Skip to content

Comments

feat(core/release): ship HTTP agents and release hardening#547

Open
hermia-ai wants to merge 15 commits intojust-every:mainfrom
hermia-ai:main
Open

feat(core/release): ship HTTP agents and release hardening#547
hermia-ai wants to merge 15 commits intojust-every:mainfrom
hermia-ai:main

Conversation

@hermia-ai
Copy link

Summary

This PR lands the Hermia deployment-hardening work to the furthest shippable state possible without just-every/code origin push rights or production npm secrets.

Included

  • Robust HTTP-native subagent support in code-rs/core while preserving write-mode subprocess semantics.
  • Regression coverage for HTTP dispatch + write-mode subprocess behavior.
  • scripts/wait-for-gh-run.sh hardening with automatic GitHub REST API fallback for unauthenticated/public-repo monitoring.
  • Release workflow hardening: enforced cross-platform-artifact-smoke gate before publish.
  • Updated runbook and release evidence docs.

Release Evidence

  • docs/plans/release-evidence/2026-02-16-m1-http-subagents.md
  • docs/plans/release-evidence/2026-02-16-m2-deployment-validation.md

Blocker Proof (captured in evidence docs)

  • Origin push blocked for current credential (hermia-ai): push=false and HTTPS 403 on just-every/code.
  • SSH origin push blocked: Permission denied (publickey).
  • Fresh fork release run executed (22087028099) but failed at Validate npm auth due missing NPM_TOKEN; downstream build/smoke/publish skipped.

Handoff

Once maintainer write + secrets access is available, follow the final unblock checklist in:

  • docs/plans/release-evidence/2026-02-16-m2-deployment-validation.md

Hermia System and others added 9 commits February 16, 2026 20:11
7-sprint implementation plan covering:
- Sprint 1-2: Foundation (env validation, HTTP agent rewiring with TDD)
- Sprint 3-4: Agent defaults, branding, HCC metrics crate
- Sprint 5: E2E validation, performance benchmarks, documentation
- Sprint 6-7: Desktop GUI (CodePilot fork) + PicoClaw messaging gateway

32 tests/checks across unit, integration, regression, E2E, and performance.
ECC adaptation deferred to v1.1.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
@hermia-ai
Copy link
Author

Maintainer handoff (concise):

Unblock checklist:

  1. Merge this PR to just-every/code:main.
  2. Ensure release secrets are present in origin (especially NPM_TOKEN with publish + bypass-2FA).
  3. Confirm a fresh Release workflow starts on the merge SHA.
  4. Verify jobs succeed in that run:
    • Validate npm auth
    • Preflight Tests (Linux fast E2E)
    • Build ... matrix
    • Smoke ... matrix (cross-platform-artifact-smoke)
    • Publish to npm
  5. Verify post-release artifacts:
    • tag + GitHub release assets
    • npm root + platform packages
    • Homebrew formula version
  6. Append run ID/timestamps/results to docs/plans/release-evidence/2026-02-16-m2-deployment-validation.md.

Exact blocker proof from this environment:

  • Origin push blocked: remote: Permission to just-every/code.git denied to hermia-ai (HTTP 403).
  • Origin workflow dispatch blocked: HTTP 403: Must have admin rights to Repository.
  • Fresh fork release run executed (22087028099) but failed at Validate npm auth because NPM_TOKEN is missing; downstream Build/Smoke/Publish were skipped.

Evidence docs:

  • docs/plans/release-evidence/2026-02-16-m1-http-subagents.md
  • docs/plans/release-evidence/2026-02-16-m2-deployment-validation.md

Copy link

@chatgpt-codex-connector chatgpt-codex-connector bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

💡 Codex Review

Here are some automated review suggestions for this pull request.

Reviewed commit: 64258a3d84

ℹ️ About Codex in GitHub

Codex has been enabled to automatically review pull requests in this repo. Reviews are triggered when you

  • Open a pull request for review
  • Mark a draft as ready
  • Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

When you sign up for Codex through ChatGPT, Codex can also answer questions or update the PR, like "@codex address that feedback".

Comment on lines +23 to +27
if agent
.http_endpoint
.as_deref()
.is_some_and(|endpoint| !endpoint.trim().is_empty())
{

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

P1 Badge Exclude HTTP-only agents from write-capable auto model selection

Marking any agent with a non-empty http_endpoint as runnable here makes it eligible in get_enabled_agents, which is used by format_subagent_command for /code as well as read-only commands. /code launches subagents with write enabled (default_read_only_for("code") == false), but HTTP dispatch only happens when read_only is true in execute_model_with_permissions (code-rs/core/src/agent_tool.rs, around lines 1727-1730). In practice, an HTTP-only agent (no local CLI binary) can now be auto-selected for /code and then fail at execution time with a command-not-found error.

Useful? React with 👍 / 👎.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant