feat(arcrun): implement arcrun MVP — open-source AI workflow engine

Phase 1-5 complete per .agents/specs/u6u-core-mvp/:

**Phase 1 — Cherry-pick & cleanup**
- Create arcrun/ from cypher-executor, credentials, builtins, registry
- Remove 9 InkStone Service Bindings (KBDB, REGISTRY, CLINIC_*, AICEO, MINI_ME)
- Rewrite component-loader: 3-layer (builtin → WASM_BUCKET R2 → error)
- Remove autoPublishMissing.ts, proxy.ts (AICEO), execution-logger.ts (KBDB)
- Clean all KV namespace IDs and InkStone internal URLs from config files

**Phase 2 — contract.yaml completeness**
- Add credentials_required to gmail, google_sheets, telegram, line_notify
- Add config_example to all 21 components with annotated field descriptions

**Phase 3 — Credential injection**
- Add credential-injector.ts: AES-GCM decrypt from CREDENTIALS_KV
- Integrate into GraphExecutor before WASM execution
- Structured errors with repair instructions when credential missing

**Phase 4 — CLI (acr)**
- cli/package.json: arcrun package, bin: acr, deps: commander/js-yaml/chalk/ora
- 8 commands: init, creds push, push, run, validate, parts, list, logs
- Standard mode: writes directly to user's CF KV via CF REST API
- acr init: interactive setup with arcrun.dev API Key registration

**Phase 5 — Open source release prep**
- README.md: 5-minute quickstart, component table, workflow YAML syntax
- CONTRIBUTING.md: TinyGo dev env, component scaffolding, submission flow
- Security audit: no InkStone internal URLs/IDs in committed files
- .gitignore: exclude credentials.yaml, .wrangler, *.wasm

https://claude.ai/code/session_01BnCdSLVH8tUed9VrrPavgT
This commit is contained in:
Claude
2026-04-16 04:06:25 +00:00
commit 2707fca32b
155 changed files with 17413 additions and 0 deletions
+214
View File
@@ -0,0 +1,214 @@
# Contributing to arcrun
感謝你考慮貢獻 arcrun!本文件說明如何新增零件(WASM component)並提交至公眾零件庫。
---
## 開發環境
### 必要工具
```bash
# TinyGo(編譯 Go → WASM
brew install tinygo # macOS
# 或參考 https://tinygo.org/getting-started/
# wasmtime(本機測試 WASM
brew install wasmtime # macOS
# 或參考 https://wasmtime.dev
# Wrangler CLI(部署 Cloudflare Workers
npm i -g wrangler
# arcrun CLI
npm i -g arcrun
```
---
## 新增零件步驟
### 1. 建立目錄結構
```
registry/components/my_component/
├── component.contract.yaml # 零件規格宣告
├── main.go # 零件邏輯(TinyGo
└── my_component.wasm # 編譯產出(不提交至 git,CI 自動產生)
```
### 2. 撰寫 component.contract.yaml
```yaml
canonical_id: "my_component"
display_name: "我的零件"
category: "data" # api / logic / data / ai
version: "v1"
author: "@your-github-username"
wasi_target: "preview1"
stability: "floating"
runtime_compat:
- "cf-workers"
- "workerd"
- "wazero"
constraints:
max_size_kb: 2048
max_cold_start_ms: 50
no_network_syscall: true # 功能類零件不允許網路請求
no_filesystem_syscall: true
io_model: "stdin_stdout_json"
input_schema:
type: object
required: [input]
properties:
input:
type: string
description: 輸入文字
output_schema:
type: object
properties:
result:
type: string
gherkin_tests:
- scenario: "基本轉換"
given: '{"input":"hello"}'
then_contains: '"result"'
config_example: |
transform: # 節點名稱(可自訂)
input: "{{input.text}}" # 輸入欄位(必填)
description: "我的零件功能說明。"
```
**需要 Credential 的整合類零件需額外加入:**
```yaml
credentials_required:
- key: my_api_token
type: api_key
description: "My Service API token"
inject_as: api_token
```
### 3. 撰寫 main.go
WASM 零件使用 stdin/stdout JSON I/O 模型(WASI preview1):
```go
package main
import (
"encoding/json"
"fmt"
"os"
)
type Input struct {
Input string `json:"input"`
}
type Output struct {
Success bool `json:"success"`
Result string `json:"result,omitempty"`
Error string `json:"error,omitempty"`
}
func main() {
var input Input
decoder := json.NewDecoder(os.Stdin)
if err := decoder.Decode(&input); err != nil {
out, _ := json.Marshal(Output{Success: false, Error: "invalid input: " + err.Error()})
fmt.Println(string(out))
return
}
// 你的邏輯
result := doTransform(input.Input)
out, _ := json.Marshal(Output{Success: true, Result: result})
fmt.Println(string(out))
}
func doTransform(s string) string {
return "[transformed] " + s
}
```
### 4. 編譯 WASM
```bash
cd registry/components/my_component
tinygo build -o my_component.wasm -target wasi .
```
### 5. 本機測試
```bash
# 直接測試 WASM
echo '{"input":"hello world"}' | wasmtime run my_component.wasm
# 預期輸出:{"success":true,"result":"[transformed] hello world"}
```
### 6. 驗證 Gherkin 測試
確認 contract.yaml 的 `gherkin_tests` 所有場景都通過:
```bash
# 每個 scenariogiven 輸入 → 輸出包含 then_contains
echo '<given-json>' | wasmtime run my_component.wasm | grep '<then_contains>'
```
---
## 提交零件至公眾 Registry
```bash
# 確保已編譯 .wasm
tinygo build -o my_component.wasm -target wasi .
# 提交(需要 arcrun.dev API Key
acr parts publish ./registry/components/my_component/
```
提交後:
- **功能類**零件(無網路請求):體積 + syscall + Gherkin 測試通過後,立即 `author_only`(你自己可用)
- **整合類**零件(有外部 API 呼叫):體積 + syscall 掃描通過後,`author_only`
- 等人工審核通過 → `public`(所有人可用,開始累積執行統計)
查詢審核進度:
```bash
acr parts publish --status <submission_id>
```
---
## 零件類型指引
### 功能類(category: logic / data / ai
- 不允許網路請求(`no_network_syscall: true`
- 不允許檔案系統存取(`no_filesystem_syscall: true`
- 需通過所有 Gherkin 測試
- 冷啟動 < 50ms,體積 < 2048KB
### 整合類(category: api
- 允許網路請求(設 `no_network_syscall: false`
- 必須宣告 `credentials_required`
- 需通過體積和 syscall 掃描
---
## 程式碼風格
- 零件必須回傳包含 `success: bool` 的 JSON
- 錯誤時回傳 `{"success":false,"error":"..."}`,不 panic
- 所有 `required` 欄位缺少時應回傳 `success:false` 而非 crash
- contract 的 `input_schema.required[]` 必須與 main.go 的驗證邏輯一致
---
## 問題回報
開 Issue[github.com/arcrun/arcrun/issues](https://github.com/arcrun/arcrun/issues)