Compare commits
2 Commits
| Author | SHA1 | Date | |
|---|---|---|---|
| 1ec9a2f3ca | |||
| 6d6400a202 |
@@ -24,8 +24,19 @@ jobs:
|
||||
|
||||
- name: Run pylint
|
||||
run: |
|
||||
# Run pylint on all Python files in the repo
|
||||
find . -name '*.py' -not -path './.venv/*' -not -path './.git/*' | xargs pylint --fail-under=8.0
|
||||
# Pylint's normal exit code is nonzero for any emitted finding,
|
||||
# regardless of --fail-under. Preserve the full report but enforce
|
||||
# the aggregate score this workflow promises.
|
||||
set +e
|
||||
find . -name '*.py' -not -path './.venv/*' -not -path './.git/*' \
|
||||
| xargs pylint --fail-under=8.0 \
|
||||
| tee /tmp/pylint-output.txt
|
||||
set -e
|
||||
SCORE=$(sed -n \
|
||||
's/^Your code has been rated at \([-0-9.]*\)\/10.*/\1/p' \
|
||||
/tmp/pylint-output.txt | tail -1)
|
||||
test -n "$SCORE"
|
||||
awk -v score="$SCORE" 'BEGIN { exit !(score >= 8.0) }'
|
||||
|
||||
- name: Run pyright
|
||||
run: |
|
||||
|
||||
+16
-50
@@ -23,16 +23,9 @@ on:
|
||||
- main
|
||||
paths:
|
||||
- '**.py'
|
||||
- '.gitea/workflows/**.yml'
|
||||
- 'scripts/**'
|
||||
- 'README.md'
|
||||
pull_request:
|
||||
paths:
|
||||
- '**.py'
|
||||
- '.gitea/workflows/**.yml'
|
||||
- 'scripts/**'
|
||||
- 'README.md'
|
||||
workflow_dispatch:
|
||||
|
||||
jobs:
|
||||
unit:
|
||||
@@ -75,57 +68,30 @@ jobs:
