yana-rt 0.42.3

Yana AI Runtime — safety CLI for AI agents: scan, graph, vault, hunt, ci, map, fix, doctor
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71

# Yana AI GitHub App

1-click Yana AI safety setup for any GitHub repo.

## What it does

When installed on a repo, automatically opens a PR with:
- `CLAUDE.md` — core rules for Claude Code
- `.claude/settings.json` — PreToolUse / PostToolUse hooks
- `.claude/hooks/guard-destructive.sh` — blocks rm -rf, force-push, DROP TABLE
- `.claude/hooks/audit-log.sh` — logs all AI tool calls
- `.claude/rules/golden-principles.md` — 6 core coding principles

## Setup

### 1. Register GitHub App

Go to: github.com/settings/apps/new

```
Name:              Yana AI
Homepage URL:      https://github.com/yanacuti1121/yana-ai
Webhook URL:       https://yana-github-app.<your-subdomain>.workers.dev/webhook
Webhook secret:    <generate a random secret>

Permissions:
  Contents:        Read & Write   (to create files)
  Pull requests:   Read & Write   (to open PR)
  Metadata:        Read

Subscribe to events:
  ✓ Installation
  ✓ Installation repositories
```

After creating: note the **App ID** and generate + download a **Private Key**.

### 2. Deploy to Cloudflare Workers

```bash
cd github-app
npm install
npx wrangler login

# Set secrets
npx wrangler secret put GITHUB_WEBHOOK_SECRET
npx wrangler secret put GITHUB_APP_PRIVATE_KEY   # paste base64-encoded PEM
npx wrangler secret put APP_ID                   # numeric App ID

npm run deploy
```

### 3. Encode private key

```bash
base64 -w 0 private-key.pem
# paste output when prompted for GITHUB_APP_PRIVATE_KEY
```

### 4. Update webhook URL

After deploy, Wrangler gives you the Worker URL.
Update it in your GitHub App settings.

## Local dev

```bash
npm run dev
# exposes localhost:8787
# use ngrok or cloudflared tunnel to test webhooks
```