17 Commits

Author SHA1 Message Date
steve fe44a6da26 Merge pull request 'fix(llamaswap): use A1111 /sdapi/v1/txt2img so seed is honored' (#10) from fix/llamaswap-a1111-seed into main
CI / Tidy (push) Successful in 9m25s
CI / Build & Test (push) Successful in 9m42s
2026-06-29 03:09:29 +00:00
steve a213c18263 fix(llamaswap): use A1111 /sdapi/v1/txt2img so seed is honored
CI / Tidy (pull_request) Successful in 9m24s
CI / Build & Test (pull_request) Successful in 9m45s
Adversarial Review (Gadfly) / review (pull_request) Successful in 11m30s
The OpenAI /v1/images/generations endpoint ignores `seed` on our
stable-diffusion.cpp build — every render of a given prompt comes back
byte-identical, so a drawbot batch of N collapsed to one image. Switch the
image provider to sd-server's A1111 /sdapi/v1/txt2img endpoint, which honors
`seed` (verified live: distinct seeds -> distinct images on SDXL and
Qwen-Image). Size is split into width/height; llama-swap still routes by the
`model` field. Tests + ADR-0016 updated.
2026-06-28 22:56:25 -04:00
Steve Dudenhoeffer 88d3fc3279 chore: repin gadfly reusable to @5007597 (structured findings + consensus + inline review)
Adopts gadfly's review-representation overhaul: one ranked consensus comment
across the swarm + an advisory COMMENT-state inline PR review, on image
sha-3095ebf. Swarm config still rides the owner variables.

[skip ci]
2026-06-28 22:13:24 -04:00
steve 531fe1922e Merge pull request 'feat(imagegen): optional per-request generation settings' (#9) from feat/imagegen-settings into main
CI / Tidy (push) Successful in 9m25s
CI / Build & Test (push) Successful in 9m47s
2026-06-29 02:00:40 +00:00
steve a744cdc335 feat(imagegen): optional per-request generation settings
CI / Tidy (pull_request) Successful in 9m27s
CI / Build & Test (pull_request) Successful in 9m47s
Add Steps, CFGScale, NegativePrompt, Sampler, Seed to imagegen.Request
(pointer/empty = leave the backend's per-model default), with mirror
options, and forward them in the llamaswap wire payload as the
stable-diffusion.cpp fields (steps/cfg_scale/negative_prompt/
sample_method/seed). Unset fields are omitted so sd-server keeps its
baked defaults.

Lets callers (e.g. mort drawbots) override only what they explicitly set.
2026-06-28 19:05:49 -04:00
steve 8b924700fb Merge pull request 'fix(media): drop oldest images on over-count instead of refusing' (#8) from fix/image-overflow-drop-oldest into main
CI / Tidy (push) Successful in 9m23s
CI / Build & Test (push) Successful in 9m45s
2026-06-28 22:43:20 +00:00
steve 70b7aebd86 test(media): match the overflow placeholder by const, not substring (gadfly #8)
CI / Tidy (pull_request) Successful in 9m25s
CI / Build & Test (pull_request) Successful in 9m49s
ragnaros/qwen3.6-27b noted TestNormalizeOverCount matched 'omitted' by substring;
the test is in-package, so assert == imageOverflowPlaceholder instead — robust to
wording changes. No behavior change.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
2026-06-28 18:33:01 -04:00
steve 52bb910f4d media: address gadfly review — single-pass elide, drop helpers, stronger test
CI / Tidy (pull_request) Successful in 9m27s
CI / Build & Test (pull_request) Successful in 9m41s
Review fixes (no behavior change):
- Fold the over-cap elide INTO the existing copy-on-write normalize pass: one
  loop now replaces the first toElide (oldest) images with the placeholder and
  size-normalizes the rest, so the Messages slice is copied at most once (the
  prior dropOldestImages + the normalize loop double-copied when overflow and a
  transform both applied — the dominant review finding, 5 models).
- Remove dropOldestImages (the name implied removal; it substituted) and the
  one-shot hasImagePart helper — both subsumed by the single pass.
- Trim the 9-line inline comment that restated the package doc.
- Test: rename TestNormalizeTooManyImages_DropsOldest → TestNormalizeOverCount
  (file convention) and assert the EXACT survivors ([b, c], in order) + a
  content-based non-mutation check (first input part is still image a, which a
  len check wouldn't catch).

Build + media + majordomo suites green (-race).

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
2026-06-28 18:06:17 -04:00
steve d71aca4c3a fix(media): drop oldest images on over-count instead of refusing the request
Adversarial Review (Gadfly) / review (pull_request) Has been cancelled
CI / Tidy (pull_request) Successful in 9m27s
CI / Build & Test (pull_request) Successful in 9m44s
media.Normalize refused (ErrUnsupported) when a request carried more images than
the target's MaxImagesPerReq, on the theory that a failover chain would try a
roomier target. In practice the chain's targets share the same cap — an agent loop
that accumulates a preview image per iteration (e.g. scaddy's write_scad) blows
past the cap, EVERY target rejects ("9 images, target allows at most 8"), and the
run dies. Observed live on ollama-cloud (cap 8).

Now: over-count keeps the most-recent MaxImagesPerReq images and replaces each
older one with a short text placeholder ("[earlier image omitted to fit this
model's per-request image limit]"), preserving each message's turn structure and
telling the model an image was elided. The most-recent images are the relevant
ones in an iterative run. Copy-on-write; the input request is never mutated. The
per-model threshold stays configurable via Capabilities.MaxImagesPerReq (0 still
means no image support); SupportsImages / MIME / byte-budget / dimension behavior
is unchanged, and the provider-side count backstop remains.

