omneval-devloop 0.0.1__py3-none-any.whl

devloop/schedules.py

@@ -0,0 +1,82 @@
+"""Temporal Schedules for the Dev Loop nightly sweep and weekly summary.
+
+* Nightly (03:00): start a Dev Loop per enrolled project. The Plan phase no-ops
+  cleanly when a project has no open agent-ready issues (issue #20).
+* Weekly (Mon 08:00): start a Summarization workflow per project (issue #24).
+"""
+
+from __future__ import annotations
+
+import logging
+
+from temporalio.client import (
+    Client,
+    Schedule,
+    ScheduleActionStartWorkflow,
+    ScheduleAlreadyRunningError,
+    ScheduleSpec,
+    ScheduleCalendarSpec,
+    ScheduleRange,
+)
+
+from .projects import ProjectConfig
+from .shared import ORCHESTRATION_QUEUE
+
+log = logging.getLogger(__name__)
+
+
+async def _ensure(client: Client, schedule_id: str, schedule: Schedule) -> None:
+    try:
+        await client.create_schedule(schedule_id, schedule)
+        log.info("created schedule %s", schedule_id)
+    except ScheduleAlreadyRunningError:
+        log.info("schedule %s already exists", schedule_id)
+
+
+async def ensure_schedules(client: Client, projects: list[ProjectConfig]) -> None:
+    from .dev_loop import DevLoopInput
+    from .summarization import SummarizeInput
+
+    for p in projects:
+        await _ensure(
+            client,
+            f"devloop-nightly-{p.id}",
+            Schedule(
+                action=ScheduleActionStartWorkflow(
+                    "DevLoopWorkflow",
+                    DevLoopInput(project_id=p.id, agent_label=p.agent_label),
+                    id=f"devloop-nightly-{p.id}",
+                    task_queue=ORCHESTRATION_QUEUE,
+                ),
+                spec=ScheduleSpec(
+                    calendars=[
+                        ScheduleCalendarSpec(
+                            hour=[ScheduleRange(3)],
+                            minute=[ScheduleRange(0)],
+                        )
+                    ]
+                ),
+            ),
+        )
+        await _ensure(
+            client,
+            f"summarize-weekly-{p.id}",
+            Schedule(
+                action=ScheduleActionStartWorkflow(
+                    "SummarizationWorkflow",
+                    SummarizeInput(project_id=p.id, trigger="weekly"),
+                    id=f"summarize-weekly-{p.id}",
+                    task_queue=ORCHESTRATION_QUEUE,
+                ),
+                spec=ScheduleSpec(
+                    calendars=[
+                        ScheduleCalendarSpec(
+                            # Monday = 1 in Temporal's day-of-week range
+                            day_of_week=[ScheduleRange(1)],
+                            hour=[ScheduleRange(8)],
+                            minute=[ScheduleRange(0)],
+                        )
+                    ]
+                ),
+            ),
+        )

devloop/shared.py

@@ -0,0 +1,244 @@
+"""Sandbox-safe data structures shared between workflows and activities.
+
+This module is imported by both Temporal workflow definitions (which run in
+the deterministic sandbox) and activity code, so it must only import from the
+standard library — no I/O, no threading, no network clients.
+"""
+
+from __future__ import annotations
+
+import json
+import os
+from dataclasses import asdict, dataclass, field
+from enum import Enum
+
+# Task queues — override via env vars to match helm chart values.
+# MESSAGING_TASK_QUEUE is the queue name for whichever messaging platform bot is
+# deployed (discord-bot, slack-bot, etc.); set it in helm values alongside the
+# bot's own TASK_QUEUE so both sides agree on the queue name.
