2 Commits

Author SHA1 Message Date
Steve Dudenhoeffer 17064a6d75 ci: inherit gadfly's default swarm (slim caller, re-pin @b02b11d)
CI / Tidy (pull_request) Successful in 9m26s
CI / Build & Test (pull_request) Successful in 9m42s
steve/gadfly#10 centralized the curated swarm (3 cloud + Claude Code, 5-lens
suite) as the reusable workflow's input defaults. Drop majordomo's explicit
`with:` swarm block and inherit it; only the consumer-specific allow-list
remains. Re-pin to the post-#10 gadfly commit (@b02b11d). Update CLAUDE.md's
Gadfly section to match (was 6 cloud / 3 lenses).

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
2026-06-27 22:44:49 -04:00
Steve Dudenhoeffer ecf39087a9 ci: switch gadfly review to the reusable workflow (curated swarm, 5 lenses)
Adversarial Review (Gadfly) / review (pull_request) Successful in 8m49s
CI / Tidy (pull_request) Successful in 9m37s
CI / Build & Test (pull_request) Successful in 10m14s
Replace majordomo's full self-contained Gadfly stub with a thin caller of
steve/gadfly's reusable workflow, matching mort/executus's hardened pattern:
- explicit secret forwarding (least privilege); GITEA_TOKEN is the auto token.
- pinned to an immutable gadfly commit (@20a5c43), not @main.

Curated swarm tuned for majordomo:
- 3 strong cloud models (minimax-m3, glm-5.2, deepseek-v4-pro) — dropped
  qwen3-coder:480b, nemotron-3-super, glm-5.1.
- Claude Code engine (sonnet, opus, opus:max), claude-code=3 so all three
  claudes run at once.
- 5-lens default suite (security, correctness, maintainability, performance,
  error-handling) for every model (lenses are global).

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
2026-06-27 21:58:23 -04:00
4 changed files with 50 additions and 133 deletions
+21 -50
View File
@@ -1,12 +1,8 @@
# Gadfly — agentic adversarial PR reviewer (https://gitea.stevedudenhoeffer.com/steve/gadfly). # Gadfly adversarial review — subscribes to steve/gadfly's reusable workflow and
# # INHERITS its default swarm. This stub holds only the triggers, the actor gate,
# Runs the published Gadfly image (pinned to an immutable :sha- tag — act_runner # secret forwarding, and the allow-list; the swarm config (models, lenses,
# caches :latest, and this build is what carries foreman provider-type support) # concurrency, timeouts) lives centrally in gadfly's review-reusable.yml so it is
# as a specialist swarm and posts # tuned in ONE place. Advisory only — never blocks a merge.
# ONE consolidated review comment as gitea-actions. Advisory only — never blocks a
# merge. This reviews majordomo PRs with 6 ollama-cloud models (3-lens suite).
# Gadfly is a simple system — findings are advisory; always double-check before
# acting.
name: Adversarial Review (Gadfly) name: Adversarial Review (Gadfly)
@@ -33,50 +29,25 @@ concurrency:
jobs: jobs:
review: review:
# Security: only trusted users may trigger a secret-bearing run via a PR # Security: only trusted users may trigger a secret-bearing run via a PR
# comment (pull_request + workflow_dispatch are already trusted). Mirrors # comment (pull_request + workflow_dispatch are already trusted). Mirrors the
# GADFLY_ALLOWED_USERS, the in-container belt-and-suspenders check. # allowed_users input below (the in-container belt-and-suspenders check) — both
# lists must stay in sync; a workflow if: can't read a workflow_call input.
if: >- if: >-
github.event_name != 'issue_comment' github.event_name != 'issue_comment'
|| (github.event.issue.pull_request || (github.event.issue.pull_request
&& (github.actor == 'steve' && (github.actor == 'steve'
|| github.actor == 'fizi' || github.actor == 'fizi'
|| github.actor == 'dazed')) || github.actor == 'dazed'))
runs-on: ubuntu-latest # Pinned to an immutable gadfly commit (not @main): a push to gadfly can't
# Fleet: 6 ollama-cloud models (lens fan-out), no local Macs. (Trimmed the # silently change the code that runs with our forwarded secrets.
