CodeSnuffler Forgejo End-to-End historical review range codesnuffler-forgejo-live-20260711T010041305Z-9b36fa97-26d #56

Closed
jason-admin wants to merge 2 commits from change_forgejo_end_to_end into base_forgejo_end_to_end
Owner

Exercise the live Forgejo webhook review pipeline against a stable historical CodeSnuffler diff.

Run marker: codesnuffler-forgejo-live-20260711T010041305Z-9b36fa97-26d.
Run started at: 2026-07-11T01:00:41.305Z.

Fixture range: f9d210eccd0075b6b39b606cea9b1376719aa062..d8a3fc420b055e04df1d203706b89b1f1261a9c1.
This stable two-commit AI Harness range is expected to produce actionable findings.

Exercise the live Forgejo webhook review pipeline against a stable historical CodeSnuffler diff. Run marker: codesnuffler-forgejo-live-20260711T010041305Z-9b36fa97-26d. Run started at: 2026-07-11T01:00:41.305Z. Fixture range: f9d210eccd0075b6b39b606cea9b1376719aa062..d8a3fc420b055e04df1d203706b89b1f1261a9c1. This stable two-commit AI Harness range is expected to produce actionable findings.
This completes Step 12 of the AI harness plugin-instance plan by replacing the tool auth container session contract's persona field with explicit plugin instance identity. Controller request and response schemas, auth image refs, build payloads, dev-shell websocket forwarding, Docker labels, container env, and shared probe metadata now carry plugin_id, instance_id, and driver_id.

The controller now rejects mismatched plugin or driver identity, uses PLUGIN_INSTANCE_ID instead of TOOL_PERSONA_ID in auth containers, and labels containers/images with current plugin and driver keys. The app-side auth container client and session helpers send the new payload shape without accepting the old persona_id request field.

Validated with: pytest for the container image controller client, AI tool auth containers, and container image controller integration files; compileall for touched controller/app/contract/test modules; git diff --check; targeted cleanup search for removed tool-auth persona fields, env vars, labels, and probe keys in the edited boundary.
Update the AI harness runtime/status layer to project current plugin instance identity through auth runtime summaries, raw probe normalization, storage inventory, setup details, generic auth helpers, and system report rows. Runtime/status models now carry plugin_id, instance_id, and driver_id without a persona_id field, while later runner and review-policy persona cleanup remains explicitly scoped to follow-up plan steps.

Validated with: pytest for the AI tool instance suite, focused homepage runtime/status cases, the configured harness plugin catalog case, AI tool schema unit tests, compileall for the touched backend/test modules, git diff --check, and targeted persona cleanup searches.
Author
Owner

CodeSnuffler review banner

CodeSnuffler Review Findings

Recommendation Risk Open findings Files touched by findings
Request Changes Medium 1 1

Findings

1. Dev-shell auth still sends persona_id instead of instance_id

Severity Category Confidence Location Status
Medium Correctness 94% frontend/src/dev-shell/components/DevShellTerminal.vue:155 Open

The backend WebSocket now reads instance_id from the query string, but the frontend terminal still sends persona_id. When launching a runner-auth/dev-shell command for a non-primary AI tool instance, _proxy_runner_auth_session receives None and falls back to primary, so auth/login operates on the wrong storage scope.

Open finding in CodeSnuffler

Fix via CodeSnuffler

Suggested fix: Change this query parameter to instance_id and consider renaming the prop from personaId to instanceId at the call sites to prevent the old term from reappearing.

![CodeSnuffler review banner](https://webhook.codesnuffler.com/codesnuffler_review/assets/banner_mediumIssues) ## CodeSnuffler Review Findings | Recommendation | Risk | Open findings | Files touched by findings | | --- | --- | ---: | ---: | | Request Changes | Medium | 1 | 1 | ### Findings #### 1. Dev-shell auth still sends persona_id instead of instance_id | Severity | Category | Confidence | Location | Status | | --- | --- | ---: | --- | --- | | Medium | Correctness | 94% | `frontend/src/dev-shell/components/DevShellTerminal.vue:155` | Open | The backend WebSocket now reads `instance_id` from the query string, but the frontend terminal still sends `persona_id`. When launching a runner-auth/dev-shell command for a non-primary AI tool instance, `_proxy_runner_auth_session` receives `None` and falls back to `primary`, so auth/login operates on the wrong storage scope. [Open finding in CodeSnuffler](https://webhook.codesnuffler.com/codesnuffler_review/forgejo-jason-admin-CodeSnuffler-FJ-pr-56/findings/2) [Fix via CodeSnuffler](https://webhook.codesnuffler.com/codesnuffler_review/forgejo-jason-admin-CodeSnuffler-FJ-pr-56/findings/2/fix) **Suggested fix:** Change this query parameter to `instance_id` and consider renaming the prop from `personaId` to `instanceId` at the call sites to prevent the old term from reappearing.
jason-admin closed this pull request 2026-07-11 01:06:37 +00:00

Pull request closed

Sign in to join this conversation.
No reviewers
No labels
No milestone
No project
No assignees
1 participant
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference
jason-admin/CodeSnuffler-FJ!56
No description provided.