Sync v3.58.0#23
Merged
Merged
Conversation
- Add .codebuddy/ project config: CODEBUDDY.md context, loop-engineering.md design doc - Add skills: dependency-upgrade, ci-triage, ci-fix (project-level under .codebuddy/skills/) - Add agents: dependency-upgrader, ci-fixer, code-reviewer (implementation/review separation) - Add GitHub Actions workflows: dependency-upgrade-loop (weekly), ci-fix-loop (on CI failure) - Add STATE.md for persistent loop state across iterations - Document modified stdlib/quic-go architecture and upstream sync conventions - Enforce: gh-cli skill for GitHub ops, no tag/release, English commits
- Add issue-triage skill and issue-triager agent: classify/label/respond to issues, flag quic-go and modified-code issues for cautious handling - Add pr-review skill and pr-reviewer agent: review PRs with special caution for internal/http3 (quic-go), internal/http2, and modified stdlib files - Add upstream-sync skill and upstream-tracker agent: track Go stdlib net/http, golang.org/x/net/http2, and quic-go upstream changes; generate sync reports - Add GitHub Actions workflows for all three new loops - Update STATE.md with sections for all loops and issue analysis snapshot - Rewrite loop-engineering.md design doc in English with all 5 loops documented - All skills are project-level under .codebuddy/skills/
- Remove deprecated ConnectionTracingID/ConnectionTracingKey - Remove stream hijacking API (StreamHijacker/UniStreamHijacker) - Replace handleUnidirectionalStreams loop with handleUnidirectionalStream per-stream callback, add startUnidirectionalStreamAcceptLoop - Add RawClientConn for fine-grained stream control (WebTransport etc.) - Add HandleBidirectionalStream (closes conn per RFC 9114) - Move rcvdControlStr/rcvdQPACKEncoderStr/rcvdQPACKDecoderStr to Conn struct - Fix SupportsDatagrams -> SupportsDatagrams.Remote - Move atomic.Bool tracking from local vars to Conn struct fields Aligns with quic-go v0.59.0 breaking changes (#5508, #5509, #5512, #5521, #5533). Fixes imroc#482. Reviewed PR imroc#485 by DAcodedBEAT, verified modified-code compatibility.
…on cross-domain redirect Fixes imroc#489. Go's net/http only strips standard sensitive headers (Authorization, Cookie, Proxy-Authorization) on cross-domain redirects. Custom auth headers set via SetCommonHeader (e.g. X-API-Key, X-Auth-Token) were forwarded to redirect targets, leading to credential leakage (CWE-200). Added SensitiveHeadersRedirectPolicy that strips specified headers when redirecting to a different domain.
- frames.go: remove unknownFrameHandler/errHijacked, add frameHeaderLen const - body.go: replace Hijacker interface with Settingser interface - headers.go: rename processTrailers to extractAnnouncedTrailers, return http.Header - request_writer.go: add trailer support in writeHeaders (preserves dump customization) Aligns with quic-go v0.59.0 http3 changes (#5508, #5507).
- frames_test.go: test frame parsing (reserved/unknown types, EOF), frame append, settings/goaway round-trip - headers_test.go: test extractAnnouncedTrailers with various inputs - transport_test.go: test Transport init, datagram mismatch, RawClientConn type check, and QUIC integration test (skipped in short mode) - dump_test.go: test Dumper sync/async, clone, response body wrapping, request body wrapping, context-based dumper retrieval All tests pass without requiring HTTP/3 network access.
- Add Inner Loop vs Outer Loop distinction (ReAct as inner, orchestration as outer) - Document adversarial verification principle (code-reviewer as independent evaluator) - Add cognitive surrender risk section with mitigations - Add turn limits and English commits to new-loop checklist
For environments where CodeBuddy API is only reachable from internal network (e.g. TKE private deployment), GitHub Actions cannot call the API directly. This webhook server runs locally, receives GitHub webhook events, and triggers codebuddy -p commands to execute loops. - Listens on configurable port (default 7777) - Verifies GitHub HMAC signature - Handles: issues (opened), pull_request (opened/synchronize), workflow_run (CI failure) - Runs codebuddy in background threads with 10min timeout - Logs to /tmp/loop-webhook-logs/ Usage: python3 .codebuddy/scripts/loop-webhook.py 7777 <webhook-secret>
Since CodeBuddy API is only reachable from internal network (TKE), GitHub Actions workflows are gated behind CODEBUDDY_ENABLED repo variable (default: off). Loops now run locally via CodeBuddy's built-in cron. Added slash commands: - /start-loops: create all 5 maintenance cron jobs in current session - /stop-loops: delete all cron jobs - /loop-status: show loop status and last run results Usage: open a codebuddy session in the req project, run /start-loops, and all loops will run on schedule while the session is alive.
