Kayos
0ec3a04676
- db.py: migrations + DAOs for tokens / projects / jobs / findings (SQLite WAL)
- auth.py: SHA-256 bearer hashing + LAN-CIDR allowlist + admin/app token tiers
- models.py: Pydantic shapes (Project, Subproject, Schedule, Notify, Job, CreateJobRequest)
- server.py: FastAPI on port 8810; /healthz, /admin/tokens/*, /projects/*, /jobs, /jobs/{id}, /jobs/{id}/log, /jobs/{id}/findings
- runner.py: bounded asyncio pool, per-job timeout with process-group SIGTERM→SIGKILL escalation, orphaned-job recovery on boot
- workspace.py: bare-clone + worktree materialization, gc
- config.py: env-driven
- 62 tests across db / auth / projects / jobs / runner / e2e — all green
Cross-token project access returns 404 (not 403) — existence-leak guard.
Bearer tokens hashed at rest; admin token bootstrapped on first boot.
Recipe subprocess uses start_new_session=True so killpg targets the
whole process tree on timeout — child processes can't escape SIGKILL.
Pump task guarded with wait_for(2s) + cancel fallback against any
orphan that survives the group kill.
Wave 2 (parsers + findings extraction + MCP + email digest) pending.
Spec: memory/spec-crafting-table.md
49 lines
381 B
Text
49 lines
381 B
Text
# Python
|
|
__pycache__/
|
|
*.pyc
|
|
*.pyo
|
|
.venv/
|
|
venv/
|
|
.mypy_cache/
|
|
.ruff_cache/
|
|
.pytest_cache/
|
|
|
|
# Node / TS
|
|
node_modules/
|
|
dist/
|
|
*.tsbuildinfo
|
|
|
|
# Rust
|
|
target/
|
|
|
|
# Go
|
|
/bin/
|
|
|
|
# Java / Kotlin / Gradle / Maven
|
|
build/
|
|
out/
|
|
.gradle/
|
|
*.class
|
|
*.jar
|
|
.mvn/
|
|
|
|
# .NET
|
|
.dotnet/
|
|
obj/
|
|
|
|
# Swift
|
|
.swiftpm/
|
|
.build/
|
|
*.xcodeproj/
|
|
|
|
# Misc
|
|
.cache/
|
|
.env
|
|
*.log
|
|
.DS_Store
|
|
|
|
# Editor
|
|
.vscode/
|
|
.idea/
|
|
*.swp
|
|
*.egg-info/
|