e5cd0d6790
Promotes S3 from MVP stub to functional via aws-sdk-s3. Default builds
unchanged (zero new deps). Feature flag ensures users who don't need
S3 don't pay the ~5MB binary / C-toolchain cost.
Cargo.toml: new [features] s3 = [...] gating 4 optional deps:
aws-sdk-s3 = 1.130.0
aws-config = 1.8.16 (with behavior-version-latest)
tokio = 1.52.1 (current-thread runtime, no multi-threaded bloat)
bytes = 1 (S3 body passthrough)
s3_cloud/ module (4 files, Constructor Pattern):
mod.rs (190 LOC) — S3CloudStore + MemoryStore trait impl
client.rs (81 LOC) — aws-config builder, KEI_STORE_S3_ENDPOINT
override for R2 / Wasabi / MinIO / any S3-compat
keys.rs (60 LOC) — path-traversal guard + DJB2 hash helper
tests.rs (63 LOC) — builder + prefix + key-guard unit tests
Factory routing (factory.rs):
with 's3' feature + bucket URL → S3CloudStore (real network)
without 's3' feature → S3Store stub (existing MVP, preserved)
Security posture:
- Branch-prefix isolation rejects traversal at keys.rs layer
- aws-config default credential chain (env → ~/.aws → IMDS);
no bespoke credential handling
- rustls, not OpenSSL (matches existing crate tree)
Tests: 22 existing + 11 new (4 keys + 3 client + 5 mod + 5 smoke)
cargo test -p kei-store (default features): 9 passed
cargo test -p kei-store --features s3: 22 + 9 + 5 = 36 passed
cargo clippy -p kei-store --features s3: clean
Real stdout verified for all verify criteria. No fabrication.
MANIFEST.toml [primitive.kei-store] deps updated to reflect feature
opt-in model.
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
263 lines
9.5 KiB
TOML
263 lines
9.5 KiB
TOML
# KeiSeiKit Primitives Manifest
|
|
# Declarative SSoT for install.sh profile resolution.
|
|
#
|
|
# Profiles compose primitive sets; install.sh --profile=<name> resolves the
|
|
# member list, copies/builds only those, and records the result in
|
|
# ~/.claude/agents/_primitives/.installed.
|
|
#
|
|
# Individual primitives can be added/removed on top of any profile via
|
|
# --add=<name>[,<name>] / --remove=<name>.
|
|
#
|
|
# Schema (per primitive):
|
|
# kind = "shell" | "rust"
|
|
# file = "<name>.sh" (shell only — lives at _primitives/<file>)
|
|
# crate = "<name>" (rust only — lives at _primitives/_rust/<crate>)
|
|
# deps = ["<dep description>", ...] # runtime/host deps, human-readable
|
|
# desc = "<one-line description>"
|
|
|
|
[profile]
|
|
minimal = []
|
|
core = ["tomd"]
|
|
frontend = ["mock-render", "visual-diff", "tokens-sync", "design-scrape", "live-preview", "figma-tokens", "frontend-inspect", "screenshot-decode"]
|
|
ops = ["kei-ledger", "ssh-check", "firewall-diff", "provision-hetzner", "provision-vultr", "harden-base", "metrics-scrape", "log-ship"]
|
|
dev = ["kei-migrate", "kei-changelog", "kei-ci-lint", "kei-docs-scaffold", "kei-memory", "kei-conflict-scan", "kei-refactor-engine", "kei-graph-check", "kei-store", "kei-artifact"]
|
|
mcp = ["kei-router", "kei-sage", "kei-task", "kei-chat-store", "kei-crossdomain", "kei-search-core", "kei-content-store", "kei-social-store", "kei-curator", "kei-auth"]
|
|
