Compare commits
5 Commits
| Author | SHA1 | Date | |
|---|---|---|---|
| 17064a6d75 | |||
| ecf39087a9 | |||
| aa25b2c334 | |||
| 2b35f1741c | |||
| de2b2f0f28 |
@@ -1,12 +1,8 @@
|
|||||||
# Gadfly — agentic adversarial PR reviewer (https://gitea.stevedudenhoeffer.com/steve/gadfly).
|
# Gadfly adversarial review — subscribes to steve/gadfly's reusable workflow and
|
||||||
#
|
# INHERITS its default swarm. This stub holds only the triggers, the actor gate,
|
||||||
# Runs the published Gadfly image (pinned to an immutable :sha- tag — act_runner
|
# secret forwarding, and the allow-list; the swarm config (models, lenses,
|
||||||
# caches :latest, and this build is what carries foreman provider-type support)
|
# concurrency, timeouts) lives centrally in gadfly's review-reusable.yml so it is
|
||||||
# as a specialist swarm and posts
|
# tuned in ONE place. Advisory only — never blocks a merge.
|
||||||
# ONE consolidated review comment as gitea-actions. Advisory only — never blocks a
|
|
||||||
# merge. This reviews majordomo PRs with 6 ollama-cloud models (3-lens suite).
|
|
||||||
# Gadfly is a simple system — findings are advisory; always double-check before
|
|
||||||
# acting.
|
|
||||||
|
|
||||||
name: Adversarial Review (Gadfly)
|
name: Adversarial Review (Gadfly)
|
||||||
|
|
||||||
@@ -33,50 +29,25 @@ concurrency:
|
|||||||
jobs:
|
jobs:
|
||||||
review:
|
review:
|
||||||
# Security: only trusted users may trigger a secret-bearing run via a PR
|
# Security: only trusted users may trigger a secret-bearing run via a PR
|
||||||
# comment (pull_request + workflow_dispatch are already trusted). Mirrors
|
# comment (pull_request + workflow_dispatch are already trusted). Mirrors the
|
||||||
# GADFLY_ALLOWED_USERS, the in-container belt-and-suspenders check.
|
# allowed_users input below (the in-container belt-and-suspenders check) — both
|
||||||
|
# lists must stay in sync; a workflow if: can't read a workflow_call input.
|
||||||
if: >-
|
if: >-
|
||||||
github.event_name != 'issue_comment'
|
github.event_name != 'issue_comment'
|
||||||
|| (github.event.issue.pull_request
|
|| (github.event.issue.pull_request
|
||||||
&& (github.actor == 'steve'
|
&& (github.actor == 'steve'
|
||||||
|| github.actor == 'fizi'
|
|| github.actor == 'fizi'
|
||||||
|| github.actor == 'dazed'))
|
|| github.actor == 'dazed'))
|
||||||
runs-on: ubuntu-latest
|
# Pinned to an immutable gadfly commit (not @main): a push to gadfly can't
|
||||||
# Fleet: 6 ollama-cloud models (lens fan-out), no local Macs. (Trimmed the
|
# silently change the code that runs with our forwarded secrets.
|
||||||
# weakest reviewers by grade — m5/qwen3.6, gemma4, gpt-oss, kimi-k2.7 — plus
|
uses: steve/gadfly/.gitea/workflows/review-reusable.yml@b02b11d69139843665da4cdbf776bc0b3583490d
|
||||||
# the earlier M1 drop.) Plenty of headroom for the cloud lanes.
|
# Least privilege: forward only the review secrets (not `secrets: inherit`,
|
||||||
timeout-minutes: 45
|
# which would expose every repo secret). GITEA_TOKEN is the automatic token.
|
||||||
steps:
|
secrets:
|
||||||
- uses: docker://gitea.stevedudenhoeffer.com/steve/gadfly:sha-d7f364d
|
OLLAMA_CLOUD_API_KEY: ${{ secrets.OLLAMA_CLOUD_API_KEY }}
|
||||||
env:
|
CLAUDE_CODE_OAUTH_TOKEN: ${{ secrets.CLAUDE_CODE_OAUTH_TOKEN }}
|
||||||
GITEA_API: ${{ github.server_url }}/api/v1/repos/${{ github.repository }}
|
GADFLY_FINDINGS_URL: ${{ secrets.GADFLY_FINDINGS_URL }}
|
||||||
GITEA_TOKEN: ${{ secrets.GITEA_TOKEN }}
|
GADFLY_FINDINGS_TOKEN: ${{ secrets.GADFLY_FINDINGS_TOKEN }}
|
||||||
OLLAMA_CLOUD_API_KEY: ${{ secrets.OLLAMA_CLOUD_API_KEY }}
|
with:
|
||||||
# Cloud-only fleet (no local Macs). Cloud concurrency lives in the
|
# Consumer-specific allow-list; everything else is inherited.
|
||||||
# LENSES: models run a few at a time (ollama-cloud=3) with their 3 lenses
|
allowed_users: "steve,fizi,dazed"
|
||||||
# concurrent (LENS ollama-cloud=3) so comments land sooner.
|
|
||||||
GADFLY_MODELS: "minimax-m3:cloud,glm-5.2:cloud,glm-5.1:cloud,deepseek-v4-pro:cloud,nemotron-3-super:cloud,qwen3-coder:480b-cloud"
|
|
||||||
GADFLY_PROVIDER_CONCURRENCY: "ollama-cloud=3"
|
|
||||||
GADFLY_PROVIDER_LENS_CONCURRENCY: "ollama-cloud=3"
|
|
||||||
# Default => the 3-lens suite (security, correctness, error-handling).
|
|
||||||
# Set the repo var GADFLY_SPECIALISTS to override (csv / "all" / "auto").
|
|
||||||
GADFLY_SPECIALISTS: ${{ vars.GADFLY_SPECIALISTS || 'security,correctness,error-handling' }}
|
|
||||||
# Per-lens deadline + bounded steps to keep each reviewer's run sane.
|
|
||||||
GADFLY_TIMEOUT_SECS: "600"
|
|
||||||
GADFLY_MAX_STEPS: "14"
|
|
||||||
# Allow-list for the comment trigger (mirrors the job-level if: guard).
|
|
||||||
GADFLY_ALLOWED_USERS: "steve,fizi,dazed"
|
|
||||||
# --- findings telemetry: POST runs + findings to the gadfly-reports store ---
|
|
||||||
# Advisory & off unless GADFLY_FINDINGS_URL is set; failures only log to
|
|
||||||
# stderr and never affect the review. GADFLY_REPO / GADFLY_PR are derived
|
|
||||||
# in-container; the URL + token are user-scope secrets.
|
|
||||||
GADFLY_FINDINGS_URL: ${{ secrets.GADFLY_FINDINGS_URL }}
|
|
||||||
GADFLY_FINDINGS_TOKEN: ${{ secrets.GADFLY_FINDINGS_TOKEN }}
|
|
||||||
# --- event context (leave as-is) ---
|
|
||||||
EVENT_NAME: ${{ github.event_name }}
|
|
||||||
PR: ${{ github.event.pull_request.number || github.event.issue.number || github.event.inputs.pr_number }}
|
|
||||||
PR_BRANCH: ${{ github.head_ref }}
|
|
||||||
IS_DRAFT: ${{ github.event.pull_request.draft }}
|
|
||||||
COMMENT_BODY: ${{ github.event.comment.body }}
|
|
||||||
COMMENT_ID: ${{ github.event.comment.id }}
|
|
||||||
ACTOR: ${{ github.actor }}
|
|
||||||
|
|||||||
@@ -79,12 +79,13 @@ alias := bare token (no slash), expands INLINE, recursively, cycle-checked
|
|||||||
`LLM_<NAME>=scheme://[token@]host[/path]` — e.g.
|
`LLM_<NAME>=scheme://[token@]host[/path]` — e.g.
|
||||||
`LLM_M5=foreman://token@foreman-m5.example` defines provider `m5`; then
|
`LLM_M5=foreman://token@foreman-m5.example` defines provider `m5`; then
|
||||||
`m5/qwen3:30b` works in Parse, chains, and aliases. Scheme ∈ {foreman,
|
`m5/qwen3:30b` works in Parse, chains, and aliases. Scheme ∈ {foreman,
|
||||||
ollama, ollama-cloud, openai, anthropic, google, gemini, llama-swap} ∪
|
ollama, ollama-cloud, openai, anthropic, google, gemini, llama-swap,
|
||||||
RegisterScheme. Token = credential; base URL = `https://host` always —
|
llama-swaps} ∪ RegisterScheme. Token = credential; base URL = `https://host`
|
||||||
**except `llama-swap`, which builds `http://host` (local-first; ADR-0015).**
|
always — **except `llama-swap`, which builds `http://host` (local-first);
|
||||||
`New()` scans the process env eagerly; unknown names also resolve lazily at
|
`llama-swaps` is its TLS twin (`https://host`), mirroring redis/rediss
|
||||||
Parse time (`my-prov` → `LLM_MY_PROV`). Malformed entries fail on use, not at
|
(ADR-0015).** `New()` scans the process env eagerly; unknown names also resolve
|
||||||
startup.
|
lazily at Parse time (`my-prov` → `LLM_MY_PROV`). Malformed entries fail on use,
|
||||||
|
not at startup.
|
||||||
|
|
||||||
## Health & failover (ADR-0006, ADR-0008)
|
## Health & failover (ADR-0006, ADR-0008)
|
||||||
|
|
||||||
@@ -141,9 +142,11 @@ Ship work through PRs and let Gadfly review it before merge:
|
|||||||
|
|
||||||
- **Push to a PR, never straight to `main`.** Branch, push, open a PR.
|
- **Push to a PR, never straight to `main`.** Branch, push, open a PR.
|
||||||
`.gitea/workflows/adversarial-review.yml` runs Gadfly (the standalone
|
`.gitea/workflows/adversarial-review.yml` runs Gadfly (the standalone
|
||||||
agentic adversarial reviewer) — a fleet of 6 ollama-cloud models, each
|
agentic adversarial reviewer) by subscribing to gadfly's reusable workflow
|
||||||
running the 3-lens suite (security, correctness, error-handling). Advisory
|
and inheriting its default swarm — 3 cloud models + the Claude Code engine
|
||||||
only; it never blocks the merge.
|
(sonnet/opus/opus:max), each running the 5-lens suite (security, correctness,
|
||||||
|
maintainability, performance, error-handling). The swarm is tuned centrally
|
||||||
|
in gadfly, not here. Advisory only; it never blocks the merge.
|
||||||
- **Wait for Gadfly to finish, then read its output.** Don't merge while the
|
- **Wait for Gadfly to finish, then read its output.** Don't merge while the
|
||||||
review is still running. Each model posts one consolidated comment; weigh
|
review is still running. Each model posts one consolidated comment; weigh
|
||||||
every finding on its merits and fix the real ones (Gadfly is a simple
|
every finding on its merits and fix the real ones (Gadfly is a simple
|
||||||
|
|||||||
@@ -159,15 +159,17 @@ m, _ := reg.Parse("m5/qwen3:30b,m1/qwen3:30b,thinking")
|
|||||||
```
|
```
|
||||||
|
|
||||||
DSN format: `scheme://[token@]host[/path]`, scheme ∈ `foreman`, `ollama`,
|
DSN format: `scheme://[token@]host[/path]`, scheme ∈ `foreman`, `ollama`,
|
||||||
`ollama-cloud`, `openai`, `anthropic`, `google`/`gemini`, `llama-swap`, or any
|
`ollama-cloud`, `openai`, `anthropic`, `google`/`gemini`, `llama-swap`,
|
||||||
scheme you add with `RegisterScheme`. The token is the credential (bearer token
|
`llama-swaps`, or any scheme you add with `RegisterScheme`. The token is the
|
||||||
/ API key); the base URL is always `https://host[/path]` — except `llama-swap`,
|
credential (bearer token / API key); the base URL is always `https://host[/path]`
|
||||||
which builds `http://host[:port]` since it's local-first. `New()` loads `LLM_*`
|
— except `llama-swap`, which builds `http://host[:port]` since it's local-first
|
||||||
vars eagerly; unknown provider names also resolve lazily at Parse time
|
(`llama-swaps` is the TLS twin → `https://host`, mirroring redis/rediss). `New()`
|
||||||
(`my-prov/x` → `LLM_MY_PROV`).
|
loads `LLM_*` vars eagerly; unknown provider names also resolve lazily at Parse
|
||||||
|
time (`my-prov/x` → `LLM_MY_PROV`).
|
||||||
|
|
||||||
```
|
```
|
||||||
LLM_LS=llama-swap://token@box.local:8080 # then "ls/qwen3:14b" parses
|
LLM_LS=llama-swap://token@box.local:8080 # http → "ls/qwen3:14b" parses
|
||||||
|
LLM_LS=llama-swaps://token@swap.example.com # https → TLS-fronted instance
|
||||||
```
|
```
|
||||||
|
|
||||||
[llama-swap](https://github.com/mostlygeek/llama-swap) is a model-swapping proxy
|
[llama-swap](https://github.com/mostlygeek/llama-swap) is a model-swapping proxy
|
||||||
|
|||||||
+21
-11
@@ -20,6 +20,12 @@ const (
|
|||||||
ProviderOllamaCloud = "ollama-cloud"
|
ProviderOllamaCloud = "ollama-cloud"
|
||||||
ProviderForeman = "foreman"
|
ProviderForeman = "foreman"
|
||||||
ProviderLlamaSwap = "llama-swap"
|
ProviderLlamaSwap = "llama-swap"
|
||||||
|
// ProviderLlamaSwapTLS is the DSN scheme for a TLS-fronted llama-swap
|
||||||
|
// (https base URL). It is a scheme only, not a default built-in provider
|
||||||
|
// name. Why a separate scheme rather than auto-detecting: a DSN carries no
|
||||||
|
// reliable signal for http vs https, so the choice is explicit
|
||||||
|
// (llama-swap = http local-first, llama-swaps = https), mirroring rediss.
