crafting-table

Sulkta-Coop/crafting-table

Fork 0

Commit graph

Author	SHA1	Message	Date
Kayos	0ec3a04676	v0.1 wave 1 (steps 2+3+4): SQLite ledger + FastAPI skeleton + async job runner - db.py: migrations + DAOs for tokens / projects / jobs / findings (SQLite WAL) - auth.py: SHA-256 bearer hashing + LAN-CIDR allowlist + admin/app token tiers - models.py: Pydantic shapes (Project, Subproject, Schedule, Notify, Job, CreateJobRequest) - server.py: FastAPI on port 8810; /healthz, /admin/tokens/, /projects/, /jobs, /jobs/{id}, /jobs/{id}/log, /jobs/{id}/findings - runner.py: bounded asyncio pool, per-job timeout with process-group SIGTERM→SIGKILL escalation, orphaned-job recovery on boot - workspace.py: bare-clone + worktree materialization, gc - config.py: env-driven - 62 tests across db / auth / projects / jobs / runner / e2e — all green Cross-token project access returns 404 (not 403) — existence-leak guard. Bearer tokens hashed at rest; admin token bootstrapped on first boot. Recipe subprocess uses start_new_session=True so killpg targets the whole process tree on timeout — child processes can't escape SIGKILL. Pump task guarded with wait_for(2s) + cancel fallback against any orphan that survives the group kill. Wave 2 (parsers + findings extraction + MCP + email digest) pending. Spec: memory/spec-crafting-table.md	2026-04-29 08:17:41 -07:00
Kayos	4e668a79e1	v0.1 step 1: Dockerfile + per-language toolchain smoke Monolith image with every toolchain in the spec: - Python 3.12 + uv/ruff/mypy/pytest/pip-audit/semgrep - Node 22 LTS + bun - Go 1.22 + govulncheck/staticcheck - Rust stable + cargo-audit/cargo-deny - Ruby 3.x + bundler-audit - PHP 8.x + composer/phpstan - JDK 17 + 21 + Maven + Gradle - .NET 8 SDK - Swift 5.9.2 - Kotlin 1.9.25 - clang + cmake + valgrind + ASan/UBSan/TSan - bash + shellcheck smoke.sh proves each toolchain compiles + runs a hello-world. compose.yml uses the existing 'sulkta' bridge network. No API yet (steps 2-3); no MCP yet (step 7); no runner yet (step 4). This is the foundation. NOTE: docker build + smoke verification not yet run — sandbox doesn't have docker. Needs `docker compose build && docker compose up` on Lucy or any real Docker host before we trust the Dockerfile. Spec: memory/spec-crafting-table.md	2026-04-29 07:29:53 -07:00

Author

SHA1

Message

Date

Kayos

0ec3a04676

v0.1 wave 1 (steps 2+3+4): SQLite ledger + FastAPI skeleton + async job runner

- db.py: migrations + DAOs for tokens / projects / jobs / findings (SQLite WAL)
- auth.py: SHA-256 bearer hashing + LAN-CIDR allowlist + admin/app token tiers
- models.py: Pydantic shapes (Project, Subproject, Schedule, Notify, Job, CreateJobRequest)
- server.py: FastAPI on port 8810; /healthz, /admin/tokens/*, /projects/*, /jobs, /jobs/{id}, /jobs/{id}/log, /jobs/{id}/findings
- runner.py: bounded asyncio pool, per-job timeout with process-group SIGTERM→SIGKILL escalation, orphaned-job recovery on boot
- workspace.py: bare-clone + worktree materialization, gc
- config.py: env-driven
- 62 tests across db / auth / projects / jobs / runner / e2e — all green

Cross-token project access returns 404 (not 403) — existence-leak guard.
Bearer tokens hashed at rest; admin token bootstrapped on first boot.
Recipe subprocess uses start_new_session=True so killpg targets the
whole process tree on timeout — child processes can't escape SIGKILL.
Pump task guarded with wait_for(2s) + cancel fallback against any
orphan that survives the group kill.

Wave 2 (parsers + findings extraction + MCP + email digest) pending.

Spec: memory/spec-crafting-table.md

2026-04-29 08:17:41 -07:00

Kayos

4e668a79e1

v0.1 step 1: Dockerfile + per-language toolchain smoke

Monolith image with every toolchain in the spec:
- Python 3.12 + uv/ruff/mypy/pytest/pip-audit/semgrep
- Node 22 LTS + bun
- Go 1.22 + govulncheck/staticcheck
- Rust stable + cargo-audit/cargo-deny
- Ruby 3.x + bundler-audit
- PHP 8.x + composer/phpstan
- JDK 17 + 21 + Maven + Gradle
- .NET 8 SDK
- Swift 5.9.2
- Kotlin 1.9.25
- clang + cmake + valgrind + ASan/UBSan/TSan
- bash + shellcheck

smoke.sh proves each toolchain compiles + runs a hello-world.
compose.yml uses the existing 'sulkta' bridge network.

No API yet (steps 2-3); no MCP yet (step 7); no runner yet (step 4).
This is the foundation.

NOTE: docker build + smoke verification not yet run — sandbox doesn't
have docker. Needs `docker compose build && docker compose up` on Lucy
or any real Docker host before we trust the Dockerfile.

Spec: memory/spec-crafting-table.md

2026-04-29 07:29:53 -07:00

2 commits