+ORCHESTRATION_QUEUE = os.getenv("ORCHESTRATION_QUEUE", "devloop-orchestration")
+MESSAGING_QUEUE = os.getenv("MESSAGING_TASK_QUEUE", "discord-bot")
+
+# Discord channel logical names (resolved to IDs inside the bot)
+CHANNEL_APPROVALS = "approvals"
+CHANNEL_ALERTS = "alerts"
+CHANNEL_CHANGELOG = "changelog"
+
+# Agent Job output ConfigMap contract: the keys the worker and the Agent
+# Execution Job exchange through the Job's output ConfigMap. Defined here so both
+# the devloop-temporal-worker and devloop-agent-base images reference one source.
+KEY_RESULT = "result"  # the JSON-encoded AgentJobResult payload
+KEY_HUMAN_ANSWER = "human_answer"  # a human's mid-run reply patched back in
+
+
+class Phase(str, Enum):
+    PLAN = "plan"
+    EXECUTE = "execute"
+    REVIEW = "review"
+    MERGE = "merge"
+    DIAGNOSIS = "diagnosis"
+    REMEDIATION = "remediation"
+    SUMMARIZE = "summarize"
+
+
+class JobStatus(str, Enum):
+    COMPLETE = "complete"
+    FAILED = "failed"
+    AWAITING_HUMAN = "awaiting_human"
+
+
+# ---------------------------------------------------------------------------
+# Discord activity I/O (mirror of images/discord-bot/activities.py dataclasses)
+# ---------------------------------------------------------------------------
+
+
+@dataclass
+class SendMessageInput:
+    workflow_id: str
+    message: str
+    channel: str = CHANNEL_APPROVALS
+    thread_name: str = ""
+
+
+@dataclass
+class SendMessageOutput:
+    thread_id: str
+
+
+@dataclass
+class SendNotificationInput:
+    workflow_id: str
+    message: str
+
+
+@dataclass
+class ArchiveThreadInput:
+    workflow_id: str
+
+
+# ---------------------------------------------------------------------------
+# GitHub activity I/O
+# ---------------------------------------------------------------------------
+
+
+@dataclass
+class InlineComment:
+    file: str
+    line: int
+    body: str
+
+
+@dataclass
+class PostCommentsInput:
+    """Reviewer findings posted to a PR: a PR-level ``summary`` plus optional
+    line-anchored ``inline_comments``. Built by the workflow from the review
+    Agent Execution Job's ``review`` payload, consumed by the ``post_pr_comments``
+    activity."""
+
+    project_id: str
+    pr_number: int
+    summary: str
+    inline_comments: list[InlineComment] = field(default_factory=list)
+
+
+# ---------------------------------------------------------------------------
+# Execution model
+# ---------------------------------------------------------------------------
+
+
+@dataclass
+class TaskSpec:
+    """The instruction payload handed to an Agent Execution Job.
+
+    Serialized into the Job's ``TASK_SPEC`` env var by the worker and rebuilt by
+    the agent entrypoint — both via the methods below, so the field set has one
+    owner."""
+
+    phase: str
+    project_id: str
+    issue_number: int = 0
+    title: str = ""
+    body: str = ""
+    branch: str = ""
+    instructions: str = ""
+    # phase-specific extras (review rubric, merge branch list, alert payload …)
+    extra: dict = field(default_factory=dict)
+
+    def to_env_value(self) -> str:
+        """Render the ``TASK_SPEC`` env value the Agent Execution Job reads."""
+        return json.dumps(asdict(self))
+
+    @classmethod
+    def from_env(cls, raw: str) -> "TaskSpec":
+        """Rebuild a TaskSpec from the ``TASK_SPEC`` env value (agent side)."""
+        d = json.loads(raw or "{}")
+        return cls(
+            phase=d.get("phase", "execute"),
+            project_id=d.get("project_id", ""),
+            issue_number=int(d.get("issue_number", 0) or 0),
+            title=d.get("title", ""),
+            body=d.get("body", ""),
+            branch=d.get("branch", ""),
+            instructions=d.get("instructions", ""),
+            extra=d.get("extra", {}) or {},
+        )
+
+
+@dataclass
+class AgentJobResult:
+    """The result an Agent Execution Job writes to its output ConfigMap.