Replaces session-bound /loop with system cron + codebuddy -p (headless). Each run is a fresh session that reads STATE.md, executes, writes back. Benefits over /loop: - No 3-day expiration — runs permanently - No need to keep a session open - Each run is isolated (fresh context, no drift) Schedule (daily, Beijing time, staggered): 01:00 upstream-sync 02:00 dependency-upgrade 03:00 ci-fix 04:00 issue-triage 05:00 pr-review Usage: .codebuddy/scripts/install-cron.sh Remove: .codebuddy/scripts/install-cron.sh --remove
- Rewrite loop-engineering.md with all 3 execution modes: 1. System cron + headless (primary, for TKE internal API) 2. GitHub Actions (optional, gated by CODEBUDDY_ENABLED var) 3. Interactive session (ad-hoc) - Add install/trigger/log/uninstall instructions - Update daily schedule table (01:00-05:00 Beijing time) - Update CODEBUDDY.md maintenance section with cron usage - Update 'how to add a new loop' checklist for cron-based flow
- Use <repo-root> placeholder instead of absolute paths - Use $LOOP_LOG_DIR env var instead of hardcoded /tmp/loop-logs - Scripts use BASH_SOURCE to resolve paths dynamically - Remove unused loop-webhook.py (replaced by cron approach)
New tests (10 files, 0% -> covered): - internal/header: IsExcluded, SortKeyValues, constants - internal/util: IsJSONType, CutString/Bytes, BasicAuth, GetPointer, CreateDirectory - internal/netutil: AuthorityAddr, AuthorityHostPort, AuthorityKey - internal/transport: Options.Clone with TLS config - pkg/altsvc: AltSvcJar set/get/expire/not-found - http2 root: PriorityParam, SettingID, Setting, PriorityFrame - internal/compress: GzipReader, DeflateReader, NewCompressReader - internal/http2/flow: inflow init/take/add, outflow available/take/add - internal/http2/frame: FrameType, Flags, Framer round-trip (Data, Settings, Ping, WindowUpdate, GoAway) Test gate: - pre-push-check.sh: runs go build + vet + test before push - test-gate skill: full test suite runner for agents - ci-fixer and dependency-upgrader now load test-gate skill - git pre-push hook installed Overall coverage: 31.4% -> 34.6% Zero-coverage packages: 8 -> 2 (godebug/godebugs only)
Closes imroc#471. Closes PR imroc#472 by @fan-tastic-z. Chrome's actual accept header includes application/json, which is useful when impersonating Chrome for API requests that expect JSON responses.
Closes imroc#415. Closes PR imroc#486 by @kaylee595. Changes cookiejarFactory return type from *cookiejar.Jar to http.CookieJar interface, allowing users to provide custom cookie jar implementations instead of being restricted to the standard library's cookiejar.Jar.
Closes PR imroc#491 by @0xuLiang. When RoundTripOnlyCachedConn returns a GOAWAY error (errClientConnGotGoAway) or other retryable error, fall through to create a new connection instead of returning the error directly. Export canRetryError as CanRetryError in internal/http2 so the modified transport.go can check retryability.
Addresses imroc#459. utls v1.8.2 is a security update from v1.8.1.
Ensures cron daemon is running and crontab is installed after container or host restart. Covers three startup scenarios: 1. Manual: run start-loops.sh after restart 2. Semi-auto: add to ~/.bashrc for start on login 3. Full-auto: add to container entrypoint Updated loop-engineering.md with container restart instructions.
…bels created, 3 comments posted)
Headless mode (codebuddy -p) does not auto-load sub-agents. Rewrote prompts to describe tasks directly instead of referencing agent names. Removed --allowedTools restriction (use -y for all permissions). Verified: issue-triage loop ran successfully, triaged 10 issues, created 4 labels, posted 3 comments, updated STATE.md.
- run-loop.sh all: runs upstream-sync -> dependency-upgrade -> ci-fix -> issue-triage -> pr-review sequentially with 10s pause between - install-cron.sh: simplified to single cron entry at 01:00 - One loop failure does not block subsequent loops
Closes PR imroc#477 and imroc#478 by @Shinku-Chen. Adds SetTLSFingerprintSpec method that accepts a *utls.ClientHelloSpec, enabling fine-grained TLS fingerprint customization for JA3/JA4 support. Refactors setTLSFingerprint with an optional uTLSConnApply callback. Does not include CycleTLS dependency from PR imroc#478 — users can parse JA3 strings themselves and construct ClientHelloSpec directly.
Two issues fixed: 1. cron PATH: cron daemon uses minimal PATH (/usr/sbin:/usr/bin:...) which doesn't include codebuddy at /home/linuxbrew/.linuxbrew/bin. run-loop.sh now exports full PATH at the top. 2. Persistent crontab: crontab is now written to /root/.local/share/loop-crontab (persistent path). rc.local loads it on container boot. install-cron.sh writes to both persistent file and live crontab. start-loops.sh loads from persistent file on startup.
Replace all hardcoded /root paths with $HOME so scripts are portable across different environments and don't leak local path info.
mrandronov
approved these changes
Jul 1, 2026
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
No description provided.