feat: extend Job Handler

[gauthierdmn]

Extend the job handler with reviewer and worker job separation

[gauthierdmn]

@nominalbot review this PR

[gauthierdmn]

@nominalbot review this PR

[gauthierdmn]

@nominalbot review this PR

[nominalbot]

This PR delivers significant improvements in security, configurability, and architectural cleanliness. The addition of comprehensive security features, detailed documentation, and a more modular design is excellent. Several minor refinements regarding type safety, error handling, and test robustness are suggested, largely echoing the 'Proposed Improvements' in the BRANCH_ANALYSIS.md.

Additional notes (not in diff):

• app/nominal_code/config/settings.py:400 — As suggested in BRANCH_ANALYSIS.md (Proposed Improvement feat: add core types, configuration, and utilities #1), adding a require_webhook() method to Config would eliminate the need for # type: ignore[assignment] in commands/webhook/server.py and improve type safety. This pattern could be extended to other optional config fields like reviewer as well (Proposed Improvement refactor: code improvements #16).
• app/nominal_code/commands/webhook/server.py:418 — Referencing Proposed Improvement feat: add core types, configuration, and utilities #1, after adding require_webhook() to Config, this line can be updated to webhook: WebhookConfig = config.require_webhook() to remove the need for type ignoring and clearly signal that webhook is expected to be present at this point.
• app/nominal_code/handlers/review.py:296 — As per BRANCH_ANALYSIS.md (Proposed Improvement feat: add platform abstraction with GitHub and GitLab support #2), the call to build_sanitized_env() here appears redundant. run_api_agent() in agent/api/runner.py already handles building a sanitized environment if none is explicitly provided. Removing this explicit call would reduce boilerplate and centralize the secure environment building logic.
• agent/api/tools.py:150 — As suggested in BRANCH_ANALYSIS.md (Proposed Improvement feat: add agent runner, git workspace, and session management #3), it's a good security practice to explicitly reject the file:// protocol within _validate_clone_host(). Although Git is configured to block it, a redundant check at the tool level adds a layer of defense against potential bypasses or misconfigurations.

python
if url.startswith("file://"):
    raise ToolError("file:// protocol is not allowed")

• agent/prompts.py:100 — To harden wrap_tag() against prompt injection, as highlighted in BRANCH_ANALYSIS.md (Proposed Improvement feat: add comment handlers and workspace cleanup #4), the content should be escaped to prevent early tag closure. This ensures that untrusted input like </tag-name> doesn't break the XML boundary.

python
def wrap_tag(tag: str, content: str) -> str:
    safe_content: str = content.replace(f"</{tag}>", f"<\/{tag}>")
    return f"<{tag}>\n{safe_content}\n</{tag}>"

• app/nominal_code/jobs/runner/base.py:65 — As noted in BRANCH_ANALYSIS.md (Proposed Improvement feat: add webhook server and entry point #5), SystemExit(1) should be replaced with a proper exception (e.g., ValueError or a custom ConfigurationError) when Redis is missing for Kubernetes mode. SystemExit bypasses normal exception handling, making it harder to test and gracefully manage configuration errors in the calling context.
• config/policies.py:100 — Addressing Proposed Improvement feat: add cross-file review with diff-aware finding routing #6 from BRANCH_ANALYSIS.md, it would be beneficial to add Pydantic validators to RoutingPolicy and FilteringPolicy to enforce configuration integrity. For instance, a @model_validator could ensure that worker_bot_username and reviewer_bot_username are not identical. Additionally, load_config() should ensure that allowed_users is not empty if webhook mode requires authorization.
• workspace/git.py:50 — Following BRANCH_ANALYSIS.md (Proposed Improvement feat: add CLI mode for one-off PR reviews #7), the TOKEN_PATTERN regex used for HTTP basic auth URLs in workspace/git.py should be consolidated with SECRET_PATTERNS in agent/sandbox.py. Exposing a redact_url() helper from sandbox.py and having git.py import it would centralize secret redaction logic, improve consistency, and reduce duplication.
• tests/commands/webhook/test_server.py:100 — As recommended in BRANCH_ANALYSIS.md (Proposed Improvement chore: misc cleanup #8), enhancing mock robustness by adding spec= to MagicMock() and AsyncMock() constructors is a good practice. This ensures that mocks adhere to the interface of the real objects, catching potential interface drift and making tests more reliable. For example: mock_platform = AsyncMock(spec=Platform) and mock_runner = AsyncMock(spec=JobRunner).
• docs/deployment/index.md:50 — With the removal of WorkspaceCleaner, as noted in BRANCH_ANALYSIS.md (Proposed Improvement chore: improve README.md #9), it's crucial to add an explicit warning in docs/deployment/index.md about disk accumulation in non-Kubernetes deployments. Suggesting a manual cleanup mechanism (e.g., a cron job with find /tmp/nominal-code -maxdepth 3 -mtime +7 -type d -exec rm -rf {} +) would be very helpful for users deploying in such environments.

