Provide agent context for ACS deployments with roxie#21407
Conversation
Codecov Report✅ All modified and coverable lines are covered by tests. Additional details and impacted files@@ Coverage Diff @@
## master #21407 +/- ##
==========================================
- Coverage 50.11% 50.07% -0.04%
==========================================
Files 2835 2835
Lines 217546 217546
==========================================
- Hits 109028 108946 -82
- Misses 100631 100696 +65
- Partials 7887 7904 +17
Flags with carried forward coverage won't be shown. Click here to find out more. ☔ View full report in Codecov by Harness. 🚀 New features to boost your workflow:
|
📝 WalkthroughSummary by CodeRabbit
WalkthroughThe PR updates roxie-focused deployment documentation in ChangesRoxie deployment docs and version metadata
Estimated code review effort🎯 2 (Simple) | ⏱️ ~15 minutes 🚥 Pre-merge checks | ✅ 5✅ Passed checks (5 passed)
✨ Finishing Touches🧪 Generate unit tests (beta)
Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out. Comment |
![coderabbitai[bot]](https://avatars.githubusercontent.com/in/347564?s=60&v=4){kind=small}
There was a problem hiding this comment.
Actionable comments posted: 1
Caution
Some comments are outside the diff and can’t be posted inline due to platform limitations.
⚠️ Outside diff range comments (1)
deploy/README.md (1)
106-127: 🎯 Functional Correctness | 🟠 Major | ⚡ Quick winMake the copied deployment commands self-consistent.
The
deploy.shexample still needsUSE_ROXIE_DEPLOY=trueto take the roxie path, and theroxie deployexample is missing the required target component. As written, copy-pasting these snippets will either run the legacy flow or not express the intended full-stack deploy. citeturn0search0Fix
-./deploy/deploy.sh --features ROX_NETWORK_GRAPH_EXTERNAL_IPS +USE_ROXIE_DEPLOY=true ./deploy/deploy.sh --features ROX_NETWORK_GRAPH_EXTERNAL_IPS @@ -roxie deploy [ <roxie args> ... ] --tag <main tag> +roxie deploy both [ <roxie args> ... ] --tag <main tag> @@ -MAIN_IMAGE_TAG=<main tag> ./deploy/deploy.sh [ <roxie args> ... ] +MAIN_IMAGE_TAG=<main tag> ./deploy/deploy.sh both [ <roxie args> ... ]🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the rest with a brief reason, keep changes minimal, and validate. In `@deploy/README.md` around lines 106 - 127, The deployment examples in deploy/README.md are inconsistent: the deploy.sh snippet still follows the legacy path unless USE_ROXIE_DEPLOY=true is set, and the roxie deploy example omits the required target component. Update the examples around the deployment section so the deploy.sh command explicitly shows the roxie path setup and the roxie deploy invocation includes a valid component (matching the intended full-stack deploy), using the existing deploy.sh and roxie deploy examples as the reference points.
🤖 Prompt for all review comments with AI agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.
Inline comments:
In `@deploy/AGENTS.md`:
- Around line 32-41: The roxie deployment guidance is leaking secrets by telling
agents to print the envrc contents and by using a fixed shared /tmp filename.
Update the instructions around the roxie invocation flow to use a unique
temporary envrc path each time (for example, a mktemp-generated path) and only
report that path, never the file contents. Also adjust the post-deployment and
follow-up command guidance so it references sourcing the unique envrc file
before running dependent roxie commands, rather than the fixed
/tmp/roxie-envrc-central.sh example.
---
Outside diff comments:
In `@deploy/README.md`:
- Around line 106-127: The deployment examples in deploy/README.md are
inconsistent: the deploy.sh snippet still follows the legacy path unless
USE_ROXIE_DEPLOY=true is set, and the roxie deploy example omits the required
target component. Update the examples around the deployment section so the
deploy.sh command explicitly shows the roxie path setup and the roxie deploy
invocation includes a valid component (matching the intended full-stack deploy),
using the existing deploy.sh and roxie deploy examples as the reference points.
🪄 Autofix (Beta)
Fix all unresolved CodeRabbit comments on this PR:
- Push a commit to this branch (recommended)
- Create a new PR with the fixes
ℹ️ Review info
⚙️ Run configuration
Configuration used: Central YAML (base), Organization UI (inherited)
Review profile: CHILL
Plan: Enterprise
Run ID: 826df5c4-f8bb-4bc9-b905-ebe4b120bb4f
📒 Files selected for processing (4)
AGENTS.mdROXIE_VERSIONdeploy/AGENTS.mddeploy/README.md
| roxie's default interactive mode spawns a sub-shell after deployment, which agents cannot use. | ||
| When invoking roxie, always use `--envrc <path>` to write the post-deployment environment | ||
| (endpoint URL, admin password, etc.) to a file instead. Use a temporary file path, e.g. | ||
| `--envrc /tmp/roxie-envrc-central.sh`. | ||
|
|
||
| After deployment: | ||
| 1. Tell the user the envrc file path and show its contents. | ||
| 1. For subsequent roxie commands that depend on this environment (e.g. deploying a secured cluster | ||
| after central), source the envrc file before running the command: | ||
| `source /tmp/roxie-envrc-central.sh && roxie deploy securedcluster ...` |
There was a problem hiding this comment.
🔒 Security & Privacy | 🟠 Major | ⚡ Quick win
Don't print the envrc or pin it to a shared /tmp name.
--envrc carries credentials, so telling the agent to show the file contents leaks secrets. The fixed /tmp/roxie-envrc-central.sh example is also reusable; use a unique temp file (for example via mktemp) and only report the path.
🔧 Safer shape
- Use a temporary file path, e.g.
- `--envrc /tmp/roxie-envrc-central.sh`.
+ Use a unique temporary file path, e.g. one created with `mktemp`.
- 1. Tell the user the envrc file path and show its contents.
+ 1. Tell the user the envrc file path; do not print secrets from the file.🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.
In `@deploy/AGENTS.md` around lines 32 - 41, The roxie deployment guidance is
leaking secrets by telling agents to print the envrc contents and by using a
fixed shared /tmp filename. Update the instructions around the roxie invocation
flow to use a unique temporary envrc path each time (for example, a
mktemp-generated path) and only report that path, never the file contents. Also
adjust the post-deployment and follow-up command guidance so it references
sourcing the unique envrc file before running dependent roxie commands, rather
than the fixed /tmp/roxie-envrc-central.sh example.
🚀 Build Images ReadyImages are ready for commit 6f27577. To use with deploy scripts: export MAIN_IMAGE_TAG=4.12.x-321-g6f275777e2 |
mclasmeier
force-pushed
the
mc/agent-context-roxie
branch
from
fba9f9b to
915e107
Compare
mclasmeier
force-pushed
the
mc/agent-context-roxie
branch
from
915e107 to
6f27577
Compare
There was a problem hiding this comment.
Actionable comments posted: 1
♻️ Duplicate comments (1)
deploy/AGENTS.md (1)
32-41: 🔒 Security & Privacy | 🟠 Major | ⚡ Quick winKeep the envrc guidance secret-safe.
This repeats the earlier issue: it tells agents to print the envrc contents and uses a shared
/tmpfilename. Please switch to a unique temp path and only report the path, not the file contents.🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the rest with a brief reason, keep changes minimal, and validate. In `@deploy/AGENTS.md` around lines 32 - 41, The roxie deployment guidance is not secret-safe because it tells agents to print the envrc contents and uses a shared temporary filename. Update the instructions in AGENTS.md to require a unique temp envrc path for each deployment and only report the envrc file path after deployment; do not instruct agents to display or echo the file contents. Keep the existing roxie workflow references (the `--envrc` usage and the follow-up `source ... && roxie deploy ...` pattern) but revise the guidance so it never exposes secrets.
🧹 Nitpick comments (1)
deploy/README.md (1)
199-200: 📐 Maintainability & Code Quality | 🔵 Trivial | ⚡ Quick winPin the schema reference to the shipped version.
This points readers at roxie's
mainbranch, butdeploy/deploy.shandscripts/roxie.shinstall the release pinned byROXIE_VERSION. That makes the schema guidance drift from the binary users will actually run, so the examples can go stale or become unsupported.Please link to the matching release/tag or state explicitly which version this schema was validated against. This follows the version-pinned flow in
deploy/deploy.shandscripts/roxie.sh.🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the rest with a brief reason, keep changes minimal, and validate. In `@deploy/README.md` around lines 199 - 200, The schema reference in the README is pointing at roxie’s main branch, which can drift from the version actually installed by deploy/deploy.sh and scripts/roxie.sh via ROXIE_VERSION. Update the schema guidance in deploy/README.md to link to the matching release/tag or explicitly state the exact roxie version it was validated against, so readers see docs aligned with the shipped binary.
🤖 Prompt for all review comments with AI agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.
Inline comments:
In `@deploy/AGENTS.md`:
- Around line 70-76: Clarify the success statement in the AGENTS guidance so it
refers to roxie completing successfully rather than implying all workloads are
ready; update the wording in the section describing roxie’s exit code and keep
the readiness caveat separate in the following paragraph. Use the existing
roxie/earlyReadiness explanation as the anchor, and make sure the text
distinguishes command completion from deployment readiness.
---
Duplicate comments:
In `@deploy/AGENTS.md`:
- Around line 32-41: The roxie deployment guidance is not secret-safe because it
tells agents to print the envrc contents and uses a shared temporary filename.
Update the instructions in AGENTS.md to require a unique temp envrc path for
each deployment and only report the envrc file path after deployment; do not
instruct agents to display or echo the file contents. Keep the existing roxie
workflow references (the `--envrc` usage and the follow-up `source ... && roxie
deploy ...` pattern) but revise the guidance so it never exposes secrets.
---
Nitpick comments:
In `@deploy/README.md`:
- Around line 199-200: The schema reference in the README is pointing at roxie’s
main branch, which can drift from the version actually installed by
deploy/deploy.sh and scripts/roxie.sh via ROXIE_VERSION. Update the schema
guidance in deploy/README.md to link to the matching release/tag or explicitly
state the exact roxie version it was validated against, so readers see docs
aligned with the shipped binary.
🪄 Autofix (Beta)
Fix all unresolved CodeRabbit comments on this PR:
- Push a commit to this branch (recommended)
- Create a new PR with the fixes
ℹ️ Review info
⚙️ Run configuration
Configuration used: Central YAML (base), Organization UI (inherited)
Review profile: CHILL
Plan: Enterprise
Run ID: 3f5ec97f-a1e2-488e-a9ea-a7c561e69101
📒 Files selected for processing (3)
AGENTS.mddeploy/AGENTS.mddeploy/README.md
✅ Files skipped from review due to trivial changes (1)
- AGENTS.md
There was a problem hiding this comment.
Actionable comments posted: 1
🤖 Prompt for all review comments with AI agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.
Inline comments:
In `@deploy/README.md`:
- Around line 131-133: Clarify the Roxie config model by separating explicit
deploy config from automatically loaded user defaults. Update the README text
around the deployment behavior/config section and the later user-config section
so it clearly states that the YAML passed with --config is the explicit deploy
config, while ~/.config/roxie/config.yaml (or the XDG/darwin equivalent) is
auto-loaded as user defaults; use the existing roxie config YAML file and
user-config wording to keep the explanation consistent.
🪄 Autofix (Beta)
Fix all unresolved CodeRabbit comments on this PR:
- Push a commit to this branch (recommended)
- Create a new PR with the fixes
ℹ️ Review info
⚙️ Run configuration
Configuration used: Central YAML (base), Organization UI (inherited)
Review profile: CHILL
Plan: Enterprise
Run ID: 78fbeb8c-f86e-4d7f-8f6f-03c750f6bb6e
📒 Files selected for processing (4)
AGENTS.mdROXIE_VERSIONdeploy/AGENTS.mddeploy/README.md
✅ Files skipped from review due to trivial changes (2)
- ROXIE_VERSION
- AGENTS.md
There was a problem hiding this comment.
📐 Maintainability & Code Quality | 🟡 Minor | ⚡ Quick win
Clarify the config model around user defaults.
The new wording says config lives in an explicitly passed YAML file, but the later user-config section says roxie also auto-loads ~/.config/roxie/config.yaml (or the XDG/darwin equivalent) as defaults. Rephrase this so explicit deploy config and automatic user defaults are described separately.
Also applies to: 202-205
🧰 Tools
🪛 LanguageTool
[style] ~132-~132: Consider using “except” or “except for”
Context: ...or influencing the deployment behavior. With the exception of very few special flags, there exist cor...
(WITH_THE_EXCEPTION_OF)
🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.
In `@deploy/README.md` around lines 131 - 133, Clarify the Roxie config model by
separating explicit deploy config from automatically loaded user defaults.
Update the README text around the deployment behavior/config section and the
later user-config section so it clearly states that the YAML passed with
--config is the explicit deploy config, while ~/.config/roxie/config.yaml (or
the XDG/darwin equivalent) is auto-loaded as user defaults; use the existing
roxie config YAML file and user-config wording to keep the explanation
consistent.
1 participant
Description
Flesh out roxie deployment documentation for both humans and AI agents.
deploy/README.md: Rewrote and expanded with full config schema reference, CLI flag-to-config mapping, installation options, deployment/teardown commands, and feature flag examples.deploy/AGENTS.md: New file with agent-specific guidance — non-interactive mode (--envrc), complete deployment examples, teardown workflow, post-deployment verification, and config crafting with--set/spec.overlays.AGENTS.md: Addedroxie deployas the primary deployment command, marked legacydeploy-local.shas deprecated.roxie is positioned as the primary deployment method for ACS dev versions. Legacy deploy scripts are documented but deprioritized.
User-facing documentation
Not needed.
Testing and quality
Tested manually.
Automated testing
No tests — documentation-only change.
How I validated my change
Markdown reviewed for correct heading hierarchy, code fence rendering, and factual accuracy against roxie source (
scripts/roxie.sh,deploy/deploy.sh, CRD paths). Agent context validated by confirming AGENTS.md provides sufficient information for Claude to craft roxie commands, configs, and deployments without falling back to legacy scripts.