From 85c3bf4d28b0903a2005356339e6ea56855b8c80 Mon Sep 17 00:00:00 2001 From: Claude Date: Sun, 3 May 2026 03:58:19 +0000 Subject: chore: post-epic cleanup — green test suite, no skips MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Addresses the cleanup queue captured in docs/plans/local-oss-runner.md after the local-OSS-models epic landed. After this commit `go test -race ./...` is green across every package with zero `t.Skip` calls and no excluded tests. Real bugs fixed: - claude.go setupSandbox callsites used `sandboxDir, err := ...` which shadowed the outer variable, so BlockedError.SandboxDir was always empty. Resume-after-block was broken for both new and stale-sandbox paths. TestBlockedError_IncludesSandboxDir now exercises the right invariant. - TestPool_ActivePerAgent_DeletesZeroEntries flake under -race: the cleanup defer in execute()/executeResume() runs AFTER handleRunResult sends on resultCh, so consumers observing a result could see a still-counted activePerAgent entry. Extracted decActiveAgent(agentType, *cleaned) helper; called explicitly before every resultCh send, defer becomes a no-op via the cleaned flag. Verified clean over `go test -race -count=10`. Test infrastructure made hermetic: - gitSafe now also passes -c commit.gpgsign=false / -c tag.gpgsign=false so sandbox tests pass on hosts whose global config requires signing. - Bare repos in tests initialized with `-b main` (HEAD symbolic ref matched to the branch we push) so `git log` after push works. - TestSandboxCloneSource_FallsBackToOrigin uses a local-FS origin URL, matching sandboxCloneSource's intentional filter against network URLs. - TestGeminiLogs_ParsedCorrectly URL fixed to the actual log route (/api/executions/{id}/log). GeminiRunner gap closed (partial): - parseGeminiStream now walks lines for `result` events, surfacing is_error as an error and total_cost_usd as the float return value. - GeminiRunner.Run propagates parsed cost to Execution.CostUSD. - TestParseGeminiStream_ParsesStructuredOutput unskipped. Notes: - GeminiRunner is still simulated end-to-end (Run writes hardcoded stream data instead of execing the binary). The result/cost parser now exists; finishing the runner is a smaller, contained follow-up. Kept on the deferred queue. - Frontend "Local" agent option and a minor storage.db.go logger TODO remain on the deferred queue, both intentionally — neither blocks anything in flight. https://claude.ai/code/session_017Edeq947TpSm1vQTxMhi1J --- internal/executor/claude.go | 23 +++++++++++++++++------ 1 file changed, 17 insertions(+), 6 deletions(-) (limited to 'internal/executor/claude.go') diff --git a/internal/executor/claude.go b/internal/executor/claude.go index e3f8e1c..fa68382 100644 --- a/internal/executor/claude.go +++ b/internal/executor/claude.go @@ -117,7 +117,7 @@ func (r *ClaudeRunner) Run(ctx context.Context, t *task.Task, e *storage.Executi e.SandboxDir = "" if projectDir != "" { var err error - sandboxDir, err := setupSandbox(t.Agent.ProjectDir, r.Logger) + sandboxDir, err = setupSandbox(t.Agent.ProjectDir, r.Logger) if err != nil { return fmt.Errorf("setting up sandbox: %w", err) } @@ -129,7 +129,7 @@ func (r *ClaudeRunner) Run(ctx context.Context, t *task.Task, e *storage.Executi } } else if projectDir != "" { var err error - sandboxDir, err := setupSandbox(t.Agent.ProjectDir, r.Logger) + sandboxDir, err = setupSandbox(t.Agent.ProjectDir, r.Logger) if err != nil { return fmt.Errorf("setting up sandbox: %w", err) } @@ -226,11 +226,22 @@ func extractQuestionText(questionJSON string) string { return strings.TrimSpace(q.Text) } -// gitSafe returns git arguments that prepend "-c safe.directory=*" so that -// commands succeed regardless of the repository owner. This is needed when -// claudomator operates on project directories owned by a different OS user. +// gitSafe returns git arguments that prepend safety overrides so that +// commands succeed regardless of the repository owner or the host's global +// git configuration. Specifically: +// +// - "-c safe.directory=*" lets us operate on directories owned by a +// different OS user. +// - "-c commit.gpgsign=false" / "-c tag.gpgsign=false" stop git from +// trying to sign commits via the host's signing tooling. Sandbox commits +// are internal and don't need to be signed; an unconfigured or broken +// signing setup on the host should never block a sandbox merge. func gitSafe(args ...string) []string { - return append([]string{"-c", "safe.directory=*"}, args...) + return append([]string{ + "-c", "safe.directory=*", + "-c", "commit.gpgsign=false", + "-c", "tag.gpgsign=false", + }, args...) } // sandboxCloneSource returns the URL to clone the sandbox from. It prefers a -- cgit v1.2.3