Skip to content

feat(worker): headless contract + worker resilience (retries, preflight, checks)#27

Merged
BunsDev merged 3 commits into
mainfrom
feat/worker-resilience-e2e
Jul 3, 2026
Merged

feat(worker): headless contract + worker resilience (retries, preflight, checks)#27
BunsDev merged 3 commits into
mainfrom
feat/worker-resilience-e2e

Conversation

@BunsDev

@BunsDev BunsDev commented Jul 3, 2026

Copy link
Copy Markdown
Member

What

Consolidates the headless-contract + worker-resilience work into one landable PR. This is a superset of the feat/github-correctness-issues-8-9-4 branch (shares commit ce23755), so landing this delivers both.

Layer 1 — headless contract (ce23755)

  • Introduces the headless contract: webhook parsing, repo client, and versioned JSON schemas
  • docs/headless-contract.md, docs/contracts/*.schema.json + examples, docs/app-manifest.json
  • Worker contract test (crates/worker/tests/contract.rs)
  • brief uses the resolved default branch (not hardcoded main); brief serialization never leaks token/auth fields

Layer 2 — worker resilience (8af77c8)

  • Hardened worker preflight, retry budget, and exit-code disposition:
    • exit 0 + result → completed; exit 0 w/o result → retry-safe
    • exit 1 → failure, not retried
    • exit 2 → retry-safe up to budget, then errors
    • exit 3 → needs-input, terminal (not retried)
    • timeout → kill + retry-safe

Layer 3 — test hardening (5a0870a)

  • Fix flaky exit-code tests that raced the kill timer: test_config now defaults to a generous 30s timeout; the dedicated timeout test overrides to 1s inline.

Verification (local)

  • cargo check --workspace → clean
  • cargo test --workspaceall green (worker: 14 lib + 1 contract; config 11; webhook 7; api 5)
  • The previously-flaky exit_three_needs_input_is_completed_not_retried now passes deterministically.

Consolidation note

Once this lands, feat/github-correctness-issues-8-9-4 is fully subsumed (its commit ce23755 is an ancestor here) and can be deleted.

BunsDev added 3 commits June 25, 2026 03:14
Add a locked headless execution contract (v1) with doc, JSON schemas, and golden fixtures. Make session briefs tokenless and enforce COVEN_GIT_TOKEN as the git-auth channel. Add HEADLESS_CONTRACT_VERSION, contract_version fields to brief/result types, and conformance tests. Implement repo metadata client to resolve branch/PR SHAs and wire it into worker task execution (CheckRun target, brief default_branch, PR base ref). Enhance webhook parsing/routing: PR review events, PR comment detection, ping handling, and robust mention matching. Several tests and fixtures added; update docs (security, self-hosting, README).
Refactors worker task execution so failures before check creation are still recorded in TaskStore, and so check runs are always finalized while workspace cleanup always happens. Moves publish/comment/check-progress steps to best-effort behavior, adds status-based disposition mapping (including neutral/action_required), and only opens PRs when appropriate. Reworks coven-code execution into contract-aware attempt types so only retry-safe failures (exit 2, timeout, signal, spawn/read issues) are retried, while exit 1 and exit 3 are terminal. Adds targeted tests for failed-task registration, disposition mapping, and retry/exit-code behavior, plus small README/COVEN formatting fixes.
test_config hardcoded timeout_secs=1 for every caller, so the exit-code
tests (0/1/2/3) raced the kill timer under load — the exit-3 needs-input
test intermittently saw RetrySafe(timeout) instead of the terminal
NeedsInput disposition.

Default test_config to a generous 30s timeout so exit-code tests never
race the kill path; the dedicated timeout test overrides it back to 1s
inline (it exercises sleep 5 and asserts elapsed < 3s).
Copilot AI review requested due to automatic review settings July 3, 2026 13:06

Copilot AI left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

This PR consolidates the “headless execution contract” and “worker resilience” work by locking a v1 adapter↔runtime interface (docs + JSON Schemas + golden fixtures + conformance tests) and hardening the worker’s execution/publication lifecycle (preflight ref resolution, retry-safe exit-code handling, and deterministic process tests).

