feat(arcrun): implement arcrun MVP — open-source AI workflow engine

Phase 1-5 complete per .agents/specs/u6u-core-mvp/:

**Phase 1 — Cherry-pick & cleanup**
- Create arcrun/ from cypher-executor, credentials, builtins, registry
- Remove 9 InkStone Service Bindings (KBDB, REGISTRY, CLINIC_*, AICEO, MINI_ME)
- Rewrite component-loader: 3-layer (builtin → WASM_BUCKET R2 → error)
- Remove autoPublishMissing.ts, proxy.ts (AICEO), execution-logger.ts (KBDB)
- Clean all KV namespace IDs and InkStone internal URLs from config files

**Phase 2 — contract.yaml completeness**
- Add credentials_required to gmail, google_sheets, telegram, line_notify
- Add config_example to all 21 components with annotated field descriptions

**Phase 3 — Credential injection**
- Add credential-injector.ts: AES-GCM decrypt from CREDENTIALS_KV
- Integrate into GraphExecutor before WASM execution
- Structured errors with repair instructions when credential missing

**Phase 4 — CLI (acr)**
- cli/package.json: arcrun package, bin: acr, deps: commander/js-yaml/chalk/ora
- 8 commands: init, creds push, push, run, validate, parts, list, logs
- Standard mode: writes directly to user's CF KV via CF REST API
- acr init: interactive setup with arcrun.dev API Key registration

**Phase 5 — Open source release prep**
- README.md: 5-minute quickstart, component table, workflow YAML syntax
- CONTRIBUTING.md: TinyGo dev env, component scaffolding, submission flow
- Security audit: no InkStone internal URLs/IDs in committed files
- .gitignore: exclude credentials.yaml, .wrangler, *.wasm

https://claude.ai/code/session_01BnCdSLVH8tUed9VrrPavgT
This commit is contained in:
Claude
2026-04-16 04:06:25 +00:00
commit 2707fca32b
155 changed files with 17413 additions and 0 deletions
+148
View File
@@ -0,0 +1,148 @@
/**
* acr validate <workflow.yaml>
* 在執行前驗證 YAML 格式、關係詞合法性、零件是否存在、credentials 是否已上傳
*/
import chalk from 'chalk';
import { loadConfig, getCypherExecutorUrl } from '../lib/config.js';
import { loadWorkflowYaml, parseTriplets, validateRelations, getNodeNames } from '../lib/yaml-parser.js';
import { CfKvClient } from '../lib/cf-api.js';
export async function cmdValidate(filePath: string): Promise<void> {
const config = loadConfig();
let allPassed = true;
const check = (label: string, ok: boolean, detail?: string) => {
const icon = ok ? chalk.green('✓') : chalk.red('✗');
console.log(` ${icon} ${label}${detail ? ` ${chalk.gray(detail)}` : ''}`);
if (!ok) allPassed = false;
};
console.log(chalk.bold(`\n 驗證 ${filePath}\n`));
// 1. YAML 格式
let workflow;
try {
workflow = loadWorkflowYaml(filePath);
check('YAML 格式正確', true, `name=${workflow.name}`);
} catch (e) {
check('YAML 格式', false, e instanceof Error ? e.message : String(e));
process.exit(1);
}
// 2. 三元組解析
let triplets;
try {
triplets = parseTriplets(workflow.flow);
check('三元組解析', true, `${triplets.length}`);
} catch (e) {
check('三元組解析', false, e instanceof Error ? e.message : String(e));
process.exit(1);
}
// 3. 關係詞驗證(不允許 PIPE)
try {
validateRelations(triplets);
check('關係詞合法性', true);
} catch (e) {
check('關係詞合法性', false, e instanceof Error ? e.message : String(e));
allPassed = false;
}
// 4. 所有節點在 config 中有對應(Input/Output 節點除外)
const nodeNames = getNodeNames(triplets);
const inputNodes = new Set(triplets.map(t => t.subject).filter(s =>
!triplets.some(t => t.object === s)
));
const outputNodes = new Set(triplets.map(t => t.object).filter(o =>
!triplets.some(t => t.subject === o)
));
const componentNodes = nodeNames.filter(n => !inputNodes.has(n) && !outputNodes.has(n));
const missingConfigs = componentNodes.filter(n => !(workflow.config ?? {})[n]);
if (missingConfigs.length > 0) {
check('config 完整性', false, `缺少 config${missingConfigs.join(', ')}`);
allPassed = false;
} else {
check('config 完整性', true, `${componentNodes.length} 個節點均有 config`);
}
// 5. 零件存在於 WASM_BUCKET(透過 cypher/search 確認)
const executorUrl = getCypherExecutorUrl(config);
try {
const headers: Record<string, string> = { 'Content-Type': 'application/json' };
if (config.api_key) headers['X-Arcrun-API-Key'] = config.api_key;
const res = await fetch(`${executorUrl}/cypher/search`, {
method: 'POST',
headers,
body: JSON.stringify({ triplets: workflow.flow }),
});
if (res.ok) {
const data = await res.json() as { missing: string[] };
if (data.missing.length > 0) {
check('零件存在性', false, `WASM_BUCKET 中找不到:${data.missing.join(', ')}`);
allPassed = false;
} else {
check('零件存在性', true, '所有零件均已在 WASM_BUCKET');
}
} else {
check('零件存在性', false, `無法連線 ${executorUrl},跳過驗證`);
}
} catch {
check('零件存在性', false, `無法連線 ${executorUrl},跳過驗證`);
}
// 6. 所需 credentials 已上傳至 CREDENTIALS_KV(僅在有 KV 設定時執行)
if (config.cloudflare_account_id && config.cf_api_token) {
const namespaceId = config.mode === 'standard'
? config.user_kv_namespace_id
: config.credentials_kv_namespace_id;
if (namespaceId) {
const kv = new CfKvClient({
accountId: config.cloudflare_account_id,
namespaceId,
apiToken: config.cf_api_token,
});
// 查詢已上傳的 credentials
try {
const kvKeys = await kv.list('cred:');
const uploadedCreds = new Set(kvKeys.map(k => k.name.replace('cred:', '')));
// 比對 workflow config 中引用的 credential key
const usedCreds = extractCredentialRefs(workflow.config ?? {});
const missingCreds = usedCreds.filter(k => !uploadedCreds.has(k));
if (missingCreds.length > 0) {
check('Credentials 上傳', false, `未上傳:${missingCreds.join(', ')}(執行 acr creds push`);
allPassed = false;
} else {
check('Credentials 上傳', true, `已上傳 ${uploadedCreds.size} 個 credential`);
}
} catch {
check('Credentials 上傳', false, 'KV 查詢失敗,跳過驗證');
}
}
}
console.log('');
if (allPassed) {
console.log(chalk.green.bold(' ✓ 驗證通過\n'));
} else {
console.log(chalk.red.bold(' ✗ 驗證未通過,請修正上方錯誤\n'));
process.exit(1);
}
}
/** 從 workflow config 中提取可能的 credential key 引用(模板 {{creds.xxx}}*/
function extractCredentialRefs(config: Record<string, Record<string, unknown>>): string[] {
const refs = new Set<string>();
const jsonStr = JSON.stringify(config);
const matches = jsonStr.matchAll(/\{\{creds\.([^}]+)\}\}/g);
for (const m of matches) {
refs.add(m[1]);
}
return [...refs];
}