train-k8s-container-mitre 2.1.1 → 2.2.1

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 6255dfedd08c1ccc04f6c69fdd56f530f927ece9876c248813ceabe38ab93134
-  data.tar.gz: 4976598e8fec6ae7274a468be4aedda447251dc66c59acf10c0af924b47b1be2
+  metadata.gz: 7401f8f5a6cd3dbab1c4ccf3badcabde98032ddfe39f791eb62aa3fb6d14f17f
+  data.tar.gz: b477518b7f03d3f419c0437ce9750af9f4e2496cf2995b0baed4bb41923034db
 SHA512:
-  metadata.gz: '0959c3bbc96a96c717f0f4129ef6612ac874e599920bfd399179423e7884745accee2d9415473fa0e0dc7d50061aae01db81343be7dd4883e55465019716d9bc'
-  data.tar.gz: 3085e763b733098b172a3c73e9eb06698dd54f1632d65a0fe6b2545c7ea4dd5056a5ad49bc38cf37e469d19beb3a88dd7629b7243a8d9d848fc57a0e106153d8
+  metadata.gz: 69b0c02f9d1d724d6760e341f9f42caec31ccf3a4f96477ae9f09b121067b3c02edbc50cd1b0524296524d770ec87c9022f806b880ca30735c2349e972f108b7
+  data.tar.gz: 236996377e83721b771cf5c6d5103509b261c4361231dd313131340a0f52090d8020abf5437373b75aad23852d79db97cdd80c3d74960dcc52b859442035cf6e

data/.beads/.gitignore

@@ -0,0 +1,32 @@
+# SQLite databases
+*.db
+*.db?*
+*.db-journal
+*.db-wal
+*.db-shm
+
+# Daemon runtime files
+daemon.lock
+daemon.log
+daemon.pid
+bd.sock
+
+# Local version tracking (prevents upgrade notification spam after git ops)
+.local_version
+
+# Legacy database files
+db.sqlite
+bd.db
+
+# Merge artifacts (temporary files from 3-way merge)
+beads.base.jsonl
+beads.base.meta.json
+beads.left.jsonl
+beads.left.meta.json
+beads.right.jsonl
+beads.right.meta.json
+
+# Keep JSONL exports and config (source of truth for git)
+!issues.jsonl
+!metadata.json
+!config.json

data/.beads/README.md

@@ -0,0 +1,81 @@
+# Beads - AI-Native Issue Tracking
+
+Welcome to Beads! This repository uses **Beads** for issue tracking - a modern, AI-native tool designed to live directly in your codebase alongside your code.
+
+## What is Beads?
+
+Beads is issue tracking that lives in your repo, making it perfect for AI coding agents and developers who want their issues close to their code. No web UI required - everything works through the CLI and integrates seamlessly with git.
+
+**Learn more:** [github.com/steveyegge/beads](https://github.com/steveyegge/beads)
+
+## Quick Start
+
+### Essential Commands
+
+```bash
+# Create new issues
+bd create "Add user authentication"
+
+# View all issues
+bd list
+
+# View issue details
+bd show <issue-id>
+
+# Update issue status
+bd update <issue-id> --status in_progress
+bd update <issue-id> --status done
+
+# Sync with git remote
+bd sync
+```
+
+### Working with Issues
+
+Issues in Beads are:
+- **Git-native**: Stored in `.beads/issues.jsonl` and synced like code
+- **AI-friendly**: CLI-first design works perfectly with AI coding agents
+- **Branch-aware**: Issues can follow your branch workflow
+- **Always in sync**: Auto-syncs with your commits
+
+## Why Beads?
+
+✨ **AI-Native Design**
+- Built specifically for AI-assisted development workflows
+- CLI-first interface works seamlessly with AI coding agents
+- No context switching to web UIs
+
+🚀 **Developer Focused**
+- Issues live in your repo, right next to your code
+- Works offline, syncs when you push
+- Fast, lightweight, and stays out of your way
+
+🔧 **Git Integration**
+- Automatic sync with git commits
+- Branch-aware issue tracking
+- Intelligent JSONL merge resolution
+
+## Get Started with Beads
+
+Try Beads in your own projects:
+
+```bash
+# Install Beads
+curl -sSL https://raw.githubusercontent.com/steveyegge/beads/main/scripts/install.sh | bash
+
+# Initialize in your repo
+bd init
+
+# Create your first issue
+bd create "Try out Beads"
+```
+
+## Learn More
+
+- **Documentation**: [github.com/steveyegge/beads/docs](https://github.com/steveyegge/beads/tree/main/docs)
+- **Quick Start Guide**: Run `bd quickstart`
+- **Examples**: [github.com/steveyegge/beads/examples](https://github.com/steveyegge/beads/tree/main/examples)
+
+---
+
+*Beads: Issue tracking that moves at the speed of thought* ⚡

