d57ed520f0
Some checks failed
Block internal-flavored paths / Block forbidden paths (pull_request) Successful in 7s
Lint curl status-code capture / Scan workflows for curl status-capture pollution (pull_request) Successful in 9s
Secret scan / Scan diff for credential-shaped strings (pull_request) Successful in 10s
CI / Detect changes (pull_request) Successful in 20s
E2E API Smoke Test / detect-changes (pull_request) Successful in 19s
E2E Staging Canvas (Playwright) / detect-changes (pull_request) Successful in 21s
Handlers Postgres Integration / detect-changes (pull_request) Successful in 20s
gate-check-v3 / gate-check (pull_request) Successful in 21s
qa-review / approved (pull_request) Failing after 13s
Runtime PR-Built Compatibility / detect-changes (pull_request) Successful in 23s
CI / Platform (Go) (pull_request) Successful in 6s
security-review / approved (pull_request) Failing after 12s
CI / Shellcheck (E2E scripts) (pull_request) Successful in 4s
sop-tier-check / tier-check (pull_request) Successful in 13s
CI / Canvas (Next.js) (pull_request) Successful in 7s
CI / Python Lint & Test (pull_request) Successful in 6s
E2E Staging Canvas (Playwright) / Canvas tabs E2E (pull_request) Successful in 6s
E2E API Smoke Test / E2E API Smoke Test (pull_request) Successful in 6s
Handlers Postgres Integration / Handlers Postgres Integration (pull_request) Successful in 5s
Runtime PR-Built Compatibility / PR-built wheel + import smoke (pull_request) Successful in 5s
CI / Canvas Deploy Reminder (pull_request) Has been skipped
CI / all-required (pull_request) Successful in 4s
Lint workflow YAML (Gitea-1.22.6-hostile shapes) / Lint workflow YAML for Gitea-1.22.6-hostile shapes (pull_request) Failing after 1m7s
lint-required-no-paths / lint-required-no-paths (pull_request) Successful in 1m12s
audit-force-merge / audit (pull_request) Successful in 3s
Tier-2 hardening per RFC internal#219 §1 + charter §SOP-N rule (m). New
CI lint that scans .gitea/workflows/*.yml for six structurally-hostile
shapes that Gitea 1.22.6 silently rejects or ambiguously parses, BEFORE
they reach main.
Rules (4 fatal + 1 fatal cross-file + 1 heuristic-warn):
1. on.workflow_dispatch.inputs — Gitea 1.22.6 mis-parses inputs.X as
sibling event types and rejects the entire workflow with
[W] ignore invalid workflow ... unknown on type. Memory:
feedback_gitea_workflow_dispatch_inputs_unsupported. Origin:
2026-05-11 publish-runtime-v1.0.0 silent freeze, ~24h PyPI lag.
2. on: workflow_run — not enumerated in Gitea 1.22.6 event types
(verified via modules/actions/workflows.go; task #81). Workflow
registers, fires for zero events.
3. workflow name: containing / — breaks the commit-status convention
<workflow> / <job> (<event>) used by sop-tier-check + status-reaper
to tokenize context strings.
4. cross-file name: collision — status-routing is by name; collision
yields undefined commit-status updates (status-reaper rev1 class).
5. cross-repo uses: org/repo/subpath@ref — DEFAULT_ACTIONS_URL=github
resolves to github.com/<org-suspended>/... and 404s. Memory:
feedback_gitea_cross_repo_uses_blocked. Cross-link: task #109.
6. (WARN, heuristic) api.github.com refs without workflow-level
env.GITHUB_SERVER_URL. Memory: feedback_act_runner_github_server_url.
Per halt-condition 3: downgraded to warn-not-fail to avoid the 3
known benign hits on current main (OCI source label + jq-release
pin) which use https://github.com/... not https://api.github.com/.
Empirical history this hardens against:
- status-reaper rev1 caught rule-4 (name-collision) class fail-loud
- sop-tier-refire DOA-d on rule-2 (workflow_run partial)
- #319 bootstrap-paradox (chained-defect class, related)
- internal#329 dispatcher race (adjacent)
- 2026-05-11 publish-runtime: rule-1, 24h PyPI freeze on
runtime-v1.0.0 publish
Triggers:
- pull_request — pre-merge gate
- push to main/staging — post-merge regression catch even if the PR
gate is bypassed by branch-protection drift
Per RFC #219 §1 contract: continue-on-error: true on the job during the
surface-broken-shapes phase. Follow-up PR flips off after the 3 existing
rule-2 violations on main are migrated to a supported trigger.
