release: fix Homebrew/Scoop publish auth (checkout+token, not URL-embedded PAT)#60
Merged
Conversation
… suite + website; docs/site refresh (#59) ## TLDR Fixes the new-module import false positive (#53) with live workspace re-resolution, stops ANSI escape garbage in piped CLI/LSP logs, simplifies Shipwright binary resolution to user-setting + bundled, and adds a benchmark fixture suite plus a website benchmark section — alongside a docs/site refresh. ## What Was Added? - **`crates/basilisk-lsp/tests/lsp/ws_test_cross_module.rs`** (new, 10 e2e tests) covering cross-module analysis under `[ANALYSIS-CROSSLSP]`, including two regressions for #53: `new_file_resolves_first_party_sibling_import` and `created_module_clears_unresolved_import_in_dependents`. - **`WorkspaceIndex::forget_file`** plus **`recheck_all_files` / `reresolve_imports_and_recheck`** in `workspace.rs` (`[ANALYSIS-INCR-IMPORTS]`) — drop deleted entries and re-check every indexed file against current resolution. - **Tracing ANSI regression test** `tracing_logs_emit_no_ansi_on_piped_stderr` in `crates/basilisk-cli/tests/cli_binary_tests.rs`. - **Benchmark fixtures**: `benchmarks/fixtures/e0010_unresolved_import.py`, `e0012_argument_type_mismatch.py`, `e0014_assignment_incompatibility.py` (2k-line stress fixtures), reworked `benchmarks/run.sh`, and `benchmarks/status/darwin-arm64-apple-m4-max.csv`. - **Website benchmark section**: `website/src/_data/benchmarks.js` + `website/src/_includes/benchmark-section.njk` rendering benchmark results on the site. - **`scripts/gen_rules_reference.py`** — generates the rules reference docs. - **`docs/plans/ROADMAP-NEXT-STEPS-PLAN.md`** (new plan). ## What Was Changed or Deleted? - **#53 fix — `crates/basilisk-lsp/src/server/document.rs`**: the file-watcher now distinguishes `CREATED` from `CHANGED`. A newly-created module re-resolves the whole workspace and re-publishes so dependents' stale `BSK-E0010 "cannot resolve import"` clears without an LSP reload; a pure content change keeps the cheaper per-file reload. Deleted files are forgotten first so a recheck cannot resurrect their diagnostics. `[ANALYSIS-INCR-IMPORTS]`. - **CLI logs — `crates/basilisk-cli/src/main.rs`**: gate ANSI colour on `std::io::IsTerminal::is_terminal(stderr)`, so the LSP subprocess (piped stderr) emits clean text instead of raw escape sequences in the editor output channel. - **Shipwright — `shipwright.json`**: binary resolution sources narrowed to `["user-setting", "bundled"]` (env / pkgmgr / cargo-bin / path / lsp-initialize removed). The VSIX ships and resolves its bundled binary by default; a user override is still honoured. - **VS Code test helpers — `debug-integration.test.ts`, `test-helpers.ts`**: drop ad-hoc PATH/platform binary discovery in favour of the Shipwright-staged bundled binary. - **Docs/site refresh**: `Claude.md` → `CLAUDE.md`, expanded `CHECKER-ARCHITECTURE-SPEC.md`, `LSP-ARCHITECTURE-SPEC.md`, `VSIX-SPEC.md`, `README.md`, and a large en/zh website docs overhaul (comparison, configuration, rules/*, removed standalone mojo-safety rule pages). - **Build/CI**: `Makefile`, `.github/workflows/{ci,release,deploy-pages}.yml`, `.gitignore`, `coverage-thresholds.json` (metadata), `.claude/skills/*` metadata, removed the `tmc` skill. ## How Do The Automated Tests Prove It Works? - **#53**: `new_file_resolves_first_party_sibling_import` creates a new module *after* the workspace scan and asserts its first-party sibling import resolves like a pre-existing file; `created_module_clears_unresolved_import_in_dependents` asserts a dependent's `BSK-E0010` is re-published as cleared once the module appears — both pass under `./scripts/test-rust.sh`. - **Logs**: `tracing_logs_emit_no_ansi_on_piped_stderr` runs `basilisk check` with `BASILISK_LOG=info` over captured (piped) stderr and asserts zero ANSI escapes. - **Shipwright/VSIX**: VS Code E2E "Shipwright resolves basilisk from the bundled VSIX binary by default" plus the full 301-test suite pass (85% ≥ 84% coverage); `verify-shipwright.mjs manifest` and `versions` both pass. - **Full local gate run** (mirrors CI): Rust coverage thresholds met on all 10 crates; Zed (96 tests), Neovim (39% ≥ 30%), and mutation `working` baseline (90.54%, no regression) all green. ## Spec / Doc Changes - `[ANALYSIS-INCR-IMPORTS]` / `[ANALYSIS-CROSSLSP]` documented in the LSP/checker specs; `CHECKER-ARCHITECTURE-SPEC.md` and `LSP-ARCHITECTURE-SPEC.md` updated; `Claude.md` renamed to `CLAUDE.md`; new `ROADMAP-NEXT-STEPS-PLAN.md`. ## Breaking Changes - Shipwright binary resolution now considers only `user-setting` and `bundled` sources (previously also env / package managers / `cargo-bin` / PATH / LSP-initialize). Environments that relied on PATH or `BASILISK_EXECUTABLE_PATH` discovery should set the user setting or use the bundled binary. Fixes #53 🤖 Generated with [Claude Code](https://claude.com/claude-code) --------- Co-authored-by: Claude Opus 4.7 (1M context) <noreply@anthropic.com> Co-authored-by: Abdul Shakoor <60779242+abdushakoor12@users.noreply.github.com> Co-authored-by: abdushakoor12 <abdushakoor009@gmail.com>
… suite + website; docs/site refresh (#59) ## TLDR Fixes the new-module import false positive (#53) with live workspace re-resolution, stops ANSI escape garbage in piped CLI/LSP logs, simplifies Shipwright binary resolution to user-setting + bundled, and adds a benchmark fixture suite plus a website benchmark section — alongside a docs/site refresh. ## What Was Added? - **`crates/basilisk-lsp/tests/lsp/ws_test_cross_module.rs`** (new, 10 e2e tests) covering cross-module analysis under `[ANALYSIS-CROSSLSP]`, including two regressions for #53: `new_file_resolves_first_party_sibling_import` and `created_module_clears_unresolved_import_in_dependents`. - **`WorkspaceIndex::forget_file`** plus **`recheck_all_files` / `reresolve_imports_and_recheck`** in `workspace.rs` (`[ANALYSIS-INCR-IMPORTS]`) — drop deleted entries and re-check every indexed file against current resolution. - **Tracing ANSI regression test** `tracing_logs_emit_no_ansi_on_piped_stderr` in `crates/basilisk-cli/tests/cli_binary_tests.rs`. - **Benchmark fixtures**: `benchmarks/fixtures/e0010_unresolved_import.py`, `e0012_argument_type_mismatch.py`, `e0014_assignment_incompatibility.py` (2k-line stress fixtures), reworked `benchmarks/run.sh`, and `benchmarks/status/darwin-arm64-apple-m4-max.csv`. - **Website benchmark section**: `website/src/_data/benchmarks.js` + `website/src/_includes/benchmark-section.njk` rendering benchmark results on the site. - **`scripts/gen_rules_reference.py`** — generates the rules reference docs. - **`docs/plans/ROADMAP-NEXT-STEPS-PLAN.md`** (new plan). ## What Was Changed or Deleted? - **#53 fix — `crates/basilisk-lsp/src/server/document.rs`**: the file-watcher now distinguishes `CREATED` from `CHANGED`. A newly-created module re-resolves the whole workspace and re-publishes so dependents' stale `BSK-E0010 "cannot resolve import"` clears without an LSP reload; a pure content change keeps the cheaper per-file reload. Deleted files are forgotten first so a recheck cannot resurrect their diagnostics. `[ANALYSIS-INCR-IMPORTS]`. - **CLI logs — `crates/basilisk-cli/src/main.rs`**: gate ANSI colour on `std::io::IsTerminal::is_terminal(stderr)`, so the LSP subprocess (piped stderr) emits clean text instead of raw escape sequences in the editor output channel. - **Shipwright — `shipwright.json`**: binary resolution sources narrowed to `["user-setting", "bundled"]` (env / pkgmgr / cargo-bin / path / lsp-initialize removed). The VSIX ships and resolves its bundled binary by default; a user override is still honoured. - **VS Code test helpers — `debug-integration.test.ts`, `test-helpers.ts`**: drop ad-hoc PATH/platform binary discovery in favour of the Shipwright-staged bundled binary. - **Docs/site refresh**: `Claude.md` → `CLAUDE.md`, expanded `CHECKER-ARCHITECTURE-SPEC.md`, `LSP-ARCHITECTURE-SPEC.md`, `VSIX-SPEC.md`, `README.md`, and a large en/zh website docs overhaul (comparison, configuration, rules/*, removed standalone mojo-safety rule pages). - **Build/CI**: `Makefile`, `.github/workflows/{ci,release,deploy-pages}.yml`, `.gitignore`, `coverage-thresholds.json` (metadata), `.claude/skills/*` metadata, removed the `tmc` skill. ## How Do The Automated Tests Prove It Works? - **#53**: `new_file_resolves_first_party_sibling_import` creates a new module *after* the workspace scan and asserts its first-party sibling import resolves like a pre-existing file; `created_module_clears_unresolved_import_in_dependents` asserts a dependent's `BSK-E0010` is re-published as cleared once the module appears — both pass under `./scripts/test-rust.sh`. - **Logs**: `tracing_logs_emit_no_ansi_on_piped_stderr` runs `basilisk check` with `BASILISK_LOG=info` over captured (piped) stderr and asserts zero ANSI escapes. - **Shipwright/VSIX**: VS Code E2E "Shipwright resolves basilisk from the bundled VSIX binary by default" plus the full 301-test suite pass (85% ≥ 84% coverage); `verify-shipwright.mjs manifest` and `versions` both pass. - **Full local gate run** (mirrors CI): Rust coverage thresholds met on all 10 crates; Zed (96 tests), Neovim (39% ≥ 30%), and mutation `working` baseline (90.54%, no regression) all green. ## Spec / Doc Changes - `[ANALYSIS-INCR-IMPORTS]` / `[ANALYSIS-CROSSLSP]` documented in the LSP/checker specs; `CHECKER-ARCHITECTURE-SPEC.md` and `LSP-ARCHITECTURE-SPEC.md` updated; `Claude.md` renamed to `CLAUDE.md`; new `ROADMAP-NEXT-STEPS-PLAN.md`. ## Breaking Changes - Shipwright binary resolution now considers only `user-setting` and `bundled` sources (previously also env / package managers / `cargo-bin` / PATH / LSP-initialize). Environments that relied on PATH or `BASILISK_EXECUTABLE_PATH` discovery should set the user setting or use the bundled binary. Fixes #53 🤖 Generated with [Claude Code](https://claude.com/claude-code) --------- Co-authored-by: abdushakoor12 <abdushakoor009@gmail.com>
…edded PAT) The publish-homebrew/publish-scoop jobs cloned the tap/bucket via `git clone https://x-access-token:$BREW_SCOOP_PAT@github.com/...`, which GitHub rejects even with a valid PAT: remote: Invalid username or token. Password authentication is not supported fatal: Authentication failed Switch to the pattern proven in Nimblesite/dart_mutant: check out the target repo with actions/checkout (repository + token + path), render into it, then commit & push using checkout's configured credentials. Drops the now-redundant empty-PAT guard and BREW_SCOOP_PAT env on the render steps. Refs Nimblesite/Shipwright#2. Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
…unners All CI jobs targeted the custom 'ubuntu-22.04-8-cores' larger-runner label. After the repo moved from MelbourneDeveloper to the Nimblesite org, those org-scoped larger runners are not provisioned, so every CI job sat queued indefinitely waiting for a runner that never came (the release workflow was unaffected because it uses GitHub-hosted ubuntu-latest/macos-15/windows-latest). Switch all 9 jobs to the standard ubuntu-22.04 hosted runner so CI can actually schedule.
…ld scripts run
Switching CI to ubuntu-22.04 fixed the queue hang but introduced a GLIBC mismatch: the Zed job's cached serde build-script binary and the cargo-mutants release downloaded by taiki-e/install-action are both linked against GLIBC_2.39, which ubuntu-22.04 (GLIBC 2.35) cannot load ('version GLIBC_2.39 not found'). ubuntu-24.04 ships GLIBC 2.39 and is a standard GitHub-hosted runner (the release workflow already runs green on ubuntu-latest=24.04), so it both schedules immediately and satisfies the toolchain ABI.
The Zed job kept failing even on ubuntu-24.04: Swatinem/rust-cache restored a host build-script binary (serde's build-script-build) linked against a glibc the runner does not provide ('GLIBC_2.39 not found'), and cache-on-failure:true kept re-saving the poisoned artifact. rust-cache keys per job, so only Zed was affected (test-rust and the others passed). Bump the Zed job's prefix-key to force a clean rebuild from source against the runner's own glibc.
After moving CI off the retired 8-core larger runners to the standard ubuntu-24.04 hosted runner, the mutation-testing shards began failing non-deterministically — a different shard timed out on each run (shard 1, then shards 2 and 4), which is the signature of a wall-clock timeout rather than a surviving mutant (a real missed mutant is deterministic and fails the same shard every run). cargo-mutants rebuilds and reruns the whole test suite once per mutant and is heavily CPU-bound; the 20-minute budget was calibrated for 8 cores. Raise the per-shard timeout to 60 minutes for comfortable headroom; the gate itself is unchanged (the merge job still enforces the mutation score).
MelbourneDeveloper
added a commit
that referenced
this pull request
May 30, 2026
…edded PAT) (#60) # Pull Request ## TLDR Fix the broken Homebrew/Scoop tap publishing in the release pipeline (the actual blocker), and along the way scrub the VS Code sidebar + docs of features that were advertised but never wired up. ## What Was Added - **`vscode-extension/src/test/suite/info-panel.test.ts`** (new, +121) — VSIX E2E test that renders `InfoPanelProvider`, pins the exact set of Feature Status toggles that actually do something, and proves the uv Integration toggle shows/hides the uv Quick Actions. Fails if a no-op toggle is ever re-added. - **`docs/specs/CHECKER-STUB-RESOLUTION-SPEC.md`** (new spec) — documents `.pyi` stub discovery/resolution and the stub-suggestion behaviour. - **`docs/plans/EXTENSION-ACTIVITY-PANEL-PLAN.md` → `#EXTACT-PLAN-FEATURE-TOGGLES`** — a step-by-step plan for making each removed toggle *real* (server config struct, per-feature gating, and the specific VSIX test each one needs before it may return). - Release pipeline jobs split out cleanly: `build` → `release` → `vsix` → `release-assets` → `publish-vsix` → `deploy-pages` → `publish-homebrew` / `publish-scoop`, with the GitHub Release archives as the single source of truth for downstream jobs (preserves the Unix exec bit; raw Actions artifacts strip it). ## What Was Changed / Deleted - **`.github/workflows/release.yml` (the headline fix):** replaced the rejected `git clone https://x-access-token:${BREW_SCOOP_PAT}@github.com/...` tap auth with `actions/checkout@v4` + `token: ${{ secrets.BREW_SCOOP_PAT }}` (checkout configures the PAT as an HTTP extraheader, which GitHub accepts; the URL-embedded PAT fails with "Password authentication is not supported"). The VSIX job now downloads the per-platform binary from the published release instead of recompiling — binaries are no longer built twice. - **`vscode-extension/src/info-panel.ts`:** removed 6 no-op Feature Status toggles (Inlay Hints Params/Types, Ruff Integration, Test Explorer, Debugger, AI Typing). Root cause: the LSP server's `did_change_configuration` only parses `analysisMode` + `testExplorer`, so every other forwarded setting was silently dropped — those toggles wrote settings nothing read. Kept only the two with a real, namesake effect: **Type Checking** (gates diagnostic publication) and **uv Integration** (gates the uv Quick Actions + Server Info rows). - **`vscode-extension/package.json`:** deleted the dead `aiTyping.enabled` / `aiTyping.provider` settings; relabelled `inlayHints.*` and `ruff.*` descriptions as "Reserved — not yet read by the server". - **`vscode-extension/README.md`:** corrected the Basilisk Info panel feature list and the settings table to match reality. - **Website (`website/src/**`, en + zh):** scrubbed the docs of the same lies — `configuration.md` now marks `inlayHints`/`ruff`/`testExplorer` settings "reserved"; `installation.md` replaces the fake `inlayHints`/`ruff` Zed config example with the genuinely-honored `analysisMode`. Plus a broader docs/landing refresh (comparison, migration, index.njk, blog, favicon/logo/og-image). - **`CLAUDE.md` / `docs/INDEX.md` / `crates/basilisk-config/README.md`:** project-instruction and index housekeeping; `lspkit` migration notes. ## How Tests Prove It Works - **Release pipeline (the real proof):** tag **v0.4.3** was cut from this branch and the Release workflow ran green end-to-end — **all 16 jobs success**, including `Publish Homebrew formula` and `Publish Scoop manifest` (the exact jobs this branch fixes) and `Publish VSIX` to the Marketplace. Run: `Nimblesite/Basilisk` actions run `26680555278`. - **Sidebar:** `make _test_vsix` → **305 passing / 0 failing**, VSIX coverage **85% ≥ 84%** threshold. New `Basilisk Info Panel Contents` suite: - `Feature Status lists exactly the toggles with a real effect` - `Feature Status hides every no-op toggle` - `uv Integration shows uv Quick Actions when enabled` - `uv Integration hides uv Quick Actions when disabled` - **Lint:** `make lint` green (clippy `--workspace --all-targets -D warnings` + eslint); `cargo fmt --check` and `ruff format --check` clean. ## Spec / Doc Changes - `EXTENSION-ACTIVITY-PANEL-SPEC.md#EXTACT-INFO-FEATURE-STATUS` — rewritten: shipped vs. not-yet-implemented toggles, with the rule that a toggle may only exist if it has a real effect proven by a VSIX test. - `EXTENSION-ACTIVITY-PANEL-PLAN.md#EXTACT-PLAN-FEATURE-TOGGLES` — new implementation plan for the removed toggles. - `CHECKER-STUB-RESOLUTION-SPEC.md` — new spec. - `CHECKER-ARCHITECTURE-SPEC.md`, `LSP-PROFILER-PROCESS-PANEL-PLAN.md` — housekeeping. ## Breaking Changes No. The removed `aiTyping.*` settings and the 6 retired toggles never had any effect, so removing them changes no observable behaviour. `inlayHints.*` / `ruff.*` settings remain declared (relabelled "reserved") for forward compatibility. --------- Co-authored-by: Abdul Shakoor <60779242+abdushakoor12@users.noreply.github.com> Co-authored-by: abdushakoor12 <abdushakoor009@gmail.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Pull Request
TLDR
Fix the broken Homebrew/Scoop tap publishing in the release pipeline (the actual blocker), and along the way scrub the VS Code sidebar + docs of features that were advertised but never wired up.
What Was Added
vscode-extension/src/test/suite/info-panel.test.ts(new, +121) — VSIX E2E test that rendersInfoPanelProvider, pins the exact set of Feature Status toggles that actually do something, and proves the uv Integration toggle shows/hides the uv Quick Actions. Fails if a no-op toggle is ever re-added.docs/specs/CHECKER-STUB-RESOLUTION-SPEC.md(new spec) — documents.pyistub discovery/resolution and the stub-suggestion behaviour.docs/plans/EXTENSION-ACTIVITY-PANEL-PLAN.md→#EXTACT-PLAN-FEATURE-TOGGLES— a step-by-step plan for making each removed toggle real (server config struct, per-feature gating, and the specific VSIX test each one needs before it may return).build→release→vsix→release-assets→publish-vsix→deploy-pages→publish-homebrew/publish-scoop, with the GitHub Release archives as the single source of truth for downstream jobs (preserves the Unix exec bit; raw Actions artifacts strip it).What Was Changed / Deleted
.github/workflows/release.yml(the headline fix): replaced the rejectedgit clone https://x-access-token:${BREW_SCOOP_PAT}@github.com/...tap auth withactions/checkout@v4+token: ${{ secrets.BREW_SCOOP_PAT }}(checkout configures the PAT as an HTTP extraheader, which GitHub accepts; the URL-embedded PAT fails with "Password authentication is not supported"). The VSIX job now downloads the per-platform binary from the published release instead of recompiling — binaries are no longer built twice.vscode-extension/src/info-panel.ts: removed 6 no-op Feature Status toggles (Inlay Hints Params/Types, Ruff Integration, Test Explorer, Debugger, AI Typing). Root cause: the LSP server'sdid_change_configurationonly parsesanalysisMode+testExplorer, so every other forwarded setting was silently dropped — those toggles wrote settings nothing read. Kept only the two with a real, namesake effect: Type Checking (gates diagnostic publication) and uv Integration (gates the uv Quick Actions + Server Info rows).vscode-extension/package.json: deleted the deadaiTyping.enabled/aiTyping.providersettings; relabelledinlayHints.*andruff.*descriptions as "Reserved — not yet read by the server".vscode-extension/README.md: corrected the Basilisk Info panel feature list and the settings table to match reality.website/src/**, en + zh): scrubbed the docs of the same lies —configuration.mdnow marksinlayHints/ruff/testExplorersettings "reserved";installation.mdreplaces the fakeinlayHints/ruffZed config example with the genuinely-honoredanalysisMode. Plus a broader docs/landing refresh (comparison, migration, index.njk, blog, favicon/logo/og-image).CLAUDE.md/docs/INDEX.md/crates/basilisk-config/README.md: project-instruction and index housekeeping;lspkitmigration notes.How Tests Prove It Works
Publish Homebrew formulaandPublish Scoop manifest(the exact jobs this branch fixes) andPublish VSIXto the Marketplace. Run:Nimblesite/Basiliskactions run26680555278.make _test_vsix→ 305 passing / 0 failing, VSIX coverage 85% ≥ 84% threshold. NewBasilisk Info Panel Contentssuite:Feature Status lists exactly the toggles with a real effectFeature Status hides every no-op toggleuv Integration shows uv Quick Actions when enableduv Integration hides uv Quick Actions when disabledmake lintgreen (clippy--workspace --all-targets -D warnings+ eslint);cargo fmt --checkandruff format --checkclean.Spec / Doc Changes
EXTENSION-ACTIVITY-PANEL-SPEC.md#EXTACT-INFO-FEATURE-STATUS— rewritten: shipped vs. not-yet-implemented toggles, with the rule that a toggle may only exist if it has a real effect proven by a VSIX test.EXTENSION-ACTIVITY-PANEL-PLAN.md#EXTACT-PLAN-FEATURE-TOGGLES— new implementation plan for the removed toggles.CHECKER-STUB-RESOLUTION-SPEC.md— new spec.CHECKER-ARCHITECTURE-SPEC.md,LSP-PROFILER-PROCESS-PANEL-PLAN.md— housekeeping.Breaking Changes
No. The removed
aiTyping.*settings and the 6 retired toggles never had any effect, so removing them changes no observable behaviour.inlayHints.*/ruff.*settings remain declared (relabelled "reserved") for forward compatibility.