# weakest reviewers by grade — m5/qwen3.6, gemma4, gpt-oss, kimi-k2.7 — plus uses: steve/gadfly/.gitea/workflows/review-reusable.yml@b02b11d69139843665da4cdbf776bc0b3583490d
# the earlier M1 drop.) Plenty of headroom for the cloud lanes. # Least privilege: forward only the review secrets (not `secrets: inherit`,
timeout-minutes: 45 # which would expose every repo secret). GITEA_TOKEN is the automatic token.
steps: secrets:
- uses: docker://gitea.stevedudenhoeffer.com/steve/gadfly:sha-d7f364d OLLAMA_CLOUD_API_KEY: ${{ secrets.OLLAMA_CLOUD_API_KEY }}
env: CLAUDE_CODE_OAUTH_TOKEN: ${{ secrets.CLAUDE_CODE_OAUTH_TOKEN }}
GITEA_API: ${{ github.server_url }}/api/v1/repos/${{ github.repository }} GADFLY_FINDINGS_URL: ${{ secrets.GADFLY_FINDINGS_URL }}
GITEA_TOKEN: ${{ secrets.GITEA_TOKEN }} GADFLY_FINDINGS_TOKEN: ${{ secrets.GADFLY_FINDINGS_TOKEN }}
OLLAMA_CLOUD_API_KEY: ${{ secrets.OLLAMA_CLOUD_API_KEY }} with:
# Cloud-only fleet (no local Macs). Cloud concurrency lives in the # Consumer-specific allow-list; everything else is inherited.
# LENSES: models run a few at a time (ollama-cloud=3) with their 3 lenses allowed_users: "steve,fizi,dazed"
# concurrent (LENS ollama-cloud=3) so comments land sooner.
GADFLY_MODELS: "minimax-m3:cloud,glm-5.2:cloud,glm-5.1:cloud,deepseek-v4-pro:cloud,nemotron-3-super:cloud,qwen3-coder:480b-cloud"
GADFLY_PROVIDER_CONCURRENCY: "ollama-cloud=3"
GADFLY_PROVIDER_LENS_CONCURRENCY: "ollama-cloud=3"
# Default => the 3-lens suite (security, correctness, error-handling).
# Set the repo var GADFLY_SPECIALISTS to override (csv / "all" / "auto").
GADFLY_SPECIALISTS: ${{ vars.GADFLY_SPECIALISTS || 'security,correctness,error-handling' }}
# Per-lens deadline + bounded steps to keep each reviewer's run sane.
GADFLY_TIMEOUT_SECS: "600"
GADFLY_MAX_STEPS: "14"
# Allow-list for the comment trigger (mirrors the job-level if: guard).
GADFLY_ALLOWED_USERS: "steve,fizi,dazed"
# --- findings telemetry: POST runs + findings to the gadfly-reports store ---
# Advisory & off unless GADFLY_FINDINGS_URL is set; failures only log to
# stderr and never affect the review. GADFLY_REPO / GADFLY_PR are derived
# in-container; the URL + token are user-scope secrets.
GADFLY_FINDINGS_URL: ${{ secrets.GADFLY_FINDINGS_URL }}
GADFLY_FINDINGS_TOKEN: ${{ secrets.GADFLY_FINDINGS_TOKEN }}
# --- event context (leave as-is) ---
EVENT_NAME: ${{ github.event_name }}
PR: ${{ github.event.pull_request.number || github.event.issue.number || github.event.inputs.pr_number }}
PR_BRANCH: ${{ github.head_ref }}
IS_DRAFT: ${{ github.event.pull_request.draft }}
COMMENT_BODY: ${{ github.event.comment.body }}
COMMENT_ID: ${{ github.event.comment.id }}
ACTOR: ${{ github.actor }}
+5 -3
View File
@@ -142,9 +142,11 @@ Ship work through PRs and let Gadfly review it before merge:
- **Push to a PR, never straight to `main`.** Branch, push, open a PR. - **Push to a PR, never straight to `main`.** Branch, push, open a PR.
`.gitea/workflows/adversarial-review.yml` runs Gadfly (the standalone `.gitea/workflows/adversarial-review.yml` runs Gadfly (the standalone
agentic adversarial reviewer) — a fleet of 6 ollama-cloud models, each agentic adversarial reviewer) by subscribing to gadfly's reusable workflow
running the 3-lens suite (security, correctness, error-handling). Advisory and inheriting its default swarm — 3 cloud models + the Claude Code engine
only; it never blocks the merge. (sonnet/opus/opus:max), each running the 5-lens suite (security, correctness,
maintainability, performance, error-handling). The swarm is tuned centrally
in gadfly, not here. Advisory only; it never blocks the merge.
