- landing/: Next.js 15 app for arcrun.dev (dashboard, integrations,
API docs, login). Deploys via Cloudflare Pages — CI scan skips
this via pages_build_output_dir marker.
- builtins/: minimal Hono Worker at arcrun-builtins (/init for
one-shot component registry seeding). initComponents logic is
flagged stale in src/index.ts for future rewrite.
- BETA_TEST.md: pre-launch validation playbook.
- README.md: updated to match current arcrun.dev / acr CLI flow.
Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
Rewrites deploy.yml to auto-discover every wrangler.toml in the repo
(excluding node_modules and Pages projects) rather than hardcoding
each Worker. Adding a new Worker only requires the new directory —
no workflow changes.
- Two-tier fanout: tier1 = .component-builds/* (WASM rebuild +
deploy in parallel), tier2 = orchestration Workers (cypher-executor,
registry, builtins) that depend on tier1 via service bindings.
- Diff-aware on push: only changed Worker dirs deploy; changes under
registry/components/{name}/ cascade to .component-builds/{name}/.
- workflow_dispatch inputs: force_all (deploy everything) and only
(comma-separated allow-list).
- TinyGo 0.40.1 rebuilds WASM from registry/components/{name}/main.go
so deployed binaries always match source.
- max-parallel: 5 to stay under Workers API rate limit.
Adds .claude/rules/05-deploy-convention.md documenting the
"new Worker = new dir + wrangler.toml" invariant.
Per .agents/specs/arcrun/credential-primitives-wasm Phase 6.
Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
- New: acr recipe (push/list/get a user recipe to RECIPES KV)
- New: acr auth-recipe (inspect platform-seeded auth recipes)
- push/creds/init/parts/config updated to match the new cypher-executor
routing (/auth, /credentials, webhooks-named).
Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
Deploys gmail, telegram, line_notify, google_sheets, http_request, cron
as independent Cloudflare Workers at {name-kebab}.arcrun.dev. Each
wraps the TinyGo WASM from registry/components/{name}/main.go via
wasi-shim cross-import (Method A).
component-loader no longer carries BUILTIN_API_RECIPES — those
hardcoded gmail.googleapis.com / api.telegram.org / sheets / line-notify
endpoints all lived in TS, violating "all business logic in WASM".
Resolution chain now routes the 6 canonical IDs straight to their
{name}.arcrun.dev Worker URLs via WASM_HTTP_RUNNER_IDS.
Per .agents/specs/arcrun/credential-primitives-wasm Phase 3.
Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
- registry/components/auth_service_account: TinyGo impl for Google
Service Account (JWT-bearer → token exchange) and base structure
for AWS SigV4.
- .component-builds/auth_service_account: independent Worker at
auth-service-account.arcrun.dev, extends wasi-shim with an
http_request host function for the token exchange step.
- Delete cypher-executor/src/lib/wasm-executor.ts (legacy, replaced
by component-loader WASM HTTP runner path).
- credential-injector.ts service_account branch now throws — all
service_account recipes must route through auth-dispatcher.
Per .agents/specs/arcrun/credential-primitives-wasm Phase 2.
Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
credentials/ was a leftover duplicate — all credential routes already live
in cypher-executor/src/routes/credentials.ts. Adds the SDD protocol,
tech-stack, forbidden-list, component-architecture, and progress rules
that guide Phase 1-6 refactors.
Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
- /cypher/execute now accepts separate `config` field:
{node_name: {component: "cmp_19e62efd", ...staticParams}}
- graph-builder reads config[node].component to override componentId
(supports cmp_ hash, rec_ hash, or canonical_id)
- config[node] other fields become node.data (static params merged at runtime)
- acr run now sends workflow.config as separate `config` (not flattened into context)
- context is now only --input dynamic params
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
- Add 15 [[services]] bindings in cypher-executor wrangler.toml
- component-loader now calls logic Workers via Service Binding (svc.fetch)
instead of public URL fetch (which caused 522 timeout within same zone)
- Fallback to public URL if binding not available (dev/testing)
- Add ServiceBinding type to Bindings
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
- Logic components (15): each deployed as Worker at {name}.arcrun.dev,
cypher-executor fetches them via HTTP POST
- API components (6): gmail, telegram, line_notify, google_sheets,
http_request, cron executed inline via fetch recipes in component-loader
- External URL support: any https:// componentId is fetched directly
(n8n webhooks, MCP endpoints, etc.)
- Add deploy-logic-components.sh script for building/deploying WASM Workers
- Add component-worker-template with inline WASI shim
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Rewrote createComponentLoader to directly use createWasiShim inline
instead of calling executeWasm(componentId, buffer, ctx) which doesn't
match wasm-executor's actual signature of executeWasm(input, options).
Also adds Module caching to avoid recompiling WASM on every request.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Previously, the last node in any triplet chain was classified as Output type
and skipped by the executor (passthrough only). Now only nodes explicitly named
output/result/end/done are Output; all other sink nodes are Component and
will have their WASM executed.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
- Add all valid EdgeTypes to graphSchema.edges.type enum
- Add label field to graphSchema.nodes (graph-builder passes it)
- Was causing 圖定義產生失敗 for all /cypher/execute calls
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
- POST /register on cypher.arcrun.dev: HMAC-SHA256(email, ENCRYPTION_KEY) → ak_{32hex}, no DB needed
- acr run: Mode 1 (standard/local) now finds local YAML and POSTs to /cypher/execute inline
- acr init: fix register URL → cypher.arcrun.dev/register; fix local mode description
- acr init --local: creates hello.yaml example workflow
- cli v1.0.3 published
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Auto-deploys on push to main when files in cypher-executor/, registry/,
or credentials/ change. Manual dispatch deploys all three.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
A. acr init --local: new local mode, no Cloudflare account required;
config defaults to mode:local when ~/.arcrun/config.yaml missing
B. validate node-count bug: removed faulty input/output node heuristic
that dropped start/end nodes from config check; now all nodes except
reserved 'input' keyword must have config entries
C. acr validate --offline: skip remote component-existence and credentials
checks; local mode also auto-skips these checks
D. parts.ts: replace require('node:fs') with static import (ES module fix)
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Problem: canonical_id is readable but mutable; if a component is renamed,
all workflows referencing it by canonical_id break.
Solution: dual-id system
- component_hash_id: cmp_{sha256(canonical_id).slice(0,8)}, derived deterministically,
never changes, safe for workflow references
- canonical_id: human-readable name, used for search and display
- idx:{canonical_id} KV key: reverse-lookup index for resolving canonical_id → hash_id
Changes:
- types.ts: SandboxResult.component_id → component_hash_id + canonical_id,
added 'data' to category enum
- submitComponent.ts: deriveHashId(), writes idx: reverse-lookup on submit
- queryComponents.ts: full rewrite — removed KBDB dependency, uses SUBMISSIONS_KV;
supports both cmp_* and canonical_id as query id; Phase 0 keyword search
with note to upgrade to Vectorize in Phase 2
- sandboxAcceptance.ts: updated field names, fixed TextDecoder TS type
- ensureTemplate.ts: removed KBDB dependency, now a KV health check
- tests: updated component_id → canonical_id
- CONTRIBUTING.md: explain hash_id derivation and dual-id workflow reference syntax
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
- registry/aliases.yaml: scope-level synonym table for 21 built-in components
covers api (gmail/google_sheets/telegram/line_notify/http_request),
data (string/array/date/number/json), logic (if/foreach/switch/try_catch/wait),
ai scopes; includes zh/en/abbrev variants
- types.ts: add optional aliases[] field to ComponentContractSchema
- CONTRIBUTING.md: explain aliases auto-merge from aliases.yaml vs manual contract aliases
Note: manual maintenance for now; aliases.yaml becomes KBDB synonym graph seed data
when KBDB is introduced.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
- canonical_id naming table by category (api/data/logic/ai)
- display_name vs canonical_id distinction (display_name is free-form)
- description writing guide for semantic search indexing
- contract.yaml example updated to show the difference
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
- npm pkg fix: bin path "dist/index.js" (no leading ./)
- files: ["dist/"] to only publish compiled output
- prepublishOnly: chmod +x dist/index.js to preserve executable bit
- version: 1.0.0 → 1.0.1
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
README: add language comparison table in contributing section, explain AI writing
quality differences and why TinyGo is recommended for official components.
CONTRIBUTING: full rewrite with separate TinyGo + AssemblyScript sections,
each with AI prompt templates, code templates, build commands, and test commands.
Rust documented as supported with basic setup reference.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
- Lead with the AI collaboration pain points (token cost, debug friction)
- Position vs n8n: same concept, AI-friendly syntax
- 3 quick-start paths: local (no CF needed), cloud (KV only), self-hosted
- Reframe 21 components: http_request + AI config beats 100 fixed wrappers
- Component contribution section: emphasize AI writes the component
- Updated project positioning table (drop paid tier mention)
- Add acknowledgements with Claude Sonnet as co-author
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Leo
Claude