chore(sync): develop → main (v0.36.2)#133
Merged
Destynova2 merged 131 commits intomainfrom Apr 10, 2026
Merged
Conversation
- Fix actionlint parameter: `flags` → `args` (rhysd/actionlint input name) - Add URL exfiltration blocking on inbound requests in `sanitize_request_checked()` — was only checking responses, violating CONTRACTS.md INV-1 (security drift) - Fix docs/QUICKSTART.md: replace `cargo install grob` (wrong crate) with brew/curl install methods - Fix CLAUDE.md: container image size ~17MB → ~6MB (matches reality) - Fix CONTRACTS.md + AGENTS.md: clarify SubagentTag returns RouteType::Default (no dedicated Subagent variant exists) Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Tests now only wait for fmt + clippy + deny (fast gate) instead of all 11 quality checks. Slow checks (coverage, feature-check, semver, audit, gitleaks, docs, machete) still run in parallel and are required by the `required` gate job — they just no longer block test execution. Expected improvement: ~3-5 min faster test feedback on PRs. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
- Remove `audit-wire` path dependency from Cargo.toml — the crate lives outside the repo (`../shared/audit-wire`) so CI cannot resolve it. Will be reintroduced when published to a registry or vendored. - Inline Windows feature flags instead of using a shell variable to satisfy shellcheck SC2086 (unquoted variable expansion). Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
SpendData gained a new pub field (by_provider_count) which cargo-semver-checks flags as a major breaking change. Adding #[non_exhaustive] allows future field additions without semver breaks. Within the crate, struct literals still work. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
grob is not published to crates.io, so semver-checks is informational only. Internal trait changes (like provider_breakdown return type) are intentional breaking changes that don't affect external consumers. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
… jobs - Homebrew job now depends on `release` instead of `container`, ensuring GitHub Release assets exist before computing SHA256 checksums. Previously: homebrew ran before release → curl 404 on assets. - Homebrew restricted to tag pushes only (no point on develop push). - Path filter forces all outputs to `true` on tag pushes, preventing the entire build/test/release pipeline from being skipped. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
- Add .cargo/config.toml with musl target linker settings for cross. Dev builds use glibc (fast), release builds use cross for static musl+jemalloc binaries. - Remove kraft.yaml (unikernel leftover from removed feature). Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Add 10 tests for extract_trailing_literal_byte (dollar stripping, alpha boundary walk, length threshold, alternation bail-out) and 5 tests for DLP Display formatting and from_config secret+prefix counting. Targets 13 MISSED mutants reported by cargo-mutants. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Document branching model (feature → develop → main), CI pipeline stages, and release-plz flow so contributors and AI agents follow the correct workflow. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
…shes - Add src/ project structure overview for onboarding - Update install URL to grob.sh shortlink - Add development section (build, test, bench commands) - Normalize em-dashes to ASCII double-dashes for terminal compatibility Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Prompt contributors and AI agents to run `prek install` after cloning so pre-commit hooks (fmt, clippy, gitleaks) catch issues before CI. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
SpendData is an internal type (binary, not a crate). Replacing #[non_exhaustive] with pub(crate) visibility hides it from the public API entirely, which fixes the semver-checks breakage without restricting internal construction. Also narrows visibility of related spend functions and storage methods. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Grob is distributed as a standalone binary, not published on crates.io. Semver compatibility checks on the public Rust API are meaningless and were causing false failures (e.g. pub→pub(crate) visibility changes). Remove from CI pipeline, prek pre-push hook, and CLAUDE.md references. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Mutation test coverage, SpendData visibility fix, semver-checks removal, prek setup docs, README improvements. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
release-plz skips semver checks for binaries automatically, but making it explicit avoids confusion and documents the intent. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Branch protection on main requires PRs and status checks, so release-plz cannot push directly. Split into two jobs: - develop push: release-pr (creates/updates PR to main) - main push (after PR merge): release (creates git tag) Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