Test: TestNormalizeTooManyImages_DropsOldest — 3 images, cap 2 → 2 kept (the most
recent), 1 placeholder, no error, oldest dropped, input unmutated.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
2026-06-28 17:38:21 -04:00
Steve Dudenhoeffer 51f5ea0d2b ci: pin gadfly reusable to immutable @7bc3c98 (vars-config reusable) [skip ci]
The reusable now reads swarm config from user-scope vars (GADFLY_DEFAULT_* +
GADFLY_ENDPOINT_*); this immutable @sha bumps past the long-lived-runner ref
cache so the vars-config reusable is adopted. Direct to main + [skip ci] to
avoid triggering the review swarm.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
2026-06-28 02:05:29 -04:00
steve a457e76ac7 ci: track gadfly's v1 release tag instead of a pinned sha (#7)
CI / Tidy (push) Successful in 9m25s
CI / Build & Test (push) Successful in 9m45s
2026-06-28 04:08:34 +00:00
steve 78a1d1c3bb ci: switch gadfly review to the reusable workflow (curated swarm, 5 lenses) (#6)
CI / Tidy (push) Successful in 9m25s
CI / Build & Test (push) Successful in 10m13s
2026-06-28 02:48:28 +00:00
steve aa25b2c334 Merge pull request 'feat(llamaswap): add llama-swaps (TLS) DSN scheme' (#4) from feat/llama-swaps-tls into main
CI / Tidy (push) Successful in 9m23s
CI / Build & Test (push) Successful in 10m13s
2026-06-27 22:56:59 +00:00
steve 2b35f1741c Merge pull request 'ci(gadfly): trim the weakest reviewers from the swarm' (#5) from ci/trim-gadfly-reviewers into main
CI / Tidy (push) Successful in 9m25s
CI / Build & Test (push) Successful in 10m1s
2026-06-27 22:56:57 +00:00
steve 98a2164aba ci(gadfly): trim the weakest reviewers from the swarm
Adversarial Review (Gadfly) / review (pull_request) Successful in 5m27s
CI / Tidy (pull_request) Successful in 9m31s
CI / Build & Test (pull_request) Successful in 9m48s
Drop the four lowest-graded reviewers — m5/qwen3.6:35b-mlx, gemma4:cloud,
gpt-oss:120b-cloud, kimi-k2.7-code:cloud. Removing m5/qwen3.6 takes the last
local Mac out, so this is now a cloud-only fleet of 6 ollama-cloud models;
GADFLY_ENDPOINT_M5 and the m5 concurrency entry are gone and the per-job timeout
drops to 45m. README/CLAUDE.md kept in sync.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
2026-06-27 18:07:27 -04:00
steve de2b2f0f28 feat(llamaswap): add llama-swaps (TLS) DSN scheme
CI / Tidy (pull_request) Successful in 9m43s
CI / Build & Test (pull_request) Successful in 10m26s
Adversarial Review (Gadfly) / review (pull_request) Successful in 11m47s
llama-swap was http-only by DSN, pushing TLS-fronted instances onto the openai://
scheme (which loses the management/image methods). Add a "llama-swaps" scheme
that builds an https base URL, alongside "llama-swap" (http, local-first) —
mirroring redis/rediss. Both share one factory; llama-swaps is scheme-only (no
default built-in). The choice stays explicit because a DSN has no reliable
http-vs-https signal.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
2026-06-27 17:58:59 -04:00
steve b2487a1a37 Merge pull request 'feat(llamaswap): llama-swap provider + canonical imagegen interface' (#3) from feat/llama-swap-provider into main
CI / Tidy (push) Successful in 9m24s
CI / Build & Test (push) Successful in 10m11s
2026-06-27 20:14:01 +00:00
13 changed files with 347 additions and 157 deletions
+22 -60
View File
@@ -1,12 +1,8 @@
# Gadfly — agentic adversarial PR reviewer (https://gitea.stevedudenhoeffer.com/steve/gadfly).
#
# Runs the published Gadfly image (pinned to an immutable :sha- tag — act_runner
# caches :latest, and this build is what carries foreman provider-type support)
# as a specialist swarm and posts
# ONE consolidated review comment as gitea-actions. Advisory only — never blocks a
# merge. This reviews majordomo PRs with 9 ollama-cloud models + the M5 Mac
# (3-lens suite). Gadfly is a simple system — findings are advisory; always
# double-check before acting.
# Gadfly adversarial review — subscribes to steve/gadfly's reusable workflow and
# INHERITS its default swarm. This stub holds only the triggers, the actor gate,
# secret forwarding, and the allow-list; the swarm config (models, lenses,
# concurrency, timeouts) lives centrally in gadfly's review-reusable.yml so it is
# tuned in ONE place. Advisory only — never blocks a merge.
name: Adversarial Review (Gadfly)
@@ -33,60 +29,26 @@ concurrency:
jobs:
review:
