATE} + ${STR_MENU_PROFILE_PROMPT}.
- Plain heading тоже использует словарь.
- 12 коротких имён профилей (minimal/core/dev/...) — оставлены EN
как стабильные id (не переводятся).
3. _blocks/build-index.sh — детерминированная регенерация INDEX.md.
Группировка по 14 категорийным префиксам + "Прочие" для остальных.
Безопасно перезапускать. INDEX.md обновлён через этот скрипт
(минимальный diff — добавлена ссылка на build-index.sh в шапке).
Проверено: bash -n чисто, unit тесты onboarding_list_providers/
transports/models OK, non-TTY smoke ./install.sh --profile=minimal
--no-execute проходит.
|
||
|
Parfii-bot
|
33f1376ee1 |
feat(i18n): расширил язык-набор с 2 до 16
Новые словари: uk Українська de Deutsch fr Français es Español pt Português it Italiano tr Türkçe ar العربية hi हिन्दी zh 简体中文 ja 日本語 ko 한국어 id Bahasa Indonesia vi Tiếng Việt Каждый файл — 17 STR_* ключей (тот же контракт что en.sh + ru.sh). lib-i18n.sh::i18n_available_languages — единый список (en + 15) для меню выбора в мастере. i18n_load_lang упрощён: всегда грузит английский как fallback, потом поверх — словарь языка (отсутствующий ключ остаётся английским). onboarding_pick_language теперь генерирует whiptail/bash select из i18n_available_languages динамически — добавление нового языка = один файл `install/i18n/<код>.sh` + одна строка в available_languages, дальше всё подхватится автоматически. Перевод формальный, без излишеств. Welcome баннер всегда EN (юзер ещё не выбрал на момент показа). Проверено: bash -n всех 16 словарей чисто, roundtrip всех языков работает (i18n_load_lang en/ru/uk/de/fr/es/pt/it/tr/ar/hi/zh/ja/ko/id/vi выдают локализованные STR_DONE_TITLE + STR_TR_DIRECT_API), non-TTY smoke install --no-execute проходит. |
||
|
Parfii-bot
|
305140f20b |
fix(install): close MEDIUM/LOW from RULE 0.26 audit
- preflight failure handling: вместо `|| true` (молчаливое продолжение при упавшем preflight) — явный prompt «продолжить? [y/N]» с return 1 при отказе. Без TTY печатает warning и продолжает. Это закрывает HIGH bug-9: «.onboarded флаг выставляется при нерабочей конфигурации». - lib-preflight.sh::preflight_check_cli — общий helper (command -v + offer-install + version echo). Убирает 6-file boilerplate (хотя сами per-provider файлы пока не переписаны под него — это отдельный шаг). - onboarding_fallback_providers: расширен с 3 до 14 провайдеров, покрывает все 7 транспортов. Был дрейф vs providers.toml (14 vs 3), юзер без submodule видел только anthropic+openai+ollama. - STR_PICK_PROVIDER plural mismatch: whiptail и plain ветки теперь используют один fallback "Provider within" (раньше plain имел "Providers within", whiptail — "Provider within"). - STR_DONE_NEXT удалён из en.sh + ru.sh (мёртвый ключ). - Новые ключи: STR_MENU_* (для lib-menu.sh) + STR_PREFLIGHT_FAILED + STR_PREFLIGHT_CONTINUE. lib-menu.sh начал использовать STR_MENU_TITLE / STR_MENU_SUBSTRATE (частичная локализация, остальное меню — отдельной задачей). Тесты: bash -n чисто, i18n round-trip EN/RU работает, non-TTY smoke install --no-execute проходит. |
||
|
Parfii-bot
|
a3ffaed374 |
fix(install,router): close 5 HIGH audit findings
1. HIGH-1: onboarding ↔ kei-model-router связка
До: onboarding мастер писал ~/.claude/config/onboarding.toml,
но router его не читал — выбор провайдера декоративный.
После: lib-onboarding.sh::onboarding_write_config доп. пишет
~/.claude/config/user-model-override.toml; registry.rs::Registry
получил load_user_override() возвращающий UserModelOverride.
Приоритет: --pinned > user-override > agent-profiles default_model_ref.
2 новых теста (round-trip TOML, optional transport).
2. HIGH-2: eval "$install_cmd" → bash -c "$install_cmd"
До: lib-preflight.sh::preflight_offer_install делал eval.
После: bash -c с явным subshell + печать команды юзеру до запуска.
3. HIGH-3: codex.sh regex false-pass
До: grep -qiE "logged.in|active" пропускал "not logged in" как pass.
После: сначала negative-pattern (not logged|signed out|please log in),
потом positive (\blogged in\b|status: active|auth: yes).
4. HIGH-4: path traversal в source preflight
До: lib-preflight.sh::preflight_run делал source без валидации
provider id — `../../../evil` сработал бы.
