ctrlrelay 0.4.1__tar.gz → 0.5.0__tar.gz

{ctrlrelay-0.4.1 → ctrlrelay-0.5.0}/CHANGELOG.md

@@ -7,6 +7,76 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 
 ## [Unreleased]
 
+## [0.5.0] - 2026-05-11
+
+Minor release. Three changes on the secops path; together they take the
+secops sweep from "silently drops operator decisions" to "respects per-repo
+policy and reaches the operator on every blocked decision".
+
+### Fixed
+
+- **Secops BLOCKED questions now reach the operator via Telegram.**
+  Three discrete bugs were stacking to drop every blocked secops session
+  silently (#131):
+  1. `run_secops_all` never called `transport.ask()` after a blocked
+     pipeline result. The DB row was marked `status='blocked'` and a
+     `pending_resumes` entry was inserted, but the question went nowhere.
+     Now mirrors the dev/task pipelines: post the question, await an
+     answer, resume — up to `DEFAULT_MAX_BLOCKED_ROUNDS=5` rounds. On
+     transport failure preserves `blocked=True` so the existing
+     persistence-on-blocked branch fires.
+  2. `ctrlrelay run secops` (manual CLI) was passing `transport=None`,
+     so even with the dispatch loop in place, the `is not None` gate
+     short-circuited and questions still went to pending_resumes
+     instead of Telegram. Now builds a `SocketTransport` when the
+     bridge socket is up, mirroring the scheduled-cron path.
+  3. `SocketTransport._receive_loop` resolved the per-request future on
+     the FIRST message matching `request_id`. The bridge sends two
+     messages for an ASK: an intermediate `ACK(status="pending")` then
+     a terminal `ANSWER`. Receiving the ACK fulfilled the future early
+     and `ask()` raised `TransportError("Unexpected response: BridgeOp.ACK")`.
+     Now skips `ACK(status="pending")` and waits for `ANSWER`/`ERROR`.
+
+  Real-world impact: an 86-repo secops sweep with 21 sessions hitting
+  BLOCKED produced zero Telegram messages pre-fix. Post-fix, every
+  blocked session reaches the operator with a structured question.
+
+### Added
+
+- **Auto-merge operator-authored `.github/dependabot.yml`-only PRs.**
+  The secops agent's policy treated all operator-authored PRs as needing
+  explicit approval, even ones that ONLY add an ecosystem entry to
+  `.github/dependabot.yml`. These are the prerequisite PRs the operator
+  files when bulk-enabling Dependabot across repos with branch protection,
+  and they sat indefinitely (#132). The carve-out is narrow and
+  multi-gated:
+  1. **Author check**: `author.login == $OPERATOR` (derived from
+     `gh api user --jq .login`) — collaborators, GitHub apps, or
+     external contributors are NOT eligible even for dependabot.yml-only.
+  2. **Diff check**: `gh pr diff` must be PURELY ADDITIVE — any line
+     beginning with `-` (other than `---` file headers) signals a
+     deletion or modification of existing config -> BLOCKED.
+  3. **CI check**: `gh pr checks` must all pass — a PR adding invalid
+     YAML can pass author+diff and still break Dependabot for the repo
+     if merged without this gate.
+
+  All three must pass before merge. Any one failing -> BLOCKED.
+
+- **Per-repo `automation:` policy now drives the secops agent.**
+  `orchestrator.yaml`'s per-repo `automation` block (defining
+  `dependabot_patch`, `dependabot_minor`, `dependabot_major` as
+  auto/ask/never) was decorative — the secops prompt had hardcoded
+  prose that ignored it (#133). Now `_build_prompt` accepts an
+  `AutomationConfig` and renders per-tier directives like
+  "patch updates: AUTO-MERGE", "minor updates: ASK", "major updates: NEVER"
+  per repo. `run_secops_all` puts `repo_config.automation` in
+  `ctx.extra`; `resume_secops_from_pending` accepts an `automation`
+  kwarg; the pending-resume sweeper in `cli.py` looks up the per-repo
+  policy and threads it on resume.
+
+  Operators can now set a sensitive repo to `dependabot_minor: never`
+  and the agent will actually respect it.
+
 ## [0.4.1] - 2026-05-08
 