# Security: only trusted users may trigger a secret-bearing run via a PR
# comment (pull_request + workflow_dispatch are already trusted). Mirrors
# GADFLY_ALLOWED_USERS, the in-container belt-and-suspenders check.
# comment (pull_request + workflow_dispatch are already trusted). Mirrors the
# allowed_users input below (the in-container belt-and-suspenders check) — both
# lists must stay in sync; a workflow if: can't read a workflow_call input.
if: >-
github.event_name != 'issue_comment'
|| (github.event.issue.pull_request
&& (github.actor == 'steve'
|| github.actor == 'fizi'
|| github.actor == 'dazed'))
runs-on: ubuntu-latest
# Fleet: 9 cloud (lens fan-out) + the M5 Mac via foreman. The slow local
# lane dominates wall time, so allow plenty of headroom. (M1 was dropped —
# consistently slow for zero real findings.)
timeout-minutes: 90
steps:
- uses: docker://gitea.stevedudenhoeffer.com/steve/gadfly:sha-d7f364d
env:
GITEA_API: ${{ github.server_url }}/api/v1/repos/${{ github.repository }}
GITEA_TOKEN: ${{ secrets.GITEA_TOKEN }}
OLLAMA_CLOUD_API_KEY: ${{ secrets.OLLAMA_CLOUD_API_KEY }}
# Local Mac, reached through its foreman queue (native Ollama on the
# wire). GADFLY_ENDPOINT_M5 registers provider "m5", a foreman-preset
# Ollama client at the secret's URL, of the form:
# foreman|https://<foreman-host>|<token>
# Needs an image with foreman provider-type support (this one). If the Mac
# is offline that model's comment shows an error and the others still post.
# (Gitea secrets aren't auto-exposed — map each explicitly.)
GADFLY_ENDPOINT_M5: ${{ secrets.GADFLY_ENDPOINT_M5 }}
# Fleet: 9 cloud + M5 Max. Cloud concurrency lives in the LENSES: cloud
# models run a few at a time (ollama-cloud=3) with their 3 lenses
# concurrent (LENS ollama-cloud=3) so comments land sooner; the Mac runs
# one model, lenses serial (its foreman queue serializes anyway). Both
# provider lanes run parallel.
GADFLY_MODELS: "minimax-m3:cloud,glm-5.2:cloud,glm-5.1:cloud,kimi-k2.7-code:cloud,deepseek-v4-pro:cloud,nemotron-3-super:cloud,gpt-oss:120b-cloud,qwen3-coder:480b-cloud,gemma4:cloud,m5/qwen3.6:35b-mlx"
GADFLY_PROVIDER_CONCURRENCY: "ollama-cloud=3,m5=1"
GADFLY_PROVIDER_LENS_CONCURRENCY: "ollama-cloud=3"
# Default => the 3-lens suite (security, correctness, error-handling).
# Set the repo var GADFLY_SPECIALISTS to override (csv / "all" / "auto").
GADFLY_SPECIALISTS: ${{ vars.GADFLY_SPECIALISTS || 'security,correctness,error-handling' }}
# Per-lens deadline + bounded steps so the slow local models stay sane.
GADFLY_TIMEOUT_SECS: "600"
GADFLY_MAX_STEPS: "14"
# Allow-list for the comment trigger (mirrors the job-level if: guard).
GADFLY_ALLOWED_USERS: "steve,fizi,dazed"
# --- findings telemetry: POST runs + findings to the gadfly-reports store ---
# Advisory & off unless GADFLY_FINDINGS_URL is set; failures only log to
# stderr and never affect the review. GADFLY_REPO / GADFLY_PR are derived
# in-container; the URL + token are user-scope secrets.
GADFLY_FINDINGS_URL: ${{ secrets.GADFLY_FINDINGS_URL }}
GADFLY_FINDINGS_TOKEN: ${{ secrets.GADFLY_FINDINGS_TOKEN }}
# --- event context (leave as-is) ---
EVENT_NAME: ${{ github.event_name }}
PR: ${{ github.event.pull_request.number || github.event.issue.number || github.event.inputs.pr_number }}
PR_BRANCH: ${{ github.head_ref }}
IS_DRAFT: ${{ github.event.pull_request.draft }}
COMMENT_BODY: ${{ github.event.comment.body }}
COMMENT_ID: ${{ github.event.comment.id }}
ACTOR: ${{ github.actor }}
# Tracks gadfly's v1 release tag — a curated pointer re-moved on each release
# (unlike @main, which moves on every push). Central swarm tuning propagates
# here automatically; the tradeoff vs a full sha pin is that v1 is mutable.
uses: steve/gadfly/.gitea/workflows/review-reusable.yml@5007597cf921dc3f0a83c708878facfe65fd8e8b
# Least privilege: forward only the review secrets (not `secrets: inherit`,
# which would expose every repo secret). GITEA_TOKEN is the automatic token.
secrets:
OLLAMA_CLOUD_API_KEY: ${{ secrets.OLLAMA_CLOUD_API_KEY }}
CLAUDE_CODE_OAUTH_TOKEN: ${{ secrets.CLAUDE_CODE_OAUTH_TOKEN }}
GADFLY_FINDINGS_URL: ${{ secrets.GADFLY_FINDINGS_URL }}
GADFLY_FINDINGS_TOKEN: ${{ secrets.GADFLY_FINDINGS_TOKEN }}
with:
# Consumer-specific allow-list; everything else is inherited.
allowed_users: "steve,fizi,dazed"
+12 -9
View File
@@ -79,12 +79,13 @@ alias := bare token (no slash), expands INLINE, recursively, cycle-checked
`LLM_<NAME>=scheme://[token@]host[/path]` — e.g.
`LLM_M5=foreman://token@foreman-m5.example` defines provider `m5`; then
`m5/qwen3:30b` works in Parse, chains, and aliases. Scheme ∈ {foreman,
ollama, ollama-cloud, openai, anthropic, google, gemini, llama-swap}
RegisterScheme. Token = credential; base URL = `https://host` always —
**except `llama-swap`, which builds `http://host` (local-first; ADR-0015).**
`New()` scans the process env eagerly; unknown names also resolve lazily at
Parse time (`my-prov``LLM_MY_PROV`). Malformed entries fail on use, not at
startup.
ollama, ollama-cloud, openai, anthropic, google, gemini, llama-swap,
llama-swaps} RegisterScheme. Token = credential; base URL = `https://host`
always — **except `llama-swap`, which builds `http://host` (local-first);
`llama-swaps` is its TLS twin (`https://host`), mirroring redis/rediss
(ADR-0015).** `New()` scans the process env eagerly; unknown names also resolve
lazily at Parse time (`my-prov``LLM_MY_PROV`). Malformed entries fail on use,
not at startup.
