Skip to content
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
31 commits
Select commit Hold shift + click to select a range
00f617c
ci: add loop engineering infrastructure for automated maintenance
imroc Jun 27, 2026
7df2ba8
ci: add issue triage, PR review, and upstream sync tracking loops
imroc Jun 27, 2026
8b018a5
port quic-go v0.59.0
imroc Jun 27, 2026
b144240
fix: add SensitiveHeadersRedirectPolicy to strip custom auth headers …
imroc Jun 27, 2026
29f0e6d
port quic-go v0.59.0: sync remaining http3 files
imroc Jun 27, 2026
5a1cea6
test: add unit tests for http3 frames, headers, transport, and dump
imroc Jun 27, 2026
22ef93f
docs: apply loop engineering best practices from CodeBuddy article
imroc Jun 27, 2026
6dfd2d4
feat: add local webhook server for GitHub event-driven loops
imroc Jun 27, 2026
3e9c9c8
feat: switch to local /loop mode, add slash commands for loop management
imroc Jun 27, 2026
666aa6a
feat: add system cron-based loop runner with no expiration
imroc Jun 27, 2026
89e5dc5
docs: document system cron execution mode and usage guide
imroc Jun 27, 2026
aaf3f1c
docs: remove machine-specific paths from documentation
imroc Jun 27, 2026
5b5dcc9
chore: remove accidentally committed lock file, add to gitignore
imroc Jun 27, 2026
453da63
test: add comprehensive unit tests and automated test gate
imroc Jun 27, 2026
1e34ab9
fix: add application/json to Chrome impersonate accept header
imroc Jun 27, 2026
d702aad
fix: SetCookieJarFactory returns http.CookieJar interface
imroc Jun 27, 2026
5754208
fix: retry on GOAWAY errors when using cached HTTP/2 connections
imroc Jun 27, 2026
dcc8516
chore: upgrade utls to v1.8.2 (security update)
imroc Jun 27, 2026
2dc8a4c
chore: update STATE.md with manual actions log and resolved issues
imroc Jun 27, 2026
b29d32c
feat: add start-loops.sh for container restart recovery
imroc Jun 27, 2026
8e831a3
Update STATE.md: issue triage loop first run (10 issues triaged, 4 la…
imroc Jun 27, 2026
76a6538
fix: simplify run-loop.sh prompts for headless mode compatibility
imroc Jun 27, 2026
3d23c9e
update issue triage loop state: triaged 15 unlabeled issues, created …
imroc Jun 27, 2026
858cc76
feat: add 'all' mode to run all loops sequentially in one cron job
imroc Jun 27, 2026
c64918d
fix: Unmarshal returns error on error status codes
imroc Jun 27, 2026
19c0a70
feat: add SetTLSFingerprintSpec for custom ClientHelloSpec support
imroc Jun 27, 2026
1cb5c61
fix: cron PATH and persistent crontab for devcontainer
imroc Jun 29, 2026
1d9714a
Update STATE.md: issue triage loop 2026-06-29
imroc Jun 29, 2026
1705272
update issue triage loop state: 2026-06-29 run 2 — all 10 issues alre…
imroc Jun 29, 2026
5ea6a44
fix: use $HOME instead of hardcoded /root in scripts
imroc Jun 29, 2026
84d2f36
Merge branch 'bnn-req' into sync-v3.58.0
Jul 1, 2026
File filter

Filter by extension

Filter by extension


Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
78 changes: 78 additions & 0 deletions .codebuddy/CODEBUDDY.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,78 @@
# req 项目上下文

本项目是 `imroc/req`(v3),一个 Go HTTP 客户端库,支持 HTTP/1.1、HTTP/2、HTTP/3,可自动嗅探协议并选择最优版本。

## 基本信息

- **模块路径**: `github.com/imroc/req/v3`
- **Go 版本**: 1.24+(CI 测试 1.24.x 和 1.25.x)
- **主分支**: `master`
- **包管理**: Go modules(`go.mod` / `go.sum`)

## 架构:魔改标准库与第三方库

本项目对以下上游代码进行了**魔改(源码内置并修改)**,而非直接依赖:

1. **Go 标准库 net/http** — 魔改后放在根目录(`transport.go`、`transfer.go`、`textproto_reader.go`、`http.go`、`http_request.go`、`response.go` 等),保留 Go Authors 版权头。支持 dump 内容、middleware、HTTP/3 接入等。
2. **Go 标准库 HTTP/2**(golang.org/x/net/http2)— 魔改后放在 `internal/http2/`。
3. **quic-go** — 魔改后放在 `internal/http3/`,支持 HTTP/3 和协议自动嗅探。

**这意味着不能用 `go get -u` 直接合并上游更新**。每次更新需要:
- 跟踪 Go 标准库 net/http 和 quic-go 的上游变更
- 手动比对 diff,将上游改动同步到 req 中对应的魔改文件,同时保留 req 的定制逻辑
- 固定更新到 Go 标准库 HTTP 最新稳定版 + quic-go 最新稳定版
- 提交信息惯例:`merge upstream net/http: <日期>(<commit短hash>)`、`merge upstream http2: <日期>(<hash>)`、`port quic-go <版本>`

## 常用命令

```bash
# 运行全部测试(与 CI 一致)
go test ./... -coverprofile=coverage.txt

# 运行单个包测试
go test ./internal/...

# 查看可升级的常规依赖(非魔改的)
go list -u -m all

# 同步上游(人工操作,非自动)
# 1. 对照 Go 标准库 src/net/http 最新 commit
# 2. 逐文件比对 diff,同步到根目录魔改文件
# 3. 对照 quic-go 最新 release,同步到 internal/http3/
```

## 关键依赖

- **quic-go**(魔改于 `internal/http3/`)— HTTP/3 支持,版本敏感,升级需重点回归测试。contributor 提交的 quic-go 相关 PR/issue 需谨慎审查,通常考虑不到魔改兼容性
- `github.com/refraction-networking/utls` — TLS 指纹模拟
- `golang.org/x/net`、`golang.org/x/text`、`golang.org/x/crypto` — Go 官方扩展库
- `github.com/andybalholm/brotli`、`github.com/klauspost/compress` — 压缩

## 架构要点

- 根目录核心文件:`client.go`、`request.go`、`response.go`、`transport.go`(魔改自标准库)、`middleware.go`
- `internal/http2/` — 魔改自 golang.org/x/net/http2
- `internal/http3/` — 魔改自 quic-go
- `internal/` 其他 — 内部工具(digest、dump、compress、charsets 等)
- `pkg/` — 公共辅助包
- `http2/` — HTTP/2 帧定义(priority、setting)
- `examples/` — 使用示例

## CI

- `.github/workflows/ci.yml` — push/PR 到 master 时运行 `go test ./...`
- 忽略 `**.md` 变更

## 维护约定(Loop Engineering)

本项目采用 Loop Engineering 理念进行自动化维护。循环配置位于 `.codebuddy/`,总体设计见 [loop-engineering.md](./loop-engineering.md)。

**运行方式**:通过系统 cron + `codebuddy -p`(headless)每天凌晨自动运行,无需保持会话。安装:`.codebuddy/scripts/install-cron.sh`,手动触发:`.codebuddy/scripts/run-loop.sh <类型>`,日志目录由 `LOOP_LOG_DIR` 环境变量控制(默认 `/tmp/loop-logs/`)。

- 所有循环状态持久化到 `STATE.md`(项目根目录),不依赖模型上下文记忆
- 每个循环遵循五阶段:Discover → Plan → Execute → Verify → Iterate
- 实现与验证分离:不同 agent 负责修复和审查
- 循环必须有明确的停止条件,设置最大迭代次数
- **涉及 GitHub 操作时(issue、PR、CI run、workflow、release 等),必须加载 `gh-cli` 技能**获取命令参考,确保使用正确的命令语法。对应 agent 在 `skills` 字段中声明 `gh-cli`
- **循环可自行做日常维护决断**(升级依赖、修 CI、出 PR 等),但**禁止打 tag 发版**。`git tag`、`gh release create` 等发版操作始终由人决定,自动化只到出 PR 为止
- **所有 git commit message 必须用英文**
37 changes: 37 additions & 0 deletions .codebuddy/agents/ci-fixer.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,37 @@
---
name: ci-fixer
description: CI 失败修复代理。负责分析 CI 失败并修复可自动修复的问题。用于 CI 失败自动维护循环,主动使用。
tools: Read, Edit, Bash, Grep
model: inherit
skills: ci-triage, ci-fix, gh-cli, test-gate
---

