feat: deploy-status and prepare-rollback agent skills#16
Merged
Conversation
…dule Implements chunk I agent-kit half: deploy-status and prepare-rollback skills with supporting tools (deploy_status, prepare_rollback, github_api, gate_summary). - deploy_status.py: PR gate status via SC-4 gate-summary artifacts, merge_ready logic with graceful missing/stale-artifact tolerance - prepare_rollback.py: env-absent assertion, App-key age preflight, opens COMPARE URL only (no merge), emits INCIDENTS.md entry text - github_api.py: FORBIDDEN_OPERATIONS denylist + assert_allowed wrapper blocking merge/approve/enqueue operations - gate_summary.py: SC-4 artifact download helper with latest-head-SHA policy - Skills: dual-agent definitions for .claude and .agents CLIs Tests: 41 passing pytest cases covering merge_ready logic, missing/stale artifact tolerance, forbidden-env rejection, stale App-key refusal, denylist blocking. All code typed (mypy strict) and linted (ruff). Co-Authored-By: Claude Fable 5 <noreply@anthropic.com>
Co-Authored-By: Claude Fable 5 <noreply@anthropic.com>
- pytest pythonpath config in pyproject.toml so tests/ collects without external PYTHONPATH; requests added to dependencies + uv.lock refreshed - ruff findings in deploy test modules resolved (unused imports/variables, import order, f-string, Yoda condition) without suppressions - deploy-status and prepare-rollback skills rendered to repo tree and registered in manifest.yaml (managed_paths + skill targets with sha256); render-agent-kit --check/--doctor and validate_manifest pass Co-Authored-By: Claude Fable 5 <noreply@anthropic.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Agents operating the deploy platform had no safe, structured way to read pipeline state or stage a rollback; both required ad-hoc API calls with no guardrails.
tools/deploy/deploy_status.py— resolves the single pipeline run for a homelab-deploy PR, downloads the four SC-4 gate summaries, and returns{gates, merge_ready, blocker}. Missing or stale artifacts degrade gracefully (reported as unknown, never fabricated).tools/deploy/prepare_rollback.py— prepares a revert of a unit pin: preflight asserts no credential material in the environment and refuses when the App key exceeds the age threshold, then emits a compare URL and an INCIDENTS.md entry. It never opens, approves or merges anything.tools/deploy/github_api.py— thin API wrapper with a FORBIDDEN_OPERATIONS denylist (merge, review-approval, ref force-update, secret writes) enforced byassert_allowedbefore any request.tools/deploy/gate_summary.py— SC-4 artifact download helper with latest-head-SHA policy.deploy-statusandprepare-rollbackSKILL.md definitions for both agent CLIs, rendered into the kit templates and registered in manifest.yaml.requestsjoins project dependencies (uv lock refreshed); pytest gainspythonpath = ["."]so the suite runs under the repo's standard invocation.Tests: 59 passed (18 existing + 41 new) covering merge-ready logic, artifact tolerance, env preflight, key-age refusal, and denylist enforcement; ruff and mypy clean; manifest render/doctor checks pass.