Compare commits
6
Commits
| Author | SHA1 | Date | |
|---|---|---|---|
|
|
64642c43c4 | ||
|
|
3ba2dbefae | ||
|
|
38b4e1a028 | ||
|
|
43eb155759 | ||
|
|
8dae9cc941 | ||
|
|
a5adc6f4d1 |
@@ -0,0 +1,92 @@
|
|||||||
|
# Gadfly — agentic adversarial PR reviewer (https://gitea.stevedudenhoeffer.com/steve/gadfly).
|
||||||
|
#
|
||||||
|
# Runs the published Gadfly image (pinned to an immutable :sha- tag — act_runner
|
||||||
|
# caches :latest, and this build is what carries foreman provider-type support)
|
||||||
|
# as a specialist swarm and posts
|
||||||
|
# ONE consolidated review comment as gitea-actions. Advisory only — never blocks a
|
||||||
|
# merge. This reviews majordomo PRs with 9 ollama-cloud models + the M5 Mac
|
||||||
|
# (3-lens suite). Gadfly is a simple system — findings are advisory; always
|
||||||
|
# double-check before acting.
|
||||||
|
|
||||||
|
name: Adversarial Review (Gadfly)
|
||||||
|
|
||||||
|
on:
|
||||||
|
pull_request:
|
||||||
|
types: [opened, reopened, ready_for_review]
|
||||||
|
issue_comment:
|
||||||
|
types: [created]
|
||||||
|
workflow_dispatch:
|
||||||
|
inputs:
|
||||||
|
pr_number:
|
||||||
|
description: "PR number to review"
|
||||||
|
required: true
|
||||||
|
|
||||||
|
permissions:
|
||||||
|
contents: read
|
||||||
|
issues: write
|
||||||
|
pull-requests: write
|
||||||
|
|
||||||
|
concurrency:
|
||||||
|
group: gadfly-${{ github.event.issue.number || github.event.pull_request.number || github.event.inputs.pr_number }}
|
||||||
|
cancel-in-progress: true
|
||||||
|
|
||||||
|
jobs:
|
||||||
|
review:
|
||||||
|
# Security: only trusted users may trigger a secret-bearing run via a PR
|
||||||
|
# comment (pull_request + workflow_dispatch are already trusted). Mirrors
|
||||||
|
# GADFLY_ALLOWED_USERS, the in-container belt-and-suspenders check.
|
||||||
|
if: >-
|
||||||
|
github.event_name != 'issue_comment'
|
||||||
|
|| (github.event.issue.pull_request
|
||||||
|
&& (github.actor == 'steve'
|
||||||
|
|| github.actor == 'fizi'
|
||||||
|
|| github.actor == 'dazed'))
|
||||||
|
runs-on: ubuntu-latest
|
||||||
|
# Fleet: 9 cloud (lens fan-out) + the M5 Mac via foreman. The slow local
|
||||||
|
# lane dominates wall time, so allow plenty of headroom. (M1 was dropped —
|
||||||
|
# consistently slow for zero real findings.)
|
||||||
|
timeout-minutes: 90
|
||||||
|
steps:
|
||||||
|
- uses: docker://gitea.stevedudenhoeffer.com/steve/gadfly:sha-d7f364d
|
||||||
|
env:
|
||||||
|
GITEA_API: ${{ github.server_url }}/api/v1/repos/${{ github.repository }}
|
||||||
|
GITEA_TOKEN: ${{ secrets.GITEA_TOKEN }}
|
||||||
|
OLLAMA_CLOUD_API_KEY: ${{ secrets.OLLAMA_CLOUD_API_KEY }}
|
||||||
|
# Local Mac, reached through its foreman queue (native Ollama on the
|
||||||
|
# wire). GADFLY_ENDPOINT_M5 registers provider "m5", a foreman-preset
|
||||||
|
# Ollama client at the secret's URL, of the form:
|
||||||
|
# foreman|https://<foreman-host>|<token>
|
||||||
|
# Needs an image with foreman provider-type support (this one). If the Mac
|
||||||
|
# is offline that model's comment shows an error and the others still post.
|
||||||
|
# (Gitea secrets aren't auto-exposed — map each explicitly.)
|
||||||
|
GADFLY_ENDPOINT_M5: ${{ secrets.GADFLY_ENDPOINT_M5 }}
|
||||||
|
# Fleet: 9 cloud + M5 Max. Cloud concurrency lives in the LENSES: cloud
|
||||||
|
# models run a few at a time (ollama-cloud=3) with their 3 lenses
|
||||||
|
# concurrent (LENS ollama-cloud=3) so comments land sooner; the Mac runs
|
||||||
|
# one model, lenses serial (its foreman queue serializes anyway). Both
|
||||||
|
# provider lanes run parallel.
|
||||||
|
GADFLY_MODELS: "minimax-m3:cloud,glm-5.2:cloud,glm-5.1:cloud,kimi-k2.7-code:cloud,deepseek-v4-pro:cloud,nemotron-3-super:cloud,gpt-oss:120b-cloud,qwen3-coder:480b-cloud,gemma4:cloud,m5/qwen3.6:35b-mlx"
|
||||||
|
GADFLY_PROVIDER_CONCURRENCY: "ollama-cloud=3,m5=1"
|
||||||
|
GADFLY_PROVIDER_LENS_CONCURRENCY: "ollama-cloud=3"
|
||||||
|
# Default => the 3-lens suite (security, correctness, error-handling).
|
||||||
|
# Set the repo var GADFLY_SPECIALISTS to override (csv / "all" / "auto").
|
||||||
|
GADFLY_SPECIALISTS: ${{ vars.GADFLY_SPECIALISTS || 'security,correctness,error-handling' }}
|
||||||
|
# Per-lens deadline + bounded steps so the slow local models stay sane.
|
||||||
|
GADFLY_TIMEOUT_SECS: "600"
|
||||||
|
GADFLY_MAX_STEPS: "14"
|
||||||
|
# Allow-list for the comment trigger (mirrors the job-level if: guard).
|
||||||
|
GADFLY_ALLOWED_USERS: "steve,fizi,dazed"
|
||||||
|
# --- findings telemetry: POST runs + findings to the gadfly-reports store ---
|
||||||
|
# Advisory & off unless GADFLY_FINDINGS_URL is set; failures only log to
|
||||||
|
# stderr and never affect the review. GADFLY_REPO / GADFLY_PR are derived
|
||||||
|
# in-container; the URL + token are user-scope secrets.
|
||||||
|
GADFLY_FINDINGS_URL: ${{ secrets.GADFLY_FINDINGS_URL }}
|
||||||
|
GADFLY_FINDINGS_TOKEN: ${{ secrets.GADFLY_FINDINGS_TOKEN }}
|
||||||
|
# --- event context (leave as-is) ---
|
||||||
|
EVENT_NAME: ${{ github.event_name }}
|
||||||
|
PR: ${{ github.event.pull_request.number || github.event.issue.number || github.event.inputs.pr_number }}
|
||||||
|
PR_BRANCH: ${{ github.head_ref }}
|
||||||
|
IS_DRAFT: ${{ github.event.pull_request.draft }}
|
||||||
|
COMMENT_BODY: ${{ github.event.comment.body }}
|
||||||
|
COMMENT_ID: ${{ github.event.comment.id }}
|
||||||
|
ACTOR: ${{ github.actor }}
|
||||||
@@ -135,6 +135,27 @@ CI: `.gitea/workflows/ci.yaml` (Gitea Actions, mirrors foreman). README.md
|
|||||||
must match reality in the same commit that changes behavior — no
|
must match reality in the same commit that changes behavior — no
|
||||||
aspirational docs; unbuilt features are marked pending in the matrix.
|
aspirational docs; unbuilt features are marked pending in the matrix.
|
||||||
|
|
||||||
|
## Adversarial review loop (Gadfly)
|
||||||
|
|
||||||
|
Ship work through PRs and let Gadfly review it before merge:
|
||||||
|
|
||||||
|
- **Push to a PR, never straight to `main`.** Branch, push, open a PR.
|
||||||
|
`.gitea/workflows/adversarial-review.yml` runs Gadfly (the standalone
|
||||||
|
agentic adversarial reviewer) — a fleet of 9 ollama-cloud models +
|
||||||
|
the M5 Mac via foreman, each running the 3-lens suite (security,
|
||||||
|
correctness, error-handling). Advisory only; it never blocks the merge.
|
||||||
|
- **Wait for Gadfly to finish, then read its output.** Don't merge while the
|
||||||
|
review is still running. Each model posts one consolidated comment; weigh
|
||||||
|
every finding on its merits and fix the real ones (Gadfly is a simple
|
||||||
|
system — findings are advisory, so confirm before acting).
|
||||||
|
- **Grade the findings back to the Gadfly MCP.** For each finding, call
|
||||||
|
`mcp__gadfly__record_finding_grade`: `is_real=true` + a `severity`
|
||||||
|
(trivial|small|medium|high|critical) for a genuine problem, or
|
||||||
|
`is_real=false` for a false positive; add `notes`/`usefulness` when
|
||||||
|
useful. Use `mcp__gadfly__list_findings` (`only_ungraded=true`) to find
|
||||||
|
what still needs grading and `mcp__gadfly__scoreboard` for the per-model
|
||||||
|
rollup. This telemetry is how we measure whether each model earns its keep.