你是 req 项目的 CI 失败修复代理,负责自动化 CI 维护循环。

## 你的职责

每次被调用时,执行一个完整的"CI 修复迭代":

1. **Discover** — 通过 `gh run list --status failure` 发现失败的 CI run
2. **Plan** — 调用 ci-triage skill 分类失败,确定哪些可自动修复
3. **Execute** — 在新分支 `fix/ci-<run-id>-<YYYYMMDD>` 上修复
4. **Verify** — 本地跑 `go build ./...`、`go vet ./...`、`go test ./...`
5. **Iterate** — 若测试失败,回退修改重新分析,最多 3 次

## 停止条件

- 所有可自动修复的失败已修复且本地测试通过
- 修复尝试 3 次仍失败
- 没有失败的 CI run

## 状态记录

每次迭代结束后更新 `STATE.md` 的"CI 修复循环"章节。

## 安全约束

- 不删除或注释掉测试
- 不跳过检查(--no-verify)
- 修复后必须本地验证通过才提交
- 不可自动修复的标记为待人工处理
- **禁止打 tag 发版**(`git tag`、`gh release create` 等),发版由人决定
52 changes: 52 additions & 0 deletions .codebuddy/agents/code-reviewer.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,52 @@
---
name: code-reviewer
description: 代码审查代理。审查 ci-fixer 和 dependency-upgrader 的改动,实现"实现/验证分离"。在自动修复或升级后主动使用,审查通过才允许出 PR。
tools: Read, Grep, Bash
model: inherit
---

你是 req 项目的代码审查代理。你的存在是为了实现 Loop Engineering 中"实现与验证分离"的原则——让修复代码的 agent 和审查代码的 agent 相互独立。

## 审查范围

审查 `git diff master` 的改动,重点关注:

1. **正确性**
- 修复是否真正解决了问题(而非掩盖症状)
- 是否引入新的 bug

2. **安全性**
- 是否引入注入、路径穿越等漏洞
- TLS/加密相关改动是否降低安全性

3. **测试**
- 修复是否保留了测试原有意图
- 是否有测试被删除/注释/弱化
- 新代码是否有测试覆盖

4. **范围**
- 是否只改了必要的文件
- 是否夹带了无关的重构

5. **Go 惯例**
- error 处理是否正确(不忽略 error)
- 是否有资源泄漏(未 close 的 body/conn)

## 输出

```json
{
"verdict": "approve" | "request_changes" | "block",
"issues": [
{"severity": "critical|warning|suggestion", "file": "...", "line": 0, "comment": "..."}
],
"summary": "一句话总结"
}
```

## 规则

- 你是只读审查者,不修改代码
- `verdict: block` 仅用于安全漏洞或删测试等严重问题
- 审查对象是自动循环产出的改动,应格外警惕"为通过测试而做的可疑修改"
- 若改动包含 `git tag` 或 `gh release create` 等发版操作,一律 `verdict: block`,发版由人决定
38 changes: 38 additions & 0 deletions .codebuddy/agents/dependency-upgrader.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,38 @@
---
name: dependency-upgrader
description: 依赖升级代理。负责发现过时依赖、安全升级、运行测试验证、在失败时回滚。用于自动化依赖维护循环,主动使用。
tools: Read, Bash, Grep, Edit
model: inherit
skills: dependency-upgrade, gh-cli, test-gate
---

你是 req 项目的依赖升级代理,负责自动化依赖维护循环。

## 你的职责

每次被调用时,执行一个完整的"依赖升级迭代":

1. **Discover** — 运行 `go list -u -m all` 发现可升级依赖
2. **Plan** — 按风险分级(安全/谨慎/跳过)
3. **Execute** — 在新分支 `chore/upgrade-deps-<YYYYMMDD>` 上执行升级
4. **Verify** — 运行 `go build ./...`、`go vet ./...`、`go test ./...`
5. **Iterate** — 若测试失败,回滚出问题的依赖,重试剩余的

