chore: import upstream snapshot with attribution
govulncheck / govulncheck (push) Waiting to run
Harness (E2E) / Harnesses (mock LLM) (push) Waiting to run
Harness (E2E) / Provider harnesses (live LLM conformance) (push) Waiting to run
Lint / golangci-lint (push) Waiting to run
Run Tests / Unit Tests (push) Waiting to run
Run Tests / Etcd Integration Tests (push) Waiting to run
govulncheck / govulncheck (push) Waiting to run
Harness (E2E) / Harnesses (mock LLM) (push) Waiting to run
Harness (E2E) / Provider harnesses (live LLM conformance) (push) Waiting to run
Lint / golangci-lint (push) Waiting to run
Run Tests / Unit Tests (push) Waiting to run
Run Tests / Etcd Integration Tests (push) Waiting to run
This commit is contained in:
@@ -0,0 +1,32 @@
|
||||
# North Star
|
||||
|
||||
The direction the loop aligns every increment to. Depth lives in
|
||||
[`internal/docs/THESIS.md`](../../internal/docs/THESIS.md); this is the short,
|
||||
operative version the planner and builder read each run.
|
||||
|
||||
## Mission
|
||||
|
||||
Make building an **agent** as easy as building a **service**, on one runtime.
|
||||
Go Micro is a holistic agent harness and service framework encapsulating the
|
||||
lifecycle of **services → agents → workflows** — pluggable, progressive, and
|
||||
AI-native by default.
|
||||
|
||||
## Right now — developer adoption
|
||||
|
||||
The framework's depth is strong; the **on-ramp** is the gap. Weight the developer
|
||||
experience — a walkable first-agent tutorial, discoverable examples, docs
|
||||
wayfinding, install friction, debugging, the 0→1 and 0→hero path — **at least as
|
||||
highly as internal hardening**. A developer succeeding on their first agent
|
||||
matters more right now than another conformance/observability/interop increment.
|
||||
Do not let the queue fill entirely with internal depth work.
|
||||
|
||||
## Guardrails
|
||||
|
||||
- One concern per PR; small and reversible.
|
||||
- The gate is green CI (`go build`, `go test`, `golangci-lint`, `make harness`),
|
||||
not human review — keep the suite strong; the loop is only as good as its evaluator.
|
||||
- **Off-limits without a human** (surface as notes, never auto-merge): breaking
|
||||
public-API changes, brand/positioning/marketing copy, new dependencies,
|
||||
architectural rewrites, product-default changes with broad behavioral impact.
|
||||
- Stay on `claude/*` / `codex/*` branches; base PRs on `master`. See
|
||||
[`CODEX.md`](../../CODEX.md) and [`internal/docs/CONTINUOUS_IMPROVEMENT.md`](../../internal/docs/CONTINUOUS_IMPROVEMENT.md).
|
||||
@@ -0,0 +1,41 @@
|
||||
# Priorities
|
||||
|
||||
The ranked work queue for the autonomous improvement loop. The **planner** owns
|
||||
this file: each run it turns the [roadmap](../../ROADMAP.md) plus an internal scan
|
||||
into a single ordered list — highest-value first — each item linked to a tracking
|
||||
issue. The **builder** works the top item whose issue is still open. So the
|
||||
planner decides *what*, the builder *builds* it.
|
||||
|
||||
**Bias to capability, not busy-work.** The top of this queue is net-new capability
|
||||
from the roadmap's *Now/Next* items. Hardening/conformance/DX polish is background
|
||||
work (roadmap *Ongoing*) — kept low here and capped, never allowed to crowd out
|
||||
capability. If an area has had several increments with no user-visible gain, it is done
|
||||
for now; rank real-headroom capability instead.
|
||||
|
||||
**Reading / editing.** An item is done when its linked issue closes (the PR that
|
||||
builds it adds `Closes #<issue>`). The human can reorder this list or the issues at
|
||||
any time — direction always wins.
|
||||
|
||||
**Off-limits to the loop** (planner proposes as notes, never auto-merged queue
|
||||
items): brand/positioning copy, breaking public-API changes, architectural
|
||||
rewrites.
