Skip to content
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension


Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
26 changes: 16 additions & 10 deletions .github/workflows/ci.yml
Original file line number Diff line number Diff line change
Expand Up @@ -13,11 +13,21 @@ jobs:
test:
name: Python ${{ matrix.python-version }} on ${{ matrix.os }}
runs-on: ${{ matrix.os }}
defaults:
run:
shell: bash
strategy:
fail-fast: false
matrix:
os: [ubuntu-latest, macos-latest, windows-latest]
python-version: ["3.10", "3.11", "3.12"]
env:
BATLLM_RUN_OLLAMA_SMOKE: "0"
KIVY_NO_ARGS: "1"
KIVY_NO_CONSOLELOG: "1"
KIVY_WINDOW: mock
PYTHONPATH: src
VENV_PYTHON: ${{ runner.os == 'Windows' && './.venv_BatLLM/Scripts/python.exe' || './.venv_BatLLM/bin/python' }}

steps:
- name: Checkout
Expand All @@ -32,20 +42,16 @@ jobs:
python -m venv .venv_BatLLM
- name: Install dependencies
run: |
. .venv_BatLLM/bin/activate
python -m pip install --upgrade pip
python -m pip install -r requirements.txt
python -m pip install pytest pylint
"$VENV_PYTHON" -m pip install --upgrade pip
"$VENV_PYTHON" -m pip install -r requirements.txt
"$VENV_PYTHON" -m pip install pytest pylint
- name: Compile sources
run: |
. .venv_BatLLM/bin/activate
python -m compileall .
"$VENV_PYTHON" -m compileall -q src run_batllm.py run_game_analyzer.py run_tests.py create_release_bundles.py create_homebrew_formula.py validate_packaging_smoke.py
- name: Run tests
run: |
. .venv_BatLLM/bin/activate
python run_tests.py
"$VENV_PYTHON" run_tests.py
- name: Run pylint
if: ${{ matrix.os == 'ubuntu-latest' && matrix.python-version == '3.12' }}
run: |
. .venv_BatLLM/bin/activate
pylint src run_batllm.py run_game_analyzer.py create_release_bundles.py create_homebrew_formula.py
"$VENV_PYTHON" -m pylint src run_batllm.py run_game_analyzer.py create_release_bundles.py create_homebrew_formula.py
30 changes: 30 additions & 0 deletions .github/workflows/dependency-review.yml
Original file line number Diff line number Diff line change
Expand Up @@ -12,9 +12,39 @@ jobs:
dependency-review:
runs-on: ubuntu-latest
steps:
- name: Check dependency graph availability
id: dependency-graph
uses: actions/github-script@v7
with:
script: |
const { repository } = await github.graphql(
`
query($owner: String!, $name: String!) {
repository(owner: $owner, name: $name) {
dependencyGraphManifests(first: 1) {
totalCount
}
}
}
`,
{
owner: context.repo.owner,
name: context.repo.repo,
},
);

const manifestCount = repository?.dependencyGraphManifests?.totalCount ?? 0;
core.setOutput('supported', manifestCount > 0 ? 'true' : 'false');
core.setOutput('manifest_count', String(manifestCount));

if (manifestCount === 0) {
core.notice('Dependency graph is unavailable for this repository; skipping dependency review.');
}
- name: Checkout
if: steps.dependency-graph.outputs.supported == 'true'
uses: actions/checkout@v4
- name: Review dependency changes
if: steps.dependency-graph.outputs.supported == 'true'
uses: actions/dependency-review-action@v4
with:
fail-on-severity: high
18 changes: 15 additions & 3 deletions STATUS.md
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
# BatLLM Status

Last updated: 2026-05-29 01:52
Last updated: 2026-05-29 17:47

BatLLM is a Python/Kivy research, education, and game project for exploring AI-mediated play, prompt quality, LLM behaviour, and local-model workflows. The repository currently contains a playable local desktop game, a standalone read-only Game Analyzer, local Ollama lifecycle and model-management helpers routed through `modelito`, release-bundle tooling, Homebrew formula generation, generated API reference artefacts, and maintained user/developer documentation.

Expand Down Expand Up @@ -65,10 +65,13 @@ python run_tests.py full
- `requests>=2.33.0` (fixes CVE-2026-25645)
- `pytest>=9.0.3` (fixes CVE-2025-71176)
- Added `.github/dependabot.yml`, `.github/workflows/dependency-review.yml`, and `.github/workflows/pip-audit.yml`; `.github/workflows/ci.yml` now creates `.venv_BatLLM` before installing dependencies and running tests.
- Updated `.github/workflows/ci.yml` again after PR validation: it now sets the same headless Kivy environment as the maintained multiplatform workflow, runs under `bash` on all platforms, invokes the virtual-environment interpreter directly instead of sourcing activation scripts, and narrows `compileall` back to project files instead of the whole checkout.
- Added a dependency-graph preflight to `.github/workflows/dependency-review.yml` so the job skips cleanly when GitHub reports zero dependency-graph manifests for this repository.
- Added repository and docs-site security guidance in `SECURITY.md` and `docs/SECURITY.md`.
- Added `docs/STATE_AND_INSTALLATION.md` and `docs/MAINTAINER_AUDIT_CHECKLIST.md` for audit support and maintainer reference.
- Retained the audit bundle artefacts and helper script at the repository root for traceability: `batllm-audit-pr.patch`, `batllm-audit-pr-overlay.zip`, `batllm-pr-implementation/`, and `scripts/apply_audit_pr.sh`.
- Dependency Review workflow requires enabling the GitHub Dependency Graph in repository settings for full support.
- GitHub GraphQL currently reports `dependencyGraphManifests.totalCount = 0` for this repository, so the dependency-review job currently skips instead of failing until GitHub exposes dependency-graph manifests.
- PR `#33` exposed two CI workflow regressions before this update: Windows runners were trying to source `.venv_BatLLM/bin/activate` under PowerShell, and the CI workflow was missing the headless Kivy environment variables already used by `.github/workflows/multiplatform.yml`.
- All other project state, architecture, and documentation remain as previously described.

### Useful Environment Variables
Expand Down Expand Up @@ -225,6 +228,14 @@ This status update followed a repository-wide audit on 2026-05-09. The audit ins
- No automated tests were rerun for the fast-forward merge to `main`; the branch only added dependency-floor, workflow, and documentation files.
- The validation record below remains the latest executed test evidence for the repository state.

### 2026-05-29 CI Workflow Fix Validation

- `gh pr view --json statusCheckRollup` and targeted `gh run view --job ... --log` inspection identified two actionable CI failures on PR `#33`: Windows `Install dependencies` failed because PowerShell could not source `.venv_BatLLM/bin/activate`, and Ubuntu `Run tests` failed after launching `run_tests.py` in a workflow that lacked the headless Kivy environment used by `.github/workflows/multiplatform.yml`.
- `ruby -e "require 'yaml'; YAML.load_file('.github/workflows/ci.yml'); puts 'yaml-ok'"` -> passed.
- `git diff --check` -> passed.
- `python3.12 -m venv /private/tmp/batllm-ci-check` plus `/private/tmp/batllm-ci-check/bin/python -m pip install -r requirements.txt pytest pylint` -> passed; used a temporary Python 3.12 venv because the local repo checkout's `.venv_BatLLM/bin/python` symlink points at a missing interpreter path.
- `KIVY_WINDOW=mock KIVY_NO_ARGS=1 KIVY_NO_CONSOLELOG=1 PYTHONPATH=src /private/tmp/batllm-ci-check/bin/python -m compileall -q src run_batllm.py run_game_analyzer.py run_tests.py create_release_bundles.py create_homebrew_formula.py validate_packaging_smoke.py` -> passed.

### Latest Commands Run For This Audit (2026-05-23 Bug Fix Audit)

- Repository-wide source read: all Python files in `src/`, root launchers, `tools/`, `scripts/`, CI workflows, `requirements.txt`, `pytest.ini`, `.pylintrc`, and packaging files read and cross-referenced by three parallel agents.
Expand Down Expand Up @@ -268,6 +279,7 @@ The previous status report recorded these successful checks from the same releas

- The Kivy desktop app was not launched interactively with `python run_batllm.py` in this non-interactive environment.
- The standalone analyzer was not launched interactively with `python run_game_analyzer.py` in this non-interactive environment.
- `run_tests.py core` was not rerun locally after this CI fix because it is hard-wired to `.venv_BatLLM/bin/python`, and the local checkout's `.venv_BatLLM/bin/python` symlink targets a missing interpreter path; GitHub Actions logs and a temporary Python 3.12 venv were used instead for targeted workflow verification.
- A headless launcher import attempt reached Kivy window initialisation and failed with `Unable to get a Window`; this is an environment limitation, not a substitute for manual GUI launch validation.
- `python run_tests.py full` was not run during this audit because it can start and stop a real local Ollama service.
- Homebrew install-level smoke (`validate_packaging_smoke.py --run-homebrew-install-smoke`) was not run because it installs/uninstalls through the local Homebrew installation.
Expand Down Expand Up @@ -319,4 +331,4 @@ The previous status report recorded these successful checks from the same releas
- Design the 2.0 server contract before adding web or repository-backed prompt/game sharing.
- Add broader tests for malformed model responses, slow startup, missing models, session compatibility, analyzer edge cases, and packaged first-run behaviour.

Last updated: 2026-05-29 01:52
Last updated: 2026-05-29 17:47
Loading