- **Wait for Gadfly to finish, then read its output.** Don't merge while the - **Wait for Gadfly to finish, then read its output.** Don't merge while the
review is still running. Each model posts one consolidated comment; weigh review is still running. Each model posts one consolidated comment; weigh
every finding on its merits and fix the real ones (Gadfly is a simple every finding on its merits and fix the real ones (Gadfly is a simple
+15 -41
View File
@@ -5,16 +5,10 @@
// already satisfies the target's llm.Capabilities. Images that do not fit // already satisfies the target's llm.Capabilities. Images that do not fit
// are decoded, downscaled (never upscaled), and re-encoded into an allowed // are decoded, downscaled (never upscaled), and re-encoded into an allowed
// format and byte budget. Anything that cannot honestly be made to fit — // format and byte budget. Anything that cannot honestly be made to fit —
// undecodable formats, impossible byte budgets, images for a text-only // undecodable formats, impossible byte budgets, too many images, images for
// target — fails with an error wrapping llm.ErrUnsupported so a failover // a text-only target — fails with an error wrapping llm.ErrUnsupported so a
// chain can advance to a more capable target without a health penalty. // failover chain can advance to a more capable target without a health
// // penalty.
// Over-count is the exception: a request carrying more images than
// MaxImagesPerReq does NOT fail — the oldest images are replaced with a short
// text placeholder and the most-recent MaxImagesPerReq are kept, because a hard
// refuse exhausts a chain whose targets share the same cap (e.g. an agent loop
// accumulating a preview image per iteration). MaxImagesPerReq remains the
// per-model knob (0 = no image support).
// //
// Why a separate package: every provider would otherwise duplicate the same // Why a separate package: every provider would otherwise duplicate the same
// decode/scale/encode pipeline. Providers keep only a cheap capability // decode/scale/encode pipeline. Providers keep only a cheap capability
@@ -58,21 +52,15 @@ func Normalize(req llm.Request, caps llm.Capabilities) (llm.Request, error) {
if !caps.SupportsImages() { if !caps.SupportsImages() {
return llm.Request{}, fmt.Errorf("media: %w: target does not accept image input (request carries %d image(s))", llm.ErrUnsupported, total) return llm.Request{}, fmt.Errorf("media: %w: target does not accept image input (request carries %d image(s))", llm.ErrUnsupported, total)
} }
// Over-cap images are elided in the same copy-on-write pass below: the // Why error instead of dropping the overflow: silently removing an image
// OLDEST excess are replaced with a placeholder and the most-recent // changes the question the caller asked; the honest move is to refuse and
// MaxImagesPerReq kept (see the package doc for why we elide rather than // let a chain try a roomier target.
// refuse). toElide is how many of the first images, front-to-back, to drop.
toElide := 0
if total > caps.MaxImagesPerReq { if total > caps.MaxImagesPerReq {
toElide = total - caps.MaxImagesPerReq return llm.Request{}, fmt.Errorf("media: %w: request carries %d images, target allows at most %d per request", llm.ErrUnsupported, total, caps.MaxImagesPerReq)
} }
// Single copy-on-write pass: for each image, the first toElide become a text
// placeholder; the rest are size-normalized against caps. The Messages slice
// and an affected message's Parts slice are copied at most once.
