coulomb/binect-js
2
0
Fork 0
generated from coulomb/repo-seed
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Add State Hub bootstrap workplan and agent integration files

Browse Source 
Seed workplans/ with bootstrap workplan to satisfy ADR-001 C-01.
Includes regenerated dev-hub session-protocol and agent instruction files.
This commit is contained in:
Bernd Worsch
2026-06-22 21:44:32 +02:00
parent 2691215f62
commit 08c87dead1
14 changed files with 660 additions and 406 deletions
Download Patch File Download Diff File Expand all files Collapse all files

488
AGENTS.md
View File

@@ -1,295 +1,219 @@
# AGENTS.md - Binect-JS Library Usage Guide
# Binect-JS — Agent Instructions
This file helps coding agents (Claude, Cursor, Copilot, etc.) efficiently integrate and use the Binect-JS library for sending physical mail via PDF.
## Repo Identity
## What This Library Does
**Purpose:** JavaScript/TypeScript wrapper (@binect/js) for the Binect REST API to send PDF documents as physical mail via Deutsche Post, plus a browser-based Explorer. Thin, transparent, zero-runtime-dependency SDK. Governance in INTENT.md / SCOPE.md.
Binect-JS is a TypeScript/JavaScript SDK for the [Binect API](https://app.binect.de) that enables sending PDF documents as physical letters via Deutsche Post. Upload a PDF, the service extracts the recipient address, prints it, and mails it.
**Domain:** communication
**Repo slug:** binect-js
**Topic ID:** `36c7421b-c537-4723-bf75-42a3ebc6a1dc`
**Workplan prefix:** `BINECT-WP-`
## Installation
---
The library is not yet published to npm. Reference it locally:
## State Hub Integration
```json
// package.json
{
"dependencies": {
"@binect/js": "file:../path/to/binect-js"
}
}
```
The Custodian State Hub tracks work across all domains. Interact via HTTP REST —
there is no MCP server for Codex agents.
Or link it:
```bash
cd /path/to/binect-js && npm link
cd /your/project && npm link @binect/js
```
| Context | URL |
|---------|-----|
| Local workstation | `http://127.0.0.1:8000` |
| Remote via tunnel | `http://127.0.0.1:18000` |
## Quick Start
```typescript
import { BinectClient, DocumentStatus, isShippable } from '@binect/js';
import { readFileSync } from 'fs';
const client = new BinectClient({
username: 'your@email.com',
password: 'your-password'
});
// Upload a PDF
const pdfContent = readFileSync('letter.pdf').toString('base64');
const doc = await client.documents.upload({
content: pdfContent,
filename: 'letter.pdf',
color: false,
simplex: false, // false = duplex (double-sided)
envelope: 'DINLANG',
franking: 'STANDARD_FRANKING'
});
console.log(`Document ${doc.id} status: ${doc.status.code}`);
```
## Core API Methods
### Documents (`client.documents`)
```typescript
// Upload PDF (base64 encoded)
const doc = await client.documents.upload({
content: base64String,
filename: 'letter.pdf',
color: false,
simplex: false,
envelope: 'DINLANG', // or 'C4'
franking: 'STANDARD_FRANKING'
});
// Get document by ID
const doc = await client.documents.get(documentId);
// List shippable documents
const list = await client.documents.list({ limit: 10, offset: 0 });
// Delete document
await client.documents.delete(documentId);
// Get PDF preview
const response = await client.documents.getPdf(documentId);
const pdfBlob = await response.blob();
```
### Sendings (`client.sendings`)
```typescript
// Send a document (triggers physical mailing)
const sending = await client.sendings.send(documentId);
// Cancel a sending (only works if status is PRODUCTION_QUEUE or PRINTING)
const result = await client.sendings.cancel(documentId);
// Send multiple documents at once
const sendings = await client.sendings.announce([docId1, docId2]);
// Cancel multiple
const results = await client.sendings.cancelMultiple([docId1, docId2]);
```
### Accounts (`client.accounts`)
```typescript
// Get account balance
const account = await client.accounts.get();
console.log(`Balance: ${account.credit} ${account.unit}`); // e.g., "401 EUROCENT"
// Get personal data
const personal = await client.accounts.getPersonalData();
```
### Attachments (`client.attachments`)
```typescript
// Upload reusable attachment