full = ["tomd", "kei-ledger", "kei-migrate", "kei-changelog", "ssh-check", "firewall-diff", "mock-render", "visual-diff", "tokens-sync", "design-scrape", "live-preview", "figma-tokens", "frontend-inspect", "screenshot-decode", "provision-hetzner", "provision-vultr", "harden-base", "metrics-scrape", "log-ship", "kei-ci-lint", "kei-docs-scaffold", "kei-memory", "kei-conflict-scan", "kei-refactor-engine", "kei-graph-check", "kei-store", "kei-router", "kei-sage", "kei-task", "kei-chat-store", "kei-crossdomain", "kei-search-core", "kei-content-store", "kei-social-store", "kei-curator", "kei-auth", "kei-artifact", "keisei"]
|
|
|
|
# --- shell primitives (13) -------------------------------------------------
|
|
|
|
[primitive.tomd]
|
|
kind = "shell"
|
|
file = "tomd.sh"
|
|
deps = ["jq", "pandoc (optional — needed for .docx/.pptx/.html)"]
|
|
desc = "Universal non-native format → markdown (PDF, DOCX, XLSX, PPTX, CSV, images, code)"
|
|
|
|
[primitive.design-scrape]
|
|
kind = "shell"
|
|
file = "design-scrape.sh"
|
|
deps = ["jq", "npx (Node)", "playwright (`npx playwright install chromium`)"]
|
|
desc = "Live URL → design tokens + screenshots JSON via Playwright"
|
|
|
|
[primitive.live-preview]
|
|
kind = "shell"
|
|
file = "live-preview.sh"
|
|
deps = ["npm"]
|
|
desc = "start/stop/status wrapper for a project's dev server (.keisei/dev-server.pid)"
|
|
|
|
[primitive.figma-tokens]
|
|
kind = "shell"
|
|
file = "figma-tokens.sh"
|
|
deps = ["curl", "jq", "FIGMA_TOKEN env var"]
|
|
desc = "Figma API → design tokens JSON (consumed by tokens-sync)"
|
|
|
|
[primitive.frontend-inspect]
|
|
kind = "shell"
|
|
file = "frontend-inspect.sh"
|
|
deps = ["jq"]
|
|
desc = "Scan project dir → report framework, styling, UI count, lockfile"
|
|
|
|
[primitive.screenshot-decode]
|
|
kind = "shell"
|
|
file = "screenshot-decode.sh"
|
|
deps = ["curl", "jq", "base64", "ANTHROPIC_API_KEY env var"]
|
|
desc = "Screenshot → structured design description via Claude vision API"
|
|
|
|
[primitive.harden-base]
|
|
kind = "shell"
|
|
file = "harden-base.sh"
|
|
deps = ["bash", "apt (runs on target Debian/Ubuntu VPS)"]
|
|
desc = "Idempotent Debian/Ubuntu baseline hardening (fail2ban, ufw, unattended-upgrades)"
|
|
|
|
[primitive.provision-hetzner]
|
|
kind = "shell"
|
|
file = "provision-hetzner.sh"
|
|
deps = ["hcloud CLI", "HCLOUD_TOKEN env var"]
|
|
desc = "Hetzner Cloud server provisioner — create/status/destroy/list"
|
|
|
|
[primitive.provision-vultr]
|
|
kind = "shell"
|
|
file = "provision-vultr.sh"
|
|
deps = ["vultr-cli v3", "VULTR_API_KEY env var"]
|
|
desc = "Vultr VPS provisioner — create/status/destroy/list"
|
|
|
|
[primitive.metrics-scrape]
|
|
kind = "shell"
|
|
file = "metrics-scrape.sh"
|
|
deps = ["curl", "awk", "jq (optional — needed for --format json)"]
|
|
desc = "Prometheus /metrics scrape + normalize + diff against baseline"
|
|
|
|
[primitive.log-ship]
|
|
kind = "shell"
|
|
file = "log-ship.sh"
|
|
deps = ["curl", "awk", "jq (optional — needed for --validate)"]
|
|
desc = "Tail structured logs → forward to Loki / Datadog / HTTP with rate limits"