out := req out := req
copiedMessages := false copiedMessages := false
seen := 0
for mi := range req.Messages { for mi := range req.Messages {
copiedParts := false copiedParts := false
for pi, part := range req.Messages[mi].Parts { for pi, part := range req.Messages[mi].Parts {
@@ -80,22 +68,13 @@ func Normalize(req llm.Request, caps llm.Capabilities) (llm.Request, error) {
if !ok { if !ok {
continue continue
} }
seen++ norm, changed, err := normalizeImage(ip, caps)
if err != nil {
var replacement llm.Part return llm.Request{}, fmt.Errorf("media: message %d, part %d: %w", mi, pi, err)
if seen <= toElide { }
replacement = llm.Text(imageOverflowPlaceholder) if !changed {
} else { continue
norm, changed, err := normalizeImage(ip, caps)
if err != nil {
return llm.Request{}, fmt.Errorf("media: message %d, part %d: %w", mi, pi, err)
}
if !changed {
continue
}
replacement = norm
} }
if !copiedMessages { if !copiedMessages {
out.Messages = make([]llm.Message, len(req.Messages)) out.Messages = make([]llm.Message, len(req.Messages))
copy(out.Messages, req.Messages) copy(out.Messages, req.Messages)
@@ -107,17 +86,12 @@ func Normalize(req llm.Request, caps llm.Capabilities) (llm.Request, error) {
out.Messages[mi].Parts = parts out.Messages[mi].Parts = parts
copiedParts = true copiedParts = true
} }
out.Messages[mi].Parts[pi] = replacement out.Messages[mi].Parts[pi] = norm
} }
} }
return out, nil return out, nil
} }
// imageOverflowPlaceholder replaces an image elided to fit a target's
// per-request image cap. It keeps the message turn intact and tells the model
// an earlier image was omitted rather than silently changing the conversation.
const imageOverflowPlaceholder = "[earlier image omitted to fit this model's per-request image limit]"
// Info reports an image part's sniffed format ("jpeg", "png", "gif", or // Info reports an image part's sniffed format ("jpeg", "png", "gif", or
// "webp") and pixel dimensions. It is a cheap metadata read — the pixels are // "webp") and pixel dimensions. It is a cheap metadata read — the pixels are
// never decoded. webp is recognized by signature but not decodable with the // never decoded. webp is recognized by signature but not decodable with the
+9 -39
View File
@@ -149,48 +149,18 @@ func TestNormalizeImagesUnsupported(t *testing.T) {
} }
} }
func TestNormalizeOverCount(t *testing.T) { func TestNormalizeTooManyImages(t *testing.T) {
// 3 distinguishable images across 2 messages; cap = 2. Over-count no longer img := llm.Image("image/png", encPNG(t, gradient(4, 4)))
// errors — the OLDEST image is replaced with a placeholder and the most-recent
// two (the relevant ones in an iterative run) are kept, in order.
a := llm.Image("image/png", encPNG(t, gradient(2, 2))).(llm.ImagePart)
b := llm.Image("image/png", encPNG(t, gradient(4, 4))).(llm.ImagePart)
c := llm.Image("image/png", encPNG(t, gradient(8, 8))).(llm.ImagePart)
req := llm.Request{Messages: []llm.Message{ req := llm.Request{Messages: []llm.Message{
llm.UserParts(a, b), llm.UserParts(img, img),
llm.UserParts(c), llm.UserParts(img),
}} }}
caps := llm.Capabilities{MaxImagesPerReq: 2, MaxImageDimension: 64, MaxImageBytes: 1 << 20, AllowedImageMIME: []string{"image/png"}} _, err := Normalize(req, llm.Capabilities{MaxImagesPerReq: 2})
out, err := Normalize(req, caps) if !errors.Is(err, llm.ErrUnsupported) {
if err != nil { t.Fatalf("err = %v, want ErrUnsupported", err)
t.Fatalf("over-count should not error: %v", err)
} }
var imgs []llm.ImagePart if !strings.Contains(err.Error(), "3 images") || !strings.Contains(err.Error(), "at most 2") {
placeholders := 0 t.Errorf("err message %q lacks the counts", err)
for _, m := range out.Messages {
for _, p := range m.Parts {
switch v := p.(type) {
case llm.ImagePart:
imgs = append(imgs, v)
case llm.TextPart:
if v.Text == imageOverflowPlaceholder {
placeholders++
}
}
}
}
// The exact survivors are the most-recent two, in order: b then c (a elided).
if len(imgs) != 2 || !bytes.Equal(imgs[0].Data, b.Data) || !bytes.Equal(imgs[1].Data, c.Data) {
t.Fatalf("kept %d images; want exactly [b, c] (the most-recent two)", len(imgs))
}
if placeholders != 1 {
t.Errorf("placeholders = %d, want 1 for the elided oldest image", placeholders)
}
// Input request untouched (copy-on-write): the first part is still image a,
// not a placeholder — a len check alone wouldn't catch in-place substitution.
first, ok := req.Messages[0].Parts[0].(llm.ImagePart)
if !ok || !bytes.Equal(first.Data, a.Data) {
t.Errorf("input request was mutated; first part = %+v", req.Messages[0].Parts[0])
} }
} }