devvy 0.1.0__py3-none-any.whl

cli/commands/status.py

@@ -0,0 +1,35 @@
+"""coding-agent status <id> — show current state of a ticket from local DB."""
+
+from __future__ import annotations
+
+import asyncio
+
+import typer
+from sqlalchemy import select
+
+import cli.models  # noqa: F401 — ensure tables are registered on Base.metadata
+from cli.db import SessionManager, init_db
+from cli.models import GraphContext, Ticket
+from cli.ui import err_console, print_status_panel
+
+
+def status(ticket_id: str = typer.Argument(..., help="Ticket ID")) -> None:
+    """Print the current state and metadata of a ticket."""
+    asyncio.run(_status_async(ticket_id))
+
+
+async def _status_async(ticket_id: str) -> None:
+    await init_db()
+
+    async with SessionManager.session() as session:
+        ticket = await session.get(Ticket, ticket_id)
+        if ticket is None:
+            err_console.print(f"[red]Ticket {ticket_id!r} not found.[/red]")
+            raise typer.Exit(1)
+
+        result = await session.execute(
+            select(GraphContext).where(GraphContext.ticket_id == ticket_id)
+        )
+        ctx = result.scalar_one_or_none()
+
+    print_status_panel(ticket, ctx)

cli/config.py

@@ -0,0 +1,69 @@
+"""CLI configuration — loading and typed representation.
+
+Config is read from ~/.coding-agent.toml under the [coding_agent] section.
+``load_config()`` is the single entry point used by all commands; it raises
+``ConfigNotFoundError`` if the file doesn't exist (i.e. ``devvy init`` hasn't
+been run yet).
+"""
+
+from __future__ import annotations
+
+import tomllib
+from dataclasses import dataclass
+from pathlib import Path
+
+CONFIG_PATH = Path.home() / ".coding-agent.toml"
+DEFAULT_MODEL = "github-copilot/claude-sonnet-4.6"
+
+
+class ConfigNotFoundError(Exception):
+    """Raised when the configuration file cannot be found."""
+
+
+@dataclass(frozen=True)
+class Config:
+    """Typed, validated representation of ~/.coding-agent.toml [coding_agent]."""
+
+    opencode_model: str
+    ado_org_url: str
+    ado_project: str
+    ado_pat: str
+    repo_url: str
+    env_file: str | None  # path to the .env file to copy into every cloned workspace
+
+    def __post_init__(self) -> None:
+        missing = [
+            field
+            for field, value in [
+                ("ado_org_url", self.ado_org_url),
+                ("ado_project", self.ado_project),
+                ("ado_pat", self.ado_pat),
+            ]
+            if not value
+        ]
+        if missing:
+            raise ValueError(
+                f"Missing required config field(s): {', '.join(missing)}. "
+                "Run `devvy init` to configure."
+            )
+
+
+def load_config() -> Config:
+    """Load config from ~/.coding-agent.toml. Raises ConfigNotFoundError if missing."""
+    if not CONFIG_PATH.exists():
+        raise ConfigNotFoundError(
+            f"No configuration found at {CONFIG_PATH}. Run `devvy init` first."
+        )
+
+    with CONFIG_PATH.open("rb") as f:
+        data = tomllib.load(f)
+
+    section = data.get("coding_agent", {})
+    return Config(
+        opencode_model=section.get("opencode_model", DEFAULT_MODEL),
+        ado_org_url=section.get("ado_org_url", ""),
+        ado_project=section.get("ado_project", ""),
+        ado_pat=section.get("ado_pat", ""),
+        repo_url=section.get("repo_url", ""),
+        env_file=section.get("env_file") or None,
+    )

cli/db.py

@@ -0,0 +1,138 @@
+"""Local SQLite database session manager for the CLI.
+
+Uses SQLAlchemy async engine backed by aiosqlite.  The database file lives at
+~/.devvy/devvy.db and is created automatically on first use.
+
+Usage:
+    async with db.session() as session:
+        session.add(obj)
+        # auto-committed and closed on exit
+"""
+
+from __future__ import annotations
+
+from contextlib import asynccontextmanager
+from pathlib import Path
+from typing import AsyncGenerator
+
+from sqlalchemy import text
+from sqlalchemy.exc import OperationalError
+from sqlalchemy.ext.asyncio import (
+    AsyncSession,
+    async_sessionmaker,
+    create_async_engine,
+)
+from sqlalchemy.orm import DeclarativeBase
+
+DB_DIR = Path.home() / ".devvy"
+DB_PATH = DB_DIR / "devvy.db"
+
+
+class Base(DeclarativeBase):
+    pass
+
+
+class _SessionManager:
+    """Thin async session manager around a SQLite engine."""
+
+    def __init__(self) -> None:
+        self._engine = None
+        self._session_maker: async_sessionmaker[AsyncSession] | None = None
+
+    def init(self, db_path: Path = DB_PATH) -> None:
+        """Initialise the engine.  Call once before first use (e.g. in CLI startup).
+
+        Safe to call more than once — disposes the previous engine first.
+        """
+        if self._engine is not None:
+            # Schedule the old engine for disposal.  We can't await here (sync
+            # method), so we use the sync dispose variant which is fine for the
+            # SQLite + aiosqlite driver (it doesn't hold open connections between
+            # requests).
+            import asyncio as _asyncio
+
+            try:
+                loop = _asyncio.get_event_loop()
+                if loop.is_running():
+                    loop.create_task(self._engine.dispose())
+                else:
+                    loop.run_until_complete(self._engine.dispose())
+            except RuntimeError:
+                pass  # No event loop — engine will be GC'd harmlessly.
+        DB_DIR.mkdir(parents=True, exist_ok=True)
+        url = f"sqlite+aiosqlite:///{db_path}"
+        self._engine = create_async_engine(url, echo=False)
+        self._session_maker = async_sessionmaker(
+            bind=self._engine,
+            autoflush=False,
+            expire_on_commit=False,
+        )
+
+    async def close(self) -> None:
+        """Dispose the engine and release all connections."""
+        if self._engine is not None:
+            await self._engine.dispose()
+            self._engine = None
+            self._session_maker = None
+
+    async def create_tables(self) -> None:
+        """Create all tables defined on Base if they don't exist."""
+        if self._engine is None:
+            raise RuntimeError("SessionManager not initialised — call .init() first")
+        async with self._engine.begin() as conn:
+            await conn.run_sync(Base.metadata.create_all)
+
+    @asynccontextmanager
+    async def session(self) -> AsyncGenerator[AsyncSession, None]:
+        """Yield a session that auto-commits on clean exit and rolls back on error."""
+        if self._session_maker is None:
+            raise RuntimeError("SessionManager not initialised — call .init() first")
+        async with self._session_maker() as sess:
+            try:
+                yield sess
+                await sess.commit()
+            except Exception:
+                await sess.rollback()
+                raise
+            finally:
+                await sess.close()
+
+
+SessionManager = _SessionManager()
+
+
+async def init_db(db_path: Path = DB_PATH) -> None:
+    """Initialise the database engine and create all tables.
+
+    Convenience wrapper used by every CLI command so they don't need to
+    repeat the ``SessionManager.init() / await SessionManager.create_tables()``
+    boilerplate.
+    """
+    SessionManager.init(db_path)
+    await SessionManager.create_tables()
+    await _maybe_migrate()
+
+
+async def _maybe_migrate() -> None:
+    """Apply lightweight additive migrations that are safe to run repeatedly.
+
+    Each migration is wrapped in a try/except so it is idempotent: SQLite
+    raises ``OperationalError`` with "duplicate column name" when a column
+    already exists, which we silently ignore.
+    """
+    engine = SessionManager._engine  # type: ignore[attr-defined]
+    if engine is None:
+        return
+
+    _new_columns = [
+        # (table_name, column_definition)
+        ("graph_contexts", "worker_pid INTEGER"),
+    ]
+
+    async with engine.begin() as conn:
+        for table, col_def in _new_columns:
+            try:
+                await conn.execute(text(f"ALTER TABLE {table} ADD COLUMN {col_def}"))
+            except OperationalError:
+                # Column already exists — nothing to do.
+                pass

