Revert "refactor(auth): centralize credential loading and Docker registry login"

[gargrahul]

Reverts #106

For ROCM-23419

[Copilot]

Pull request overview

This PR primarily reverts PR #106 by removing the centralized auth module and reintroducing distributed credential-loading / registry-login logic in orchestrators and execution components. Alongside that revert, it also includes a wide set of behavioral changes across error types, Docker command construction, deployment status handling, and reporting utilities.

Changes:

• Remove madengine.core.auth (and its unit tests) and re-add credential loading / registry login logic directly in orchestrators, DockerBuilder, and ContainerRunner.
• Rename/alias several error types (NetworkError→ConnectionError, DeploymentTimeoutError→TimeoutError, and RuntimeError alias) and update unit/integration tests accordingly.
• Adjust multiple operational behaviors (Docker arg quoting, SLURM completion fallback behavior, perf.csv update logic, session tracking).

Reviewed changes

Copilot reviewed 39 out of 39 changed files in this pull request and generated 34 comments.

Show a summary per file

File	Description
tests/unit/test_error_handling.py	Updates tests for renamed error classes and backward-compat alias.
tests/unit/test_deployment.py	Removes cache-clearing hooks for is_rocprofv3_available.
tests/unit/test_auth.py	Deletes tests for removed madengine.core.auth.
tests/integration/test_errors.py	Updates integration tests to renamed/aliased error classes.
tests/integration/test_docker_integration.py	Updates expected quoting in generated Docker build-args.
src/madengine/utils/session_tracker.py	Changes row counting logic; adds marker loading + getter.
src/madengine/utils/rocm_tool_manager.py	Adjusts fallback error logging/raising in command execution.
src/madengine/utils/ops.py	Adds dict substring utilities.
src/madengine/utils/log_formatting.py	Fixes truncation message text; adds log-section helper.
src/madengine/utils/gpu_validator.py	Expands typing imports.
src/madengine/utils/gpu_config.py	Replaces logger calls with print messaging.
src/madengine/utils/discover_models.py	Changes MODEL_DIR copy command construction; switches to assert checks for CustomModel.
src/madengine/utils/config_parser.py	Modifies directory-walk condition for locating configs.
src/madengine/scripts/common/tools/rocm_smi_utils.py	Broadens exception handling in ROCm SMI init path.
src/madengine/scripts/common/tools/amd_smi_utils.py	Broadens exception handling in AMD SMI power query path.
src/madengine/reporting/update_perf_csv.py	Alters tag flattening type check; removes dropping of non-scalar fields before DataFrame creation.
src/madengine/reporting/csv_to_email.py	Changes function return annotation (Optional→str) and typing imports.
src/madengine/orchestration/run_orchestrator.py	Reintroduces inline credential loading; adds dockerfile-context filtering helper; adds handle_error import.
src/madengine/orchestration/build_orchestrator.py	Reintroduces inline credential loading; changes config error handling (SystemExit); adds handle_error import.
src/madengine/execution/docker_builder.py	Removes shared auth dependency; changes build-arg quoting; adds embedded registry login logic.
src/madengine/execution/container_runner.py	Removes shared auth dependency; adds embedded registry login logic; changes env var quoting/logging.
src/madengine/deployment/slurm.py	Changes “unknown status” handling to assume success on sacct issues.
src/madengine/deployment/kubernetes.py	Updates imports/constants related to deployment common/secrets.
src/madengine/deployment/factory.py	Silences Kubernetes ImportError warning behavior.
src/madengine/deployment/config_loader.py	Adds os import.
src/madengine/deployment/common.py	Removes lru_cache usage on is_rocprofv3_available.
src/madengine/deployment/base.py	Removes UNKNOWN deployment status and adjusts perf.csv writing logic.
src/madengine/core/timeout.py	Adds typing import.
src/madengine/core/errors.py	Renames/aliases error classes; adds traceback/Rich Table import.
src/madengine/core/docker.py	Changes default console arg + removes quoting around shell-invoked docker commands.
src/madengine/core/dataprovider.py	Adds debug prints in data source checks.
src/madengine/core/context.py	Adds GPU validator imports; adds stderr debug prints; changes get_numa_balancing type signature.
src/madengine/core/auth.py	Removes centralized auth utilities module.
src/madengine/cli/validators.py	Removes initialization of dockerfile_matched in batch-manifest processing.
src/madengine/cli/constants.py	Changes ExitCode from IntEnum to plain class.
src/madengine/cli/commands/run.py	Removes timeout==0 → None mapping while help text still claims “0 = no timeout”.
src/madengine/cli/app.py	Hardcodes --version output rather than reading package metadata.
pyproject.toml	Adds dependencies (setuptools-rust, pytest).
CLAUDE.md	Removes repository development guidance doc.

