chore(deps): bump actions/download-artifact from 6 to 7 in the gha-dependencies group#1
Closed
dependabot[bot] wants to merge 21 commits intomainfrom
Closed
Conversation
Full implementation of the retrAI autonomous agent system: Backend (Python): - LangGraph StateGraph: plan → act → evaluate → human_check cycle - Generic goal system: pytest, shell-goal, perf-check, sql-benchmark - YAML-driven .retrai.yml config for custom goals - Async tool layer: bash_exec, file_read/write/list, pytest_runner - AsyncEventBus with fan-out (WebSocket + TUI + logger) - FastAPI server: REST runs API + WebSocket event streaming - Typer CLI: retrai run/serve/tui - Textual TUI with gradient ASCII logo Frontend (Vue 3 + bun): - Vue Flow agent graph with animated active node - Pinia stores (run + events), WebSocket composable - RunControls, GoalStatus, EventLog, HumanCheckModal - Purple → dark-blue gradient theme Quality: - 100 tests (pytest), 0 ruff errors, 0 pyright errors - MkDocs docs with custom purple gradient theme Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Add node_modules, frontend/dist, and .pytest_report.json to .gitignore. Remove already-tracked node_modules from the index. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
… goals, and improve agent planning context.
- Add _safe_resolve() helper to file_read.py and file_write.py - Prevents path traversal attacks (e.g. ../../etc/passwd) - Fix AsyncGenerator return type in test_server.py for pyright
…ix, Makefile - New file_patch tool for surgical text replacement (find & replace) - Token/cost tracking: llm_usage events emitted after every LLM call - AgentState now tracks total_tokens across iterations - Frontend: all 11 goals in RunControls dropdown - Frontend: token display in GoalStatus, llm_usage in EventLog - CI: Python 3.12/3.13/3.14 matrix + frontend typecheck job - Makefile with test/lint/typecheck/check/dev/serve targets - __init__.py __all__ exports, frontend check script - 13 new tests for path traversal + file_patch (113 total) - pyright: 0 errors, ruff: all clean
- tui command no longer requires GOAL argument, auto-detects like run - Added --api-key/-k and --api-base to both run and tui commands - Supports Anthropic, OpenAI, Gemini, Azure, Ollama, vLLM via LiteLLM - Added --hitl flag to tui command
- retrai tui/run now loads .retrai.yml if present - When no config exists, prompts user to pick AI provider & model - Supports: Anthropic, OpenAI, Gemini, Azure, Ollama, custom - Prompts for API key if not in env, saves model to .retrai.yml - CLI flags always override config file values - Deduplicated run/tui logic into shared _resolve_config()
- Models are now fetched at runtime from litellm.model_cost - No more hardcoded model lists that go stale - Prefers -latest variants, deduplicates, and ranks smartly
- New retrai/providers/copilot_auth.py: full device OAuth flow, token exchange via copilot_internal/v2/token, caching in ~/.local/share/retrai/auth.json, auto-refresh before expiry - Interactive setup: selecting Copilot opens browser for device code - _resolve_config: auto-injects Copilot token as OPENAI_API_KEY pointing at api.githubcopilot.com for LiteLLM compatibility - Supports all models available on Copilot subscription (Claude, GPT, Gemini, etc.)
