cc0c96953e
Initial git-log-based gate ran into a permission wall: the cis490
service user can't read /home/max/cis490/.git (ProtectHome=true +
home-dir mode). Switching the production source to the local Forgejo
HTTP API (already accessible to all WG peers, single source of truth
both lab hosts and the receiver pull from). When the maintainer
pushes new code to spectral/CIS490, the next 5-second cache refresh
sees the new commit and lab hosts can immediately ship under it.
VersionGate now takes either:
- forgejo_url + repo_owner + repo_name + branch (+ optional
auth_token for private repos): hits
/api/v1/repos/<owner>/<name>/commits?sha=<branch>&limit=<n>
- repo_path: dev-only fallback, runs `git log` locally
Local-git path retained for tests + the dev-only case.
receiver.toml.example gains forgejo_url/repo_owner/repo_name/branch
with auth_token commented; live-deployed receiver.toml on the Pi has
the spectral org + token.
Live state on the Pi: 41 valid hashes loaded, head=f8ad02b. Verified
end-to-end:
bogus commit → 412 + remediation
HEAD commit → clears gate (fails downstream at sha-mismatch as
expected for the empty-body verify probe)
Test added: test_forgejo_backend_accepts_returned_commits stands up
a tiny canned-response HTTPServer in-process, exercises the parser
without depending on a live Forgejo instance. Brings test_version_gate
to 10 cases; total 158/158.
37 lines
1.4 KiB
Text
37 lines
1.4 KiB
Text
# CIS490 receiver — copy to /etc/cis490/receiver.toml and edit.
|
|
|
|
listen_addr = "127.0.0.1:8444"
|
|
store_root = "/var/lib/cis490/episodes"
|
|
incoming_root = "/var/lib/cis490/incoming"
|
|
index_path = "/var/lib/cis490/index.jsonl"
|
|
|
|
[limits]
|
|
max_episode_bytes = 268_435_456 # 256 MiB
|
|
|
|
# Optional: require a bearer token on every PUT.
|
|
# In production, prefer mTLS via Caddy (see docs/deploy.md). The bearer token
|
|
# is for dev testing or as a belt-and-suspenders alongside mTLS.
|
|
# [auth]
|
|
# bearer_token = "REPLACE_ME_WITH_SECRET"
|
|
|
|
# Code-version gate. Every PUT must carry X-Cis490-Code-Commit and that
|
|
# commit must be in the receiver's allow-list. The allow-list is the
|
|
# last `window` commits of `repo_path` (auto-refreshed every 5s, so a
|
|
# `git pull` on the Pi makes new commits acceptable instantly). This
|
|
# keeps episodes from out-of-date lab hosts out of the index.
|
|
[version_gate]
|
|
enabled = true
|
|
window = 100
|
|
# Production: hit the local Forgejo for the canonical commit list. The
|
|
# maintainer pushes to this repo; lab hosts pull from it. When the
|
|
# receiver checks each PUT it sees the same commits the lab hosts
|
|
# would see if they pulled at the same instant.
|
|
forgejo_url = "http://10.100.0.1:3000"
|
|
repo_owner = "spectral"
|
|
repo_name = "CIS490"
|
|
branch = "main"
|
|
# Optional Forgejo token for private repos; remove for public.
|
|
# auth_token = "..."
|
|
#
|
|
# Dev-only fallback (used iff forgejo_url is unset):
|
|
# local_repo_path = "/home/max/cis490"
|