|
||||||
|
ProviderLlamaSwapTLS = "llama-swaps"
|
||||||
)
|
)
|
||||||
|
|
||||||
// registerBuiltins installs the built-in providers and env-DSN scheme
|
// registerBuiltins installs the built-in providers and env-DSN scheme
|
||||||
@@ -70,24 +76,28 @@ func registerBuiltins(r *Registry, httpClient *http.Client) {
|
|||||||
|
|
||||||
// llama-swap: OpenAI-compatible chat + image generation + management
|
// llama-swap: OpenAI-compatible chat + image generation + management
|
||||||
// endpoints over a model-swapping proxy. Chat reuses the openai client
|
// endpoints over a model-swapping proxy. Chat reuses the openai client
|
||||||
// (provider/llamaswap delegates); the DSN builds an http:// base URL
|
// (provider/llamaswap delegates). Two schemes: "llama-swap" builds an
|
||||||
// because llama-swap is local-first (TLS-fronted instances can use the
|
// http:// base URL (local-first default), "llama-swaps" builds https://
|
||||||
// openai:// scheme for chat). The no-DSN built-in errors on use with a
|
// for a TLS-fronted instance (mirrors redis/rediss). The no-DSN built-in
|
||||||
// clear message, mirroring foreman.
|
// errors on use with a clear message, mirroring foreman.
|
||||||
llamaSwapOpts := func(extra ...llamaswap.Option) []llamaswap.Option {
|
llamaSwapOpts := func(extra ...llamaswap.Option) []llamaswap.Option {
|
||||||
if httpClient != nil {
|
if httpClient != nil {
|
||||||
extra = append(extra, llamaswap.WithHTTPClient(httpClient))
|
extra = append(extra, llamaswap.WithHTTPClient(httpClient))
|
||||||
}
|
}
|
||||||
return extra
|
return extra
|
||||||
}
|
}
|
||||||
r.providers[ProviderLlamaSwap] = llamaswap.New(llamaSwapOpts(llamaswap.WithName(ProviderLlamaSwap))...)
|
llamaSwapScheme := func(urlScheme string) SchemeFactory {
|
||||||
r.schemes[ProviderLlamaSwap] = func(name string, dsn DSN) (llm.Provider, error) {
|
return func(name string, dsn DSN) (llm.Provider, error) {
|
||||||
return llamaswap.New(llamaSwapOpts(
|
return llamaswap.New(llamaSwapOpts(
|
||||||
llamaswap.WithName(name),
|
llamaswap.WithName(name),
|
||||||
llamaswap.WithBaseURL("http://"+dsn.Host),
|
llamaswap.WithBaseURL(urlScheme+"://"+dsn.Host),
|
||||||
llamaswap.WithToken(dsn.Token),
|
llamaswap.WithToken(dsn.Token),
|
||||||
)...), nil
|
)...), nil
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
r.providers[ProviderLlamaSwap] = llamaswap.New(llamaSwapOpts(llamaswap.WithName(ProviderLlamaSwap))...)
|
||||||
|
r.schemes[ProviderLlamaSwap] = llamaSwapScheme("http")
|
||||||
|
r.schemes[ProviderLlamaSwapTLS] = llamaSwapScheme("https")
|
||||||
|
|
||||||
// Anthropic and Anthropic-compatible endpoints.
|
// Anthropic and Anthropic-compatible endpoints.
|
||||||
anthropicOpts := func(extra ...anthropic.Option) []anthropic.Option {
|
anthropicOpts := func(extra ...anthropic.Option) []anthropic.Option {
|
||||||
|
|||||||
@@ -51,6 +51,28 @@ func TestLlamaSwapScheme(t *testing.T) {
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// TestLlamaSwapsScheme: the "llama-swaps" scheme builds an https base URL for a
|
||||||
|
// TLS-fronted instance (vs "llama-swap" which is http local-first).
