Skip to content

Commit 38d7ba7

Browse files
authored
Merge branch 'main' into add/juicefs-mounting
2 parents 44eef73 + 0b9495a commit 38d7ba7

362 files changed

Lines changed: 31550 additions & 34840 deletions

File tree

Some content is hidden

Large Commits have some content hidden by default. Use the searchbox below for content that may be hidden.
Lines changed: 32 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,32 @@
1+
---
2+
name: lab-autoresearch
3+
description: Autonomous experiment loop on top of the Transformer Lab `lab` CLI — pick an idea, queue a job, score it, keep or discard, repeat. Use when the user types `/lab-autoresearch`, says "run autoresearch", "optimize X in a loop", "set up autoresearch for …", or asks to run an autonomous experimentation / optimization loop against Transformer Lab.
4+
allowed-tools: Bash(lab *), Bash(curl *lab.cloud*), Bash(curl *localhost:8338*)
5+
---
6+
7+
# /lab-autoresearch
8+
9+
This skill is the entry point for the autonomous experiment loop. The full spec lives in the `transformerlab-cli` skill — this skill exists so that typing `/lab-autoresearch` resolves to a real skill instead of falling through.
10+
11+
## What to do
12+
13+
1. **Read the spec first.** The authoritative workflow, subcommands (`init <goal>`, `run`, `finalize`), experiment-notes template, loop rules (parallelism, fire-and-advance, stale-job sweep, keep/discard policy, run-description discipline), and natural-language → `lab` mapping all live in:
14+
15+
`.claude/skills/transformerlab-cli/references/autoresearch.md`
16+
17+
(or, in the source repo, `.agents/skills/transformerlab-cli/references/autoresearch.md`)
18+
19+
2. **Then use the `transformerlab-cli` skill** for every `lab` command the loop issues. That skill has the command reference, troubleshooting, and the rule that you must use `lab` (not raw `curl`) for normal operations.
20+
21+
## Quick orientation
22+
23+
The loop is layered on the `lab` CLI:
24+
25+
- One **experiment** per session, one **job** per iteration.
26+
- A job's `-m/--description` is the iteration note; its `score` dict (set via `lab.finish(score=…)`) is the result; `lab job discard` is the keep/discard flag.
27+
- For hyperparameter fan-out, prefer the task's `sweeps:` block over manually queuing N jobs.
28+
- The session plan (objective, files in scope, constraints, backlog, what's been tried) is written to **experiment notes** via `lab notes` — there is no local `autoresearch.md` file.
29+
30+
Everything beyond `init` / `run` / `finalize` (status, keep/discard, sweeps, ideas, stopping running jobs, exiting the loop) is just the agent running the right `lab` call in response to natural-language requests — no dedicated subcommand needed.
31+
32+
**Do not improvise the loop without reading `references/autoresearch.md` first.** The rules around parallelism, fire-and-advance, and stale-job sweeps are load-bearing and not derivable from the `lab` CLI alone.
Lines changed: 32 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,32 @@
1+
---
2+
name: react-doctor
3+
description: Use when finishing a feature, fixing a bug, before committing React code, or when the user wants to improve code quality or clean up a codebase. Checks for score regression. Covers lint, dead code, accessibility, bundle size, architecture diagnostics.
4+
version: "1.0.0"
5+
---
6+
7+
# React Doctor
8+
9+
Scans React codebases for security, performance, correctness, and architecture issues. Outputs a 0–100 health score.
10+
11+
## After making React code changes:
12+
13+
Run `npx -y react-doctor@latest . --verbose --diff` and check the score did not regress.
14+
15+
If the score dropped, fix the regressions before committing.
16+
17+
## For general cleanup or code improvement:
18+
19+
Run `npx -y react-doctor@latest . --verbose` (without `--diff`) to scan the full codebase. Fix issues by severity — errors first, then warnings.
20+
21+
## Command
22+
23+
```bash
24+
npx -y react-doctor@latest . --verbose --diff
25+
```
26+
27+
| Flag | Purpose |
28+
| ----------- | --------------------------------------------- |
29+
| `.` | Scan current directory |
30+
| `--verbose` | Show affected files and line numbers per rule |
31+
| `--diff` | Only scan changed files vs base branch |
32+
| `--score` | Output only the numeric score |

.agents/skills/transformerlab-cli/SKILL.md

Lines changed: 118 additions & 12 deletions
Large diffs are not rendered by default.