После: whitelist regex ^[a-z0-9][a-z0-9_-]{0,63}$ + realpath
проверка что resolved путь не вышел за PREFLIGHT_DIR.
5. HIGH-5: curl|sh без verification
ollama-local.sh + google-vertex.sh теперь печатают предупреждение
что Linux-установка тянет shell-скрипт с внешнего сервера без
проверки хэша/подписи, и предлагают альтернативу.
MEDIUM попутно:
- anthropic-bedrock.sh: один вызов aws sts get-caller-identity
вместо двух (экономит 1-3с), различает cred-error от network
по тексту stderr, маскирует account ID в ARN перед печатью.
- mlx-local.sh: pip install --user mlx-lm вместо global pip install
(не требует sudo, не загрязняет system Python).
Тесты: cargo test --lib 80/80, bash -n всех изменённых файлов чисто.
|
||
|
Parfii-bot
|
0a8c93561f |
feat(install): preflight модуль — проверка CLI по выбранному провайдеру
Добавлен шаг между выбором модели и сбором ключей: для провайдеров
требующих внешний CLI/daemon — проверка наличия, инструкция по
установке, опциональный авто-install (TTY only).
install/lib-preflight.sh — диспетчер:
preflight_run <provider-id>
- ищет install/preflight/<id>.sh, source'ит, вызывает
preflight_check_<sanitized_id>
- функция возвращает 0/1, печатает инструкцию в stderr
- non-TTY: только печать, без вопросов
preflight_offer_install <cli> <install-cmd>:
- TTY: спрашивает [y/N/skip], выполняет install-cmd
- non-TTY: печатает и пропускает
install/preflight/ — 6 файлов (только для провайдеров с CLI):
anthropic-bedrock.sh — aws CLI + sts get-caller-identity
google-vertex.sh — gcloud CLI + project config
codex.sh — codex CLI (npm) + login status
ollama-local.sh — ollama binary + 127.0.0.1:11434 daemon
mlx-local.sh — mlx_lm.server (arm64 only) + 127.0.0.1:8080
lmstudio-local.sh — порт 127.0.0.1:1234 (desktop app)
Direct-api провайдеры (anthropic, openai, xai, deepseek, google) +
proxy (litellm, openrouter) + openai-azure — preflight-файла нет,
диспетчер тихо пропускает, ключ собирается обычно.
Тесты: bash -n чисто на всех 8 файлах, unit dispatcher показывает
silent-pass для anthropic, warn+exit-1 для bedrock без aws на PATH.
|
||
|
Parfii-bot
|
ab260f429e |
feat(install): i18n модуль + welcome banner
Структура локализации:
install/i18n/en.sh — английский словарь (дефолт, fallback)
install/i18n/ru.sh — русский словарь
install/lib-i18n.sh — лоадер + welcome banner
Поток:
1. install.sh source'ит lib-i18n.sh и зовёт i18n_load_default →
все строки на английском.
2. Если onboarding нужен — печатается welcome banner ASCII-рамка
на английском (язык ещё не выбран).
3. onboarding_pick_language — единственный двуязычный шаг
("Choose language / Выберите язык"). По выбору вызывает
i18n_load_lang ru|en — перегружает словарь.
4. Все последующие шаги (transport / provider / model / auth /
completion) идут на выбранном языке.
Fallback: если ru-словарь не имеет ключа — используется английское
значение (load_default вызывается до загрузки ru.sh, переменные
перезаписываются поверх).
lib-onboarding.sh переведён со смешанных hardcoded строк на
${STR_*} placeholders.
Тесты: bash -n всех 5 файлов чисто, i18n loader unit-тест показывает
EN/RU перегрузку, non-TTY smoke install --no-execute проходит.
|
||
|
Parfii-bot
|
9c6df65ae2 |
feat(install): onboarding wizard — transport→provider→model→keys
Новый интерактивный мастер при первой установке:
1. Язык интерфейса (RU/EN)
2. Транспорт (direct-api / aws-bedrock / azure-openai / google-vertex
/ local / proxy / subscription)
3. Провайдер внутри транспорта (14 вариантов суммарно)
4. Модель из выбранного провайдера (3 моделей Anthropic, и т.д.)
5. Ключи/креды (silent read, пишет в ~/.claude/secrets/.env chmod 600)
Skip-логика:
- флаг ~/.claude/.onboarded
- env KEISEI_SKIP_ONBOARD=1
- не-TTY запуск
Запись:
~/.claude/config/onboarding.toml — выбор lang/transport/provider/model
~/.claude/secrets/.env — ключи провайдера
~/.claude/.onboarded — флаг прохождения
Парсер toml — pure awk (без зависимостей). Реестры из submodule
_blocks/registries. Submodule bumped до afe0c6f с новым полем transport.
Fallback если submodule не подтянут: anthropic + sonnet.
|
