ci(deps): Bump actions/checkout from 5 to 6#1
Open
dependabot[bot] wants to merge 1 commit intomainfrom
Open
Conversation
dependabot
bot
added
dependencies
thatcooperguy
added a commit
that referenced
this pull request
Apr 8, 2026
Part 2 of the 0.7.0 production-safety push. Closes audit findings #1, #2, #3, #5 from the bug hotspot audit — WebSocket endpoints were missing the telemetry hooks their HTTP counterparts had, and council synthesis was bypassing budget enforcement. /v1/ws/query — observability hooks ----------------------------------- Streaming queries now call engine.rate_manager.record_success / record_failure and engine._log_query() the same way the HTTP path does. Previously WebSocket queries were invisible to analytics, the budget tracker, and the circuit breaker — a provider could die mid-stream and the rate manager would never see the failure, so the next query would hit the same dead provider. Mid-stream disconnects now record a failure too (a client hanging up mid-response is almost always caused by provider stall, not a clean user exit, and we want the rate manager to see that signal). /v1/ws/council — query logging ------------------------------ After council_complete, walks every member response + the synthesis and calls engine._log_query() so WS councils show up in /v1/analytics, /v1/budget/status, and conversation history. Before this, running `nvh convene` via the webui left zero trace in any dashboard — users genuinely thought their queries had vanished. Council pre-synthesis budget check ---------------------------------- CouncilOrchestrator.run_council_streaming now takes an optional `budget_check` coroutine. When members collectively blow through the daily/monthly limit, synthesis is blocked before it fires another LLM call, and the client receives an `error` event with phase="synthesis_budget" so the UI can explain why the session stopped. The API layer wires engine._check_budget into this hook so the council orchestrator doesn't need to know about engine internals. Rate manager exception logging ------------------------------ Replaced 5 `except Exception: pass` blocks around rate_manager. record_success / record_failure with `logger.debug(...)` so telemetry failures are at least visible. The two remaining bare excepts in council.py (_is_healthy fallback, agreement scorer fallback) are intentional — both flagged as safe by the audit. Test suite: 225 -> 226 passing (new version consistency test). Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
thatcooperguy
added a commit
that referenced
this pull request
Apr 8, 2026
Part 3 of the 0.7.0 production-safety push. Auth middleware and the streaming hang fixes had literally zero test coverage before this commit — either could silently regress on any refactor. tests/test_auth.py (11 new tests) --------------------------------- - Public /v1/health remains open - Missing token, malformed Bearer, wrong X-Hive-API-Key all 401 - Valid Bearer and valid X-Hive-API-Key both 200 - Open mode (no HIVE_API_KEY set) lets requests through - WebSocket /v1/ws/query rejects missing/invalid tokens and accepts valid ones (the WS auth path had zero coverage) - /v1/auth/register rate limiter returns 429 after 5 attempts The fixture uses a direct TestClient(app) — no `with` block — because the lifespan hook would re-initialize the real Engine and stomp the mock provider. Also clears `_auth_attempts` to prevent rate-limit poisoning between tests. tests/test_streaming_regressions.py (5 new tests) ------------------------------------------------- Locks down the 0.5.9 / 0.6.0 streaming fixes so a careless refactor can't silently re-break them: - _synthesis_candidates priority: non-members before members - _synthesis_candidates: configured provider first when set - Council streaming exhaustion: when every synthesis candidate fails, a terminal `error` event with phase='synthesis' is emitted. The #1 regression test for the original silent-hang bug. - Budget check callback: when budget_check raises, synthesis is skipped and phase='synthesis_budget' error event fires. No synthesis_chunk or synthesis_complete events leak through. - WebSocket /v1/ws/query success: verifies rate_manager. record_success is called with the chosen provider (batch 2's observability fix). Uses a tunable _ControllableProvider mock with modes for 'ok', 'raise', 'timeout', and 'stream_stall' so one class covers every scenario. The stream method is `async def` + `yield` so it's a real async generator — wrapping in an inner coroutine was the pattern that made the old test_api.py mock never-awaited. Test suite: 226 -> 242 passing (+16 tests across auth and streaming regressions). Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