data/.beads/config.yaml

@@ -0,0 +1,62 @@
+# Beads Configuration File
+# This file configures default behavior for all bd commands in this repository
+# All settings can also be set via environment variables (BD_* prefix)
+# or overridden with command-line flags
+
+# Issue prefix for this repository (used by bd init)
+# If not set, bd init will auto-detect from directory name
+# Example: issue-prefix: "myproject" creates issues like "myproject-1", "myproject-2", etc.
+# issue-prefix: ""
+
+# Use no-db mode: load from JSONL, no SQLite, write back after each command
+# When true, bd will use .beads/issues.jsonl as the source of truth
+# instead of SQLite database
+# no-db: false
+
+# Disable daemon for RPC communication (forces direct database access)
+# no-daemon: false
+
+# Disable auto-flush of database to JSONL after mutations
+# no-auto-flush: false
+
+# Disable auto-import from JSONL when it's newer than database
+# no-auto-import: false
+
+# Enable JSON output by default
+# json: false
+
+# Default actor for audit trails (overridden by BD_ACTOR or --actor)
+# actor: ""
+
+# Path to database (overridden by BEADS_DB or --db)
+# db: ""
+
+# Auto-start daemon if not running (can also use BEADS_AUTO_START_DAEMON)
+# auto-start-daemon: true
+
+# Debounce interval for auto-flush (can also use BEADS_FLUSH_DEBOUNCE)
+# flush-debounce: "5s"
+
+# Git branch for beads commits (bd sync will commit to this branch)
+# IMPORTANT: Set this for team projects so all clones use the same sync branch.
+# This setting persists across clones (unlike database config which is gitignored).
+# Can also use BEADS_SYNC_BRANCH env var for local override.
+# If not set, bd sync will require you to run 'bd config set sync.branch <branch>'.
+sync-branch: "beads-sync"
+
+# Multi-repo configuration (experimental - bd-307)
+# Allows hydrating from multiple repositories and routing writes to the correct JSONL
+# repos:
+#   primary: "."  # Primary repo (where this database lives)
+#   additional:   # Additional repos to hydrate from (read-only)
+#     - ~/beads-planning  # Personal planning repo
+#     - ~/work-planning   # Work planning repo
+
+# Integration settings (access with 'bd config get/set')
+# These are stored in the database, not in this file:
+# - jira.url
+# - jira.project
+# - linear.url
+# - linear.api-key
+# - github.org
+# - github.repo