|
||||
- name: Run integration tests
|
||||
run: python3 -m unittest discover -t . -s tests/integration -v
|
||||
|
||||
# Combined unit+integration coverage + the diff-coverage gate (the hard
|
||||
# gate: new/changed lines >= 90%). See docs/decisions/0004-coverage-policy.md.
|
||||
# Combined unit+integration coverage report (informational). See
|
||||
# docs/decisions/0004-coverage-policy.md.
|
||||
#
|
||||
# This runs on a self-hosted KVM runner (label `kvm`), NOT ubuntu-latest,
|
||||
# because the Firecracker backend's subprocess/VM orchestration
|
||||
# (launch/boot/SSH/isolation-probe) is covered by the integration suite,
|
||||
# and that suite needs `/dev/kvm` + the provisioned TAP/nft pool — which a
|
||||
# container-based runner doesn't have. On such a runner the firecracker
|
||||
# integration test skips and its ~230 orchestration lines read as
|
||||
# uncovered, so the gate can't pass there.
|
||||
#
|
||||
# Runner prerequisites (provision once on the host; see the README
|
||||
# "Firecracker on Linux" section): the `firecracker` binary on PATH,
|
||||
# `/dev/kvm` accessible to the runner user, Docker, the cached guest
|
||||
# kernel + static dropbear (BOT_BOTTLE_FC_KERNEL / BOT_BOTTLE_FC_DROPBEAR),
|
||||
# and the network pool installed as the persistent systemd unit
|
||||
# (`./cli.py backend setup --backend=firecracker`). The preflight step
|
||||
# below fails fast with instructions if anything is missing.
|
||||
#
|
||||
# Security: this job executes PR-controlled code on a privileged runner
|
||||
# (Docker, /dev/kvm, TAP/nft). It is restricted to push events (main
|
||||
# branch) and manual workflow_dispatch by maintainers — it does NOT run
|
||||
# on pull_request. Trusted PRs are validated by triggering workflow_dispatch
|
||||
# on the PR branch before merging.
|
||||
# The hard diff-coverage gate (changed lines >= 90%) is DEFERRED: the
|
||||
# Firecracker backend's VM/SSH orchestration is covered by the integration
|
||||
# suite, which needs /dev/kvm + the provisioned TAP/nft pool — a
|
||||
# container-based runner skips it and those lines read uncovered, so the
|
||||
# gate can't pass here. Re-enabling it on a self-hosted KVM runner is
|
||||
# tracked separately (see PRD 0069 / #348 and the ci-runner branch).
|
||||
coverage:
|
||||
runs-on: [self-hosted, kvm]
|
||||
if: github.event_name == 'push' || github.event_name == 'workflow_dispatch'
|
||||
runs-on: ubuntu-latest
|
||||
steps:
|
||||
- name: Checkout
|
||||
uses: actions/checkout@v4
|
||||
with:
|
||||
fetch-depth: 0
|
||||
|
||||
- name: Preflight — Firecracker host is ready
|
||||
run: |
|
||||
command -v firecracker >/dev/null || {
|
||||
echo "firecracker not on PATH — provision the runner (README: Firecracker on Linux)"; exit 1; }
|
||||
test -e /dev/kvm || { echo "/dev/kvm missing — KVM not available on this runner"; exit 1; }
|
||||
# `backend status` exits non-zero unless the TAP pool is up + no
|
||||
# range overlap; it prints the exact `backend setup` fix.
|
||||
python3 cli.py backend status --backend=firecracker
|
||||
|
||||
# No actions/setup-python: the runner image already ships Python 3.12,
|
||||
# and older act_runner engines mishandle setup-python's PATH (coverage
|
||||
# lands in one interpreter, `python3` resolves to another). Install
|
||||
# straight into the ephemeral job container's system Python —
|
||||
# --break-system-packages is safe because the container is disposable.
|
||||
- name: Install dev requirements
|
||||
run: python3 -m pip install --user -r requirements-dev.txt
|
||||
run: python3 -m pip install --break-system-packages -r requirements-dev.txt
|
||||
|
||||
- name: Combined coverage (unit + integration, incl. firecracker)
|
||||
env:
|
||||
BOT_BOTTLE_BACKEND: firecracker
|
||||
- name: Combined coverage report (unit + integration)
|
||||
run: PYTHON=python3 bash scripts/coverage.sh critical
|
||||
|
||||
- name: Diff-coverage gate (changed lines >= 90%)
|
||||
run: |
|
||||
git fetch --no-tags origin main:refs/remotes/origin/main
|
||||
python3 scripts/diff_coverage.py --base origin/main --min 90
|
||||
|
||||
@@ -0,0 +1,33 @@
|
||||
name: tracker-policy
|
||||
|
||||
on:
|
||||
issues:
|
||||
types: [opened, unlabeled]
|
||||
pull_request:
|
||||
types: [opened, edited, reopened, synchronized, labeled, unlabeled]
|
||||
|
||||
jobs:
|
||||
label-issue:
|
||||
if: ${{ github.event_name == 'issues' }}
|
||||
runs-on: ubuntu-latest
|
||||
permissions:
|
||||
issues: write
|
||||
steps:
|
||||
- uses: actions/checkout@v4
|
||||
- name: Ensure the issue has a label
|
||||
env:
|
||||
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
|
||||
run: python3 scripts/tracker_policy.py label-issue
|
||||
|
||||
check-pr:
|
||||
if: ${{ github.event_name == 'pull_request' }}
|
||||
runs-on: ubuntu-latest
|
||||
permissions:
|
||||
issues: read
|
||||
pull-requests: read
|
||||
steps:
|
||||
- uses: actions/checkout@v4
|
||||
- name: Require an unlabeled PR linked to an issue
|
||||
env:
|
||||
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
|
||||
run: python3 scripts/tracker_policy.py check-pr
|
||||
@@ -90,8 +90,6 @@ BOT_BOTTLE_BACKEND=firecracker ./cli.py start <agent>
|
||||
|
||||
> **NixOS:** enable `virtualisation.docker`, ensure the KVM module is loaded (`boot.kernelModules = [ "kvm-intel" ];` or `kvm-amd`), and add your user to the `kvm` and `docker` groups. For the network pool, consume the flake module — `imports = [ inputs.bot-bottle.nixosModules.firecracker-netpool ]; services.bot-bottle-firecracker = { enable = true; owner = "you"; };` — then `nixos-rebuild switch` (imperative nft/TAP rules don't survive a rebuild; channel users can `imports = [ <bot-bottle>/nix/firecracker-netpool.nix ]`). `firecracker` isn't in nixpkgs by default as a user binary — install the release binary (pin the version) and put it on `PATH`.