const attachment = await client.attachments.upload({
content: base64PdfContent,
name: 'terms-and-conditions.pdf'
});
// Add attachment to document
await client.documents.addAttachment(documentId, attachment.attachmentId);
```
## Document Status Codes
```typescript
import { DocumentStatus } from '@binect/js';
DocumentStatus.IN_PREPARATION // 1 - Being validated
DocumentStatus.SHIPPABLE // 2 - Ready to send
DocumentStatus.PRODUCTION_QUEUE // 3 - Queued for printing
DocumentStatus.PRINTING // 4 - Currently printing
DocumentStatus.SENT // 5 - Mailed
DocumentStatus.CANCELED // 6 - Canceled
DocumentStatus.ERRONEOUS // 7 - Has errors
```
## Helper Functions
```typescript
import {
isShippable,
isErroneous,
isCancelable,
isTerminal,
hasErrors,
getErrors,
pollUntil,
waitForShippable,
bufferToBase64,
fileToBase64
} from '@binect/js';
// Status checks
if (isShippable(doc)) { /* ready to send */ }
if (isErroneous(doc)) { /* check errors */ }
if (isCancelable(doc)) { /* can still cancel */ }
if (isTerminal(doc)) { /* final state: sent/canceled/error */ }
// Validation
if (hasErrors(doc)) {
const errors = getErrors(doc);
errors.forEach(e => console.log(e.message));
}
// Base64 encoding
const base64 = bufferToBase64(fs.readFileSync('letter.pdf')); // Node.js
const base64 = await fileToBase64(fileInput.files[0]); // Browser
```
## Polling for Status Changes
```typescript
import { pollUntil, isShippable, isErroneous } from '@binect/js';
// Poll until document is ready or has errors
const doc = await pollUntil(
() => client.documents.get(documentId),
(doc) => isShippable(doc) || isErroneous(doc),
{ intervalMs: 2000, maxAttempts: 30 }
);
// Or use the convenience helper
import { waitForShippable } from '@binect/js';
const doc = await waitForShippable(
() => client.documents.get(documentId)
);
```
## Error Handling
```typescript
import { BinectApiError, BinectAuthError } from '@binect/js';
try {
await client.documents.upload({ ... });
} catch (error) {
if (error instanceof BinectAuthError) {
// 401 - Invalid credentials
console.error('Authentication failed');
} else if (error instanceof BinectApiError) {
// Other API errors (400, 403, 404, 500, etc.)
console.error(`API Error: ${error.message}`);
console.error(`Status: ${error.status}`);
console.error(`Endpoint: ${error.endpoint}`);
// Full details
console.error(error.toDetailedString());
}
}
```
## Complete Send-and-Cancel Example
```typescript
import { BinectClient, DocumentStatus, pollUntil } from '@binect/js';
import { readFileSync } from 'fs';
const client = new BinectClient({
username: process.env.BINECT_USERNAME!,
password: process.env.BINECT_PASSWORD!
});
// 1. Upload
const pdfContent = readFileSync('letter.pdf').toString('base64');
const doc = await client.documents.upload({
content: pdfContent,
filename: 'letter.pdf',
envelope: 'DINLANG',
franking: 'STANDARD_FRANKING'
});
const docId = String(doc.id);
// 2. Send
await client.sendings.send(docId);
// 3. Wait for production queue
const sentDoc = await pollUntil(
() => client.documents.get(docId),
(d) => d.status.code !== DocumentStatus.IN_PREPARATION,
{ intervalMs: 1000, maxAttempts: 10 }
);
// 4. Cancel if still possible
if (sentDoc.status.code === DocumentStatus.PRODUCTION_QUEUE ||
sentDoc.status.code === DocumentStatus.PRINTING) {
await client.sendings.cancel(docId);
}
// 5. Cleanup
await client.documents.delete(docId);
```
## Type Imports
```typescript
// All types are exported
import type {
Document,
DocumentUploadOptions,
Sending,
AccountInfo,
ValidationMessage,
PriceInfo,
ListResponse,
BinectClientConfig
} from '@binect/js';
```
## Key Constraints
1. **PDF must have recipient address** in DIN 5008 format (address window position)
2. **Max file size**: 12 MB
3. **Authentication**: HTTP Basic Auth (credentials not stored/cached)
4. **No retries**: Network failures throw immediately (no automatic retry)
5. **Cancel window**: Can only cancel while status is PRODUCTION_QUEUE (3) or PRINTING (4)
## Environment Variables Pattern
```typescript
// Recommended pattern for credentials
const client = new BinectClient({
username: process.env.BINECT_USERNAME!,
password: process.env.BINECT_PASSWORD!
