History

Parfii-bot cbed9e2275 fix(release): decouple npm-publish + drop x86_64-darwin (v0.14.2 retry) v0.14.1 tag triggered Release workflow but npm-publish was SKIPPED because Rust matrix entry x86_64-apple-darwin failed and release job needs:[build-release, build-mcp-binary]; npm-publish needs:release. Single Rust target failure → entire publish chain blocks. This was the W3 Opus CI/build finding deferred from audit-batch-2. Two fixes: 1. Drop x86_64-apple-darwin from build-release matrix. GitHub's `macos-latest` runner is now Apple Silicon (M1+); cross-compile to x86_64 needs an OpenSSL sysroot that the arm64 image doesn't ship. `openssl-sys 0.9.114` build fails with "Could not find openssl via pkg-config: pkg-config has not been configured to support cross-compilation". Apple Silicon mandatory for new Macs since 2020; x86 Mac is legacy. If a future user needs x86 darwin, re-add with `experimental: true` and `openssl-sys` features=["vendored"]. 2. Decouple `npm-publish` from `release`. The npm package builds its own `dist/` from `_ts_packages/` — it does NOT consume Rust release tarballs. Previously `needs: release` meant a single Rust matrix failure blocked the npm publish even though the two are architecturally independent. Now `needs: []` (parallel with build-release matrix). KEIGIT_TOKEN-presence guard still gracefully skips when secret is absent. Bump version 0.14.1 → 0.14.2 (v0.14.1 tag already exists from prior run). After re-tag v0.14.2: - build-release matrix: 3 targets (was 4) — should all succeed - build-mcp-binary: 5 platforms (unchanged) — already passed in 0.14.1 run - release job: produces GitHub Release with 3 Rust tarballs + 5 MCP binaries - npm-publish job: runs in PARALLEL, publishes @keisei/mcp-server@0.14.2 to keigit regardless of Rust matrix status [FROM-JOURNAL: tasks.jsonl this session — v0.14.1 release run 25280711426 ran 14m wall, 8/9 jobs success, x86_64-darwin failed at openssl-sys build, release+npm-publish skipped via needs-chain] Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>		2026-05-03 22:30:50 +08:00
..
packages	fix(release): decouple npm-publish + drop x86_64-darwin (v0.14.2 retry)	2026-05-03 22:30:50 +08:00
.gitignore	KeiSeiKit-public — clean state	2026-05-01 12:09:03 +08:00
bun.lock	KeiSeiKit-public — clean state	2026-05-01 12:09:03 +08:00
package-lock.json	fix(release): decouple npm-publish + drop x86_64-darwin (v0.14.2 retry)	2026-05-03 22:30:50 +08:00
package.json	chore: author email + Cargo metadata SSoT (parfionovich@keilab.io)	2026-05-03 13:55:28 +08:00
README.md	Revert "feat(mcp-server): production-ready publish path via GitHub Packages"	2026-05-03 18:04:00 +08:00
tsconfig.base.json	KeiSeiKit-public — clean state	2026-05-01 12:09:03 +08:00

README.md

KeiSeiKit TypeScript Packages

v0.14.0 part B: MCP server layer + external-API adapters.

RULE 0.2 exception

TypeScript is chosen here under RULE 0.2 exception #4 (Browser/DOM adjacent) because:

The official Model Context Protocol SDK is TypeScript-native; Rust MCP libraries are immature (as of 2026-04).
The API adapters rely on JS-native SDKs with no Rust equivalents:
- grammy (type-safe Telegram bot)
- googleapis (official Google API SDK for Gmail + YouTube)
- youtube-transcript (Tier-1 free transcript extractor)
Async, JSON-heavy glue code is TypeScript's sweet spot.

Core primitives (signing, ledger, graph, memory, refactor, etc.) remain Rust in ../_primitives/_rust/. This TS layer is a THIN wrapper: it spawns the Rust CLIs as subprocesses and exposes them as MCP tools, plus the six adapters above that have no Rust equivalent.

Layout

_ts_packages/
├── package.json              npm workspace root
├── tsconfig.base.json        strict TS 5.x
└── packages/
    ├── mcp-server/           @keisei/mcp-server
    ├── telegram-adapter/     @keisei/telegram-adapter
    ├── recall-adapter/       @keisei/recall-adapter  (Zoom via Recall.ai)
    ├── grok-adapter/         @keisei/grok-adapter    (xAI)
    ├── gmail-adapter/        @keisei/gmail-adapter
    └── youtube-adapter/      @keisei/youtube-adapter

Install (for end users)

1. Install workspace deps

cd _ts_packages
npm install
npm run build

2. Link each package as a global CLI (optional)

npm i -g ./packages/mcp-server
npm i -g ./packages/telegram-adapter
# ... etc

Or install into a Claude agent directory:

npm i --prefix ~/.claude/agents/_ts_packages/packages/mcp-server \
      ./_ts_packages/packages/mcp-server

Environment variables (RULE 0.8 — secrets in `~/.claude/secrets/.env`)

Var	Package	Purpose
`TELEGRAM_BOT_TOKEN`	telegram-adapter	Bot API token
`RECALL_API_KEY`	recall-adapter	Recall.ai API key (Zoom meetings)
`XAI_API_KEY`	grok-adapter	xAI Grok API key
`GMAIL_CLIENT_ID`	gmail-adapter	Google OAuth2 client id
`GMAIL_CLIENT_SECRET`	gmail-adapter	Google OAuth2 client secret
`GMAIL_REFRESH_TOKEN`	gmail-adapter	Long-lived OAuth2 refresh token
`YOUTUBE_API_KEY`	youtube-adapter	YouTube Data API v3 key
`KEI_MCP_AUTH_TOKEN`	mcp-server	HMAC token for tool callers
`KEI_RUST_BIN_DIR`	mcp-server	Override directory holding Rust primitive CLIs

All are read via process.env. Hardcoding tokens is forbidden (RULE 0.8).

MCP server integration

The @keisei/mcp-server exposes the Rust primitive CLIs as MCP tools. The pattern is one Rust binary = one MCP tool, with the kei meta-tool on top that routes natural-language queries via kei-router.

Stdio mode (for Claude Code native integration):

npx @keisei/mcp-server --stdio

HTTP mode:

npx @keisei/mcp-server --port 3000 --auth-token-file ~/.claude/mcp-token

Verification

npm install
npm run build --workspaces
npm run test --workspaces

All six packages compile under strict: true. Total new LOC: see commit.

Migration notes

Zero impact on existing KeiSeiKit users unless they opt into the MCP server (planned v0.14.1 installer flag --enable-mcp).
The Rust primitives are unchanged; this layer only wraps them.
Gmail and YouTube adapters are new (gaps in LBM).