* Docs(KEP): Go SDK for X-Definition Authoring (defkit)
Introduces KEP proposal for defkit, a Go SDK that enables platform
engineers to author X-Definitions using native Go code instead of CUE.
Key proposed features:
- Fluent builder API for Component, Trait, Policy, and WorkflowStep definitions
- Transparent Go-to-CUE compilation
- IDE support with autocomplete and type checking
- Schema-agnostic resource construction
- Collection operations (map, filter, dedupe)
- Composable health and status expressions
- Addon integration with godef/ folder support
- Module dependencies for definition sharing via go get
Signed-off-by: Anoop Gopalakrishnan <anoop2811@aol.in>
* Fix(KEP): Examples and minor api changes given in the document
Signed-off-by: Anoop Gopalakrishnan <anoop2811@aol.in>
* Fix(KEP): align defkit examples
- Fix golang version in CI
- Fix variable declaration in example for testing
- Add Is() comparison method to status check
Signed-off-by: Anoop Gopalakrishnan <anoop2811@aol.in>
* Docs(KEP): add security considerations section
- Add goal #7 for secure code execution model
- Add Security Considerations section covering:
- Code execution model (compile-time only, not runtime)
- Security benefits over CUE (static analysis, dependency scanning)
- Threat model with mitigations
Addresses PR feedback about code execution safety.
Signed-off-by: Anoop Gopalakrishnan <anoop2811@aol.in>
* Docs(KEP): add module versioning and definition placement sections
- Add Module Versioning section explaining git-based version derivation
- Add Definition Placement section covering:
- Motivation for placement constraints in multi-cluster environments
- Fluent API for placement (RunOn, NotRunOn, label conditions)
- Logical combinators (And, Or, Not)
- Module-level placement defaults
- Placement evaluation logic
- CLI experience for managing cluster labels
- Add Module Hooks section for lifecycle callbacks
- Minor fixes and clarifications throughout
Signed-off-by: Anoop Gopalakrishnan <anoop2811@aol.in>
* Docs(KEP): add module hooks and update addon integration sections
- Add Module Hooks section covering:
- Use cases (CRD installation, setup scripts, post-install samples)
- Hook configuration in module.yaml (pre-apply, post-apply)
- Hook types (path for manifests, script for shell scripts)
- waitFor field with condition names and CUE expressions
- CLI usage (--skip-hooks, --dry-run)
- Update Addon Integration section with implementation details:
- godef/ folder structure with module.yaml
- CLI flags (--godef, --components, --traits, --policies, --workflowsteps)
- Conflict detection and --override-definitions flag
- Development workflow
Signed-off-by: Anoop Gopalakrishnan <anoop2811@aol.in>
* Docs(KEP): address PR review comments and clarify placement labels
- Fix misleading "Sandboxed Compilation" claim (cubic-ai feedback) -
renamed to "Isolated Compilation" and clarified that security relies
on trust model, not technical sandboxing
- Fix inconsistent apiVersion in module hooks example (defkit.oam.dev/v1
→ core.oam.dev/v1beta1)
- Clarify that placement uses vela-cluster-identity ConfigMap directly,
not the vela cluster labels command (which is planned for future)
- Add --stats flag to apply-module CLI documentation
Signed-off-by: Anoop Gopalakrishnan <anoop2811@aol.in>
* Docs(KEP): fix API documentation
Signed-off-by: Anoop Gopalakrishnan <anoop2811@aol.in>
* Feat(defkit): add core fluent API types for Go-based definitions
Introduce the defkit package providing a fluent Go API for defining
KubeVela X-Definitions (components, traits, policies, workflow steps).
Core types added:
- types.go: Value, Condition, Param interfaces
- base.go: Base definition types and interfaces
- param.go: Parameter builders (String, Int, Bool, Array, Map, Struct, Enum)
- expr.go: Expression builders for conditions and comparisons
- resource.go: Resource operations (Set, SetIf, Spread)
- context.go: KubeVela context references (appName, namespace, etc.)
- test_context.go: Test utilities for definition validation
This enables writing type-safe Go definitions that compile to CUE.