cli/fsm.py

@@ -0,0 +1,87 @@
+"""State machine for the autonomous coding agent.
+
+Defines all valid states and the legal transition graph.
+All state transitions must go through ``transition()`` to enforce correctness.
+"""
+
+from __future__ import annotations
+
+from enum import Enum
+
+
+class TicketState(str, Enum):
+    """All lifecycle states a ticket can be in."""
+
+    RECEIVED = "RECEIVED"
+    PREPARE_ENV = "PREPARE_ENV"
+    PLAN = "PLAN"
+    IMPLEMENT = "IMPLEMENT"
+    VALIDATE = "VALIDATE"
+    CREATE_PR = "CREATE_PR"
+    WAIT_FOR_REVIEW = "WAIT_FOR_REVIEW"
+    RESPOND_TO_REVIEW = "RESPOND_TO_REVIEW"
+    MERGED = "MERGED"
+    FAILED = "FAILED"
+
+    @property
+    def is_terminal(self) -> bool:
+        """True for states from which no further transitions are possible."""
+        return self in (TicketState.MERGED, TicketState.FAILED)
+
+    @property
+    def is_active(self) -> bool:
+        """True for states where the orchestrator is actively running work."""
+        return self not in (
+            TicketState.WAIT_FOR_REVIEW,
+            TicketState.MERGED,
+            TicketState.FAILED,
+        )
+
+
+# Directed adjacency list — only these transitions are legal.
+VALID_TRANSITIONS: dict[TicketState, list[TicketState]] = {
+    TicketState.RECEIVED: [TicketState.PREPARE_ENV, TicketState.FAILED],
+    TicketState.PREPARE_ENV: [TicketState.PLAN, TicketState.FAILED],
+    TicketState.PLAN: [TicketState.IMPLEMENT, TicketState.FAILED],
+    TicketState.IMPLEMENT: [TicketState.VALIDATE, TicketState.FAILED],
+    TicketState.VALIDATE: [
+        TicketState.CREATE_PR,
+        TicketState.WAIT_FOR_REVIEW,
+        TicketState.IMPLEMENT,
+        TicketState.FAILED,
+    ],
+    TicketState.CREATE_PR: [TicketState.WAIT_FOR_REVIEW, TicketState.FAILED],
+    TicketState.WAIT_FOR_REVIEW: [
+        TicketState.RESPOND_TO_REVIEW,
+        TicketState.MERGED,
+        TicketState.FAILED,
+    ],
+    TicketState.RESPOND_TO_REVIEW: [
+        TicketState.VALIDATE,
+        TicketState.WAIT_FOR_REVIEW,
+        TicketState.FAILED,
+    ],
+    TicketState.MERGED: [],
+    TicketState.FAILED: [],
+}
+
+
+class InvalidTransitionError(Exception):
+    """Raised when an illegal state transition is attempted."""
+
+    def __init__(self, current: TicketState, target: TicketState) -> None:
+        super().__init__(f"Cannot transition from {current.value} to {target.value}")
+        self.current = current
+        self.target = target
+
+
+def transition(current: TicketState, target: TicketState) -> TicketState:
+    """
+    Validate and perform a state transition.
+
+    Raises:
+        InvalidTransitionError: if the target state is not reachable from current.
+    """
+    if target not in VALID_TRANSITIONS.get(current, []):
+        raise InvalidTransitionError(current, target)
+    return target

cli/local_runner/__init__.py

@@ -0,0 +1,85 @@
+"""cli.local_runner — public API re-exports.
+
+All callers that do ``from cli import local_runner`` or
+``local_runner.<symbol>`` continue to work unchanged.  Symbols are imported
+from their new sub-modules and re-exported here.
+"""
+
+from cli.local_runner.docker_primitives import (
+    CONTAINER_WORKSPACE,
+    OPENCODE_AUTH_CONTAINER,
+    OPENCODE_AUTH_HOST,
+    WORKER_IMAGE,
+    WORKSPACE_BASE,
+    _check_tool,
+    _check_worker_image,
+    _run,
+    _start_worker_container,
+)
+from cli.local_runner.credentials import (
+    _install_git_credentials,
+    _make_cred_line,
+    _write_git_credentials,
+)
+from cli.local_runner.repo_detection import (
+    _INFRA_SERVICE_NAMES,
+    _pick_compose_service,
+    detect_repo_container,
+    RepoContainerConfig,
+)
+from cli.local_runner.validation import (
+    _exec_script,
+    _file_exists_in_container,
+    run_validation,
+    ValidationResult,
+)
+from cli.local_runner.workspace import (
+    cleanup_workspace,
+    commit_if_changed,
+    prepare_workspace,
+    push_branch,
+    read_pr_template,
+    recover_container,
+    run_git,
+    run_opencode,
+    workspace_path,
+    WorkspaceSetup,
+)
+
+__all__ = [
+    # docker_primitives
+    "CONTAINER_WORKSPACE",
+    "OPENCODE_AUTH_CONTAINER",
+    "OPENCODE_AUTH_HOST",
+    "WORKER_IMAGE",
+    "_check_tool",
+    "_check_worker_image",
+    "_run",
+    "_start_worker_container",
+    # credentials
+    "_install_git_credentials",
+    "_make_cred_line",
+    "_write_git_credentials",
+    # repo_detection
+    "_INFRA_SERVICE_NAMES",
+    "_pick_compose_service",
+    "detect_repo_container",
+    "RepoContainerConfig",
+    # validation
+    "_exec_script",
+    "_file_exists_in_container",
+    "run_validation",
+    "ValidationResult",
+    # workspace
+    "cleanup_workspace",
+    "commit_if_changed",
+    "prepare_workspace",
+    "push_branch",
+    "read_pr_template",
+    "recover_container",
+    "run_git",
+    "run_opencode",
+    "workspace_path",
+    "WorkspaceSetup",
+    "WORKSPACE_BASE",
+]