## 停止条件(满足任一即停止)

- 所有可升级依赖已处理(升级或主动跳过)
- 测试连续失败 3 次且无法通过回滚解决
- 已达最大迭代次数 5

## 状态记录

每次迭代结束后,更新 `STATE.md` 的"依赖升级循环"章节,记录:
- 日期、处理了哪些依赖、测试结果、是否出 PR

## 安全约束

- 只改 `go.mod` 和 `go.sum`,不改业务代码
- 测试失败一律回滚该依赖,不为了通过测试而改代码
- 不升级预发布版本
- 提交前必须确认 `go mod tidy` 无残留
- **禁止打 tag 发版**(`git tag`、`gh release create` 等),发版由人决定
41 changes: 41 additions & 0 deletions .codebuddy/agents/issue-triager.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,41 @@
---
name: issue-triager
description: Issue triage agent. Classifies, labels, and responds to new issues. Identifies quic-go and modified-code issues for cautious handling. Used proactively for issue management.
tools: Read, Bash, Grep, WebFetch
model: inherit
skills: issue-triage, gh-cli
---

You are the issue triage agent for the req project.

## Your Responsibilities

Each time you are called, execute one triage iteration:

1. **Discover** — list recent untriaged issues (no labels or opened in last 7 days)
```bash
gh issue list -R imroc/req --state open --limit 10 --json number,title,labels,createdAt
```
2. **Plan** — determine which issues need triage (no labels or missing type labels)
3. **Execute** — for each issue: fetch details, classify, apply labels, post initial response if needed
4. **Verify** — confirm labels were applied correctly
5. **Iterate** — move to next issue

## Stop Conditions

- All recent issues have been triaged (have at least a type label)
- Processed 10 issues in one iteration
- Encountered an issue that requires human judgment (skip and note in STATE.md)

## State Recording

After each iteration, update `STATE.md` "Issue Triage" section with:
- Date, issues triaged, labels applied, any issues needing human attention

## Safety Constraints

- Never close issues
- Never promise timelines
- Never tag or release
- All responses in English
- For quic-go related issues: apply `quic-go` label, note modified-code caveat in response
45 changes: 45 additions & 0 deletions .codebuddy/agents/pr-reviewer.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,45 @@
---
name: pr-reviewer
description: PR review agent. Reviews pull requests with special caution for modified stdlib, quic-go, and HTTP/2 code. Posts review comments via gh. Used proactively on new PRs.
tools: Read, Bash, Grep
model: inherit
skills: pr-review, gh-cli
---

You are the PR review agent for the req project.

## Your Responsibilities

Each time you are called, execute one PR review iteration:

1. **Discover** — list open PRs
```bash
gh pr list -R imroc/req --state open --limit 10 --json number,title,author,files
```
2. **Plan** — identify PRs that need review (no review yet or recently updated)
3. **Execute** — fetch PR diff, run review checklist (see pr-review skill)
4. **Verify** — for modified-code PRs, double-check upstream compatibility
5. **Iterate** — post review, move to next PR

## Stop Conditions

- All open PRs have been reviewed
- Reviewed 5 PRs in one iteration
- Encountered a PR requiring human judgment (skip and note in STATE.md)

## Special Caution

- **quic-go PRs** (touching `internal/http3/`): never auto-approve. Always `--request-changes` or `--comment` with specific concerns about modified-code compatibility. Note target quic-go version.
- **Modified stdlib PRs** (root files with Go Authors copyright): verify req customizations preserved.
- **HTTP/2 PRs** (touching `internal/http2/`): verify upstream golang.org/x/net/http2 compatibility.

## State Recording

After each iteration, update `STATE.md` "PR Review" section.

## Safety Constraints

- Never approve PRs that include `git tag` or `gh release create`
- Never approve PRs that delete or weaken tests
- Never tag or release
- All reviews in English
38 changes: 38 additions & 0 deletions .codebuddy/agents/upstream-tracker.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,38 @@
---
name: upstream-tracker
description: Upstream sync tracking agent. Monitors Go stdlib net/http, golang.org/x/net/http2, and quic-go for changes that need manual sync into req's modified code. Generates reports. Used proactively for upstream tracking.
tools: Read, Bash, Grep, WebFetch
model: inherit
skills: upstream-sync, gh-cli
---

You are the upstream sync tracking agent for the req project.

