Clarify review finding contract and harden webhook secret failures#34
Conversation
Signed-off-by: Timothy Wayne Gregg <Timothy.Gregg@complete.tech>
Signed-off-by: Timothy Wayne Gregg <Timothy.Gregg@complete.tech>
Signed-off-by: Timothy Wayne Gregg <Timothy.Gregg@complete.tech>
Signed-off-by: Timothy Wayne Gregg <Timothy.Gregg@complete.tech>
Signed-off-by: Timothy Wayne Gregg <Timothy.Gregg@complete.tech>
Signed-off-by: Timothy Wayne Gregg <Timothy.Gregg@complete.tech>
Signed-off-by: Timothy Wayne Gregg <Timothy.Gregg@complete.tech>
Signed-off-by: Timothy Wayne Gregg <Timothy.Gregg@complete.tech>
Signed-off-by: Timothy Wayne Gregg <Timothy.Gregg@complete.tech>
Signed-off-by: Timothy Wayne Gregg <Timothy.Gregg@complete.tech>
Signed-off-by: Timothy Wayne Gregg <Timothy.Gregg@complete.tech>
Signed-off-by: Timothy Wayne Gregg <Timothy.Gregg@complete.tech>
Signed-off-by: Timothy Wayne Gregg <Timothy.Gregg@complete.tech>
Signed-off-by: Timothy Wayne Gregg <Timothy.Gregg@complete.tech>
Co-authored-by: Copilot Autofix powered by AI <175728472+Copilot@users.noreply.github.com>
There was a problem hiding this comment.
Pull request overview
Updates the headless execution contract to v2 (including structured review evidence) and hardens the hosted Python adapter’s webhook routing so misconfiguration yields deterministic structured errors, with regression tests and CI hardening.
Changes:
- Bumps the documented and enforced contract to v2, adding required
reviewoutput structure and optional hosted-review inputs (review_context,audit_instruction). - Adds a hosted Python adapter plus unit tests, including deterministic handling for missing
GITHUB_WEBHOOK_SECRET. - Tightens contract enforcement in the Rust worker/API and adds CI workflow permissions + Python checks.
Reviewed changes
Copilot reviewed 14 out of 17 changed files in this pull request and generated 2 comments.
Show a summary per file
| File | Description |
|---|---|
| docs/headless-contract.md | Updates contract prose/examples to v2, including structured review and hosted-review inputs. |
| docs/contracts/session-brief.schema.json | Bumps brief schema to v2 and adds optional hosted-review fields. |
| docs/contracts/session-brief.example.json | Updates example brief to contract_version: "2". |
| docs/contracts/result.schema.json | Bumps result schema to v2; makes contract_version and review required and formalizes constraints. |
| docs/contracts/result.example.json | Updates example result to v2 and includes a review object. |
| deploy/coven-github/test_coven_github_adapter.py | Adds regression tests for mention parsing, webhook secret failure behavior, and PR evidence staleness detection. |
| deploy/coven-github/README.md | Documents the hosted dogfood adapter, inputs, and current v2 behavior expectations. |
| deploy/coven-github/coven_github_adapter.py | Introduces hosted adapter implementation, including webhook routing and v2 contract validation. |
| crates/worker/tests/contract.rs | Extends contract tests for v2 session briefs/results and hosted-review optional fields. |
| crates/worker/src/lib.rs | Validates result contract after deserialization and expands test coverage for contract rejection cases. |
| crates/worker/src/brief.rs | Enforces strict v2 contract_version deserialization and denies unknown fields; adds hosted-review optional fields. |
| crates/github/src/tasks.rs | Updates tests to include review: ReviewResult::none() in results. |
| crates/github/src/lib.rs | Bumps HEADLESS_CONTRACT_VERSION to "2" and introduces typed ReviewResult model in SessionResult. |
| .gitignore | Ignores hosted adapter deployment artifacts (private key, policy, state dir). |
| .github/workflows/ci.yml | Adds read-only job permissions and runs hosted adapter Python compile/tests in CI. |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
| def session_brief(task, workspace, review_context=None, extra_audit_instruction=None): | ||
| owner, name = (task["repository"] or "/").split("/", 1) | ||
| brief = { | ||
| "contract_version": "2", | ||
| "trigger": task["trigger"], | ||
| "repo": { | ||
| "owner": owner, | ||
| "name": name, | ||
| "clone_url": task["clone_url"], | ||
| "default_branch": task["default_branch"], | ||
| }, | ||
| "task": task["task"], | ||
| "familiar": task["familiar"], | ||
| "workspace": {"root": str(workspace)}, | ||
| } |
| signature_valid = verify_webhook_signature( | ||
| webhook_secret or WEBHOOK_SECRET, raw_body, signature | ||
| ) |
|
Closing as superseded by #31 (merged as #34 and #31 were parallel implementations of the same contract-v2 hosted-review work. #31 (romgenie) landed after ~15 review rounds + independent local verification (cargo check/clippy/test + Python unittest all green). Comparing this PR's adapter against the now-merged version on Additionally this PR commits |
This addresses the remaining review-thread feedback on the hosted adapter and contract docs. The PR aligns the v2 contract prose with the enforced schema and makes webhook-signature handling deterministic when the deployment is misconfigured.
Contract doc alignment
lineandrecommendationkeys.Webhook routing hardening
GITHUB_WEBHOOK_SECRETconfiguration error insideroute_signed_delivery().500response instead of letting the handler raise unexpectedly.Regression coverage
Workflow security follow-up
Example of the routing change: