chore(deps): bump softprops/action-gh-release from 3.0.0 to 3.0.1 in the actions-minor-and-patch group across 1 directory#3
Closed
dependabot[bot] wants to merge 1 commit into
Conversation
jahala
added a commit
that referenced
this pull request
Jun 23, 2026
…ean room, subscription/API dual-auth (#15) * fix(docs+tend): correct stale corpus counts (16->58), re-audit features, runnable smoke fixtures Tend reconciliation after the #52 control-set + #13 fixes. The audit sweep surfaced real drift, not just stale evidence SHAs: - docs: known-limitations.md + methodology.md claimed the corpus is "16 tasks (11 of 16 from SWE-QA)" -- it is 52 measured + 6 control = 58, dominated by the tilth benchmark (36/52). Corrected the counts, the source-family table, and the concentration framing (these are user-facing, README/site-linked). - tend: re-verified copeca-analysis-reporting, copeca-artifact-integrity and copeca-cost-model at HEAD with fresh evidence (tests + discriminating negctrl + green smokes); copeca-docs-and-init left honestly partial (manual onboarding check). Recorded coverage drift (Ed25519 signing + the #52 control/tool-validity report behavior are uncovered by any check). - smoke fixtures: the analysis + integrity smokes pointed at gitignored paths (results/bench.jsonl, scenarios/smoke_test.yaml) and had never run green. Added committed fixtures (tests/fixtures/sample_report_records.jsonl, sample_artifact.copeca.zip) and repointed both smokes -- now passing. - test_contamination_check provenance floor 16 -> 58. - .claude/CLAUDE.md: documented the benchmark run procedure (was tend-only). Full suite green (664 passed). Follow-ups filed: worktree concurrency (so runs can parallelize) + tend coverage drift for Ed25519/#52/new-task. Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com> * docs(tend): describe robust run-execution design (scenario-matrix + single-run) Per docs/plans/run-execution-robustness.md. Rewrote copeca-scenario-matrix and copeca-single-run slots/narratives/checks to the approved design (per-worker isolated clones, streaming persistence, lockless concurrency, real teardown + child cleanup) and removed the phantom claims (state.py, "SIGKILL -> git worktree remove", broken-concurrency rationale). Both now carry checks that verify the new behavior; audits auto-invalidated (in-progress) until the build lands. Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com> * feat(run): stream results to disk as they complete (RUN-A) run_matrix gains an on_record sink, called for each record (success OR error) as it completes, in addition to the returned list. The dead results_path param is removed — I/O cannot live in the orchestrator (architecture.md §7.8). cli.py truncates the results file fresh at start, then injects a _persist sink (append_jsonl + divergence warning): records hit disk live, so an interrupted run keeps completed work and `copeca analyze` works mid-run. 12 call-sites updated. New tests (TestStreamingPersistence): per-record streaming + a mid-run-interrupt test proving completed records survive. Satisfies copeca-scenario-matrix c003. Full suite green (666). Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com> * feat(run): per-worker isolated clones replace shared-bare worktrees (RUN-CLONE) GitWorktreeManager now gives each work-item its OWN independent clone (git clone --no-hardlinks from a cached bare) instead of a git worktree off a shared bare. Eliminates two problems at once: (1) cross-task git visibility — an agent's `git log --all` can no longer see another task's mutation commits (acute for debug tasks built on planted history); (2) index.lock contention — independent clones share no index, so max_workers>1 is collision-free with no locking (the lock now guards only first-time bare-clone creation). Added remove_worktree (the real teardown the arch doc named); run_single's finally removes the clone instead of resetting it. Dead git-worktree helpers removed; reset() kept (still used by check.py + cli.py). New tests/repos/test_clone_isolation.py: isolation (commit in clone A invisible to clone B), removal, lockless 4-way concurrency — all RED under the old model. Satisfies copeca-scenario-matrix c002/c004 + copeca-single-run c003. 