+
+    The agent serializes one of these with :meth:`to_payload`; the worker rebuilds
+    it with :meth:`from_payload`. ``job_name`` is assigned by the reader (the
+    worker knows which Job it polled) and is not part of the wire payload."""
+
+    status: str = JobStatus.FAILED.value
+    job_name: str = ""
+    issue_number: int = 0
+    branch: str = ""
+    pr_url: str = ""
+    # number of commits the agent produced (execute/review phases)
+    commits: int = 0
+    tests_passed: bool = False
+    # mid-run question (status == awaiting_human)
+    question: str = ""
+    # plan phase output (codebase-grounded plan from the planner Agent Job)
+    plan: dict | None = None
+    # review phase output
+    review: dict | None = None
+    # diagnosis phase output
+    diagnosis: dict | None = None
+    # merge / summarize output
+    summary: str = ""
+    merged_issues: list[int] = field(default_factory=list)
+    merge_commit: str = ""
+    error: str = ""
+
+    def to_payload(self) -> dict:
+        """Render the dict the agent stores under ``KEY_RESULT`` (drops the
+        reader-assigned ``job_name``)."""
+        d = asdict(self)
+        d.pop("job_name", None)
+        return d
+
+    @classmethod
+    def from_payload(cls, payload: dict, job_name: str) -> "AgentJobResult":
+        """Rebuild an AgentJobResult from a Job's output payload (worker side)."""
+        return cls(
+            status=payload.get("status", JobStatus.FAILED.value),
+            job_name=job_name,
+            issue_number=int(payload.get("issue_number", 0) or 0),
+            branch=payload.get("branch", ""),
+            pr_url=payload.get("pr_url", ""),
+            commits=int(payload.get("commits", 0) or 0),
+            tests_passed=bool(payload.get("tests_passed", False)),
+            question=payload.get("question", ""),
+            plan=payload.get("plan"),
+            review=payload.get("review"),
+            diagnosis=payload.get("diagnosis"),
+            summary=payload.get("summary", ""),
+            merged_issues=list(payload.get("merged_issues", []) or []),
+            merge_commit=payload.get("merge_commit", ""),
+            error=payload.get("error", ""),
+        )
+
+
+@dataclass
+class DispatchInput:
+    project_id: str
+    issue_number: int
+    task_spec: TaskSpec
+    # test override: poll interval / job ttl (seconds)
+    poll_interval_seconds: float = 5.0
+    retention_seconds: float = 300.0
+    # For jobs not backed by a registry project (e.g. custom consumer workflows):
+    # override the image / omneval ingest secret / repo without a registry entry.
+    image_override: str = ""
+    omneval_secret_override: str = ""
+    github_url_override: str = ""
+    # GitHub token Secret name; empty means the job needs no GitHub access
+    github_token_secret_override: str = ""
+    # ServiceAccount the Job pod runs as; empty falls back to the default SA
+    service_account_override: str = ""
+
+
+@dataclass
+class OpenAgentPRsInput:
+    """Input for the activity that lists issue numbers with an open agent PR."""
+
+    project_id: str
+
+
+@dataclass
+class AnswerInput:
+    job_name: str
+    answer: str
+
+
+@dataclass
+class AwaitInput:
+    """Resume polling a parked Job. Only the job name and poll cadence are needed
+    — the poll reads neither project nor task spec."""
+
+    job_name: str
+    poll_interval_seconds: float = 5.0

devloop/summarization.py

@@ -0,0 +1,69 @@
+"""Summarization workflow (issue #24).
+
+Runs after a successful Merge (as a Dev Loop child workflow) and on a weekly
+Temporal Schedule. Reads the changes since the last summarized commit, asks the
+LLM for a plain-English digest, and posts it to ``#changelog``.