## Health & failover (ADR-0006, ADR-0008)
@@ -141,9 +142,11 @@ Ship work through PRs and let Gadfly review it before merge:
- **Push to a PR, never straight to `main`.** Branch, push, open a PR.
`.gitea/workflows/adversarial-review.yml` runs Gadfly (the standalone
agentic adversarial reviewer) — a fleet of 9 ollama-cloud models +
the M5 Mac via foreman, each running the 3-lens suite (security,
correctness, error-handling). Advisory only; it never blocks the merge.
agentic adversarial reviewer) by subscribing to gadfly's reusable workflow
and inheriting its default swarm — 3 cloud models + the Claude Code engine
(sonnet/opus/opus:max), each running the 5-lens suite (security, correctness,
maintainability, performance, error-handling). The swarm is tuned centrally
in gadfly, not here. Advisory only; it never blocks the merge.
- **Wait for Gadfly to finish, then read its output.** Don't merge while the
review is still running. Each model posts one consolidated comment; weigh
every finding on its merits and fix the real ones (Gadfly is a simple
+9 -7
View File
@@ -159,15 +159,17 @@ m, _ := reg.Parse("m5/qwen3:30b,m1/qwen3:30b,thinking")
```
DSN format: `scheme://[token@]host[/path]`, scheme ∈ `foreman`, `ollama`,
`ollama-cloud`, `openai`, `anthropic`, `google`/`gemini`, `llama-swap`, or any
scheme you add with `RegisterScheme`. The token is the credential (bearer token
/ API key); the base URL is always `https://host[/path]` — except `llama-swap`,
which builds `http://host[:port]` since it's local-first. `New()` loads `LLM_*`
vars eagerly; unknown provider names also resolve lazily at Parse time
(`my-prov/x``LLM_MY_PROV`).
`ollama-cloud`, `openai`, `anthropic`, `google`/`gemini`, `llama-swap`,
`llama-swaps`, or any scheme you add with `RegisterScheme`. The token is the
credential (bearer token / API key); the base URL is always `https://host[/path]`
— except `llama-swap`, which builds `http://host[:port]` since it's local-first
(`llama-swaps` is the TLS twin → `https://host`, mirroring redis/rediss). `New()`
loads `LLM_*` vars eagerly; unknown provider names also resolve lazily at Parse
time (`my-prov/x``LLM_MY_PROV`).
```
LLM_LS=llama-swap://token@box.local:8080 # then "ls/qwen3:14b" parses
LLM_LS=llama-swap://token@box.local:8080 # http → "ls/qwen3:14b" parses
LLM_LS=llama-swaps://token@swap.example.com # https → TLS-fronted instance
```
[llama-swap](https://github.com/mostlygeek/llama-swap) is a model-swapping proxy
+21 -11
View File
@@ -20,6 +20,12 @@ const (
ProviderOllamaCloud = "ollama-cloud"
ProviderForeman = "foreman"
ProviderLlamaSwap = "llama-swap"
// ProviderLlamaSwapTLS is the DSN scheme for a TLS-fronted llama-swap
// (https base URL). It is a scheme only, not a default built-in provider
// name. Why a separate scheme rather than auto-detecting: a DSN carries no
// reliable signal for http vs https, so the choice is explicit
// (llama-swap = http local-first, llama-swaps = https), mirroring rediss.
ProviderLlamaSwapTLS = "llama-swaps"
)
// registerBuiltins installs the built-in providers and env-DSN scheme
@@ -70,24 +76,28 @@ func registerBuiltins(r *Registry, httpClient *http.Client) {
// llama-swap: OpenAI-compatible chat + image generation + management
// endpoints over a model-swapping proxy. Chat reuses the openai client
// (provider/llamaswap delegates); the DSN builds an http:// base URL
// because llama-swap is local-first (TLS-fronted instances can use the
// openai:// scheme for chat). The no-DSN built-in errors on use with a
// clear message, mirroring foreman.
// (provider/llamaswap delegates). Two schemes: "llama-swap" builds an
// http:// base URL (local-first default), "llama-swaps" builds https://
// for a TLS-fronted instance (mirrors redis/rediss). The no-DSN built-in
// errors on use with a clear message, mirroring foreman.
llamaSwapOpts := func(extra ...llamaswap.Option) []llamaswap.Option {
if httpClient != nil {
extra = append(extra, llamaswap.WithHTTPClient(httpClient))
}
return extra
}
r.providers[ProviderLlamaSwap] = llamaswap.New(llamaSwapOpts(llamaswap.WithName(ProviderLlamaSwap))...)
r.schemes[ProviderLlamaSwap] = func(name string, dsn DSN) (llm.Provider, error) {
return llamaswap.New(llamaSwapOpts(
llamaswap.WithName(name),
llamaswap.WithBaseURL("http://"+dsn.Host),
llamaswap.WithToken(dsn.Token),
)...), nil
llamaSwapScheme := func(urlScheme string) SchemeFactory {
return func(name string, dsn DSN) (llm.Provider, error) {
return llamaswap.New(llamaSwapOpts(
llamaswap.WithName(name),
llamaswap.WithBaseURL(urlScheme+"://"+dsn.Host),
llamaswap.WithToken(dsn.Token),
)...), nil
}
}
r.providers[ProviderLlamaSwap] = llamaswap.New(llamaSwapOpts(llamaswap.WithName(ProviderLlamaSwap))...)