Signed-off-by: Anoop Gopalakrishnan <anoop2811@aol.in>
* Feat(defkit): add collection operations and helper builders
Add fluent API for array/collection transformations:
- CollectionOp with Filter, Map, Pick, Wrap, Dedupe operations
- From() and Each() entry points for collection pipelines
- FieldRef, FieldEquals, FieldMap for field-level operations
- MultiSource for complex multi-array comprehensions
- Add helper builders for template variables
- Add value transformation utilities
Signed-off-by: Anoop Gopalakrishnan <anoop2811@aol.in>
* Feat(defkit): add CUE code generator
Implement CUEGenerator that transforms Go definitions into CUE code
Added helper methods and writers for conversion
Signed-off-by: Anoop Gopalakrishnan <anoop2811@aol.in>
* Feat(defkit): add status and health policy builders
Add fluent builders for customStatus and healthPolicy CUE generation
Signed-off-by: Anoop Gopalakrishnan <anoop2811@aol.in>
* Feat(defkit): add definition type builders
Add fluent builders for all four KubeVela X-Definition types:
- ComponentDefinition
- TraitDefinition
- PolicyDefinition
- WorkflowStepDefinition
Signed-off-by: Anoop Gopalakrishnan <anoop2811@aol.in>
* Feat(goloader): add Go module loader for definitions
- Definition interface and registry for runtime discovery
- Discover and parse Go-based definition files
- Compile Go definitions to CUE at runtime
- Module environment for batch processing
- Parallel generation for better performance
Signed-off-by: Anoop Gopalakrishnan <anoop2811@aol.in>
* Feat(cli): add vela def commands for Go-based definitions
- init-module: scaffold a new Go definition module
- apply-module: compile and apply definitions to cluster
- list-module: show definitions in a module
- validate-module: validate definitions without applying
- Also support the cue commands for xdefintions for go code
Signed-off-by: Anoop Gopalakrishnan <anoop2811@aol.in>
* Feat(defkit): add testing utilities and matchers
- CUE comparison matchers for Ginkgo/Gomega tests
- Test helpers for definition validation
Signed-off-by: Anoop Gopalakrishnan <anoop2811@aol.in>
* Feat(defkit): add patch container helpers for container mod operations
Signed-off-by: Anoop Gopalakrishnan <anoop2811@aol.in>
* Fix(cli): update the go module to 1.23.8 for defkit init-module command
Signed-off-by: Anoop Gopalakrishnan <anoop2811@aol.in>
* Refactor: Add grouped help output for vela def command
Signed-off-by: Anoop Gopalakrishnan <anoop2811@aol.in>
* Feat(defkit): add definition placement for cluster-aware deployments
Enable definitions to specify which clusters they should run on based on
cluster identity labels stored in a well-known ConfigMap.
Also derives module version from git tags and improves init-module to
create directories from --name flag.
Signed-off-by: Anoop Gopalakrishnan <anoop2811@aol.in>
* Feat(defkit): add RunOn/NotRunOn fluent API for placement constraints
Add placement methods to all definition builders allowing definitions
to specify cluster eligibility using the placement package's fluent API.
Signed-off-by: Anoop Gopalakrishnan <anoop2811@aol.in>
* Docs(defkit): add commented placement example to module.yaml template
Show users the placement syntax in generated module.yaml without
setting actual values.
Signed-off-by: Anoop Gopalakrishnan <anoop2811@aol.in>
* Feat(defkit): add module-level placement support
Add placement constraints at the module level in module.yaml that
apply to all definitions unless overridden at definition level.
Signed-off-by: Anoop Gopalakrishnan <anoop2811@aol.in>
* Feat(defkit): add CLI placement enforcement in apply-module
Add placement constraint checking to `vela def apply-module` command.
Definitions are skipped if cluster labels don't match module placement.
- Add --ignore-placement flag to bypass placement checks
- Display placement status during apply with clear skip reasons
- Track placement-skipped count in summary output
Signed-off-by: Anoop Gopalakrishnan <anoop2811@aol.in>
* Fix(defkit): show all flags in subcommand help output
Fix custom help function to properly display flags for def subcommands
like init-module and apply-module instead of only showing parent flags.
