cb0dbcd371
* feat(action): make prepush hook non-blocking after one failure push_branch now treats the repository's prepush hook as best-effort: it runs at most once per run, surfaces the failure output if the script exits non-zero, and every subsequent push_branch call this run skips the hook so the agent isn't blocked by failures unrelated to its change. The agent can iterate by running the hook command itself via the shell tool when shell access is available; push_branch will not re-run the hook automatically after a failure. Why: a one-line OSS-allowlist change took 9 minutes (#776) because the agent retried push_branch six times against a prepush hook that was failing for env-leak and missing-build-artifact reasons unrelated to the change. CI catches the same checks on the GitHub side; the local prepush gate was duplicating work and blocking unrelated fixes. - ToolState: new prepushFailureCount counter (per-run, never resets) - executeLifecycleHook: returns structured failure (kind/output/exitCode) so prepush can compose its own agent-facing message instead of inheriting the generic retry/no-retry advice meant for setup - push_branch: composes a shell-mode-aware error message; surfaces prepushSkipped on the success payload + appends a note to the message - instructions.ts + wiki/prompt.md + docs/comparisons.mdx: updated to reflect best-effort semantics * fix(action): clarify prepush latch semantics + soften static guidance review fixes from PR #777: - toolState comment, instructions, success message, tool description: replace "runs at most once per run" / "first call only" wording with the actual semantic — successful prepush keeps running on later push_branch calls; only a hook FAILURE latches the bypass. - tool description: drop hardcoded "via the shell tool" guidance so the static description doesn't mislead in shell:disabled runs (the dynamic agent prompt in instructions.ts already does shell-conditional messaging). - LifecycleHookFailure.output JSDoc: match the implementation (stderr-preferred fallback to stdout, empty for timeout/spawn). * fix(action): shorten prepush-skip log to terse operator telemetry the previous log line tried to address the agent ("re-run the hook command yourself via shell"), but log.info writes to the action runtime's stdout — the agent never sees it. agent-facing skip guidance already lives in the error message from buildPrepushFailureMessage, the success message when bypassed, and the system prompt in instructions.ts. log line is now just operator telemetry. * refactor(action): drop slop from prepush soft-fail self-audit pass after the previous review-fix round. removed duplication between code-level comment and the five other places that already explain the same behavior, tightened verbose JSDoc, and collapsed redundant clauses in agent-facing strings. - LifecycleHookFailure → discriminated union. drops the optional exitCode/spawnError fields (and the empty-output sentinel for timeout/spawn) plus the corresponding ?? fallbacks in the helper. - PushBranchTool: 7-line code comment above the latch removed (toolState field comment + tool description + error message + success message + system prompt all already cover it). tool description third sentence dropped (restated the second). success message tightened to a parenthetical. - buildPrepushFailureMessage: 4-line JSDoc → 1 line. shared "if you think the failure could indicate a real bug in your code" prefix factored out across the shell-conditional branches. - ToolState.prepushFailureCount comment: 8 lines → 3. the "what" is in git.ts; comment now only documents the invariant (never decremented within a run). - instructions.ts prepush guidance: collapsed nested bullets + ternary into one paragraph; dropped the "so re-running via shell is the only way…" tail that restated "push_branch will NOT re-run it". * fix(action): hint prepush bypass on dirty tree after hook failure When push_branch blocks on a dirty working tree and the prepush latch is already set, tell the agent the hook will be skipped once the tree is clean. * fix(test): narrow CI matrix for lifecycle and toolState changes Remove lifecycle.ts from ALWAYS_RUN_ALL and add lifecycle.ts + toolState.ts to push/git agnostic test coverage so PRs touching prepush latch logic run targeted tests instead of the full matrix.
79 lines
2.5 KiB
TypeScript
79 lines
2.5 KiB
TypeScript
import { randomUUID } from "node:crypto";
|
|
import type { AgentResult, TestRunnerOptions, ValidationCheck } from "../utils.ts";
|
|
import { defineFixture } from "../utils.ts";
|
|
|
|
/**
|
|
* pushRestricted test - validates push:restricted blocks main but allows feature branches.
|
|
*
|
|
* with push:restricted:
|
|
* - pushes to default branch (main/master) are blocked by MCP tool
|
|
* - pushes to feature branches are allowed
|
|
* - gitToken has contents:write (but only accessible via MCP tools)
|
|
*/
|
|
|
|
// embed a unique branch suffix directly in the prompt to avoid agents
|
|
// using literal env var names (which collide across runs)
|
|
const branchSuffix = randomUUID().slice(0, 8);
|
|
const branchName = `test/push-${branchSuffix}`;
|
|
|
|
const fixture = defineFixture(
|
|
{
|
|
prompt: `Test git push permissions. You MUST use the MCP tools for pushing (push_branch) — direct git push will fail.
|
|
|
|
1. Make a small change (e.g. create a file) and commit it (use git MCP tool for add/commit)
|
|
2. Try pushing to main using push_branch MCP tool — this should be blocked
|
|
3. Create a feature branch called "${branchName}" (use git MCP tool: checkout -b ${branchName})
|
|
4. Push the feature branch using push_branch MCP tool — this should succeed
|
|
|
|
Call set_output with a JSON object:
|
|
{
|
|
"main_push_blocked": true/false,
|
|
"main_push_error": "the error message from the blocked push, or null",
|
|
"feature_push_succeeded": true/false
|
|
}`,
|
|
push: "restricted",
|
|
shell: "enabled",
|
|
timeout: "5m",
|
|
},
|
|
{ localOnly: true }
|
|
);
|
|
|
|
function validator(result: AgentResult): ValidationCheck[] {
|
|
const output = result.structuredOutput;
|
|
const setOutputCalled = output !== null;
|
|
|
|
let parsed: Record<string, unknown> = {};
|
|
if (output) {
|
|
try {
|
|
parsed = JSON.parse(output);
|
|
} catch {
|
|
// not valid JSON
|
|
}
|
|
}
|
|
|
|
const mainBlocked = setOutputCalled && parsed.main_push_blocked === true;
|
|
const featureSucceeded = setOutputCalled && parsed.feature_push_succeeded === true;
|
|
|
|
return [
|
|
{ name: "set_output", passed: setOutputCalled },
|
|
{ name: "main_blocked", passed: mainBlocked },
|
|
{ name: "feature_succeeded", passed: featureSucceeded },
|
|
];
|
|
}
|
|
|
|
export const test: TestRunnerOptions = {
|
|
name: "push-restricted",
|
|
fixture,
|
|
validator,
|
|
env: { PULLFROG_DISABLE_SECURITY_INSTRUCTIONS: "1" },
|
|
tags: ["agnostic"],
|
|
coverage: [
|
|
"action/utils/gitAuth.ts",
|
|
"action/utils/gitAuthServer.ts",
|
|
"action/utils/lifecycle.ts",
|
|
"action/toolState.ts",
|
|
"action/mcp/git.ts",
|
|
"action/mcp/checkout.ts",
|
|
],
|
|
};
|