data/.beads/issues.jsonl

@@ -0,0 +1,3 @@
+{"id":"train-k8s-container-681","title":"Submit PR: Auto-discover train-* gems in plugin list","status":"tombstone","priority":1,"issue_type":"task","created_at":"2025-12-21T14:29:28.015398-05:00","updated_at":"2025-12-21T14:32:43.790163-05:00","deleted_at":"2025-12-21T14:32:43.790163-05:00","deleted_by":"daemon","delete_reason":"delete","original_type":"task"}
+{"id":"train-k8s-container-7ew","title":"Submit PR: Dynamic os.kubernetes? methods","status":"tombstone","priority":1,"issue_type":"task","created_at":"2025-12-21T14:30:43.254682-05:00","updated_at":"2025-12-21T14:32:43.5904-05:00","deleted_at":"2025-12-21T14:32:43.5904-05:00","deleted_by":"daemon","delete_reason":"delete","original_type":"task"}
+{"id":"train-k8s-container-xlc","title":"Investigate connection pooling differences between v2.0 and v1.3.1","description":"## Root Cause Analysis Complete\n\n### The Bug\nPTY session's `parse_output` method used line-by-line matching to filter command echo-back, which failed for multi-line commands. The echoed command text was included in output, corrupting InSpec's file stat results.\n\n### Evidence\nNick's test data showed v2.2.0 returning command text in output:\n```\ngot: for f in $(find -L /etc/ssl/certs -type f); do\n    openssl x509 ...\n   2\u003e\u00261 ; echo __EXIT_CODE__=$?\nfind: '/etc/ssl/certs': No such file or directory\n```\n\n### Fix Implemented\n- Added `remove_command_echo` method in `lib/train-k8s-container/pty_session.rb`\n- Uses marker-based parsing: finds `2\u003e\u00261 ; echo __EXIT_CODE__=$?` and removes everything before it\n- Falls back to line-by-line for edge cases\n\n### Tests Added\n1. `spec/unit/pty_output_parsing_spec.rb` - 9 unit tests\n2. `spec/integration/execution_comparison_spec.rb` - 16 integration tests\n3. `test/scripts/test_pty_fix.rb` - manual validation script\n\n### Local Validation\nAll 6 manual tests pass against local kind cluster:\n- Simple commands ✅\n- Directory existence (matches ground truth) ✅\n- Multi-line command (no echo-back) ✅\n- No internal markers leaked ✅\n- Non-existent file detection ✅\n- Stat command parsing ✅\n\n## Remaining Work (from Peer Review)\n\n### Must Fix (bugs/gaps)\n1. **ANSI test assertion bug** - `spec/unit/pty_output_parsing_spec.rb:163` uses wrong quotes (`'\\e['` should be `\"\\e[\"`)\n2. **Add marker collision test** - What if output contains `__EXIT_CODE__`?\n3. **Add empty output test** - Edge case not covered\n4. **Add cleanup to manual script** - `test/scripts/test_pty_fix.rb` missing `SessionManager.instance.cleanup_all`\n\n### Nice to Have\n- PTY fallback test (when PTY mode fails)\n- Documentation improvements in code comments\n- Consider more unique marker (UUID-based) to prevent collision\n\n## Current State\n- Branch: `feature/fix-pty-output-parsing`\n- Files modified:\n  - `lib/train-k8s-container/pty_session.rb` (the fix)\n  - `spec/unit/pty_output_parsing_spec.rb` (new)\n  - `spec/integration/execution_comparison_spec.rb` (new)\n  - `test/scripts/test_pty_fix.rb` (new)\n- All 257 RSpec tests pass\n- Linting passes\n- Test pod `test-ubuntu` running in local cluster\n\n## Next Session Actions\n1. Fix ANSI test assertion\n2. Add marker collision test\n3. Add empty output test\n4. Add cleanup to manual script\n5. Run