When `grob start` or `grob exec` detects missing OAuth tokens or API keys, interactively prompt the user to configure them. Providers that are already set up are silently skipped. Each missing provider can be individually skipped to proceed with partial configuration. Supports: - OAuth flows: anthropic-max, openai-codex, gemini (print URL, paste code) - API key entry: saved directly to config.toml - Skip option: provider disabled until configured via `grob connect` - TTY detection: non-interactive sessions skip prompts entirely Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Add critical rules to CLAUDE.md: never push to main, never PR from develop to main, conventional commit scopes for release-plz. Add Git Flow section to AGENTS.md with the same rules plus prek setup. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
PAT-based pushes to main don't trigger workflows (GitHub anti-loop protection). Switch release-tag job from push trigger to pull_request.closed with merged+release label condition. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
1. Fix CircuitBreaker off-by-one: Open→HalfOpen transition now counts the first call, enforcing exactly half_open_max_calls. Add test. 2. Fix doc-code sync: README benchmark aligned with benchmarks.md (90µs/40x not 100us/50x), CLAUDE.md remove phantom shellcheck job, storage.md add missing by_provider_count field. 3. Pin cargo-machete to v0.9.1 (was @main — supply chain risk). 4. Update features.md version reference from v0.30.0 to v0.35.1. 5. Add 4 missing modules to CLAUDE.md module table. Closes #82 items 1-5. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Add E2E test suite for the full config lifecycle chain: fresh install → setup wizard → doctor → start → proxy → reload → stop. ADR-0008 documents the wizard architecture decision: unified config engine with CLI/MCP/web surfaces, doctor checks, server/client modes. Ref: #82 (items #29, #30, #31) Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Fix run_test shell function (filter args, set -e arithmetic trap), use GROB_HOME correctly, foreground start instead of detached mode, add pass_through for mock provider routing. All 10 tests pass with a Python mock on :8100. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
grob's OpenAI provider appends /chat/completions to base_url (without /v1 prefix). VidaiMock expects the full /v1/chat/completions path. Set base_url to include /v1 to match. All 10 tests pass with vidaimock in podman container. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Refactor setup wizard to collect-then-recap-then-write architecture: - All choices collected in Choices struct before any disk write - Recap screen with confirmation before writing config atomically - Add --yes (accept defaults) and --dry-run (preview) flags - Detect existing config and offer edit/replace/cancel - Store API keys as $ENV_VAR references, never raw keys - Simplify compliance screen from 7 to 5 options (GDPR+EU AI Act merged) - Read provider list from preset TOML dynamically instead of hardcoded table Additional fixes from wizard audit: - Doctor returns meaningful exit codes (0=ok, 1=warnings, 2=errors) - Web API config update creates backup before writing - auto_flow.rs stops replacing $ENV_VAR with raw keys in config - Preset apply supports --dry-run via preview_preset() Add wizard Gherkin tests (6 scenarios, 21 steps): - Unattended setup, dry-run, backup, env var refs, doctor, preset dry-run setup.rs reduced from 800 to 620 lines (-22%). Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
- Remove strategic positioning phrase from ADR-0006 - Remove broken link to deleted ADR-0007 in policies.md - ROADMAP.md, ADR-0007, hit-quorum.md moved to private docs Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Fix run_test shell function (filter args, set -e arithmetic trap), use GROB_HOME correctly, foreground start instead of detached mode, add pass_through for mock provider routing. All 10 tests pass with a Python mock on :8100. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Restructure pour etablir un DAG propre entre modules : 1. features <-> server : deplace les handlers HTTP MCP (handle_mcp_rpc, handle_matrix_report, grob_configure) de features/mcp/server/ vers server/mcp_handlers.rs. La logique business MCP pure (query, bench, calibrate) reste dans features/mcp/server/methods.rs sans dep AppState. 2. features <-> providers : extrait ModelPricing, KNOWN_PRICING et pricing() dans un nouveau module feuille src/pricing.rs sans dep interne. features/token_pricing re-exporte pour backward compat. 3. cli <-> providers : deplace AuthType et ProviderConfig de providers/mod.rs vers cli/config.rs (ou vivent tous les types TOML). providers/mod.rs re-exporte pour backward compat. 728 tests passent. Clippy clean.
refactor(arch): supprime 4 fonctions pub mortes
refactor(arch): elimine les 3 cycles de dependances inter-modules
Le job CodeQL buildait a froid a chaque run (~15 min). Ajoute Swatinem/rust-cache avec shared-key codeql, save uniquement sur develop.
