Skip to content

Commit 899ade2

Browse files
authored
Merge pull request #14 from matdev83/feat/dogfood-stage-five-platform
feat: dogfood workflow, spec bundles, tool policy, platform extensions
2 parents ee5e0c7 + 901f968 commit 899ade2

166 files changed

Lines changed: 10672 additions & 472 deletions

File tree

Some content is hidden

Large Commits have some content hidden by default. Use the searchbox below for content that may be hidden.
Lines changed: 21 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,21 @@
1+
name: Mutation smoke (optional)
2+
3+
on:
4+
workflow_dispatch:
5+
6+
jobs:
7+
mutation-smoke:
8+
runs-on: ubuntu-latest
9+
timeout-minutes: 30
10+
steps:
11+
- uses: actions/checkout@v4
12+
- uses: actions/setup-go@v5
13+
with:
14+
go-version-file: go.mod
15+
cache: true
16+
cache-dependency-path: go.sum
17+
- name: Install gremlins and run mutation smoke
18+
run: |
19+
go install github.com/go-gremlins/gremlins/cmd/gremlins@v0.6.0
20+
export PATH="$PATH:$(go env GOPATH)/bin"
21+
bash scripts/mutation-smoke.sh

.gitignore

Lines changed: 3 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -22,6 +22,9 @@ coverage.html
2222
/coverage
2323
# Root-only: e.g. -coverprofile=cover_auth (does not match package dirs)
2424
/cover_*
25+
# Ad-hoc coverage output (file or directory at repo root)
26+
/tmp_coverage
27+
tmp_coverage
2528

2629
# Go profiling & execution traces (see docs/alloc-profiling.md; pprof -http, go test -trace)
2730
# *.out above already ignores trace.out; keep suffix variants from tooling

