docs: add CONTRIBUTING.md#1
Merged
Merged
Conversation
Covers development environment (Python 3.12 venv, editable install, pytest, ruff), the three-layer role glossary pulled verbatim from src/bonfire/naming.py, and the pull request process (branch naming, commit style, CI gates, PR description expectations). Closes Wave 1 of the v0.1 plan. Co-Authored-By: Claude Opus 4 <noreply@anthropic.com>
15 tasks
Antawari
added a commit
that referenced
this pull request
Apr 17, 2026
Fixes ISSUE #1 from the retrospective review of PR #2 (tracked in issue #3). The scaffolded runner did `git clone https://` of the private fixture repo inside the container — anonymous HTTPS fails, and stuffing a token into the container to work around that grows the secret surface. New flow: the host clones via SSH into .e2e-runs/<run-id>/target (host SSH keys handle auth) and bind-mounts the directory into the container at /workspace/target. The box reaches only api.anthropic.com; GitHub is unreachable from inside. Changes - tests/e2e/scripts/e2e-box.sh: host clone + fixture bind-mount - tests/e2e/scripts/e2e-runner.sh: in-container clone replaced by mount sanity check - docs/release-gates.md: §Flow step 2 rewritten; offline-box security property documented Closes issue #3 checkbox #1. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
6 tasks
Antawari
added a commit
that referenced
this pull request
Apr 17, 2026
) Fixes ISSUE #1 from the retrospective review of PR #2 (tracked in issue #3). The scaffolded runner did `git clone https://` of the private fixture repo inside the container — anonymous HTTPS fails, and stuffing a token into the container to work around that grows the secret surface. New flow: the host clones via SSH into .e2e-runs/<run-id>/target (host SSH keys handle auth) and bind-mounts the directory into the container at /workspace/target. The box reaches only api.anthropic.com; GitHub is unreachable from inside. Changes - tests/e2e/scripts/e2e-box.sh: host clone + fixture bind-mount - tests/e2e/scripts/e2e-runner.sh: in-container clone replaced by mount sanity check - docs/release-gates.md: §Flow step 2 rewritten; offline-box security property documented Closes issue #3 checkbox #1. Co-authored-by: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
Antawari
added a commit
that referenced
this pull request
Apr 17, 2026
… family) (#5) * release-gates: scaffold v0.1 gate protocol + E2E box + verdict schema (#2) Stands up the release-gate discipline for v0.1. - docs/release-gates.md — tiers (infra / integration / E2E / release), reviewer cadence (Wizard + code-reviewer), E2E box spec, fixture contract, cost logging (Fork C), API key handling, re-publish checklist, rollback, release train lifecycle. - tests/e2e/schemas/verdict.schema.json — Draft-07 schema for the release-gate verdict artifact. The schema IS the contract; tighten the bar by adding assertions here. - tests/e2e/Dockerfile — ubuntu:24.04 + python3.12 + node20 + @anthropic-ai/claude-code. Local execution only. - tests/e2e/scripts/e2e-box.sh — host-side driver. - tests/e2e/scripts/e2e-runner.sh — container-side runner (scaffold; completed by BON-359 once the fixture lands). - docs/release-gate-tickets.md — Linear drafts for BON-356 epic and its six children (to be filed when Linear OAuth is live). Context: repo flipped private at session start. Fixture repo created at BonfireAI/bonfire-e2e-fixture (private). v0.1 integration branch live at origin. E2E runs LOCAL ONLY — never in CI. Co-authored-by: Claude Opus 4.7 (1M context) <noreply@anthropic.com> * e2e: host-clone fixture, bind-mount into box (no creds in container) (#4) Fixes ISSUE #1 from the retrospective review of PR #2 (tracked in issue #3). The scaffolded runner did `git clone https://` of the private fixture repo inside the container — anonymous HTTPS fails, and stuffing a token into the container to work around that grows the secret surface. New flow: the host clones via SSH into .e2e-runs/<run-id>/target (host SSH keys handle auth) and bind-mounts the directory into the container at /workspace/target. The box reaches only api.anthropic.com; GitHub is unreachable from inside. Changes - tests/e2e/scripts/e2e-box.sh: host clone + fixture bind-mount - tests/e2e/scripts/e2e-runner.sh: in-container clone replaced by mount sanity check - docs/release-gates.md: §Flow step 2 rewritten; offline-box security property documented Closes issue #3 checkbox #1. Co-authored-by: Claude Opus 4.7 (1M context) <noreply@anthropic.com> * docs(release-gate-tickets): replace drafts with Linear links (BON-421 family) The file was a staging ground while Linear OAuth was fragile during S054. All 9 tickets are now filed in Linear under epic BON-421: - BON-422 (v0.1 branch + protection) — Done - BON-423 (release-gates.md + verdict schema) — Done - BON-424 E2E box runnable completion — Backlog - BON-425 fixture target repo populate — Backlog (blocks 424) - BON-426 per-wave gate checklist template — Backlog - BON-427 audit open branches — Backlog - BON-428 canonical branch-name assertion — Backlog (PR #2 retro) - BON-429 Pin the gate — Backlog (PR #2 retro) Renumbering note: drafts were BON-356–364 when written; Operation Seal (private lane, S055) consumed BON-361 + BON-362 overnight, so the public tickets landed at BON-421–429. Linear auto-numbers monotonically across the team. File stays until epic BON-421 closes at v0.1.0 publish. Then delete. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com> --------- Co-authored-by: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
4 tasks
This was referenced Apr 28, 2026
Merged
5 tasks
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Adds
CONTRIBUTING.mdcovering development environment setup, the three-layer role glossary, testing conventions, and the pull request process. Closes Wave 1 of the v0.1 plan.[dev]extras,pytest,ruff check,ruff format --check.src/bonfire/naming.py(generic / professional / gamified). Documents the convention that code uses the generic names; professional and gamified names are display concerns.pytestwithasyncio_mode = "auto",tests/unit/vstests/integration/,@pytest.mark.liveskip-by-default.docs/release-policy.md.Test plan
pytest tests/— 16 passedruff check src/ tests/— cleanruff format --check src/ tests/— cleansrc/bonfire/naming.pybyte-for-byte across all 8 roles