1 Commits

Author SHA1 Message Date
steve de2b2f0f28 feat(llamaswap): add llama-swaps (TLS) DSN scheme
CI / Tidy (pull_request) Successful in 9m43s
CI / Build & Test (pull_request) Successful in 10m26s
Adversarial Review (Gadfly) / review (pull_request) Successful in 11m47s
llama-swap was http-only by DSN, pushing TLS-fronted instances onto the openai://
scheme (which loses the management/image methods). Add a "llama-swaps" scheme
that builds an https base URL, alongside "llama-swap" (http, local-first) —
mirroring redis/rediss. Both share one factory; llama-swaps is scheme-only (no
default built-in). The choice stays explicit because a DSN has no reliable
http-vs-https signal.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
2026-06-27 17:58:59 -04:00
7 changed files with 99 additions and 45 deletions
+23 -13
View File
@@ -4,9 +4,9 @@
# caches :latest, and this build is what carries foreman provider-type support)
# as a specialist swarm and posts
# ONE consolidated review comment as gitea-actions. Advisory only — never blocks a
# merge. This reviews majordomo PRs with 6 ollama-cloud models (3-lens suite).
# Gadfly is a simple system — findings are advisory; always double-check before
# acting.
# merge. This reviews majordomo PRs with 9 ollama-cloud models + the M5 Mac
# (3-lens suite). Gadfly is a simple system — findings are advisory; always
# double-check before acting.
name: Adversarial Review (Gadfly)
@@ -42,26 +42,36 @@ jobs:
|| github.actor == 'fizi'
|| github.actor == 'dazed'))
runs-on: ubuntu-latest
# Fleet: 6 ollama-cloud models (lens fan-out), no local Macs. (Trimmed the
# weakest reviewers by grade — m5/qwen3.6, gemma4, gpt-oss, kimi-k2.7 — plus
# the earlier M1 drop.) Plenty of headroom for the cloud lanes.
timeout-minutes: 45
# Fleet: 9 cloud (lens fan-out) + the M5 Mac via foreman. The slow local
# lane dominates wall time, so allow plenty of headroom. (M1 was dropped —
# consistently slow for zero real findings.)
timeout-minutes: 90
steps:
- uses: docker://gitea.stevedudenhoeffer.com/steve/gadfly:sha-d7f364d
env:
GITEA_API: ${{ github.server_url }}/api/v1/repos/${{ github.repository }}
GITEA_TOKEN: ${{ secrets.GITEA_TOKEN }}
OLLAMA_CLOUD_API_KEY: ${{ secrets.OLLAMA_CLOUD_API_KEY }}
# Cloud-only fleet (no local Macs). Cloud concurrency lives in the
# LENSES: models run a few at a time (ollama-cloud=3) with their 3 lenses
# concurrent (LENS ollama-cloud=3) so comments land sooner.
GADFLY_MODELS: "minimax-m3:cloud,glm-5.2:cloud,glm-5.1:cloud,deepseek-v4-pro:cloud,nemotron-3-super:cloud,qwen3-coder:480b-cloud"
GADFLY_PROVIDER_CONCURRENCY: "ollama-cloud=3"
# Local Mac, reached through its foreman queue (native Ollama on the
# wire). GADFLY_ENDPOINT_M5 registers provider "m5", a foreman-preset
# Ollama client at the secret's URL, of the form:
# foreman|https://<foreman-host>|<token>
# Needs an image with foreman provider-type support (this one). If the Mac
# is offline that model's comment shows an error and the others still post.
# (Gitea secrets aren't auto-exposed — map each explicitly.)
GADFLY_ENDPOINT_M5: ${{ secrets.GADFLY_ENDPOINT_M5 }}
# Fleet: 9 cloud + M5 Max. Cloud concurrency lives in the LENSES: cloud
# models run a few at a time (ollama-cloud=3) with their 3 lenses
# concurrent (LENS ollama-cloud=3) so comments land sooner; the Mac runs
# one model, lenses serial (its foreman queue serializes anyway). Both
# provider lanes run parallel.
GADFLY_MODELS: "minimax-m3:cloud,glm-5.2:cloud,glm-5.1:cloud,kimi-k2.7-code:cloud,deepseek-v4-pro:cloud,nemotron-3-super:cloud,gpt-oss:120b-cloud,qwen3-coder:480b-cloud,gemma4:cloud,m5/qwen3.6:35b-mlx"
GADFLY_PROVIDER_CONCURRENCY: "ollama-cloud=3,m5=1"
GADFLY_PROVIDER_LENS_CONCURRENCY: "ollama-cloud=3"
# Default => the 3-lens suite (security, correctness, error-handling).
# Set the repo var GADFLY_SPECIALISTS to override (csv / "all" / "auto").
GADFLY_SPECIALISTS: ${{ vars.GADFLY_SPECIALISTS || 'security,correctness,error-handling' }}
# Per-lens deadline + bounded steps to keep each reviewer's run sane.
# Per-lens deadline + bounded steps so the slow local models stay sane.
GADFLY_TIMEOUT_SECS: "600"
GADFLY_MAX_STEPS: "14"
# Allow-list for the comment trigger (mirrors the job-level if: guard).
+10 -9
View File
@@ -79,12 +79,13 @@ alias := bare token (no slash), expands INLINE, recursively, cycle-checked
`LLM_<NAME>=scheme://[token@]host[/path]` — e.g.
`LLM_M5=foreman://token@foreman-m5.example` defines provider `m5`; then
`m5/qwen3:30b` works in Parse, chains, and aliases. Scheme ∈ {foreman,
ollama, ollama-cloud, openai, anthropic, google, gemini, llama-swap}
RegisterScheme. Token = credential; base URL = `https://host` always —
**except `llama-swap`, which builds `http://host` (local-first; ADR-0015).**
`New()` scans the process env eagerly; unknown names also resolve lazily at
Parse time (`my-prov``LLM_MY_PROV`). Malformed entries fail on use, not at
startup.
ollama, ollama-cloud, openai, anthropic, google, gemini, llama-swap,
llama-swaps} RegisterScheme. Token = credential; base URL = `https://host`
always — **except `llama-swap`, which builds `http://host` (local-first);
`llama-swaps` is its TLS twin (`https://host`), mirroring redis/rediss
(ADR-0015).** `New()` scans the process env eagerly; unknown names also resolve
lazily at Parse time (`my-prov``LLM_MY_PROV`). Malformed entries fail on use,
not at startup.
## Health & failover (ADR-0006, ADR-0008)
@@ -141,9 +142,9 @@ Ship work through PRs and let Gadfly review it before merge:
- **Push to a PR, never straight to `main`.** Branch, push, open a PR.
`.gitea/workflows/adversarial-review.yml` runs Gadfly (the standalone
agentic adversarial reviewer) — a fleet of 6 ollama-cloud models, each
running the 3-lens suite (security, correctness, error-handling). Advisory
only; it never blocks the merge.
agentic adversarial reviewer) — a fleet of 9 ollama-cloud models +
the M5 Mac via foreman, each running the 3-lens suite (security,
correctness, error-handling). Advisory only; it never blocks the merge.
- **Wait for Gadfly to finish, then read its output.** Don't merge while the
review is still running. Each model posts one consolidated comment; weigh
every finding on its merits and fix the real ones (Gadfly is a simple
+9 -7
View File
@@ -159,15 +159,17 @@ m, _ := reg.Parse("m5/qwen3:30b,m1/qwen3:30b,thinking")
```
DSN format: `scheme://[token@]host[/path]`, scheme ∈ `foreman`, `ollama`,
`ollama-cloud`, `openai`, `anthropic`, `google`/`gemini`, `llama-swap`, or any
scheme you add with `RegisterScheme`. The token is the credential (bearer token
/ API key); the base URL is always `https://host[/path]` — except `llama-swap`,
which builds `http://host[:port]` since it's local-first. `New()` loads `LLM_*`
vars eagerly; unknown provider names also resolve lazily at Parse time
(`my-prov/x``LLM_MY_PROV`).
`ollama-cloud`, `openai`, `anthropic`, `google`/`gemini`, `llama-swap`,
`llama-swaps`, or any scheme you add with `RegisterScheme`. The token is the
credential (bearer token / API key); the base URL is always `https://host[/path]`
— except `llama-swap`, which builds `http://host[:port]` since it's local-first
(`llama-swaps` is the TLS twin → `https://host`, mirroring redis/rediss). `New()`
loads `LLM_*` vars eagerly; unknown provider names also resolve lazily at Parse
time (`my-prov/x``LLM_MY_PROV`).
```
LLM_LS=llama-swap://token@box.local:8080 # then "ls/qwen3:14b" parses
LLM_LS=llama-swap://token@box.local:8080 # http → "ls/qwen3:14b" parses
LLM_LS=llama-swaps://token@swap.example.com # https → TLS-fronted instance
```
[llama-swap](https://github.com/mostlygeek/llama-swap) is a model-swapping proxy
+21 -11
View File
@@ -20,6 +20,12 @@ const (
ProviderOllamaCloud = "ollama-cloud"
ProviderForeman = "foreman"
ProviderLlamaSwap = "llama-swap"
// ProviderLlamaSwapTLS is the DSN scheme for a TLS-fronted llama-swap
// (https base URL). It is a scheme only, not a default built-in provider
// name. Why a separate scheme rather than auto-detecting: a DSN carries no
// reliable signal for http vs https, so the choice is explicit
// (llama-swap = http local-first, llama-swaps = https), mirroring rediss.
ProviderLlamaSwapTLS = "llama-swaps"
)
// registerBuiltins installs the built-in providers and env-DSN scheme
@@ -70,24 +76,28 @@ func registerBuiltins(r *Registry, httpClient *http.Client) {
// llama-swap: OpenAI-compatible chat + image generation + management
// endpoints over a model-swapping proxy. Chat reuses the openai client
// (provider/llamaswap delegates); the DSN builds an http:// base URL
// because llama-swap is local-first (TLS-fronted instances can use the
// openai:// scheme for chat). The no-DSN built-in errors on use with a
// clear message, mirroring foreman.
