feat(arcrun): implement arcrun MVP — open-source AI workflow engine
Phase 1-5 complete per .agents/specs/u6u-core-mvp/: **Phase 1 — Cherry-pick & cleanup** - Create arcrun/ from cypher-executor, credentials, builtins, registry - Remove 9 InkStone Service Bindings (KBDB, REGISTRY, CLINIC_*, AICEO, MINI_ME) - Rewrite component-loader: 3-layer (builtin → WASM_BUCKET R2 → error) - Remove autoPublishMissing.ts, proxy.ts (AICEO), execution-logger.ts (KBDB) - Clean all KV namespace IDs and InkStone internal URLs from config files **Phase 2 — contract.yaml completeness** - Add credentials_required to gmail, google_sheets, telegram, line_notify - Add config_example to all 21 components with annotated field descriptions **Phase 3 — Credential injection** - Add credential-injector.ts: AES-GCM decrypt from CREDENTIALS_KV - Integrate into GraphExecutor before WASM execution - Structured errors with repair instructions when credential missing **Phase 4 — CLI (acr)** - cli/package.json: arcrun package, bin: acr, deps: commander/js-yaml/chalk/ora - 8 commands: init, creds push, push, run, validate, parts, list, logs - Standard mode: writes directly to user's CF KV via CF REST API - acr init: interactive setup with arcrun.dev API Key registration **Phase 5 — Open source release prep** - README.md: 5-minute quickstart, component table, workflow YAML syntax - CONTRIBUTING.md: TinyGo dev env, component scaffolding, submission flow - Security audit: no InkStone internal URLs/IDs in committed files - .gitignore: exclude credentials.yaml, .wrangler, *.wasm https://claude.ai/code/session_01BnCdSLVH8tUed9VrrPavgT
This commit is contained in:
@@ -0,0 +1,148 @@
|
||||
/**
|
||||
* acr validate <workflow.yaml>
|
||||
* 在執行前驗證 YAML 格式、關係詞合法性、零件是否存在、credentials 是否已上傳
|
||||
*/
|
||||
import chalk from 'chalk';
|
||||
import { loadConfig, getCypherExecutorUrl } from '../lib/config.js';
|
||||
import { loadWorkflowYaml, parseTriplets, validateRelations, getNodeNames } from '../lib/yaml-parser.js';
|
||||
import { CfKvClient } from '../lib/cf-api.js';
|
||||
|
||||
export async function cmdValidate(filePath: string): Promise<void> {
|
||||
const config = loadConfig();
|
||||
let allPassed = true;
|
||||
|
||||
const check = (label: string, ok: boolean, detail?: string) => {
|
||||
const icon = ok ? chalk.green('✓') : chalk.red('✗');
|
||||
console.log(` ${icon} ${label}${detail ? ` ${chalk.gray(detail)}` : ''}`);
|
||||
if (!ok) allPassed = false;
|
||||
};
|
||||
|
||||
console.log(chalk.bold(`\n 驗證 ${filePath}\n`));
|
||||
|
||||
// 1. YAML 格式
|
||||
let workflow;
|
||||
try {
|
||||
workflow = loadWorkflowYaml(filePath);
|
||||
check('YAML 格式正確', true, `name=${workflow.name}`);
|
||||
} catch (e) {
|
||||
check('YAML 格式', false, e instanceof Error ? e.message : String(e));
|
||||
process.exit(1);
|
||||
}
|
||||
|
||||
// 2. 三元組解析
|
||||
let triplets;
|
||||
try {
|
||||
triplets = parseTriplets(workflow.flow);
|
||||
check('三元組解析', true, `${triplets.length} 條`);
|
||||
} catch (e) {
|
||||
check('三元組解析', false, e instanceof Error ? e.message : String(e));
|
||||
process.exit(1);
|
||||
}
|
||||
|
||||
// 3. 關係詞驗證(不允許 PIPE)
|
||||
try {
|
||||
validateRelations(triplets);
|
||||
check('關係詞合法性', true);
|
||||
} catch (e) {
|
||||
check('關係詞合法性', false, e instanceof Error ? e.message : String(e));
|
||||
allPassed = false;
|
||||
}
|
||||
|
||||
// 4. 所有節點在 config 中有對應(Input/Output 節點除外)
|
||||
const nodeNames = getNodeNames(triplets);
|
||||
const inputNodes = new Set(triplets.map(t => t.subject).filter(s =>