cli/local_runner/credentials.py

@@ -0,0 +1,101 @@
+"""Git credential management for the devvy worker container.
+
+Credentials are written via ``docker cp`` so the PAT is never passed through
+a shell command line (avoiding injection via special characters).
+"""
+
+from __future__ import annotations
+
+import tempfile
+from pathlib import Path
+from urllib.parse import urlparse, urlunparse
+
+from cli.local_runner.docker_primitives import _run
+
+
+def _make_cred_line(repo_url: str, ado_pat: str) -> str:
+    """
+    Build a git credential-store entry for the given repo URL and PAT.
+
+    Format: scheme://user:PAT@host
+
+    The username is preserved from the original URL (e.g. the ADO org name that
+    is often embedded as 'OrgName@dev.azure.com').  git credential store matches
+    on username too, so the entry username must match the URL username or git
+    will fall through to an interactive prompt.
+
+    The PAT must be in the password field — if only a username is present git
+    will prompt for the missing password.
+    """
+    parsed = urlparse(repo_url)
+    username = parsed.username or "pat"
+    return urlunparse(parsed._replace(netloc=f"{username}:{ado_pat}@{parsed.hostname}"))
+
+
+def _write_git_credentials(ticket_id: str, repo_url: str, ado_pat: str) -> Path:
+    """
+    Write a temporary git credentials file for the given repo URL and PAT.
+
+    The file is placed at /tmp/devvy-creds-<ticket_id> — outside the workspace
+    bind-mount — so the validation container cannot read it.
+
+    Returns the path to the credentials file (caller must delete it in a finally block).
+    """
+    cred_line = _make_cred_line(repo_url, ado_pat)
+    creds_path = Path(f"/tmp/devvy-creds-{ticket_id}")
+    creds_path.write_text(cred_line + "\n", encoding="utf-8")
+    creds_path.chmod(0o600)
+    return creds_path
+
+
+async def _install_git_credentials(
+    container_id: str, repo_url: str, ado_pat: str, ticket_id: str
+) -> None:
+    """
+    Write a git credentials file inside *container_id* without using shell
+    interpolation of the credential string.
+
+    Strategy: write a host-side tempfile, ``docker cp`` it into the container
+    at /root/.git-credentials, then configure git to use the credential store.
+    This avoids any risk of shell injection from special characters in the PAT
+    or repo URL.
+    """
+    with tempfile.NamedTemporaryFile(
+        mode="w",
+        prefix=f"devvy-creds-{ticket_id[:8]}-",
+        suffix=".txt",
+        delete=False,
+        encoding="utf-8",
+    ) as tmp:
+        tmp.write(_make_cred_line(repo_url, ado_pat) + "\n")
+        tmp_path = Path(tmp.name)
+
+    try:
+        tmp_path.chmod(0o600)
+        await _run(
+            ["docker", "cp", str(tmp_path), f"{container_id}:/root/.git-credentials"]
+        )
+        await _run(
+            [
+                "docker",
+                "exec",
+                container_id,
+                "chmod",
+                "600",
+                "/root/.git-credentials",
+            ]
+        )
+        await _run(
+            [
+                "docker",
+                "exec",
+                container_id,
+                "git",
+                "config",
+                "--global",
+                "credential.helper",
+                "store",
+            ]
+        )
+    finally:
+        tmp_path.unlink(missing_ok=True)

