feat(forge): forge library layer for native integration (PRD chunks 1-3, 5)
Implements the bot-bottle side of the forge-native PRD that is self-contained in this repo (the forge sidecar and orchestrate command belong to the separate bot-bottle-orchestrator, a PRD non-goal): - contrib/forge/base.py: Forge ABC + ScopedForge enforcing the read-anywhere / write-scoped model (writes rejected outside the assigned issue/PRs via ForgeScopeError). - contrib/gitea/client.py: GiteaClient (stdlib-only HTTP, mirrors the deploy-key provisioner) + GiteaForge. Token held by the caller (the sidecar), not injected by cred-proxy. - contrib/gitea/forge_state.py: ForgeState dataclass + atomic read/write/delete/all under ~/.bot-bottle/forge/<owner>/<repo>/. - contrib/gitea/provenance.py: build_provenance_footer — collapsed markdown audit footer; watchdog/gitleaks/egress rendering. - cli/resume.py: `resume --headless --prompt` reusing the shipped assume_yes + headless_prompt launch core (the new half of chunk 1). 47 new unit tests; pylint 9.98/10, pyright clean. Forge sidecar (chunk 4), orchestrate command (chunk 6), and forge_env plumbing are deferred: their only consumer is the separate orchestrator and they are untestable in isolation here. Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com> Claude-Session: https://claude.ai/code/session_01WL77TgFxKbs3cidGMG9dz7
This commit is contained in:
@@ -0,0 +1,74 @@
|
||||
"""Unit: `cli.py resume --headless` non-interactive rehydrate path.
|
||||
|
||||
The freeze / rehydrate loop needs a non-interactive `resume`: deliver a
|
||||
follow-up prompt and skip the y/N preflight, reusing the same launch
|
||||
core (`assume_yes` + `headless_prompt_text`) as `start --headless`.
|
||||
"""
|
||||
|
||||
from __future__ import annotations
|
||||
|
||||
import unittest
|
||||
from unittest.mock import MagicMock, patch
|
||||
|
||||
import bot_bottle.cli.resume as resume_mod
|
||||
from bot_bottle.log import Die
|
||||
|
||||
|
||||
def _metadata():
|
||||
md = MagicMock()
|
||||
md.agent_name = "implementer"
|
||||
md.copy_cwd = False
|
||||
md.cwd = "/repo"
|
||||
md.identity = "implementer-abc12"
|
||||
md.bottle_names = ["claude"]
|
||||
md.backend = "docker"
|
||||
return md
|
||||
|
||||
|
||||
class ResumeHeadlessTest(unittest.TestCase):
|
||||
def setUp(self) -> None:
|
||||
self._launch = patch.object(
|
||||
resume_mod, "_launch_bottle", return_value=0
|
||||
).start()
|
||||
patch.object(
|
||||
resume_mod, "read_metadata", return_value=_metadata()
|
||||
).start()
|
||||
manifest = MagicMock()
|
||||
manifest.require_agent = MagicMock(return_value=None)
|
||||
patch.object(
|
||||
resume_mod.ManifestIndex, "resolve", return_value=manifest
|
||||
).start()
|
||||
self.addCleanup(patch.stopall)
|
||||
|
||||
def _launch_kwargs(self) -> dict:
|
||||
self._launch.assert_called_once()
|
||||
return self._launch.call_args.kwargs
|
||||
|
||||
def test_headless_passes_assume_yes_and_prompt(self):
|
||||
rc = resume_mod.cmd_resume(
|
||||
["implementer-abc12", "--headless", "--prompt", "Address the review"]
|
||||
)
|
||||
self.assertEqual(0, rc)
|
||||
kwargs = self._launch_kwargs()
|
||||
self.assertTrue(kwargs["assume_yes"])
|
||||
self.assertEqual("Address the review", kwargs["headless_prompt_text"])
|
||||
|
||||
def test_interactive_resume_unchanged(self):
|
||||
resume_mod.cmd_resume(["implementer-abc12"])
|
||||
kwargs = self._launch_kwargs()
|
||||
self.assertFalse(kwargs["assume_yes"])
|
||||
self.assertEqual("", kwargs["headless_prompt_text"])
|
||||
|
||||
def test_headless_without_prompt_errors(self):
|
||||
with self.assertRaises(Die):
|
||||
resume_mod.cmd_resume(["implementer-abc12", "--headless"])
|
||||
self._launch.assert_not_called()
|
||||
|
||||
def test_prompt_without_headless_errors(self):
|
||||
with self.assertRaises(Die):
|
||||
resume_mod.cmd_resume(["implementer-abc12", "--prompt", "hi"])
|
||||
self._launch.assert_not_called()
|
||||
|
||||
|
||||
if __name__ == "__main__":
|
||||
unittest.main()
|
||||
@@ -0,0 +1,95 @@
|
||||
"""Unit: Forge abstraction + ScopedForge (PRD forge-native-integration)."""