|
||||
|
||||
> **CI:** the coverage gate (`.gitea/workflows/test.yml` → `coverage` job) runs on a self-hosted runner labelled `kvm`, because the Firecracker backend's VM/SSH orchestration is exercised only by the integration suite, which needs `/dev/kvm` + the provisioned pool (a container runner would skip it and read as uncovered). Provision that runner exactly like a normal Firecracker host — `firecracker` on `PATH`, `/dev/kvm`, Docker, the cached guest kernel + static dropbear, and the pool installed as the persistent systemd unit — then register it with the `kvm` label. The unit/lint jobs still run on `ubuntu-latest`.
|
||||
|
||||
```sh
|
||||
./cli.py start <agent> # builds the image on first run, drops you into claude
|
||||
```
|
||||
@@ -173,6 +171,15 @@ When an outbound DLP detector matches a token, the route's `dlp.outbound_on_matc
|
||||
|
||||
More examples in `examples/`. Full design lives under `docs/prds/`; the trust-boundary rationale is in `docs/prds/0011-per-file-md-manifest.md`.
|
||||
|
||||
## Tracker policy
|
||||
|
||||
Issues are the canonical work items and own all tracker labels; every issue
|
||||
must have at least one. Pull requests stay unlabeled and deliberately reference
|
||||
an issue with `Closes #…`, `Part of #…`, or another form defined in
|
||||
[`ADR 0005`](docs/decisions/0005-issues-own-tracker-metadata.md). Gitea Actions
|
||||
enforces the convention for new work from 2026-07-18 onward. Earlier closed
|
||||
PRs are grandfathered rather than given artificial retrospective issues.
|
||||
|
||||
## Trademarks
|
||||
|
||||
bot-bottle is an independent project and is not affiliated with, endorsed by, or sponsored by Anthropic, PBC. "Claude" and "Claude Code" are trademarks of Anthropic, PBC; the project name uses "claude" descriptively to indicate that the tool runs Claude Code inside a sandbox.
|
||||
|
||||
@@ -0,0 +1,57 @@
|
||||
# ADR 0005: Keep tracker metadata on issues
|
||||
|
||||
- **Status:** Accepted
|
||||
- **Date:** 2026-07-18
|
||||
- **Deciders:** didericis
|
||||
|
||||
## Context
|
||||
|
||||
Gitea exposes labels on both issues and pull requests. Applying the same labels
|
||||
to both copies planning metadata, creates a synchronization obligation, and
|
||||
makes disagreements between the two records possible. At the same time,
|
||||
unlabelled objects look accidental unless the repository states which object
|
||||
owns the metadata.
|
||||
|
||||
The repository already uses issues as work items and PRs as implementations of
|
||||
those work items. At this decision's cutoff, all open PRs reference issues, but
|
||||
121 of 219 historically merged PRs do not. Manufacturing retrospective issues
|
||||
for that history would create records that never participated in planning and
|
||||
would make the issue history less truthful.
|
||||
|
||||
## Decision
|
||||
|
||||
Issues are the canonical tracker records and own labels. Every issue has at
|
||||
least one label. An issue opened or left without labels receives
|
||||
`Status/Needs Triage` automatically until it is classified.