|
||||
!triplets.some(t => t.object === s)
|
||||
));
|
||||
const outputNodes = new Set(triplets.map(t => t.object).filter(o =>
|
||||
!triplets.some(t => t.subject === o)
|
||||
));
|
||||
const componentNodes = nodeNames.filter(n => !inputNodes.has(n) && !outputNodes.has(n));
|
||||
|
||||
const missingConfigs = componentNodes.filter(n => !(workflow.config ?? {})[n]);
|
||||
if (missingConfigs.length > 0) {
|
||||
check('config 完整性', false, `缺少 config:${missingConfigs.join(', ')}`);
|
||||
allPassed = false;
|
||||
} else {
|
||||
check('config 完整性', true, `${componentNodes.length} 個節點均有 config`);
|
||||
}
|
||||
|
||||
// 5. 零件存在於 WASM_BUCKET(透過 cypher/search 確認)
|
||||
const executorUrl = getCypherExecutorUrl(config);
|
||||
try {
|
||||
const headers: Record<string, string> = { 'Content-Type': 'application/json' };
|
||||
if (config.api_key) headers['X-Arcrun-API-Key'] = config.api_key;
|
||||
|
||||
const res = await fetch(`${executorUrl}/cypher/search`, {
|
||||
method: 'POST',
|
||||
headers,
|
||||
body: JSON.stringify({ triplets: workflow.flow }),
|
||||
});
|
||||
|
||||
if (res.ok) {
|
||||
const data = await res.json() as { missing: string[] };
|
||||
if (data.missing.length > 0) {
|
||||
check('零件存在性', false, `WASM_BUCKET 中找不到:${data.missing.join(', ')}`);
|
||||
allPassed = false;
|
||||
} else {
|
||||
check('零件存在性', true, '所有零件均已在 WASM_BUCKET');
|
||||
}
|
||||
} else {
|
||||
check('零件存在性', false, `無法連線 ${executorUrl},跳過驗證`);
|
||||
}
|
||||
} catch {
|
||||
check('零件存在性', false, `無法連線 ${executorUrl},跳過驗證`);
|
||||
}
|
||||
|
||||
// 6. 所需 credentials 已上傳至 CREDENTIALS_KV(僅在有 KV 設定時執行)
|
||||
if (config.cloudflare_account_id && config.cf_api_token) {
|
||||
const namespaceId = config.mode === 'standard'
|
||||
? config.user_kv_namespace_id
|
||||
: config.credentials_kv_namespace_id;
|
||||
|
||||
if (namespaceId) {
|
||||
const kv = new CfKvClient({
|
||||
accountId: config.cloudflare_account_id,
|
||||
namespaceId,
|
||||
apiToken: config.cf_api_token,
|
||||
});
|
||||
|
||||
// 查詢已上傳的 credentials
|
||||
try {
|
||||
const kvKeys = await kv.list('cred:');
|
||||
const uploadedCreds = new Set(kvKeys.map(k => k.name.replace('cred:', '')));
|
||||
|
||||
// 比對 workflow config 中引用的 credential key
|
||||
const usedCreds = extractCredentialRefs(workflow.config ?? {});
|
||||
const missingCreds = usedCreds.filter(k => !uploadedCreds.has(k));
|
||||
|
||||
if (missingCreds.length > 0) {
|
||||
check('Credentials 上傳', false, `未上傳:${missingCreds.join(', ')}(執行 acr creds push)`);
|
||||
allPassed = false;
|
||||
} else {
|
||||
check('Credentials 上傳', true, `已上傳 ${uploadedCreds.size} 個 credential`);
|
||||
}
|
||||
} catch {
|
||||
check('Credentials 上傳', false, 'KV 查詢失敗,跳過驗證');
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
console.log('');
|
||||
if (allPassed) {
|
||||
console.log(chalk.green.bold(' ✓ 驗證通過\n'));
|
||||
} else {
|
||||
console.log(chalk.red.bold(' ✗ 驗證未通過,請修正上方錯誤\n'));
|
||||
process.exit(1);
|
||||
}
|
||||
}
|
||||
|
||||
/** 從 workflow config 中提取可能的 credential key 引用(模板 {{creds.xxx}})*/
|
||||
function extractCredentialRefs(config: Record<string, Record<string, unknown>>): string[] {
|
||||
const refs = new Set<string>();
|
||||
const jsonStr = JSON.stringify(config);
|
||||
const matches = jsonStr.matchAll(/\{\{creds\.([^}]+)\}\}/g);
|
||||
for (const m of matches) {
|
||||
refs.add(m[1]);
|
||||
}
|
||||
return [...refs];
|
||||
}
|
||||
Reference in New Issue
Block a user