Adopts gadfly's review-representation overhaul: one ranked consensus comment
across the swarm + an advisory COMMENT-state inline PR review, on image
sha-3095ebf. Swarm config still rides the owner variables.
[skip ci]
The reusable now reads swarm config from user-scope vars (GADFLY_DEFAULT_* +
GADFLY_ENDPOINT_*); this immutable @sha bumps past the long-lived-runner ref
cache so the vars-config reusable is adopted. Direct to main + [skip ci] to
avoid triggering the review swarm.
Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
Long-lived act_runners cache the reusable-workflow ref, so a moved @v1 tag
keeps resolving to a stale cached copy and a newly-added reviewer never runs.
Pinning to a unique immutable sha forces a cache miss → fresh fetch.
Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
Address the swarm's findings on this rollout:
- Replace `secrets: inherit` (which forwarded ALL repo secrets — registry/
Komodo/Discord/DB creds the reviewer never uses) with explicit forwarding of
only OLLAMA_CLOUD_API_KEY / CLAUDE_CODE_OAUTH_TOKEN / findings tokens.
GITEA_TOKEN is the automatic job token (github.token in the reusable).
- Pin uses: ...@main -> @20a5c43 (immutable) so a push to gadfly can't change
the code that runs with our forwarded secrets.
Requires gadfly's review-reusable.yml secrets contract (steve/gadfly#9, merged).
Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
Replace the full self-contained stub with a thin caller of steve/gadfly's
reusable workflow, using gadfly's own dogfood config: 6 cloud models +
the Claude Code engine (sonnet, opus, opus:max). No local Macs / foreman.
Advisory only.
Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
Pool now: minimax-m3, glm-5.2, glm-5.1, deepseek-v4-pro, nemotron-3-super,
qwen3-coder:480b (all cloud, ollama-cloud=3). Removed the low-value reviewers +
the last local endpoint (m5).
Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
m1/qwen3:14b proved consistently low-value + slowest in the pool over multiple
PRs. Removed from GADFLY_MODELS + GADFLY_PROVIDER_CONCURRENCY + its endpoint so it
never fires again. m5 retained.
Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
Re-adds the local Macs (m1/qwen3:14b, m5/qwen3.6:35b-mlx) via their foreman endpoints alongside the 3 cloud models. Cloud keeps lens fan-out (ollama-cloud=1 model + lens=3); each Mac runs one model with lenses serial (foreman serializes anyway); all provider lanes parallel. Bumps the job timeout 30->90m for the slow local lanes. With findings telemetry now on, gadfly-reports can quantify whether the Macs earn their keep.
Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
Adds GADFLY_FINDINGS_URL / GADFLY_FINDINGS_TOKEN (user-scope secrets) so each review POSTs its run + findings to the gadfly-reports store, and bumps the pinned gadfly image to sha-d7f364d (the build carrying the findings-emit). Advisory only — emit failures never affect the review.
Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
examples/reviewer proves the core is sufficient for a static-binary light host
(gadfly's shape) with NO batteries:
- config.Env + model.Configure -> env-driven model fleet + tier overrides
- model.ParseModelForContext -> tier resolution + failover
- fanout.Run (PerKey caps) -> N models x M lenses swarm, per-provider bound
- model.GenerateWith[T] -> structured findings per (model, lens) cell
- Consolidate -> one verdict-led report section per model
Hermetic test runs the full 2x3 swarm against majordomo's fake provider and
asserts the consolidated verdicts. A go list -deps CI check asserts the canary
imports ZERO batteries (the light-tier invariant) — gadfly's go.sum stays free
of gorm/redis/discordgo/sqlite. README + docs updated.
This is the canary; migrating the LIVE gadfly repo onto executus core is a
follow-up (kept separate to not destabilize the active reviewer).
Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
Merges the skill half of the persona/skill pair plus the second nested module.
(Squashed onto main from phase-4b-skill; the audit/budget/persona batteries it
was stacked on already landed via the P4 merge.)
- skill/: clean-redesign Skill noun + LEAN SkillStore (lifecycle/versions/
schedule only) + ToRunnable + Memory default.