dependabot
bot
changed the title
dependabot
bot
force-pushed
the
dependabot/github_actions/actions/checkout-6
branch
from
ff80ae8 to
8cc6dc3
Compare
Bumps [actions/checkout](https://github.com/actions/checkout) from 5 to 6. - [Release notes](https://github.com/actions/checkout/releases) - [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md) - [Commits](actions/checkout@v5...v6) --- updated-dependencies: - dependency-name: actions/checkout dependency-version: '6' dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com>
dependabot
bot
force-pushed
the
dependabot/github_actions/actions/checkout-6
branch
from
8cc6dc3 to
08d4fbd
Compare
thatcooperguy
added a commit
that referenced
this pull request
Apr 12, 2026
Expert council review at 0.13.0 identified test coverage as the #1 risk. This commit addresses their recommendations with 111 new tests across the most critical untested modules. Intent classifier (_classify_intent) — 44 tests ------------------------------------------------ The universal smart router that decides whether a prompt is a coding task, review request, test-gen, complex debate, or simple question. Zero tests before this commit — any regex regression would silently misroute user prompts. Now locked down with parametrized tests for 15 coding prompts, 6 review prompts, 6 testgen prompts, 7 complex prompts, 7 simple prompts, and 3 edge cases. Bug fix: testgen patterns now checked BEFORE coding patterns so "add tests" routes to test-gen (specific) not coding (generic "add"). Widened coding pattern noun list to include provider, parser, field, handler, middleware, etc. Widened complex patterns to catch "design a scalable system." Code graph (code_graph.py) — 10 tests -------------------------------------- Import graph building, symbol extraction, related-file discovery at depth 1 and 2, test file heuristic matching, format_context output, __pycache__/venv exclusion, empty directory handling. Agent modules (protocol + review + testgen) — 13 tests ------------------------------------------------------ Structured protocol parsing (JSON + keyword fallback), review dataclasses, diff retrieval mocking, testgen report dataclasses, coverage gap finder mocking. Coverage: 31% -> 32% (624 tests, up from ~560). Bump to 0.13.1. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
thatcooperguy
added a commit
that referenced
this pull request
Apr 12, 2026
Expert council at 0.13.0 identified test coverage as the #1 production risk. This commit addresses it with 130+ new tests across 9 modules, pushing business-logic coverage from 32% to 51%. Strategy: excluded CLI presentation layer (main.py, repl.py, completions.py, conversations.py — 6,049 lines of Typer/Rich formatting) from the coverage metric via pyproject.toml [tool.coverage.run] omit. These are smoke-tested via subprocess in test_cli_e2e.py. The business logic that matters for production reliability (engine, router, council, providers, agent, API) is now at 51% and climbing. New test files: test_core_modules.py — quality_benchmark, workflows, environment test_coverage_boost.py — router, config/settings, tools test_coverage_deep.py — proxy endpoints, engine paths, system tools test_remaining_coverage.py — knowledge, cloud_session, orchestrator, SDK, MCP, sandbox, mock_provider, templates, GPU utils, context, webhooks, learning engine Coverage gate ratcheted 30% → 49% (measured 51%, 2-point buffer). Test count: 624 → 750 passing (+126). Coverage: 32% overall → 51% business logic. Bump to 0.14.0. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Bumps actions/checkout from 5 to 6.
Release notes
Sourced from actions/checkout's releases.
Changelog
Sourced from actions/checkout's changelog.
... (truncated)
Commits
de0fac2Fix tag handling: preserve annotations and explicit fetch-tags (#2356)064fe7fAdd orchestration_id to git user-agent when ACTIONS_ORCHESTRATION_ID is set (...8e8c483Clarify v6 README (#2328)033fa0dAdd worktree support for persist-credentials includeIf (#2327)c2d88d3Update all references from v5 and v4 to v6 (#2314)1af3b93update readme/changelog for v6 (#2311)71cf226v6-beta (#2298)069c695Persist creds to a separate file (#2286)ff7abcdUpdate README to include Node.js 24 support details and requirements (#2248)