[gauthierdmn]

@nominalbot review this PR

[nominalbot]

This PR introduces substantial enhancements across security, configurability, and architectural design, laying a robust foundation for future development, multi-tenancy, and cost optimization. The detailed BRANCH_ANALYSIS.md, COST_OPTIMIZATION_PLAN.md, IDEAS.md, and MULTITENANCY.md are invaluable documentation additions, providing clear insights into the changes and a strategic roadmap. Key improvements include refactoring webhook handling for better decoupling, introducing a JobHandler protocol for extensibility, and correctly forwarding Redis configuration to Kubernetes jobs.

However, for true multi-tenancy and robust scaling, several critical architectural components outlined in MULTITENANCY.md still require implementation. Specifically, the shared mutable state for GitHub App authentication and the global nature of the Config object remain significant hurdles. Addressing these foundational aspects will be crucial for the system's scalability and security in a multi-tenant environment. The COST_OPTIMIZATION_PLAN.md also introduces a critical data_sensitivity consideration that warrants explicit implementation to prevent sensitive data routing to unapproved regions/providers.

Additional notes (not in diff):

• app/nominal_code/platforms/github/platform.py:34 — The docs/scaling-github-app-auth.md provides an excellent analysis of the cache thrashing and race conditions inherent in the current GitHubAppAuth implementation when handling concurrent multi-installation traffic. While this PR refactors event parsing, the core issue of GitHubAppAuth being a shared mutable state, as described in 'Failure mode 1: Cache thrashing' and 'Failure mode 2: Race condition' in the new documentation, remains unaddressed in the code. This is a critical blocker for scalable multi-tenancy as outlined in MULTITENANCY.md (P0 — Foundation).
• app/nominal_code/jobs/runner/kubernetes.py:34 — While forwarding Redis configuration to Kubernetes jobs is a crucial fix, MULTITENANCY.md's '10. Kubernetes Job Isolation' section highlights broader concerns. All K8s jobs still run in the same namespace with shared service accounts, images, resource limits, and potentially secrets. For robust multi-tenancy, moving towards per-tenant namespaces, secrets, and fine-grained RBAC will be essential to prevent cross-tenant access and resource monopolization.

[nominalbot]

The build_runner currently takes a global Config object. For true multi-tenancy, as articulated in MULTITENANCY.md ('2. Configuration is Global and Static'), the configuration needs to be dynamic and tenant-specific. This Config object, or at least the relevant parts of it, will need to be resolved per-tenant and passed down the call stack to ensure each tenant operates under their own policies and settings.

[nominalbot]

It's good to allow GOOGLE_BASE_URL for custom endpoints. For consistency with other API key and provider configurations, consider loading this base_url from the Config object (e.g., config.agent.google_base_url) rather than directly from os.environ. This centralizes configuration management and aligns with the multi-vendor diversification strategy in COST_OPTIMIZATION_PLAN.md and MULTITENANCY.md's '7. LLM Provider & API Key Management' section.

[nominalbot]

The DEFAULT_BASE_DIR is set to /tmp/nominal-code. For multi-tenancy, as described in MULTITENANCY.md ('5. Workspace & Filesystem Isolation'), workspaces should ideally be scoped by tenant_id (e.g., /tmp/nominal-code/{tenant_id}/). This hardcoded default would need to be overridden or dynamically set to ensure proper isolation and prevent potential directory traversal vulnerabilities between tenants in a shared filesystem environment (relevant for non-Kubernetes deployments).

