feat(agentready): source assessment data from central repo#97
Open
CryptoRodeo wants to merge 23 commits into
Open
feat(agentready): source assessment data from central repo#97CryptoRodeo wants to merge 23 commits into
CryptoRodeo wants to merge 23 commits into
Conversation
|
/agentic_review |
Code Review by Qodo
1. io.ReadAll error ignored
|
![qodo-app-for-konflux-ci[bot]](https://avatars.githubusercontent.com/u/155583288?s=60&v=4){kind=small}
CryptoRodeo
added a commit
to CryptoRodeo/devlake
that referenced
this pull request
Jun 5, 2026
Add Apache 2.0 license headers to all 28 Go files. Scope assessment and stats API routes under connections/:connectionId/ to prevent cross-connection data leakage. Fix default entity type from CICD to CODE so pipeline planner selects subtasks correctly. Signed-off-by: Bryan Ramos <bramos@redhat.com>
Author
|
I added the latest grafana changes from #94 here so Qodo doesn't bring up those issues again. I might close my other two PRs and use this one for all the changes. |
Author
|
Actually I think those grafana changes from the other PR broke something... reverting. |
CryptoRodeo
force-pushed
the
agentready-plugin-conversion
branch
from
924a25c to
a29d263
Compare
This was referenced Jun 5, 2026
Author
|
Working locally after revert |
|
/agentic_review |
|
Code review by qodo was updated up to the latest commit a29d263 |
CryptoRodeo
changed the title
CryptoRodeo
changed the title
|
/agentic_review |
|
Code review by qodo was updated up to the latest commit a29d263 |
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
…very by connection Calculator now discovers submissions repo IDs the same way the extractor does. Discovery query is scoped by connection_id to prevent cross-project data leaks. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Signed-off-by: Bryan Ramos <bramos@redhat.com>
Add ${project} template variable and project_mapping JOINs to all three
dashboards (fleet-overview, findings-analysis, repo-detail) so panels
scope data to the selected DevLake project.
Assisted-By: Claude Opus 4.6
Signed-off-by: Bryan Ramos <bramos@redhat.com>
Signed-off-by: Bryan Ramos <bramos@redhat.com>
Signed-off-by: Bryan Ramos <bramos@redhat.com>
- allow users to specify the branch for the centralized submissions repo - add migration script - update scope config UI Signed-off-by: Bryan Ramos <bramos@redhat.com>
Signed-off-by: Bryan Ramos <bramos@redhat.com>
…files collectFromSubmissionsRepo fetched the tree using submissionsBranch but downloaded each JSON via FetchGithubAssessment with an empty ref, causing reads from the repo default branch instead of the configured submissions branch. Signed-off-by: Bryan Ramos <bramos@redhat.com>
FetchGithubTree interpolated the branch ref directly into the URL path without escaping. Branches containing reserved characters like "/" (e.g. "chore/entries") produced malformed URLs where GitHub interpreted the slash as a path separator instead of part of the ref name. Use url.PathEscape on the branch before URL interpolation. Signed-off-by: Bryan Ramos <bramos@redhat.com>
discoverSubmissionRepoIds was querying all assessments with provider='submissions' without filtering by the current project, causing extraction and metrics to process unrelated submissions from other projects. Now uses project_mapping for scoping when projectName is available, matching the pattern used by discoverRepos. Signed-off-by: Bryan Ramos <bramos@redhat.com>
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
This should result in a better UX. Signed-off-by: Bryan Ramos <bramos@redhat.com>
Add Apache 2.0 license headers to all 28 Go files. Scope assessment and stats API routes under connections/:connectionId/ to prevent cross-connection data leakage. Fix default entity type from CICD to CODE so pipeline planner selects subtasks correctly. Signed-off-by: Bryan Ramos <bramos@redhat.com>
…ad of hardcoding "main" When a connection's Branch field is left empty, PostConnections and PatchConnection now call the GitHub Repos API to discover the repository's actual default branch and store it before saving. Falls back to "main" if the API call fails (best-effort resolution). - Add FetchDefaultBranch function to tasks package - Add resolveDefaultBranch helper in connection API handlers - Revert UI text to "Leave empty for the default branch" - Add 4 tests for FetchDefaultBranch Signed-off-by: Bryan Ramos <bramos@redhat.com> Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
CryptoRodeo
force-pushed
the
agentready-plugin-conversion
branch
from
a29d263 to
092fa76
Compare
AutoMigrateTables does not update existing primary key constraints. Pre-existing tables retain id-only PKs, breaking CreateOrUpdate semantics. This migration explicitly drops and recreates PKs as (id, connection_id) composites on assessments, findings, and metrics. Signed-off-by: Bryan Ramos <bramos@redhat.com> Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Author
|
Pushed changes to resolve Qodo issues.