Signed-off-by: Anoop Gopalakrishnan <anoop2811@aol.in>
* Fix(defkit): apply name prefix to definitions in apply-module
The --prefix flag was not being applied to definition names. The prefix
was set in module loader metadata but not used when creating Kubernetes
objects from parsed CUE.
Signed-off-by: Anoop Gopalakrishnan <anoop2811@aol.in>
* Chore(defkit): align module command help with standard vela pattern
Remove argument placeholders from command Use field to align with
other vela commands (addon, cluster, workflow). Arguments are shown
in examples and individual --help output instead of the listing.
Signed-off-by: Anoop Gopalakrishnan <anoop2811@aol.in>
* Fix(goloader): use json.Unmarshal for go mod download output
The downloadGoModule function parses JSON output from 'go mod download -json'
but was incorrectly using yaml.Unmarshal with json struct tags. The yaml.v3
library ignores json tags, resulting in empty field values.
This would cause remote Go module loading (e.g., github.com/foo/bar@v1.0.0)
to fail with "go mod download did not return a directory" because result.Dir
would be empty.
Fix: Use json.Unmarshal instead since the data is JSON from the Go toolchain.
Signed-off-by: Anoop Gopalakrishnan <anoop2811@aol.in>
* Fix(goloader): use semver for MinVelaVersion comparison
String comparison of version numbers is incorrect for cases like
"v1.10.0" > "v1.9.0" which returns false due to lexicographic ordering.
Use the Masterminds/semver library (already a dependency) for proper
semantic version comparison in ValidateModule().
Signed-off-by: Anoop Gopalakrishnan <anoop2811@aol.in>
* Fix(placement): validate operator in module placement conditions
Add validation to catch invalid placement operators at module load time
instead of silently failing at runtime evaluation.
- Add Operator.IsValid() method to check for valid operators
- Add ValidOperators() helper function
- Add validatePlacementConditions() in ValidateModule()
- Provides clear error message with valid operator list
Signed-off-by: Anoop Gopalakrishnan <anoop2811@aol.in>
* Fix(cli): validate conflict strategy in apply-module
Invalid --conflict values like "invalid" were silently accepted and
would fall through the switch statement, behaving like "overwrite".
Add ConflictStrategy.IsValid() method and validation at flag parsing
to provide clear error message for invalid values.
Signed-off-by: Anoop Gopalakrishnan <anoop2811@aol.in>
* Feat(placement): support definition-level placement constraints
Previously only module-level placement was enforced. Now individual
definitions can specify their own placement constraints that override
module defaults.
Changes:
- Add Placement field to DefinitionInfo and DefinitionPlacement types
- Add GetPlacement/HasPlacement to Definition interface
- Update registry ToJSON to include placement in output
- Update goloader to capture definition placement from registry
- Update CLI apply-module to use GetEffectivePlacement() for combining
module-level and definition-level placement
- Add comprehensive tests for definition placement
Signed-off-by: Anoop Gopalakrishnan <anoop2811@aol.in>
* Chore(defkit): remove dead PatchTemplate code
PatchTemplate, PatchOp, SetPatchOp, and SetIfPatchOp were defined but
never used anywhere in the codebase. The PatchResource type already
provides the same functionality and is the one actually being used
through Template.Patch().
Removed:
- PatchTemplate struct and its methods (ToCue, SetIf, Set)
- PatchOp interface
- SetPatchOp struct and its ToCue method
- SetIfPatchOp struct and its ToCue method
- NewPatchTemplate constructor
This cleanup reduces maintenance burden without affecting any
functionality.
Signed-off-by: Anoop Gopalakrishnan <anoop2811@aol.in>
* Fix(cli): pass actual VelaVersion to validate-module command
The help text for `vela def validate-module` promised to check
minVelaVersion requirements but ValidateModule() was called with
an empty string, causing the check to be silently skipped.
Now passes velaversion.VelaVersion so modules specifying a minimum
KubeVela version will be properly validated against the current CLI
version.
Signed-off-by: Anoop Gopalakrishnan <anoop2811@aol.in>
* Feat(defkit): implement WithDetails() and FromTyped() APIs
WithDetails():
- Adds WithDetails(message, details...) method to StatusBuilder
- Allows adding structured key-value details alongside status messages
- Uses existing StatusDetail and statusWithDetailsExpr infrastructure
- Example: s.WithDetails(s.Format("Ready: %v", ...), s.Detail("endpoint", ...))
FromTyped():
- Converts typed Kubernetes objects (runtime.Object) to Resource
- Provides compile-time type safety for building resources
- Requires TypeMeta to be set on the object
- Includes MustFromTyped() variant that panics on error
- Example: defkit.FromTyped(&appsv1.Deployment{...})
Both APIs were documented in the KEP but not implemented.
Signed-off-by: Anoop Gopalakrishnan <anoop2811@aol.in>
* Style(defkit): apply gofmt formatting
Signed-off-by: Anoop Gopalakrishnan <anoop2811@aol.in>
* Fix(defkit): fix remote module download with @latest version
When downloading a Go module without an explicit version, always append
@latest to ensure go mod download fetches from the remote repository
instead of skipping the download.
Signed-off-by: Anoop Gopalakrishnan <anoop2811@aol.in>
* Fix(defkit): support running def commands from any directory
Previously, module commands like `vela def list-module` only worked
when run from within the kubevela repository. Now they work from any
directory by honoring replace directives in the source module's go.mod.
Signed-off-by: Anoop Gopalakrishnan <anoop2811@aol.in>
* Feat(defkit): generate doc.go files in init-module
Create doc.go files with package documentation in each definition
directory (components, traits, policies, workflowsteps). This ensures
go mod tidy works correctly by making each directory a valid Go package,
and provides helpful examples for users creating new definitions.
Signed-off-by: Anoop Gopalakrishnan <anoop2811@aol.in>
* Fix(defkit): deduplicate definitions from overlapping directory scans
The module loader scans both conventional directories (components/,
traits/, etc.) and the root directory. Since DiscoverDefinitions uses
recursive filepath.Walk, files in subdirectories were found twice.
Added file tracking to skip already-processed files.
Signed-off-by: Anoop Gopalakrishnan <anoop2811@aol.in>
* Fix(defkit): validate placement constraints and fix GOWORK interference
Add validation for conflicting placement constraints at registration time.
Definitions with logically impossible placement (e.g., same condition in
both RunOn and NotRunOn) now fail fast with a clear error message.
Also fix placement loading when parent directories contain go.work files
by setting GOWORK=off when running the registry generator.
Signed-off-by: Anoop Gopalakrishnan <anoop2811@aol.in>
* Feat(defkit): add parameter schema constraints and runtime condition methods
Extend the parameter fluent API with comprehensive validation and
conditional logic support:
- Schema constraints for input validation (Min/Max, Pattern, MinLen/MaxLen, MinItems/MaxItems)
- Runtime conditions for template logic (In, Contains, Matches, StartsWith/EndsWith, Len*, IsEmpty/IsNotEmpty, HasKey, IsFalse)
Signed-off-by: Anoop Gopalakrishnan <anoop2811@aol.in>
* Feat(defkit): add waitFor support with CUE expressions for module hooks
Add the ability to specify custom readiness conditions for module hooks
using the new `waitFor` field. This allows users to define precise
conditions for when resources should be considered ready.
The waitFor field supports two formats:
- Simple condition name (e.g., "Ready", "Established") - checks
status.conditions for the named condition with status "True"
- CUE expression (e.g., "status.replicas == status.readyReplicas") -
evaluated against the full resource for flexible readiness checks
Signed-off-by: Anoop Gopalakrishnan <anoop2811@aol.in>
* Feat(addon): add godef support for Go-based definitions in addons
Add support for a godef/ folder in addons that allows writing definitions
in Go instead of CUE. When an addon is enabled, Go definitions are
automatically compiled to CUE and deployed alongside traditional CUE
definitions.
Signed-off-by: Anoop Gopalakrishnan <anoop2811@aol.in>
* Fix: lint issues and make reviewable
Signed-off-by: Anoop Gopalakrishnan <anoop2811@aol.in>
* Fix: lint and build failure
Signed-off-by: Anoop Gopalakrishnan <anoop2811@aol.in>
* Fix: lint and ci errors
Signed-off-by: Anoop Gopalakrishnan <anoop2811@aol.in>
* Fix: golangci-lint errors for defkit package
- Use standard library errors (errors.Is/As) instead of pkg/errors
- Fix ineffassign issues by scoping variables correctly
- Add nolint comments for intentional nilerr, makezero patterns
- Combine chained appends in addon init.go
- Add gosec nolint for CLI file operations and permissions
- Increase gocyclo threshold to 35, nolint complex CLI commands
Signed-off-by: Anoop Gopalakrishnan <anoop2811@aol.in>
* Fix: kubectl installation with retry and fallback version in github actions
Signed-off-by: Anoop Gopalakrishnan <anoop2811@aol.in>
* Fix(ci): hardcode kubectl version to avoid flaky CDN endpoint
Signed-off-by: Anoop Gopalakrishnan <anoop2811@aol.in>
* Chore: improve test coverage for codecov
Signed-off-by: Anoop Gopalakrishnan <anoop2811@aol.in>
* Chore: add more tests for codecov and CI to pass
Signed-off-by: Anoop Gopalakrishnan <anoop2811@aol.in>
* Fix: ci failure on style
Signed-off-by: Anoop Gopalakrishnan <anoop2811@aol.in>
* Fix: OperatorNotEquals to fail closed with empty values
Change NotEquals operator to return false when Values slice is empty,
matching the fail-closed behavior of Equals operator. This prevents
silent widening of placement eligibility when a malformed constraint
is created.
Following Kubernetes label selector semantics where In/NotIn operators
require non-empty values, we apply a fail-closed approach for safety
in placement decisions.
Signed-off-by: Anoop Gopalakrishnan <anoop2811@aol.in>
* Fix: OpenArrayParam field shadowing and remove redundant GetName()
Signed-off-by: Anoop Gopalakrishnan <anoop2811@aol.in>
* Fix: path traversal vulnerability in Go definition scaffolding
Validate Go definition names before using them in file paths to prevent
creation of files outside the addon directory. Unsanitized names could
contain path traversal segments (e.g., "../../../etc/passwd") allowing
arbitrary file writes.
Signed-off-by: Anoop Gopalakrishnan <anoop2811@aol.in>
* Fix: unescaped string interpolation in health_expr CUE generation
Use %q format verb in formatValue() to properly escape quotes and
special characters when generating CUE strings. Update fieldContainsExpr
to use formatValue() instead of raw string interpolation.
This prevents invalid CUE when substring values contain quotes or
backslashes.
Signed-off-by: Anoop Gopalakrishnan <anoop2811@aol.in>
* Fix: Guard against typed nil in Gomega matchers to prevent panic
Signed-off-by: Anoop Gopalakrishnan <anoop2811@aol.in>
* Fix: Guard against malformed bracket path in parseBracketAccess
Signed-off-by: Anoop Gopalakrishnan <anoop2811@aol.in>
* Fix: incomplete AppRevision test to actually verify resolution
Signed-off-by: Anoop Gopalakrishnan <anoop2811@aol.in>
* Fix: apply fail-closed behavior to NotIn with empty values
Signed-off-by: Anoop Gopalakrishnan <anoop2811@aol.in>
* Doc: Added note about RawCUE and some alignment style
Signed-off-by: Anoop Gopalakrishnan <anoop2811@aol.in>
---------
Signed-off-by: Anoop Gopalakrishnan <anoop2811@aol.in>
* test(cli): enhance unit test coverage for theme and color config
This commit introduces a comprehensive suite of unit tests for the theme and color configuration functions in `references/cli/top/config`.
Key changes include:
- Refactored existing tests in `color_test.go` to use table-driven sub-tests for improved clarity and maintainability.
