Leo/Arcrun
1
0
Fork 0
Code Issues 1 Pull Requests Actions Packages Projects Releases Wiki Activity
99 Commits 8 Branches 0 Tags
9593268ea66c4f8996968b536d737c2c07e66a92
Commit Graph

9 Commits

Author SHA1 Message Date
Leo f9071d153b fix(data-exfil-warning): 補上 pre-bash hook 偵測(前一 commit Edit 失敗漏掉) 
前一 commit message 提及 hook 但實際因 Edit old_string 不匹配未寫入。本 commit 補上:
- pre-bash-guard 偵測 acr push / acr recipe push 無 --confirm-exposure/--suppress-warning → exit 2
- 精準排除 acr creds push(上傳加密 cred 是保護非暴露)、acr run/list 不誤擋
- 驗證:push/recipe push 無旗標=2、帶旗標=0、creds push/run/list=0

e2e(wrangler dev --local)三態全綠:webhook 無consent→403 / 帶consent→201 /
同wf再部署→201(首次問記住);recipe push 無consent→403 + 保護入口訊息。
tasks V3/V4/V6 標記。

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
 2026-05-30 15:08:07 +08:00
Leo 3e92d4acf6 feat(data-exfil-warning): 資料外流警示 — 暴露動作需人類明示同意 
新 SDD .agents/specs/data-exfil-warning/(richblack review 過)。
觸發策略:只在「資料變成可被外部呼叫」時警示(webhook 部署 / recipe push),
不管出站打別人 API(高頻低風險)。

- C 同意憑證(exposure-consent.ts):ExposureConsent{confirmed_by_human, understood,
  confirmed_at, suppress_future};同意=法律憑證,存 record 可審
- A API 層:webhook 部署 + recipe push 首次需 consent,缺→403;首次問記住(server 端)
- B CLI(exposure-warning.ts):仿 GCP 刪 project,要打資源名確認(比 y/n 硬);
  --confirm-exposure(非互動)/ --suppress-warning(不再警示,本選擇也 log);
  非 TTY 無旗標→拒絕(AI 不替人類確認暴露);本機 config 記住已同意(不重問)
- H hook:pre-bash 偵測 acr push/recipe push 無旗標→exit 2(creds push/run 不誤擋)
- 警示是「保護措施入口」:提示 arcrun 可幫加認證/權限/限流(資安優勢)

驗收:非 TTY 拒絕未送出(exit1)、hook 精準擋放、tsc 雙邊綠。

⚠️ A+B 必須一起 deploy(API 層擋 + CLI 帶 consent),否則 push 中間狀態壞。

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
 2026-05-30 14:45:43 +08:00
Leo 202a5ab8d6 feat(registry): Phase 3 零件投稿靜態把關 + component-gatekeeping SDD 
新 SDD .agents/specs/component-gatekeeping/(richblack 確認,含 venue 修訂 + 信任模型)。

registry 端靜態把關(CF Worker 可跑,不執行 wasm):
- G1 detectFakeComponent: 外部 URL/domain + http_request 子集偵測,硬擋退稿指回 recipe
- G3 wasmImports: 解析 wasm import section,只准 wasi_snapshot_preview1 + u6u 白名單
- G5/G6: unimplemented_steps 明列 gherkin/cold_start/runtime_compat,不假綠(§3c/§7)
- gherkin_evidence 一致性驗證(投稿者本地跑,registry 不重跑——CF 禁 runtime 編譯 wasm)

把關範圍:公共庫 + self-hosted 私人庫同一套(design §0.0)。
信任模型(design §4.5):Gherkin 全綠≠安全;純 WASI 沙箱框死能力才是發佈底氣;
第一期 evidence 可造假(誠實標明),平台重跑列未來。

hook: pre-write-guard 白名單加 component-gatekeeping / component-registry-canon SDD 目錄。

測試: sandboxAcceptance.test.ts 4 綠(含 G1 假零件被擋)。

待續(同 SDD): G4 CLI 投稿指令本地跑 Gherkin、G0 人類閘門、R5 白名單+本機 hook。

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
 2026-05-29 17:53:03 +08:00
Leo 180cef26c7 docs: rename SDD folders u6u-* → arcrun-* + update cross-refs 
對應 SDD arcrun/.agents/specs/llm-interface/ M5.6(之前列為 backlog 連動)。
leo 2026-05-16 拍板 u6u 整體退場後,順手把兩個 SDD 也改名。

- .agents/specs/u6u-core-mvp/ → arcrun-core-mvp/
- .agents/specs/u6u-platform-evolution/ → arcrun-platform-evolution/
- CLAUDE.md / .claude/rules/00-sdd-protocol.md / 04-current-progress.md /
  llm-interface SDD 內所有跨 SDD 引用同步更新

Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
 2026-05-16 15:24:22 +08:00
Leo c2a2f82ade docs(arcrun): SDD llm-interface — AI 操盤手使用體驗 first-class 
設計動機:3 天 mira dogfood 累積 14 個痛點,7 個純粹是 LI 缺失。
arcrun 過去設計集中在「人」(u6u-gui / docs),AI 對 arcrun 的可用性
沒被當第一公民。

