fb8a004b03
After v0.14.3 npm-publish failed again with 401 Unauthorized despite
path-scoped _authToken. Direct curl probe to keigit confirmed BOTH Bearer
and Basic auth schemes work — so the issue is npm 10 not sending the
auth header in CI. Likely cause: deprecated `always-auth=true` interfered
with token resolution.
== Publish auth fix ==
- Drop `always-auth=true` (deprecated in npm 10+; warns in logs)
- Keep path-scoped `_authToken` (npm 10 canonical)
- Add legacy Basic-auth fallback rows (username/_password/email) — Forgejo
accepts both schemes per direct probe; if one resolution path fails,
npm tries the other
- chmod 600 on $HOME/.npmrc and project .npmrc (defense-in-depth)
- Bump 0.14.3 → 0.14.4
== Slice A — TS server hardening (Sonnet code-implementer-typescript) ==
File: _ts_packages/packages/mcp-server/src/server.ts (+3/-1)
File: _ts_packages/packages/mcp-server/src/index.ts (+14/-4)
- safeEqual constant-time path on length mismatch (timing oracle close)
- HTTP server defaults to 127.0.0.1 bind; --bind <addr> opt-in for 0.0.0.0
- Body cap 1 MiB with 413 response (DoS prevention)
- VERIFIED: tsc -b --noEmit exit 0
== Slice B — Outcome-only profile hardening (Sonnet code-implementer) ==
Files: install.sh, install/lib-args.sh, install/lib-profile-outcome-only.sh
- Confirm-screen gate before destructive install (skips on --dry-run / --yes)
- _outcome_install_ledger return value tracked → summary reflects reality
(was: false-success "ledger: ..." when init failed)
- --dry-run silent-ignored on non-outcome profiles → now warns
- VERIFIED: end-to-end smoke against fake $HOME with `<<< "y"` — all 5
files installed, schema v9 + 2 triggers, summary correct
== Slice D — jq-merge dedup tuple (Sonnet code-implementer) ==
File: install/lib-hooks.sh
- Replaced `unique_by(.command)` with reduce-into-object keyed on
norm-ed command (tilde-vs-absolute path collision fix)
- Snippet-wins precedence on collision
- 3 manual scenario traces pass: tilde+tilde, absolute+tilde, idempotency
== Slice E — Doc honesty pass (Sonnet code-implementer, selective-merged) ==
Files: README.md, docs/{INSTALL,ARCHITECTURE,PROFILE-OUTCOME-ONLY}.md
Note: Slice E worktree was based on an older main commit; merged
selectively to preserve current-main values (565 DNAs, not worktree's 518)
- README:62 plugin marketplace URL: KeiSei84/KeiSeiKit → KeiSei84/KeiSeiKit-1.0
(consistent with line 66 git clone URL + Cargo.toml repository field)
- README:9-15: per-claim [REAL: <command>] markers on all 8 numerics
- README:124-132 + PROFILE-OUTCOME-ONLY.md:43-55 + ARCHITECTURE.md:288-302:
rephrase 100-row router claim — now describes Wilson lower-bound
(δ=0.10, q*=0.70) continuous metric with file:line pointer to select.rs
- INSTALL.md: ESTIMATE-HTC marker covering all install-time / disk-size
numerics in profile table (RULE 0.18 compliance)
- PROFILE-OUTCOME-ONLY.md privacy section: discloses agent-toolstats.jsonl
sidecar (was undocumented per W3 finding)
- PROFILE-OUTCOME-ONLY.md uninstall: added 6th rm -f for .bak-* cleanup
(closes orphan-accumulation per W3+W4 audits)
[FROM-JOURNAL: tasks.jsonl this session — 12 audit agents waves 5+6 +
4 parallel fix-implementer worktrees ran ~25 min wall-time]
