feat(cli): af install/run for agent nodes — encrypted secrets, env prompting, node-to-node deps

[AbirAbbas]

Summary

The af install / af run agent-node scaffolding has existed since the very first commit but was effectively unusable for real nodes: it required a top-level main.py (real nodes start via python -m pkg.app), hardcoded python main.py at launch, exported AGENTFIELD_SERVER_URL while the SDK reads AGENTFIELD_SERVER, and stored secrets as plaintext .env. This PR makes the flow actually work end-to-end and adds the pieces needed for day-to-day use.

What's new

• Real-node install/run. A node is now defined by its agentfield-package.yaml manifest with an entrypoint.start (e.g. python -m pr_af.app) — no main.py required. The runner launches via the manifest entrypoint, honors the manifest healthcheck path, and exports AGENTFIELD_SERVER (+ legacy AGENTFIELD_SERVER_URL).
• Encrypted secret store. Secrets live encrypted at rest (AES-256-GCM) under ~/.agentfield/secrets/ with a random 32-byte key in ~/.agentfield/keyring/master.key (0600). They are decrypted only into the child process' environment at start time — never written back to disk in plaintext. Global scope is shared across nodes; node scope overrides it.
• Env prompting. On af run, required variables resolve in order: process env → node store → global store → manifest default → prompt (hidden for type: secret), persisting prompted secrets encrypted. Missing required vars in a non-interactive session produce a clean error instead of hanging.
• af secrets command. set / ls (values masked) / rm, with --node scoping.
• Node-to-node dependencies. A manifest may declare dependencies.nodes (e.g. af://registry/swe-planner → github.com/Agent-Field/<name>, or a git URL). af install pulls them in recursively (skipping already-installed, which breaks cycles); af run starts a node's dependencies first, in order, before allocating its own port — and leaves already-running dependencies untouched.

Notable fixes uncovered while verifying locally

• The CLI's install/run path runs through internal/core/services, a duplicate of the internal/packages logic — fixes are now applied there (the two layers share one ValidatePackage / ParsePackageMetadata / ShouldSkipCopy).
• Dependencies were started after the parent allocated its port, causing a port collision; dependency startup now happens before port allocation.

Verification

Verified end-to-end against a live local control plane with two no-LLM nodes built on the real SDK:

• af install an entrypoint-only node (no main.py) → registers → af call node.reasoner returns a real result.
• A missing required secret errors cleanly; after af secrets set, af run injects AGENTFIELD_SERVER + the stored secret + manifest defaults into the process (confirmed via the node's own env dump; no plaintext on disk, files 0600).
• Multi-agent: af run greeter-node auto-starts its dependency echo-node first (distinct ports), both register and execute; an already-running dependency is not restarted.

Docs

• docs/installing-agent-nodes.md — full guide to install/run, the manifest schema, the encrypted secrets model, and af secrets.
• cli-toolkit.md reference updated (+ embedded skill copy synced).

Test plan

• go build ./... clean
• full go test ./... for control-plane green (47 packages)
• new unit tests for the secret store, env resolver, manifest validation, and node-dependency resolution / ordered-start helpers
• manual end-to-end (single node + multi-agent auto-start) against a live control plane

Follow-ups (not in this PR)

• Author agentfield-package.yaml manifests in the public node repos (SWE-AF, pr-af, sec-af, cloudsecurity-af, af-template).
• af dev (a third copy of the launch logic) still hardcodes main.py; collapsing the duplicated install/run implementations into one is a good follow-up.

🤖 Generated with Claude Code

[github-actions]

📊 Coverage gate

Thresholds from .coverage-gate.toml: per-surface ≥ 84%, aggregate ≥ 85%, max per-surface regression ≤ 1.0 pp, max aggregate regression ≤ 0.50 pp.

Surface	Current	Baseline	Δ
control-plane	86.70%	87.40%	↓ -0.70 pp	🟡
sdk-go	91.80%	92.00%	↓ -0.20 pp	🟢
sdk-python	93.87%	93.73%	↑ +0.14 pp	🟢
sdk-typescript	90.09%	90.42%	↓ -0.33 pp	🟢
web-ui	84.83%	84.79%	↑ +0.04 pp	🟡
aggregate	85.52%	85.75%	↓ -0.23 pp	🟡

✅ Gate passed

No surface regressed past the allowed threshold and the aggregate stayed above the floor.

[github-actions]

📐 Patch coverage gate

Threshold: 80% on lines this PR touches vs origin/main (from .coverage-gate.toml:thresholds.min_patch).

Surface	Touched lines	Patch coverage	Status
control-plane	720	67.00%	❌
sdk-go	0	—	➖ no changes
sdk-python	0	—	➖ no changes
sdk-typescript	0	—	➖ no changes
web-ui	0	—	➖ no changes

❌ Patch gate failed

control-plane — 67.00% on 720 touched lines (231 uncovered):

File	Patch coverage	Missing lines
control-plane/internal/cli/secrets.go	37.6%	34, 35, 36, 45, 46, 47, 48, 49, 50, 51 …(+63 more)
control-plane/internal/packages/env_resolver.go	54.6%	53, 64, 65, 73, 74, 76, 77, 78, 80, 81 …(+34 more)
control-plane/internal/core/services/package_service.go	71.4%	73, 74, 87, 88, 92, 96, 103, 104, 105, 106 …(+8 more)
control-plane/internal/packages/secrets.go	73.4%	61, 62, 65, 66, 70, 71, 74, 75, 78, 79 …(+31 more)
control-plane/internal/packages/runner.go	76.0%	78, 79, 150, 151, 153, 203, 207, 208, 214, 215 …(+13 more)

How to fix

1. For each file listed above, add tests that exercise the missing line numbers in this same PR.
2. Re-run locally: ./scripts/coverage-summary.sh && ./scripts/patch-coverage-gate.sh.
3. Do not lower min_patch in .coverage-gate.toml to silence this — the floor is the contract.

[santoshkumarradha]

@AbirAbbas before in, can you test it with our swe/pr-af etc.. ?