-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathdispatch-runner.sh
More file actions
executable file
·370 lines (318 loc) · 12.2 KB
/
dispatch-runner.sh
File metadata and controls
executable file
·370 lines (318 loc) · 12.2 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
#!/usr/bin/env bash
# SPDX-License-Identifier: PMPL-1.0-or-later
#
# dispatch-runner.sh — Execute actions from hypatia dispatch manifests
#
# Reads pending.jsonl from verisimdb-data/dispatch/ and executes fixes
# via robot-repo-automaton CLI, gitbot-fleet fix scripts, or advisory logging.
#
# Usage:
# dispatch-runner.sh [OPTIONS]
#
# Options:
# --dry-run Show what would be done without executing
# --tier TIER Only process entries matching tier (eliminate|substitute|control)
# --strategy STRAT Only process entries matching strategy (auto_execute|review|report_only)
# --repo REPO Only process entries for a specific repo
# --limit N Process at most N entries
# --manifest PATH Path to manifest (default: verisimdb-data/dispatch/pending.jsonl)
set -euo pipefail
# --- Input Validation ---
# Validate that a value is a safe path component (no traversal, no slashes in leaf)
validate_safe_name() {
local name="$1"
local label="${2:-value}"
if [[ "$name" == *".."* || "$name" == *"/"* || "$name" == "" ]]; then
echo "ERROR: Unsafe $label: '$name' (contains path separator or traversal)" >&2
return 1
fi
return 0
}
# Validate that a path stays within a base directory (prevents symlink/traversal escape)
validate_path_within() {
local path="$1"
local base="$2"
local resolved
resolved=$(realpath -m "$path" 2>/dev/null || echo "$path")
local resolved_base
resolved_base=$(realpath -m "$base" 2>/dev/null || echo "$base")
if [[ "$resolved" != "$resolved_base"/* && "$resolved" != "$resolved_base" ]]; then
echo "ERROR: Path '$path' escapes base '$base'" >&2
return 1
fi
return 0
}
# --- Configuration ---
# Hypatia's local data store is the primary source for dispatch manifests.
# Falls back to central verisimdb-data if HYPATIA_DATA is not set.
HYPATIA_DATA="${HYPATIA_DATA:-/var/mnt/eclipse/repos/hypatia/data/verisimdb}"
VERISIMDB_DATA="${VERISIMDB_DATA:-/var/mnt/eclipse/repos/verisimdb-data}"
REPOS_BASE="${REPOS_BASE:-/var/mnt/eclipse/repos}"
FLEET_SCRIPTS="${FLEET_SCRIPTS:-/var/mnt/eclipse/repos/gitbot-fleet/scripts}"
RRA_BIN="${RRA_BIN:-/var/mnt/eclipse/repos/gitbot-fleet/robot-repo-automaton/target/release/robot-repo-automaton}"
# Try hypatia's data first, then fall back to central verisimdb-data
if [[ -f "${HYPATIA_DATA}/dispatch/pending.jsonl" ]]; then
MANIFEST_PATH="${HYPATIA_DATA}/dispatch/pending.jsonl"
elif [[ -f "${VERISIMDB_DATA}/dispatch/pending.jsonl" ]]; then
MANIFEST_PATH="${VERISIMDB_DATA}/dispatch/pending.jsonl"
else
MANIFEST_PATH="${HYPATIA_DATA}/dispatch/pending.jsonl"
fi
DRY_RUN=false
FILTER_TIER=""
FILTER_STRATEGY=""
FILTER_REPO=""
LIMIT=0
# Counters
TOTAL=0
EXECUTED=0
SKIPPED=0
FAILED=0
SUCCEEDED=0
# --- Parse arguments ---
while [[ $# -gt 0 ]]; do
case "$1" in
--dry-run) DRY_RUN=true; shift ;;
--tier) FILTER_TIER="$2"; shift 2 ;;
--strategy) FILTER_STRATEGY="$2"; shift 2 ;;
--repo) FILTER_REPO="$2"; shift 2 ;;
--limit) LIMIT="$2"; shift 2 ;;
--manifest) MANIFEST_PATH="$2"; shift 2 ;;
-h|--help)
head -18 "$0" | tail -16
exit 0
;;
*)
echo "Unknown option: $1" >&2
exit 1
;;
esac
done
# --- Validate ---
if [[ ! -f "$MANIFEST_PATH" ]]; then
echo "No manifest found at: $MANIFEST_PATH"
echo "Run hypatia pipeline first: mix run -e 'Hypatia.PatternAnalyzer.analyze_all_scans()'"
exit 1
fi
LINE_COUNT=$(wc -l < "$MANIFEST_PATH" | tr -d ' ')
echo "=== Dispatch Runner ==="
echo " Manifest: $MANIFEST_PATH ($LINE_COUNT entries)"
echo " Repos: $REPOS_BASE"
echo " Dry run: $DRY_RUN"
[[ -n "$FILTER_TIER" ]] && echo " Tier: $FILTER_TIER"
[[ -n "$FILTER_STRATEGY" ]] && echo " Strategy: $FILTER_STRATEGY"
[[ -n "$FILTER_REPO" ]] && echo " Repo: $FILTER_REPO"
[[ "$LIMIT" -gt 0 ]] && echo " Limit: $LIMIT"
echo ""
# --- Outcome recording ---
# Write outcomes to hypatia's local store (primary) and central store (backup)
OUTCOME_FILE="${HYPATIA_DATA}/outcomes/$(date -u +%Y-%m).jsonl"
OUTCOME_FILE_CENTRAL="${VERISIMDB_DATA}/outcomes/$(date -u +%Y-%m).jsonl"
mkdir -p "$(dirname "$OUTCOME_FILE")"
record_outcome() {
local pattern_id="$1"
local recipe_id="$2"
local repo="$3"
local file="$4"
local outcome="$5"
local bot="dispatch-runner"
local ts
ts=$(date -u +"%Y-%m-%dT%H:%M:%SZ")
local json
json=$(jq -n \
--arg pid "$pattern_id" \
--arg rid "$recipe_id" \
--arg repo "$repo" \
--arg file "$file" \
--arg outcome "$outcome" \
--arg ts "$ts" \
--arg bot "$bot" \
'{pattern_id: $pid, recipe_id: $rid, repo: $repo, file: $file, outcome: $outcome, timestamp: $ts, bot: $bot}')
echo "$json" >> "$OUTCOME_FILE"
# Also write to central store if it exists
if [[ -d "$(dirname "$OUTCOME_FILE_CENTRAL")" ]] || mkdir -p "$(dirname "$OUTCOME_FILE_CENTRAL")" 2>/dev/null; then
echo "$json" >> "$OUTCOME_FILE_CENTRAL"
fi
}
# --- Execute a single manifest entry ---
execute_entry() {
local entry="$1"
local tier strategy repo pattern_id recipe_id confidence auto_fixable fix_script
tier=$(echo "$entry" | jq -r '.tier')
strategy=$(echo "$entry" | jq -r '.strategy')
repo=$(echo "$entry" | jq -r '.repo')
pattern_id=$(echo "$entry" | jq -r '.pattern_id')
recipe_id=$(echo "$entry" | jq -r '.recipe_id // "none"')
confidence=$(echo "$entry" | jq -r '.confidence // 0')
auto_fixable=$(echo "$entry" | jq -r '.auto_fixable // false')
fix_script=$(echo "$entry" | jq -r '.fix_script // "none"')
# Validate repo name (prevent directory traversal)
if ! validate_safe_name "$repo" "repo"; then
echo " SKIP: $pattern_id (unsafe repo name)"
((SKIPPED++)) || true
return
fi
local repo_path="$REPOS_BASE/$repo"
# Double-check path stays within REPOS_BASE
if ! validate_path_within "$repo_path" "$REPOS_BASE"; then
echo " SKIP: $pattern_id (repo path escapes base)"
((SKIPPED++)) || true
return
fi
# Skip if repo doesn't exist locally
if [[ ! -d "$repo_path" ]]; then
echo " SKIP: $repo (not found at $repo_path)"
((SKIPPED++)) || true
return
fi
case "$strategy" in
auto_execute)
echo " AUTO: [$tier] $pattern_id → $repo (confidence: $confidence)"
if [[ "$DRY_RUN" == "true" ]]; then
echo " (dry-run) Would execute fix"
return
fi
# Try fix script first, then robot-repo-automaton
# Validate fix_script: must not contain path separators or traversal
if [[ "$fix_script" != "none" && "$fix_script" != "null" ]] && \
validate_safe_name "$fix_script" "fix_script" && \
[[ -x "$FLEET_SCRIPTS/$fix_script" ]]; then
# Write finding JSON to temp file for fix script
local tmp_finding
tmp_finding=$(mktemp /tmp/dispatch-finding-XXXXXX.json)
echo "$entry" > "$tmp_finding"
echo " Running: $fix_script $repo_path $tmp_finding"
if "$FLEET_SCRIPTS/$fix_script" "$repo_path" "$tmp_finding" 2>&1 | sed 's/^/ /'; then
echo " OK"
((SUCCEEDED++)) || true
record_outcome "$pattern_id" "$recipe_id" "$repo" "" "success"
else
echo " FAILED (exit $?)"
((FAILED++)) || true
record_outcome "$pattern_id" "$recipe_id" "$repo" "" "failure"
fi
rm -f "$tmp_finding"
elif command -v "$RRA_BIN" &>/dev/null; then
# Use robot-repo-automaton fix command
echo " Running: $RRA_BIN fix --repo $repo_path --commit"
if "$RRA_BIN" fix --repo "$repo_path" --commit 2>&1 | sed 's/^/ /'; then
echo " OK"
((SUCCEEDED++)) || true
record_outcome "$pattern_id" "$recipe_id" "$repo" "" "success"
else
echo " FAILED (exit $?)"