…ans bench Regroupe les 7-9 parametres partages entre cmd_bench, measure et run_escalation dans une struct BenchContext. Extrait la boucle de polling health dupliquee 3 fois dans un helper wait_for_proxy_ready. Supprime le #[allow(clippy::too_many_arguments)] devenu inutile.
Factorise le Span de timestamp duplique 9 fois dans format_event dans un helper timestamp_span, eliminant la violation DRY la plus visible du module watch TUI.
Le workflow release-plz avait un cercle vicieux : 1. release-pr cree des PR vers develop (correct) 2. release-tag ne fire que sur PR merged to main (incorrect) 3. sync-main ne fire que sur tag push 4. → Pas de PR vers main → pas de tag → pas de sync → pas de release Fix : - pull_request trigger : ajoute develop aux branches ecoutees - release-tag checkout : ref develop au lieu de ref main - Nouveau flow : push develop → release-pr → PR develop → merge → release-tag fire → tag → sync-main → PR main → release complete Le tag est maintenant cree depuis develop (ou la version bump est), puis sync-main (PR #105) propage vers main via PR automatique. Co-authored-by: commis-ci-fix <commis-ci-fix@grob.local>
Factorise les deux blocs de merge imbriques (tool_use dans assistant, tool_result dans user) de transform_responses_to_canonical en helpers merge_tool_use_into_assistant et merge_tool_result_into_user. Reduit la profondeur max de 11 a 7.
sanitize_request_checked retourne maintenant Vec<DlpActionReport> au lieu de (). scan_dlp_input emet les WatchEvents pour les actions non-bloquantes via emit_dlp_events.
fix(ci): ajoute rust-cache au workflow CodeQL
refactor(commands): introduire BenchContext et factoriser wait_for_proxy_ready refactor(server): extraire timestamp_span dans le TUI watch refactor(compat): extraire les helpers de merge dans transform_responses Batch 6+7 du plan cli-cycle : - MCP grob_configure persiste sur disque (backup .toml.backup + serde pretty) - bench: BenchContext regroupe 9 params, wait_for_proxy_ready elimine 3 duplications - watch tui: timestamp_span factorise 9 repetitions de formatage - responses transform: merge_tool_use/result extraits, nesting 11 -> 7
fix(dlp): emet les WatchEvents pour les actions DLP de sanitization
fix(mcp)+refactor: persist grob_configure + 3 refactorings mineurs
Sur un tag push, github.event.before est 0000000... (pas de commit precedent). gitleaks recoit un range invalide et fail avec exit 1 meme si aucun leak n'est trouve. Ca fait fail Required checks et bloque le pipeline release. Fix : detecte before=0000000 → scan HEAD~1..HEAD au lieu du range invalide. Co-authored-by: commis-ci-fix <commis-ci-fix@grob.local>
…elop) Le flow reel depuis PR #119 est : release-plz cree les tags v* directement sur develop, puis sync-main.yml ouvre un PR vers main. L'ancien flow (PR develop→main puis tag) etait obsolete. Corrige aussi le filtre release_commits (tout scope accepte).
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
docs(claude): corrige la description du release flow
fix(security): ajoute le guard is_key_denied a la web config API
Ajoute un module credential_check qui ping le endpoint /models du provider (timeout 5s) apres saisie d'une API key dans le wizard setup et auto_flow. Si le provider retourne 401/403, un warning s'affiche et l'utilisateur peut continuer ou rejeter. Best-effort : les erreurs reseau ou providers inconnus sont acceptes sans bloquer.
feat(setup): valide les credentials par appel API avant acceptation
Conflits resolus en faveur de develop pour les fichiers modifies par le sprint rebuild et les corrections cli-cycle (PRs #101-131).
![github-advanced-security[bot]](https://avatars.githubusercontent.com/in/57789?s=60&v=4){kind=small}
| Err(_) => return true, | ||
| }; | ||
|
|
||
| let mut request = client.get(&url); |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Automated sync triggered by tag
v0.36.2. This PR promotes the develop branch to main so the tag can be released. Safe to auto-merge once CI passes.