Skip to content

docs: sync eval install hints and operator guides#3491

Merged
rysweet merged 5 commits intomainfrom
feat/issue-3490-sync-eval-docs
Mar 24, 2026
Merged

docs: sync eval install hints and operator guides#3491
rysweet merged 5 commits intomainfrom
feat/issue-3490-sync-eval-docs

Conversation

@rysweet
Copy link
Owner

@rysweet rysweet commented Mar 24, 2026
edited
Loading

Summary

  • sync the baked-in amplihack-agent-eval install-hint revisions with the actual pyproject.toml pin
  • add a day-zero operator guide for local wrappers, Azure distributed runs, and Aspire flows
  • add a plain-English component guide for how amplihack, amplihack-agent-eval, Event Hubs, Container Apps, and Aspire fit together
  • correct the thin-wrapper docs so they no longer advertise unsupported --question-set flags
  • harden the local Azure eval compatibility wrappers and Aspire AppHost so Event Hubs secrets stay out of process arguments

Closes #3490.

Step 13: Local Testing Results

Test Environment: clean worktree feat/issue-3490-sync-eval-docs at /home/azureuser/src/amplihack/worktrees/docs-eval-operator-guide-20260324

Tests Executed

  1. Simple: PYTHONPATH=src /home/azureuser/src/amplihack/.venv/bin/python deploy/azure_hive/eval_distributed.py --help -> the wrapper command loads successfully and exposes the expected distributed-runner surface while keeping EH_CONN env-backed. ✅
  2. Complex/integration: cd deploy/azure_hive/aspire && dotnet run apphost.cs -> the file-based Aspire AppHost built successfully and launched the local dashboard on https://localhost:17193. ✅

Regression Checks

  • python -m pre_commit run --files src/amplihack/eval/progressive_test_suite.py src/amplihack/eval/long_horizon_memory.py docs/EVAL_SYSTEM_ARCHITECTURE.md docs/atlas/compile-deps/README.md docs/hive_mind/EVAL.md docs/hive_mind/EVAL_OPERATOR_GUIDE.md docs/hive_mind/EVAL_COMPONENTS.md mkdocs.yml deploy/azure_hive/eval_distributed.py deploy/azure_hive/eval_distributed_security.py deploy/azure_hive/eval_retrieval_smoke.py deploy/azure_hive/aspire/apphost.cs deploy/azure_hive/tests/test_aspire_apphost.py deploy/azure_hive/tests/test_eval_wrapper_entrypoints.py -> passed
  • PYTHONPATH=src /home/azureuser/src/amplihack/.venv/bin/python -m pytest --import-mode=importlib -q deploy/azure_hive/tests/test_eval_wrapper_entrypoints.py deploy/azure_hive/tests/test_aspire_apphost.py tests/eval/test_progressive_suite.py tests/eval/test_long_horizon_memory.py --maxfail=1 -> 93 passed
  • dotnet build deploy/azure_hive/aspire/apphost.cs -v minimal -> passed
  • docs navigation validation (scripts/validate_docs_navigation.py) -> passed
  • local docs link validation (scripts/validate_gh_pages_links.py --local docs/ --pragmatic) -> passed

Issues Found

  • pre-PR review found that the thin-wrapper docs incorrectly documented --question-set; those examples were removed and the docs now point readers to amplihack-agent-eval when they need question-set selection
  • security review found Event Hubs secret leakage through command arguments; the wrapper/AppHost path was changed to use env-backed defaults instead
  • final review found equals-style explicit flags could be overridden by env injection; the wrappers now preserve both --flag value and --flag=value forms

docs: sync eval install hints and operator guides
ab73fe5 
Sync the baked-in amplihack-agent-eval revision hints with the actual pyproject pin, add a day-zero operator guide, and add a plain-English component guide for the eval stack.

Refs: #3490

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
@github-actions
Copy link
Contributor

github-actions bot commented Mar 24, 2026

Repo Guardian - Passed

All 8 changed files passed the ephemeral content review.

File Assessment
docs/EVAL_SYSTEM_ARCHITECTURE.md Durable architecture doc — dependency SHA pin update only
docs/atlas/compile-deps/README.md Durable dependency reference — version and SHA pin update
docs/hive_mind/EVAL.md Durable reference doc — adds cross-links, removes stale flags
docs/hive_mind/EVAL_COMPONENTS.md Durable architecture reference — plain-English component ownership diagram
docs/hive_mind/EVAL_OPERATOR_GUIDE.md Durable how-to guide — "Day-Zero" refers to onboarding, not a specific date; fully parameterized
mkdocs.yml Navigation configuration update
src/amplihack/eval/long_horizon_memory.py Code — SHA constant update
src/amplihack/eval/progressive_test_suite.py Code — SHA constant update

No meeting notes, sprint retrospectives, one-off scripts, or point-in-time snapshots were found.

Generated by Repo Guardian for issue #3491 ·

docs: avoid CLI secret leakage in eval guide
4eb80c2 
Use an interactive prompt plus EH_CONN for Event Hubs credentials in the operator guide so the examples do not encourage pasting secrets directly into command lines.

Refs: #3490

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
@github-actions
Copy link
Contributor

github-actions bot commented Mar 24, 2026

Repo Guardian - Passed

All 8 changed files passed the ephemeral content review.

File Assessment
docs/EVAL_SYSTEM_ARCHITECTURE.md Durable architecture doc — dependency SHA pin update only
docs/atlas/compile-deps/README.md Durable dependency reference — version and SHA pin update
docs/hive_mind/EVAL.md Durable reference doc — adds cross-links, removes stale flags
docs/hive_mind/EVAL_COMPONENTS.md Durable architecture reference — plain-English component ownership diagram
docs/hive_mind/EVAL_OPERATOR_GUIDE.md Durable how-to guide — "Day-Zero" refers to onboarding, not a specific date; all commands are fully parameterized
mkdocs.yml Navigation configuration update
src/amplihack/eval/long_horizon_memory.py Code — SHA constant update
src/amplihack/eval/progressive_test_suite.py Code — SHA constant update

No meeting notes, sprint retrospectives, one-off scripts, or point-in-time snapshots were found.

Generated by Repo Guardian for issue #3491 ·

fix: keep eval secrets out of argv
21b3f3e 
Teach the local Azure eval compatibility wrappers to read EH_CONN and hub names from the environment, stop the Aspire AppHost from forwarding the Event Hubs secret in command arguments, and update the operator guide to use the safer wrapper path and secret prompts.

Refs: #3490

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
@github-actions
Copy link
Contributor

github-actions bot commented Mar 24, 2026

Repo Guardian - Passed

All 14 changed files passed the ephemeral content review.

File Assessment
deploy/azure_hive/aspire/apphost.cs Durable deployment config — moves Event Hubs secret from argv to env var
deploy/azure_hive/eval_distributed.py Durable compatibility wrapper — adds reusable env-var injection for CLI flags
deploy/azure_hive/eval_distributed_security.py Durable compatibility wrapper — same pattern
deploy/azure_hive/eval_retrieval_smoke.py Durable compatibility wrapper — same pattern
deploy/azure_hive/tests/test_aspire_apphost.py Test fixture — durable
deploy/azure_hive/tests/test_eval_wrapper_entrypoints.py New test file for wrapper env injection — durable
docs/EVAL_SYSTEM_ARCHITECTURE.md Durable architecture doc — dependency SHA pin update only
docs/atlas/compile-deps/README.md Durable dependency reference — version and SHA pin update
docs/hive_mind/EVAL.md Durable reference doc — adds cross-links, removes stale flags
docs/hive_mind/EVAL_COMPONENTS.md Durable architecture reference — plain-English component ownership diagram
docs/hive_mind/EVAL_OPERATOR_GUIDE.md Durable how-to guide — "Day-Zero" refers to onboarding, not a specific date; all commands are fully parameterized
mkdocs.yml Navigation configuration update — durable
src/amplihack/eval/long_horizon_memory.py Code — SHA constant update
src/amplihack/eval/progressive_test_suite.py Code — SHA constant update

No meeting notes, sprint retrospectives, one-off scripts, or point-in-time snapshots were found.

Generated by Repo Guardian for issue #3491 ·

fix: preserve explicit eval wrapper flags
4143d0a 
Treat equals-style wrapper flags as explicit input when injecting env-backed defaults and correct the compile-deps metadata count to match the current pyproject dependency list.

Refs: #3490

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
@github-actions
Copy link
Contributor

github-actions bot commented Mar 24, 2026

Repo Guardian - Passed

All 14 changed files passed the ephemeral content review.

File Assessment
deploy/azure_hive/aspire/apphost.cs Durable deployment config — moves Event Hubs secret from argv to env var
deploy/azure_hive/eval_distributed.py Durable compatibility wrapper — adds reusable, parameterized env-var injection
deploy/azure_hive/eval_distributed_security.py Durable compatibility wrapper — same pattern
deploy/azure_hive/eval_retrieval_smoke.py Durable compatibility wrapper — same pattern
deploy/azure_hive/tests/test_aspire_apphost.py Durable test fixture
deploy/azure_hive/tests/test_eval_wrapper_entrypoints.py Durable test file for wrapper env injection
docs/EVAL_SYSTEM_ARCHITECTURE.md Durable architecture doc — SHA pin update only
docs/atlas/compile-deps/README.md Durable dependency reference — version and SHA pin update
docs/hive_mind/EVAL.md Durable reference doc — adds cross-links, removes stale flags
docs/hive_mind/EVAL_COMPONENTS.md Durable architecture reference — plain-English component ownership diagram, no temporal language
docs/hive_mind/EVAL_OPERATOR_GUIDE.md Durable how-to guide — "Day-Zero" refers to onboarding, not a specific date; all commands fully parameterized via env vars
mkdocs.yml Navigation config update — durable
src/amplihack/eval/long_horizon_memory.py Code — SHA constant update
src/amplihack/eval/progressive_test_suite.py Code — SHA constant update

No meeting notes, sprint retrospectives, one-off scripts, or point-in-time snapshots were found.

Generated by Repo Guardian for issue #3491 ·

@rysweet
Copy link
Owner Author

rysweet commented Mar 24, 2026

Step 16b Reviewer Pass

No blocking issues found.

  • the install-hint SHA is now consistent with the pyproject.toml pin
  • the operator/component docs are wired into navigation and the thin-wrapper docs no longer claim unsupported --question-set flags
  • the env-backed wrapper/AppHost hardening is covered by deploy/azure_hive/tests/test_eval_wrapper_entrypoints.py and deploy/azure_hive/tests/test_aspire_apphost.py
  • targeted validation remains green: 93 passed in the focused pytest ring plus changed-file pre-commit

@rysweet
Copy link
Owner Author

rysweet commented Mar 24, 2026

Step 16c Security Review

No blocking security issues found.

  • deploy/azure_hive/aspire/apphost.cs now passes the Event Hubs connection string via EH_CONN instead of --connection-string ... in process arguments
  • the compatibility wrappers preserve explicit --flag and --flag=value inputs before injecting env-backed defaults, so explicit operator input is not silently overridden
  • the operator guide now uses read -rsp / export / unset flows for ANTHROPIC_API_KEY and EH_CONN; no inline-secret guidance remains in the new docs

@rysweet
Copy link
Owner Author

rysweet commented Mar 24, 2026

Step 16d Philosophy Review

No blocking philosophy issues found.

  • the fix stays ruthlessly simple: three small compatibility wrappers, one AppHost wiring change, and direct tests instead of introducing another abstraction layer
  • the operator docs are zero-BS and explicit about repo ownership, supported flags, and command paths
  • the changes improve correctness and safety without widening scope beyond the requested doc/install-hint cleanup

@rysweet rysweet marked this pull request as ready for review March 24, 2026 03:17
@github-actions
Copy link
Contributor

github-actions bot commented Mar 24, 2026

🤖 PM Architect PR Triage Analysis

PR: #3491
Title: docs: sync eval install hints and operator guides
Author: @rysweet
Branch: feat/issue-3490-sync-eval-docsmain

✅ Workflow Compliance (Steps 11-12)

NON-COMPLIANT - PR needs workflow completion

Step 11 (Review): ❌ Incomplete

  • Insufficient review evidence. Found 0 formal reviews and 7 comments. Review score: 1 (need >= 5). Comprehensive review detected: False

Step 12 (Feedback): ✅ Completed

  • Found 0 response indicators across 7 comments

Blocking Issues:

  • Step 11 incomplete: Need comprehensive code review with security, quality, and philosophy checks

🏷️ Classification

Priority: CRITICAL

  • Contains critical/security keywords

Complexity: VERY_COMPLEX

  • 14 files with 735 lines changed - system-wide changes (architectural changes detected)

🔍 Change Scope Analysis

⚠️ UNRELATED CHANGES DETECTED

Primary Purpose: Documentation update

Unrelated Changes:

Affected Files:

Recommendation: Consider splitting this PR into separate focused PRs for each concern

💡 Recommendations

  • Complete workflow steps 11-12 before marking PR as ready
  • Add at least one formal code review

📊 Statistics

  • Files Changed: 14
  • Comments: 7
  • Reviews: 0

🤖 Generated by PM Architect automation using Claude Agent SDK

docs: refresh atlas binding sources
c88a6bd 
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
@github-actions
Copy link
Contributor

github-actions bot commented Mar 24, 2026

Repo Guardian - Passed

All 14 changed files passed the ephemeral content review.

File Assessment
deploy/azure_hive/aspire/apphost.cs Durable deployment config — moves Event Hubs secret from argv to env var
deploy/azure_hive/eval_distributed.py Durable compatibility wrapper — reusable, parameterized env-var injection
deploy/azure_hive/eval_distributed_security.py Durable compatibility wrapper — same pattern
deploy/azure_hive/eval_retrieval_smoke.py Durable compatibility wrapper — same pattern
deploy/azure_hive/tests/test_aspire_apphost.py Durable test fixture
deploy/azure_hive/tests/test_eval_wrapper_entrypoints.py Durable test file for wrapper env injection
docs/EVAL_SYSTEM_ARCHITECTURE.md Durable architecture doc — SHA pin update only
docs/atlas/ast-lsp-bindings/README.md Living atlas doc with "last rebuilt" metadata timestamp — designed to be updated on each rebuild
docs/atlas/ast-lsp-bindings/ast-lsp-bindings.dot Durable graph definition — removes stale git conflict markers
docs/atlas/compile-deps/README.md Durable dependency reference — version and SHA pin update
docs/atlas/compile-deps/compile-deps.dot Durable graph definition — SHA/version update, conflict markers removed
docs/hive_mind/EVAL.md Durable reference doc — adds cross-links, removes stale flags
docs/hive_mind/EVAL_COMPONENTS.md Durable architecture reference — plain-English component ownership diagram, no temporal language
docs/hive_mind/EVAL_OPERATOR_GUIDE.md Durable how-to guide — "Day-Zero" refers to onboarding from a fresh checkout, not a specific calendar date; all commands fully parameterized via env vars

No meeting notes, sprint retrospectives, one-off scripts, or point-in-time snapshots were found.

Generated by Repo Guardian for issue #3491 ·

@rysweet rysweet merged commit 3cbb6d7 into main Mar 24, 2026
30 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Sync eval install hints and add operator docs

1 participant

@rysweet