feat: add internal/lock package for harness dependency pinning#2049
Conversation
Site previewPreview: https://3687caf3-site.fullsend-ai.workers.dev Commit: |
|
🤖 Review · Started 8:47 PM UTC |
ReviewFindingsLow
Previous runReviewFindingsMedium
Low
Info
Previous run (2)ReviewFindingsMedium
Low
Info
Previous run (3)ReviewFindingsLow
Info
Previous run (4)ReviewFindingsMedium
Low
Info
|
|
🤖 Finished Review · ✅ Success · Started 8:47 PM UTC · Completed 8:58 PM UTC |
836abb6 to
8f4ced2
Compare
- Add nil receiver guard to SetHarness (consistency with Lookup/HarnessNames) - Add nil receiver guard to IsStale and LookupDep - Cap lookupInDeps recursion depth at 32 to prevent stack overflow from cyclic lock files (possible via YAML anchors or manual editing) - Document Lookup returns a snapshot, not a live reference - Document 0o644 permission choice (lock files are committed to VCS) - Document SetHarness is intended for the lock file generator - Add tests for nil receivers on SetHarness, IsStale, LookupDep Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> Signed-off-by: Greg Allen <gallen@redhat.com>
|
🤖 Finished Review · ✅ Success · Started 10:37 AM UTC · Completed 10:50 AM UTC |
- Add nil receiver guard to SetHarness (consistency with Lookup/HarnessNames) - Add nil receiver guard to IsStale and LookupDep - Cap lookupInDeps recursion depth at 32 to prevent stack overflow from cyclic lock files (possible via YAML anchors or manual editing) - Document Lookup returns a snapshot, not a live reference - Document 0o644 permission choice (lock files are committed to VCS) - Document SetHarness is intended for the lock file generator - Add tests for nil receivers on SetHarness, IsStale, LookupDep Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> Signed-off-by: Greg Allen <gallen@redhat.com>
- Replace fragile append(header, data...) with explicit pre-allocation - Document nil receiver behavior on Lookup doc comment - Add rationale comment for maxLookupDepth constant Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> Signed-off-by: Greg Allen <gallen@redhat.com>
8f4ced2 to
86b83fb
Compare
|
🤖 Finished Review · ✅ Success · Started 12:03 PM UTC · Completed 12:13 PM UTC |
86b83fb to
b4afcbd
Compare
|
🤖 Finished Review · ✅ Success · Started 12:41 PM UTC · Completed 12:51 PM UTC |
Introduce the internal/lock package (Phase 3 PR 1 of ADR-0038) providing the data model and I/O layer for .fullsend/lock.yaml files. Lock files pin all resolved remote dependencies (URLs and SHA256 integrity hashes) for reproducible harness execution. Key components: - LockFile, HarnessLock, DependencyEntry structs with YAML serialization - Load/Save with atomic writes (temp-file + fsync + rename) - Lookup/LookupDep with nil-safe receivers and depth-capped traversal - IsStale for detecting changed harness sources - SetHarness/HarnessNames for lock file mutation and enumeration Also updates ADR-0038 lock file schema summary to match the implemented flat-array structure with source/sha256 at the harness level. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> Signed-off-by: Greg Allen <gallen@redhat.com>
b4afcbd to
7fda456
Compare
|
🤖 Finished Review · ✅ Success · Started 3:13 PM UTC · Completed 3:26 PM UTC |
|
🤖 Finished Retro · ✅ Success · Started 3:41 PM UTC · Completed 3:47 PM UTC |
Retro: PR #2049 —
|
Implements the `fullsend lock` CLI subcommand and integrates lock files into `fullsend run` for reproducible harness dependency resolution, per ADR-0038 Phase 3. - `fullsend lock <agent-name>` resolves all remote dependencies and pins URLs + SHA256 hashes in `.fullsend/lock.yaml` - `fullsend run` checks for lock file before resolution: uses pinned deps when lock is current, warns on stale lock, falls back to normal resolution when no lock exists - Adds `Field` to `resolve.Dependency` so lock entries can map deps back to harness fields (agent, policy, skills[N]) - Fixes harness validation to skip agent name check for URL-based agents Depends on: fullsend-ai#2049 (internal/lock package) Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> Signed-off-by: Greg Allen <gallen@redhat.com>
Summary
Phase 3, PR 1 of ADR-0038 (Universal Harness Access). Introduces the lock file data model and I/O for
.fullsend/lock.yaml.internal/lock/package:LockFile,HarnessLock, andDependencyEntrystructs modeling the lock file schema from the design docLoad/Savewith atomic writes (temp-file-then-rename with fsync), version validation, and auto-directory creationNo callers — pure data model + I/O. The
fullsend lockCLI subcommand and resolver integration follow in Phase 3 PR 2.Depends on: Phase 2 (all merged: #1857, #1923, #2022)
Test plan
go test ./internal/lock/...— 24 tests passgo test ./internal/...— all existing tests pass (no regressions)go vet ./...— cleanmake lint— clean🤖 Generated with Claude Code