r.schemes[ProviderLlamaSwap] = llamaSwapScheme("http")
r.schemes[ProviderLlamaSwapTLS] = llamaSwapScheme("https")
// Anthropic and Anthropic-compatible endpoints.
anthropicOpts := func(extra ...anthropic.Option) []anthropic.Option {
+22
View File
@@ -51,6 +51,28 @@ func TestLlamaSwapScheme(t *testing.T) {
}
}
// TestLlamaSwapsScheme: the "llama-swaps" scheme builds an https base URL for a
// TLS-fronted instance (vs "llama-swap" which is http local-first).
func TestLlamaSwapsScheme(t *testing.T) {
r := newTestRegistry(t)
if err := r.LoadEnv(map[string]string{
"LLM_LST": "llama-swaps://tok@swap.example.com",
}); err != nil {
t.Fatalf("LoadEnv: %v", err)
}
p, ok := r.Provider("lst")
if !ok {
t.Fatal("provider \"lst\" not registered")
}
lp, ok := p.(*llamaswap.Provider)
if !ok {
t.Fatalf("provider is %T, want *llamaswap.Provider", p)
}
if want := "https://swap.example.com"; lp.BaseURL() != want {
t.Errorf("baseURL = %q, want %q", lp.BaseURL(), want)
}
}
// TestLlamaSwapBuiltinNoURL: the no-DSN built-in resolves but errors clearly on
// use (mirrors foreman), rather than silently hitting a wrong host.
func TestLlamaSwapBuiltinNoURL(t *testing.T) {
+7 -5
View File
@@ -38,11 +38,13 @@ features leak into the canonical API).
`Unload` (POST `/api/models/unload[/:model]`). A small `doJSON` helper shares
bearer auth + error mapping; non-2xx → `*llm.APIError` (so `llm.Classify`
applies), transport errors wrapped raw.
- DSN: the `llama-swap` scheme builds an **http://** base URL from the host
(llama-swap is local-first), deliberately *not* the DSN's https-always
`BaseURL()`. A TLS-fronted instance can use the `openai://` scheme for chat.
A no-DSN built-in `llama-swap` provider registers but errors on use (mirrors
foreman).
- DSN: two schemes share one factory. `llama-swap` builds an **http://** base
URL from the host (llama-swap is local-first), deliberately *not* the DSN's
https-always `BaseURL()`; `llama-swaps` builds **https://** for a TLS-fronted
instance (mirrors redis/rediss). Why a second scheme rather than auto-detect:
a DSN carries no reliable http-vs-https signal, so the choice stays explicit.
Only `llama-swap` registers a no-DSN built-in provider (errors on use, mirrors
foreman); `llama-swaps` is a scheme only.
- Image generation is implemented here too, against the new `imagegen`
interface (see ADR-0016).
+19
View File
@@ -42,3 +42,22 @@ asked for "a new ai image interface as opposed to llm".
callers (additive fields/options).
- No health/failover for image models yet; if needed it can be added as a
separate chain type rather than retrofitting the chat chain.
## Update — optional per-request settings
`Request` gained additive optional overrides — `Steps *int`, `CFGScale *float64`,
`NegativePrompt string`, `Sampler string`, `Seed *int64` — with mirror options
(`WithSteps`, …). nil/"" means "leave the backend's per-model default", so the v1
contract is unchanged for callers that don't set them. `provider/llamaswap`
forwards them to sd-server as `steps`/`cfg_scale`/`negative_prompt`/`sample_method`/
`seed` (omitempty). This realizes the "seeds/steps … additive fields" note above;
img2img/masks/streaming remain deferred.
## Update — A1111 txt2img endpoint (seed support)
`provider/llamaswap` now POSTs to sd-server's **`/sdapi/v1/txt2img`** (A1111)
instead of the OpenAI `/v1/images/generations`. That OpenAI endpoint **ignores
`seed`** on the stable-diffusion.cpp build we run — every render of a prompt is
byte-identical, so a batch of N collapses to one image. `/sdapi/v1/txt2img`
honours `seed`, restoring real per-render variety. llama-swap still routes by
the `model` field in the body; `Size` is split into `width`/`height`.
+38
View File
@@ -38,6 +38,29 @@ type Request struct {
// Size is the requested resolution, e.g. "512x512" or "1024x1024";
// "" = provider default.
Size string
// The fields below are optional per-request overrides. Their zero value
// (nil pointer or empty string) means "leave the backend's own default" —
// for stable-diffusion.cpp that is the per-model default baked into the
// llama-swap launch flags. A caller overrides only what it explicitly sets.
// Steps is the number of diffusion steps; nil = backend default.
Steps *int
// CFGScale is the classifier-free-guidance scale; nil = backend default.
// Architecture-sensitive (SDXL likes ~7, Flux wants 1), so prefer leaving
// it nil unless the caller knows the target model.
CFGScale *float64
// NegativePrompt steers generation away from concepts; "" = none.
NegativePrompt string
// Sampler selects the sampling method (e.g. "euler", "euler_a");
// "" = backend default.
Sampler string
// Seed fixes the RNG seed for reproducible output; nil = random.
Seed *int64
}
// Result is the canonical image-generation result.
