P0: stand up executus harness module above majordomo
executus CI / test (push) Failing after 24s

Batteries-included agent-harness base, extracted from mort's agent layer.
This first cut establishes the module + the zero-coupling core primitives:

- lane, dispatchguard, pendingattach, run/progress.go: moved verbatim from mort
- config: host config Source seam + env-var default (nil-safe helpers)
- deliver: output-egress seam + Discard/Stdout defaults
- identity: AdminPolicy + MemberResolver seams (nil-safe)
- fanout: programmatic N×M swarm (bounded global + per-key concurrency)
- README/CLAUDE.md with the vibe-coded banner; CI with Go gates +
  the "core stays majordomo+stdlib only" invariant

Core builds with stdlib only today; majordomo enters at P1 (model/structured).
go build/vet/test -race all green.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
This commit is contained in:
2026-06-26 19:18:37 -04:00
parent 25feb63c00
commit ca243a2d50
31 changed files with 5042 additions and 18 deletions
+82
View File
@@ -0,0 +1,82 @@
name: executus CI
# Go library CI: build, vet, race-tested, tidy-clean, plus the executus
# invariant that the CORE module never pulls a host/DB dependency. Mirrors
# majordomo's gates; private-module access (the private majordomo dependency)
# uses the same Gitea credentials gadfly's CI uses.
#
# Required repo secrets:
# REGISTRY_USER / REGISTRY_PASSWORD Gitea creds with read access to the
# private majordomo module.
on:
push:
branches: [main]
tags: ["v*"]
pull_request:
types: [opened, synchronize, reopened]
workflow_dispatch: {}
concurrency:
group: executus-${{ github.ref }}
cancel-in-progress: true
jobs:
test:
runs-on: ubuntu-latest
timeout-minutes: 15
steps:
- name: Checkout
run: |
REPO_URL="https://token:${{ github.token }}@gitea.stevedudenhoeffer.com/${{ github.repository }}.git"
if [ "${{ github.event_name }}" = "pull_request" ]; then
git clone --depth=1 --branch "${{ github.head_ref }}" "$REPO_URL" .
else
git clone --depth=1 --branch "${{ github.ref_name }}" "$REPO_URL" .
fi
- name: Set up Go
run: |
GO_VERSION=$(grep '^go ' go.mod | awk '{print $2}')
curl -sL "https://go.dev/dl/go${GO_VERSION}.linux-amd64.tar.gz" | tar -C /usr/local -xzf -
echo "/usr/local/go/bin" >> $GITHUB_PATH
echo "GOPATH=${HOME}/go" >> $GITHUB_ENV
echo "${HOME}/go/bin" >> $GITHUB_PATH
- name: Configure private module access
env:
REGISTRY_USER: ${{ secrets.REGISTRY_USER }}
REGISTRY_PASSWORD: ${{ secrets.REGISTRY_PASSWORD }}
run: |
git config --global url."https://${REGISTRY_USER}:${REGISTRY_PASSWORD}@gitea.stevedudenhoeffer.com/".insteadOf "https://gitea.stevedudenhoeffer.com/"
echo "GOFLAGS=-mod=mod" >> $GITHUB_ENV
echo "GONOSUMCHECK=gitea.stevedudenhoeffer.com/*" >> $GITHUB_ENV
echo "GONOSUMDB=gitea.stevedudenhoeffer.com/*" >> $GITHUB_ENV
echo "GOPRIVATE=gitea.stevedudenhoeffer.com/*" >> $GITHUB_ENV
- name: Build
run: go build ./...
- name: Vet
run: go vet ./...
- name: Test (race)
run: go test -race -count=1 -timeout 5m ./...
- name: go mod tidy is clean
run: |
go mod tidy
git diff --exit-code go.mod go.sum
- name: Core stays majordomo+stdlib only
run: |
# The core module must never pull a host/DB dependency. If any of these
# appear in go.sum, a battery leaked into the core import graph.
[ -f go.sum ] || { echo "OK: no external dependencies yet."; exit 0; }
FORBIDDEN='gorm.io|go-redis|redis/go-redis|bwmarrin/discordgo|modernc.org/sqlite|mattn/go-sqlite3|gin-gonic/gin'
if grep -qE "$FORBIDDEN" go.sum; then
echo "ERROR: forbidden dependency in core go.sum:"
grep -E "$FORBIDDEN" go.sum
exit 1
fi
echo "OK: core go.sum is free of host/DB dependencies."