|
||||||
|
|
||||||
## Out of scope (anti-creep)
|
## Out of scope (anti-creep)
|
||||||
|
|
||||||
No persistent store (health is in-memory behind the registry), no
|
No persistent store (health is in-memory behind the registry), no
|
||||||
|
|||||||
@@ -51,6 +51,9 @@ func (m *imageModel) Generate(ctx context.Context, req imagegen.Request, opts ..
|
|||||||
if strings.TrimSpace(req.Prompt) == "" {
|
if strings.TrimSpace(req.Prompt) == "" {
|
||||||
return nil, fmt.Errorf("%w: image generation requires a prompt", llm.ErrUnsupported)
|
return nil, fmt.Errorf("%w: image generation requires a prompt", llm.ErrUnsupported)
|
||||||
}
|
}
|
||||||
|
if req.N < 0 {
|
||||||
|
return nil, fmt.Errorf("%w: image count N must be >= 0, got %d", llm.ErrUnsupported, req.N)
|
||||||
|
}
|
||||||
|
|
||||||
wire := imageRequest{
|
wire := imageRequest{
|
||||||
Model: m.id,
|
Model: m.id,
|
||||||
@@ -61,7 +64,7 @@ func (m *imageModel) Generate(ctx context.Context, req imagegen.Request, opts ..
|
|||||||
}
|
}
|
||||||
|
|
||||||
var resp imageResponse
|
var resp imageResponse
|
||||||
if err := m.p.doJSON(ctx, http.MethodPost, "/v1/images/generations", &wire, &resp); err != nil {
|
if err := m.p.doJSON(ctx, http.MethodPost, "/v1/images/generations", m.id, &wire, &resp); err != nil {
|
||||||
return nil, err
|
return nil, err
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|||||||
@@ -38,6 +38,11 @@ import (
|
|||||||
// DefaultName is the registry name used when WithName is not given.
|
// DefaultName is the registry name used when WithName is not given.
|
||||||
const DefaultName = "llama-swap"
|
const DefaultName = "llama-swap"
|
||||||
|
|
||||||
|
// maxResponseBytes caps the JSON body read on the success path. Generous
|
||||||
|
// enough for a multi-image b64 payload, bounded so a hostile/buggy upstream
|
||||||
|
// can't make a decode allocate without limit.
|
||||||
|
const maxResponseBytes = 64 << 20
|
||||||
|
|
||||||
// Provider is a llama-swap client. It satisfies llm.Provider (chat, delegated
|
// Provider is a llama-swap client. It satisfies llm.Provider (chat, delegated
|
||||||
// to provider/openai) and imagegen.Provider (image generation), and exposes
|
// to provider/openai) and imagegen.Provider (image generation), and exposes
|
||||||
// llama-swap's management endpoints as concrete methods.
|
// llama-swap's management endpoints as concrete methods.
|
||||||
@@ -136,7 +141,7 @@ func (p *Provider) ListModels(ctx context.Context) ([]ModelInfo, error) {
|
|||||||
var out struct {
|
var out struct {
|
||||||
Data []ModelInfo `json:"data"`
|
Data []ModelInfo `json:"data"`
|
||||||
}
|
}
|
||||||
if err := p.doJSON(ctx, http.MethodGet, "/v1/models", nil, &out); err != nil {
|
if err := p.doJSON(ctx, http.MethodGet, "/v1/models", "", nil, &out); err != nil {
|
||||||
return nil, err
|
return nil, err
|
||||||
}
|
}
|
||||||
return out.Data, nil
|
return out.Data, nil
|
||||||
@@ -148,7 +153,7 @@ func (p *Provider) ListModels(ctx context.Context) ([]ModelInfo, error) {
|
|||||||
// would have to guess.
|
// would have to guess.
|
||||||
func (p *Provider) Running(ctx context.Context) (json.RawMessage, error) {
|
func (p *Provider) Running(ctx context.Context) (json.RawMessage, error) {
|
||||||
var out json.RawMessage
|
var out json.RawMessage
|
||||||
if err := p.doJSON(ctx, http.MethodGet, "/running", nil, &out); err != nil {
|
if err := p.doJSON(ctx, http.MethodGet, "/running", "", nil, &out); err != nil {
|
||||||
return nil, err
|
return nil, err
|
||||||
}
|
}
|
||||||
return out, nil
|
return out, nil
|
||||||
@@ -160,18 +165,30 @@ func (p *Provider) Running(ctx context.Context) (json.RawMessage, error) {
|
|||||||
func (p *Provider) Unload(ctx context.Context, model string) error {
|
func (p *Provider) Unload(ctx context.Context, model string) error {
|
||||||
path := "/api/models/unload"
|
path := "/api/models/unload"
|
||||||
if model != "" {
|
if model != "" {
|
||||||
|
// Why reject rather than percent-escape: llama-swap model ids legitimately
|
||||||
|
// contain ":" (e.g. "qwen3:14b"), which is path-legal and must reach the
|
||||||
|
// server verbatim; only path-structure characters are dangerous (they'd
|
||||||
|
// redirect the request to another endpoint), and those never appear in a
|
||||||
|
// real model id.