.agents/skills/transformerlab-cli/references/autoresearch.md

Lines changed: 431 additions & 0 deletions
Large diffs are not rendered by default.

.agents/skills/transformerlab-cli/references/commands.md

Lines changed: 63 additions & 10 deletions
Original file line numberDiff line numberDiff line change
@@ -76,6 +76,20 @@ Show current user, team, and server.
7676

7777
---
7878

79+
## Experiment Commands
80+
81+
### `experiment list [--tag <tag>]...`
82+
83+
List experiments. Pass `--tag` one or more times to filter to experiments that have **all** of the given tags (AND semantics). Filtering is client-side.
84+
85+
```bash
86+
lab experiment list --tag fine-tuning # all experiments tagged fine-tuning
87+
lab experiment list --tag fine-tuning --tag llama # must have both tags
88+
lab --format json experiment list --tag llama # JSON output includes `tags` field
89+
```
90+
91+
---
92+
7993
## Task Commands
8094

8195
**All task commands require `current_experiment` to be set.**
@@ -253,7 +267,7 @@ Stop a running job.
253267

254268
Launch the interactive job monitor TUI (Textual app).
255269

256-
**Warning:** This launches a full terminal UI. **Never use in automated or agent contexts.** Use `job list` + `job machine-logs` instead.
270+
**Warning:** This launches a full terminal UI. **Never use when operating as an AI agent or in non-interactive automation.** Use `job list`, `job info`, and `job task-logs` instead.
257271

258272
---
259273

@@ -285,33 +299,71 @@ Add a new compute provider. Interactive prompts by default.
285299
| Option | Description |
286300
|---|---|
287301
| `--name <name>` | Provider name |
288-
| `--type <type>` | Provider type: `slurm`, `skypilot`, `runpod`, `local` |
302+
| `--type <type>` | Provider type: `slurm`, `skypilot`, `runpod`, `local`, `dstack`, `aws`, `gcp`, `azure` |
289303
| `--config <json>` | Config as JSON string |
290304
| `--interactive` / `--no-interactive` | Toggle prompts. Non-interactive requires `--name`, `--type`, AND `--config` (pass `'{}'` for `local`). |
305+
| `--credentials-file <path>` | Path to a JSON file containing provider secrets. Shape depends on `--type` (see below). Keeps secrets out of `argv` (shell history, `ps`). |
291306

292307
**Always use `--no-interactive` with `--name`, `--type`, and `--config` in automated workflows.**
293308

294309
#### Per-type config schema
295310

296311
The shape of `--config` depends on `--type`:
297312

298-
| Type | Config keys |
299-
|---|---|
300-
| `local` | (none — pass `{}`) |
301-
| `skypilot` | `server_url`, `api_token` |
302-
| `slurm` | `mode` (`ssh` or `rest`); for `ssh`: `ssh_host`, `ssh_user`, `ssh_key_path`, `ssh_port`; for `rest`: `rest_url`, `api_token` |
303-
| `runpod` | `api_key` (required), `api_base_url`, `default_gpu_type`, `default_region`, `default_template_id`, `default_network_volume_id` |
313+
| Type | Config keys | `--credentials-file` shape |
314+
|---|---|---|
315+
| `local` | (none — pass `{}`) | (n/a) |
316+
| `skypilot` | `server_url` | `{"api_token": "..."}` (or any other secret keys to merge into config) |
317+
| `slurm` | `mode` (`ssh` or `rest`); for `ssh`: `ssh_host`, `ssh_user`, `ssh_key_path`, `ssh_port`; for `rest`: `rest_url` | `{"api_token": "..."}` for REST mode |
318+
| `runpod` | `api_base_url`, `default_gpu_type`, `default_region`, `default_template_id`, `default_network_volume_id` | `{"api_key": "..."}` |
319+
| `dstack` | `server_url`, `dstack_project` | `{"api_token": "..."}` |
320+
| `aws` | `region`. | `{"aws_access_key_id": "...", "aws_secret_access_key": "..."}` — uploaded to `~/.aws/credentials` on the API host. |
321+
| `gcp` | `region`, optional `zone`. | The **raw service account JSON key file** (point `--credentials-file` directly at the file you'd pass to `gcloud auth activate-service-account --key-file=`). |
322+
| `azure` | `azure_subscription_id`, `azure_tenant_id`, `azure_client_id`, `azure_location` | `{"azure_client_secret": "..."}` |
323+
324+
You can put any combination of secret fields in `--credentials-file` — for non-AWS/GCP types they merge on top of `--config` and take precedence on conflict. AWS access keys and GCP service account JSON are routed to their dedicated upload endpoints.
304325

305326
```bash
306327
lab provider add --no-interactive --name local --type local --config '{}'
328+
329+
# Secrets via --credentials-file — preferred for scripted / CI flows
330+
# skypilot-creds.json: {"api_token": "TOKEN"}
307331
lab provider add --no-interactive --name sky1 --type skypilot \
308-
--config '{"server_url": "https://sky.example.com", "api_token": "TOKEN"}'
332+
--config '{"server_url": "https://sky.example.com"}' \
333+
--credentials-file ./skypilot-creds.json
334+
335+
# slurm-creds.json: {"api_token": "TOKEN"}
309336
lab provider add --no-interactive --name slurm-ssh --type slurm \
310337
--config '{"mode": "ssh", "ssh_host": "cluster.example.com", "ssh_user": "ali", "ssh_key_path": "~/.ssh/id_rsa", "ssh_port": "22"}'
338+
339+
# runpod-creds.json: {"api_key": "KEY"}
311340
lab provider add --no-interactive --name rp1 --type runpod \
312-
--config '{"api_key": "KEY", "default_gpu_type": "NVIDIA H100"}'
341+
--config '{"default_gpu_type": "NVIDIA H100"}' \
342+
--credentials-file ./runpod-creds.json
343+
344+
# dstack-creds.json: {"api_token": "TOKEN"}
345+
lab provider add --no-interactive --name dstack1 --type dstack \
346+
--config '{"server_url": "http://0.0.0.0:3000", "dstack_project": "main"}' \
347+
--credentials-file ./dstack-creds.json
348+
349+
# aws-creds.json: {"aws_access_key_id": "AKIA...", "aws_secret_access_key": "..."}
350+
lab provider add --no-interactive --name aws1 --type aws \
351+
--config '{"region": "us-east-1"}' \
352+
--credentials-file ./aws-creds.json
353+
354+
# Pass the GCP service account JSON file directly
355+
lab provider add --no-interactive --name gcp1 --type gcp \
356+
--config '{"region": "us-central1"}' \
357+
--credentials-file ~/.config/gcloud/sa-key.json
358+
359+
# azure-creds.json: {"azure_client_secret": "REDACTED"}
360+
lab provider add --no-interactive --name azure1 --type azure \
361+
--config '{"azure_subscription_id": "sub", "azure_tenant_id": "tenant", "azure_client_id": "client", "azure_location": "eastus"}' \
362+
--credentials-file ./azure-creds.json
313363
```
314364

365+
> **Security note:** Secrets embedded inside `--config` (`api_token`, `api_key`, `azure_client_secret`, etc.) appear in your shell history and in `ps`/proc listings while the command runs. **For scripted / CI use, prefer `--credentials-file PATH`** — values stay on disk, never on `argv`. `chmod 600` the file, source it from a secret manager / CI vault, and delete it after the `lab provider add` call. For one-off interactive use, the interactive `lab provider add` flow prompts for secrets without echoing them to argv.
366+
315367
### `provider update <provider_id>`
316368

317369
Update a compute provider. Fields are merged with existing config.
@@ -320,6 +372,7 @@ Update a compute provider. Fields are merged with existing config.
320372
|---|---|
321373
| `--name <name>` | New provider name |
322374
| `--config <json>` | Config fields as JSON string (merged with existing) |
375+
| `--credentials-file <path>` | Path to a JSON file whose fields are merged into the config patch (file values win over `--config`). Use this for credential rotation — keeps secrets out of `argv`. |
323376
| `--disabled` / `--enabled` | Disable or enable the provider |
324377

325378
### `provider delete <provider_id>`

.agents/skills/transformerlab-cli/references/troubleshooting.md

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -128,7 +128,7 @@ curl -s -H "Authorization: Bearer API_KEY" -H "X-Team-Id: TEAM_ID" \
128128
- `provider delete` → add `--yes`
129129
- `task gallery` → use `--import GALLERY_ID` instead of browsing
130130

131-
**Never use these commands in automated contexts:**
131+
**Never use these commands when operating as an AI agent or in non-interactive automation:**
132132
- `job monitor` (launches TUI)
133133
- `task interactive` (blocks for interactive session)
134134

.agents/skills/transformerlab-cli/references/workflows.md

Lines changed: 24 additions & 6 deletions
Original file line numberDiff line numberDiff line change
@@ -117,17 +117,32 @@ lab --format json provider list --include-disabled
117117
# 2. Add a new provider (non-interactive — see SKILL.md "Managing Providers"
118118
# for the per-type config schema). Examples:
119119

120-
# SkyPilot
120+
# For all examples below, prefer --credentials-file PATH for secrets so they
121+
# stay out of shell history and `ps`. `chmod 600` the file and delete it after.
122+
123+
# SkyPilot — skypilot-creds.json: {"api_token": "TOKEN"}
121124
lab --format json provider add --no-interactive --name my-skypilot --type skypilot \
122-
--config '{"server_url": "https://sky.example.com", "api_token": "TOKEN"}'
125+
--config '{"server_url": "https://sky.example.com"}' \
126+
--credentials-file ./skypilot-creds.json
123127

124-
# Slurm over SSH
128+
# Slurm over SSH (SSH key path lives on the API host; no secret on argv)
125129
lab --format json provider add --no-interactive --name my-slurm --type slurm \
126130
--config '{"mode": "ssh", "ssh_host": "cluster.example.com", "ssh_user": "admin", "ssh_key_path": "~/.ssh/id_rsa", "ssh_port": "22"}'
127131

128-
# RunPod
132+
# RunPod — runpod-creds.json: {"api_key": "RUNPOD_KEY"}
129133
lab --format json provider add --no-interactive --name my-runpod --type runpod \
130-
--config '{"api_key": "RUNPOD_KEY", "default_gpu_type": "NVIDIA H100"}'
134+
--config '{"default_gpu_type": "NVIDIA H100"}' \
135+
--credentials-file ./runpod-creds.json
136+
137+
# AWS — aws-creds.json: {"aws_access_key_id": "...", "aws_secret_access_key": "..."}
138+
lab --format json provider add --no-interactive --name my-aws --type aws \
139+
--config '{"region": "us-east-1"}' \
140+
--credentials-file ./aws-creds.json
141+
142+
# GCP — point --credentials-file directly at the service account JSON key file
143+
lab --format json provider add --no-interactive --name my-gcp --type gcp \
144+
--config '{"region": "us-central1"}' \
145+
--credentials-file ~/.config/gcloud/sa-key.json
131146

132147
# 3. Health-check immediately after creating
133148
lab --format json provider check PROVIDER_ID
@@ -136,7 +151,10 @@ lab --format json provider check PROVIDER_ID
136151
lab provider disable PROVIDER_ID
137152
lab provider enable PROVIDER_ID
138153

139-
# 5. Update fields (config is MERGED — pass only changed keys)
154+
# 5. Update fields (config is MERGED — pass only changed keys).
155+
# For credential rotation prefer --credentials-file over inline --config.
156+
lab --format json provider update PROVIDER_ID --credentials-file ./rotated.json
157+
# Or inline (secret will appear in shell history / ps):
140158
lab --format json provider update PROVIDER_ID --config '{"api_token": "NEW_TOKEN"}'
141159

142160
# 6. Delete (note: --no-interactive, NOT --yes)

.erb/configs/.eslintrc

Lines changed: 0 additions & 7 deletions
This file was deleted.

.erb/configs/webpack.config.eslint.ts

Lines changed: 0 additions & 1 deletion
This file was deleted.

.erb/scripts/.eslintrc

Lines changed: 0 additions & 8 deletions
This file was deleted.

0 commit comments

Comments
 (0)