Comments suppressed due to low confidence (2)

src/madengine/core/context.py:463

• get_numa_balancing is annotated/ documented as returning bool, but it actually returns the raw stdout from cat (a string like '0'/'1') when the path exists. Either convert the command output to a boolean, or keep the return type as Union[str, bool] / str to match actual behavior.

    def get_numa_balancing(self) -> bool:
        """Get NUMA balancing.

        Returns:
            bool: The output of the shell command.

        Raises:
            RuntimeError: If the NUMA balancing is not enabled or disabled.

        Note:
            NUMA balancing is enabled if the output is '1', and disabled if the output is '0'.

            What is NUMA balancing?
            Non-Uniform Memory Access (NUMA) is a computer memory design used in multiprocessing,
            where the memory access time depends on the memory location relative to the processor.
        """
        # Check if NUMA balancing is enabled or disabled.
        path = "/proc/sys/kernel/numa_balancing"
        if os.path.exists(path):
            return self.console.sh("cat /proc/sys/kernel/numa_balancing || true")
        else:
            return False

src/madengine/execution/docker_builder.py:75

• get_build_arg uses a mutable default (run_build_arg: typing.Dict = {}), which can leak state across calls/tests. Use None as the default and create a new dict inside the function instead.

    def get_build_arg(self, run_build_arg: typing.Dict = {}) -> str:
        """Get the build arguments.

        Args:
            run_build_arg: The run build arguments.

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

[Copilot]

dockerfile_matched was previously initialized before the try, but it’s still referenced later in the except fallback path (synthetic_image_name = f"ci-{model_name}_{dockerfile_matched}"). If an exception occurs before dockerfile_matched is assigned, this will raise UnboundLocalError and skip creating the minimal entry. Reintroduce a safe initialization (e.g., dockerfile_matched = 'unknown') before the try.

Suggested change

	if not build_new:
	if not build_new:
	# Default value used by the fallback path if discovery fails early.
	dockerfile_matched = "unknown"

[Copilot]

Defining ConnectionError, TimeoutError, and especially RuntimeError = ExecutionError in this module collides with Python’s built-in exception names. This can lead to very confusing except RuntimeError/TimeoutError/ConnectionError behavior once callers import from madengine.core.errors. Consider using distinct names (e.g., MadEngineConnectionError) and providing backward-compatibility aliases with non-builtin names (or alias the old names like NetworkError).

[Copilot]

flatten_tags uses type(x) == list instead of isinstance(x, list), which will miss list subclasses (and is inconsistent with the rest of the codebase’s type checks). Prefer isinstance(perf_entry.get('tags'), list).

Suggested change

	if type(perf_entry["tags"]) == list:
	if isinstance(perf_entry.get("tags"), list):

[Copilot]

--version output is now hardcoded to 2.0.0, which will become incorrect as soon as the package version changes and breaks automation that relies on accurate version reporting. Consider restoring runtime version lookup via importlib.metadata.version('madengine') (with a fallback when not installed).

[Copilot]

The new _load_credentials catches all exceptions and only prints a warning. This diverges from the structured error handling used elsewhere (handle_error/ConfigurationError) and can lead to silent misconfiguration (e.g., malformed JSON) later in the run. Consider using handle_error with a ConfigurationError (or at least include actionable suggestions) instead of a bare print.

[Copilot]

handle_single_result / handle_exception_result now build a one-row DataFrame directly from the JSON dict. If the result contains non-scalar fields like configs (often a list of dicts from ConfigParser.parse_and_load()), pd.DataFrame(dict_with_list, index=[0]) can raise ValueError (length mismatch) or produce an invalid row. Consider dropping/serializing non-scalar fields (e.g., configs) before constructing the DataFrame, as the previous code did.

[Copilot]

Catching all exceptions here and returning DeploymentStatus.SUCCESS has the same risk as the non-zero sacct fallback: failures in status checks will be reported as success. Return an explicit unknown/failed status (or rethrow) so callers can react appropriately.

[Copilot]

get_gpu_vendor now prints debug messages to stderr unconditionally. This will add noisy output in normal operation and can interfere with log parsing. Consider guarding these prints behind a debug/verbose flag or using the project’s logging facilities with an appropriate log level.

[Copilot]

Environment variable values are appended to the docker run command without any quoting/escaping (... -e KEY=VALUE ...). Values containing spaces/quotes will break the command, and unescaped interpolation combined with shell=True is injection-prone. Quote values (e.g., shlex.quote(str(...))) or build the docker invocation as an argument list.

[Copilot]

When sacct fails (non-zero return code), _check_job_completion now assumes job success and returns DeploymentStatus.SUCCESS. This can silently mark failed or cancelled jobs as successful and lead to incorrect reporting/automation decisions. Prefer returning a distinct “unknown” state (or treat as failure) and surface the inability to verify status in the result message.