SDD 三件套(matrix/arcrun/.agents/specs/llm-interface/):

requirements.md
  - personas(Claude Code 主力 / 用戶私人 agent / SDK 使用者)
  - 範圍涵蓋 5 系統(cypher-executor / registry / u6u-mcp / u6u-gui / kbdb)
  - 10 個 FR:onboarding / CRUD 對等 / dry-run / 結構化 trace /
    可程式化 error / feedback tool / implicit telemetry /
    skill blocks / examples / weekly closed loop
  - 5 個 NFR:相容 / 多 transport / error contract 穩定 /
    feedback exportable / coverage 量化

design.md
  - 5 層 LI 模型:AGENTS.md / arcrun-mcp / Skills / Examples / Telemetry
  - 25 個 MCP tool 完整清單分 5 類
  - error_code enum v1
  - coverage matrix(GUI 動作 vs MCP / 31 cypher-executor 路由 vs LI)
  - 完整 AGENTS.md 模板
  - u6u-mcp → arcrun-mcp migration plan(90 天 deprecation)
  - weekly_review workflow YAML 範本

tasks.md
  - 5 個 milestone(M1 收 data / M2 gap-fill / M3 skill+examples /
    M4 closed loop / M5 rename)
  - 估算 23 個工作日 (~5 週)
  - M1 是硬前置(不收 data 改了也不知道對沒)

Audit 基準(用 4 個並行 Explore agent 整理):
  - cypher-executor: 31 HTTP 路由,9 個 AI-essential
  - u6u-mcp: 15 tool,缺 update/delete/history/validate/feedback
  - u6u-gui: 8 個人類動作可對等 LI / 3 個視覺類不需
  - kbdb: 50 路由 13 group,LI 走 abstracted tool 不直接 expose

同步更新 .claude/rules/04-current-progress.md SDD 索引。

Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
 2026-05-16 14:58:21 +08:00
Leo 6f6e31dbee fix(cypher): deploy P0 #9/#10/#10衍生 fixes (workers.dev URL + nested FOREACH + propagateCtx) 
arcrun.md 一直標  已解決但 fix 在 working tree 沒推。今天 mira 7B.3f 端對端
跑不通才發現 production 還是舊版(fetch *.arcrun.dev 同 zone 自循環 → 522)。

涵蓋:
- P0 #9: wasmWorkerUrl() 從 *.arcrun.dev 改 arcrun-{kebab}.{WORKER_SUBDOMAIN}.workers.dev
  + types.ts/wrangler.toml 加 WORKER_SUBDOMAIN binding (uncle6-me)
  + auth-dispatcher.ts 用新 signature
- P0 #10A: interpolateData() 拆 interpolateString + interpolateValue 遞迴 nested
- P0 #10B: propagateCtx() helper 把上游 output spread + 用 node id namespace 存
  讓下游能 {{node_id.data.text}} 永不被覆蓋。5 個 edge type 全用此 helper
- P0 #10C: FOREACH 找 iterable 先看 result 沒有再看 ctx + 掃 nested object 一層
  解雙重 FOREACH(paragraph→triplets)內層跑 0 次

rules/01-tech-stack.md + rules/03-component-architecture.md 同步補 workers.dev 慣例說明。

未推 5 個 worker 改動,今晚才發現實際沒部署過。
 2026-05-14 11:02:44 +08:00
Leo 83a01fe028 feat(auth_static_key): auto-encode Basic Auth; seed gemini/trello/mailgun recipes 
- auth_static_key WASM: 偵測 Authorization header "Basic <x>:<y>" (含冒號
  的 user:pass 原文), 自動 base64 編碼; 無冒號則維持原樣 (向後相容
  已 base64 過的值).
  這涵蓋 twilio / jira / mailgun 三個 Basic Auth recipe, 用戶 recipe
  只需寫 'Basic {{secret.user}}:{{secret.key}}' 直覺語法.

- 新增 3 個 recipe (auth-recipe-seeds.ts):
  • gemini    — static_key / header x-goog-api-key (單 secret)
  • trello    — static_key / QUERY key+token (雙 secret, 第一個 query
                injection 測試覆蓋)
  • mailgun   — static_key / HEADER Basic api:<key> (雙 secret Basic Auth)

- hook fix (pre-write-guard.sh): 放行 auth-recipe-seeds.ts 的 {{secret.X}}
  字面值. 該檔是 RECIPES KV 的 seed 資料, 不是 TS 展開邏輯;
  真正展開仍在 WASM 完成.

Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
 2026-04-22 08:29:02 +08:00
Leo cadcaef3b0 ci: generic scan-based deploy workflow for all Workers 
Rewrites deploy.yml to auto-discover every wrangler.toml in the repo
(excluding node_modules and Pages projects) rather than hardcoding
each Worker. Adding a new Worker only requires the new directory —
no workflow changes.

- Two-tier fanout: tier1 = .component-builds/* (WASM rebuild +
  deploy in parallel), tier2 = orchestration Workers (cypher-executor,
  registry, builtins) that depend on tier1 via service bindings.
- Diff-aware on push: only changed Worker dirs deploy; changes under
  registry/components/{name}/ cascade to .component-builds/{name}/.
- workflow_dispatch inputs: force_all (deploy everything) and only
  (comma-separated allow-list).
- TinyGo 0.40.1 rebuilds WASM from registry/components/{name}/main.go
  so deployed binaries always match source.
- max-parallel: 5 to stay under Workers API rate limit.

Adds .claude/rules/05-deploy-convention.md documenting the
"new Worker = new dir + wrangler.toml" invariant.

Per .agents/specs/arcrun/credential-primitives-wasm Phase 6.

Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
 2026-04-20 17:42:14 +08:00
Leo 6ee6fee8b9 chore: remove duplicate credentials/ dir + add CLAUDE.md + .claude rules 
credentials/ was a leftover duplicate — all credential routes already live
in cypher-executor/src/routes/credentials.ts. Adds the SDD protocol,
tech-stack, forbidden-list, component-architecture, and progress rules
that guide Phase 1-6 refactors.

Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
 2026-04-20 16:53:26 +08:00