The other ones in that review should also be handled here: ab5ebda |
Author
|
Whoops, looks like my plugin still needs an AGENT.md file: https://github.com/konflux-ci/devlake/blob/main/AGENTS.md#owned-plugins Let me add this. |
Plugin has 24 source files, 6 test files, and 3 Grafana dashboards but was missing the AGENTS.md required to be recognized as an owned plugin in this DevLake fork. Signed-off-by: Bryan Ramos <bramos@redhat.com> Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Author
|
AGENTS.md file added: 1a9ed21 |
|
/agentic_review |
|
Code review by qodo was updated up to the latest commit 1a9ed21 |
Comment on lines
+237
to
+238
| body, _ := io.ReadAll(io.LimitReader(resp.Body, 256)) | ||
| return nil, fmt.Errorf("GitHub Trees API returned %d: %s", resp.StatusCode, string(body)) |
There was a problem hiding this comment.
1. io.readall error ignored 📘 Rule violation ≡ Correctness
The new GitHub fetcher code discards io.ReadAll errors via _, which can mask I/O failures and lead to misleading error messages or incorrect control flow. This violates the requirement to check Go function errors immediately after the call.
Agent Prompt
## Issue description
`io.ReadAll` errors are ignored (assigned to `_`) in the new GitHub HTTP error-handling paths.
## Issue Context
These reads happen when building error messages for non-200 HTTP responses; ignoring the read error can hide underlying transport/body-read failures and violates the immediate error-checking requirement.
## Fix Focus Areas
- backend/plugins/agentready/tasks/submissions_collector.go[236-238]
- backend/plugins/agentready/tasks/submissions_collector.go[283-286]
- backend/plugins/agentready/tasks/submissions_collector.go[345-348]
ⓘ Copy this prompt and use it to remediate the issue with your preferred AI generation tools
Comment on lines
+32
to
+38
| dsHelper = api.NewDataSourceHelper[ | ||
| models.AgentReadyConnection, models.AgentReadyScope, models.AgentReadyScopeConfig, | ||
| ]( | ||
| br, | ||
| p.Name(), | ||
| []string{"fullName"}, | ||
| func(c models.AgentReadyConnection) models.AgentReadyConnection { |
There was a problem hiding this comment.
2. Invalid scope search column 🐞 Bug ≡ Correctness
agentready/api.Init configures the DS helper scope search columns as ["fullName"], but the
paging/search code interpolates those values directly into SQL ("fullName LIKE ?"), which will fail
when a searchTerm is used because the actual DB column is snake_case (e.g., "full_name"). This can
break scope/scope-config list/search endpoints at runtime with SQL "unknown column" errors.
Agent Prompt
### Issue description
`api.NewDataSourceHelper(..., []string{"fullName"}, ...)` configures search columns that are later used as raw SQL identifiers in `LIKE` clauses. For GORM-managed tables (including AgentReadyScope), the `FullName` field maps to a `full_name` column by default, so using `fullName` will generate invalid SQL whenever `searchTerm` is present.
### Issue Context
Other datasource plugins (e.g., GitHub) pass snake_case DB column names (e.g. `full_name`) into `NewDataSourceHelper`.
### Fix Focus Areas
- backend/plugins/agentready/api/init.go[32-43]
- backend/helpers/srvhelper/model_service_helper.go[161-179]
- backend/plugins/github/api/init.go[39-47]
### Implementation notes
- Change AgentReady’s `scopeSearchColumns` to the actual DB column name(s), e.g. `[]string{"full_name"}` (optionally also include `"name"` if you want search-by-repo-name).
- Ensure scope-config listing search columns also remain valid (they share the same `searchColumns` list via `NewDataSourceHelper`).
ⓘ Copy this prompt and use it to remediate the issue with your preferred AI generation tools
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
3 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
pr-type/bug-fix,pr-type/feature-development, etc.Summary
Instead of scanning individual repos, you can scan a centralized repository holding all the agent-readiness scores.
Here's an example repo that stores assessments: https://github.com/CryptoRodeo/agentready-scores
In
submissions, you'll have this directory structure:and in each
<repo>directory you'll have an agentready assessment file. For example: https://github.com/CryptoRodeo/agentready-scores/tree/main/submissions/TSD-UI/rhtas-console-uiThis enables easy onboarding. Teams don't have to generate and commit the assessment files in their repos.
Even better, we can generate the assessment files for them! No additional action is required on their end.
Devlake setup:
You create an
agentreadyplugin connection for a specific team. In that connection's data scope, select their specific repositories. Then all you have to do is add the connection to their project.Here's a demo of that workflow:
data-scope-per-project-demo.mp4
Other ideas:
In the centralized repo you can automate the generation of the assessment files for each repo on a schedule (per quarter?), making it much easier to track scores over time.
We can also take this plugin's API data, create an MCP server tool and use that in the DevLake MCP server. The MCP tool can be used with an LLM to run diagnostics on a team's repo based on the agentready assessment and generate a plan to improve the score.
Does this close any open issues?
Closes KFLUXDP-1010
Signed-off-by: Bryan Ramos bramos@redhat.com
Assisted-By: Claude Opus 4.6