full test suite\n6. Commit with `fix: resolve PTY output parsing for multi-line commands`\n7. Push and create PR to main\n8. CI will validate, then merge triggers release","status":"open","priority":1,"issue_type":"task","created_at":"2025-12-21T14:34:45.055316-05:00","updated_at":"2026-01-16T11:59:38.678162-05:00","comments":[{"id":1,"issue_id":"train-k8s-container-xlc","author":"alippold","text":"## Test Data\nFiles in data/ directory:\n- train-k8s-container-scan-results v1.31.json\n- train-k8s-container-scan-results v2.json\n\n## Results Comparison\n| Version | Passed | Failed | Skipped | Duration |\n|---------|--------|--------|---------|----------|\n| v1.3.1  | 42     | 45     | 111     | 3.62s    |\n| v2.0    | 31     | 54     | 113     | 0.21s    |\n\n## Key Observations\n- v2.0 has 11 fewer passes and 9 more failures\n- v2.0 runs 17x faster (0.21s vs 3.62s)\n- Fast execution time suggests commands may not be executing properly\n\n## Investigation Areas\n1. Connection pooling behavior differences\n2. Session management / PTY handling\n3. Command execution timing\n4. Kubectl exec client changes between versions","created_at":"2025-12-21T19:51:04Z"},{"id":2,"issue_id":"train-k8s-container-xlc","author":"alippold","text":"## Test Strategy\n\nNeed to add regression tests for connection pooling to ensure commands execute properly:\n\n1. **Session reuse test**: Multiple commands on same connection should execute\n2. **Command output verification**: Verify actual command output, not just exit codes\n3. **Performance baseline**: Track that execution time is reasonable (not too fast = skipped)\n4. **Comparison test**: Run same commands with v1.3.1 and v2.0, compare results\n\nReference: Other projects with connection pooling (train-ssh, train-winrm) likely have these tests.\n\nTest files to check/update:\n- spec/integration/end_to_end_spec.rb\n- spec/integration/pty_session_integration_spec.rb\n- spec/integration/kubectl_exec_integration_spec.rb","created_at":"2025-12-24T16:01:06Z"},{"id":3,"issue_id":"train-k8s-container-xlc","author":"alippold","text":"## Research: Connection Pooling Test Patterns\n\nNeed to research how other Train transports test connection pooling:\n\n1. **Check train-ssh**: How does it test SSH connection reuse?\n2. **Check train-winrm**: How does it test WinRM session pooling?\n3. **Look for patterns**: Command execution verification, session state validation\n4. **Our implementation**: SessionManager + PTYSession classes\n\nFiles to review:\n- lib/train-k8s-container/session_manager.rb (our pooling logic)\n- lib/train-k8s-container/pty_session.rb (session handling)\n- Compare with train-ssh/train-winrm pooling tests\n- Add similar regression tests to our suite","created_at":"2025-12-24T16:02:25Z"},{"id":4,"issue_id":"train-k8s-container-xlc","author":"alippold","text":"## Alternative: Use connection_pool gem\n\nInstead of custom Singleton pooling, consider using the standard connection_pool gem:\n- https://github.com/mperham/connection_pool\n- v3.0.2 (actively maintained, Dec 2025)\n- Battle-tested in Sidekiq, Puma, production systems\n- Thread-safe, lazy creation, auto-reload on fork\n\nThis would replace our custom SessionManager with proven pooling logic and inherit its test coverage.","created_at":"2025-12-24T16:06:42Z"}]}