- Added new test functions to validate color parsing, hex color detection, and default theme creation.
- Implemented tests for theme file lifecycle management, including creation and loading logic.
These additions significantly increase the test coverage and ensure the robustness and correctness of the CLI's theme and color functionality.
Signed-off-by: Ashvin Bambhaniya <ashvin.bambhaniya@improwised.com>
* test(cli): refactor and enhance tests for top view models and utils
This commit improves the unit test suite for the CLI's top view functionality by refactoring existing tests and adding new ones to increase coverage.
Key changes include:
- In `application_test.go`, `TestApplicationList_ToTableBody` is refactored to be a table-driven test, and new tests are added for `serviceNum`, `workflowMode`, and `workflowStepNum` helpers.
- In `time_test.go`, `TestTimeFormat` is refactored into a table-driven test for better structure and readability.
These changes align the tests with best practices and improve the overall robustness of the CLI top view's data presentation logic.
Signed-off-by: Ashvin Bambhaniya <ashvin.bambhaniya@improwised.com>
* test(cuegen): enhance unit test coverage for CUE generation packages
This commit introduces a comprehensive suite of unit tests and refactors existing tests for the CUE generation packages located in `references/cuegen`.
Key changes include:
- Refactored existing tests in `generator_test.go` and `provider_test.go` to use table-driven sub-tests, improving clarity, maintainability, and coverage of error conditions.
- Added new test functions to `convert_test.go` to validate helper functions for comment generation, type support, and enum field handling.
- Added new tests in `provider_test.go` to cover provider extraction, declaration modification, and panic recovery logic.
These changes significantly increase the test coverage for the `cuegen` libraries, ensuring the correctness and robustness of the CUE code generation functionality.
Signed-off-by: Ashvin Bambhaniya <ashvin.bambhaniya@improwised.com>
* test(docgen): add comprehensive unit tests for doc generation
This commit introduces a comprehensive suite of unit tests for the documentation generation package located in `references/docgen`.
Key changes include:
- Added new test files (`console_test.go`, `convert_test.go`, `openapi_test.go`) to cover the core functions for parsing and generating documentation for CUE, Terraform, and OpenAPI schemas.
- Refactored and enhanced `i18n_test.go` to use sub-tests, resolve race conditions, and improve coverage for fallback logic and error handling.
- Ensured all new and existing tests follow best practices, using table-driven tests for clarity and maintainability.
This effort significantly increases the test coverage for the `docgen` package, improving the reliability and robustness of the documentation generation features.
Signed-off-by: Ashvin Bambhaniya <ashvin.bambhaniya@improwised.com>
* test: improve test reliability and conventions
This commit introduces several improvements to the test suite to enhance reliability and adhere to best practices.
- **Fix flaky test in `docgen/openapi_test.go`**:
The test for `GenerateConsoleDocument` was flaky because it performed an exact string match on table output generated from a map. Since map iteration order is not guaranteed, this could cause spurious failures. The test is now order-insensitive, comparing sorted sets of lines instead.
- **Improve assertions in `docgen/console_test.go`**:
- Removes an unnecessary `test.EquateErrors()` option, which is not needed for simple string comparisons.
- Corrects the `cmp.Diff` argument order to the standard `(want, got)` convention for clearer failure messages.
- Fixes a typo in an error message.
- **Standardize assertions in `cli/top/config/color_test.go`**:
Swaps `assert.Equal` arguments to the standard `(expected, actual)` convention.
- **Clean up `cuegen/generators/provider/provider_test.go`**:
Removes a redundant error check.
Signed-off-by: Ashvin Bambhaniya <ashvin.bambhaniya@improwised.com>
---------
Signed-off-by: Ashvin Bambhaniya <ashvin.bambhaniya@improwised.com>
Previously, the deletion message for applications contained a typo where "application" was misspelled as "appplication". This commit corrects the spelling to "application" in the message:
- Before: "Start deleting appplication %s/%s\n"
- After: "Start deleting application %s/%s\n"
This change improves the clarity of the output message when deleting applications.
Signed-off-by: YoungLH <974840768@qq.com>