});
```
## Testing
### Orient at session start
```bash
# Run unit tests
npm test
# Offline brief — works without hub connection
cat .custodian-brief.md
# Run e2e tests (requires credentials)
BINECT_USERNAME="user@example.com" BINECT_PASSWORD="password" npm run test:e2e
# Active workstreams for this domain
curl -s "http://127.0.0.1:8000/workstreams/?topic_id=36c7421b-c537-4723-bf75-42a3ebc6a1dc&status=active" \
| python3 -m json.tool
# Check inbox
curl -s "http://127.0.0.1:8000/messages/?to_agent=binect-js&unread_only=true" \
| python3 -m json.tool
```
Note: Use double quotes for passwords containing `!` (bash history expansion).
Mark a message read:
```bash
curl -s -X PATCH "http://127.0.0.1:8000/messages/<id>/read" \
-H "Content-Type: application/json" -d '{}'
```
### Log progress (required at session close)
```bash
curl -s -X POST http://127.0.0.1:8000/progress/ \
-H "Content-Type: application/json" \
-d '{
"summary": "what was done",
"event_type": "note",
"author": "codex",
"workstream_id": "<uuid>",
"task_id": "<uuid>"
}'
```
Omit `workstream_id` / `task_id` when not applicable.
### Update task status
```bash
curl -s -X PATCH "http://127.0.0.1:8000/tasks/<task_id>" \
-H "Content-Type: application/json" \
-d '{"status": "progress"}'
# values: wait | todo | progress | done | cancel
```
### Flag a task for human review
```bash
curl -s -X PATCH "http://127.0.0.1:8000/tasks/<task_id>" \
-H "Content-Type: application/json" \
-d '{"needs_human": true, "intervention_note": "reason"}'
```
---
## Session Protocol
**Start:**
1. `cat .custodian-brief.md` — domain goal and open workstreams (offline-safe)
2. Check inbox: `GET /messages/?to_agent=binect-js&unread_only=true`; mark read
3. Scan workplans: `ls workplans/` — note `status: ready`, `active`, or `blocked` files and open tasks
4. Check human-needed tasks: `GET /tasks/?needs_human=true`
**During work:**
- Update task statuses in workplan files as tasks progress
- Record significant decisions via `POST /decisions/`
**Close:**
1. Update workplan file task statuses to reflect progress
2. Log: `POST /progress/` with a summary of what changed
3. Note for the custodian operator: after workplan file changes, run from
`~/state-hub`:
```bash
make fix-consistency REPO=binect-js
```
This syncs task status from files into the hub DB.
---
## Credential and access routing
**Audience:** Codex, Claude Code, Grok, and custodian agents that call **llm-connect**
for inference. Run this check **before** requesting secrets, API keys, SSH access,
login tokens, or database passwords — in any repo, not only `ops-warden`.
ops-warden **issues SSH certificates only** (`warden sign`, `cert_command`). Every
other credential need belongs to another subsystem. **Do not** message
`ops-warden` on State Hub expecting a secret value; the reply is a pointer, not a key.