+
+Sandbox-safe: only stdlib + shared imports here. The I/O (GitHub compare, LLM
+call, dedup state) lives in ``summarize_activities`` and is referenced by name.
+"""
+
+from __future__ import annotations
+
+from dataclasses import dataclass, field
+from datetime import timedelta
+
+from temporalio import workflow
+from temporalio.common import RetryPolicy
+
+from .shared import CHANNEL_CHANGELOG, MESSAGING_QUEUE, SendMessageInput
+
+_RETRY = RetryPolicy(maximum_attempts=3)
+
+
+@dataclass
+class SummarizeInput:
+    project_id: str
+    trigger: str = "post-merge"  # post-merge | weekly
+    head_sha: str = ""
+    closed_issues: list[int] = field(default_factory=list)
+
+
+@dataclass
+class SummarizeResult:
+    skipped: bool = False
+    summary: str = ""
+    head_sha: str = ""
+
+
+@workflow.defn
+class SummarizationWorkflow:
+    @workflow.run
+    async def run(self, inp: SummarizeInput) -> SummarizeResult:
+        result: SummarizeResult = await workflow.execute_activity(
+            "summarize_changes",
+            inp,
+            result_type=SummarizeResult,
+            start_to_close_timeout=timedelta(minutes=10),
+            retry_policy=_RETRY,
+        )
+        if result.skipped:
+            workflow.logger.info(
+                "summary skipped (no new changes) for %s", inp.project_id
+            )
+            return result
+
+        title = f"{inp.project_id} — {inp.trigger} digest"
+        await workflow.execute_activity(
+            "send_message",
+            SendMessageInput(
+                workflow_id=workflow.info().workflow_id,
+                message=result.summary,
+                channel=CHANNEL_CHANGELOG,
+                thread_name=title,
+            ),
+            task_queue=MESSAGING_QUEUE,
+            start_to_close_timeout=timedelta(seconds=60),
+            retry_policy=_RETRY,
+        )
+        return result

devloop/summarize_activities.py

@@ -0,0 +1,130 @@
+"""I/O activities for the Summarization workflow (issue #24).
+
+* dedup state (last-summarized commit SHA per project) is kept in a ConfigMap.
+* the change set is read from the GitHub compare API (no clone needed).
+* the digest is produced by a single-turn LLM call against the homelab model.
+"""
+
+from __future__ import annotations
+
+import json
+import logging
+import os
+
+from temporalio import activity
+
+from . import cluster
+from .github_ops import _client  # reuse the authed httpx client
+from .projects import get_project, parse_github_repo
+from .summarization import SummarizeInput, SummarizeResult
+
+log = logging.getLogger(__name__)
+
+STATE_CONFIGMAP = os.getenv("SUMMARY_STATE_CONFIGMAP", "dev-loop-summary-state")
+OPENAI_BASE_URL = os.getenv("AGENT_OPENAI_BASE_URL", "http://192.168.68.104/v1")
+SUMMARY_MODEL = os.getenv("SUMMARY_MODEL", "qwen3-27b")
+
+
+# --------------------------------------------------------------------------- #
+# Pure helpers
+# --------------------------------------------------------------------------- #
+def should_summarize(last_sha: str, head_sha: str, closed_issues: list[int]) -> bool:
+    """Skip only when nothing new has landed since the last summary."""