@@ -60,6 +83,21 @@ func WithN(n int) Option { return func(r *Request) { r.N = n } }
// WithSize sets the requested resolution (e.g. "1024x1024").
func WithSize(size string) Option { return func(r *Request) { r.Size = size } }
// WithSteps overrides the number of diffusion steps.
func WithSteps(n int) Option { return func(r *Request) { r.Steps = &n } }
// WithCFGScale overrides the classifier-free-guidance scale.
func WithCFGScale(s float64) Option { return func(r *Request) { r.CFGScale = &s } }
// WithNegativePrompt sets a negative prompt.
func WithNegativePrompt(s string) Option { return func(r *Request) { r.NegativePrompt = s } }
// WithSampler overrides the sampling method (e.g. "euler", "euler_a").
func WithSampler(s string) Option { return func(r *Request) { r.Sampler = s } }
// WithSeed fixes the RNG seed for reproducible output.
func WithSeed(seed int64) Option { return func(r *Request) { r.Seed = &seed } }
// Apply returns a copy of the request with all options applied. Providers call
// this once at the top of Generate.
func (r Request) Apply(opts ...Option) Request {
+41 -15
View File
@@ -5,10 +5,16 @@
// already satisfies the target's llm.Capabilities. Images that do not fit
// are decoded, downscaled (never upscaled), and re-encoded into an allowed
// format and byte budget. Anything that cannot honestly be made to fit —
// undecodable formats, impossible byte budgets, too many images, images for
// a text-only target — fails with an error wrapping llm.ErrUnsupported so a
// failover chain can advance to a more capable target without a health
// penalty.
// undecodable formats, impossible byte budgets, images for a text-only
// target — fails with an error wrapping llm.ErrUnsupported so a failover
// chain can advance to a more capable target without a health penalty.
//
// Over-count is the exception: a request carrying more images than
// MaxImagesPerReq does NOT fail — the oldest images are replaced with a short
// text placeholder and the most-recent MaxImagesPerReq are kept, because a hard
// refuse exhausts a chain whose targets share the same cap (e.g. an agent loop
// accumulating a preview image per iteration). MaxImagesPerReq remains the
// per-model knob (0 = no image support).
//
// Why a separate package: every provider would otherwise duplicate the same
// decode/scale/encode pipeline. Providers keep only a cheap capability
@@ -52,15 +58,21 @@ func Normalize(req llm.Request, caps llm.Capabilities) (llm.Request, error) {
if !caps.SupportsImages() {
return llm.Request{}, fmt.Errorf("media: %w: target does not accept image input (request carries %d image(s))", llm.ErrUnsupported, total)
}
// Why error instead of dropping the overflow: silently removing an image
// changes the question the caller asked; the honest move is to refuse and
// let a chain try a roomier target.
// Over-cap images are elided in the same copy-on-write pass below: the
// OLDEST excess are replaced with a placeholder and the most-recent
// MaxImagesPerReq kept (see the package doc for why we elide rather than
// refuse). toElide is how many of the first images, front-to-back, to drop.
toElide := 0
if total > caps.MaxImagesPerReq {
return llm.Request{}, fmt.Errorf("media: %w: request carries %d images, target allows at most %d per request", llm.ErrUnsupported, total, caps.MaxImagesPerReq)
toElide = total - caps.MaxImagesPerReq
}
// Single copy-on-write pass: for each image, the first toElide become a text
// placeholder; the rest are size-normalized against caps. The Messages slice
// and an affected message's Parts slice are copied at most once.
out := req
copiedMessages := false
seen := 0
for mi := range req.Messages {
copiedParts := false
for pi, part := range req.Messages[mi].Parts {
@@ -68,13 +80,22 @@ func Normalize(req llm.Request, caps llm.Capabilities) (llm.Request, error) {
if !ok {
continue
}
norm, changed, err := normalizeImage(ip, caps)
if err != nil {
return llm.Request{}, fmt.Errorf("media: message %d, part %d: %w", mi, pi, err)
}
if !changed {
continue
seen++
var replacement llm.Part
if seen <= toElide {
replacement = llm.Text(imageOverflowPlaceholder)
} else {
norm, changed, err := normalizeImage(ip, caps)
if err != nil {
return llm.Request{}, fmt.Errorf("media: message %d, part %d: %w", mi, pi, err)
}
if !changed {
continue
}
replacement = norm
}
if !copiedMessages {
out.Messages = make([]llm.Message, len(req.Messages))
copy(out.Messages, req.Messages)
@@ -86,12 +107,17 @@ func Normalize(req llm.Request, caps llm.Capabilities) (llm.Request, error) {
out.Messages[mi].Parts = parts
copiedParts = true
}
out.Messages[mi].Parts[pi] = norm
out.Messages[mi].Parts[pi] = replacement
}
}
return out, nil
}
// imageOverflowPlaceholder replaces an image elided to fit a target's
// per-request image cap. It keeps the message turn intact and tells the model
// an earlier image was omitted rather than silently changing the conversation.
const imageOverflowPlaceholder = "[earlier image omitted to fit this model's per-request image limit]"
// Info reports an image part's sniffed format ("jpeg", "png", "gif", or
// "webp") and pixel dimensions. It is a cheap metadata read — the pixels are
// never decoded. webp is recognized by signature but not decodable with the
+39 -9
View File
@@ -149,18 +149,48 @@ func TestNormalizeImagesUnsupported(t *testing.T) {
}
}
func TestNormalizeTooManyImages(t *testing.T) {
img := llm.Image("image/png", encPNG(t, gradient(4, 4)))
func TestNormalizeOverCount(t *testing.T) {
// 3 distinguishable images across 2 messages; cap = 2. Over-count no longer
// errors — the OLDEST image is replaced with a placeholder and the most-recent
// two (the relevant ones in an iterative run) are kept, in order.
