chore: drop dead ALPHA_ENGINE_LIB_TOKEN PAT plumbing#148
Merged
Conversation
Caught 2026-05-03 in SF eval-pipeline-validation-5: Research succeeded and wrote new-format captures to S3, but the eval-judge state silently never fired because the operator had passed skip_backtester=true to skip the long-running backtester for validation purposes. PR 4c (#140) wired the eval-pipeline states between Backtester success and SaturdayHealthCheck: CheckBacktesterStatus.Success → CheckSkipEvalJudge → ComputeEvalCadence → CheckMonthlyCadence → EvalJudgeFirstSaturday or EvalJudgeWeekly → EvalRollingMean → SaturdayHealthCheck But CheckSkipBacktester.skip routed directly to SaturdayHealthCheck, bypassing the eval-pipeline entirely. Production Sat 5/9 won't hit this (skip_backtester defaults false; Backtester runs and routes through eval-judge correctly), but operator manual skips for any non-eval validation purpose silently dropped the eval state. Fix: route skip_backtester=true → CheckSkipEvalJudge instead of SaturdayHealthCheck. Eval pipeline now fires on every SF execution where the operator hasn't explicitly skip_eval_judge'd it. tests/test_sf_eval_judge_wiring.py — TestSkipBacktesterPreservesEvalJudge: pins the routing so a future "simplification" can't re-introduce the silent bypass. Tests 433 → 434 (+1 wiring assertion). Pairs with alpha-engine-research PR #104 (RubricEvalLLMOutput defense + judge max_tokens to strategic tier — closes the 5/32 remaining failure class observed in this same SF run). Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
alpha-engine-lib was flipped public 2026-05-03; PAT auth machinery that existed to install from a private repo is now dead weight. Removed across 6 files (net −87 lines). CI: - .github/workflows/ci.yml — drop "Configure git auth" step - .github/workflows/deploy.yml — drop the secondary actions/checkout for cipher813/alpha-engine-lib + the LIB_REPO_DIR env on the deploy step Docker / deploy: - Dockerfile — replace `COPY vendor/alpha-engine-lib` + local pip install with `pip install "alpha-engine-lib[flow_doctor] @ git+https://github.com/cipher813/alpha-engine-lib@v0.3.0"`. The [flow_doctor]-only install for Lambda is preserved (Lambda doesn't need [arcticdb] or [rag]); requirements.txt's [arcticdb,flow_doctor,rag] extras still apply for the EC2 install path. - infrastructure/deploy.sh — drop the vendor/alpha-engine-lib staging block + cleanup_lib_staging trap. Replace with one-line comment explaining lib comes from public git+https now. EC2 spot scripts: - infrastructure/spot_data_weekly.sh — drop SSM PAT fetch + insteadOf rewrite from the DEPS step. Update inline comments referencing the old mechanism (3 spots). - infrastructure/spot_drift_detection.sh — same removal. Companion follow-ups (not in this PR): - Delete ALPHA_ENGINE_LIB_TOKEN GitHub Actions secret on this repo - Delete /alpha-engine/lib-token SSM SecureString (us-east-1) - vendor/alpha-engine-lib local checkout can be removed (gitignored, not in any commit) Per ROADMAP follow-up "P3 Drop ALPHA_ENGINE_LIB_TOKEN PAT plumbing" added 2026-05-03. Second of 6 consumer-repo PRs in this cleanup arc; prototype landed in alpha-engine PR #128. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
3 tasks
cipher813
added a commit
that referenced
this pull request
May 12, 2026
…#222) PR #221 bumped requirements.txt to v0.12.0 (alpha_engine_lib.secrets) but missed the Dockerfile, which strips alpha-engine-lib from requirements.txt before pip install (via `grep -vE ...alpha-engine-lib`) and installs from a hardcoded `pip install "alpha-engine-lib@v0.3.0"` line — so a requirements-only bump never propagates to the Lambda image. Data Lambda canary failed at 2026-05-12 17:22 UTC after PR #221 auto-deployed on merge to main: WARNING: Canary returned 'No module named 'alpha_engine_lib.secrets'' Live alias unchanged (canary refusal). Same drift class hit the predictor Lambda 2 minutes earlier and prompted the predictor hotfix (alpha-engine-predictor #148). Two stale pins shipped to canary the same hour. Adds tests/test_lib_pin_lockstep.py — re-greps both deploy artifacts on every CI run and fails if they drift. Same antipattern as 2026-05-06 (research v0.4.0 → v0.5.1 / image kept v0.3.0 / agent_schemas ModuleNotFoundError) and the predictor canary same hour. Comments warning about lockstep weren't enough — locking it in test. Suite: 801/801 (was 800 + 1 lockstep test). Co-authored-by: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
alpha-engine-libwas flipped public 2026-05-03. PAT auth machinery is now dead weight — removed across 6 files (net −87 lines).Changes
.github/workflows/ci.yml.github/workflows/deploy.ymlactions/checkoutforcipher813/alpha-engine-lib+ theLIB_REPO_DIRenv on the deploy stepDockerfileCOPY vendor/alpha-engine-lib+ local pip install withpip install "alpha-engine-lib[flow_doctor] @ git+https://...@v0.3.0".[flow_doctor]-only install for Lambda preserved (Lambda doesn't need[arcticdb]or[rag]).infrastructure/deploy.shvendor/alpha-engine-libstaging + cleanup_lib_staging trapinfrastructure/spot_data_weekly.shinsteadOfrewrite from DEPS step + inline comment cleanup (3 spots)infrastructure/spot_drift_detection.shCompanion follow-ups (not in this PR)
ALPHA_ENGINE_LIB_TOKENGitHub Actions secret on this repo/alpha-engine/lib-tokenSSM SecureString (us-east-1)vendor/alpha-engine-liblocal checkout can be removed (gitignored, not in any commit)Test plan
deploy.ymlruns cleanly on next push to main (validates Docker build with git+https install)Per ROADMAP follow-up "P3 Drop ALPHA_ENGINE_LIB_TOKEN PAT plumbing" added 2026-05-03. Second of 6 consumer-repo PRs in this cleanup arc; prototype: alpha-engine PR #128.
🤖 Generated with Claude Code