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
197 lines
7.4 KiB
Bash
Executable file
197 lines
7.4 KiB
Bash
Executable file
#!/usr/bin/env bash
|
|
# KeiSeiKit — Constructor-Pattern Agent Kit installer
|
|
# Idempotent: safe to re-run. Never overwrites settings.json or existing user manifests.
|
|
#
|
|
# Usage:
|
|
# ./install.sh # interactive menu on TTY; profile=minimal on non-TTY
|
|
# ./install.sh --profile=<name> # minimal|core|frontend|ops|dev|mcp|cortex|full (skips menu)
|
|
# ./install.sh --add=<name>[,<name>] # install one or more primitives on top of current state
|
|
# ./install.sh --remove=<name> # remove a single primitive
|
|
# ./install.sh --list # list installed primitives (name | kind | desc | path)
|
|
# ./install.sh --with-bridges # also render cross-tool bridges into $PWD
|
|
# ./install.sh --with-pathway # force PATH wiring (auto-on for TTY)
|
|
# ./install.sh --no-pathway # force-skip PATH wiring (CI / nix)
|
|
# ./install.sh --activate-hooks # jq-merge settings-snippet.json into ~/.claude/settings.json
|
|
# ./install.sh --yes # skip confirm screen after menu (automation)
|
|
# ./install.sh --no-execute # parse menu+confirm, print plan, exit (testing)
|
|
#
|
|
# Internals: this file is a thin orchestrator. All implementation lives in
|
|
# install/lib-*.sh cubes (Constructor Pattern: 1 file = 1 concern, <200 LOC).
|
|
|
|
set -euo pipefail
|
|
|
|
# --- paths ----------------------------------------------------------------
|
|
KIT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
|
|
HOME_DIR="${HOME:?HOME not set}"
|
|
AGENTS_DIR="$HOME_DIR/.claude/agents"
|
|
HOOKS_DIR="$HOME_DIR/.claude/hooks"
|
|
SKILLS_DIR="$HOME_DIR/.claude/skills"
|
|
MANIFEST="$KIT_DIR/_primitives/MANIFEST.toml"
|
|
INSTALLED_FILE="$AGENTS_DIR/_primitives/.installed"
|
|
LIB_DIR="$KIT_DIR/install"
|
|
|
|
# --- source cubes (order matters: logs -> backup -> profile -> rest) ------
|
|
# shellcheck source=install/lib-log.sh
|
|
source "$LIB_DIR/lib-log.sh"
|
|
# shellcheck source=install/lib-backup.sh
|
|
source "$LIB_DIR/lib-backup.sh"
|
|
# shellcheck source=install/lib-profile.sh
|
|
source "$LIB_DIR/lib-profile.sh"
|
|
# shellcheck source=install/lib-args.sh
|
|
source "$LIB_DIR/lib-args.sh"
|
|
# shellcheck source=install/lib-menu.sh
|
|
source "$LIB_DIR/lib-menu.sh"
|
|
# shellcheck source=install/lib-plan.sh
|
|
source "$LIB_DIR/lib-plan.sh"
|
|
# shellcheck source=install/lib-prereqs.sh
|
|
source "$LIB_DIR/lib-prereqs.sh"
|
|
# shellcheck source=install/lib-primitives.sh
|
|
source "$LIB_DIR/lib-primitives.sh"
|
|
# shellcheck source=install/lib-rust.sh
|
|
source "$LIB_DIR/lib-rust.sh"
|
|
# shellcheck source=install/lib-substrate.sh
|
|
source "$LIB_DIR/lib-substrate.sh"
|
|
# shellcheck source=install/lib-rust-mirror.sh
|
|
source "$LIB_DIR/lib-rust-mirror.sh"
|
|
# shellcheck source=install/lib-rust-prebuild.sh
|
|
source "$LIB_DIR/lib-rust-prebuild.sh"
|
|
# shellcheck source=install/lib-scaffold.sh
|
|
source "$LIB_DIR/lib-scaffold.sh"
|
|
# shellcheck source=install/lib-bridges.sh
|
|
source "$LIB_DIR/lib-bridges.sh"
|
|
# shellcheck source=install/lib-hooks.sh
|
|
source "$LIB_DIR/lib-hooks.sh"
|
|
# shellcheck source=install/lib-agents.sh
|
|
source "$LIB_DIR/lib-agents.sh"
|
|
# shellcheck source=install/lib-skills.sh
|
|
source "$LIB_DIR/lib-skills.sh"
|
|
# shellcheck source=install/lib-wizard.sh
|
|
source "$LIB_DIR/lib-wizard.sh"
|
|
# shellcheck source=install/lib-pathway.sh
|
|
source "$LIB_DIR/lib-pathway.sh"
|
|
# shellcheck source=install/lib-bin.sh
|
|
source "$LIB_DIR/lib-bin.sh"
|
|
# shellcheck source=install/lib-summary.sh
|
|
source "$LIB_DIR/lib-summary.sh"
|
|
# shellcheck source=install/lib-profile-outcome-only.sh
|
|
source "$LIB_DIR/lib-profile-outcome-only.sh"
|
|
|
|
# --- parse flags + install rollback trap ---------------------------------
|
|
parse_args "$@"