|
||||||
|
func TestLlamaSwapsScheme(t *testing.T) {
|
||||||
|
r := newTestRegistry(t)
|
||||||
|
if err := r.LoadEnv(map[string]string{
|
||||||
|
"LLM_LST": "llama-swaps://tok@swap.example.com",
|
||||||
|
}); err != nil {
|
||||||
|
t.Fatalf("LoadEnv: %v", err)
|
||||||
|
}
|
||||||
|
p, ok := r.Provider("lst")
|
||||||
|
if !ok {
|
||||||
|
t.Fatal("provider \"lst\" not registered")
|
||||||
|
}
|
||||||
|
lp, ok := p.(*llamaswap.Provider)
|
||||||
|
if !ok {
|
||||||
|
t.Fatalf("provider is %T, want *llamaswap.Provider", p)
|
||||||
|
}
|
||||||
|
if want := "https://swap.example.com"; lp.BaseURL() != want {
|
||||||
|
t.Errorf("baseURL = %q, want %q", lp.BaseURL(), want)
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
// TestLlamaSwapBuiltinNoURL: the no-DSN built-in resolves but errors clearly on
|
// TestLlamaSwapBuiltinNoURL: the no-DSN built-in resolves but errors clearly on
|
||||||
// use (mirrors foreman), rather than silently hitting a wrong host.
|
// use (mirrors foreman), rather than silently hitting a wrong host.
|
||||||
func TestLlamaSwapBuiltinNoURL(t *testing.T) {
|
func TestLlamaSwapBuiltinNoURL(t *testing.T) {
|
||||||
|
|||||||
@@ -38,11 +38,13 @@ features leak into the canonical API).
|
|||||||
`Unload` (POST `/api/models/unload[/:model]`). A small `doJSON` helper shares
|
`Unload` (POST `/api/models/unload[/:model]`). A small `doJSON` helper shares
|
||||||
bearer auth + error mapping; non-2xx → `*llm.APIError` (so `llm.Classify`
|
bearer auth + error mapping; non-2xx → `*llm.APIError` (so `llm.Classify`
|
||||||
applies), transport errors wrapped raw.
|
applies), transport errors wrapped raw.
|
||||||
- DSN: the `llama-swap` scheme builds an **http://** base URL from the host
|
- DSN: two schemes share one factory. `llama-swap` builds an **http://** base
|
||||||
(llama-swap is local-first), deliberately *not* the DSN's https-always
|
URL from the host (llama-swap is local-first), deliberately *not* the DSN's
|
||||||
`BaseURL()`. A TLS-fronted instance can use the `openai://` scheme for chat.
|
https-always `BaseURL()`; `llama-swaps` builds **https://** for a TLS-fronted
|
||||||
A no-DSN built-in `llama-swap` provider registers but errors on use (mirrors
|
instance (mirrors redis/rediss). Why a second scheme rather than auto-detect:
|
||||||
foreman).
|
a DSN carries no reliable http-vs-https signal, so the choice stays explicit.
|
||||||
|
Only `llama-swap` registers a no-DSN built-in provider (errors on use, mirrors
|
||||||
|
foreman); `llama-swaps` is a scheme only.
|
||||||
- Image generation is implemented here too, against the new `imagegen`
|
- Image generation is implemented here too, against the new `imagegen`
|
||||||
interface (see ADR-0016).
|
interface (see ADR-0016).
|
||||||
|
|
||||||
|
|||||||
@@ -1,5 +1,12 @@
|
|||||||
# progress
|
# progress
|
||||||
|
|
||||||
|
## 2026-06-27 — llama-swaps (TLS) DSN scheme
|
||||||
|
|
||||||
|
Follow-up to the llama-swap provider: added the `llama-swaps` DSN scheme (https
|
||||||
|
base URL) alongside `llama-swap` (http, local-first), mirroring redis/rediss, so
|
||||||
|
a TLS-fronted instance is first-class instead of being pushed to the `openai://`
|
||||||
|
scheme. Scheme-only (no default built-in); shares one factory in builtin.go.
|
||||||
|
|
||||||
## 2026-06-27 — llama-swap provider + canonical image-gen interface
|
## 2026-06-27 — llama-swap provider + canonical image-gen interface
|
||||||
|
|
||||||
**Landed (ADR-0015, ADR-0016).** New `provider/llamaswap`: chat **delegates to
|
**Landed (ADR-0015, ADR-0016).** New `provider/llamaswap`: chat **delegates to
|
||||||
|
|||||||
Reference in New Issue
Block a user