.kiro/specs/go-stage-five-dogfood-alpha-extension-proof/design.md

Lines changed: 612 additions & 0 deletions
Large diffs are not rendered by default.
Lines changed: 101 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,101 @@
1+
# Requirements Document
2+
3+
## Introduction
4+
5+
The Go LLM Interactive Proxy standard distribution needs to become dogfoodable for maintainers and early operators while proving that advanced Python-era behaviors can be delivered through explicit extension seams. The feature focuses on alpha-ready operator workflows, local stub-backed validation, cross-frontend smoke coverage, diagnostic visibility, and proof plugins that demonstrate extension boundaries without expanding core responsibilities.
6+
7+
## Boundary Context
8+
9+
- **In scope**: alpha server operator workflows, no-key local dogfood configurations or documented local smoke harnesses, reference-client smoke paths, extension inventory visibility, proof-plugin behavior, diagnostic startup safety, and regression gates that protect plugin/core boundaries.
10+
- **Out of scope**: full production hardening, live-provider parity claims beyond explicitly gated smoke workflows, SSO authentication, sandboxing, CBOR wire capture, dynamic tool-output compression, ProxyMem, and broad Python feature ports.
11+
- **Adjacent expectations**: existing canonical request/event contracts, routing continuity, secure-session authority, standard bundle composition, and stage-four extension seams remain the foundation for this feature.
12+
- **Test/production boundary**: Existing reference clients and reference backends are test support surfaces; this feature must not make test-only emulators part of production standard-server wiring unless a deliberately scoped dogfood-only backend surface is specified later.
13+
- **Revalidation triggers**: routing, streaming, capability negotiation, secure session, diagnostics, startup security, and extension-stage visibility.
14+
15+
## Requirements
16+
17+
### Requirement 1: Alpha Server Operator Workflow
18+
**Objective:** As a maintainer, I want a clear standard-server workflow, so that I can validate and run the proxy without reading internal package details.
19+
20+
#### Acceptance Criteria
21+
1. When an operator requests configuration validation, the Go LIP standard distribution shall report whether the selected configuration is valid without starting request serving.
22+
2. If configuration validation fails, the Go LIP standard distribution shall report actionable validation errors and exit with a failure outcome.
23+
3. When an operator requests route information, the Go LIP standard distribution shall show the effective default route and enabled backend route targets.
24+
4. When an operator requests inventory information, the Go LIP standard distribution shall show the configured frontend, backend, feature, and extension surfaces without requiring live provider credentials.
25+
5. When an operator starts serving with a valid configuration, the Go LIP standard distribution shall expose the configured client-facing protocol surfaces and shut down gracefully on normal termination.
26+
27+
### Requirement 2: No-Key Local Dogfood Configurations
28+
**Objective:** As a new maintainer, I want local stub configurations, so that I can exercise the proxy without provider accounts or secrets.
29+
30+
#### Acceptance Criteria
31+
1. The Go LIP repository shall provide at least one no-key local dogfood path that requires no provider API keys.
32+
2. When a maintainer validates a no-key local dogfood path, the Go LIP standard distribution or documented smoke harness shall accept it without requiring external network credentials.
33+
3. Where protocol-specific local stub configurations are included, each configuration shall identify the intended client-facing protocol surface and default route behavior.
34+
4. If a local stub configuration enables diagnostics, the configuration shall either bind diagnostics safely or require an explicit diagnostic secret.
35+
5. The Go LIP repository shall distinguish local stub configurations from live-provider examples so operators do not mistake deterministic local testing for provider parity.
36+
6. If test-only reference backends or reference clients are used for local dogfood validation, the Go LIP repository shall keep them out of production standard-server wiring and label them as test support.
37+
38+
### Requirement 3: Stub-Backed Reference Client Smoke Paths
39+
**Objective:** As a maintainer, I want deterministic smoke paths for supported frontend protocols, so that I can verify the standard server behaves like a usable alpha target.
40+
41+
#### Acceptance Criteria
42+
1. When an OpenAI Responses-compatible client sends a minimal request through the standard server to a stub backend, the Go LIP standard distribution shall return a valid OpenAI Responses-compatible response.
43+
2. When an OpenAI legacy chat-compatible client sends a minimal request through the standard server to a stub backend, the Go LIP standard distribution shall return a valid legacy OpenAI-compatible response.
44+
3. When an Anthropic-compatible client sends a minimal request through the standard server to a stub backend, the Go LIP standard distribution shall return a valid Anthropic-compatible response.
45+
4. When a Gemini-compatible client sends a minimal request through the standard server to a stub backend, the Go LIP standard distribution shall return a valid Gemini-compatible response.
46+
5. If a smoke path encounters a routing, capability, or stream-completion failure, the Go LIP standard distribution shall surface a deterministic failure that identifies the failing protocol path.
47+
6. The Go LIP repository shall include a default-suite smoke set that is smaller than the full conformance matrix and does not require live provider credentials.
48+
7. The default-suite smoke set shall exercise the same standard-server request handling path used by the serving workflow, rather than validating frontend protocol mounts in isolation.
49+
50+