((FAILED++)) || true
record_outcome "$pattern_id" "$recipe_id" "$repo" "" "failure"
fi
else
echo " SKIP: No fix mechanism available (no fix_script, no $RRA_BIN)"
((SKIPPED++)) || true
fi
((EXECUTED++)) || true
;;
review)
echo " REVIEW: [$tier] $pattern_id → $repo (confidence: $confidence)"
if [[ "$DRY_RUN" == "true" ]]; then
echo " (dry-run) Would write review finding"
return
fi
# Write finding to shared-context for rhodibot pickup
local findings_dir="$REPOS_BASE/gitbot-fleet/shared-context/findings/pending"
mkdir -p "$findings_dir"
# Sanitize pattern_id for use in filename (strip unsafe chars)
local safe_pattern_id="${pattern_id//[^a-zA-Z0-9._-]/_}"
local finding_file="$findings_dir/${repo}--${safe_pattern_id}.json"
echo "$entry" | jq '. + {dispatch_strategy: "review", needs_pr: true}' > "$finding_file"
echo " Written: $finding_file"
((EXECUTED++)) || true
;;
report_only)
echo " REPORT: [$tier] $pattern_id → $repo"
if [[ "$DRY_RUN" == "true" ]]; then
return
fi
# Append to sustainabot advisory log
local advisory_dir="$REPOS_BASE/gitbot-fleet/shared-context/advisories"
mkdir -p "$advisory_dir"
local advisory_file="$advisory_dir/$(date -u +%Y-%m).jsonl"
echo "$entry" | jq '. + {dispatch_strategy: "report_only"}' >> "$advisory_file"
((EXECUTED++)) || true
;;
*)
echo " UNKNOWN strategy: $strategy"
((SKIPPED++)) || true
;;
esac
}
# --- Main loop ---
LINE_NUM=0
while IFS= read -r line; do
# Skip empty lines
[[ -z "$line" ]] && continue
# Validate JSON
if ! echo "$line" | jq empty 2>/dev/null; then
echo " WARN: Invalid JSON on line $((LINE_NUM + 1)), skipping"
((SKIPPED++)) || true
continue
fi
# Apply filters
if [[ -n "$FILTER_TIER" ]]; then
entry_tier=$(echo "$line" | jq -r '.tier')
[[ "$entry_tier" != "$FILTER_TIER" ]] && continue
fi
if [[ -n "$FILTER_STRATEGY" ]]; then
entry_strategy=$(echo "$line" | jq -r '.strategy')
[[ "$entry_strategy" != "$FILTER_STRATEGY" ]] && continue
fi
if [[ -n "$FILTER_REPO" ]]; then
entry_repo=$(echo "$line" | jq -r '.repo')
[[ "$entry_repo" != "$FILTER_REPO" ]] && continue
fi
((TOTAL++)) || true
# Check limit
if [[ "$LIMIT" -gt 0 && "$TOTAL" -gt "$LIMIT" ]]; then
echo " Limit reached ($LIMIT entries)"
break
fi
execute_entry "$line"
done < "$MANIFEST_PATH"
# --- Summary ---
echo ""
echo "=== Summary ==="
echo " Total processed: $TOTAL"
echo " Executed: $EXECUTED"
echo " Succeeded: $SUCCEEDED"
echo " Failed: $FAILED"
echo " Skipped: $SKIPPED"
if [[ "$SUCCEEDED" -gt 0 ]]; then
echo ""
echo "Outcomes recorded to: $OUTCOME_FILE"
fi
if [[ "$DRY_RUN" == "true" ]]; then
echo ""
echo "(Dry run — no changes were made)"
fi
# --- Kin Protocol: write heartbeat ---
KIN_DIR="${HOME}/.hypatia/kin"
mkdir -p "$KIN_DIR"
HEARTBEAT_STATUS="healthy"
[[ "$FAILED" -gt 0 ]] && HEARTBEAT_STATUS="degraded"
cat > "${KIN_DIR}/gitbot-fleet.heartbeat.json" <<HEARTBEAT
{
"kin_id": "gitbot-fleet",
"role": "executor",
"timestamp": "$(date -u +%Y-%m-%dT%H:%M:%SZ)",
"status": "${HEARTBEAT_STATUS}",
"version": "0.2.0",
"last_run": {
"total_processed": ${TOTAL},
"executed": ${EXECUTED},
"succeeded": ${SUCCEEDED},
"failed": ${FAILED},
"skipped": ${SKIPPED},
"dry_run": ${DRY_RUN}
},
"errors": [],
"capabilities": ["dispatch", "fix_execute", "pr_create", "review", "advisory"]
}
HEARTBEAT