- contrib/store/: separate go.mod carrying modernc.org/sqlite, so the driver
never enters the core go.sum. db.Budget()/Personas()/Skills()/Audit() back
all four store seams (JSON-blob + indexed columns; round-trip tested).
Includes the verified gadfly #5 fixes (AppendVersion tx+UNIQUE+error,
Mark*ScheduledRun atomic json_set, busy_timeout, NaN guard).
- CI: builds + tests the nested module and asserts it owns the sqlite driver.
Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
Bump the gadfly image to sha-d0de034 (adds GADFLY_PROVIDER_LENS_CONCURRENCY)
and move ollama-cloud's concurrency from the MODEL axis to the LENS axis:
- GADFLY_PROVIDER_CONCURRENCY: ollama-cloud=1 (one model at a time)
- GADFLY_PROVIDER_LENS_CONCURRENCY: ollama-cloud=3 (its 3 lenses concurrent)
Net: still 3 models, but reviewed serially — the first model's consolidated
comment lands sooner and each model finishes faster, while the other two
models' comments arrive in series after it (instead of all 3 in parallel).
Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
Measured on the P2 review: the local Macs (m1/m5) took 26–29 min with lens
timeouts and found ZERO real bugs, while the two cloud models found every
genuine finding in 6–12 min. Drop the Macs; add glm-5.2:cloud as a third
cloud reviewer. Net: faster (~29→~12 min) and higher signal.
Models: minimax-m3:cloud, deepseek-v4-flash:cloud, glm-5.2:cloud
(ollama-cloud=3 concurrency). timeout-minutes 90→30.
Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
Mirror mort's updated adversarial-review.yml: m1/m5 pulled in via the
GADFLY_ENDPOINT_M1/_M5 secrets using gadfly's "foreman" provider type
(providers m1/m5; models m1/qwen3:14b, m5/qwen3.6:35b-mlx), 2 cloud models,
3-lens suite, pinned to the gadfly :sha-6e3a83c image. Header adjusted for
executus; functional config identical to mort's tested version.
Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
Same setup as mort: the published gadfly:v1 image as a specialist swarm
(m1/m5 local Macs + 2 cloud models, 3-lens suite), posting one consolidated
advisory comment. Must live on main so it triggers on PRs.
Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
The tool registry core (registry, permission model, Invocation, gated-tool
wrapper, ssrf guard, hmac, encryption, argcoerce, helpers, rootrun,
session_tools, webhook_rate_limit) had zero mort coupling — it imports only
majordomo/llm + x/crypto/hkdf — so it moves verbatim with a package rename
(skilltools -> tool). All same-package tests came along and pass; the SSRF,
gated-wrapper, encryption and output-pattern invariants are re-anchored here.
majordomo re-enters the module graph (now pinned to the latest, incl. the
front-loaded-output fix). model/ + llmmeta + structured follow next.
Docs: CLAUDE.md now requires README/examples to stay in sync with changes in
the same commit; CI skips docs/example-only pushes via paths-ignore.
Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
P0 has no external deps, so go.sum doesn't exist yet and
`git diff --exit-code go.mod go.sum` errored (exit 128) on the missing
path. Use `git status --porcelain` so the check survives a not-yet-created
go.sum and still catches an untidy go.mod or a newly-created go.sum.
Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
Batteries-included agent-harness base, extracted from mort's agent layer.
This first cut establishes the module + the zero-coupling core primitives:
- lane, dispatchguard, pendingattach, run/progress.go: moved verbatim from mort
- config: host config Source seam + env-var default (nil-safe helpers)
- deliver: output-egress seam + Discard/Stdout defaults
- identity: AdminPolicy + MemberResolver seams (nil-safe)
- fanout: programmatic N×M swarm (bounded global + per-key concurrency)
- README/CLAUDE.md with the vibe-coded banner; CI with Go gates +
the "core stays majordomo+stdlib only" invariant
Core builds with stdlib only today; majordomo enters at P1 (model/structured).
go build/vet/test -race all green.
Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>