+    if closed_issues:
+        return True
+    if not head_sha:
+        return False
+    return head_sha != last_sha
+
+
+def build_prompt(commits: list[str], issues: list[dict]) -> str:
+    commit_block = "\n".join(f"- {c}" for c in commits) or "- (no new commits)"
+    issue_block = (
+        "\n".join(f"- #{i['number']} {i['title']}" for i in issues) or "- (none)"
+    )
+    return (
+        "You are writing a changelog entry for a homelab Kubernetes repo. "
+        "Given the commit messages and resolved issues below, write a short "
+        "plain-English paragraph explaining WHAT changed and WHY, followed by a "
+        "bullet list of the resolved issues by title. Do NOT include raw diff "
+        "lines or git hashes.\n\n"
+        f"Commit messages:\n{commit_block}\n\nResolved issues:\n{issue_block}\n"
+    )
+
+
+# --------------------------------------------------------------------------- #
+# Dedup state — last-summarized SHA per project, kept in a ConfigMap
+# --------------------------------------------------------------------------- #
+def get_last_sha(project_id: str) -> str:
+    data = cluster.read_configmap_data(STATE_CONFIGMAP) or {}
+    return json.loads(data.get("last-sha", "{}")).get(project_id, "")
+
+
+def set_last_sha(project_id: str, sha: str) -> None:
+    data = cluster.read_configmap_data(STATE_CONFIGMAP) or {}
+    mapping = json.loads(data.get("last-sha", "{}"))
+    mapping[project_id] = sha
+    cluster.patch_configmap_data(STATE_CONFIGMAP, {"last-sha": json.dumps(mapping)})
+
+
+# --------------------------------------------------------------------------- #
+# GitHub + LLM
+# --------------------------------------------------------------------------- #
+def _fetch_changes(
+    repo: str, base: str, head: str, closed: list[int]
+) -> tuple[list[str], list[dict], str]:
+    commits: list[str] = []
+    issues: list[dict] = []
+    resolved_head = head
+    with _client() as c:
+        if not resolved_head:
+            r = c.get(f"/repos/{repo}/commits", params={"per_page": 1})
+            r.raise_for_status()
+            resolved_head = r.json()[0]["sha"]
+        if base and base != resolved_head:
+            r = c.get(f"/repos/{repo}/compare/{base}...{resolved_head}")
+            if r.status_code == 200:
+                commits = [
+                    cm["commit"]["message"].splitlines()[0]
+                    for cm in r.json().get("commits", [])
+                ]
+        for n in closed:
+            r = c.get(f"/repos/{repo}/issues/{n}")
+            if r.status_code == 200:
+                j = r.json()
+                issues.append({"number": j["number"], "title": j["title"]})
+    return commits, issues, resolved_head
+
+
+def _llm_summary(prompt: str) -> str:
+    import httpx
+
+    resp = httpx.post(
+        f"{OPENAI_BASE_URL}/chat/completions",
+        json={
+            "model": SUMMARY_MODEL,
+            "messages": [{"role": "user", "content": prompt}],
+            "temperature": 0.3,
+        },
+        timeout=120.0,
+    )
+    resp.raise_for_status()
+    return resp.json()["choices"][0]["message"]["content"].strip()
+
+
+@activity.defn
+async def summarize_changes(inp: SummarizeInput) -> SummarizeResult:
+    cfg = get_project(inp.project_id)
+    repo = parse_github_repo(cfg.github_url)
+    last_sha = get_last_sha(inp.project_id)
+
+    commits, issues, head = _fetch_changes(
+        repo, last_sha, inp.head_sha, inp.closed_issues
+    )
+
+    if not should_summarize(last_sha, head, inp.closed_issues):
+        return SummarizeResult(skipped=True, head_sha=head)
+
+    summary = _llm_summary(build_prompt(commits, issues))
+    set_last_sha(inp.project_id, head)
+    return SummarizeResult(skipped=False, summary=summary, head_sha=head)

devloop/webhook.py

@@ -0,0 +1,105 @@
+"""Webhook receiver for the Orchestration Worker (issues #20, #25, #31).
+
+A FastAPI app served alongside the Temporal worker:
+
+* ``POST /webhook/github`` — GitHub ``issues`` events; an ``agent-ready`` label
+  on an issue starts a Dev Loop workflow for the matching enrolled project.
+  HMAC-SHA256 signature verification is enforced when ``GITHUB_WEBHOOK_SECRET``
+  is set (GitHub sends the ``X-Hub-Signature-256`` header).