Existing-on-main violations surfaced by this lint (3, informational, NOT
auto-fixed per halt-condition 2):
- .gitea/workflows/redeploy-tenants-on-main.yml — rule 2
- .gitea/workflows/redeploy-tenants-on-staging.yml — rule 2
- .gitea/workflows/staging-verify.yml — rule 2
All three have on: workflow_run: triggers that will fire for zero
events. Fix path: replace with cron or with push+paths:[upstream-yml]
gate. Tracked separately (do not block this PR).
Tests:
tests/test_lint_workflow_yaml.py — 15 pytest cases:
- 6 × per-rule violation-detected (rules 1-3,5 + rule 4 cross-file
+ rule 6 heuristic-warn)
- 6 × per-rule clean-passes
- 1 × cross-file collision detected
- 1 × all-violations-aggregated single file
- 1 × empty workflow dir = exit 0
- 1 × vendor-truth: the exact 2026-05-11 publish-runtime YAML shape
from feedback_gitea_workflow_dispatch_inputs_unsupported is caught
(per feedback_smoke_test_vendor_truth_not_shape_match: fixtures
mirror real Gitea 1.22.6 semantics, not yaml-parser quirks)
15/15 tests pass locally. Lint exits 1 against current .gitea/workflows/
because of the 3 existing rule-2 violations above; that is the gate
working as intended (and continue-on-error keeps the PR-status soft
until the violations are migrated).
|
||
|---|---|---|
| .. | ||
| e2e | ||
| harness | ||
| ops | ||
| README.md | ||
| test_ci_required_drift.py | ||
| test_lint_required_no_paths.py | ||
| test_lint_workflow_yaml.py | ||
| test_main_red_watchdog.py | ||
| test_status_reaper.py | ||
Tests
This repo uses the standard monorepo testing convention: unit tests live with their package, cross-component E2E tests live here.
Where to find tests
| Scope | Location |
|---|---|
| Go unit + integration (platform, CLI, handlers) | workspace-server/**/*_test.go — run with cd workspace-server && go test -race ./... |
| TypeScript unit (canvas components, hooks, store) | canvas/src/**/__tests__/ — run with cd canvas && npm test -- --run |
| TypeScript unit (MCP server handlers) | mcp-server/src/__tests__/ — run with cd mcp-server && npx jest |
| Python unit (workspace runtime, adapters) | workspace/tests/ — run with cd workspace && python3 -m pytest |
| Python unit (SDK: plugin + remote agent) | sdk/python/tests/ — run with cd sdk/python && python3 -m pytest |
| Cross-component E2E (spans platform + runtime + HTTP) | tests/e2e/ ← you are here |
Why split this way
- Go requires co-located
_test.gofiles to access unexported symbols. - Per-package test commands keep the inner loop fast — changing canvas doesn't re-run Go tests.
tests/e2e/covers scenarios that no single package owns: a full workspace lifecycle, A2A across two provisioned agents, delegation chains, bundle round-trips.
Running E2E
Every E2E script here assumes the platform is running at localhost:8080 and (where noted) provisioned agents are online. See the header comment of each .sh for specifics.
Cleaning up rogue test workspaces
If an E2E run aborts before its teardown runs (Ctrl-C, crash, CI timeout),
the platform can be left with workspaces whose config volume is stale or
empty — Docker's unless-stopped restart policy then spins those
containers in a FileNotFoundError loop. The platform's pre-flight check
(#17) marks such workspaces failed on the next restart, but a manual
cleanup is useful:
bash scripts/cleanup-rogue-workspaces.sh # deletes ws with id/name starting aaaaaaaa-, bbbbbbbb-, cccccccc-, test-ws-
MOLECULE_URL=http://host:8080 bash scripts/cleanup-rogue-workspaces.sh
The script DELETEs each matching workspace via the API and
force-removes the ws-<id[:12]> container as a belt-and-suspenders
fallback.