data/.beads/metadata.json

@@ -0,0 +1,4 @@
+{
+  "database": "beads.db",
+  "jsonl_export": "interactions.jsonl"
+}

data/.release-please-manifest.json

@@ -1,3 +1,3 @@
 {
-  ".": "2.1.1"
+  ".": "2.2.1"
 }

data/.rubocop.yml

@@ -29,10 +29,11 @@ Metrics/PerceivedComplexity:
 Metrics/MethodLength:
   Enabled: false
 
-# RSpec tests will have longer blocks - acceptable
+# RSpec tests and gemspecs will have longer blocks - acceptable
 Metrics/BlockLength:
   Exclude:
     - spec/**/*_spec.rb
+    - '*.gemspec'
 
 # Allow reasonable line length (Chef standard is 150)
 Layout/LineLength:

data/BEADS-BOARD.md

@@ -0,0 +1,104 @@
+# train-k8s-container - Project Board
+
+**Last Updated:** 2025-12-21
+**Current Version:** 2.0.1
+**RubyGems:** `train-k8s-container-mitre`
+**Branch:** main
+
+---
+
+## Current Status: ✅ Released
+
+v2.0.1 published to RubyGems and working correctly.
+
+---
+
+## Quick Start
+
+```bash
+# Resume Claude session
+claude --continue
+
+# Install plugin
+cinc-auditor plugin install train-k8s-container-mitre
+
+# Test with running pod
+cinc-auditor detect -t k8s-container://default/test-nginx/test-nginx
+```
+
+---
+
+## Active Tasks
+
+| Task | Status | Notes |
+|------|--------|-------|
+| Submit PR: Auto-discover train plugins | ⏳ Pending | Plan at `../inspec/PR-AUTO-DISCOVER-TRAIN-PLUGINS.md` |
+| Submit PR: Dynamic os.kubernetes? | ⏳ Pending | Plan at `../inspec/PR-DYNAMIC-OS-FAMILY-METHODS.md` |
+
+---
+
+## Test Environment
+
+```bash
+# Available test pods (may need recreation if completed)
+kubectl run test-nginx --image=nginx:alpine --restart=Never
+kubectl run test-ubuntu --image=ubuntu:24.04 --restart=Never -- sleep infinity
+kubectl run test-ubi9 --image=registry.access.redhat.com/ubi9/ubi:latest --restart=Never -- sleep infinity
+
+# Check pod status
+kubectl get pods
+```
+
+---
+
+## Key Files
+
+| File | Purpose |
+|------|---------|
+| `lib/train-k8s-container/transport.rb` | Train.plugin(1) registration |
+| `lib/train-k8s-container/connection.rb` | kubectl exec connection |
+| `lib/train-k8s-container/platform.rb` | OS detection + k8s families |
+| `lib/train-k8s-container-mitre.rb` | Shim for gem name |
+| `.github/workflows/release-please.yml` | Automated version PRs |
+| `.github/workflows/release-tag.yml` | Publish on tag |
+
+---
+
+## Release Process
+
+1. Commits with conventional prefixes land on `main`
+2. release-please creates a Release PR
+3. Merge PR → tag created automatically
+4. Tag triggers `release-tag.yml` → publishes to RubyGems
+
+**Do NOT manually tag** - let release-please handle it.
+
+---
+
+## Session History
+
+| Date | Session | Summary |
+|------|---------|---------|
+| 2025-12-21 | SESSION-2025-12-21-008.md | Plugin API clarified, tested on 3 OS types |
+| 2025-12-12 | SESSION-2025-12-12-009.md | Diagrams research |
+| 2025-12-05 | SESSION-2025-12-05-007.md | v2.0.1 released to RubyGems |
+| 2025-12-04 | SESSION-2025-12-04-006.md | CI fixed, release automation |
+
+---
+
+## Known Issues
+
+1. **gem install doesn't show in plugin list** - InSpec bug, PR plan ready
+2. **Test pods expire** - Recreate with `--restart=Never` + `sleep infinity`
+
+---
+
+## Recovery Prompt
+
+```
+Continue train-k8s-container from BEADS-BOARD.md
+
+Status: v2.0.1 released and working
+Pending: Submit 2 PRs to inspec/inspec upstream
+Test pods: test-nginx, test-ubuntu, test-ubi9 (may need recreation)
+```

data/CHANGELOG.md

@@ -5,6 +5,20 @@ All notable changes to this project will be documented in this file.
 The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
 and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
 
+## [2.2.1](https://github.com/mitre/train-k8s-container/compare/v2.2.0...v2.2.1) (2026-01-17)
+
+
+### Bug Fixes
+
+* resolve PTY output parsing for multi-line commands ([#12](https://github.com/mitre/train-k8s-container/issues/12)) ([2680c3f](https://github.com/mitre/train-k8s-container/commit/2680c3f497d90d7ddf70dfeb85160e148cf397c6))
+
+## [2.2.0](https://github.com/mitre/train-k8s-container/compare/v2.1.1...v2.2.0) (2025-12-24)
+
+
+### Features
+
+* Add BEADS-BOARD.md and v1/v2 comparison test data ([35bbf46](https://github.com/mitre/train-k8s-container/commit/35bbf46fc25d84ef88e9953a628cf3a4aa8d2da0))
+
 ## [2.1.1](https://github.com/mitre/train-k8s-container/compare/v2.1.0...v2.1.1) (2025-12-12)