669 green. Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com> * feat(run): kill in-flight agents + stop new work on interrupt (RUN-E) A SIGINT/SIGTERM handler (cli.py) now request_abort()s and group-kills every in-flight agent on interruption, so an aborted run leaves no orphaned agent or MCP-server processes. subprocess.py keeps a thread-safe registry of live process groups (registered around each run; killed by terminate_active_process_groups); run_matrix clears the abort flag at start and _run_one_work_item bails BEFORE spawning when aborted — queued work stops instantly (surfaced as aborted error records), and completed records are already on disk via RUN-A. Tests: registry lifecycle, group-kill incl. children, timeout group-kill leaves no orphan (copeca-single-run c004), abort API, abort-bails-before-spawn (copeca-scenario-matrix c005). 674 green. Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com> * docs(tend): re-audit scenario-matrix + single-run as verified (RUN-VERIFY) Both run-execution features re-verified against the robust design built in RUN-A/ CLONE/E. Evidence: their check-tests pass (proof of execution), every new check is test-first RED→GREEN this session (discrimination), a streaming negctrl DISCRIMINATES, and the live full-haiku re-run validates the pipeline on real data (parallel — 5 agents / 4 clones, streaming — jsonl grows live, 0 index.lock collisions). scenario-matrix c001-c005 + single-run c001-c004 all pass; status verified. Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com> * feat(isolation): cross-CLI clean room — descriptor, bring-your-own-home, two-lock isolation, provenance Builds the run-isolation feature (ISO-1..9): every benchmark run executes in a verifiable clean room across Claude Code, Codex, and Gemini CLI. - ISO-1 IsolationSpec descriptor on RunnerConfig (per-CLI clean-room data) - ISO-2 bring-your-own-home: a private throwaway HOME per arm (baseline included); zero host-config footprint; provider API-key preflight - ISO-3/4/5 per-CLI descriptors: claude (--strict-mcp-config + --no-session-persistence + disable CLAUDE.md/telemetry), codex (--ignore-user-config + -c mcp overrides, absorbs SD-L2), gemini (new runner + gemini_json parser + pricing; fresh GEMINI_CLI_HOME) - ISO-6 pre-run workdir ambient-file scan (Lock 2a) — refuse contaminated worktrees - ISO-7 post-hoc symmetric trace gate (Lock 2b) — fail any baseline that used the tool-under-test; exclude it from the delta - ISO-8 version provenance (tool + CLI version per record) + multi-version preflight warning + declared tool-under-test identity (hardens the gate) - ISO-9 hermetic clean-room proof for all three CLIs Architecture: docs/architecture.md §13. Two audit-caught leaks fixed test-first (temp-home on mode-setup failure; clone on CONTAMINATED_WORKDIR refusal). Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com> * docs(isolation): architecture §13 clean-room design + research + epic plan - architecture.md §13 (isolation contract, two locks, per-CLI descriptor, version provenance) + tightened invariant #3, the Isolated row, and the Docker non-goal - runner-configuration.md: the isolation: descriptor block - docs/plans/cross-cli-isolation.md: the epic plan + settled decisions (D1/D2/D3) - docs/research/cross-cli-isolation/findings.md: per-CLI matrix + prior art (force-added; docs/research/ is gitignored repo-wide) - .claude/CLAUDE.md: modes / tilth-version (absolute cargo path) note Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com> * docs(tend): run-isolation feature + correct the mode-mechanism baseline-clean claim - new run-isolation feature (7 checks, 9 steps) wired to personas + the contamination-erodes-trust opportunity - copeca-mode-mechanism: corrected the now-false "isolation in validation.py prevents host inheritance" narrative (the lie the audit had trusted) - persona/opportunity + garden overview refresh Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com> * fix(lint): clear pre-existing ruff errors blocking CI (F841, E501) Drop an unused `result` (check=True already guards) and wrap a >100-char docstring — both pre-existing from the run-robustness work, surfaced by the full-repo lint gate. Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com> * chore(scenarios): full-corpus haiku + check-tilth validation scenarios Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com> * feat(isolation): subscription-default dual-auth profiles (AUTH-1) A global API key was found to hijack the operator's own Claude Code (it switched to an empty API account → "Credit balance is too low"). So subscription auth is now the DEFAULT and an API key is opt-in, via two isolation profiles auto-selected by the provider key's presence: - SUBSCRIPTION (default): keep the host HOME so claude -p / codex / gemini use their existing login; apply only the flag/env neutralizers; DROP all provider key env vars from the child env so a stale/dead key cannot shadow the login. - API-KEY (opt-in): the private-home hermetic profile + the metered key. The post-hoc trace gate (Lock 2) guarantees A/B validity in BOTH profiles, so the private home is not required for correctness — host settings apply symmetrically to both arms and cancel in the delta. - IsolationSpec.requires_api_key_env -> api_key_env (presence selects the profile) - ArmHarness.exclude_keys + _build_child_env(exclude=...) drop the provider keys so a stale key never shadows the subscription login - architecture.md §13.2 rewritten for the two profiles; runner-configuration.md updated 857 tests green; ruff clean. Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com> * feat(auth): surface CLI auth/budget errors + scenario fail-fast (AUTH-3); document auth model (AUTH-2) AUTH-3: the Claude stream-json parser now surfaces a result event's is_error (auth "Not logged in", budget exhaustion, API errors) as RunResult.error — so it is excluded from metrics + listed under Failed Runs, never silently graded as a wrong answer (exit 0 + is_error previously slipped past SD-B). run_matrix fails fast (reusing the RUN-E abort) when a run reports an auth/credit signature, so a whole scenario cannot burn on doomed "Not logged in" runs. AUTH-2 (docs): .claude/CLAUDE.md auth knob — subscription is the default, API is opt-in, and the key must NEVER be set globally (it hijacks the operator's own Claude Code: "Credit balance is too low"); use a scoped `source ~/.copeca.env`. Also corrected the stale "max_workers MUST be 1" knob — RUN-CLONE's per-item independent clones make >1 safe. 864 tests green; ruff clean. Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com> --------- Co-authored-by: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
Bumps the actions-minor-and-patch group with 1 update in the / directory: [softprops/action-gh-release](https://github.com/softprops/action-gh-release). Updates `softprops/action-gh-release` from 3.0.0 to 3.0.1 - [Release notes](https://github.com/softprops/action-gh-release/releases) - [Changelog](https://github.com/softprops/action-gh-release/blob/master/CHANGELOG.md) - [Commits](softprops/action-gh-release@b430933...718ea10) --- updated-dependencies: - dependency-name: softprops/action-gh-release dependency-version: 3.0.1 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: actions-minor-and-patch ... Signed-off-by: dependabot[bot] <support@github.com>
6678e0f to
3b1b83d
Compare
Author
|
Looks like softprops/action-gh-release is updatable in another way, so this is no longer needed. |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Bumps the actions-minor-and-patch group with 1 update in the / directory: softprops/action-gh-release.
Updates
softprops/action-gh-releasefrom 3.0.0 to 3.0.1Release notes
Sourced from softprops/action-gh-release's releases.
Changelog
Sourced from softprops/action-gh-release's changelog.
... (truncated)
Commits
718ea10release 3.0.1f1a938bchore(deps): bump esbuild from 0.28.0 to 0.28.1 (#802)0066eadchore(deps): bump vite from 8.0.14 to 8.0.16 (#806)dc643cachore(deps): bump the npm group with 3 updates (#805)85ee99bchore(deps): bump actions/checkout in the github-actions group (#804)9ed3cf9chore(deps): bump the npm group with 2 updates (#800)3efcac8chore(deps): bump the npm group with 3 updates (#798)05d6b91chore(deps): bump brace-expansion from 5.0.5 to 5.0.6 (#797)403a524chore(deps): bump@types/nodefrom 24.12.2 to 24.12.3 in the npm group (#796)437e073chore(deps): bump the npm group with 4 updates (#792)