[gauthierdmn]

@nominalbot review this PR

[nominalbot]

This PR introduces significant improvements across security, configuration architecture, and extensibility. The changes align well with the documented goals of enhancing security features, refactoring configuration, and laying groundwork for multi-tenancy. Key architectural improvements include the new DispatchResult for webhook handling, a JobHandler protocol for better modularity, and a cleaner way to pass Redis configuration to Kubernetes jobs. The documentation updates are comprehensive and highly valuable, especially BRANCH_ANALYSIS.md, COST_OPTIMIZATION_PLAN.md, MULTITENANCY.md, and docs/scaling-github-app-auth.md.

While the PR makes excellent progress, a few areas require further attention, primarily concerning full multi-tenancy readiness and minor refinements already highlighted in the BRANCH_ANALYSIS.md's 'Proposed Improvements' section.

Additional notes (not in diff):

• app/nominal_code/commands/webhook/server.py:418 — Reiterating Proposed Improvement #1 from BRANCH_ANALYSIS.md and a previous bot comment: the use of config.webhook without an explicit check or a helper method like config.require_webhook() introduces a potential for a None dereference if webhook is not configured. While the type ignore might suppress the warning, adding a method that asserts its presence or raises a more specific ValueError would enhance type safety and clearly indicate the expected configuration state at this point in the code.
• app/nominal_code/handlers/review.py:296 — Reiterating Proposed Improvement #2 from BRANCH_ANALYSIS.md and a previous bot comment: the explicit call to build_sanitized_env() here appears redundant. The run_api_agent() function in agent/api/runner.py is designed to handle building a sanitized environment if none is provided. Removing this call would reduce boilerplate and centralize the secure environment building logic within the agent invocation layer, making the review handler cleaner.

[nominalbot]

While fetching Redis URL and TTL directly from environment variables (_env.str(...)) works for job execution, for consistency with the overall configuration architecture (as outlined in docs/architecture.md), it would be preferable to have these values sourced from the Config object. This centralizes configuration access and simplifies future changes, such as dynamic, tenant-specific Redis configurations in a multi-tenant setup (as discussed in MULTITENANCY.md).

[nominalbot]

Reiterating Proposed Improvement #5 from BRANCH_ANALYSIS.md and a previous bot comment: raising SystemExit(1) here for a missing Redis configuration in Kubernetes mode is not ideal. SystemExit bypasses normal exception handling mechanisms, making it harder to test, log, and gracefully recover from configuration errors. It would be better to raise a ValueError or a custom ConfigurationError that can be caught and handled appropriately by the calling context, such as run_webhook_server().

[nominalbot]

This build_runner function still relies on a global Config object, as noted in a previous bot comment and highlighted in MULTITENANCY.md ('2. Configuration is Global and Static'). For a truly multi-tenant system, the configuration (config itself, and its nested agent, webhook.filtering, webhook.routing parts) needs to be resolved per-tenant. While this PR improves how Redis settings are passed, the fundamental global nature of the Config object here remains a limitation for multi-tenancy.

[nominalbot]

Reiterating a previous bot comment: fetching GOOGLE_BASE_URL directly from os.environ couples this module to environment variables. For consistency with the rest of the configuration (docs/architecture.md) and to support multi-tenancy (where LLM provider settings might be tenant-specific as per MULTITENANCY.md '7. LLM Provider & API Key Management'), this base_url should ideally be part of the Config object (e.g., config.agent.google_base_url). This centralizes and externalizes configuration management.

[nominalbot]

Reiterating a previous bot comment: DEFAULT_BASE_DIR is hardcoded to /tmp/nominal-code. For multi-tenancy, as specified in MULTITENANCY.md ('5. Workspace & Filesystem Isolation'), workspace directories should be dynamically scoped by tenant_id (e.g., /tmp/nominal-code/{tenant_id}/). While the build_repo_path helper is a good refactoring, this default still represents a potential isolation risk in non-Kubernetes multi-tenant deployments and needs to be configurable/dynamic for full multi-tenancy.

[gauthierdmn]

@nominalbot review

[nominalbot]

This PR introduces significant architectural improvements, particularly in webhook event handling and job execution. The decoupling of webhook dispatch from aiohttp.web responses, the move towards passing HTTP headers directly to platform event parsers, and the introduction of a JobHandler protocol are excellent steps towards a more robust and extensible system. The fix for SystemExit(1) is also a welcome improvement. However, several critical multi-tenancy and configuration issues remain unaddressed, some of which have been highlighted in previous reviews and the MULTITENANCY.md document. Addressing these foundational concerns is crucial for the long-term scalability and security of the application.

Additional notes (not in diff):

• app/nominal_code/commands/webhook/server.py:418 — This line still uses # type: ignore[assignment]. As suggested in BRANCH_ANALYSIS.md (Proposed Improvement #1) and a previous bot comment, adding a Config.require_webhook() method that raises a ValueError if webhook is None would enforce type safety and remove the need for this ignore directive.
• app/nominal_code/jobs/runner/base.py:65 — Excellent! Replacing SystemExit(1) with a ValueError directly addresses Proposed Improvement #5 from BRANCH_ANALYSIS.md. This improves error handling and testability for missing Redis configurations in Kubernetes mode.
• app/tests/jobs/runner/test_kubernetes.py:21 — While this test file has good coverage, many mocks (e.g., _make_mock_queue(), various MagicMock() instances) are created without the spec= argument. As recommended in BRANCH_ANALYSIS.md (Proposed Improvement #8), adding spec=RealClass would ensure mocks adhere to the actual interface, preventing silent test passes when the real object's API changes. For example, _make_mock_queue() could be MagicMock(spec=RedisJobQueue).

[nominalbot]

The build_runner function still relies on a global Config object. As repeatedly noted in previous bot comments and detailed in MULTITENANCY.md ('2. Configuration is Global and Static'), this global configuration is a fundamental blocker for multi-tenancy. Key settings like LLM models, allowed users, and auto-review triggers need to be tenant-specific. The Config object, or at least its tenant-specific subsets, must be resolved dynamically per-tenant and passed down the call stack instead of being a global singleton.

[nominalbot]

Fetching GOOGLE_BASE_URL directly from os.environ introduces a coupling to environment variables that should be avoided. For consistency with the rest of the configuration (docs/architecture.md) and to properly support multi-tenancy, this base_url should be part of the Config object (e.g., config.agent.google_base_url). This allows for tenant-specific LLM provider configurations, as outlined in MULTITENANCY.md ('7. LLM Provider & API Key Management').

[nominalbot]

The DEFAULT_BASE_DIR is still hardcoded to /tmp/nominal-code. For multi-tenancy, as specified in MULTITENANCY.md ('5. Workspace & Filesystem Isolation'), workspace directories must be dynamically scoped by tenant_id (e.g., /tmp/nominal-code/{tenant_id}/). While build_repo_path is a good refactoring, this hardcoded default still represents a potential isolation risk in non-Kubernetes multi-tenant deployments and needs to be configurable/dynamic for full multi-tenancy.

[nominalbot]

Although KubernetesRunner now correctly receives Redis configuration, REDIS_URL and REDIS_KEY_TTL_SECONDS are still fetched directly from _env here when build_conversation_store is called for the ProcessRunner (non-Kubernetes) path. For consistency and centralized configuration management, these values should be sourced from the Config object, aligning with the pattern established in docs/architecture.md and supporting potential tenant-specific Redis configurations in the future.

[nominalbot]

While verify_webhook now correctly accepts headers, the underlying GitHubAppAuth (platforms/github/auth.py, not in diff) still appears to use a single mutable installation_id and token cache. This is a critical issue for multi-tenant scalability, as described in detail in docs/scaling-github-app-auth.md. Concurrent webhooks from different installations will lead to cache thrashing and potential race conditions, causing authentication failures and degraded performance. The authenticate method, which is called after parse_event, still mutates the global self.auth object's installation_id.

[nominalbot]

As highlighted in BRANCH_ANALYSIS.md (Proposed Improvement #2), the call to build_sanitized_env() (not shown in this specific diff but in the context of the run_and_post_review function) appears redundant. run_api_agent() in agent/api/runner.py can handle building a sanitized environment if none is explicitly provided. Removing this explicit call would reduce boilerplate and centralize the secure environment building logic.