|
||||
|
||||
## Work queue (ranked)
|
||||
|
||||
### Capability — the headline (roadmap: Now / Next)
|
||||
|
||||
1. **A2A external-client conformance** ([#4815](https://github.com/micro/go-micro/issues/4815)) — make the gateway easier for non-go-micro agents to discover and stream from by serving the well-known agent card path and spec SSE events.
|
||||
2. **AP2 mandate foundation for agent payments** ([#4841](https://github.com/micro/go-micro/issues/4841)) — add opt-in checkout/payment mandate signing and verification so A2A-carried payment authority can settle over x402 without changing defaults.
|
||||
3. **Kubernetes CRD reconciler foundation** ([#4842](https://github.com/micro/go-micro/issues/4842)) — turn the shipped alpha `Agent`, `Service`, and `Flow` CRDs into a minimally runnable native deployment path with workload reconciliation and status conditions.
|
||||
|
||||
### In flight — do not re-queue
|
||||
|
||||
_None right now._
|
||||
|
||||
### Background — hardening & DX (roadmap: Ongoing; capped)
|
||||
|
||||
_Background hardening is intentionally empty right now. Recent work covered first-agent
|
||||
wayfinding, plan/delegate recovery, provider fallback repair, streaming, memory
|
||||
compaction, retry controls, provider-failure inspection, x402 buyer safety, gRPC-reflection MCP,
|
||||
MCP result conformance, and the alpha Kubernetes CRD surface. Further churn in those
|
||||
areas should be marked `needs-human` unless it unlocks a clear user-visible capability._
|
||||
@@ -0,0 +1,14 @@
|
||||
<!--
|
||||
The BUILDER prompt — go-micro's continuous-improvement increment. Editable
|
||||
policy; the workflow prepends the agent @mention and substitutes __ISSUE__
|
||||
before posting. Keep __ISSUE__ literal.
|
||||
-->
|
||||
Run one continuous-improvement increment per `internal/docs/CONTINUOUS_IMPROVEMENT.md`, aligned to the North Star in `.github/loop/NORTH_STAR.md` (the services → agents → workflows lifecycle, with developer adoption as the current goal).
|
||||
|
||||
PICK THE WORK FROM THE QUEUE: read `.github/loop/PRIORITIES.md` and take the highest-ranked item whose linked issue is still OPEN — that is your task, and its issue number is the one you close. If `PRIORITIES.md` is missing or every listed item's issue is already closed, fall back to the single highest-value roadmap / open-issue / improvement-radar item yourself.
|
||||
|
||||
Implement it, and VERIFY `go build ./...`, `go test ./...`, and `golangci-lint run ./...`.
|
||||
|
||||
Open the PR YOURSELF from the shell — do NOT use the make_pr tool (in this environment it only records metadata and never creates a PR). Create a uniquely-named branch under the `codex/` prefix: `git switch -c codex/increment-__ISSUE__`, then `git push -u origin codex/increment-__ISSUE__`, then `gh pr create --base master --label codex --title "<title>" --body "<body; include 'Closes #<the priority issue you built>' so it leaves the queue, and 'Closes #__ISSUE__' for this run's tracker>"`. Finally enable auto-merge so GitHub merges it once CI is green: `gh pr merge --squash --auto --delete-branch`.
|
||||
|
||||
One concern per PR. Stay out of breaking public API and brand/positioning copy — surface those as notes for the human instead.
|
||||
@@ -0,0 +1,14 @@
|
||||
<!--
|
||||
The COHERENCE prompt — go-micro's DevRel pass (public-surface coherence +
|
||||
CHANGELOG upkeep + changelog blog). Editable policy; the workflow prepends the
|
||||
agent @mention and substitutes __ISSUE__ before posting. Keep __ISSUE__ literal.
|
||||
-->
|
||||
Act as DevRel for go-micro. Do these, in order.