|
||||
|
||||
Pull requests carry no labels. Every new PR deliberately references at least
|
||||
one existing issue in its title or description with one of these forms:
|
||||
|
||||
- `Closes #123`, `Fixes #123`, or `Resolves #123` when merging completes it.
|
||||
- `Part of #123`, `Related to #123`, `Refs #123`, or `References #123` when it
|
||||
contributes without completing it.
|
||||
|
||||
Gitea Actions enforces both PR rules as a status check and repairs the empty
|
||||
issue-label state. Branch protection makes the PR policy check required.
|
||||
|
||||
The policy applies from 2026-07-18 onward. Existing issues may be labelled as
|
||||
they are encountered, but closed PRs are grandfathered: no retrospective
|
||||
issues or PR labels are created solely to make history conform.
|
||||
|
||||
## Consequences
|
||||
|
||||
- Classification, priority, and workflow metadata have one source of truth.
|
||||
- A PR's issue link is the navigation path to its planning metadata.
|
||||
- Multi-PR issues do not require copied or synchronized labels.
|
||||
- `Status/Needs Triage` is an intentional fallback, not a final
|
||||
classification.
|
||||
- Direct issue creation remains convenient; automation repairs a missing label
|
||||
immediately after creation because Gitea has no native required-label rule.
|
||||
- The required check must be configured in branch protection after this
|
||||
workflow lands.
|
||||
|
||||
## Links
|
||||
|
||||
- Issue #405.
|
||||
- `.gitea/workflows/tracker-policy.yml`.
|
||||
- `scripts/tracker_policy.py`.
|
||||
@@ -0,0 +1,135 @@
|
||||
#!/usr/bin/env python3
|
||||
"""Enforce the repository's issue/PR metadata policy in Gitea Actions."""
|
||||
|
||||
from __future__ import annotations
|
||||
|
||||
import argparse
|
||||
import json
|
||||
import os
|
||||
import re
|
||||
import urllib.error
|
||||
import urllib.request
|
||||
from pathlib import Path
|
||||
from typing import Any
|
||||
|
||||
|
||||
ISSUE_REFERENCE = re.compile(
|
||||
r"(?im)\b(?:close[sd]?|fix(?:e[sd])?|resolve[sd]?|part\s+of|"
|
||||
r"related\s+to|refs?|references)\s+#(\d+)\b"
|
||||
)
|
||||
TRIAGE_LABEL = "Status/Needs Triage"
|
||||
|
||||
|
||||
def deliberate_issue_numbers(title: str, body: str) -> set[int]:
|
||||
"""Return same-repository issue numbers referenced intentionally."""
|
||||
return {int(match) for match in ISSUE_REFERENCE.findall(f"{title}\n{body}")}
|
||||
|
||||
|
||||
class GiteaApi:
|
||||
"""Small API client using the Actions-provided repository token."""
|
||||
|
||||
def __init__(self, api_url: str, repository: str, token: str) -> None:
|
||||
self.base = f"{api_url.rstrip('/')}/repos/{repository}"
|
||||
self.token = token
|
||||
|
||||
def request(self, method: str, path: str, payload: object | None = None) -> Any:
|
||||
data = None if payload is None else json.dumps(payload).encode()
|
||||
request = urllib.request.Request(
|
||||
f"{self.base}{path}",
|
||||
data=data,
|
||||
method=method,
|
||||
headers={
|
||||
"Authorization": f"token {self.token}",
|
||||
"Content-Type": "application/json",
|
||||
},
|
||||
)
|
||||
with urllib.request.urlopen(request, timeout=15) as response:
|
||||
if response.status == 204:
|
||||
return None
|
||||
return json.load(response)
|
||||
|
||||
|
||||
def check_pull_request(event: dict[str, Any], api: GiteaApi) -> list[str]:
|
||||
"""Return policy violations for a pull_request event."""