// (provider/llamaswap delegates). Two schemes: "llama-swap" builds an
// http:// base URL (local-first default), "llama-swaps" builds https://
// for a TLS-fronted instance (mirrors redis/rediss). The no-DSN built-in
// errors on use with a clear message, mirroring foreman.
llamaSwapOpts := func(extra ...llamaswap.Option) []llamaswap.Option {
if httpClient != nil {
extra = append(extra, llamaswap.WithHTTPClient(httpClient))
}
return extra
}
r.providers[ProviderLlamaSwap] = llamaswap.New(llamaSwapOpts(llamaswap.WithName(ProviderLlamaSwap))...)
r.schemes[ProviderLlamaSwap] = func(name string, dsn DSN) (llm.Provider, error) {
return llamaswap.New(llamaSwapOpts(
llamaswap.WithName(name),
llamaswap.WithBaseURL("http://"+dsn.Host),
llamaswap.WithToken(dsn.Token),
)...), nil
llamaSwapScheme := func(urlScheme string) SchemeFactory {
return func(name string, dsn DSN) (llm.Provider, error) {
return llamaswap.New(llamaSwapOpts(
llamaswap.WithName(name),
llamaswap.WithBaseURL(urlScheme+"://"+dsn.Host),
llamaswap.WithToken(dsn.Token),
)...), nil
}
}
r.providers[ProviderLlamaSwap] = llamaswap.New(llamaSwapOpts(llamaswap.WithName(ProviderLlamaSwap))...)
r.schemes[ProviderLlamaSwap] = llamaSwapScheme("http")
r.schemes[ProviderLlamaSwapTLS] = llamaSwapScheme("https")
// Anthropic and Anthropic-compatible endpoints.
anthropicOpts := func(extra ...anthropic.Option) []anthropic.Option {
+22
View File
@@ -51,6 +51,28 @@ func TestLlamaSwapScheme(t *testing.T) {
}
}
// TestLlamaSwapsScheme: the "llama-swaps" scheme builds an https base URL for a
// TLS-fronted instance (vs "llama-swap" which is http local-first).
func TestLlamaSwapsScheme(t *testing.T) {
r := newTestRegistry(t)
if err := r.LoadEnv(map[string]string{
"LLM_LST": "llama-swaps://tok@swap.example.com",
}); err != nil {
t.Fatalf("LoadEnv: %v", err)
}
p, ok := r.Provider("lst")
if !ok {
t.Fatal("provider \"lst\" not registered")
}
lp, ok := p.(*llamaswap.Provider)
if !ok {
t.Fatalf("provider is %T, want *llamaswap.Provider", p)
}
if want := "https://swap.example.com"; lp.BaseURL() != want {
t.Errorf("baseURL = %q, want %q", lp.BaseURL(), want)
}
}
// TestLlamaSwapBuiltinNoURL: the no-DSN built-in resolves but errors clearly on
// use (mirrors foreman), rather than silently hitting a wrong host.
func TestLlamaSwapBuiltinNoURL(t *testing.T) {
+7 -5
View File
@@ -38,11 +38,13 @@ features leak into the canonical API).
`Unload` (POST `/api/models/unload[/:model]`). A small `doJSON` helper shares
bearer auth + error mapping; non-2xx → `*llm.APIError` (so `llm.Classify`
applies), transport errors wrapped raw.
- DSN: the `llama-swap` scheme builds an **http://** base URL from the host
(llama-swap is local-first), deliberately *not* the DSN's https-always
`BaseURL()`. A TLS-fronted instance can use the `openai://` scheme for chat.
A no-DSN built-in `llama-swap` provider registers but errors on use (mirrors
foreman).
- DSN: two schemes share one factory. `llama-swap` builds an **http://** base
URL from the host (llama-swap is local-first), deliberately *not* the DSN's
https-always `BaseURL()`; `llama-swaps` builds **https://** for a TLS-fronted
instance (mirrors redis/rediss). Why a second scheme rather than auto-detect:
a DSN carries no reliable http-vs-https signal, so the choice stays explicit.
Only `llama-swap` registers a no-DSN built-in provider (errors on use, mirrors
foreman); `llama-swaps` is a scheme only.
- Image generation is implemented here too, against the new `imagegen`
interface (see ADR-0016).
+7
View File
@@ -1,5 +1,12 @@
# progress
## 2026-06-27 — llama-swaps (TLS) DSN scheme
Follow-up to the llama-swap provider: added the `llama-swaps` DSN scheme (https
base URL) alongside `llama-swap` (http, local-first), mirroring redis/rediss, so
a TLS-fronted instance is first-class instead of being pushed to the `openai://`
scheme. Scheme-only (no default built-in); shares one factory in builtin.go.
## 2026-06-27 — llama-swap provider + canonical image-gen interface
**Landed (ADR-0015, ADR-0016).** New `provider/llamaswap`: chat **delegates to