Changes:

  • Introduces a locked v1 headless contract (normative doc, JSON Schemas, golden fixtures, and a conformance test).
  • Hardens the worker loop with preflight (token + ref resolution + Check Run creation), retry budget/backoff based on exit code semantics, and “always finalize Check Run / always cleanup workspace” behavior.
  • Expands webhook support/fixtures (ping handling + PR review submissions + more robust mention routing) and updates docs for self-hosting/security.

Reviewed changes

Copilot reviewed 26 out of 26 changed files in this pull request and generated 4 comments.

Show a summary per file
File Description
README.md Updates capability/status table and self-hosting config instructions to reflect the new contract and default-branch behavior.
docs/self-hosting.md Adds app-manifest-based setup path and documents additional webhook triggers/events.
docs/security.md Updates token handling description to match the tokenless brief + env-injected git token model.
docs/headless-contract.md Adds the normative v1 contract spec for headless execution (inputs, outputs, exit codes, invariants).
docs/contracts/session-brief.schema.json Adds the session brief JSON Schema (tokenless, versioned).
docs/contracts/session-brief.example.json Adds a golden session-brief fixture.
docs/contracts/result.schema.json Adds the result envelope JSON Schema (versioned).
docs/contracts/result.example.json Adds a golden result fixture.
docs/app-manifest.json Adds a prefilled GitHub App manifest for simpler registration.
crates/worker/tests/contract.rs Adds a conformance test that round-trips golden fixtures through Rust wire types.
crates/worker/src/lib.rs Implements worker preflight, ref resolution, retry-safe execution policy, always-finalize Check Runs, and hardened process tests.
crates/worker/src/brief.rs Makes the session brief tokenless, versioned, and default-branch aware; adds token-leak regression tests.
crates/webhook/src/routes.rs Acknowledges ping explicitly; adds boundary-aware mention parsing; routes PR conversation comments to PR iteration.
crates/webhook/src/events.rs Extends webhook parsing for pull_request_review and flags issue_comment events that are actually PR comments.
crates/webhook/tests/parse_fixtures.rs Adds fixture-driven parsing tests for all supported webhook payloads (including ping/reviews).
crates/webhook/tests/fixtures/*.json Adds webhook payload fixtures for parsing coverage.
crates/github/src/tasks.rs Adds register_failed to persist preflight failures; updates tests for contract_version field.
crates/github/src/repo.rs Adds a GitHub metadata client for repo default branch + branch SHA + PR refs/SHAs.
crates/github/src/lib.rs Adds HEADLESS_CONTRACT_VERSION, adds Ping/PullRequestReview events and contract_version on SessionResult, and avoids sending JSON bodies for GETs.
COVEN-GITHUB.md Clarifies that docs/headless-contract.md is normative and corrects/aligns illustrative prose.

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

Comment thread docs/headless-contract.md
Comment on lines +14 to +16
The contract is enforced on the `coven-github` side by golden fixtures in
[`docs/contracts/`](contracts/) and a conformance test
(`crates/github/tests/contract.rs`) that round-trips those fixtures through the
Comment thread docs/headless-contract.md
Comment on lines +252 to +254
| [`docs/contracts/session-brief.example.json`](contracts/session-brief.example.json) | Golden input fixture. |
| [`docs/contracts/result.example.json`](contracts/result.example.json) | Golden output fixture. |
| `crates/github/tests/contract.rs` | Round-trips the golden fixtures through the Rust types — fails the build if the adapter drifts from this contract. |
Comment on lines +7 to +10
"additionalProperties": false,
"required": ["trigger", "repo", "task", "familiar", "workspace"],
"properties": {
"contract_version": {
Comment on lines +15 to +17
/// The brief is intentionally tokenless: the agent receives read context only.
/// Git authentication is injected out-of-band (env / GIT_ASKPASS) and GitHub
/// write authority (comments, Check Runs, branches, PRs) stays with the adapter
@BunsDev BunsDev merged commit b2c52e6 into main Jul 3, 2026
2 checks passed
@BunsDev BunsDev deleted the feat/worker-resilience-e2e branch July 3, 2026 13:20
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants