feat(cli): download from sandbox into different directory#2154
feat(cli): download from sandbox into different directory#2154rh-hemartin wants to merge 2 commits into
Conversation
E2E tests are runningAuthorization passed for this commit. See the E2E Tests workflow for results. |
Site previewPreview: https://dd43b62c-site.fullsend-ai.workers.dev Commit: |
|
🤖 Finished Review · ✅ Success · Started 7:59 AM UTC · Completed 8:08 AM UTC |
ReviewFindingsMedium
Low
Previous runReviewFindingsHigh
Medium
Low
Previous run (2)ReviewFindingsMedium
Low
Labels: PR modifies the CLI runner's sandbox extraction and post-script contract. Previous run (3)ReviewFindingsMedium
Low
Info
Previous run (4)ReviewFindingsHigh
Medium
Low
Info
Previous run (5)ReviewFindingsHigh
Medium
Low
Info
Previous run (6)ReviewFindingsHigh
Medium
Low
Info
|
ralphbean
left a comment
There was a problem hiding this comment.
One question inline about how this interacts with the post-scripts.
| if clearErr := os.RemoveAll(hostRepositoryDir); clearErr != nil { | ||
| return fmt.Errorf("clearing local repo %s before extraction: %w", hostRepositoryDir, clearErr) | ||
| } | ||
| iterDownloadDir := filepath.Join(hostDownloadDir, fmt.Sprintf("iteration-%d", iteration)) |
There was a problem hiding this comment.
I might be misreading the flow — in code.yaml, REPO_DIR points to ${GITHUB_WORKSPACE}/target-repo. post-code.sh cds there and looks for the agent's feature branch to push. With SafeDownload now targeting the temp dir instead, wouldn't that path still have the original checkout? If so, the post-script would see no branch and exit with "nothing to do."
|
Btw — this is a good example of why we're pursuing functional tests (#1682). The unit tests and lint all pass here, but the integration between the download path, |
Ah, damn.. What about we pass the folder to the post-script? |
c0243a6 to
f97d57e
Compare
|
🤖 Review · ❌ Terminated · Started 8:04 AM UTC · Ended 8:18 AM UTC |
Codecov Report❌ Patch coverage is
📢 Thoughts on this report? Let us know! |
|
🤖 Finished Review · ✅ Success · Started 8:04 AM UTC · Completed 8:18 AM UTC |
f97d57e to
9956a8b
Compare
|
🤖 Finished Review · ✅ Success · Started 1:32 PM UTC · Completed 1:44 PM UTC |
9956a8b to
90467d6
Compare
|
🤖 Review · |
90467d6 to
e629bd2
Compare
|
🤖 Finished Review · ✅ Success · Started 6:20 AM UTC · Completed 6:37 AM UTC |
e629bd2 to
d40eb41
Compare
|
🤖 Finished Review · ✅ Success · Started 7:06 AM UTC · Completed 7:20 AM UTC |
…et-repo Signed-off-by: Hector Martinez <hemartin@redhat.com>
…et-repo Signed-off-by: Hector Martinez <hemartin@redhat.com>
d40eb41 to
368a4ec
Compare
|
🤖 Finished Review · ✅ Success · Started 8:39 AM UTC · Completed 8:57 AM UTC |
| @@ -555,6 +563,10 @@ func runAgent(ctx context.Context, agentName, fullsendDir, outputBase, targetRep | |||
| postCmd := exec.Command(h.PostScript) | |||
There was a problem hiding this comment.
[medium] logic-error
REPO_DIR and TARGET_REPO_DIR are appended to the post-script env after envToList(h.RunnerEnv), so any user-specified REPO_DIR in runner_env is silently overridden. The customizing-agents.md example harness shows REPO_DIR in runner_env, which is now dead configuration.
Suggested fix: Either (a) emit a log warning when REPO_DIR already exists in h.RunnerEnv, or (b) do not override if already present, or (c) update documentation examples to remove the REPO_DIR runner_env entry.
| } | ||
| runDir := filepath.Join(outputBase, sandboxName) | ||
|
|
||
| // hostDownloadDir is separate from outputBase so the downloaded source |
There was a problem hiding this comment.
[medium] resource-leak
hostDownloadDir (os.TempDir()/fullsend-downloads/) is never cleaned up after the function completes. Repeated local runs accumulate repository-sized directories under /tmp/fullsend-downloads/.
Suggested fix: Add defer os.RemoveAll(hostDownloadDir) after the post-script defer, or document that cleanup is the user's responsibility.
| } | ||
| runDir := filepath.Join(outputBase, sandboxName) | ||
|
|
||
| // hostDownloadDir is separate from outputBase so the downloaded source |
There was a problem hiding this comment.
[medium] user-contract-change
This PR changes the --target-repo contract from input+output (modified in place) to input-only. The PR body acknowledges this but the user-facing workflow guidance could more explicitly explain the new manual-copy requirement.
Suggested fix: Update running-agents-locally.md to explain new behavior, output location, and how to copy changes back.
|
|
||
| // 9d. Extract target repo back to host. SafeDownload removes dangerous | ||
| // 9d. Extract target repo from sandbox. SafeDownload removes dangerous | ||
| // symlinks (absolute or repo-escaping) and .git/hooks/ to prevent sandbox escape. |
There was a problem hiding this comment.
[low] error-handling-pattern
os.RemoveAll(lastDownloadDir) ignores errors silently when cleaning the previous iteration's download. A warning log would be consistent with nearby printer.StepWarn usage.
| @@ -941,20 +953,25 @@ func runAgent(ctx context.Context, agentName, fullsendDir, outputBase, targetRep | |||
| } | |||
| } | |||
|
|
|||
There was a problem hiding this comment.
[low] directory-permissions
iterDownloadDir is created with 0o755 (world-readable). Consistent with existing codebase pattern but 0o700 would be more restrictive for temp directories containing source code.
|
Superseded by #2774 |
|
🤖 Finished Retro · ✅ Success · Started 8:00 AM UTC · Completed 8:19 AM UTC |
Retro: PR #2154 —
|
| Pattern | Existing Issues |
|---|---|
| Burst of review dispatches from rapid comment replies | #1125, #893, #1014 |
| Same findings repeated across review rounds | #1013, #1583 |
| Code agent diverged from issue's recommended approach | #2185 |
| No escalation when author dismisses high-severity findings | #2111, #1672 |
| Per-PR review budget to cap runaway dispatches | #2599 |
Autonomy assessment
The review agent's findings aligned with (and in some cases exceeded) human review quality on this PR. The human reviewer raised one concern; the review agent raised the same concern plus five additional valid findings. This PR is evidence that the review agent is providing high-quality architectural feedback on CLI/runner changes.
fullsend runwas wiping out--target-repoand downloading the sandbox target repo into it. On the workflows, this was OK, but locally this meant wiping out the target directory. If someone used a valuable target repository that would mean that they could lose local information (in case the agent decided to wipe out branches within the sandbox, or something similar). Because of that this PR introduceshostDownloadDirto download the sandbox contents and prevent wiping out the host--target-repo. This is not configurable, so overriding the--target-repois not possible, users that want their contents modified will need to manually copy changes into their--target-repo.Closes #2075