 Patch release. Two follow-ups against the v0.4.0 setup flow surfaced

{ctrlrelay-0.4.1 → ctrlrelay-0.5.0}/PKG-INFO

@@ -1,6 +1,6 @@
 Metadata-Version: 2.4
 Name: ctrlrelay
-Version: 0.4.1
+Version: 0.5.0
 Summary: Local-first orchestrator for headless coding agents across multiple GitHub repos
 Project-URL: Homepage, https://github.com/AInvirion/ctrlrelay
 Project-URL: Documentation, https://ainvirion.github.io/ctrlrelay/

{ctrlrelay-0.4.1 → ctrlrelay-0.5.0}/pyproject.toml

@@ -1,6 +1,6 @@
 [project]
 name = "ctrlrelay"
-version = "0.4.1"
+version = "0.5.0"
 description = "Local-first orchestrator for headless coding agents across multiple GitHub repos"
 readme = "README.md"
 requires-python = ">=3.12"

{ctrlrelay-0.4.1 → ctrlrelay-0.5.0}/src/ctrlrelay/cli.py

@@ -593,6 +593,29 @@ def run_secops(
     console.print(f"Running secops on {len(repos)} repo(s)...")
 
     async def _run():
+        # Build a transport so secops blocked questions reach Telegram.
+        # Without this, agents that end BLOCKED_NEEDS_INPUT silently land
+        # in the DB+pending_resumes and the operator never sees the
+        # question (mirror of the wiring in the scheduled path).
+        transport = None
+        if (
+            config.transport.type.value == "telegram"
+            and config.transport.telegram
+        ):
+            from ctrlrelay.transports import SocketTransport
+            sock = config.transport.telegram.socket_path.expanduser().resolve()
+            if sock.exists():
+                try:
+                    candidate = SocketTransport(sock)
+                    await candidate.connect()
+                    transport = candidate
+                except Exception as e:
+                    console.print(
+                        f"[yellow]Bridge transport connect failed ({e}) — "
+                        f"running without notifications. Blocked sessions "
+                        f"will land in pending_resumes for later resume.[/yellow]"
+                    )
+
         return await run_secops_all(
             repos=repos,
             dispatcher=dispatcher,
@@ -600,7 +623,7 @@ def run_secops(
             worktree=worktree,
             dashboard=dashboard,
             state_db=db,
-            transport=None,
+            transport=transport,
             contexts_dir=config.paths.contexts,
         )
 
@@ -1591,6 +1614,7 @@ def poller_start(
 
                     try:
                         if pipeline_name == "secops":
+                            sweep_repo_cfg = repo_cfg_by_name.get(repo)
                             result = await resume_secops_from_pending(
                                 session_id=session_id,
                                 repo=repo,
@@ -1602,6 +1626,11 @@ def poller_start(
                                 state_db=state_db,
                                 transport=sweeper_transport,
                                 contexts_dir=config.paths.contexts,
+                                automation=(
+                                    sweep_repo_cfg.automation
+                                    if sweep_repo_cfg is not None
+                                    else None
+                                ),
                             )
                         elif pipeline_name == "dev":
                             # Dev resume needs the repo's branch template

{ctrlrelay-0.4.1 → ctrlrelay-0.5.0}/src/ctrlrelay/pipelines/secops.py

@@ -21,6 +21,8 @@ from ctrlrelay.transports.base import Transport
 
 _logger = get_logger("pipeline.secops")
 
+DEFAULT_MAX_BLOCKED_ROUNDS = 5
+
 
 def _question_for_persist(session_id: str, result: PipelineResult) -> str:
     """Return a non-empty question string for pending_resumes storage.
@@ -58,6 +60,7 @@ class SecopsPipeline:
             ctx.repo,
             session_id=ctx.session_id,
             state_file=ctx.state_file,
+            automation=ctx.extra.get("automation"),
         )
 
         result = await self._spawn(ctx, prompt, resume=False)
@@ -123,21 +126,118 @@ class SecopsPipeline:
         repo: str,
         session_id: str = "",
         state_file: Path | None = None,
+        automation: Any = None,
     ) -> str:
-        """Build the secops prompt."""
+        """Build the secops prompt.
+
+        ``automation`` is an optional ``AutomationConfig`` carrying the
+        per-repo Dependabot policy (auto/ask/never per severity tier).
+        When provided, the prompt explicitly tells the agent which tiers
+        auto-merge vs ask vs never-merge. When ``None``, falls back to
+        the default policy (patch=auto, minor=ask, never-major) so
+        existing callers and the schema defaults stay coherent."""
         state_file_path = str(state_file) if state_file else "/tmp/state.json"
 