+* ``POST /alertmanager/webhook`` — AlertManager alerts; each starts an Alert
+  Response workflow.
+"""
+
+from __future__ import annotations
+
+import hashlib
+import hmac
+import json
+import logging
+import os
+
+from fastapi import FastAPI, Request, Response
+from temporalio.client import Client
+from temporalio.common import WorkflowIDConflictPolicy
+
+from .projects import ProjectConfig, parse_github_repo
+from .shared import ORCHESTRATION_QUEUE
+
+log = logging.getLogger(__name__)
+
+# Module-level constant so tests can monkeypatch ``webhook.GITHUB_WEBHOOK_SECRET``.
+GITHUB_WEBHOOK_SECRET: str = os.environ.get("GITHUB_WEBHOOK_SECRET", "")
+
+
+def _verify_github_signature(body: bytes, signature: str) -> bool:
+    """Return True iff the ``X-Hub-Signature-256`` value matches the body HMAC.
+
+    The HMAC is computed over the exact raw request bytes — not re-serialised
+    JSON — using ``GITHUB_WEBHOOK_SECRET`` as the key.  Comparison is done with
+    ``hmac.compare_digest`` to resist timing attacks.
+    """
+    expected = hmac.new(
+        GITHUB_WEBHOOK_SECRET.encode(), body, hashlib.sha256
+    ).hexdigest()
+    # GitHub sends "sha256=<hex>" — strip the prefix before comparing.
+    received = signature.removeprefix("sha256=")
+    return hmac.compare_digest(expected, received)
+
+
+def create_app(client: Client, projects: list[ProjectConfig]) -> FastAPI:
+    app = FastAPI(title="orchestration-worker-webhooks")
+    by_repo = {parse_github_repo(p.github_url): p for p in projects}
+
+    @app.get("/healthz")
+    async def healthz():
+        return {"ok": True}
+
+    @app.post("/webhook/github")
+    async def github_webhook(request: Request):
+        # Read raw bytes first so HMAC is computed over the exact wire body.
+        body = await request.body()
+
+        if GITHUB_WEBHOOK_SECRET:
+            sig = request.headers.get("X-Hub-Signature-256", "")
+            if not sig or not _verify_github_signature(body, sig):
+                log.warning("GitHub webhook: invalid or missing signature")
+                return Response(
+                    content='{"detail":"invalid signature"}',
+                    status_code=401,
+                    media_type="application/json",
+                )
+
+        payload = json.loads(body)
+        event = request.headers.get("X-GitHub-Event", "")
+        if event != "issues" or payload.get("action") != "labeled":
+            return {"ignored": f"event={event} action={payload.get('action')}"}
+
+        label = (payload.get("label") or {}).get("name", "")
+        repo = (payload.get("repository") or {}).get("full_name", "")
+        project = by_repo.get(repo)
+        if project is None or label != project.agent_label:
+            return {"ignored": f"repo={repo} label={label}"}
+
+        issue_number = (payload.get("issue") or {}).get("number")
+        wf_id = f"devloop-{project.id}"
+        await client.start_workflow(
+            "DevLoopWorkflow",
+            _dev_loop_input(project.id, project.agent_label),
+            id=wf_id,
+            task_queue=ORCHESTRATION_QUEUE,
+            id_conflict_policy=WorkflowIDConflictPolicy.USE_EXISTING,
+        )
+        log.info(
+            "triggered Dev Loop %s for %s (issue #%s)", wf_id, project.id, issue_number
+        )
+        return {"workflow_id": wf_id, "project": project.id, "issue": issue_number}
+
+    return app
+
+
+# Inputs are built lazily to avoid importing the workflow modules (and their
+# passthrough deps) at module import time in the webhook process path.
+def _dev_loop_input(project_id: str, agent_label: str):
+    from .dev_loop import DevLoopInput
+
+    return DevLoopInput(project_id=project_id, agent_label=agent_label)