|
||||
|
||||
from __future__ import annotations
|
||||
|
||||
import unittest
|
||||
|
||||
from bot_bottle.contrib.forge.base import (
|
||||
Comment,
|
||||
Forge,
|
||||
ForgeScopeError,
|
||||
Issue,
|
||||
ScopedForge,
|
||||
)
|
||||
|
||||
|
||||
class _RecordingForge(Forge):
|
||||
"""In-memory fake that records writes."""
|
||||
|
||||
def __init__(self) -> None:
|
||||
self.comments: list[tuple[int, str]] = []
|
||||
self.descriptions: list[tuple[int, str]] = []
|
||||
|
||||
def read_issue(self, number: int) -> Issue:
|
||||
return Issue(number=number, title="t", body="b", state="open")
|
||||
|
||||
def read_comments(self, number: int) -> list[Comment]:
|
||||
return [Comment(id=1, user="alice", body="hi")]
|
||||
|
||||
def post_comment(self, number: int, body: str) -> None:
|
||||
self.comments.append((number, body))
|
||||
|
||||
def update_description(self, number: int, body: str) -> None:
|
||||
self.descriptions.append((number, body))
|
||||
|
||||
def is_org_member(self, org: str, username: str) -> bool:
|
||||
return username == "member"
|
||||
|
||||
def get_pr_for_issue(self, number: int) -> int | None:
|
||||
return 99 if number == 17 else None
|
||||
|
||||
def is_pr_open(self, number: int) -> bool:
|
||||
return True
|
||||
|
||||
|
||||
class TestScopedForgeReads(unittest.TestCase):
|
||||
def setUp(self) -> None:
|
||||
self.inner = _RecordingForge()
|
||||
self.scoped = ScopedForge(self.inner, assigned_issue=17, assigned_prs=[42])
|
||||
|
||||
def test_reads_pass_through_to_any_number(self):
|
||||
# A number well outside the writable scope still reads fine.
|
||||
self.assertEqual(123, self.scoped.read_issue(123).number)
|
||||
self.assertEqual("alice", self.scoped.read_comments(500)[0].user)
|
||||
|
||||
def test_membership_and_pr_lookups_delegate(self):
|
||||
self.assertTrue(self.scoped.is_org_member("bot-bottle", "member"))
|
||||
self.assertFalse(self.scoped.is_org_member("bot-bottle", "stranger"))
|
||||
self.assertEqual(99, self.scoped.get_pr_for_issue(17))
|
||||
self.assertTrue(self.scoped.is_pr_open(8000))
|
||||
|
||||
|
||||
class TestScopedForgeWrites(unittest.TestCase):
|
||||
def setUp(self) -> None:
|
||||
self.inner = _RecordingForge()
|
||||
self.scoped = ScopedForge(self.inner, assigned_issue=17, assigned_prs=[42])
|
||||
|
||||
def test_writable_set_is_issue_plus_prs(self):
|
||||
self.assertEqual(frozenset({17, 42}), self.scoped.writable)
|
||||
|
||||
def test_write_to_assigned_issue_allowed(self):
|
||||
self.scoped.post_comment(17, "done")
|
||||
self.assertEqual([(17, "done")], self.inner.comments)
|
||||
|
||||
def test_write_to_assigned_pr_allowed(self):
|
||||
self.scoped.update_description(42, "new body")
|
||||
self.assertEqual([(42, "new body")], self.inner.descriptions)
|
||||
|
||||
def test_comment_outside_scope_rejected(self):
|
||||
with self.assertRaises(ForgeScopeError) as ctx:
|
||||
self.scoped.post_comment(500, "spam")
|
||||
self.assertIn("500", str(ctx.exception))
|
||||
self.assertEqual([], self.inner.comments)
|
||||
|
||||
def test_description_outside_scope_rejected(self):
|
||||
with self.assertRaises(ForgeScopeError):
|
||||
self.scoped.update_description(500, "tamper")
|
||||
self.assertEqual([], self.inner.descriptions)
|
||||
|
||||
def test_scope_error_is_permission_error(self):