a := llm.Image("image/png", encPNG(t, gradient(2, 2))).(llm.ImagePart)
b := llm.Image("image/png", encPNG(t, gradient(4, 4))).(llm.ImagePart)
c := llm.Image("image/png", encPNG(t, gradient(8, 8))).(llm.ImagePart)
req := llm.Request{Messages: []llm.Message{
llm.UserParts(img, img),
llm.UserParts(img),
llm.UserParts(a, b),
llm.UserParts(c),
}}
_, err := Normalize(req, llm.Capabilities{MaxImagesPerReq: 2})
if !errors.Is(err, llm.ErrUnsupported) {
t.Fatalf("err = %v, want ErrUnsupported", err)
caps := llm.Capabilities{MaxImagesPerReq: 2, MaxImageDimension: 64, MaxImageBytes: 1 << 20, AllowedImageMIME: []string{"image/png"}}
out, err := Normalize(req, caps)
if err != nil {
t.Fatalf("over-count should not error: %v", err)
}
if !strings.Contains(err.Error(), "3 images") || !strings.Contains(err.Error(), "at most 2") {
t.Errorf("err message %q lacks the counts", err)
var imgs []llm.ImagePart
placeholders := 0
for _, m := range out.Messages {
for _, p := range m.Parts {
switch v := p.(type) {
case llm.ImagePart:
imgs = append(imgs, v)
case llm.TextPart:
if v.Text == imageOverflowPlaceholder {
placeholders++
}
}
}
}
// The exact survivors are the most-recent two, in order: b then c (a elided).
if len(imgs) != 2 || !bytes.Equal(imgs[0].Data, b.Data) || !bytes.Equal(imgs[1].Data, c.Data) {
t.Fatalf("kept %d images; want exactly [b, c] (the most-recent two)", len(imgs))
}
if placeholders != 1 {
t.Errorf("placeholders = %d, want 1 for the elided oldest image", placeholders)
}
// Input request untouched (copy-on-write): the first part is still image a,
// not a placeholder — a len check alone wouldn't catch in-place substitution.
first, ok := req.Messages[0].Parts[0].(llm.ImagePart)
if !ok || !bytes.Equal(first.Data, a.Data) {
t.Errorf("input request was mutated; first part = %+v", req.Messages[0].Parts[0])
}
}
+7
View File
@@ -1,5 +1,12 @@
# progress
## 2026-06-27 — llama-swaps (TLS) DSN scheme
Follow-up to the llama-swap provider: added the `llama-swaps` DSN scheme (https
base URL) alongside `llama-swap` (http, local-first), mirroring redis/rediss, so
a TLS-fronted instance is first-class instead of being pushed to the `openai://`
scheme. Scheme-only (no default built-in); shares one factory in builtin.go.
## 2026-06-27 — llama-swap provider + canonical image-gen interface
**Landed (ADR-0015, ADR-0016).** New `provider/llamaswap`: chat **delegates to
+64 -34
View File
@@ -5,6 +5,7 @@ import (
"encoding/base64"
"fmt"
"net/http"
"strconv"
"strings"
"gitea.stevedudenhoeffer.com/steve/majordomo/imagegen"
@@ -27,25 +28,32 @@ type imageModel struct {
id string
}
// imageRequest is the OpenAI /v1/images/generations request shape. We always
// request b64_json so the bytes come back inline (no second fetch).
type imageRequest struct {
Model string `json:"model"`
Prompt string `json:"prompt"`
N int `json:"n,omitempty"`
Size string `json:"size,omitempty"`
ResponseFormat string `json:"response_format"`
// txt2imgRequest is the stable-diffusion.cpp sd-server A1111 request shape
// (POST /sdapi/v1/txt2img). We use this endpoint rather than the OpenAI
// /v1/images/generations one because that endpoint IGNORES `seed` on this
// sd-server build — every render of a given prompt comes back byte-identical,
// so a batch of N collapses to one image. /sdapi/v1/txt2img honours `seed`,
// giving real variety. llama-swap still routes by the `model` field in the
// body. Optional fields are pointers/omitempty so an unset value falls back to
// the model's baked default (the per-model --steps/--cfg-scale/etc. flags).
type txt2imgRequest struct {
Model string `json:"model"`
Prompt string `json:"prompt"`
NegativePrompt string `json:"negative_prompt,omitempty"`
Seed *int64 `json:"seed,omitempty"`
Steps *int `json:"steps,omitempty"`
CFGScale *float64 `json:"cfg_scale,omitempty"`
Width *int `json:"width,omitempty"`
Height *int `json:"height,omitempty"`
SampleMethod string `json:"sample_method,omitempty"`
BatchCount int `json:"batch_count,omitempty"`
}
type imageResponse struct {
Created int64 `json:"created"`
Data []struct {
B64JSON string `json:"b64_json"`
URL string `json:"url"`
} `json:"data"`
type txt2imgResponse struct {
Images []string `json:"images"`
}
// Generate implements imagegen.Model via POST {base}/v1/images/generations.