### Requirement 4: Extension Boundary Proof Plugins
51+
**Objective:** As a platform maintainer, I want representative proof plugins, so that advanced behavior can be validated without adding feature-specific logic to the core.
52+
53+
#### Acceptance Criteria
54+
1. Where a first-prompt auto-append proof plugin is enabled, the Go LIP standard distribution shall apply the configured append behavior only to the first logical session request.
55+
2. Where a tool-policy proof plugin is enabled, the Go LIP standard distribution shall filter disallowed tool definitions and block disallowed emitted tool calls in a deterministic way.
56+
3. Where a traffic-accounting proof plugin is enabled, the Go LIP standard distribution shall record client-proxy and proxy-backend traffic observations separately enough to distinguish one logical request from its backend attempts.
57+
4. Where a redacted-capture proof plugin is enabled, the Go LIP standard distribution shall persist or expose captured transcript data only after configured redaction rules are applied.
58+
5. If a proof plugin is disabled, the Go LIP standard distribution shall not apply that plugin's behavior to requests or expose it as active in runtime inventory.
59+
60+
### Requirement 5: Extension Inventory and Diagnostics Visibility
61+
**Objective:** As an operator, I want active extension behavior to be visible, so that I can understand what the proxy will do before and during dogfooding.
62+
63+
#### Acceptance Criteria
64+
1. When inventory is requested, the Go LIP standard distribution shall show active extension stages and handler occupancy for configured feature plugins.
65+
2. When tool catalog filters, tool-call policies, request transforms, route hints, completion gates, traffic observers, usage observers, capture sinks, or redactors are configured, the Go LIP standard distribution shall expose their active status in inventory.
66+
3. Where an extension uses privileged capabilities, the Go LIP standard distribution shall identify the privileged capability category without exposing secrets.
67+
4. If a feature plugin fails to build its extension contribution, the Go LIP standard distribution shall expose the plugin's inactive or error state in inventory.
68+
5. The Go LIP standard distribution shall not expose provider credentials, local API keys, resume tokens, diagnostic shared secrets, or raw unredacted captures through inventory output.
69+
6. When inventory is requested through a command-line workflow or an HTTP diagnostics workflow, the Go LIP standard distribution shall present consistent active-plugin and active-extension information.
70+
71+
### Requirement 6: Startup and Diagnostic Safety for Alpha Use
72+
**Objective:** As an operator, I want safe alpha defaults, so that dogfooding does not accidentally expose sensitive runtime surfaces.
73+
74+
#### Acceptance Criteria
75+
1. While the server is configured for local no-auth operation, the Go LIP standard distribution shall require a local-only trust posture.
76+
2. If diagnostics, metrics, profiling, or session inspection are exposed on a non-local trust boundary, the Go LIP standard distribution shall require explicit protective configuration.
77+
3. When a configuration uses live-provider credentials, the Go LIP standard distribution shall distinguish that mode from no-key local stub operation.
78+
4. If startup detects an unsafe administrative, credential, or diagnostics posture, the Go LIP standard distribution shall fail before serving client traffic.
79+
5. The Go LIP standard distribution shall preserve proxy-owned session authority and shall not treat client-provided session hints as authoritative session identity.
80+
6. If diagnostics protection is omitted, the Go LIP standard distribution shall permit diagnostics exposure only when the configured listener and access posture are local-only.
81+
7. The Go LIP standard distribution shall treat attempts, inventory, route trace, metrics, profiling, model diagnostics, and secure-session summaries as protected diagnostics surfaces distinct from the health endpoint.
82+
83+
### Requirement 7: Regression and Boundary Guardrails
84+
**Objective:** As a maintainer, I want automated guardrails, so that dogfood work does not reintroduce Python-era coupling or weaken core invariants.
85+
86+
#### Acceptance Criteria
87+
1. The Go LIP repository shall verify that core packages do not depend on concrete protocol or feature plugins.
88+
2. The Go LIP repository shall verify that stable public SDK contracts do not depend on core implementation packages or provider SDKs.
89+
3. The Go LIP repository shall verify that provider SDK usage remains outside core and stable public contracts.
90+
4. When extension stages mutate canonical calls or events, the Go LIP repository shall verify that canonical validation still occurs after mutation.
91+
5. When routing or streaming behavior is exercised by dogfood smoke paths, the Go LIP repository shall verify that no transparent retry or failover occurs after client-visible output has started.
92+
93+
### Requirement 8: Operator Documentation and Feature Migration Clarity
94+
**Objective:** As a maintainer or early operator, I want concise dogfood documentation, so that I can run the alpha server and understand what is intentionally not covered.
95+
96+
#### Acceptance Criteria
97+
1. The Go LIP repository shall document the local stub dogfood workflow from configuration validation through serving and a minimal request.
98+
2. The Go LIP repository shall document how to inspect routes and inventory before serving traffic.
99+
3. The Go LIP repository shall document which proof plugins demonstrate extension boundaries and which advanced Python-era features remain deferred.
100+
4. If live-provider smoke workflows are documented, the Go LIP repository shall mark them as optional and environment-gated.
101+
5. The Go LIP repository shall keep dogfood documentation consistent with README, architecture, extension-point, plugin-authoring, and feature-migration guidance.

0 commit comments

Comments
 (0)