|
||||
# Sidecars can catch the stdlib base type.
|
||||
self.assertTrue(issubclass(ForgeScopeError, PermissionError))
|
||||
|
||||
|
||||
if __name__ == "__main__":
|
||||
unittest.main()
|
||||
@@ -0,0 +1,131 @@
|
||||
"""Unit: GiteaClient + GiteaForge (PRD forge-native-integration)."""
|
||||
|
||||
from __future__ import annotations
|
||||
|
||||
import json
|
||||
import unittest
|
||||
import urllib.error
|
||||
from io import BytesIO
|
||||
from unittest.mock import MagicMock, patch
|
||||
|
||||
from bot_bottle.contrib.gitea.client import GiteaClient, GiteaForge
|
||||
|
||||
|
||||
def _client() -> GiteaClient:
|
||||
return GiteaClient(
|
||||
api_url="https://gitea.example.com/api/v1",
|
||||
owner="didericis",
|
||||
repo="bot-bottle",
|
||||
token="test-token",
|
||||
)
|
||||
|
||||
|
||||
def _resp(body, status: int = 200) -> MagicMock:
|
||||
resp = MagicMock()
|
||||
resp.read.return_value = json.dumps(body).encode() if body is not None else b""
|
||||
resp.status = status
|
||||
resp.__enter__ = lambda s: s
|
||||
resp.__exit__ = MagicMock(return_value=False)
|
||||
return resp
|
||||
|
||||
|
||||
def _http_error(code: int, body: str = "") -> urllib.error.HTTPError:
|
||||
return urllib.error.HTTPError(
|
||||
url="http://x", code=code, msg="err", hdrs=None, # type: ignore[arg-type]
|
||||
fp=BytesIO(body.encode()),
|
||||
)
|
||||
|
||||
|
||||
_URLOPEN = "bot_bottle.contrib.gitea.client.urllib.request.urlopen"
|
||||
|
||||
|
||||
class TestOrgMembership(unittest.TestCase):
|
||||
def test_member_returns_true_on_2xx(self):
|
||||
with patch(_URLOPEN, return_value=_resp(None, 204)) as m:
|
||||
self.assertTrue(_client().is_org_member("bot-bottle", "alice"))
|
||||
req = m.call_args.args[0]
|
||||
self.assertIn("/orgs/bot-bottle/members/alice", req.full_url)
|
||||
|
||||
def test_nonmember_returns_false_on_404(self):
|
||||
with patch(_URLOPEN, side_effect=_http_error(404)):
|
||||
self.assertFalse(_client().is_org_member("bot-bottle", "stranger"))
|
||||
|
||||
def test_other_http_error_raises(self):
|
||||
with patch(_URLOPEN, side_effect=_http_error(403, "forbidden")):
|
||||
with self.assertRaises(RuntimeError) as ctx:
|
||||
_client().is_org_member("bot-bottle", "alice")
|
||||
self.assertIn("403", str(ctx.exception))
|
||||
|
||||
|
||||
class TestForgeReads(unittest.TestCase):
|
||||
def test_read_issue_maps_fields(self):
|
||||
raw = {"number": 17, "title": "Bug", "body": "broken", "state": "open"}
|
||||
with patch(_URLOPEN, return_value=_resp(raw)) as m:
|
||||
issue = GiteaForge(_client()).read_issue(17)
|
||||
self.assertEqual((17, "Bug", "broken", "open"),
|
||||
(issue.number, issue.title, issue.body, issue.state))
|
||||
self.assertIn("/repos/didericis/bot-bottle/issues/17",
|
||||
m.call_args.args[0].full_url)
|
||||
|
||||
def test_read_issue_tolerates_null_body(self):
|
||||
