hongming
f5fe7d975a
CI / Template validation (runtime) (pull_request) Blocked by required conditions
CI / T4 tier-4 conformance (live) (pull_request) Blocked by required conditions
CI / Template validation (static) (push) Successful in 8s
CI / Adapter unit tests (push) Successful in 12s
CI / Template validation (static) (pull_request) Successful in 7s
CI / Adapter unit tests (pull_request) Successful in 9s
Secret scan / Scan diff for credential-shaped strings (pull_request) Successful in 5s
sync-providers-yaml / Compare synced providers.yaml against controlplane canonical (pull_request) Successful in 8s
verify-providers-projection / Regenerate projection, fail on drift, assert registry ⊆ template (pull_request) Failing after 1m24s
CI / Template validation (runtime) (push) Successful in 6m36s
CI / T4 tier-4 conformance (live) (push) Successful in 5m38s
CI / validate (push) Successful in 3s
CI / validate (pull_request) Has been cancelled
Per the codegen-deferred follow-up (internal#718 issue-comment 52157)
the CTO selected Path B: ship a registry-projection artifact alongside
the hand-authored providers/models block, with a subset-relation gate,
WITHOUT retiring or codegen'ing the hand-authored block. This preserves
the federation contract.
Added (all additive; zero runtime behavior change):
* .gitea/workflows/sync-providers-yaml.yml
Mirrors molecule-core's cross-repo canonical-sync gate. Fetches
controlplane internal/providers/providers.yaml via /raw (Gitea
1.22.6 quirk; /contents returns JSON+base64 envelope) and byte-
compares against the local synced copy.
* internal/providers/providers.yaml
Synced copy of the canonical registry. NOT hand-edited; the sync
workflow keeps it in step with controlplane main.
* internal/providers/registry_projection.py
Generator + verifier. Reads the synced providers.yaml, extracts
the registry's view of THIS template's runtime, and emits the
projection artifact. Also runs the SUBSET assertion: every
(provider, model) the registry claims this runtime serves must
be servable by the template's hand-authored authoritative source
(top-level `providers:` block for claude-code/hermes/codex;
`runtime_config.models[]` for openclaw; top-level `models[]` for
langgraph). Federation fail-open for runtimes absent from the
registry (langgraph today).
* internal/providers/registry-projection.json
Checked-in projection artifact for this template's runtime.
Auto-regenerated; the verify gate fails RED on drift.
* internal/providers/README.md
Documents the informational status + the subset contract.
* .gitea/workflows/verify-providers-projection.yml
Regenerates the artifact in CI and asserts (1) byte-identity
against the checked-in copy and (2) registry ⊆ template
hand-authored block.
* tests/test_registry_projection.py
TDD coverage: positive (current state is a subset or xfailed
with the known violation list), negative (injected fake
(provider, model) pair MUST be rejected — gate has teeth).
The hand-authored block stays AUTHORITATIVE. This gate only stops the
registry from claiming the template serves something it doesn't.
Not regressed (verified):
* cp#362 — untouched, no controlplane code edited
* P1 ResolveUpstream — untouched, no proxy code edited
* P2-B billing — untouched, no billing code edited
* P3 — untouched, no canvas/templates-from-registry code edited
* P4 PR-2 (422 hard-reject) — untouched, no workspace-server validation edited
* P4 closure follow-up (LLM_PROVIDER removed) — untouched, no LLM_PROVIDER read/write
* Template runtime behavior — untouched, no adapter / config.yaml `providers:`
/ `runtime_config` / `models[]` edited
internal#718 cross-link.
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
0 lines
0 B
Python
0 lines
0 B
Python
The file is empty.