KeiSeiKit-1.0

153 commits 3 branches 11 tags 12 MiB

Author	SHA1	Message	Date
Parfii-bot	f77c1b7fdc	fix(v0.15.1): RED-1 CVE + typed-handoff + schema minItems Security hotfix — v0.15.1 Wave 1 fixes from 4-parallel audit. RED-1 (CVE): KEI_DISABLED_HOOKS tokenized match — was `all` substring-glob (trivially bypassable via "install", "wall-clock", etc.), now exact-token split on comma/space. Patched in all 9 hooks: no-hand-edit-agents, assemble-agents, assemble-validate, tomd-preread, agent-fork-logger, site-wysiwyd-check, error-spike-detector, milestone-commit-hook, session-end-dump. RED-2 (observability): minimal profile whitelist now includes agent-fork-logger and session-end-dump (ledger + trace paths) so observability is not silently lost on minimal installs. HIGH: review.json schema minItems:1 on findings — rejects empty reviews; new Rust test review_schema_rejects_empty_findings. HIGH: typed-handoff wire-up — produces_artifact declared at top level on 5 manifests (kei-security-auditor, kei-validator, kei-architect, kei-code-implementer, kei-critic); duplicate per-handoff declarations removed. MED: kei-artifact validate.rs gains warn_unsupported_keywords — non-fatal stderr warning when schema uses keywords outside the hand-rolled 2020-12 subset. LOW: CI Node matrix dropped 18, now ['20','22']. Doc drift: skills/hooks-control/SKILL.md reflects tokenized-match semantics and updated minimal-profile hook list. Tests: 191 Rust workspace + 30 assembler (both pass). RED-1 reproducer 10/10 (4 former-CVE vectors blocked, 5 legit vectors accepted, empty passes). Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>	2026-04-22 15:08:51 +08:00
Parfii-bot	537589e6a7	feat(primitives): kei-artifact typed handoff pipeline (BMAD-style doc passthrough) - kei-artifact Rust crate (25th): schema registry + artifact store + SHA-256 id + chain walker - 5 schemas (JSON Schema 2020-12 strict): spec / plan / patch / review / research - Manifest extension: optional produces_artifact + expects_artifact per handoff (non-breaking) - Validator extension: KNOWN_ARTIFACT_SCHEMAS whitelist check + 4 new tests - 3 kei-* manifests updated with typed handoff (architect→code-implementer→critic chain) - compose-solution phase-5 cross-ref to kei-artifact Tests: 189 Rust workspace (was 167, +22 artifact tests) + 24 assembler (was 20, +4 validator tests)	2026-04-22 14:10:08 +08:00
Parfii-bot	3039adab3f	refactor(manifests): prefix all 14 kit agents with kei- - Rename _manifests/{architect,code-implementer,cost-guardian,critic, fal-ai-runner,infra-implementer,ml-implementer,ml-researcher,modal-runner, patent-compliance,patent-researcher,researcher,security-auditor,validator}.toml to kei-<name>.toml (git mv — history preserved). - Update every `name = "..."` field to the new kei- name. - Update every handoff `target = "..."` cross-reference (62 occurrences across 14 manifests) to point at the kei-prefixed counterpart. - Update backticked prose cross-refs in role/forbidden_domain/description strings: `code-implementer` -> `kei-code-implementer`, etc. - Update SSoT header comments: "SSoT for <name>." -> "SSoT for kei-<name>.". - Fix 3 bare-word prose refs missed by quoted/backticked patterns: kei-code-implementer.toml (validator enforces), kei-security-auditor.toml (description Hands fixes off to ..., forbidden_domain separate critic pass). Noun-phrase mentions left intact (not agent refs): "senior software architect", "ruthless code critic", "patent prior-art researcher", "architectural claim", "critical findings", etc. Verify: cd _assembler && cargo build --release AGENT_ROOT=$(pwd)/.. target/release/assemble --validate -> 14 OK Namespace motivation: kit-shipped agents live in a reserved "kei-*" namespace so downstream installs can drop in custom, same-name agents without collision (e.g. user's own `validator` or `critic`). Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>	2026-04-21 13:35:03 +08:00

Author

SHA1

Message

Date

Parfii-bot

f77c1b7fdc

fix(v0.15.1): RED-1 CVE + typed-handoff + schema minItems

Security hotfix — v0.15.1 Wave 1 fixes from 4-parallel audit.

RED-1 (CVE): KEI_DISABLED_HOOKS tokenized match — was `*all*`
substring-glob (trivially bypassable via "install", "wall-clock", etc.),
now exact-token split on comma/space. Patched in all 9 hooks:
no-hand-edit-agents, assemble-agents, assemble-validate, tomd-preread,
agent-fork-logger, site-wysiwyd-check, error-spike-detector,
milestone-commit-hook, session-end-dump.

RED-2 (observability): minimal profile whitelist now includes
agent-fork-logger and session-end-dump (ledger + trace paths) so
observability is not silently lost on minimal installs.

HIGH: review.json schema minItems:1 on findings — rejects empty
reviews; new Rust test review_schema_rejects_empty_findings.

HIGH: typed-handoff wire-up — produces_artifact declared at top
level on 5 manifests (kei-security-auditor, kei-validator,
kei-architect, kei-code-implementer, kei-critic); duplicate
per-handoff declarations removed.

MED: kei-artifact validate.rs gains warn_unsupported_keywords —
non-fatal stderr warning when schema uses keywords outside the
hand-rolled 2020-12 subset.

LOW: CI Node matrix dropped 18, now ['20','22'].

Doc drift: skills/hooks-control/SKILL.md reflects tokenized-match
semantics and updated minimal-profile hook list.

Tests: 191 Rust workspace + 30 assembler (both pass). RED-1
reproducer 10/10 (4 former-CVE vectors blocked, 5 legit vectors
accepted, empty passes).

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>

2026-04-22 15:08:51 +08:00

Parfii-bot

537589e6a7

feat(primitives): kei-artifact typed handoff pipeline (BMAD-style doc passthrough)

- kei-artifact Rust crate (25th): schema registry + artifact store + SHA-256 id + chain walker
- 5 schemas (JSON Schema 2020-12 strict): spec / plan / patch / review / research
- Manifest extension: optional produces_artifact + expects_artifact per handoff (non-breaking)
- Validator extension: KNOWN_ARTIFACT_SCHEMAS whitelist check + 4 new tests
- 3 kei-* manifests updated with typed handoff (architect→code-implementer→critic chain)
- compose-solution phase-5 cross-ref to kei-artifact

Tests: 189 Rust workspace (was 167, +22 artifact tests) + 24 assembler (was 20, +4 validator tests)

2026-04-22 14:10:08 +08:00

Parfii-bot

3039adab3f

refactor(manifests): prefix all 14 kit agents with kei-

- Rename _manifests/{architect,code-implementer,cost-guardian,critic,
  fal-ai-runner,infra-implementer,ml-implementer,ml-researcher,modal-runner,
  patent-compliance,patent-researcher,researcher,security-auditor,validator}.toml
  to kei-<name>.toml (git mv — history preserved).
- Update every `name = "..."` field to the new kei- name.
- Update every handoff `target = "..."` cross-reference (62 occurrences across
  14 manifests) to point at the kei-prefixed counterpart.
- Update backticked prose cross-refs in role/forbidden_domain/description
  strings: `code-implementer` -> `kei-code-implementer`, etc.
- Update SSoT header comments: "SSoT for <name>." -> "SSoT for kei-<name>.".
- Fix 3 bare-word prose refs missed by quoted/backticked patterns:
  kei-code-implementer.toml (validator enforces), kei-security-auditor.toml
  (description Hands fixes off to ..., forbidden_domain separate critic pass).

Noun-phrase mentions left intact (not agent refs): "senior software
architect", "ruthless code critic", "patent prior-art researcher",
"architectural claim", "critical findings", etc.

Verify:
  cd _assembler && cargo build --release
  AGENT_ROOT=$(pwd)/.. target/release/assemble --validate
  -> 14 OK

Namespace motivation: kit-shipped agents live in a reserved "kei-*"
namespace so downstream installs can drop in custom, same-name agents
without collision (e.g. user's own `validator` or `critic`).

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>

2026-04-21 13:35:03 +08:00

Renamed from _manifests/code-implementer.toml (Browse further)

3 commits