raw = {"number": 17, "title": "T", "body": None, "state": "open"}
|
||||
with patch(_URLOPEN, return_value=_resp(raw)):
|
||||
self.assertEqual("", GiteaForge(_client()).read_issue(17).body)
|
||||
|
||||
def test_read_comments_maps_user_login(self):
|
||||
raw = [
|
||||
{"id": 1, "user": {"login": "alice"}, "body": "hi"},
|
||||
{"id": 2, "user": {"login": "bob"}, "body": "yo"},
|
||||
]
|
||||
with patch(_URLOPEN, return_value=_resp(raw)):
|
||||
comments = GiteaForge(_client()).read_comments(17)
|
||||
self.assertEqual(["alice", "bob"], [c.user for c in comments])
|
||||
self.assertEqual([1, 2], [c.id for c in comments])
|
||||
|
||||
|
||||
class TestForgeWrites(unittest.TestCase):
|
||||
def test_post_comment_payload_and_url(self):
|
||||
with patch(_URLOPEN, return_value=_resp(None, 201)) as m:
|
||||
GiteaForge(_client()).post_comment(17, "done ✓")
|
||||
req = m.call_args.args[0]
|
||||
self.assertEqual("POST", req.method)
|
||||
self.assertIn("/repos/didericis/bot-bottle/issues/17/comments", req.full_url)
|
||||
self.assertEqual("done ✓", json.loads(req.data)["body"])
|
||||
|
||||
def test_update_description_patches_issue(self):
|
||||
with patch(_URLOPEN, return_value=_resp(None, 200)) as m:
|
||||
GiteaForge(_client()).update_description(17, "edited")
|
||||
req = m.call_args.args[0]
|
||||
self.assertEqual("PATCH", req.method)
|
||||
self.assertTrue(req.full_url.endswith("/issues/17"))
|
||||
self.assertEqual("edited", json.loads(req.data)["body"])
|
||||
|
||||
def test_auth_header_sent(self):
|
||||
with patch(_URLOPEN, return_value=_resp(None, 201)) as m:
|
||||
GiteaForge(_client()).post_comment(17, "x")
|
||||
self.assertEqual("token test-token",
|
||||
m.call_args.args[0].headers["Authorization"])
|
||||
|
||||
|
||||
class TestPRHelpers(unittest.TestCase):
|
||||
def test_get_pr_for_issue_returns_number_when_issue_is_pr(self):
|
||||
raw = {"number": 18, "pull_request": {"merged": False}}
|
||||
with patch(_URLOPEN, return_value=_resp(raw)):
|
||||
self.assertEqual(18, GiteaForge(_client()).get_pr_for_issue(18))
|
||||
|
||||
def test_get_pr_for_issue_none_for_plain_issue(self):
|
||||
raw = {"number": 17, "pull_request": None}
|
||||
with patch(_URLOPEN, return_value=_resp(raw)):
|
||||
self.assertIsNone(GiteaForge(_client()).get_pr_for_issue(17))
|
||||
|
||||
def test_is_pr_open_true_when_state_open(self):
|
||||
with patch(_URLOPEN, return_value=_resp({"state": "open"})):
|
||||
self.assertTrue(GiteaForge(_client()).is_pr_open(18))
|
||||
|
||||
def test_is_pr_open_false_when_closed(self):
|
||||
with patch(_URLOPEN, return_value=_resp({"state": "closed"})):
|
||||
self.assertFalse(GiteaForge(_client()).is_pr_open(18))
|
||||
|
||||
|
||||
if __name__ == "__main__":
|
||||
unittest.main()
|
||||
@@ -0,0 +1,103 @@
|
||||
"""Unit: forge state persistence (PRD forge-native-integration)."""
|
||||
|
||||
from __future__ import annotations
|
||||
|
||||
import tempfile
|
||||
import unittest
|
||||
from pathlib import Path
|
||||
from unittest.mock import patch
|
||||
|
||||
from bot_bottle.contrib.gitea import forge_state as fs
|
||||
from bot_bottle.contrib.gitea.forge_state import (
|
||||
STATUS_FROZEN,
|
||||
STATUS_RUNNING,
|
||||
ForgeState,
|
||||
)
|
||||
|
||||
|
||||
def _state(**over) -> ForgeState:
|
||||
base = {
|
||||
"owner": "didericis",
|
||||
"repo": "bot-bottle",
|
||||
"issue_number": 17,
|
||||
"slug": "implementer-abc12",
|
||||
"agent_name": "implementer",
|
||||
"bottle_names": ["claude"],
|
||||
"backend_name": "docker",
|
||||
"agent_git_user": "didericis-claude",
|
||||
"pr_number": 42,
|
||||
"status": STATUS_FROZEN,
|
||||
"last_checkin_at": "2026-06-29T12:04:12-04:00",
|
||||
}
|
||||
base.update(over)
|
||||
return ForgeState(**base)
|
||||
|
||||
|
||||
class ForgeStateTest(unittest.TestCase):
|
||||
def setUp(self) -> None:
|
||||
# enterContext handles cleanup; pylint doesn't recognize it as CM-aware.
|
||||
root = Path(self.enterContext( # pylint: disable=consider-using-with
|
||||
tempfile.TemporaryDirectory()))
|
||||
patcher = patch.object(fs, "bot_bottle_root", return_value=root)
|
||||
patcher.start()
|
||||
self.addCleanup(patcher.stop)
|
||||
|
||||
def test_round_trip(self):
|
||||
fs.write_forge_state(_state())
|
||||
got = fs.read_forge_state("didericis", "bot-bottle", 17)
|
||||
self.assertEqual(_state(), got)
|
||||
|
||||
def test_missing_returns_none(self):
|
||||
self.assertIsNone(fs.read_forge_state("nobody", "nope", 1))
|
||||
|
||||
def test_path_layout(self):
|
||||
path = fs.forge_state_path("didericis", "bot-bottle", 17)
|
||||
self.assertTrue(str(path).endswith("forge/didericis/bot-bottle/issue-17.json"))
|
||||
|
||||
def test_write_is_atomic_no_tmp_left(self):
|
||||
fs.write_forge_state(_state())
|
||||
path = fs.forge_state_path("didericis", "bot-bottle", 17)
|
||||
self.assertFalse(path.with_suffix(".json.tmp").exists())
|
||||
self.assertTrue(path.exists())
|
||||
|
||||
def test_update_overwrites(self):
|
||||
fs.write_forge_state(_state(status=STATUS_RUNNING))
|
||||
fs.write_forge_state(_state(status=STATUS_FROZEN))
|
||||
got = fs.read_forge_state("didericis", "bot-bottle", 17)
|
||||
assert got is not None
|
||||
self.assertEqual(STATUS_FROZEN, got.status)
|
||||
|
||||
def test_delete_is_idempotent(self):
|
||||
fs.write_forge_state(_state())
|
||||
fs.delete_forge_state("didericis", "bot-bottle", 17)
|
||||
fs.delete_forge_state("didericis", "bot-bottle", 17) # no raise
|
||||
self.assertIsNone(fs.read_forge_state("didericis", "bot-bottle", 17))
|
||||
|
||||
def test_all_forge_states_lists_across_repos(self):
|
||||
fs.write_forge_state(_state(issue_number=17))
|
||||
fs.write_forge_state(_state(issue_number=18, slug="other"))
|
||||
fs.write_forge_state(_state(owner="acme", repo="widget", issue_number=3))
|
||||
states = fs.all_forge_states()
|
||||
self.assertEqual(3, len(states))
|
||||
self.assertEqual({17, 18, 3}, {s.issue_number for s in states})
|
||||
|
||||
def test_all_forge_states_empty_when_no_dir(self):
|
||||
self.assertEqual([], fs.all_forge_states())
|
||||
|
||||
def test_from_dict_ignores_unknown_keys(self):
|
||||
st = ForgeState.from_dict({
|
||||
"owner": "o", "repo": "r", "issue_number": 1, "slug": "s",
|
||||
"agent_name": "a", "future_field": "ignored",
|
||||
})
|
||||
self.assertEqual("o", st.owner)
|
||||
self.assertIsNone(st.pr_number)
|
||||
|
||||
def test_pr_number_optional(self):
|
||||
fs.write_forge_state(_state(pr_number=None))
|
||||
got = fs.read_forge_state("didericis", "bot-bottle", 17)
|
||||
assert got is not None
|
||||
self.assertIsNone(got.pr_number)
|
||||
|
||||
|
||||
if __name__ == "__main__":
|
||||
unittest.main()
|
||||
@@ -0,0 +1,81 @@
|
||||
"""Unit: provenance footer (PRD forge-native-integration)."""