|
||||||
|
if strings.ContainsAny(model, "/?#") {
|
||||||
|
return fmt.Errorf("llama-swap: invalid model id %q for unload (contains a path separator)", model)
|
||||||
|
}
|
||||||
path += "/" + model
|
path += "/" + model
|
||||||
}
|
}
|
||||||
return p.doJSON(ctx, http.MethodPost, path, nil, nil)
|
return p.doJSON(ctx, http.MethodPost, path, "", nil, nil)
|
||||||
}
|
}
|
||||||
|
|
||||||
// --- shared HTTP helper for management + image endpoints ---
|
// --- shared HTTP helper for management + image endpoints ---
|
||||||
|
|
||||||
// doJSON performs a request to a llama-swap endpoint relative to baseURL,
|
// doJSON performs a request to a llama-swap endpoint relative to baseURL,
|
||||||
// optionally encoding body and decoding into out (either may be nil). Transport
|
// optionally encoding body and decoding into out (either may be nil). model
|
||||||
// failures are wrapped raw so llm.Classify still sees the underlying net error;
|
// labels the failing target in any *llm.APIError ("" for endpoints that aren't
|
||||||
// non-2xx responses become *llm.APIError.
|
// model-specific). Transport failures are wrapped raw so llm.Classify still
|
||||||
func (p *Provider) doJSON(ctx context.Context, method, path string, body, out any) error {
|
// sees the underlying net error; non-2xx responses become *llm.APIError.
|
||||||
|
func (p *Provider) doJSON(ctx context.Context, method, path, model string, body, out any) error {
|
||||||
|
if p.baseURL == "" {
|
||||||
|
return fmt.Errorf("llama-swap provider %q: no base URL configured (set one via WithBaseURL or an LLM_* env DSN)", p.name)
|
||||||
|
}
|
||||||
var rdr io.Reader
|
var rdr io.Reader
|
||||||
if body != nil {
|
if body != nil {
|
||||||
b, err := json.Marshal(body)
|
b, err := json.Marshal(body)
|
||||||
@@ -196,12 +213,15 @@ func (p *Provider) doJSON(ctx context.Context, method, path string, body, out an
|
|||||||
}
|
}
|
||||||
defer resp.Body.Close()
|
defer resp.Body.Close()
|
||||||
if resp.StatusCode/100 != 2 {
|
if resp.StatusCode/100 != 2 {
|
||||||
return p.apiError(resp, "")
|
return p.apiError(resp, model)
|
||||||
}
|
}
|
||||||
if out != nil {
|
if out != nil {
|
||||||
if err := json.NewDecoder(resp.Body).Decode(out); err != nil {
|
if err := json.NewDecoder(io.LimitReader(resp.Body, maxResponseBytes)).Decode(out); err != nil {
|
||||||
return fmt.Errorf("llama-swap: decode response: %w", err)
|
return fmt.Errorf("llama-swap: decode response: %w", err)
|
||||||
}
|
}
|
||||||
|
} else {
|
||||||
|
// Drain (bounded) so the connection can be reused.
|
||||||
|
_, _ = io.Copy(io.Discard, io.LimitReader(resp.Body, maxResponseBytes))
|
||||||
}
|
}
|
||||||
return nil
|
return nil
|
||||||
}
|
}
|
||||||
|
|||||||
@@ -127,6 +127,24 @@ func TestUnload(t *testing.T) {
|
|||||||
if gotPath != "/api/models/unload" {
|
if gotPath != "/api/models/unload" {
|
||||||
t.Errorf("unload-all path = %q", gotPath)
|
t.Errorf("unload-all path = %q", gotPath)
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// A model id with a path separator is rejected before any request.
|
||||||
|
if err := p.Unload(context.Background(), "../admin"); err == nil {
|
||||||
|
t.Error("expected error for model id with path separator")
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
func TestManagementNoBaseURL(t *testing.T) {
|
||||||
|
p := New() // no base URL
|
||||||
|
if _, err := p.ListModels(context.Background()); err == nil {
|
||||||
|
t.Error("ListModels: expected error for missing base URL")
|
||||||
|
}
|
||||||
|
if _, err := p.Running(context.Background()); err == nil {
|
||||||
|
t.Error("Running: expected error for missing base URL")
|
||||||
|
}
|
||||||
|
if err := p.Unload(context.Background(), "m"); err == nil {
|
||||||
|
t.Error("Unload: expected error for missing base URL")
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
func TestRunningRaw(t *testing.T) {
|
func TestRunningRaw(t *testing.T) {
|
||||||
|
|||||||
Reference in New Issue
Block a user