- Rewrote system prompt: emphasizes NEVER giving up, trying alternatives, using web_search, executing scripts - Added web_search tool (DuckDuckGo with fallback to API) - Improved evaluate node: tells AI how many iterations remain, lists alternative strategies to try - Increased default max_iterations from 20 to 50 - Increased bash timeout from 60s to 120s - Increased message context window from 40 to 60
- .github/workflows/publish.yml: trusted publishing pipeline (build → test → TestPyPI → PyPI on release) - pyproject.toml: classifiers, keywords, URLs, license, httpx dep, search extra, py.typed marker - retrai/py.typed: PEP 561 typed package marker
…ing) - Add authors metadata and Documentation URL to pyproject.toml - Add dedicated Installation section to README (pipx, uv tool, pip) - Add Python 3.14 to publish.yml test matrix - Add wheel smoke-test step (install + retrai --help) before publishing
…y, TUI wizard, and research goal - Add new tools: visualize, hypothesis_test, data_analysis, dataset_fetch, python_exec, js_exec, grep_search, find_files, git_diff - Implement swarm module with role-based agent coordination - Add pipeline mode for multi-step workflows - Implement agent memory with semantic recall - Add safety guardrails module - Create TUI wizard for experiment setup - Add research goal type for scientific workflows - Implement benchmark, watcher, history, and review modules - Wire new tools into plan and act nodes - Add comprehensive unit tests (353 passing)
- Add retrai/tools/ml_train.py: sandboxed sklearn/XGBoost/LightGBM training (20+ models) - Add retrai/goals/ml_goal.py: metric threshold goal (AUC, F1, accuracy, R², RMSE, etc.) - Register ml-optimize goal in registry - Wire ml_train dispatch in act.py - Add ml_train tool definition in plan.py - Add 'retrai ml' CLI command for ML optimization runs - Add 17 unit tests for ml_train and MlOptimizeGoal
- plan.py: 1015 → 362 lines (remove 653 dead inline tool defs) - app.py: 1186 → ~900 lines (extract runners to cli/runners.py) - Narrow 26× except Exception → except NoMatches in TUI - Narrow config.py exceptions to ImportError/AttributeError/OSError - Add Code Quality Standards section to agents.md
…pendabot - Add MIT LICENSE file - Add CHANGELOG.md for initial 0.1.0 release - Add cliff.toml for automated changelog generation - Upgrade CI workflow: v6/v7 actions, workflow_dispatch, timeout-minutes - Add docs deployment workflow (GitHub Pages via mkdocs) - Add publish workflow with artifact attestation and GitHub Release - Add dependabot config for quarterly GHA updates - Fix 6 pyright errors in benchmark.py and watcher.py (RunnableConfig casts) - Migrate ChatLiteLLM to langchain-litellm with fallback - Add langchain-litellm dependency - Pin pytest-asyncio<1.0.0 (1.x broken on Python 3.14) - Add .claude/ and .gemini/ to .gitignore - Remove .claude from tracking
Bumps the gha-dependencies group with 1 update: [actions/download-artifact](https://github.com/actions/download-artifact). Updates `actions/download-artifact` from 6 to 7 - [Release notes](https://github.com/actions/download-artifact/releases) - [Commits](actions/download-artifact@v6...v7) --- updated-dependencies: - dependency-name: actions/download-artifact dependency-version: '7' dependency-type: direct:production update-type: version-update:semver-major dependency-group: gha-dependencies ... Signed-off-by: dependabot[bot] <support@github.com>
dependabot
Bot
added
dependencies
Author
|
This pull request was built based on a group rule. Closing it will not ignore any of these versions in future pull requests. To ignore these dependencies, configure ignore rules in dependabot.yml |
dependabot
Bot
deleted the
dependabot/github_actions/gha-dependencies-d988a0d7e8
branch
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Bumps the gha-dependencies group with 1 update: actions/download-artifact.
Updates
actions/download-artifactfrom 6 to 7Release notes
Sourced from actions/download-artifact's releases.
Commits
37930b1Merge pull request #452 from actions/download-artifact-v7-release72582b9doc: update readme0d2ec9dchore: release v7.0.0 for Node.js 24 supportfd7ae8fMerge pull request #451 from actions/fix-storage-blobd484700chore: restore minimatch.dep.yml license file03a8080chore: remove obsolete dependency license files56fe6d9chore: update@actions/artifactlicense file to 5.0.18e3ebc4chore: update package-lock.json with@actions/artifact@5.0.11e3c4b4fix: update@actions/artifactto ^5.0.0 for Node.js 24 punycode fix458627dchore: use local@actions/artifactpackage for Node.js 24 testingDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting
@dependabot rebase.Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
@dependabot rebasewill rebase this PR@dependabot recreatewill recreate this PR, overwriting any edits that have been made to it@dependabot show <dependency name> ignore conditionswill show all of the ignore conditions of the specified dependency@dependabot ignore <dependency name> major versionwill close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)@dependabot ignore <dependency name> minor versionwill close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)@dependabot ignore <dependency name>will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)@dependabot unignore <dependency name>will remove all of the ignore conditions of the specified dependency@dependabot unignore <dependency name> <ignore condition>will remove the ignore condition of the specified dependency and ignore conditions