cli/local_runner/docker_primitives.py

@@ -0,0 +1,142 @@
+"""Low-level Docker subprocess wrappers.
+
+These are the only functions that shell out to the Docker CLI.  Everything else
+in the local_runner package calls through here so there is one place to swap
+the Docker backend or adjust error handling.
+"""
+
+from __future__ import annotations
+
+import asyncio
+import shutil
+import sys
+from pathlib import Path
+
+
+WORKSPACE_BASE = Path.home() / ".devvy" / "workspaces"
+WORKER_IMAGE = "devvy-worker:latest"
+CONTAINER_WORKSPACE = "/workspace"
+OPENCODE_AUTH_HOST = Path.home() / ".local" / "share" / "opencode" / "auth.json"
+OPENCODE_AUTH_CONTAINER = "/root/.local/share/opencode/auth.json"
+
+_DOCKERFILE_NAME = "worker.dockerfile"
+
+
+def _check_tool(name: str) -> None:
+    if shutil.which(name) is None:
+        raise RuntimeError(
+            f"'{name}' not found on PATH. Please install it before running devvy."
+        )
+
+
+def _find_repo_root() -> Path | None:
+    """Walk up from this file looking for worker.dockerfile to find the repo root."""
+    current = Path(__file__).resolve().parent
+    for _ in range(10):  # guard against infinite traversal
+        if (current / _DOCKERFILE_NAME).exists():
+            return current
+        if current.parent == current:
+            break
+        current = current.parent
+    return None
+
+
+async def _run(
+    cmd: list[str],
+    cwd: Path | None = None,
+    check: bool = True,
+) -> str:
+    """Run a subprocess asynchronously, return combined stdout+stderr."""
+    proc = await asyncio.create_subprocess_exec(
+        *cmd,
+        stdout=asyncio.subprocess.PIPE,
+        stderr=asyncio.subprocess.STDOUT,
+        cwd=cwd,
+    )
+    stdout, _ = await proc.communicate()
+    output = stdout.decode("utf-8", errors="replace") if stdout else ""
+    if check and proc.returncode != 0:
+        raise RuntimeError(
+            f"`{' '.join(cmd)}` failed (exit {proc.returncode}):\n{output}"
+        )
+    return output
+
+
+async def _build_worker_image(repo_root: Path) -> None:
+    """Build devvy-worker:latest, streaming Docker output to stderr."""
+    print(
+        f"devvy-worker image not found — building it now (this only happens once)...",
+        file=sys.stderr,
+    )
+    proc = await asyncio.create_subprocess_exec(
+        "docker",
+        "build",
+        "-f",
+        _DOCKERFILE_NAME,
+        "-t",
+        WORKER_IMAGE,
+        ".",
+        cwd=repo_root,
+        stdout=sys.stderr,
+        stderr=sys.stderr,
+    )
+    await proc.wait()
+    if proc.returncode != 0:
+        raise RuntimeError(
+            f"Failed to build '{WORKER_IMAGE}' (exit {proc.returncode}).\n"
+            f"You can retry manually from {repo_root}:\n\n"
+            f"    docker build -f {_DOCKERFILE_NAME} -t {WORKER_IMAGE} .\n"
+        )
+    print(f"Successfully built {WORKER_IMAGE}.", file=sys.stderr)
+
+
+async def _check_worker_image() -> None:
+    """Ensure devvy-worker:latest exists locally, auto-building it if not."""
+    try:
+        await _run(["docker", "image", "inspect", WORKER_IMAGE], check=True)
+        return  # image already present
+    except RuntimeError:
+        pass
+
+    repo_root = _find_repo_root()
+    if repo_root is None:
+        raise RuntimeError(
+            f"Docker image '{WORKER_IMAGE}' not found and '{_DOCKERFILE_NAME}' "
+            f"could not be located.\n"
+            f"Build the image manually from the devvy repo root:\n\n"
+            f"    docker build -f {_DOCKERFILE_NAME} -t {WORKER_IMAGE} .\n"
+        )
+
+    await _build_worker_image(repo_root)
+
+
+async def _start_worker_container(
+    ticket_id: str,
+    ws: Path,
+    repo_url: str,
+    ado_pat: str,
+) -> str:
+    """Spin up a devvy-worker container for *ticket_id* with *ws* bind-mounted.
+
+    Mounts the opencode auth file read-only if it exists on the host, installs
+    git credentials inside the container, and returns the container ID.
+    """
+    from cli.local_runner.credentials import _install_git_credentials
+
+    container_name = f"devvy-worker-{ticket_id[:8]}"
+    docker_cmd = [
+        "docker",
+        "run",
+        "--detach",
+        "--name",
+        container_name,
+        "-v",
+        f"{ws}:{CONTAINER_WORKSPACE}",
+    ]
+    if OPENCODE_AUTH_HOST.exists():
+        docker_cmd += ["-v", f"{OPENCODE_AUTH_HOST}:{OPENCODE_AUTH_CONTAINER}:ro"]
+    docker_cmd.append(WORKER_IMAGE)
+
+    container_id = (await _run(docker_cmd)).strip()
+    await _install_git_credentials(container_id, repo_url, ado_pat, ticket_id)
+    return container_id