### Lookup (do this first)
```bash
warden route find "<describe your need>" --json
warden route show <catalog-id> --json
```
Requires the `warden` CLI from `~/ops-warden` (`uv tool install .` or `uv run warden`).
| Agent runtime | How to orient |
| --- | --- |
| **Codex / Grok** (shell, HTTP State Hub) | `warden route` commands above; inbox `to_agent=binect-js` is for coordination, not secret vending |
| **Claude Code** (MCP when available) | `get_domain_summary("custodian")` for workstreams; **still** use `warden route` for credential ownership |
| **llm-connect** (inference service) | Never put secret retrieval in prompts; route custody to OpenBao/operator paths surfaced by `warden route` |
### Quick routing table
| I need… | Owner | ops-warden executes? |
| --- | --- | --- |
| SSH cert (`adm`/`agt`/`atm`) | ops-warden | **Yes** — `warden sign` |
| API key, DB password, provider token | OpenBao (`railiance-platform`) | No — route only |
| Login / OIDC / MFA | key-cape / Keycloak | No — route only |
| Authorization decision | flex-auth | No — route only |
| activity-core → issue-core emission | activity-core + issue-core | No — `warden route show activity-core-issue-sink` |
| SSH tunnel | ops-bridge (+ `cert_command` from warden) | No — route only |
### Anti-patterns (do not do these)
- `POST /messages/` to `ops-warden` asking for `ISSUE_CORE_API_KEY`, `OPENROUTER_API_KEY`, etc.
- Inventing `warden secret`, `warden login`, `warden bao`, `warden tunnel` — they do not exist
- Pasting secrets into Git, State Hub, workplans, logs, or chat
### Other capabilities (reuse-surface)
Non-credential capabilities are usually discovered through **reuse-surface** federation
(`reuse-surface` registry / `capability.*` indexes). Credential routing is inlined in
every repo's agent instructions because it is high-frequency, high-risk, and easy to
get wrong.
**Canon:** `~/ops-warden/wiki/CredentialRouting.md` · catalog `~/ops-warden/registry/routing/catalog.yaml`
<!-- REPO-AGENTS-EXTENSIONS -->
<!-- Append repo-specific agent instructions below this marker.
The state-hub template sync preserves content after this line. -->
---
## Workplan Convention (ADR-001)
Work items originate as files in this repo — not in the hub. The hub is a
read/cache/index layer that rebuilds from files.
**File location:** `workplans/BINECT-WP-NNNN-<slug>.md`
**Archived location:** finished workplans may move to
`workplans/archived/YYMMDD-BINECT-WP-NNNN-<slug>.md`. The `YYMMDD` prefix is
the completion/archive date; the frontmatter `id` does not change.
**Ad Hoc Tasks:** small opportunistic fixes discovered during a session use
`workplans/ADHOC-YYYY-MM-DD.md` with task ids `ADHOC-YYYY-MM-DD-T01`, etc. Use
this only for low-risk work completed directly; create a normal workplan for
anything needing analysis, design, approval, dependencies, or multiple phases.
**Frontmatter:**
```yaml
---
id: BINECT-WP-NNNN
type: workplan
title: "..."
domain: communication
repo: binect-js
status: proposed | ready | active | blocked | backlog | finished | archived
owner: codex
topic_slug: ...
created: "YYYY-MM-DD"
updated: "YYYY-MM-DD"
state_hub_workstream_id: "<uuid>" # written by fix-consistency — do not edit
---
```
Use `proposed` for a new draft, `ready` after review against current repo
state, and `finished` after implementation. `stalled` and `needs_review` are
derived health labels, not frontmatter statuses.
**Task block format** (one per `##` section):
```
## Task Title
` ` `task
id: BINECT-WP-NNNN-T01
status: wait | todo | progress | done | cancel
priority: high | medium | low
state_hub_task_id: "<uuid>" # written by fix-consistency — do not edit
` ` `
Task description text.
```
Status progression: `todo` → `progress` → `done`; use `wait` for waiting/blocked work and `cancel` for stopped work.
To create a new workplan:
1. Write the file following the format above
2. Notify the custodian operator to run `make fix-consistency REPO=binect-js`
(or send a message to the hub agent via `POST /messages/`)