|
||||
|
||||
from __future__ import annotations
|
||||
|
||||
import unittest
|
||||
|
||||
from bot_bottle.contrib.gitea.provenance import build_provenance_footer
|
||||
|
||||
|
||||
def _footer(slug: str = "implementer-abc12", **over) -> str:
|
||||
base = {
|
||||
"agent_name": "implementer",
|
||||
"bottle_names": ("claude",),
|
||||
"started_at": "2026-06-29T12:00:00-04:00",
|
||||
"finished_at": "2026-06-29T12:04:12-04:00",
|
||||
"exit_code": 0,
|
||||
}
|
||||
base.update(over)
|
||||
return build_provenance_footer(slug, **base)
|
||||
|
||||
|
||||
class ProvenanceTest(unittest.TestCase):
|
||||
def test_required_fields_present(self):
|
||||
out = _footer()
|
||||
for token in ("Run provenance", "`implementer`", "`claude`",
|
||||
"`implementer-abc12`", "| exit | 0 ✓ |"):
|
||||
self.assertIn(token, out)
|
||||
|
||||
def test_collapsed_details_block(self):
|
||||
out = _footer()
|
||||
self.assertTrue(out.startswith("<details>"))
|
||||
self.assertIn("</details>", out)
|
||||
|
||||
def test_duration_minutes_seconds(self):
|
||||
self.assertIn("| duration | 4m 12s |", _footer())
|
||||
|
||||
def test_duration_under_a_minute(self):
|
||||
out = _footer(finished_at="2026-06-29T12:00:30-04:00")
|
||||
self.assertIn("| duration | 30s |", out)
|
||||
|
||||
def test_duration_unknown_on_bad_timestamp(self):
|
||||
out = _footer(finished_at="not-a-time")
|
||||
self.assertIn("| duration | unknown |", out)
|
||||
|
||||
def test_nonzero_exit_marked(self):
|
||||
self.assertIn("| exit | 1 ✗ |", _footer(exit_code=1))
|
||||
|
||||
def test_watchdog_changes_done_signal_row(self):
|
||||
normal = _footer()
|
||||
self.assertIn("sidecar `signal_done`", normal)
|
||||
fired = _footer(watchdog_fired=True)
|
||||
self.assertIn("watchdog — agent did not signal", fired)
|
||||
self.assertNotIn("sidecar `signal_done`", fired)
|
||||
|
||||
def test_gitleaks_states(self):
|
||||
self.assertIn("not run", _footer())
|
||||
self.assertIn("✓ no secrets detected", _footer(gitleaks_clean=True))
|
||||
self.assertIn("✗ secrets detected", _footer(gitleaks_clean=False))
|
||||
|
||||
def test_egress_omitted_when_absent(self):
|
||||
self.assertNotIn("**Egress**", _footer())
|
||||
|
||||
def test_egress_rendered_when_present(self):
|
||||
out = _footer(egress_routes=[
|
||||
"`api.anthropic.com` — Bearer auth",
|
||||
"`pypi.org` — unauthenticated",
|
||||
])
|
||||
self.assertIn("**Egress** (deny-by-default; 2 routes allowed)", out)
|
||||
self.assertIn("- `api.anthropic.com` — Bearer auth", out)
|
||||
|
||||
def test_egress_singular_route(self):
|
||||
out = _footer(egress_routes=["`api.anthropic.com` — Bearer auth"])
|
||||
self.assertIn("1 route allowed", out)
|
||||
|
||||
def test_multiple_bottles_listed(self):
|
||||
out = _footer(bottle_names=("claude", "dev"))
|
||||
self.assertIn("`claude`, `dev`", out)
|
||||
|
||||
|
||||
if __name__ == "__main__":
|
||||
unittest.main()
|
||||
Reference in New Issue
Block a user