[nominalbot]

Refactoring verify_webhook to accept headers: Mapping[str, str] instead of web.Request is a great improvement. It decouples the platform logic from the specific HTTP framework, making it more testable and portable.

[nominalbot]

Similarly, updating parse_event to accept headers: Mapping[str, str] is a positive step. This aligns with the decoupling principle and makes the event parsing logic more modular.

[gauthierdmn]

@nominalbot review

[nominalbot]

This PR introduces substantial enhancements across security, configuration, and architectural design, with new documentation for multi-tenancy, cost optimization, and future ideas. The refactoring of webhook dispatch and platform event parsing to use headers: Mapping[str, str] instead of web.Request is a significant improvement for decoupling and testability. The introduction of DispatchResult and JobHandler also contributes to a cleaner architecture. However, several critical issues related to multi-tenancy, configuration centralization, and best practices highlighted in the BRANCH_ANALYSIS.md and MULTITENANCY.md documents remain unaddressed.

Additional notes (not in diff):

• app/nominal_code/commands/webhook/server.py:240 — Returning DispatchResult instead of web.Response is an excellent refactoring. It successfully decouples the dispatch logic from the specific HTTP framework, improving testability and portability.
• app/nominal_code/commands/webhook/server.py:267 — This change correctly uses the new DispatchResult for lifecycle events. However, as noted in Proposed Improvement #1 and #16 in BRANCH_ANALYSIS.md, a config.require_webhook() method would provide more explicit type safety here, ensuring webhook is always available when expected and removing implicit assumptions.
• app/nominal_code/commands/webhook/server.py:297 — The dispatch_comment_event function now correctly uses DispatchResult, which is a positive architectural change.
• app/nominal_code/commands/webhook/server.py:427 — The webhook handler now correctly uses headers instead of request for platform.verify_webhook and platform.parse_event, aligning with the refactored platforms/base.py interface. This is a good step towards decoupling.
• app/nominal_code/docs/architecture.md:156 — The addition of a detailed 'Configuration Architecture' section is highly valuable. It clearly explains the two-layer approach (Settings for input, Config for output) and the role of loader.py, which is crucial for understanding the project's config management strategy. This directly addresses the complexity of configuration highlighted in earlier discussions.
• agent/api/tools.py:150 — As suggested in BRANCH_ANALYSIS.md (Proposed Improvement #3), it's a good security practice to explicitly reject the file:// protocol within _validate_clone_host(). Although Git is configured to block it, a redundant check at the tool level adds a layer of defense against potential bypasses or misconfigurations.

python
if url.startswith("file://"):
    raise ToolError("file:// protocol is not allowed")

• agent/prompts.py:100 — To harden wrap_tag() against prompt injection, as highlighted in BRANCH_ANALYSIS.md (Proposed Improvement #4), the content should be escaped to prevent early tag closure. This ensures that untrusted input like </tag-name> doesn't break the XML boundary.

python
def wrap_tag(tag: str, content: str) -> str:
    safe_content: str = content.replace(f"</{tag}>", f"<\/{tag}>")
    return f"<{tag}>\n{safe_content}\n</{tag}>"

• config/policies.py:100 — Addressing Proposed Improvement #6 from BRANCH_ANALYSIS.md, it would be beneficial to add Pydantic validators to RoutingPolicy and FilteringPolicy to enforce configuration integrity. For instance, a @model_validator could ensure that worker_bot_username and reviewer_bot_username are not identical. Additionally, load_config() should ensure that allowed_users is not empty if webhook mode requires authorization.
• workspace/git.py:50 — Following BRANCH_ANALYSIS.md (Proposed Improvement #7), the TOKEN_PATTERN regex used for HTTP basic auth URLs in workspace/git.py should be consolidated with SECRET_PATTERNS in agent/sandbox.py. Exposing a redact_url() helper from sandbox.py and having git.py import it would centralize secret redaction logic, improve consistency, and reduce duplication.
• tests/commands/webhook/test_server.py:100 — As recommended in BRANCH_ANALYSIS.md (Proposed Improvement #8), enhancing mock robustness by adding spec= to MagicMock() and AsyncMock() constructors is a good practice. This ensures that mocks adhere to the interface of the real objects, catching potential interface drift and making tests more reliable. For example: mock_platform = AsyncMock(spec=Platform) and mock_runner = AsyncMock(spec=JobRunner).
• docs/deployment/index.md:50 — With the removal of WorkspaceCleaner, as noted in BRANCH_ANALYSIS.md (Proposed Improvement #9), it's crucial to add an explicit warning in docs/deployment/index.md about disk accumulation in non-Kubernetes deployments. Suggesting a manual cleanup mechanism (e.g., a cron job with find /tmp/nominal-code -maxdepth 3 -mtime +7 -type d -exec rm -rf {} +) would be very helpful for users deploying in such environments.