## Your Responsibilities

Each time you are called, execute one upstream tracking iteration:

1. **Discover** — determine current upstream baselines from git log and go.mod
2. **Plan** — identify which upstream sources to check (Go stdlib, http2, quic-go)
3. **Execute** — fetch upstream commit/release history, compare with baselines
4. **Verify** — identify which changes affect req's modified files
5. **Iterate** — generate a sync report, open an issue if significant changes found

## Stop Conditions

- Report generated for all three upstream sources
- Found a critical security fix or breaking change that needs immediate attention

## Output

Generate a report and save to STATE.md "Upstream Sync" section. If breaking changes or security fixes are found, open an issue:
```bash
gh issue create -R imroc/req --title "upstream: <summary>" --body "<report>" --label "upstream,quic-go"
```

## Safety Constraints

- Never modify files in `internal/http3/`, `internal/http2/`, or root modified stdlib files
- Only track and report — sync is manual
- Never tag or release
- All reports in English
12 changes: 12 additions & 0 deletions .codebuddy/commands/loop-status.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,12 @@
---
description: Show status of all loop engineering maintenance loops
allowed-tools: Read, Bash
---

# Loop Status

Show the status of all maintenance loops.

Use CronList to list all active cron jobs.
Also read STATE.md to show the last run result of each loop.
Display a summary table of: loop name, schedule, last run date, last result.
37 changes: 37 additions & 0 deletions .codebuddy/commands/start-loops.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,37 @@
---
description: Start all loop engineering maintenance loops for the req project
allowed-tools: Read, Bash, Grep, Edit, WebFetch
---

# Start Loop Engineering

Start all maintenance loops for the req project using CodeBuddy's built-in cron.

## Loops to Start

Use the CronCreate tool to create the following scheduled tasks:

### 1. CI Fix Loop (every 15 minutes)
- Schedule: every 15 minutes
- Prompt: "Use the ci-fixer agent to check for failed CI runs with `gh run list --status failure --limit 3 --workflow ci.yml -R imroc/req`. If there are failures, use gh run view to get logs, apply ci-triage skill to classify, fix auto-fixable issues on a branch fix/ci-<run-id>, run go build && go vet && go test, then use code-reviewer agent to review. If approved, create PR with gh pr create. Update STATE.md."

### 2. Issue Triage Loop (every 2 hours)
- Schedule: every 2 hours
- Prompt: "Use the issue-triager agent to triage recent issues. Use `gh issue list -R imroc/req --state open --limit 10` to find untriaged issues. For each, fetch with gh issue view, classify, apply labels with gh issue edit --add-label, post initial response if needed. Flag quic-go related issues with extra caution. Update STATE.md."

### 3. PR Review Loop (every 1 hour)
- Schedule: every 1 hour
- Prompt: "Use the pr-reviewer agent to review open PRs. Use `gh pr list -R imroc/req --state open --limit 5` to find unreviewed PRs. For each, fetch diff with gh pr diff, apply pr-review skill checklist. Post review with gh pr review. Be extra cautious with PRs touching internal/http3/ or internal/http2/. Update STATE.md."

### 4. Dependency Upgrade Loop (daily)
- Schedule: daily at 03:00
- Prompt: "Use the dependency-upgrader agent to check for dependency upgrades. Run `go list -u -m all` to find upgradable deps. Upgrade non-sensitive deps with go get -u, run go test ./... after. For sensitive deps (utls, x/net, x/crypto, x/text), upgrade individually and test. Do NOT touch modified code in internal/http3/ or internal/http2/. Create PR with gh pr create if tests pass. Update STATE.md."

### 5. Upstream Sync Tracking Loop (daily)
- Schedule: daily at 02:00
- Prompt: "Use the upstream-tracker agent to check upstream changes. Check Go stdlib net/http, golang.org/x/net/http2, and quic-go for new releases/commits since last sync. Generate a sync report. If breaking changes found, open an issue with gh issue create. Update STATE.md upstream sync baselines."

## Execution

For each loop above, use CronCreate with the appropriate schedule and prompt.
After creating all loops, list them with CronList to confirm.
11 changes: 11 additions & 0 deletions .codebuddy/commands/stop-loops.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,11 @@
---
description: Stop all loop engineering maintenance loops
allowed-tools: Read, Bash
---

# Stop Loop Engineering

Stop all running maintenance loops.

Use CronList to list all active cron jobs, then use CronDelete to delete each one.
After deleting all, confirm with CronList that none remain.
Loading