|
|
|
|
[primitive.kei-ci-lint]
|
|
kind = "shell"
|
|
file = "kei-ci-lint.sh"
|
|
deps = ["yq v4+ (mikefarah/yq Go impl)"]
|
|
desc = "Validate GitHub/Forgejo Actions workflow YAML (pinning, OIDC, cache, permissions)"
|
|
|
|
[primitive.kei-docs-scaffold]
|
|
kind = "shell"
|
|
file = "kei-docs-scaffold.sh"
|
|
deps = []
|
|
desc = "Detect project type → generate missing CLAUDE.md/DECISIONS.md/RUNBOOK.md/README.md"
|
|
|
|
# --- rust primitives (8) ---------------------------------------------------
|
|
|
|
[primitive.kei-ledger]
|
|
kind = "rust"
|
|
crate = "kei-ledger"
|
|
deps = ["rusqlite bundled (no system sqlite required)"]
|
|
desc = "Agent-fork lifecycle SQLite ledger (fork/done/fail) — SSoT for RULE 0.12"
|
|
|
|
[primitive.kei-migrate]
|
|
kind = "rust"
|
|
crate = "kei-migrate"
|
|
deps = ["sqlx (postgres/sqlite/mysql)", "tokio", "DATABASE_URL env var"]
|
|
desc = "Universal SQL migration runner — Postgres/SQLite/MySQL autodetect"
|
|
|
|
[primitive.kei-changelog]
|
|
kind = "rust"
|
|
crate = "kei-changelog"
|
|
deps = ["git2 (vendored libgit2)"]
|
|
desc = "Git-cliff-style CHANGELOG.md generator from Conventional Commits"
|
|
|
|
[primitive.ssh-check]
|
|
kind = "rust"
|
|
crate = "ssh-check"
|
|
deps = []
|
|
desc = "sshd_config linter — flags weak ciphers, PermitRootLogin yes, password auth"
|
|
|
|
[primitive.firewall-diff]
|
|
kind = "rust"
|
|
crate = "firewall-diff"
|
|
deps = ["ufw (target-side; binary parses `ufw status` output)"]
|
|
desc = "ufw intended-vs-running diff — catches drift between declared and live rules"
|
|
|
|
[primitive.mock-render]
|
|
kind = "rust"
|
|
crate = "mock-render"
|
|
deps = ["Chrome/Chromium (runtime)", "playwright (optional for parity driver)"]
|
|
desc = "Playwright wrapper with SHA-locked PNG (WYSIWYD: What You See Is What You Deploy)"
|
|
|
|
[primitive.visual-diff]
|
|
kind = "rust"
|
|
crate = "visual-diff"
|
|
deps = []
|
|
desc = "Pixel diff with tolerance — used in /site-create screenshot-regression loop"
|
|
|
|
[primitive.tokens-sync]
|
|
kind = "rust"
|
|
crate = "tokens-sync"
|
|
deps = []
|
|
desc = "Design tokens JSON → Tailwind config extend + CSS variables under :root"
|
|
|
|
[primitive.kei-memory]
|
|
kind = "rust"
|
|
crate = "kei-memory"
|
|
deps = ["rusqlite bundled (no system sqlite required)"]
|
|
desc = "Session retrospective + recurring pattern detector (offline-first, RULE 0.14)"
|
|
|
|
[primitive.kei-conflict-scan]
|
|
kind = "rust"
|
|
crate = "kei-conflict-scan"
|
|
deps = []
|
|
desc = "Deep-sleep (NREM) conflict scanner — rules/hooks/blocks/orphans/CP violations across ~/.claude"
|
|
|
|
[primitive.kei-refactor-engine]
|
|
kind = "rust"
|
|
crate = "kei-refactor-engine"
|
|
deps = []
|
|
desc = "Deep-sleep refactor-plan generator; consumes kei-conflict-scan JSON; zero-conflict guarantee on patches"
|
|
|
|
[primitive.kei-graph-check]
|
|
kind = "rust"
|
|
crate = "kei-graph-check"
|
|
deps = []
|
|
desc = "Post-refactor graph-integrity gate — wikilinks + handoffs + block refs resolve after patch"
|
|