[nominalbot]

The Redis URL and TTL are still fetched directly from environment variables (_env.str(...)) for the ProcessRunner (non-Kubernetes) path. For consistency with the overall configuration architecture (as outlined in docs/architecture.md) and to support potential tenant-specific Redis configurations in the future, these values should be sourced from the Config object.

[nominalbot]

As highlighted in BRANCH_ANALYSIS.md (Proposed Improvement #2) and previous bot comments, the call to build_sanitized_env() (in the context of run_and_post_review further down) appears redundant. run_api_agent() in agent/api/runner.py can handle building a sanitized environment if none is explicitly provided. Removing this explicit call would reduce boilerplate and centralize the secure environment building logic.

[nominalbot]

Introducing the JobHandler protocol and DefaultJobHandler is a significant architectural improvement. It provides a clean abstraction layer for job execution, allowing for easier customization, testing, and future extensibility (e.g., for different routing strategies or custom handlers in a multi-tenant setup).

[nominalbot]

This build_runner function still relies on a global Config object. As repeatedly noted in previous bot comments and detailed in MULTITENANCY.md ('2. Configuration is Global and Static'), this global configuration is a fundamental blocker for multi-tenancy. Key settings like LLM models, allowed users, and auto-review triggers need to be tenant-specific. The Config object, or at least its tenant-specific subsets, must be resolved dynamically per-tenant and passed down the call stack instead of being a global singleton.

[nominalbot]

Reiterating Proposed Improvement #5 from BRANCH_ANALYSIS.md and a previous bot comment: raising SystemExit(1) here for a missing Redis configuration in Kubernetes mode is not ideal. SystemExit bypasses normal exception handling mechanisms, making it harder to test, log, and gracefully recover from configuration errors. It would be better to raise a ValueError or a custom ConfigurationError that can be caught and handled appropriately by the calling context.

[nominalbot]

Refactoring verify_webhook to accept headers: Mapping[str, str] instead of web.Request is a great improvement. It decouples the platform logic from the specific HTTP framework, making it more testable and portable. This change was also highlighted as a positive step in previous bot comments.

[nominalbot]

Similarly, updating parse_event to accept headers: Mapping[str, str] is a positive step. This aligns with the decoupling principle and makes the event parsing logic more modular. This was also highlighted as a positive step in previous bot comments.

[nominalbot]

While verify_webhook now correctly accepts headers, the underlying GitHubAppAuth (platforms/github/auth.py, not in diff) still appears to use a single mutable installation_id and token cache. This is a critical issue for multi-tenant scalability, as described in detail in docs/scaling-github-app-auth.md. Concurrent webhooks from different installations will lead to cache thrashing and potential race conditions, causing authentication failures and degraded performance. The authenticate method, which is called after parse_event, still mutates the global self.auth object's installation_id.

[nominalbot]

The DEFAULT_BASE_DIR is still hardcoded to /tmp/nominal-code (via tempfile.gettempdir()). For multi-tenancy, as specified in MULTITENANCY.md ('5. Workspace & Filesystem Isolation'), workspace directories must be dynamically scoped by tenant_id (e.g., /tmp/nominal-code/{tenant_id}/). While build_repo_path is a good refactoring, this hardcoded default still represents a potential isolation risk in non-Kubernetes multi-tenant deployments and needs to be configurable/dynamic for full multi-tenancy.

[nominalbot]

The new test file for DefaultJobHandler provides good coverage for the newly introduced abstraction. It effectively verifies that the handler satisfies the JobHandler protocol and correctly delegates review and worker job execution.