Fun_MD/devops-skills
1
0
Fork 0
Code Issues Pull Requests Actions 1 Packages Projects Releases 1 Wiki Activity
Files
main
devops-skills/docs/superpowers/specs/2026-03-13-gitea-agentic-runtime-design.md

269 lines
7.4 KiB
Markdown
Raw Permalink Blame History

# Gitea Agentic Runtime Design
**Date:** 2026-03-13
**Status:** Approved for implementation
**Scope:** Gitea single-platform real acceptance, with provider boundaries that keep later GitHub support incremental instead of invasive.
## Goal
Upgrade `gitea-issue-devops-agent` from a documentation-heavy delivery skill into a controlled execution subsystem that can:
- parse repository-local workflow specs
- compile and validate those specs into a locked execution plan
- run a Gitea-triggered issue workflow under hard policies
- persist plan and evidence artifacts
- pass automated unit, integration, and real Gitea acceptance checks
The external workflow remains:
`Issue -> Plan -> Branch -> Draft PR -> Preview -> Test Loop -> Human Merge`
The internal workflow gains a deterministic control plane.
## Why This Design
The repository currently has strong delivery guidance, but not a runtime that enforces it. `gh-aw` demonstrates the value of turning natural-language workflow definitions into constrained executable automations. We do not want to clone GitHub-native product shape. We do want equivalent execution discipline:
- a spec format users can author
- a compiler/validator that rejects unsafe or incomplete workflows
- a provider layer for platform APIs
- hard policy checks before write actions
- run evidence suitable for audit and acceptance
This keeps the product positioned as an enterprise AI DevOps control layer, not a GitHub Actions clone.
## In Scope
- Gitea provider
- workflow spec parsing
- compilation into lock artifacts
- validation of triggers, permissions, safe outputs, edit scope, and evidence contract
- runtime execution for selected issue flows
- safe output enforcement for Gitea writes
- evidence persistence
- CLI entrypoints for compile, validate, run, and acceptance
- automated tests
- one real Gitea acceptance path
## Out of Scope
- GitHub provider implementation
- autonomous queue-wide issue fixing
- automatic merge
- hosted webhook service
- UI control plane
- inference cost dashboards
## Architecture
### 1. Workflow Spec
Workflow specs live in-repo and use frontmatter plus Markdown body:
- frontmatter defines triggers, provider, permissions, safe outputs, required evidence, and policy defaults
- body captures workflow intent, operator notes, and execution hints
The spec is the source of truth. Runtime behavior never depends on free-form Markdown alone.
### 2. Compiler
The compiler loads a workflow spec and emits a lock artifact:
- normalizes defaults
- expands trigger shorthand into explicit configuration
- resolves safe output declarations into executable policy objects
- records required evidence and path scope
The lock artifact is immutable input to runtime. It is designed as JSON in this iteration because JSON is easy to diff, assert in tests, and consume from Python.
### 3. Validator
Validation rejects unsafe or incomplete specs before runtime:
- unsupported trigger combinations
- missing provider
- unsafe write permissions
- missing safe outputs for write behaviors
- invalid path scope syntax
- missing evidence requirements
This is the first hard boundary between intent and execution.
### 4. Runtime
Runtime consumes:
- a compiled lock artifact
- an event payload
- provider configuration and credentials
Runtime responsibilities:
- load and sanitize issue-trigger context
- initialize or update the persisted plan state
- enforce policy gates before any write action
- call provider APIs through a narrow interface
- collect evidence and write run artifacts
The runtime is not a general autonomous coding engine in this iteration. It is a control and orchestration layer for issue delivery actions.
### 5. Provider Layer
Provider interfaces isolate platform behavior from workflow logic.
The first provider is `GiteaProvider`, which supports:
- repository metadata reads
- issue reads
- issue comments
- branch hint extraction inputs
- draft PR preparation primitives
The abstraction must make later `GitHubProvider` addition additive rather than structural.
### 6. Policy and Safe Outputs
The policy layer turns delivery rules into code:
- read-only by default
- no merge action
- comment/create/update operations only if declared in safe outputs
- path-scope enforcement for file writes
- evidence-required status promotion
- bounded output counts where relevant
This is the key product maturity improvement over pure skill text.
### 7. Evidence Layer
Every run produces durable artifacts:
- resolved plan state
- execution summary
- provider operations executed
- evidence bundle for commit/PR/test/preview placeholders
- acceptance result metadata
Evidence is stored locally under a deterministic run directory so tests and operators can inspect it.
## File Structure
New code will be added under:
- `pyproject.toml`
- `engine/devops_agent/__init__.py`
- `engine/devops_agent/spec.py`
- `engine/devops_agent/compiler.py`
- `engine/devops_agent/validator.py`
- `engine/devops_agent/runtime.py`
- `engine/devops_agent/policies.py`
- `engine/devops_agent/evidence.py`
- `engine/devops_agent/cli.py`
- `engine/devops_agent/providers/__init__.py`
- `engine/devops_agent/providers/base.py`
- `engine/devops_agent/providers/gitea.py`
- `workflows/gitea-issue-delivery.md`
- `tests/unit/...`
- `tests/integration/...`
- `tests/fixtures/gitea/...`
- `tests/acceptance/test_gitea_acceptance.py`
Existing scripts will remain, but runtime may call them or share logic conceptually:
- `skills/gitea-issue-devops-agent/scripts/issue_audit.py`
- `skills/gitea-issue-devops-agent/scripts/change_scope.py`
- `skills/gitea-issue-devops-agent/scripts/preview_slot_allocator.py`
## Data Model
### Workflow Spec
Core fields:
- `name`
- `provider`
- `on`
- `permissions`
- `safe_outputs`
- `plan`
- `policy`
- `evidence`
- `body`
### Lock Artifact
Core fields:
- `version`
- `compiled_at`
- `source`
- `provider`
- `triggers`
- `policy`
- `safe_outputs`
- `required_evidence`
- `plan_defaults`
- `instructions`
### Run Artifact
Core fields:
- `run_id`
- `workflow_name`
- `provider`
- `event`
- `plan_state`
- `operations`
- `evidence`
- `result`
## Test Strategy
### Unit Tests
Verify:
- frontmatter parsing
- default normalization
- validator failures and successes
- policy enforcement
- provider request shaping
### Integration Tests
Verify:
- spec to lock compilation
- lock to runtime execution
- runtime interaction with a fake Gitea transport
- evidence persistence
### Acceptance Tests
Verify against a real Gitea repo using env vars:
- workflow compile and validate pass
- runtime can load a selected issue
- runtime can publish an evidence comment
- acceptance artifacts are produced locally
If env vars are absent, the acceptance suite must skip cleanly instead of failing misleadingly.
## Acceptance Criteria
This design is complete only when:
1. A repo-local Gitea workflow spec compiles into a lock artifact.
2. Invalid specs fail validation with clear messages.
3. Runtime enforces safe outputs and refuses undeclared writes.
4. Gitea real acceptance can read an issue and publish an evidence comment.
5. Automated unit and integration tests pass.
6. README and skill docs describe the new execution model and CLI usage.
## Rollout Notes
- Gitea is the first real provider.
- GitHub support is intentionally deferred, but the provider interface must be stable enough to add later.
- `jj` remains an internal reliability layer. This subsystem must not require `jj` for external usage.
Reference in New Issue View Git Blame Copy Permalink