Arcrun

Leo/Arcrun

Fork 0

Commit Graph

Author	SHA1	Message	Date
Leo	17a076d35c	feat(arcrun): Phase 2 降級假零件成 recipe + credential 鏈路修復 Phase 1（credential 注入鏈路）： - 修 auth_static_key ENCRYPTION_KEY 漂移根因（見 docs/incidents） - component-loader: readBodyOnce() 修 "Body has already been used" Phase 2（降級假零件成 recipe，registry/components 33→22）： - 引擎: RecipeDefinition 加 auth_service（多 recipe 共用一把 auth） auth-dispatcher 先查 recipe.auth_service 再 fallback componentId - 引擎: auth_static_key inject.path + makeRecipeRunner {{auth.K}} （endpoint 可插 secret，解 telegram 類 URL-path token） - 引擎: makeRecipeRunner auto-body 剔除 _ 前綴內部欄位 - 降級並刪除: kbdb_{get,create_block,patch_block,delete,ingest} gmail/telegram/line_notify/google_sheets（改建為 recipe） - 刪除: ai_transform_{compile,run}（Arcrun 是 AI 呼叫的工具，工作流不該內嵌 AI 節點回頭呼叫 AI） - deferred（源碼暫留）: claude_api/km_writer（交 Mira 收成工作流）、 kbdb_upsert_block（交 KBDB 出 upsert endpoint）文件: DECISIONS.md（工作流是 default/建零件人類閘門/AI→工具）、 BACKLOG.md、auth-recipe.md §七、docs/incidents 加密 key 漂移驗收: KBDB get/create/ingest/delete 2xx；telegram auth 注入綠； gmail/sheets/line recipe 正確但缺 credential 未驗收； kbdb patch 403 為 KBDB 端 bug（已交 kbdb/docs） Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>	2026-05-29 16:18:18 +08:00
Leo	83a01fe028	feat(auth_static_key): auto-encode Basic Auth; seed gemini/trello/mailgun recipes - auth_static_key WASM: 偵測 Authorization header "Basic <x>:<y>" (含冒號的 user:pass 原文), 自動 base64 編碼; 無冒號則維持原樣 (向後相容已 base64 過的值). 這涵蓋 twilio / jira / mailgun 三個 Basic Auth recipe, 用戶 recipe 只需寫 'Basic {{secret.user}}:{{secret.key}}' 直覺語法. - 新增 3 個 recipe (auth-recipe-seeds.ts): • gemini — static_key / header x-goog-api-key (單 secret) • trello — static_key / QUERY key+token (雙 secret, 第一個 query injection 測試覆蓋) • mailgun — static_key / HEADER Basic api:<key> (雙 secret Basic Auth) - hook fix (pre-write-guard.sh): 放行 auth-recipe-seeds.ts 的 {{secret.X}} 字面值. 該檔是 RECIPES KV 的 seed 資料, 不是 TS 展開邏輯; 真正展開仍在 WASM 完成. Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>	2026-04-22 08:29:02 +08:00
Leo	18f04448ce	feat(auth): auth_static_key WASM primitive + host functions - wasi-shim gains kv_get / crypto_decrypt / crypto_sign_rs256 host functions with strict boundary (ENCRYPTION_KEY never exits Worker). - registry/components/auth_static_key: TinyGo impl for API-key / Bearer / Basic Auth recipes (80% of supported services). - .component-builds/auth_static_key: independent Worker at auth-static-key.arcrun.dev, imports wasi-shim cross-directory. - cypher-executor/auth-dispatcher routes static_key recipes to the new Worker instead of credential-injector TS. Replaces TS credential injection per .agents/specs/arcrun/credential-primitives-wasm Phase 1. Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>	2026-04-20 16:54:18 +08:00

Author

SHA1

Message

Date

Leo

17a076d35c

feat(arcrun): Phase 2 降級假零件成 recipe + credential 鏈路修復

Phase 1（credential 注入鏈路）：
- 修 auth_static_key ENCRYPTION_KEY 漂移根因（見 docs/incidents）
- component-loader: readBodyOnce() 修 "Body has already been used"

Phase 2（降級假零件成 recipe，registry/components 33→22）：
- 引擎: RecipeDefinition 加 auth_service（多 recipe 共用一把 auth）
  auth-dispatcher 先查 recipe.auth_service 再 fallback componentId
- 引擎: auth_static_key inject.path + makeRecipeRunner {{auth.K}}
  （endpoint 可插 secret，解 telegram 類 URL-path token）
- 引擎: makeRecipeRunner auto-body 剔除 _ 前綴內部欄位
- 降級並刪除: kbdb_{get,create_block,patch_block,delete,ingest}
  gmail/telegram/line_notify/google_sheets（改建為 recipe）
- 刪除: ai_transform_{compile,run}（Arcrun 是 AI 呼叫的工具，
  工作流不該內嵌 AI 節點回頭呼叫 AI）
- deferred（源碼暫留）: claude_api/km_writer（交 Mira 收成工作流）、
  kbdb_upsert_block（交 KBDB 出 upsert endpoint）

文件: DECISIONS.md（工作流是 default/建零件人類閘門/AI→工具）、
BACKLOG.md、auth-recipe.md §七、docs/incidents 加密 key 漂移

驗收: KBDB get/create/ingest/delete 2xx；telegram auth 注入綠；
gmail/sheets/line recipe 正確但缺 credential 未驗收；
kbdb patch 403 為 KBDB 端 bug（已交 kbdb/docs）

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>

2026-05-29 16:18:18 +08:00

Leo

83a01fe028

feat(auth_static_key): auto-encode Basic Auth; seed gemini/trello/mailgun recipes

- auth_static_key WASM: 偵測 Authorization header "Basic <x>:<y>" (含冒號
  的 user:pass 原文), 自動 base64 編碼; 無冒號則維持原樣 (向後相容
  已 base64 過的值).
  這涵蓋 twilio / jira / mailgun 三個 Basic Auth recipe, 用戶 recipe
  只需寫 'Basic {{secret.user}}:{{secret.key}}' 直覺語法.

- 新增 3 個 recipe (auth-recipe-seeds.ts):
  • gemini    — static_key / header x-goog-api-key (單 secret)
  • trello    — static_key / QUERY key+token (雙 secret, 第一個 query
                injection 測試覆蓋)
  • mailgun   — static_key / HEADER Basic api:<key> (雙 secret Basic Auth)

- hook fix (pre-write-guard.sh): 放行 auth-recipe-seeds.ts 的 {{secret.X}}
  字面值. 該檔是 RECIPES KV 的 seed 資料, 不是 TS 展開邏輯;
  真正展開仍在 WASM 完成.

Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>

2026-04-22 08:29:02 +08:00

Leo

18f04448ce

feat(auth): auth_static_key WASM primitive + host functions

- wasi-shim gains kv_get / crypto_decrypt / crypto_sign_rs256 host
  functions with strict boundary (ENCRYPTION_KEY never exits Worker).
- registry/components/auth_static_key: TinyGo impl for API-key /
  Bearer / Basic Auth recipes (80% of supported services).
- .component-builds/auth_static_key: independent Worker at
  auth-static-key.arcrun.dev, imports wasi-shim cross-directory.
- cypher-executor/auth-dispatcher routes static_key recipes to the
  new Worker instead of credential-injector TS.

Replaces TS credential injection per
.agents/specs/arcrun/credential-primitives-wasm Phase 1.

Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>

2026-04-20 16:54:18 +08:00

3 Commits