|
|
[primitive.kei-store]
|
|
kind = "rust"
|
|
crate = "kei-store"
|
|
deps = ["git2 (vendored libgit2)", "aws-sdk-s3 + tokio + rustls (optional, behind `s3` feature)"]
|
|
desc = "Memory-repo backend abstraction — GitHub / Forgejo / Gitea / Filesystem / S3 (real S3/R2/MinIO via aws-sdk-s3 when built with `--features s3`; local-manifest stub otherwise)"
|
|
|
|
# --- v0.14 LBM port (10) ---------------------------------------------------
|
|
|
|
[primitive.kei-router]
|
|
kind = "rust"
|
|
crate = "kei-router"
|
|
deps = ["regex"]
|
|
desc = "Natural-language query → tool-call router (LBM pkg/keirouter port, no ML)"
|
|
|
|
[primitive.kei-sage]
|
|
kind = "rust"
|
|
crate = "kei-sage"
|
|
deps = ["rusqlite bundled (FTS5 enabled)"]
|
|
desc = "Obsidian-style knowledge graph with FTS5, BFS, PageRank (LBM internal/sage port)"
|
|
|
|
[primitive.kei-task]
|
|
kind = "rust"
|
|
crate = "kei-task"
|
|
deps = ["rusqlite bundled (FTS5 enabled)"]
|
|
desc = "Task DAG + deps + milestones (LBM internal/task port)"
|
|
|
|
[primitive.kei-chat-store]
|
|
kind = "rust"
|
|
crate = "kei-chat-store"
|
|
deps = ["rusqlite bundled (FTS5 enabled)"]
|
|
desc = "Session persistence for Claude chats (LBM internal/chat port)"
|
|
|
|
[primitive.kei-crossdomain]
|
|
kind = "rust"
|
|
crate = "kei-crossdomain"
|
|
deps = ["rusqlite bundled"]
|
|
desc = "Cross-domain typed-edge store + BFS + auto-link (LBM internal/crossdomain port)"
|
|
|
|
[primitive.kei-search-core]
|
|
kind = "rust"
|
|
crate = "kei-search-core"
|
|
deps = ["rusqlite bundled"]
|
|
desc = "3-wave research engine with budget cap; fetch interface frozen (LBM internal/search port)"
|
|
|
|
[primitive.kei-content-store]
|
|
kind = "rust"
|
|
crate = "kei-content-store"
|
|
deps = ["rusqlite bundled", "sha2"]
|
|
desc = "Asset + prompt + campaign registry (LBM internal/content port)"
|
|
|
|
[primitive.kei-social-store]
|
|
kind = "rust"
|
|
crate = "kei-social-store"
|
|
deps = ["rusqlite bundled (FTS5 enabled)"]
|
|
desc = "People + interaction CRM lite (LBM internal/social port)"
|
|
|
|
[primitive.kei-curator]
|
|
kind = "rust"
|
|
crate = "kei-curator"
|
|
deps = ["rusqlite bundled"]
|
|
desc = "Edge decay + orphan prune for cross-domain graphs (LBM internal/curator port)"
|
|
|
|
[primitive.kei-auth]
|
|
kind = "rust"
|
|
crate = "kei-auth"
|
|
deps = ["rusqlite bundled", "hmac", "sha2"]
|
|
desc = "Multi-tenant session tokens with scopes + HMAC-signed expiry (rewrite, not port)"
|
|
|
|
# --- v0.15 artifact handoff pipeline (1) -----------------------------------
|
|
|
|
[primitive.kei-artifact]
|
|
kind = "rust"
|
|
crate = "kei-artifact"
|
|
deps = ["rusqlite bundled"]
|
|
desc = "Typed artifact handoff pipeline — schema-validated content pass-between agents (BMAD-style)"
|
|
|
|
# --- v0.18 exobrain CLI (1) ------------------------------------------------
|
|
|
|
[primitive.keisei]
|
|
kind = "rust"
|
|
crate = "keisei"
|
|
deps = ["regex", "tempfile (runtime)"]
|
|
desc = "Exobrain attach/status CLI — mounts a portable brain into an AI client (MVP: Claude Code)"
|