+        # Translate per-repo policy into prompt directives. Use defaults
+        # from AutomationConfig if no policy was passed.
+        patch_pol = (
+            automation.dependabot_patch.value
+            if automation is not None and hasattr(automation, "dependabot_patch")
+            else "auto"
+        )
+        minor_pol = (
+            automation.dependabot_minor.value
+            if automation is not None and hasattr(automation, "dependabot_minor")
+            else "ask"
+        )
+        major_pol = (
+            automation.dependabot_major.value
+            if automation is not None and hasattr(automation, "dependabot_major")
+            else "never"
+        )
+
+        def _policy_directive(tier: str, policy: str) -> str:
+            if policy == "auto":
+                return (
+                    f"     - {tier}: AUTO-MERGE with passing CI. Squash + "
+                    "delete branch."
+                )
+            if policy == "ask":
+                return (
+                    f"     - {tier}: ASK — signal BLOCKED with a one-line "
+                    f"summary so the operator decides."
+                )
+            return (
+                f"     - {tier}: NEVER — do not merge. Leave the PR open "
+                "for manual review."
+            )
+
+        dependabot_policy_block = "\n".join(
+            [
+                _policy_directive("patch updates", patch_pol),
+                _policy_directive("minor updates", minor_pol),
+                _policy_directive("major updates", major_pol),
+            ]
+        )
+
         return f"""Execute security operations for repository {repo}.
 
 1. Check Dependabot alerts:
    `gh api repos/{repo}/dependabot/alerts --jq '.[] | select(.state=="open")'`
-2. Check security PRs:
+2. Check Dependabot-authored security PRs:
    `gh pr list --repo {repo} --author "app/dependabot" --json number,title`
-3. For each alert or PR:
-   - Review the severity and impact
-   - If patch/minor update with passing CI, merge the PR
-   - If major or unclear, signal BLOCKED to ask for guidance
-4. Summarize actions taken
+3. Determine the trusted operator's GitHub login (the identity the
+   agent itself runs as). The auto-merge carve-out below applies ONLY
+   to PRs authored by this exact login — never to other contributors,
+   apps, or bots even if their PR looks safe:
+   `OPERATOR=$(gh api user --jq '.login')`
+4. Check open PRs authored by the trusted operator that enable
+   Dependabot itself. These are prerequisites for future Dependabot
+   work and block the security pipeline if left open:
+   `gh pr list --repo {repo} --state open --author "$OPERATOR" --json number,title,files`
+   For each, inspect files: `gh pr view <NUM> --repo {repo} --json files`
+5. For each alert or PR:
+   - **Dependabot PRs**: classify the update as patch/minor/major and
+     apply the per-repo policy below. If the severity is unclear, signal
+     BLOCKED to ask for guidance.
+
+{dependabot_policy_block}
+   - **PR authored by `$OPERATOR` touching ONLY `.github/dependabot.yml`**
+     (additive ecosystem entries, no other files changed): MAYBE
+     auto-merge — but only after diff validation. These are the
+     "enable Dependabot" prerequisites the operator opened.
+
+     Required validation BEFORE merging:
+     a. **Author check**: confirm `author.login` exactly equals
+        `$OPERATOR`. Collaborators, GitHub apps, or external
+        contributors can craft a `dependabot.yml`-only PR to slip
+        past review — those go to BLOCKED, not auto-merge.
+     b. **Diff check**: pull the diff and confirm it is PURELY
+        ADDITIVE — no `-` lines (deletions or modifications of
+        existing stanzas), only `+` lines that introduce new
+        `package-ecosystem` blocks. Run:
+        `gh pr diff <NUM> --repo {repo}`
+        If any line in the diff begins with `-` (other than `---`
+        file headers), the PR modifies or removes existing config:
+        signal BLOCKED with a one-line summary like "operator
+        dependabot.yml PR #N modifies existing config — needs
+        review". Do NOT auto-merge.
+     c. **CI check**: confirm all status checks pass (matches the
+        Dependabot PR rule above). Run:
+        `gh pr checks <NUM> --repo {repo}`
+        Any failing or pending check -> BLOCKED. A PR that adds
+        invalid dependabot YAML can pass author+diff but fail
+        repo validation; without this gate the agent could merge
+        broken config and break Dependabot for the repo.
+
+     If (a), (b), AND (c) all pass: merge with squash, delete the
+     branch. If any one fails: BLOCKED.
+   - **Any other PR from `$OPERATOR`** (touches code, tests, configs
+     other than dependabot.yml): signal BLOCKED for operator approval.
+     Never auto-merge code changes, even from the trusted operator.
+   - **PRs from anyone else** (collaborators, contributors, other bots):
+     signal BLOCKED. Never on this path.
+6. Summarize actions taken
 
 ## Signaling Completion
 
@@ -214,6 +314,7 @@ async def run_secops_all(
     state_db: StateDB,
     transport: Transport | None,
     contexts_dir: Path,
+    max_blocked_rounds: int = DEFAULT_MAX_BLOCKED_ROUNDS,
 ) -> list[PipelineResult]:
     """Run secops pipeline on all configured repos."""
     results = []
@@ -260,6 +361,7 @@ async def run_secops_all(
                 worktree_path=worktree_path,
                 context_path=context_path,
                 state_file=state_file,
+                extra={"automation": getattr(repo_config, "automation", None)},
             )
 
             state_db.execute(
@@ -271,6 +373,51 @@ async def run_secops_all(
             session_row_inserted = True
 
             result = await pipeline.run(ctx)
+
+            # BLOCKED loop: when the agent ends BLOCKED_NEEDS_INPUT, push
+            # the question to the operator via the configured transport
+            # (Telegram), wait for an answer, and resume. Mirrors the
+            # dev/task pipelines — without this, secops blocked sessions
+            # silently land as "blocked" in the DB without ever reaching
+            # the operator. transport.ask() failure preserves blocked=True
+            # so the persistence-on-blocked branch below still fires and
+            # writes a pending_resumes row that a later out-of-band reply
+            # could resume via the sweeper.
+            rounds = 0
+            while (
+                result.blocked
+                and transport is not None
+                and rounds < max_blocked_rounds
+            ):
+                question = _question_for_persist(session_id, result)
+                try:
+                    answer = await transport.ask(
+                        question,
+                        session_id=session_id,
+                        repo=repo,
+                    )
+                except Exception as e:
+                    log_event(
+                        _logger,
+                        "secops.transport.ask_failed",
+                        session_id=session_id,
+                        repo=repo,
+                        error_type=type(e).__name__,
+                        error=str(e)[:200],
+                    )
+                    result = PipelineResult(
+                        success=False,
+                        blocked=True,
+                        session_id=session_id,
+                        summary=f"Blocked session deferred (transport): {e}",
+                        error=str(e),
+                        question=question,
+                        outputs=result.outputs,
+                    )
+                    break
+                rounds += 1
+                result = await pipeline.resume(ctx, answer)
+
             results.append(result)
 
             status = "done" if result.success else ("blocked" if result.blocked else "failed")
@@ -452,6 +599,7 @@ async def resume_secops_from_pending(
     state_db: StateDB,
     transport: Transport | None,
     contexts_dir: Path,
+    automation: Any = None,
 ) -> PipelineResult:
     """Resume a BLOCKED secops session using an answer that arrived via
     Telegram after the original session had already torn down.
@@ -497,6 +645,7 @@ async def resume_secops_from_pending(
             worktree_path=worktree_path,
             context_path=context_path,
             state_file=state_file,
+            extra={"automation": automation},
         )
 
         # Flip the session back to running so an observer sees progress,

{ctrlrelay-0.4.1 → ctrlrelay-0.5.0}/src/ctrlrelay/transports/socket_client.py

@@ -55,6 +55,17 @@ class SocketTransport:
                 try:
                     msg = parse_message(line.decode())
                     if msg.request_id and msg.request_id in self._pending:
+                        # The bridge sends two messages back for an ASK:
+                        # an intermediate ACK(status="pending") immediately
+                        # after queuing for Telegram, then an ANSWER (or
+                        # ERROR) once the operator replies. Resolving the
+                        # future on the first ACK collapses the wait
+                        # prematurely — caller sees "Unexpected response:
+                        # BridgeOp.ACK" and throws. Skip those to keep
+                        # waiting. Terminal ACKs (status="sent" from SEND)
+                        # remain the final response and resolve normally.
+                        if msg.op == BridgeOp.ACK and msg.status == "pending":
+                            continue
                         self._pending[msg.request_id].set_result(msg)
                 except ProtocolError:
                     pass