Sulkta-Coop/crafting-table
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
Polyglot dev/build/audit container with autonomous patch loop + email digest. Recipes for every Sulkta repo, structured findings back to clawdforge.
3 commits 1 branch 0 tags 284 KiB
Find a file
Kayos 0ec3a04676 v0.1 wave 1 (steps 2+3+4): SQLite ledger + FastAPI skeleton + async job runner 
- db.py: migrations + DAOs for tokens / projects / jobs / findings (SQLite WAL)
- auth.py: SHA-256 bearer hashing + LAN-CIDR allowlist + admin/app token tiers
- models.py: Pydantic shapes (Project, Subproject, Schedule, Notify, Job, CreateJobRequest)
- server.py: FastAPI on port 8810; /healthz, /admin/tokens/*, /projects/*, /jobs, /jobs/{id}, /jobs/{id}/log, /jobs/{id}/findings
- runner.py: bounded asyncio pool, per-job timeout with process-group SIGTERM→SIGKILL escalation, orphaned-job recovery on boot
- workspace.py: bare-clone + worktree materialization, gc
- config.py: env-driven
- 62 tests across db / auth / projects / jobs / runner / e2e — all green

Cross-token project access returns 404 (not 403) — existence-leak guard.
Bearer tokens hashed at rest; admin token bootstrapped on first boot.
Recipe subprocess uses start_new_session=True so killpg targets the
whole process tree on timeout — child processes can't escape SIGKILL.
Pump task guarded with wait_for(2s) + cancel fallback against any
orphan that survives the group kill.

Wave 2 (parsers + findings extraction + MCP + email digest) pending.

Spec: memory/spec-crafting-table.md
2026-04-29 08:17:41 -07:00
crafting_table v0.1 wave 1 (steps 2+3+4): SQLite ledger + FastAPI skeleton + async job runner 2026-04-29 08:17:41 -07:00
tests v0.1 wave 1 (steps 2+3+4): SQLite ledger + FastAPI skeleton + async job runner 2026-04-29 08:17:41 -07:00
.env.example v0.1 wave 1 (steps 2+3+4): SQLite ledger + FastAPI skeleton + async job runner 2026-04-29 08:17:41 -07:00
.gitignore v0.1 wave 1 (steps 2+3+4): SQLite ledger + FastAPI skeleton + async job runner 2026-04-29 08:17:41 -07:00
compose.yml v0.1 step 1: Dockerfile + per-language toolchain smoke 2026-04-29 07:29:53 -07:00
Dockerfile v0.1 step 1: Dockerfile + per-language toolchain smoke 2026-04-29 07:29:53 -07:00
LICENSE Initial commit 2026-04-29 07:22:04 -07:00
pyproject.toml v0.1 wave 1 (steps 2+3+4): SQLite ledger + FastAPI skeleton + async job runner 2026-04-29 08:17:41 -07:00
README.md v0.1 step 1: Dockerfile + per-language toolchain smoke 2026-04-29 07:29:53 -07:00
requirements.txt v0.1 wave 1 (steps 2+3+4): SQLite ledger + FastAPI skeleton + async job runner 2026-04-29 08:17:41 -07:00
smoke.sh v0.1 step 1: Dockerfile + per-language toolchain smoke 2026-04-29 07:29:53 -07:00

README.md

crafting-table

Polyglot dev/build/audit container — the build farm for the Sulkta ecosystem.

What this is

A single Docker container with every toolchain we work with, used as a reliable place to compile / test / audit any Sulkta repo regardless of where the caller is — agents, Claude sessions, ad-hoc curl, scheduled cron.

Eventual surface (v0.1 full): HTTP API + MCP server + project registry + job runner + structured findings + email digest + autonomous patch loop through clawdforge.

Spec: Sulkta-Coop/openclaw-workspace/memory/spec-crafting-table.md (LAN-only).

Status — v0.1 step 1 of 10

  • Step 1: Dockerfile + per-language smoke
  • Step 2: SQLite ledger + project registry
  • Step 3: HTTP API skeleton (FastAPI, port 8810)
  • Step 4: Job runner core (asyncio worker pool)
  • Step 5: Per-language parsers (Rust / Python / Go / TS first)
  • Step 6: Findings extraction + storage
  • Step 7: MCP server (stdio JSON-RPC, 8 tools)
  • Step 8: Email digest scheduler
  • Step 9: Autonomous patch loop (clawdforge integration)
  • Step 10: Production recipes — clawdforge, cauldron, tradecraft

Toolchains in v0.1

Lang Versions / extras
Python 3.11 (Debian default) + uv, pipx, pip-audit, ruff, mypy, pytest, semgrep
Node 22.11.0 LTS + npm, pnpm, tsx, eslint, typescript
Bun latest (rolling)
Go 1.22.10 + govulncheck, staticcheck
Rust stable (rustup) + clippy, rustfmt, cargo-audit, cargo-deny
Ruby 3.1 (Debian default) + bundler, bundler-audit, rubocop
PHP 8.2 (Debian default) + composer, phpstan, phpunit
JDK 17 (default) + 21 (Temurin, alongside via JAVA_HOME_21)
Maven 3.x (Debian)
Gradle 8.10
.NET 8.0 SDK
Swift 5.9.2 (Ubuntu 22.04 tarball — works on Debian bookworm)
Kotlin 1.9.25 (compiler)
C/C++ clang + lld + cmake + ninja + valgrind
Bash bash + shellcheck + bats + shfmt
Generic git, jq, yq, ripgrep, fd, gh-cli, curl, wget

Build + smoke

docker network inspect sulkta >/dev/null 2>&1 || docker network create sulkta
docker compose build
docker compose up
# expect: "=== ALL TOOLCHAINS GREEN ===" then exit 0

The smoke compiles + runs a hello-world in every language. If it exits 0, the image is good.

Image notes

  • Base: debian:bookworm-slim. Swift uses the upstream Ubuntu 22.04 tarball which links against bookworm's libicu/libstdc++ baseline.
  • Runs as non-root user crafter (uid 1000) with passwordless sudo.
  • Volume mount points: /workspace, /caches/{cargo,maven,gradle,npm,pip,bun}, /data. Compose binds these to named volumes so they survive compose down.
  • Network: external sulkta bridge (same one clawdforge + cauldron use). Create with docker network create sulkta if missing.
  • Image size baseline is large (8-15 GB expected). Per spec: that's fine.

Layout

.
├── Dockerfile        # monolith image with all toolchains
├── compose.yml       # build + run-smoke wiring
├── smoke.sh          # per-language hello-world test, baked in at /usr/local/bin/smoke.sh
├── README.md
├── LICENSE           # MIT
└── .gitignore

License

MIT