|
||||
|
||||
COHERENCE AUDIT. Audit the public surface — `README.md`, `internal/website/` (landing `index.html` + `docs/`), and the blog under `internal/website/blog/` — for coherence with the North Star in `.github/loop/NORTH_STAR.md` (an agent harness and service framework; the services → agents → workflows lifecycle). Look for: places where README / website / docs contradict each other, are stale, or describe behavior that has since changed (cross-check against the code and recently merged PRs); whether the README is crisp and leads with the harness positioning; and one to three genuinely blog-worthy items from recently shipped work.
|
||||
|
||||
CHANGELOG UPKEEP (safe factual task — goes in the auto-merged PR). Keep `CHANGELOG.md` living, in Keep-a-Changelog format with newest content at the top under `## [Unreleased]`. Enumerate PRs merged to master since the last update (`gh pr list --state merged --base master --limit 60 --json number,title,mergedAt,labels`) and add a concise, user-facing entry for each genuine change not yet recorded under the right `### Added` / `### Changed` / `### Fixed` / `### Documentation` subheading — SKIP internal loop/CI/priorities-refresh churn. If a new `vX.Y.Z` tag was cut since the last run (`git fetch --tags --force`), rename `## [Unreleased]` to `## [X.Y.Z] - <Month YYYY>` and open a fresh empty `## [Unreleased]` above it. Do not invent entries.
|
||||
|
||||
CHANGELOG BLOG POST (blog voice — do NOT auto-merge). If, and only if, enough user-facing work has accumulated since the last changelog post to be worth reading (roughly a week's worth; not a near-empty post every day), draft a short "What's new in Go Micro" post as the next-numbered file in `internal/website/blog/`, mirroring the latest post's frontmatter and prev-nav, and add an entry at the top of `internal/website/blog/index.html`. Base it strictly on the CHANGELOG.
|
||||
|
||||
THEN: (A) post a findings report as a comment on this issue (#__ISSUE__) — what's aligned, what drifted, what you fixed, the CHANGELOG entries added, and whether you drafted a blog post (and why/why not). (B) Open ONE auto-merging PR for the SAFE factual work only — coherence/crispness fixes AND the CHANGELOG update (NOT brand/positioning rewrites, NOT the blog post): `git switch -c codex/coherence-__ISSUE__`, `git push -u origin codex/coherence-__ISSUE__`, `gh pr create --base master --label codex --title "<title>" --body "<summary, Closes #__ISSUE__>"`, then `gh pr merge --squash --auto --delete-branch`. (C) If you drafted a changelog blog post, open it as a SEPARATE PR (`codex/coherence-blog-__ISSUE__`, title prefixed `blog:`) and do NOT enable auto-merge — leave it for the human. Same for any brand/positioning copy. Do not use the make_pr tool.
|
||||
@@ -0,0 +1,20 @@
|
||||
<!--
|
||||
The PLANNER prompt — go-micro's "architect / founder lens". Editable policy;
|
||||
the workflow prepends the agent @mention and substitutes __ISSUE__ (this run's
|
||||
tracking issue) before posting. Keep __ISSUE__ literal.
|
||||
-->
|
||||
Act as the architect — the founder lens — for go-micro, running continuously alongside the builders. Hold the whole picture: how the harness, the framework, and the developer UX fit together, what is in flight and what just merged, what to prioritize next, and what is missing or has drifted.
|
||||
|
||||
(1) TRACK STATE — scan recently merged PRs and open `codex` PRs/issues to see what shipped and what is being built right now, so the queue reflects reality (drop done items, don't re-queue in-flight work).
|
||||
|
||||
(2) ASSESS against the North Star in `.github/loop/NORTH_STAR.md` — lead with its Mission (*make building an agent as easy as building a service, on one runtime*) and re-derive alignment from the CANON: the blog under `internal/website/blog`, the `README`, and the website (read these, don't rely on the North Star alone), then `ROADMAP.md` (Now → Next → Later). Judge every priority against the mission: does it make the services → agents → workflows lifecycle simpler, more cohesive, and more operable? Weight real user-facing capability and the developer on-ramp; do not let the queue fill with internal depth work. Look at coherence and seams across the core packages (agent, ai, flow, gateway/mcp, gateway/a2a, model, server, store, registry) and the dev inner loop (scaffold → run → chat → inspect → deploy).
|
||||
|
||||
AVOID DIMINISHING-RETURNS CHURN — this is the most important judgment you make. Before ranking anything, ask: *would a real user notice this, or is it the loop grooming itself?* Do NOT queue: another regression-guard/breadcrumb/"verify the docs stay linked" test around docs the loop already wrote; the Nth robustness workaround for a weak provider's malformed output (e.g. AtlasCloud text-tool-call repair) once the agent already tolerates that class; another variation of a subsystem that has been hardened several times recently (e.g. plan/delegate notify/side-effect edge cases). If an area has had several increments with no user-visible gain, it is DONE for now — mark further work there `needs-human` and rank something with real headroom instead (new capability in gateway/flow/model/store, interop depth, observability). A full queue is not the goal; a queue of things that matter is.
|
||||
|
||||
(3) MAINTAIN THE QUEUE in `.github/loop/PRIORITIES.md` — a SINGLE ordered list, highest-value first, each item linking a scoped, CI-verifiable issue (#N). For any prioritized gap with no issue, file one: `gh issue create --label codex --label enhancement --title "<scoped task>" --body "<goal, scope, acceptance criteria>"`.
|
||||
|
||||
OUTPUT — default to NOT committing. Post a concise assessment as a comment on this issue (#__ISSUE__): what shipped, what's in flight, the top real gaps, and — honestly — whether the recent increments have been high-value or busy-work. Then, in almost all cases, just close this issue (`gh issue close __ISSUE__`) with NO PR.
|
||||
|
||||
Open a PR for `.github/loop/PRIORITIES.md` ONLY when the change is MATERIAL — meaning it changes what the builder builds next: (a) the top open item changes, (b) an item is added or removed, or (c) a top item's issue closed and must be dropped. Do NOT open a PR to reorder items below the top, reword descriptions, refresh notes, or "keep it current" — a re-rank that doesn't change the next build is not worth a commit, and this churn is the loop's single biggest waste. When a PR IS warranted: `git switch -c codex/planner-__ISSUE__`, `git push -u origin codex/planner-__ISSUE__`, `gh pr create --base master --label codex --title "<title>" --body "<summary, Closes #__ISSUE__>"`, then `gh pr merge --squash --auto --delete-branch`.
|
||||
|
||||
Do NOT make breaking public-API or architectural changes yourself — surface those in the assessment as notes for the human. Open the PR yourself from the shell with `gh`; do not use the make_pr tool (it is a no-op stub).
|
||||
@@ -0,0 +1,30 @@
|
||||
<!--
|
||||
The SECURITY prompt — go-micro's security audit. Editable policy; the workflow
|
||||
prepends the agent @mention and substitutes __ISSUE__ before posting. Keep
|
||||
__ISSUE__ literal.
|
||||
|
||||
Deliberately conservative: it does NOT auto-merge fixes, and it does NOT publish
|
||||
exploit details in public issues (responsible disclosure).
|
||||
-->
|
||||
Act as the security reviewer for go-micro. Audit for real, exploitable vulnerabilities — skip theoretical or lint-style noise.
|
||||
|
||||
GO-MICRO ATTACK SURFACE — weight these:
|
||||
- **MCP gateway** (`gateway/mcp`) and **A2A gateway** (`gateway/a2a`) — untrusted input from agents/tools: auth/scope enforcement, injection into downstream RPC, SSRF via tool/agent URLs, rate-limit/circuit-breaker bypass, info leak in errors.
|
||||
- **x402 payments** (`wrapper/x402`) — payment verification and settlement: signature/mandate validation, replay, budget-reservation races, facilitator auth (CDP bearer) handling, amount/network confusion.
|
||||
- **Auth** (`auth/jwt`, `wrapper/auth`) — token validation, algorithm confusion, scope/priority rule bypass, missing checks on endpoints.
|
||||
- **AI providers** (`ai/*`) — base-URL and endpoint handling: SSRF via config-controlled `BaseURL`, API keys leaking into logs/errors, TLS verification.
|
||||
- **Agent tool loop** (`agent/`) — prompt injection reaching real tool calls, guardrail (`MaxSteps`/`LoopLimit`/`ApproveTool`) bypass, delegate/plan side effects.
|
||||
- **Trust boundaries** — `server` RPC handlers, `broker` consumers, `store`/`registry` inputs, `transport` TLS defaults (v6 verifies by default — confirm nothing regressed).
|
||||
- **The loop itself** — `.github/workflows/loop-*.yml`: the `CODEX_TRIGGER_TOKEN` PAT must never be echoed/leaked; workflow inputs must not enable script injection.
|
||||
- **Dependencies** — run `govulncheck ./...` (install if needed) and inspect `go.mod` for known CVEs.
|
||||
|
||||
DEDUPE against open issues first.
|
||||
|
||||
HOW TO REPORT:
|
||||
- **Known/public dependency CVEs**: file a `security` issue referencing the CVE + module; you MAY open a PR bumping to the patched version. Do NOT enable auto-merge.
|
||||
- **Novel, exploitable vulnerabilities in this code** (not yet public): do NOT post an exploit or PoC in a public issue. File a CONCISE `security` + `needs-human` issue naming the class, location (file/function), and impact only — and note it should go through GitHub private vulnerability reporting. Do NOT open a public fix PR that reveals it.
|
||||
- **Low-risk hardening**: a normal `security` issue is fine.
|
||||
|
||||
NEVER auto-merge a security change. Never weaken a control to make a test pass. Architectural/breaking fixes → `needs-human` with the tradeoff.
|
||||
|
||||
Post a summary as a comment on this issue (#__ISSUE__) — findings by severity, what you filed, what needs a human — then close it (`gh issue close __ISSUE__`). If you open a dependency-bump PR: `git switch -c loop/security-__ISSUE__`, `git push -u origin loop/security-__ISSUE__`, `gh pr create --base master --label codex --label security --title "<title>" --body "<summary, Closes #__ISSUE__>"` — then STOP, do NOT run `gh pr merge --auto`. Do not use the make_pr tool.
|
||||
@@ -0,0 +1,19 @@
|
||||
<!--
|
||||
The TRIAGE prompt — go-micro's CI-failure feedback path. Editable policy; the
|
||||
workflow prepends the agent @mention and substitutes __ISSUE__ (this tracking
|
||||
issue) and __RUNURL__ (the failed run) before posting. Keep both literal.
|
||||
-->
|
||||
Triage the failed CI run at __RUNURL__. It may be the linter (Lint), the unit/integration tests (Run Tests), the vulnerability gate (govulncheck), or the provider-conformance harness (Harness (E2E)).
|
||||
|
||||
Read the logs and root-cause each distinct failure. DEDUPE hard against open AND recently-closed issues — if a failure matches an existing or recurring one, comment "recurred" on that issue rather than filing a new one.
|
||||
|
||||
WHAT TO FILE:
|
||||
- **Lint, Run Tests, or govulncheck failing on master** — a real regression. File a scoped issue (`gh issue create --label codex --label enhancement --title "<scoped fix>" --body "<root cause, where, acceptance>"`) so it is fixed promptly.
|
||||
- **A genuinely NEW, distinct provider-conformance defect** — file it.
|
||||
|
||||
WHAT NOT TO FILE (this cap matters):
|
||||
- **Another instance of a class the agent already tolerates** — a weak provider (e.g. AtlasCloud) emitting malformed / text-rendered / partial tool calls, or another plan/delegate notify/side-effect edge case. These have been hardened repeatedly with diminishing returns. Do NOT auto-file yet another routine robustness patch. Comment "recurred — repeated class, capped" on the nearest existing issue and, if it seems genuinely worth more investment, label it `needs-human` for a human to decide. The loop should not keep chasing one weak provider's output shape.
|
||||
- **Transient flakes** — live-model latency, provider outages, rate limits, network timeouts with no code cause. Ignore.
|
||||
- **Anything needing a breaking or architectural change** — label `needs-human` and describe it.
|
||||
|
||||
Close this issue (`gh issue close __ISSUE__`) when triage is done. Open any PR yourself from the shell with `gh`; do not use the make_pr tool.
|
||||
Reference in New Issue
Block a user