fix: AGENTS marker, report_incomplete labels, queue:max strip, quick-setup --dry-run#42
Open
norrietaylor wants to merge 6 commits into
Open
fix: AGENTS marker, report_incomplete labels, queue:max strip, quick-setup --dry-run#42norrietaylor wants to merge 6 commits into
norrietaylor wants to merge 6 commits into
Conversation
The runbook's grep checked for `<!-- ch-oracles:start/end -->`, but the template at `templates/.github/AGENTS.md` (and every other repo reference) uses the sub-namespaced `<!-- ch-oracles:build-commands:begin -->` / `<!-- ch-oracles:build-commands:end -->` form. Operators following A3 would always see a wc -l count of 0 and bail. Update E2E-TEST.md A3 to use the actual marker convention. The template form is kept (per #17's option 1 — smallest change, doesn't break existing installs). Closes #17 Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
The old `--dry-run` flag was a misnomer: documented in E2E-TEST.md A2 as a write-free preview, but its actual semantics were "source files from the local ch-oracles checkout" (CI smoke mode). When operators followed A2 verbatim and piped curl|bash, SCRIPT_DIR became `/tmp`, the local source root resolved to `/`, and the script errored with `local wrapper missing: //wrappers/...`. Rename the existing flag to `--ci-smoke` (preserves CI smoke semantics) and add a true `--dry-run` that prints every file the installer would write (with provenance — local-source or upstream URL) and exits 0 without touching the target. The two modes are mutually exclusive. Also: - Refresh `scripts/quick-setup.sh.sha256` after the rewrite. - Point `.github/workflows/install-smoke.yml` at `--ci-smoke`. - Update E2E-TEST.md A2 prose to describe the new dry-run semantics. Closes #29 Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
…#18) When a chore exits via `report_incomplete` (e.g., its required toolchain is firewall-blocked and `uv sync` fails), gh-aw files a generic `[aw] X failed` issue with label `agentic-workflows`. The issue does NOT carry the originating chore's `agent:*` slot label, so consumers filtering on `agent:lint:python` (or any other agent slot) to triage their lint backlog silently miss every infrastructure failure. Add `report-incomplete: { labels: [<slot>] }` to every chore workflow's safe-outputs config so the meta-failure issue carries both the gh-aw generic label AND the chore's slot label. Mappings: - chore-style-{python,rust,go,toml,ncl} → agent:lint:<lang> - docs-patrol → agent:doc-drift - dependency-review → agent:dep-drift - test-coverage-detector → agent:coverage - trivial-dep-bump-{python,rust,go} → agent:dep-drift - worker-fix, worker-iterate → agent:worker-tuning - pr-conflict-resolver → agent:conflict Every label here already exists in `templates/.github/labels.yml` and is in the chore's existing safe-output allowlist (verified by test-safe-output-allowlists.py). Frontmatter only — lock files recompiled in the next commit alongside the queue:max strip. Closes #18 Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
gh-aw's codegen emits an extension key `queue: max` under every generated lock file's `concurrency:` block. The key is not valid GitHub Actions syntax — `concurrency:` accepts only `group:` and `cancel-in-progress:`. actionlint flags it as `syntax-check`; GitHub Actions silently drops it at runtime, so the queueing behavior the codegen intended (rather than the implicit `cancel-in-progress: false` fallback alone) is lost across all 14 chores. Add `scripts/strip-invalid-queue-key.py` as a narrow post-compile filter. It removes only lines whose stripped content exactly equals `queue: max`, so user code with a legitimate `queue:` key elsewhere is unaffected. Includes a `--check` mode for CI to assert the strip ran. Wire the strip step into `.github/workflows/gh-aw-validate.yml` between `gh aw compile` and the `git diff --quiet` consistency gate, so committed lock files match what GitHub Actions actually accepts. The 14 lock files in this commit are the recompile of all workflows (including the report-incomplete labels from the previous commit) with `queue: max` lines stripped. Net diff: -14 invalid keys, +14 label embeddings. Closes #28 Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
|
Warning Rate limit exceeded
You’ve run out of usage credits. Purchase more in the billing tab. ⌛ How to resolve this issue?After the wait time has elapsed, a review can be triggered using the We recommend that you space out your commits to avoid hitting the rate limit. 🚦 How do rate limits work?CodeRabbit enforces hourly rate limits for each developer per organization. Our paid plans have higher rate limits than the trial, open-source and free plans. In all cases, we re-allow further reviews after a brief timeout. Please see our FAQ for further information. ℹ️ Review info⚙️ Run configurationConfiguration used: Organization UI Review profile: CHILL Plan: Pro Run ID: 📒 Files selected for processing (5)
📝 WalkthroughWalkthroughThis PR addresses three interconnected workflow and installer issues: safe-outputs labeling for failed agent runs, invalid YAML in generated lock files, and CLI mode semantics in the installer. Across 13 workflows and supporting scripts, incomplete runs now emit issues tagged with agent-specific labels, all lock files are corrected via a post-processing script, and the installer's dry-run/smoke-test modes are clarified and fixed. ChangesSafe-outputs report-incomplete labeling
Invalid queue key removal
Installer mode correction and runbook alignment
🎯 3 (Moderate) | ⏱️ ~25 minutes Possibly related PRs
🚥 Pre-merge checks | ✅ 4 | ❌ 1❌ Failed checks (1 warning)
✅ Passed checks (4 passed)
✏️ Tip: You can configure your own custom pre-merge checks in the settings. ✨ Finishing Touches🧪 Generate unit tests (beta)
Comment |
Owner
Author
|
@coderabbitai review |
✅ Actions performedReview triggered.
|
![coderabbitai[bot]](https://avatars.githubusercontent.com/in/347564?s=60&v=4){kind=small}
There was a problem hiding this comment.
Actionable comments posted: 8
Caution
Some comments are outside the diff and can’t be posted inline due to platform limitations.
⚠️ Outside diff range comments (1)
.github/workflows/docs-patrol.md (1)
1-1:⚠️ Potential issue | 🟠 Major | ⚡ Quick winRecompile lock files to clear the current CI blocker.
gh-aw-validateis failing with: “Compiled lock files are stale…”. Re-rungh aw compile workflows/*.md && python scripts/strip-invalid-queue-key.py .github/workflows/*.lock.ymland commit the regenerated lock diffs before merge.🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the rest with a brief reason, keep changes minimal, and validate. In @.github/workflows/docs-patrol.md at line 1, Re-run the docs compile and lock regeneration steps to refresh stale compiled lock files: run `gh aw compile workflows/*.md` followed by `python scripts/strip-invalid-queue-key.py .github/workflows/*.lock.yml`, review the resulting changes to the .github/workflows/*.lock.yml files, and commit the updated lock diffs so `gh-aw-validate` no longer fails due to “Compiled lock files are stale…”.
🤖 Prompt for all review comments with AI agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.
Inline comments:
In @.github/workflows/chore-style-go.lock.yml:
- Line 1: CI is failing because compiled lock artifacts are stale; rerun the
compilation and stripping steps described in the review so generated lock files
match expectations: run the exact commands `gh aw compile workflows/*.md` and
then `python scripts/strip-invalid-queue-key.py .github/workflows/*.lock.yml`,
review the updated .github/workflows/*.lock.yml outputs, and commit the
regenerated lock files so gh-aw-validate passes.
In @.github/workflows/chore-style-python.lock.yml:
- Line 1: Lock artifacts in .github/workflows/chore-style-python.lock.yml are
stale; re-generate the workflow lock files and strip invalid queue keys then
commit the updates: run "gh aw compile workflows/*.md" to regenerate the
.lock.yml outputs, run "python scripts/strip-invalid-queue-key.py
.github/workflows/*.lock.yml" to clean invalid queue keys, verify changes to
.github/workflows/chore-style-python.lock.yml (and any other .lock.yml files),
then add/commit and push the updated lock files.
In @.github/workflows/test-coverage-detector.md:
- Around line 40-42: The CI is failing due to stale compiled lock files after
updating the workflow frontmatter (the "report-incomplete" labels block);
regenerate the compiled lock files by running the compile command and cleanup
script shown in the comment: run `gh aw compile workflows/*.md` then `python
scripts/strip-invalid-queue-key.py .github/workflows/*.lock.yml`, verify the
resulting .github/workflows/*.lock.yml files, and commit the regenerated lock
files so gh-aw-validate passes.
In `@scripts/quick-setup.sh.sha256`:
- Line 1: The recorded checksum in scripts/quick-setup.sh.sha256 is stale and
must be regenerated to match the current scripts/quick-setup.sh; run a SHA-256
checksum on scripts/quick-setup.sh, overwrite scripts/quick-setup.sh.sha256 with
the new digest (so the contents exactly match the output for
scripts/quick-setup.sh), then commit the updated scripts/quick-setup.sh.sha256
so CI’s install-smoke step sees the correct checksum.
In `@scripts/strip-invalid-queue-key.py`:
- Around line 44-47: The current loop removes any line matching QUEUE_MAX_RE
regardless of context; modify the logic to only remove "queue: max" entries that
are direct children of a concurrency: block by tracking context: when you see a
line matching /^\s*concurrency:\s*$/ set a flag and record its indentation
(e.g., len(match.group(0)) or count leading spaces), clear the flag when you
encounter a line with indentation less than or equal to the concurrency indent
or a new top-level key, and only increment removed/continue if QUEUE_MAX_RE
matches and the current flag is true and the queue line's indentation is
strictly greater than the recorded concurrency indent; reference the existing
variables/regex QUEUE_MAX_RE, original, and the for-loop over
original.splitlines(keepends=True) to locate where to insert the
context/indent-tracking logic.
In `@workflows/chore-style-toml.md`:
- Around line 54-57: The compiled workflow lock files are stale after editing
the "report-incomplete" workflow (label agent:lint:toml); run the compilation
and strip script exactly as in the review (gh aw compile workflows/*.md then
python scripts/strip-invalid-queue-key.py .github/workflows/*.lock.yml) to
regenerate the .lock.yml files, verify the outputs, and commit the updated lock
files so gh-aw-validate passes.
In `@workflows/trivial-dep-bump-go.md`:
- Around line 45-47: The compiled workflow artifacts are stale after updating
workflows/trivial-dep-bump-go.md (the report-incomplete job and its labels such
as "agent:dep-drift"); re-run the repository's workflow compilation/post-filter
pipeline (the same pipeline used by gh-aw-validate) to regenerate the compiled
lock/MD artifacts, verify gh-aw-validate passes, and commit the resulting
generated changes so the compiled artifacts are in sync with the edited
workflows/*.md files.
In `@workflows/worker-fix.md`:
- Around line 73-75: The CI is failing due to stale compiled lock files;
regenerate the compiled artifacts and commit them. Run the workflow compiler (gh
aw compile) against the workflow markdown sources referenced in this PR, then
run the strip-invalid-queue-key.py script to normalize/strip invalid queue keys
from the generated lock artifacts, verify gh-aw-validate passes locally, and
commit the updated lock files so the "report-incomplete" workflow label CI check
can proceed.
---
Outside diff comments:
In @.github/workflows/docs-patrol.md:
- Line 1: Re-run the docs compile and lock regeneration steps to refresh stale
compiled lock files: run `gh aw compile workflows/*.md` followed by `python
scripts/strip-invalid-queue-key.py .github/workflows/*.lock.yml`, review the
resulting changes to the .github/workflows/*.lock.yml files, and commit the
updated lock diffs so `gh-aw-validate` no longer fails due to “Compiled lock
files are stale…”.
🪄 Autofix (Beta)
Fix all unresolved CodeRabbit comments on this PR:
- Push a commit to this branch (recommended)
- Create a new PR with the fixes
ℹ️ Review info
⚙️ Run configuration
Configuration used: Organization UI
Review profile: CHILL
Plan: Pro
Run ID: 1f57dce0-062e-4dbe-bec9-d36b8209efdc
📒 Files selected for processing (48)
.github/workflows/chore-style-go.lock.yml.github/workflows/chore-style-go.md.github/workflows/chore-style-ncl.lock.yml.github/workflows/chore-style-ncl.md.github/workflows/chore-style-python.lock.yml.github/workflows/chore-style-python.md.github/workflows/chore-style-rust.lock.yml.github/workflows/chore-style-rust.md.github/workflows/chore-style-toml.lock.yml.github/workflows/chore-style-toml.md.github/workflows/dependency-review.lock.yml.github/workflows/dependency-review.md.github/workflows/docs-patrol.lock.yml.github/workflows/docs-patrol.md.github/workflows/gh-aw-validate.yml.github/workflows/install-smoke.yml.github/workflows/pr-conflict-resolver.lock.yml.github/workflows/pr-conflict-resolver.md.github/workflows/test-coverage-detector.lock.yml.github/workflows/test-coverage-detector.md.github/workflows/trivial-dep-bump-go.lock.yml.github/workflows/trivial-dep-bump-go.md.github/workflows/trivial-dep-bump-python.lock.yml.github/workflows/trivial-dep-bump-python.md.github/workflows/trivial-dep-bump-rust.lock.yml.github/workflows/trivial-dep-bump-rust.md.github/workflows/worker-fix.lock.yml.github/workflows/worker-fix.md.github/workflows/worker-iterate.lock.yml.github/workflows/worker-iterate.mdE2E-TEST.mdscripts/quick-setup.shscripts/quick-setup.sh.sha256scripts/strip-invalid-queue-key.pyworkflows/chore-style-go.mdworkflows/chore-style-ncl.mdworkflows/chore-style-python.mdworkflows/chore-style-rust.mdworkflows/chore-style-toml.mdworkflows/dependency-review.mdworkflows/docs-patrol.mdworkflows/pr-conflict-resolver.mdworkflows/test-coverage-detector.mdworkflows/trivial-dep-bump-go.mdworkflows/trivial-dep-bump-python.mdworkflows/trivial-dep-bump-rust.mdworkflows/worker-fix.mdworkflows/worker-iterate.md
Addresses CodeRabbit feedback on PR #42. The previous implementation stripped any 'queue: max' line globally, but the docstring stated it should only target lines directly inside a 'concurrency:' block. Tightened strip_file() to track the active concurrency-block indent and only remove queue:max lines whose indent is strictly greater than the concurrency-line's indent. Block ends when indent falls back to or below the concurrency line.
Resolve worker-iterate.lock.yml conflict by regenerating from the merged source via gh aw compile + strip-invalid-queue-key.py. Source workflows .md files auto-merged cleanly — only the generated lock needed regeneration.
Owner
Author
|
@coderabbitai review |
✅ Actions performedReview triggered.
|
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Bundled fix PR targeting four templates/scripts hygiene issues. Per-issue summary below; commit history is split one commit per issue for review.
#17 — AGENTS.md marker drift (docs only)
The E2E runbook step A3 grepped for
<!-- ch-oracles:start/end -->, but the template emits<!-- ch-oracles:build-commands:begin/end -->(consistent with every other repo reference). UpdatedE2E-TEST.mdto use the actual marker convention. No template change — preserves backward compatibility with existing installs.#18 —
report_incompleteissues missing choreagent:*labelWhen a chore exits via
report_incomplete(e.g., uv/ruff blocked by firewall), gh-aw posts a generic[aw] X failedissue with labelagentic-workflowsonly. Consumers filtering onagent:lint:python(etc.) silently miss every infra failure.Added
report-incomplete: { labels: [<slot>] }to every chore's safe-outputs frontmatter using the per-chore slot label (agent:lint:<lang>,agent:doc-drift,agent:dep-drift,agent:coverage,agent:worker-tuning,agent:conflict). Lock files recompiled; verified each lock now setsGH_AW_REPORT_INCOMPLETE_LABELS.#28 — Invalid
concurrency.queue: maxkey in every lock filegh-aw codegen emits
queue: maxunderconcurrency:, which is not a valid GitHub Actions key. actionlint flags it; GitHub silently drops it; intended queueing behavior is lost.Added
scripts/strip-invalid-queue-key.py— a narrow post-compile filter that removes only lines exactly matchingqueue: max. Wired it into.github/workflows/gh-aw-validate.ymlbetweengh aw compileand the diff-quiet gate. Includes a--checkmode for CI assertion.Tracked upstream: this is option (b) from the issue. A proper fix belongs in gh-aw; the strip script is the bridge until that lands.
#29 —
--dry-runmisnomerThe existing
--dry-runflag was actually a CI smoke mode (sources from local checkout, still writes to target). When the runbook A2 piped curl|bash with--dry-run,SCRIPT_DIRresolved to/tmpand the script errored withlocal wrapper missing: //wrappers/....--ci-smoke(semantics preserved).--dry-runthat prints what would be written (with provenance) and exits 0 without touching the target. Safe undercurl|bash.scripts/quick-setup.sh.sha256..github/workflows/install-smoke.ymlto use--ci-smoke.Test plan
gh aw compileruns cleanly against every workflow (14/14, 0 warnings).python scripts/strip-invalid-queue-key.py .github/workflows/*.lock.ymlremoves exactly 14 lines (one per lock file).actionlint -coloris clean.shellcheck --severity=warning scripts/*.shis clean.python scripts/audit-wrapper-permissions.py wrappers/*.ymlpasses.python scripts/test-{chore-consistency,safe-output-allowlists,label-classification}.pypass.diff workflows/X.md .github/workflows/X.md) holds for every workflow.GH_AW_REPORT_INCOMPLETE_LABELSenv var appears in every lock file with the correct slot label.--dry-runexits 0 with no writes (validated against an empty/tmp/qs-test).--ci-smokeinstalls all 14 wrappers + templates into a fixture (validated locally; same invocation asinstall-smoke.yml).Closes #17
Closes #18
Closes #28
Closes #29
🤖 Generated with Claude Code