// Generate implements imagegen.Model via POST {base}/sdapi/v1/txt2img.
func (m *imageModel) Generate(ctx context.Context, req imagegen.Request, opts ...imagegen.Option) (*imagegen.Result, error) {
req = req.Apply(opts...)
if strings.TrimSpace(req.Prompt) == "" {
@@ -55,32 +63,35 @@ func (m *imageModel) Generate(ctx context.Context, req imagegen.Request, opts ..
return nil, fmt.Errorf("%w: image count N must be >= 0, got %d", llm.ErrUnsupported, req.N)
}
wire := imageRequest{
Model: m.id,
Prompt: req.Prompt,
N: req.N,
Size: req.Size,
ResponseFormat: "b64_json",
width, height, err := parseSize(req.Size)
if err != nil {
return nil, fmt.Errorf("%w: %v", llm.ErrUnsupported, err)
}
var resp imageResponse
if err := m.p.doJSON(ctx, http.MethodPost, "/v1/images/generations", m.id, &wire, &resp); err != nil {
wire := txt2imgRequest{
Model: m.id,
Prompt: req.Prompt,
NegativePrompt: req.NegativePrompt,
Seed: req.Seed,
Steps: req.Steps,
CFGScale: req.CFGScale,
Width: width,
Height: height,
SampleMethod: req.Sampler,
BatchCount: req.N,
}
var resp txt2imgResponse
if err := m.p.doJSON(ctx, http.MethodPost, "/sdapi/v1/txt2img", m.id, &wire, &resp); err != nil {
return nil, err
}
out := &imagegen.Result{Raw: &resp}
for i, d := range resp.Data {
if d.B64JSON == "" {
// Why error rather than skip: a url-only entry means the backend
// ignored response_format; we don't fetch remote content (mirrors
// llm.ImagePart's bytes-only contract), so surface it.
return nil, &llm.APIError{
Provider: m.p.name,
Model: m.id,
Message: fmt.Sprintf("image %d returned no inline b64_json data", i),
}
for i, b64 := range resp.Images {
if b64 == "" {
continue
}
raw, err := base64.StdEncoding.DecodeString(d.B64JSON)
raw, err := base64.StdEncoding.DecodeString(b64)
if err != nil {
return nil, fmt.Errorf("llama-swap: decode image %d: %w", i, err)
}
@@ -96,6 +107,25 @@ func (m *imageModel) Generate(ctx context.Context, req imagegen.Request, opts ..
return out, nil
}
// parseSize splits a "WxH" string into width/height pointers. "" yields
// (nil, nil) so the model's own default resolution applies.
func parseSize(size string) (*int, *int, error) {
size = strings.TrimSpace(size)
if size == "" {
return nil, nil, nil
}
parts := strings.SplitN(strings.ToLower(size), "x", 2)
if len(parts) != 2 {
return nil, nil, fmt.Errorf("invalid size %q (want WxH)", size)
}
w, err1 := strconv.Atoi(strings.TrimSpace(parts[0]))
h, err2 := strconv.Atoi(strings.TrimSpace(parts[1]))
if err1 != nil || err2 != nil || w <= 0 || h <= 0 {
return nil, nil, fmt.Errorf("invalid size %q (want WxH)", size)
}
return &w, &h, nil
}
// sniffImageMIME identifies the image format from its leading bytes, defaulting
// to image/png (stable-diffusion.cpp emits PNG) when detection is inconclusive.
func sniffImageMIME(data []byte) string {
+46 -7
View File
@@ -166,11 +166,11 @@ func TestRunningRaw(t *testing.T) {
func TestImageGenerate(t *testing.T) {
var gotBody map[string]any
srv := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
if r.URL.Path != "/v1/images/generations" {
if r.URL.Path != "/sdapi/v1/txt2img" {
t.Errorf("path = %q", r.URL.Path)
}
_ = json.NewDecoder(r.Body).Decode(&gotBody)
_, _ = w.Write([]byte(`{"created":1,"data":[{"b64_json":"` + onePixelPNG + `"}]}`))
_, _ = w.Write([]byte(`{"images":["` + onePixelPNG + `"]}`))
}))
defer srv.Close()
@@ -192,12 +192,51 @@ func TestImageGenerate(t *testing.T) {
if len(res.Images[0].Data) == 0 {
t.Error("decoded image has no bytes")
}
// response_format must be forced to b64_json, and options applied.
if gotBody["response_format"] != "b64_json" {
t.Errorf("response_format = %v, want b64_json", gotBody["response_format"])
// Size is split into width/height ints for the A1111 endpoint.
if gotBody["width"] != float64(512) || gotBody["height"] != float64(512) {
t.Errorf("width/height = %v/%v, want 512/512", gotBody["width"], gotBody["height"])
}
if gotBody["size"] != "512x512" {
t.Errorf("size = %v, want 512x512", gotBody["size"])
}
func TestImageGenerateSettings(t *testing.T) {
var gotBody map[string]any
srv := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
_ = json.NewDecoder(r.Body).Decode(&gotBody)
_, _ = w.Write([]byte(`{"images":["` + onePixelPNG + `"]}`))
}))
defer srv.Close()
p := New(WithBaseURL(srv.URL), WithHTTPClient(srv.Client()))
im, _ := p.ImageModel("sd")
// Unset overrides must be omitted entirely so sd-server keeps its own
// per-model defaults.
if _, err := im.Generate(context.Background(), imagegen.Request{Prompt: "x"}); err != nil {
t.Fatalf("Generate: %v", err)
}
for _, k := range []string{"steps", "cfg_scale", "negative_prompt", "sample_method", "seed"} {
if v, ok := gotBody[k]; ok {
t.Errorf("unset request sent %q = %v, want omitted", k, v)
}
}
// Set overrides are forwarded with the sd-server-friendly field names.
gotBody = nil
_, err := im.Generate(context.Background(), imagegen.Request{Prompt: "x"},
imagegen.WithSteps(8),
imagegen.WithCFGScale(3.5),
imagegen.WithNegativePrompt("blurry"),
imagegen.WithSampler("euler"),
imagegen.WithSeed(42),
)
if err != nil {
t.Fatalf("Generate: %v", err)
}
want := map[string]any{"steps": float64(8), "cfg_scale": 3.5, "negative_prompt": "blurry", "sample_method": "euler", "seed": float64(42)}
for k, w := range want {
if gotBody[k] != w {
t.Errorf("%s = %v, want %v", k, gotBody[k], w)
}
}
}