keisei/KeiSeiKit-1.0
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
KeiSeiKit-1.0/_ts_packages
History
Parfii-bot ca046e61c1 fix(v0.19.1): supply-chain hardening remainder — ci.yml SHA-pin + dependabot + bun.lock placeholder 
Follow-up to c27b626 (release.yml pinning). Finishes H4 + H5.

ci.yml:
  - 11 third-party actions SHA-pinned with # vN.m.k comments
  - actions/checkout@34e114876b... (v4.3.1)
  - actions/setup-node@49933ea5288... (v4.4.0)
  - dtolnay/rust-toolchain@3c5f7ea28... (rust 1.94.1)
  - Swatinem/rust-cache@c19371144... (v2.9.1)

.github/dependabot.yml (NEW):
  - 3 ecosystems weekly: github-actions, npm, cargo
  - PR cap 5, labels [dependencies, <ecosystem>]
  - Auto-opens update PRs for SHA bumps — human reviews, not silent churn

_ts_packages/packages/mcp-server/bun.lock (NEW — placeholder):
  - 13-line comment explaining H4 gate
  - Instructs: 'cd _ts_packages/packages/mcp-server && bun install' before release
  - release.yml (since v0.19.1) uses --frozen-lockfile with NO fallback —
    missing real lockfile fails the build deliberately

BUILD.md:
  - New 'Lockfile' section (19 LOC) documenting the pre-release workflow

CHANGELOG.md:
  - [Unreleased] → Security: 3 bullets covering this + prior supply-chain commit

All SHAs E1 (verified via api.github.com or reused from release.yml).

NEXT STEP BEFORE TAGGING v0.19.1:
  Populate real bun.lock locally, commit, then tag. Workflow will fail
  on missing/stale lockfile — that's the point of H4 defense.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
2026-04-22 17:12:15 +08:00
..
packages fix(v0.19.1): supply-chain hardening remainder — ci.yml SHA-pin + dependabot + bun.lock placeholder 2026-04-22 17:12:15 +08:00
.gitignore feat(ts-packages): 6 TS packages — MCP server + 5 external-API adapters 2026-04-22 12:45:19 +08:00
package-lock.json feat(ts-packages): 6 TS packages — MCP server + 5 external-API adapters 2026-04-22 12:45:19 +08:00
package.json feat(ts-packages): 6 TS packages — MCP server + 5 external-API adapters 2026-04-22 12:45:19 +08:00
README.md feat(ts-packages): 6 TS packages — MCP server + 5 external-API adapters 2026-04-22 12:45:19 +08:00
tsconfig.base.json feat(ts-packages): 6 TS packages — MCP server + 5 external-API adapters 2026-04-22 12:45:19 +08:00

README.md

KeiSeiKit TypeScript Packages

v0.14.0 part B: MCP server layer + external-API adapters.

RULE 0.2 exception

TypeScript is chosen here under RULE 0.2 exception #4 (Browser/DOM adjacent) because:

  1. The official Model Context Protocol SDK is TypeScript-native; Rust MCP libraries are immature (as of 2026-04).
  2. The API adapters rely on JS-native SDKs with no Rust equivalents:
    • grammy (type-safe Telegram bot)
    • googleapis (official Google API SDK for Gmail + YouTube)
    • youtube-transcript (Tier-1 free transcript extractor)
  3. Async, JSON-heavy glue code is TypeScript's sweet spot.

Core primitives (signing, ledger, graph, memory, refactor, etc.) remain Rust in ../_primitives/_rust/. This TS layer is a THIN wrapper: it spawns the Rust CLIs as subprocesses and exposes them as MCP tools, plus the six adapters above that have no Rust equivalent.

Layout

_ts_packages/
├── package.json              npm workspace root
├── tsconfig.base.json        strict TS 5.x
└── packages/
    ├── mcp-server/           @keisei/mcp-server
    ├── telegram-adapter/     @keisei/telegram-adapter
    ├── recall-adapter/       @keisei/recall-adapter  (Zoom via Recall.ai)
    ├── grok-adapter/         @keisei/grok-adapter    (xAI)
    ├── gmail-adapter/        @keisei/gmail-adapter
    └── youtube-adapter/      @keisei/youtube-adapter

Install (for end users)

1. Install workspace deps

cd _ts_packages
npm install
npm run build

2. Link each package as a global CLI (optional)

npm i -g ./packages/mcp-server
npm i -g ./packages/telegram-adapter
# ... etc

Or install into a Claude agent directory:

npm i --prefix ~/.claude/agents/_ts_packages/packages/mcp-server \
      ./_ts_packages/packages/mcp-server

Environment variables (RULE 0.8 — secrets in ~/.claude/secrets/.env)

Var Package Purpose
TELEGRAM_BOT_TOKEN telegram-adapter Bot API token
RECALL_API_KEY recall-adapter Recall.ai API key (Zoom meetings)
XAI_API_KEY grok-adapter xAI Grok API key
GMAIL_CLIENT_ID gmail-adapter Google OAuth2 client id
GMAIL_CLIENT_SECRET gmail-adapter Google OAuth2 client secret
GMAIL_REFRESH_TOKEN gmail-adapter Long-lived OAuth2 refresh token
YOUTUBE_API_KEY youtube-adapter YouTube Data API v3 key
KEI_MCP_AUTH_TOKEN mcp-server HMAC token for tool callers
KEI_RUST_BIN_DIR mcp-server Override directory holding Rust primitive CLIs

All are read via process.env. Hardcoding tokens is forbidden (RULE 0.8).

MCP server integration

The @keisei/mcp-server exposes the Rust primitive CLIs as MCP tools. The pattern is one Rust binary = one MCP tool, with the kei meta-tool on top that routes natural-language queries via kei-router.

Stdio mode (for Claude Code native integration):

npx @keisei/mcp-server --stdio

HTTP mode:

npx @keisei/mcp-server --port 3000 --auth-token-file ~/.claude/mcp-token

Verification

npm install
npm run build --workspaces
npm run test --workspaces

All six packages compile under strict: true. Total new LOC: see commit.

Migration notes

  • Zero impact on existing KeiSeiKit users unless they opt into the MCP server (planned v0.14.1 installer flag --enable-mcp).
  • The Rust primitives are unchanged; this layer only wraps them.
  • Gmail and YouTube adapters are new (gaps in LBM).