|
|
setup_backup_trap
|
|
|
|
# Fix 3: --dry-run is only meaningful with --profile=outcome-only.
|
|
# Warn early so the user doesn't assume other profiles respect it.
|
|
if [ "${OUTCOME_DRY_RUN:-0}" = "1" ] && [ "$PROFILE" != "outcome-only" ] && [ -n "$PROFILE" ]; then
|
|
warn "--dry-run is only effective with --profile=outcome-only; for other profiles use --no-execute"
|
|
fi
|
|
|
|
# --- --list short-circuit -------------------------------------------------
|
|
if [ "$LIST_MODE" = "1" ]; then
|
|
[ -f "$MANIFEST" ] || { err "MANIFEST.toml missing: $MANIFEST"; exit 2; }
|
|
cmd_list
|
|
exit 0
|
|
fi
|
|
|
|
# --- --rebuild-rust short-circuit (dev-mode mirror) ----------------------
|
|
if [ "$REBUILD_RUST_FLAG" = "1" ]; then
|
|
if ! is_dev_mode; then
|
|
say "rust-mirror: not in dev mode (no fat workspace at $KIT_DIR/_primitives/_rust/Cargo.toml)"
|
|
say "rust-mirror: nothing to rebuild — kit users get fresh binaries via release tarball"
|
|
exit 0
|
|
fi
|
|
if [ -n "$REBUILD_RUST_LIST" ]; then
|
|
# Comma-separated list → individual args
|
|
# shellcheck disable=SC2086
|
|
rebuild_and_mirror_rust ${REBUILD_RUST_LIST//,/ }
|
|
else
|
|
rebuild_and_mirror_rust
|
|
fi
|
|
exit 0
|
|
fi
|
|
|
|
# --- incremental --add / --remove short-circuit --------------------------
|
|
if [ -n "$ADD_LIST" ] || [ -n "$REMOVE_NAME" ]; then
|
|
run_incremental_change
|
|
exit 0
|
|
fi
|
|
|
|
# --- outcome-only profile short-circuit (see docs/PROFILE-OUTCOME-ONLY.md) ---
|
|
if [ "${PROFILE:-}" = "outcome-only" ]; then
|
|
_outcome_confirm_if_needed
|
|
export OUTCOME_DRY_RUN
|
|
install_profile_outcome_only
|
|
exit 0
|
|
fi
|
|
|
|
# --- interactive menu (option C hybrid) ----------------------------------
|
|
# Runs ONLY when: no selection flag passed AND stdin+stdout are TTY AND
|
|
# --list / --add / --remove short-circuits above did NOT fire.
|
|
run_menu_if_needed || exit 1
|
|
|
|
# --- resolve profile (default=minimal) -----------------------------------
|
|
PROFILE="${PROFILE:-minimal}"
|
|
case "$PROFILE" in
|
|
minimal|core|frontend|ops|dev|mcp|cortex|full|custom|local-mirror|dashboard|full-hub|outcome-only) ;;
|
|
*)
|
|
err "unknown profile: $PROFILE. Valid: outcome-only | minimal | core | frontend | ops | dev | mcp | cortex | local-mirror | dashboard | full-hub | full"
|
|
exit 1
|
|
;;
|
|
esac
|
|
say "profile: $PROFILE"
|
|
|
|
# --- prerequisites -------------------------------------------------------
|
|
check_prereqs
|
|
|
|
# --- confirm screen + --no-execute ---------------------------------------
|
|
CONFIRM_LABEL="$PROFILE"
|
|
[ "$PROFILE" = "custom" ] && CONFIRM_LABEL="custom ($CUSTOM_PRIMS)"
|
|
CONFIRM_INPUT="$(printf '%s\n' $PROFILE_PRIMS | grep -v '^$' || true)"
|
|
if ! printf '%s\n' "$CONFIRM_INPUT" | show_confirm_screen "$CONFIRM_LABEL"; then
|
|
say "install declined at confirm screen — aborting"
|
|
exit 1
|
|
fi
|
|
|
|
if [ "$NO_EXECUTE" = "1" ]; then
|
|
say "--no-execute: plan resolved, exiting before install"
|
|
exit 0
|
|
fi
|
|
|
|
# --- execute install phases ----------------------------------------------
|
|
setup_target_dirs
|
|
scaffold_memory_index
|
|
install_blocks
|
|
install_roles
|
|
install_capabilities
|
|
run_primitives_phase
|
|
install_bridges
|
|
install_manifests
|
|
build_assembler
|
|
generate_agents
|
|
install_hooks
|
|
install_skills
|
|
install_bin
|
|
maybe_activate_hooks
|
|
|
|
# Bail out cleanly if the rollback trap already fired (activate_hooks err path).
|
|
if [ "${ROLLED_BACK:-0}" = "1" ]; then
|
|
exit 2
|
|
fi
|
|
|
|
# --- optional post-install hooks ------------------------------------------
|
|
[ "$WITH_BRIDGES" = "1" ] && render_bridges
|
|
[ "$WITH_SLEEP_SYNC" = "1" ] && run_sleep_wizard
|
|
|
|
# --- substrate PATH wiring (Wave 39) --------------------------------------
|
|
# Forced on by --with-pathway, forced off by --no-pathway. Default: auto-on
|
|
# for interactive TTY installs. Substrate binaries are copied to
|
|
# target/release/ regardless of profile (lib-substrate.sh), so PATH wiring
|
|
# is meaningful for every profile except minimal-without-prebuilt.
|
|
if [ "$NO_PATHWAY" != "1" ]; then
|
|
if [ "$WITH_PATHWAY" = "1" ] || { [ -t 0 ] && [ -t 1 ]; }; then
|
|
pathway_install
|
|
fi
|
|
fi
|
|
|
|
# --- final summary --------------------------------------------------------
|
|
print_summary
|