|
||||
pull = event["pull_request"]
|
||||
errors: list[str] = []
|
||||
labels = pull.get("labels") or []
|
||||
if labels:
|
||||
errors.append(
|
||||
"PRs must be unlabeled; put tracker metadata on the linked issue "
|
||||
f"(found: {', '.join(label['name'] for label in labels)})."
|
||||
)
|
||||
|
||||
numbers = deliberate_issue_numbers(pull.get("title", ""), pull.get("body", ""))
|
||||
if not numbers:
|
||||
errors.append(
|
||||
"PR must reference an issue with Closes/Fixes/Resolves #N, "
|
||||
"Part of #N, Related to #N, Refs #N, or References #N."
|
||||
)
|
||||
return errors
|
||||
|
||||
real_issues = 0
|
||||
for number in sorted(numbers):
|
||||
try:
|
||||
item = api.request("GET", f"/issues/{number}")
|
||||
except urllib.error.HTTPError as error:
|
||||
if error.code == 404:
|
||||
errors.append(f"Referenced issue #{number} does not exist.")
|
||||
continue
|
||||
raise
|
||||
if item.get("pull_request") is not None:
|
||||
errors.append(f"#{number} is a pull request, not an issue.")
|
||||
else:
|
||||
real_issues += 1
|
||||
|
||||
if not real_issues and not errors:
|
||||
errors.append("PR must reference at least one real issue.")
|
||||
return errors
|
||||
|
||||
|
||||
def ensure_issue_label(event: dict[str, Any], api: GiteaApi) -> bool:
|
||||
"""Apply the triage label if an issue event leaves the issue unlabeled."""
|
||||
issue = event["issue"]
|
||||
if issue.get("pull_request") is not None or issue.get("labels"):
|
||||
return False
|
||||
labels = api.request("GET", "/labels?limit=100")
|
||||
triage = next((label for label in labels if label["name"] == TRIAGE_LABEL), None)
|
||||
if triage is None:
|
||||
raise RuntimeError(f"repository label {TRIAGE_LABEL!r} does not exist")
|
||||
api.request("POST", f"/issues/{issue['number']}/labels", {"labels": [triage["id"]]})
|
||||
return True
|
||||
|
||||
|
||||
def _load_event(path: str) -> dict[str, Any]:
|
||||
return json.loads(Path(path).read_text(encoding="utf-8"))
|
||||
|
||||
|
||||
def main() -> int:
|
||||
parser = argparse.ArgumentParser()
|
||||
parser.add_argument("command", choices=("check-pr", "label-issue"))
|
||||
parser.add_argument("--event", default=os.environ.get("GITHUB_EVENT_PATH"))
|
||||
args = parser.parse_args()
|
||||
if not args.event:
|
||||
parser.error("--event or GITHUB_EVENT_PATH is required")
|
||||
|
||||
api = GiteaApi(
|
||||
os.environ["GITHUB_API_URL"],
|
||||
os.environ["GITHUB_REPOSITORY"],
|
||||
os.environ["GITHUB_TOKEN"],
|
||||
)
|
||||
event = _load_event(args.event)
|
||||
if args.command == "check-pr":
|
||||
errors = check_pull_request(event, api)
|
||||
if errors:
|
||||
print("\n".join(f"::error::{error}" for error in errors))
|
||||
return 1
|
||||
print("PR tracker policy passed.")
|
||||
return 0
|
||||
|
||||
changed = ensure_issue_label(event, api)
|
||||
print(f"Applied {TRIAGE_LABEL}." if changed else "Issue already has a label.")
|
||||
return 0
|
||||
|
||||
|
||||
if __name__ == "__main__":
|
||||
raise SystemExit(main())
|
||||
@@ -69,12 +69,11 @@ _DUMMY_HOST_KEY = (
|
||||
|
||||
@skip_unless_docker()
|
||||
@unittest.skipIf(
|
||||
os.environ.get("GITEA_ACTIONS") == "true"
|
||||
and os.environ.get("BOT_BOTTLE_BACKEND") != "firecracker",
|
||||
"skipped under act_runner unless BOT_BOTTLE_BACKEND=firecracker: "
|
||||
"egress_tls_init uses a host bind mount the runner container can't "
|
||||
"see, and the network topology hides sibling-gateway visibility — "
|
||||
"these constraints don't apply on the self-hosted KVM runner",
|
||||
os.environ.get("GITEA_ACTIONS") == "true",
|
||||
"skipped under act_runner: egress_tls_init uses a host bind mount "
|
||||
"the runner container can't see, and the network topology hides "
|
||||
"sibling-gateway visibility — same constraint as the other "
|
||||
"bottle-bringup integration tests",
|
||||
)
|
||||
class TestSandboxEscape(unittest.TestCase):
|
||||
"""End-to-end attacks against a real bottle. The bottle stays
|
||||
|
||||
@@ -0,0 +1,62 @@
|
||||
import unittest
|
||||
from unittest.mock import Mock
|
||||
|
||||
from scripts.tracker_policy import (
|
||||
TRIAGE_LABEL,
|
||||
check_pull_request,
|
||||
deliberate_issue_numbers,
|
||||
ensure_issue_label,
|
||||
)
|
||||
|
||||
|
||||
class TestDeliberateIssueNumbers(unittest.TestCase):
|
||||
def test_accepts_completing_and_noncompleting_forms(self):
|
||||
self.assertEqual(
|
||||
deliberate_issue_numbers("Fixes #12", "Part of #14; refs #15"),
|
||||
{12, 14, 15},
|
||||
)
|
||||
|
||||
def test_does_not_treat_incidental_number_as_link(self):
|
||||
self.assertEqual(deliberate_issue_numbers("Audit #12", "See PR #14"), set())
|
||||
|
||||
|
||||
class TestCheckPullRequest(unittest.TestCase):
|
||||
def test_accepts_unlabelled_pr_linked_to_real_issue(self):
|
||||
api = Mock()
|
||||
api.request.return_value = {"number": 12, "pull_request": None}
|
||||
event = {"pull_request": {"title": "Change", "body": "Part of #12", "labels": []}}
|
||||
self.assertEqual(check_pull_request(event, api), [])
|
||||
|
||||
def test_rejects_labels_and_pr_reference(self):
|
||||
api = Mock()
|
||||
api.request.return_value = {"number": 12, "pull_request": {}}
|
||||
event = {
|
||||
"pull_request": {
|
||||
"title": "Change",
|
||||
"body": "Closes #12",
|
||||
"labels": [{"name": "Kind/Bug"}],
|
||||
}
|
||||
}
|
||||
errors = check_pull_request(event, api)
|
||||
self.assertEqual(len(errors), 2)
|
||||
self.assertIn("unlabeled", errors[0])
|
||||
self.assertIn("not an issue", errors[1])
|
||||
|
||||
|
||||
class TestEnsureIssueLabel(unittest.TestCase):
|
||||
def test_adds_triage_label_to_unlabelled_issue(self):
|
||||
api = Mock()
|
||||
api.request.side_effect = [[{"id": 55, "name": TRIAGE_LABEL}], None]
|
||||
event = {"issue": {"number": 405, "labels": [], "pull_request": None}}
|
||||
self.assertTrue(ensure_issue_label(event, api))
|
||||
api.request.assert_any_call("POST", "/issues/405/labels", {"labels": [55]})
|
||||
|
||||
def test_leaves_labelled_issue_unchanged(self):
|
||||
api = Mock()
|
||||
event = {"issue": {"number": 405, "labels": [{"name": "Kind/Documentation"}]}}
|
||||
self.assertFalse(ensure_issue_label(event, api))
|
||||
api.request.assert_not_called()
|
||||
|
||||
|
||||
if __name__ == "__main__":
|
||||
unittest.main()
|
||||
Reference in New Issue
Block a user